Re: [Lsr] Alvaro Retana's Discuss on draft-ietf-lsr-flex-algo-24: (with DISCUSS)
Peter Psenak <ppsenak@cisco.com> Thu, 06 October 2022 10:58 UTC
Return-Path: <ppsenak@cisco.com>
X-Original-To: lsr@ietfa.amsl.com
Delivered-To: lsr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DE63C14F748; Thu, 6 Oct 2022 03:58:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.179
X-Spam-Level:
X-Spam-Status: No, score=-10.179 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F0pC5FTJ9uiU; Thu, 6 Oct 2022 03:58:20 -0700 (PDT)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA983C14F75F; Thu, 6 Oct 2022 03:58:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6097; q=dns/txt; s=iport; t=1665053900; x=1666263500; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=zY4PlT1xV4ppWP7eAeqnHFfEYeDUgOFFJ4grwZJwkik=; b=mlWbNLNFKZDoXA1sJfo25dle4HcJNzvhInvYfvJgkkiH1JDEbYltLmO2 JgMltBW9ZnNw2PgkoM+1ojBvAM+UcXr69hAWnqeHaQ3KJnsIsoZBMMO9I Sf5JwflCwWkgWFtS/Q6t85TQ27r7mjKJdqt3XY05y7viasXMX8KGBF+bF w=;
X-IronPort-AV: E=Sophos;i="5.95,163,1661817600"; d="scan'208";a="4264384"
Received: from aer-iport-nat.cisco.com (HELO aer-core-9.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 06 Oct 2022 10:58:18 +0000
Received: from [10.147.24.54] ([10.147.24.54]) by aer-core-9.cisco.com (8.15.2/8.15.2) with ESMTP id 296AwHJt102982; Thu, 6 Oct 2022 10:58:17 GMT
Message-ID: <0d938afe-94b0-2186-cc04-42b2ccee19d5@cisco.com>
Date: Thu, 06 Oct 2022 12:58:17 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.3.1
Content-Language: en-US
To: Alvaro Retana <aretana.ietf@gmail.com>, The IESG <iesg@ietf.org>
Cc: Christian Hopps <chopps@chopps.org>, acee@cisco.com, jgs@juniper.net, lsr-chairs@ietf.org, lsr@ietf.org, draft-ietf-lsr-flex-algo@ietf.org
References: <166497948643.39691.5083450220590558021@ietfa.amsl.com> <5cf76c12-c928-ad9f-fa82-1776abbe2ad2@cisco.com> <CAMMESsy5wPBwYPKev2+sO2vD55_HrEGmk-zB5Nzr35rOAMQN_w@mail.gmail.com>
From: Peter Psenak <ppsenak@cisco.com>
In-Reply-To: <CAMMESsy5wPBwYPKev2+sO2vD55_HrEGmk-zB5Nzr35rOAMQN_w@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Outbound-SMTP-Client: 10.147.24.54, [10.147.24.54]
X-Outbound-Node: aer-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsr/fQpSg_oQn_Z1V5M4UNPg1N25_rU>
Subject: Re: [Lsr] Alvaro Retana's Discuss on draft-ietf-lsr-flex-algo-24: (with DISCUSS)
X-BeenThere: lsr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Link State Routing Working Group <lsr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsr>, <mailto:lsr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsr/>
List-Post: <mailto:lsr@ietf.org>
List-Help: <mailto:lsr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsr>, <mailto:lsr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2022 10:58:25 -0000
Alvaro, please see inline (##PP2) On 06/10/2022 02:30, Alvaro Retana wrote: > On October 5, 2022 at 12:02:30 PM, Peter Psenak wrote: > > > Peter: > > Hi! > > > ... >>> (1) When is a router's participation in a particular Flex-Algorithm >>> advertised? > ... >>> Presumably, the operator configures support for a specific Flex-Algorithm >>> with a FAD in mind. IOW, there should be no surprises. However, I would >>> like to see the relationship between the support/participation >>> configuration and the FAD components explicitly called out. >> >> ##PP >> Section 5.3 says: >> >> "If a node is configured to participate in a particular Flexible- >> Algorithm, but there is no valid Flex-Algorithm definition available >> for it, or the selected Flex-Algorithm definition includes >> calculation-type, metric-type, constraint, flag, or Sub-TLV that is >> not supported by the node, it MUST stop participating in such >> Flexible-Algorithm. That implies that it MUST NOT announce >> participation for such Flexible-Algorithm as specified in Section 11 >> and it MUST remove any forwarding state associated with it." > > First off, sorry I missed this text. :-( > > [Nit: I think I searched for Calc-Type, not calculation-type. > "Calculation type" is also used. Please be consistent.] ##PP2 fixed > > >> Is there anything more that you have in mind? > > Yes, a couple of things: > > (1) The text above instructs implementations of [RFC8667] and > [RFC8665] to stop advertising the specific Flex-Algorithm value, but > those RFCs (if I remember correctly) don't say anything about *not* > advertising the SR-Algorithm TLV/sub-TLV. This document should > formally