IETF Logo Mail Archive

Re: [lisp] LISP Interworking: Proxy Egress Tunnel Routers

Sam Hartman <hartmans-ietf@mit.edu> Mon, 21 September 2009 21:40 UTC

Return-Path: <hartmans@mit.edu>
X-Original-To: lisp@core3.amsl.com
Delivered-To: lisp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 879883A6ABA for <lisp@core3.amsl.com>; Mon, 21 Sep 2009 14:40:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.331
X-Spam-Level:
X-Spam-Status: No, score=-2.331 tagged_above=-999 required=5 tests=[AWL=-0.066, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aIg0G4cfNUJK for <lisp@core3.amsl.com>; Mon, 21 Sep 2009 14:40:08 -0700 (PDT)
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) by core3.amsl.com (Postfix) with ESMTP id A05013A68FB for <lisp@ietf.org>; Mon, 21 Sep 2009 14:40:08 -0700 (PDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 0244D413B; Mon, 21 Sep 2009 17:41:08 -0400 (EDT)
To: jnc@mercury.lcs.mit.edu
References: <20090921194205.B23C96BE5F2@mercury.lcs.mit.edu>
From: Sam Hartman <hartmans-ietf@mit.edu>
Date: Mon, 21 Sep 2009 17:41:08 -0400
In-Reply-To: <20090921194205.B23C96BE5F2@mercury.lcs.mit.edu> (Noel Chiappa's message of "Mon\, 21 Sep 2009 15\:42\:05 -0400 \(EDT\)")
Message-ID: <tslk4zsascr.fsf@mit.edu>
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: lisp@ietf.org
Subject: Re: [lisp] LISP Interworking: Proxy Egress Tunnel Routers
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2009 21:40:09 -0000

>>>>> "Noel" == Noel Chiappa <jnc@mercury.lcs.mit.edu> writes:


    Noel> If a site can't originate packets from its ITR to non-LISP
    Noel> destinations (i.e.  which will have to be non-wrapped, and
    Noel> therefore would have to have an EID source address, which
    Noel> uRPF will block), 

Depending on where LISP is going to be deployed, URPF may or may not
be an issue.  Since I still don't understand where we think LISP will
be used, I can't evaluate whether this is something we need to solve.

Obviously, based on what I'm doing with my implementation, I would not
at all be surprised if LISP is deployed in situations where URPF is an
issue.


    Noel> and also don't have access to an ETR, they
    Noel> _can't_ run LISP.

    Noel> So merely the existence of ISPs which enforce uRPF is enough
    Noel> to 'prove' that we needs PETRs, at least as far as the pure
    Noel> engineering assessment goes.

No, I don't think that follows.
I think it follows either that

1) You don't get end-to-end addressing talking to non-LISP sites (we probably all think that's not good as an only option)

2) Some box needs to source packets somewhere with your EID.

A PETR is more than just some boxes sourcing packets with your EID. It
has several properties:

* It uses the LISP data encapsulation
* It may not be connected with the person providing your EIDs
* It's topologically close to you
* It uses IP access lists for security

Also, I think that showing the engineering requirement for something
isn't good enough.  We've said that we want LISP to be deployable.  If
we can't identify deployment incentives for critical parts, that
raises a significant red flag in my mind.

I actually suspect that once we have a broader idea about LISP
deployment, coming up with incentives for PETRs won't be that
difficult.  However I agree with Robbin that it's a critical question
that I'd rather have answered before going down this path.

so, I'm finding that for me at least, PETRs are yet another thing that
blocks behind understanding security and deployment.  (I have not gone
into the reasons why I'm concerned about PETRs and security.
Basically I want to understand what our DOS prevention model is to
understand how much work we need to do to make sure PETRs are not used
in mounting DOS attacks.)

v2.23.0 | Report a Bug | By Email