Re: [Lsvr] Alvaro's Remaining Comments: New Version Notification for draft-ietf-lsvr-bgp-spf-27.txt
Acee Lindem <acee.ietf@gmail.com> Thu, 31 August 2023 16:00 UTC
Return-Path: <acee.ietf@gmail.com>
X-Original-To: lsvr@ietfa.amsl.com
Delivered-To: lsvr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F024C137382; Thu, 31 Aug 2023 09:00:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.108
X-Spam-Level:
X-Spam-Status: No, score=-6.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iONkTeaEMnhD; Thu, 31 Aug 2023 09:00:19 -0700 (PDT)
Received: from mail-qk1-x732.google.com (mail-qk1-x732.google.com [IPv6:2607:f8b0:4864:20::732]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F24E2C13AE38; Thu, 31 Aug 2023 09:00:18 -0700 (PDT)
Received: by mail-qk1-x732.google.com with SMTP id af79cd13be357-76dbd877cd9so54795485a.0; Thu, 31 Aug 2023 09:00:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1693497618; x=1694102418; darn=ietf.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=RZB30djEewYc816HPBJzVsmz3Mew6u3depcel5ktqNo=; b=GxOJhQBcPr20NKsPAidB2duSYdpx7cBYpUAWyrCurafHB4uLZXqQRldqZgniVe6IaR DxHnEUBVjxiZHo1iX7VqiAh9eNuSyavxUTXwUq5xF1F3oatLo0KGe1ijgJshOBhr5Ju3 WCNp0AAGtW4X2ZgFewA9fCICnb1w1FGvqmX/XxNCjLJBsUrqy/1N8MhMLhaoV5pdoqQE K2ftaJQ6o+D47v7rXD4IvcKvRFXUW6euYoed3WQykgCggoqoF9gq9CwpK5BCBJbQS5/B ubFLQrSLE17YQLM4ktPUC2lBWRenuPzbuse6q65SwPSlF7eSViZQIywv5rre8qFb6i2Q xbIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1693497618; x=1694102418; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RZB30djEewYc816HPBJzVsmz3Mew6u3depcel5ktqNo=; b=H539WL9jrsIw61Ixxkg4BPfsbOa3ai70Uzt6LUoIj20BMBF1We8eDbKRs+vUBaRNOv LQ8GysAbgjH49s8InyYtNfKfyCDvoWmdAUg4XwlbQpCloBuYCE6TCTM47KgTPZbAqSWV ZBgWbOjwcb78H/EaZZ6cTNC2wofTV4khAhAtaj4hZjSDY2bUBiT88i3NDCY4KzYL6kSp AkxXDF/4wKpi8tFTw56n+6/OU+yrNTQKmIPcPAc+8vK5DEUm0vzRf/EljAIB85C7jWBG sChHvsVOfpELDNP40pryLinJBClJ/7g7vsmXxtuM+lcxojfZzHnLssysKR+QhfgxbLWP l9AQ==
X-Gm-Message-State: AOJu0YxAwp255Sk+H2hGbBbYuuo3GQtFyXFFy8ZqJ2zYtYr42aZJ2XOp ImWUgyCe5tnv7AGNyeaxlfk=
X-Google-Smtp-Source: AGHT+IFmk9eLVgF5mgzCf8mCdOVlTQK37phKP3tFn3O1p3bmu90PG7syZElnXCAMH05FVdV1ziILEw==
X-Received: by 2002:a05:620a:e9b:b0:76e:f149:fb43 with SMTP id w27-20020a05620a0e9b00b0076ef149fb43mr2793088qkm.70.1693497617767; Thu, 31 Aug 2023 09:00:17 -0700 (PDT)
Received: from smtpclient.apple ([2605:a601:9199:bf00:740b:b25c:f906:37a6]) by smtp.gmail.com with ESMTPSA id j26-20020a05620a001a00b0076d6a08ac98sm695107qki.76.2023.08.31.09.00.17 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 31 Aug 2023 09:00:17 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
From: Acee Lindem <acee.ietf@gmail.com>
In-Reply-To: <CAMMESswKxzxBKVZyMbyPEucZvTDG2Faoe8gYsJg5=EjbKiUHqQ@mail.gmail.com>
Date: Thu, 31 Aug 2023 12:00:06 -0400
Cc: James Guichard <james.n.guichard@futurewei.com>, "lsvr@ietf.org" <lsvr@ietf.org>, Keyur Patel <keyur@arrcus.com>, lsvr-chairs@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <9B160EAC-8979-49F4-9030-BB819280BA4C@gmail.com>
References: <169039355480.3375.9650340417091158442@ietfa.amsl.com> <EE87B1E7-38C3-4B15-BA6B-E82114735C6B@gmail.com> <CAMMESsyoa2ZVcX9k22x2ytgKT482DCOkDFGhHej2UOSz_MgUjQ@mail.gmail.com> <CAMMESswKxzxBKVZyMbyPEucZvTDG2Faoe8gYsJg5=EjbKiUHqQ@mail.gmail.com>
To: Alvaro Retana <aretana.ietf@gmail.com>
X-Mailer: Apple Mail (2.3731.700.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lsvr/p0UnDzZ_aNIzuhBQ-6UTcP03oq4>
