[Lsr] Alvaro Retana's Discuss on draft-ietf-lsr-flex-algo-24: (with DISCUSS)
Alvaro Retana via Datatracker <noreply@ietf.org> Wed, 05 October 2022 14:18 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: lsr@ietf.org
Delivered-To: lsr@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BF9AC14F730; Wed, 5 Oct 2022 07:18:06 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Alvaro Retana via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-lsr-flex-algo@ietf.org, lsr-chairs@ietf.org, lsr@ietf.org, Christian Hopps <chopps@chopps.org>, acee@cisco.com, jgs@juniper.net
X-Test-IDTracker: no
X-IETF-IDTracker: 8.17.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Alvaro Retana <aretana.ietf@gmail.com>
Message-ID: <166497948643.39691.5083450220590558021@ietfa.amsl.com>
Date: Wed, 05 Oct 2022 07:18:06 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/F6MnAKpxO0JqmSrr3Ng-C8KnylY>
Subject: [Lsr] Alvaro Retana's Discuss on draft-ietf-lsr-flex-algo-24: (with DISCUSS)
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Oct 2022 14:18:06 -0000
Alvaro Retana has entered the following ballot position for draft-ietf-lsr-flex-algo-24: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-lsr-flex-algo/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- I am balloting DISCUSS because I believe that operational and security considerations need to be addressed or at least mentioned. I believe these points should be easy to address with some additional text. (1) When is a router's participation in a particular Flex-Algorithm advertised? It seems to me that there might be a "chicken-and-egg" problem that should at least be mentioned in the Operational Considerations. Let me explain: §11: When a router is configured to support a particular Flex-Algorithm, we say it is participating in that Flex-Algorithm. §5: To guarantee loop-free forwarding for paths computed for a particular Flex-Algorithm, all routers that (a) are configured to participate in a particular Flex-Algorithm, and (b) are in the same Flex-Algorithm definition advertisement scope MUST agree on the definition of the Flex-Algorithm. The following procedures ensure this condition is fulfilled. These statements make it look like support for a particular Flex-Algorithm is advertised when the routing process is enabled -- because the router is "configured to support/participate". However, at this point, the router may not have received a FAD for the Flex-Algorithm it is advertising support for. Besides the number of the Flex-Algorithm, the participation advertisement implies support for a specific Metric-Type and Calc-Type. But, again, nodes may be advertising this support blindly if the FAD is not known yet. Presumably, the operator configures support for a specific Flex-Algorithm with a FAD in mind. IOW, there should be no surprises. However, I would like to see the relationship between the support/participation configuration and the FAD components explicitly called out. Note that this issue is related to the ability of an attacker to hijack a particular Flex-Algorithm, but oriented at the ability of the operator to cause harm to their network. (2) Related to the point above. What should a node configured to advertise support for a specific Flex-Algorithm do if it receives a FAD that it cannot support? For example, if the calc-type is unknown or unsupported. [§13 already addresses the case of an unsupported metric-type.] (3) The Security Considerations section says that the attacks listed can be addressed through authentication. However, it fails to consider what a rogue node (one that is authenticated and taken over by an attacker) can do. This type of attack is not preventable through authentication, and it is not different from advertising any other incorrect information through IS-IS/OSPF. It should be mentioned in the Security Considerations section. Also, the effect of a hijacked/modified FAD may result in traffic not being delivered at all -- for example, by using an unsupported Metric-Type or Calc-Type.
- [Lsr] Alvaro Retana's Discuss on draft-ietf-lsr-f… Alvaro Retana via Datatracker
- Re: [Lsr] Alvaro Retana's Discuss on draft-ietf-l… Peter Psenak
- Re: [Lsr] Alvaro Retana's Discuss on draft-ietf-l… Alvaro Retana
- Re: [Lsr] Alvaro Retana's Discuss on draft-ietf-l… Peter Psenak
- Re: [Lsr] Alvaro Retana's Discuss on draft-ietf-l… Alvaro Retana