Re: [Lsr] Martin Duke's Discuss on draft-ietf-lsr-ospf-reverse-metric-08: (with DISCUSS and COMMENT)
Ketan Talaulikar <ketant.ietf@gmail.com> Thu, 06 October 2022 09:44 UTC
Return-Path: <ketant.ietf@gmail.com>
X-Original-To: lsr@ietfa.amsl.com
Delivered-To: lsr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E7DBC1524C1; Thu, 6 Oct 2022 02:44:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r9jP9eB82uRt; Thu, 6 Oct 2022 02:44:47 -0700 (PDT)
Received: from mail-vs1-xe34.google.com (mail-vs1-xe34.google.com [IPv6:2607:f8b0:4864:20::e34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78A50C14F726; Thu, 6 Oct 2022 02:44:47 -0700 (PDT)
Received: by mail-vs1-xe34.google.com with SMTP id t18so1420368vsr.12; Thu, 06 Oct 2022 02:44:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=lGEG48QFK5pwh34NRz8UaeNKsnOoI6Wg53xUFwtVXqs=; b=oYqSPXCEDvabk6JPp3vkUvWd/GdkotFi5gkT91DbXrBT+dunYs7H3Tc3p4lermBMe4 4cxCZ8Lfcg9EVZPMSJq0g6qfuDQSZLGJznox0zNfxU/GprFZuJGrgW8dAydgteZPZ4GT o+hkpYYk1Yl3ln3S1X+uoUjjyfkM0MVjekBEbQjUJUEPyHwNpO3pvdTse+Mz2kl9EBxg Clpa/6dqfvwdLEVgVCf/ygbGUm9fa+nKYVzseJ2W5g9vytV1ALuFfDGBUN7+7HHdy+oP ibLS0mycZkOI6TrPzMHX/dnJg5UsvhpUdcoFSxZjmSOihyQ9eFK/sQxOpFE8F1vUplK1 6cvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=lGEG48QFK5pwh34NRz8UaeNKsnOoI6Wg53xUFwtVXqs=; b=l40F3qF9J5Kt0mzAuCBtMAbSS4EyvrNxyjNG6RTLLknpneywmEIgpHjtGNmQbgzVsv nbwunKCq+ZALFvOBwSfjTd3fZ0yTHrJujmXJbGaCU2B3tucLQB11Sj3dTcWQQuwEXP30 SqpnAvo6QyLoriI7CcnoRMj2KWlJjfTvnmRqjlBAdgVjdL24nSxQJzgu2PlnMMefR7HB MY6+YcjoJSviiHbSZJXWZuZ06wBGdxMR5se3qemwIqBTK4ogbJUQzRprV2WIDvGfO1Z0 T07qKiNjmRSaHZZn4ZeXNeASf5/6hhspjWiP/JOB4VNU44uLXNTuHpsDoc3Gydxj/7qR X3dA==
X-Gm-Message-State: ACrzQf3es3pKiCye31cV9lwzEJnRt6p/QFi+WgR2ctTI8pEEia5EQAuf 4cHc6iMH4H7J3bdPjRl1lk5VXnvYpjtK6q2o4Qk=
X-Google-Smtp-Source: AMsMyM7qk0Lux/irIxk3Ih/ImYCJ9HmV0ECytQ7x8uUQg+S8jxspaYSCJImvVWnp2zdFq7Bm9nHvB1+/+YQhm+izqjY=
X-Received: by 2002:a67:d51b:0:b0:3a6:f485:8874 with SMTP id l27-20020a67d51b000000b003a6f4858874mr786196vsj.15.1665049486303; Thu, 06 Oct 2022 02:44:46 -0700 (PDT)
MIME-Version: 1.0
References: <166501601066.34369.9310407245793819522@ietfa.amsl.com>
In-Reply-To: <166501601066.34369.9310407245793819522@ietfa.amsl.com>
From: Ketan Talaulikar <ketant.ietf@gmail.com>
Date: Thu, 06 Oct 2022 15:14:35 +0530
Message-ID: <CAH6gdPzH1PLD_-1B+twSQ_2xLeiY4e9o0UK2JBHo2vy0XM2rzQ@mail.gmail.com>
To: Martin Duke <martin.h.duke@gmail.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-lsr-ospf-reverse-metric@ietf.org, lsr-chairs@ietf.org, lsr@ietf.org, chopps@chopps.org, acee@cisco.com
Content-Type: multipart/alternative; boundary="0000000000002a277e05ea5a8b3f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/bQqiMx7rO7TZ7PcIsiuOznNk5l4>
Subject: Re: [Lsr] Martin Duke's Discuss on draft-ietf-lsr-ospf-reverse-metric-08: (with DISCUSS and COMMENT)
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2022 09:44:51 -0000
Hi Martin, Thanks for your review and comments/feedback. Please check inline below for responses. We have also posted an update that includes the changes discussed below: https://datatracker.ietf.org/doc/html/draft-ietf-lsr-ospf-reverse-metric-09 On Thu, Oct 6, 2022 at 5:56 AM Martin Duke via Datatracker <noreply@ietf.org> wrote: > Martin Duke has entered the following ballot position for > draft-ietf-lsr-ospf-reverse-metric-08: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-lsr-ospf-reverse-metric/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > I hope this is a quick one. > > A naive reading of Sec 2.2 implies that a router could generate > reverse-metric > TLVs quite rapidly, KT> Did you mean send reverse-metric TLV over all its links to its neighbors OR generate multiple reverse-metric TLVs with changing values OR a combination of them both? > triggering a storm of TLVs from a potentially large number > of neighbors. Each reverse metric advertisement generates N LSAs, KT> This is not correct. It would end up generating a single update to the neighbors Router LSA. Perhaps more if we think of multiple parallel links between those routers. But then there is also dampening built into the protocol to slow down the rate of (re)generation of the same Router LSA too frequently. > increasing > the amplification of any sort of misconfiguration or misbehavior far more > than > a traditional LSAs that is updated too often. > KT> As described in my first response above, a combination of varying reverse metric values being signaled can trigger multiple updates to the neighbor's Router LSA - which despite dampening may be problematic. > > At the very least, this ought to come up in security considerations, but I > wonder if applying some sort of rate limit (beyond which neighbors are > free to > ignore) would be a firmer way of limiting the problem. I'm flexible on the > best > way forward. > KT> Added text in the security considerations that cover this issue as well as a proposed mitigation. Please let us know if that works. > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > A "don't be stupid" warning in 2.2 certainly wouldn't hurt, either. > KT> I am not sure how exactly to put that into the document. Any help is appreciated. Perhaps something that generically goes into the Internet-Draft and RFC boilerplate maybe ;-) Thanks, Ketan
- [Lsr] Martin Duke's Discuss on draft-ietf-lsr-osp… Martin Duke via Datatracker
- Re: [Lsr] Martin Duke's Discuss on draft-ietf-lsr… Ketan Talaulikar
- Re: [Lsr] Martin Duke's Discuss on draft-ietf-lsr… Alvaro Retana
- Re: [Lsr] Martin Duke's Discuss on draft-ietf-lsr… Ketan Talaulikar
- Re: [Lsr] Martin Duke's Discuss on draft-ietf-lsr… Acee Lindem (acee)
- Re: [Lsr] Martin Duke's Discuss on draft-ietf-lsr… Martin Duke