Subject: Re: [Lsvr] Alvaro's Remaining Comments: New Version Notification for draft-ietf-lsvr-bgp-spf-27.txt
X-BeenThere: lsvr@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Link State Vector Routing <lsvr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lsvr>, <mailto:lsvr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lsvr/>
List-Post: <mailto:lsvr@ietf.org>
List-Help: <mailto:lsvr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lsvr>, <mailto:lsvr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Aug 2023 16:00:23 -0000
Hi Alvaro, > On Aug 31, 2023, at 11:36 AM, Alvaro Retana <aretana.ietf@gmail.com> wrote: > > > Hi! > > I looked at the diffs from -27. > > Thanks for addressing the issues with the next hop and the link identifiers -- I have a nit with this last part: > > §5.2.2: > > ...discovering the Link Remote Identifier is beyond the scope of this document. ...it is RECOMMENDED that the Link Remote Identifiers be known (e.g., discovered using alternate mechanisms or configured) in the presence of parallel unnumbered links. > > Leaving the discovery out of scope is fine. However, making it normatively RECOMMENDED is a contradiction (because it is out of scope). s/RECOMMENDED/recommended Right - I agree. > > > > My only major issue left is the text from §7.4 that can result in endless session resets and provide an easy vector to affect the network's stability. See below. > > > Thanks! > > Alvaro. > > On August 2, 2023 at 2:53:35 PM, Alvaro Retana (aretana.ietf@gmail.com) wrote: >> >> >> ... >> The new section says this: >> >> 7.4. BGP-LS-SPF Link State NLRI Database Synchronization >> >> While uncommon, there may be situations where the LSNDBs of two BGP- >> LS-SPF speakers lose synchronization. In these situations, the BGP >> session MUST be reset. The mechanisms to detect loss of >> synchronization are beyond the scope of this document. >> >> Resetting the session should result in a resync, so it is not a bad recommendation. [A route refresh could also be used.] >> >> All the cases of BGP-LS drop and treat-as-withdraw specified in §7.1 lead to loss in synchronization and resetting the session won't necessarily fix the problem. In the specific case of §5.1.2 (where the BGP-LS attribute is discarded because of the message size) the action will result in the session bouncing forever -- and all the other routes being lost, potentially leaving a part of the network without any reachability. >> >> A rogue node can then remove the BGP-LS attribute, or manipulate the TLVs to cause any other error to affect the whole session -- not just a single route. IOW, the impact is beyond that is mentioned in the Security Considerations: >> >> If an authorized BGP peer is compromised, that BGP peer could advertise >> modified Node, Link, or Prefix NLRI which result in misrouting, repeating >> origination of NLRI, and/or excessive SPF calculations. Yeah, Keyur and I still need to talk about error handling and synchronization. Due to scheduling and there not being a simple solution, we still haven’t done this. I wanted to go ahead and publish what I had pushed to the repository. Thanks, Acee
- Re: [Lsvr] Alvaro's Remaining Comments: New Versi… Alvaro Retana
- Re: [Lsvr] Alvaro's Remaining Comments: New Versi… Alvaro Retana
- Re: [Lsvr] Alvaro's Remaining Comments: New Versi… Acee Lindem