IETF Logo Mail Archive

Re: [MBONED] [Bier] [Msr6] MSR6 BOF 3rd Issue Category: More details are requested about the large scale use cases, including issue 8-11

"Gengxuesong (Geng Xuesong)" <gengxuesong@huawei.com> Thu, 03 November 2022 08:07 UTC

Return-Path: <gengxuesong@huawei.com>
X-Original-To: mboned@ietfa.amsl.com
Delivered-To: mboned@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4642C14CF06; Thu, 3 Nov 2022 01:07:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y2AnJYnvfR_3; Thu, 3 Nov 2022 01:07:40 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FD96C14CF0A; Thu, 3 Nov 2022 01:07:40 -0700 (PDT)
Received: from frapeml100005.china.huawei.com (unknown [172.18.147.226]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4N2xBz3gWnz6H7H6; Thu, 3 Nov 2022 16:05:31 +0800 (CST)
Received: from canpemm100010.china.huawei.com (7.192.104.38) by frapeml100005.china.huawei.com (7.182.85.132) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Thu, 3 Nov 2022 09:07:36 +0100
Received: from canpemm500010.china.huawei.com (7.192.105.118) by canpemm100010.china.huawei.com (7.192.104.38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Thu, 3 Nov 2022 16:07:34 +0800
Received: from canpemm500010.china.huawei.com ([7.192.105.118]) by canpemm500010.china.huawei.com ([7.192.105.118]) with mapi id 15.01.2375.031; Thu, 3 Nov 2022 16:07:34 +0800
From: "Gengxuesong (Geng Xuesong)" <gengxuesong@huawei.com>
To: Dino Farinacci <farinacci@gmail.com>
CC: Toerless Eckert <tte@cs.fau.de>, Jeffrey Zhang <zzhang@juniper.net>, "Xiejingrong (Jingrong)" <xiejingrong=40huawei.com@dmarc.ietf.org>, BIER WG <bier@ietf.org>, "msr6@ietf.org" <msr6@ietf.org>, "mboned@ietf.org" <mboned@ietf.org>, "pim@ietf.org" <pim@ietf.org>
Thread-Topic: [Bier] [Msr6] MSR6 BOF 3rd Issue Category: More details are requested about the large scale use cases, including issue 8-11
Thread-Index: AQHY6Bn0VxsGsM/LdkygnU3L9Ev6sq4i3/yAgACB6YCAACMpAIAEnMAAgABfOYCAATxrkIAAWXUAgALLPNA=
Date: Thu, 03 Nov 2022 08:07:34 +0000
Message-ID: <59db81efd80b475b976016dd19423eec@huawei.com>
References: <D0BA8841-BA90-4DF5-AAE5-A0113D4F17C7@gmail.com> <02fc01d8e537$6037c7e0$20a757a0$@chinamobile.com> <1A893DF5-816E-4D09-AAC6-065BBD1BD409@gmail.com> <Y1X2kvbLv0qXtD8z@faui48e.informatik.uni-erlangen.de> <DDD735E2-0930-4CB8-8992-E3E74C715D16@gmail.com> <Y1a8+EK9qA2kKDBF@faui48e.informatik.uni-erlangen.de> <03B2B681-FE16-4961-8932-1F3F29932837@gmail.com> <0d2e78fefe9e4cef87c52493b7fefc80@huawei.com> <BL0PR05MB56528FCEF7FDE262F633A24FD4329@BL0PR05MB5652.namprd05.prod.outlook.com> <C10FBD6A-E651-49BB-B2EC-0C04FC966C4A@gmail.com> <Y1/nUmnoYQhTn7OO@faui48e.informatik.uni-erlangen.de> <15F231E4-1D93-4531-AEA1-B4DC06F25A69@gmail.com> <c8fef4dfda8840d898b3bc01262ce97b@huawei.com> <A4F29DF0-147E-43A2-B8FF-E63A3D964FDC@gmail.com>
In-Reply-To: <A4F29DF0-147E-43A2-B8FF-E63A3D964FDC@gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.153.177.102]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/mboned/0nV6gnuFBRcUCmqtjz-lYxHmBCo>
Subject: Re: [MBONED] [Bier] [Msr6] MSR6 BOF 3rd Issue Category: More details are requested about the large scale use cases, including issue 8-11
X-BeenThere: mboned@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Mail List for the Mboned Working Group <mboned.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mboned>, <mailto:mboned-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mboned/>
List-Post: <mailto:mboned@ietf.org>
List-Help: <mailto:mboned-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mboned>, <mailto:mboned-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2022 08:07:41 -0000

Hi Dino,

Thanks for your response and please find some comments inline.

Best
Xuesong

-----Original Message-----
From: Dino Farinacci [mailto:farinacci@gmail.com] 
Sent: Wednesday, November 2, 2022 5:12 AM
To: Gengxuesong (Geng Xuesong) <gengxuesong@huawei.com>
Cc: Toerless Eckert <tte@cs.fau.de>; Jeffrey Zhang <zzhang@juniper.net>; Xiejingrong (Jingrong) <xiejingrong=40huawei.com@dmarc.ietf.org>; BIER WG <bier@ietf.org>; msr6@ietf.org; mboned@ietf.org; pim@ietf.org
Subject: Re: [Bier] [Msr6] MSR6 BOF 3rd Issue Category: More details are requested about the large scale use cases, including issue 8-11

> [Xuesong] I think it is necessary to emphasize that using MSR6 will be limited in a controlled domain. 

Don't we have that now with PIM? And we will have that with BIER based on the architectural choices.

You need to do better to get people to take this seriously.



[Xuesong] I agree that we should take security seriously. While still maybe we could be more careful about the conclusion: "multicast source routing will introduce more attack risk than the previous multicast solutions", which requests further proof. From the point of view of mechanism, I think MSR brings no more security problem than the existing BIER solution, whose forwarding & replication is also determined by the encapsulation(global bitstring).



> For example, in the host-initiated case, we focus on enterprise scenario where both host and network device are under the same operating entity.

We have that with PIM and a boat load of hardware that supports RPF based forwarding (ditto for Bidir-PIM forwarding).


[Xuesong] Do you mean that RPF could bring more security through mechanism like " Source address verification"? 
	

> But still, security consideration is necessary, maybe referring to the previous experience from BIER and SPRING.

The fact that an Internet host "does not ask for packets", means anyone can send it packets they don't want. 

With explicitly joined trees and IGMP, we default differently with IP multicast. A feature and not a bug.


[Xuesong] I think "host-initiated multicast" doesn't mean that the host could send the packet to any receiver it want. The receiver of the multicast should be determined by the application layer (e.g., http request with the same content requirement) or a controller could gather the information about which receivers want the same content.


Dino

P.S. Advice, take the good with the bad.  ;-)

[Xuesong] Thanks for your advice, we could try together ; )

v2.23.0 | Report a Bug | By Email