Update those RFCs. ##PP2 advertising the SR-Algorithm TLV is optional. https://datatracker.ietf.org/doc/html/rfc8665#section-3.1 "The SR-Algorithm TLV is optional. It SHOULD only be advertised once in the Router Information Opaque LSA." Advertising any set of algorithms in this TLV is supported. A router is free to add or remove any algorithm value from the TLV. This is all well supported by both above mentioned RFCs. I don't see any need for update. > > (2) The text related to the Update should be in §11, which is where > the participation advertisement is specified. Text should also be > added to §11.2 to indicate that other data-planes have to do the same > thing. ##PP2 I have added following to the section 11: "Advertisement of the participation for any particular Flex-Algorithm in any data-plane is subject to the condition specified in Section 5.3." Would that be sufficient? > > (3) My original request: I would like to see the relationship between > the support/participation configuration and the FAD components > explicitly called out...from the operator's point of view. Even if > the protocol is specified to react, the operator may configure with > different expectations. I'm thinking of something along the lines of > (in §15.*): > > When configuring a node to participate in a specific Flex-Algorithm, > the components of the definition (calc, metric) should be considered > carefully. The configuration of a Flex-Algo ID doesn't guarantee that > the node will actively participate in the topology because it may not > support the cal or metric types... Changes in the FAD configuration > should also be considered in light of the capabilities of the routers > in the flooding domain. ... > ##PP2 Added following text to section 15.4, that I renamed it to "FAD Definition and Changes" "When configuring a node to participate in a specific Flex-Algorithm, the components of the FAD (calculation-type, metric-type, constraints) should be considered carefully. The configuration of participation in a particular Flex-Algorithm doesn't guarantee that the node will actively participate in it, because it may not support the calculation-type, metric type or some constraint advertised by the winning FAD (see Section 5.3). Changes in the FAD configuration should also be considered in light of the capabilities of the participating routers in the scope of the FAD advertisement." > > > ... >>> (3) The Security Considerations section says that the attacks listed can be >>> addressed through authentication. However, it fails to consider what a rogue >>> node (one that is authenticated and taken over by an attacker) can do. >> >> ##PP >> if someone gets hold of the node that is authenticated it can advertise >> all sorts of bogus data that results in network becoming non functional. >> I don't know what we can do at the protocol level to avoid it. >> >>> >>> This type of attack is not preventable through authentication, and it is not >>> different from advertising any other incorrect information through IS-IS/ >>> OSPF. It should be mentioned in the Security Considerations section. >>> >>> Also, the effect of a hijacked/modified FAD may result in traffic not being >>> delivered at all -- for example, by using an unsupported Metric-Type or >>> Calc-Type. >> >> ##PP >> I don't disagree. > > I'm not sure if you also don't disagree that this case should be > mentioned in the Security Considerations. ;-) ##PP2 I added the following text to the Security Consideration: "If the node that is authenticated is taken over by an attacker, such rogue node can advertise the FAD for any Flex-Algorithm. Doing so may result in traffic for such Flex-Algorithm to be misrouted, or not being delivered at all, for example, by using an unsupported metric- type, calculation-type, or constraint. Such attack is not preventable through authentication, and it is not different from advertising any other incorrect information through IS-IS or OSPF." thanks. Peter > > It is not a new type of problem, but a new way to to do it. > > > Thanks! > > Alvaro. >
- [Lsr] Alvaro Retana's Discuss on draft-ietf-lsr-f… Alvaro Retana via Datatracker
- Re: [Lsr] Alvaro Retana's Discuss on draft-ietf-l… Peter Psenak
- Re: [Lsr] Alvaro Retana's Discuss on draft-ietf-l… Alvaro Retana
- Re: [Lsr] Alvaro Retana's Discuss on draft-ietf-l… Peter Psenak
- Re: [Lsr] Alvaro Retana's Discuss on draft-ietf-l… Alvaro Retana