IETF Logo Mail Archive

Re: [manet-dlep-rg] DLEP session establishment

Teco Boot <teco@inf-net.nl> Tue, 12 November 2013 17:51 UTC

Return-Path: <teco@inf-net.nl>
X-Original-To: manet-dlep-rg@ietfa.amsl.com
Delivered-To: manet-dlep-rg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66EDD21F9D39 for <manet-dlep-rg@ietfa.amsl.com>; Tue, 12 Nov 2013 09:51:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.81
X-Spam-Level:
X-Spam-Status: No, score=-2.81 tagged_above=-999 required=5 tests=[AWL=-0.607, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vqQiG3WCHRYe for <manet-dlep-rg@ietfa.amsl.com>; Tue, 12 Nov 2013 09:51:41 -0800 (PST)
Received: from mail-ee0-f49.google.com (mail-ee0-f49.google.com [74.125.83.49]) by ietfa.amsl.com (Postfix) with ESMTP id C96F421F9EB0 for <manet-dlep-rg@ietf.org>; Tue, 12 Nov 2013 09:51:05 -0800 (PST)
Received: by mail-ee0-f49.google.com with SMTP id b15so1950581eek.8 for <manet-dlep-rg@ietf.org>; Tue, 12 Nov 2013 09:51:04 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=UfkydzbQspufyUL5HcyiU+BHvHn9epK2hdzNsUuzDmI=; b=SoWpyGA2gQnGNL8JEKkcTNZWRsMXIQbFXKEVTaS2aNIc+C5NdUvs5KcyofmAVaFyyi kKuQNLNOomYjyf+oC01iN/Xli9Eo60FuOOTXq5JH7hFA5TPyXZZHN6ltNM59JCC6e9nV jYQUagLFEnRm1oxcIdlAFd17U+OHntTQutXZWb6FVkzR2QDo1clTuBTM4Qpl9zWoEgyG 1hoZtHCf4HqwWiTOJzJ+DnIThHqDLrXHlHc6SzLQh2j4Mt8fcYyoVMrMTQJth6feG7SX /gfpg5AaUFwmRRmPnflZuC4BsguIo0WZUAbIq3bPVowjaCXzGkH6wq+Fz57sA/d4EAAn NMKA==
X-Gm-Message-State: ALoCoQnw2RVnMPRwCSlWJs9XDBFWEdZMq5xnMif4Z33opKOXNcVO+5mKu1rnVY7yWAym7ocFY+bB
X-Received: by 10.14.5.3 with SMTP id 3mr17301233eek.49.1384278664226; Tue, 12 Nov 2013 09:51:04 -0800 (PST)
Received: from [10.175.173.29] (524A14A4.cm-4-3a.dynamic.ziggo.nl. [82.74.20.164]) by mx.google.com with ESMTPSA id z1sm78458216eeo.14.2013.11.12.09.51.01 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 12 Nov 2013 09:51:03 -0800 (PST)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1816\))
From: Teco Boot <teco@inf-net.nl>
In-Reply-To: <B177F831FB91F242972D0C35F6A0733106FB0425@SUCNPTEXM01.com.ad.uk.ds.corp>
Date: Tue, 12 Nov 2013 16:54:24 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <38A66EAB-9E99-46A9-A01C-6A1311CA2FF5@inf-net.nl>
References: <72FB622921C13746AD6349E70A8D9F307D9192F7@EXC-MBX03.tsn.tno.nl> <CAK=bVC85XAXR3Zkwq+JwELF-dvgrKwbowWCvwvnjeVn7VStnbw@mail.gmail.com> <72FB622921C13746AD6349E70A8D9F307D9193CD@EXC-MBX03.tsn.tno.nl> <5A8A5085482DA84995F4E70F5093AB50268E6C@XCH-BLV-503.nw.nos.boeing.com> <B2BA430A-F4E6-4DED-A7BB-7282A22802B7@inf-net.nl> <D02397F1-9D1B-4B36-81D0-4585ACDBA34A@gmail.com> <5D184300-2D97-4EC1-8D91-76D4A79B2BDA@inf-net.nl> <DDAE98C5-520E-4F8F-9F9B-2AB9A15A70EF@cisco.com> <0541163b-2d1c-4afd-ad06-ba9a25744310@SUCNPTEXC01.COM.AD.UK.DS.CORP> <B177F831FB91F242972D0C35F6A0733106FB0425@SUCNPTEXM01.com.ad.uk.ds.corp>
To: "Taylor, Rick" <Rick.Taylor@cassidian.com>
X-Mailer: Apple Mail (2.1816)
Cc: "DLEP Research Group (manet-dlep-rg@ietf.org)" <manet-dlep-rg@ietf.org>, Stan Ratliff <sratliff@cisco.com>
Subject: Re: [manet-dlep-rg] DLEP session establishment
X-BeenThere: manet-dlep-rg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DLEP Radio Group <manet-dlep-rg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/manet-dlep-rg>, <mailto:manet-dlep-rg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/manet-dlep-rg>
List-Post: <mailto:manet-dlep-rg@ietf.org>
List-Help: <mailto:manet-dlep-rg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/manet-dlep-rg>, <mailto:manet-dlep-rg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Nov 2013 17:51:45 -0000

Op 12 nov. 2013, om 13:47 heeft Taylor, Rick <Rick.Taylor@cassidian.com> het volgende geschreven:

> Sorry for the delay, I was out of office yesterday.
> 
> My thoughts:
> 
>    Router                                        Modem
>    ===================================================
> 
> 1)                                  TCP socket listen()
> 
> 2)  <--------------------------- Peer Discovery Message
>                              UDP unicast or broadcast?
>                                       + Session Cookie

Cookies with expiration timers?
Doesn’t add much security. Maybe useful for sanity check. Let's use the MAC address as cookie.

I prefer real security, e.g. RFC 6622 or TLS. And access lists.

Let’s permit new usage scenario’s, where TCP connections are set up multiple hops away. E.g. from management station or PCE node.


>                                     + TCP address/port
>           + Alternate reliable protocol endpoint infos
> 
> 3)  TCP connect()
> 
> 4)  Initialize (was Peer Offer) ---------------------->
>    + Session Cookie
> 
> 5)  <----------------------------------- Initialize ACK
>                                       + Session Cookie
>                                + Supported metric TLVs
> 
> 
> My reasoning, often agreeing with others:
> 
> The Modem 'advertises' its DLEP support, and therefore should
> be the one that listens for the TCP connect.
> 
> A cookie passed between the UDP discovery message and the TCP
> connection adds a little security (is this the modem I think I am
> connecting to?)  This could be extended to a full signature TLV
> in a later RFC.

Let’s do this right now. We can reuse existing security mechanisms, with some details how to implement.


> 
> The Peer Discovery message could carry additional reliable
> protocol endpoint information for non-TCP transports.
> 
> The Initialize ACK is the correct place to put the 'default'
> metric TLVs, and is sent by the modem.
> 
> A 3-way handshake seems safer to me.
> 
> I have a question over whether the Peer Discovery message should
> be unicast to a configured destination, or broadcast to all
> connected peers on a TBD port.  I prefer broadcast as it is more
> ZeroConf, but I can see use-cases for unicast to a configured
> destination for more complex topologies.

Router can set up the TCP connection, if it knows the Modem IP address. Let’s keep the modem a somewhat dummy device.


Teco


> 
> Cheers,
> 
> Rick Taylor
> 
>> -----Original Message-----
>> From: manet-dlep-rg-bounces@ietf.org [mailto:manet-dlep-rg-
>> bounces@ietf.org] On Behalf Of Teco Boot
>> Sent: 11 November 2013 16:29
>> To: Stan Ratliff
>> Cc: DLEP Research Group (manet-dlep-rg@ietf.org)
>> Subject: [manet-dlep-rg] DLEP session establishment
>> 
>> 
>> Op 11 nov. 2013, om 01:55 heeft Stan Ratliff (sratliff)
>> <sratliff@cisco.com> het volgende geschreven:
>> 
>>> Also, as to the Discovery: Here's what I'm writing up as we speak:
>>> 
>>> 
>>> Router
>> Modem
>>> ========================================
>>>                                    <------------------------ Peer
>> Discovery Message
>>> Peer Offer with           ------------------------->
>>> unicast IP addr/
>>> port for TCP connect
>> 
>> So this is multicast reply, telling modem to connect?
>> Why not TCP connect from router to modem? Makes more sense to me, the
>> modem is the peer offering a service.
>> Maybe add a TcpPort TLV in the Peer Discovery, this allows other than IANA
>> assigned ports.
>> 
>> 
>>> 
>>> *Connect on TCP socket. Router has issued TCP "listen",
>>>   modem issues TCP "connect" (e.g. Modem is the TCP "client",
>>>   router is the TCP "server")
>>> 
>>> Now, The modem's UDP socket can be closed.
>> 
>> Please don't.
>> 
>> 
>>> Over the TCP
>>> Socket,
>>>                                   <------------------------- Peer
>> Initialization containing
>>> 
>> TLVs/default values for ALL
>>> 
>> supported metric values - all
>>> 
>> meaning the MANDATORY ones,
>>> 
>> plus any optional metrics (right now,
>>> 
>> just Resources) that are supported.
>> 
>> Yes, here the full set TLV exchange takes place. This should not be in the
>> Peer Discovery. That's why I suggested to put this in the Peer Offer.
>> 
>> 
>>> 
>>> Peer Initialization ACK ---------------------->
>>> MAY contain optional
>>> Layer 3 (address) TLVs
>> 
>> I'm fine with three way handshake, not with this two way. Or use TCP
>> disconnect when modem modem is not willing to accept first message from
>> router.
>> 
>> Teco
>> 
>>> 
>>> .... And, everything from there is basically the same as before.
>> 
>> _______________________________________________
>> manet-dlep-rg mailing list
>> manet-dlep-rg@ietf.org
>> https://www.ietf.org/mailman/listinfo/manet-dlep-rg
> The information contained within this e-mail and any files attached to this e-mail is private and in addition may include commercially sensitive information. The contents of this e-mail are for the intended recipient only and therefore if you wish to disclose the information contained within this e-mail or attached files, please contact the sender prior to any such disclosure. If you are not the intended recipient, any disclosure, copying or distribution is prohibited. Please also contact the sender and inform them of the error and delete the e-mail, including any attached files from your system. Cassidian Limited, Registered Office : Quadrant House, Celtic Springs, Coedkernew, Newport, NP10 8FZ Company No: 04191036 http://www.cassidian.com

v2.23.0 | Report a Bug | By Email