IETF Logo Mail Archive

[MBONED] Mail regarding draft-tissa-pim-mcastoam

Ronald Bonica <rbonica@juniper.net> Mon, 19 March 2012 22:03 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: mboned@ietfa.amsl.com
Delivered-To: mboned@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE28521F8535 for <mboned@ietfa.amsl.com>; Mon, 19 Mar 2012 15:03:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.514
X-Spam-Level:
X-Spam-Status: No, score=-106.514 tagged_above=-999 required=5 tests=[AWL=0.085, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mubk+f7N8dIu for <mboned@ietfa.amsl.com>; Mon, 19 Mar 2012 15:03:50 -0700 (PDT)
Received: from exprod7og118.obsmtp.com (exprod7og118.obsmtp.com [64.18.2.8]) by ietfa.amsl.com (Postfix) with ESMTP id 6F5B821F8624 for <mboned@ietf.org>; Mon, 19 Mar 2012 15:03:43 -0700 (PDT)
Received: from P-EMHUB02-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob118.postini.com ([64.18.6.12]) with SMTP ID DSNKT2etPnpY3NT9flMNq6BXMKTrqSiOu/8w@postini.com; Mon, 19 Mar 2012 15:03:49 PDT
Received: from p-emfe01-wf.jnpr.net (172.28.145.24) by P-EMHUB02-HQ.jnpr.net (172.24.192.36) with Microsoft SMTP Server (TLS) id 8.3.213.0; Mon, 19 Mar 2012 15:02:18 -0700
Received: from EMBX01-WF.jnpr.net ([fe80::1914:3299:33d9:e43b]) by p-emfe01-wf.jnpr.net ([fe80::d0d1:653d:5b91:a123%11]) with mapi; Mon, 19 Mar 2012 18:02:17 -0400
From: Ronald Bonica <rbonica@juniper.net>
To: "draft-tissa-pim-mcastoam@tools.ietf.org" <draft-tissa-pim-mcastoam@tools.ietf.org>, "mboned@ietf.org" <mboned@ietf.org>
Date: Mon, 19 Mar 2012 18:02:16 -0400
Thread-Topic: Mail regarding draft-tissa-pim-mcastoam
Thread-Index: Ac0GG/Iw6vtXBbrBTxGWarf6ZPOOww==
Message-ID: <13205C286662DE4387D9AF3AC30EF456D768745564@EMBX01-WF.jnpr.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [MBONED] Mail regarding draft-tissa-pim-mcastoam
X-BeenThere: mboned@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mail List for the Mboned Working Group <mboned.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mboned>, <mailto:mboned-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mboned>
List-Post: <mailto:mboned@ietf.org>
List-Help: <mailto:mboned-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mboned>, <mailto:mboned-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2012 22:03:52 -0000

Tissa,

Currently, any station sourcing traffic to a multicast group can send an ICMP Echo message to that group. The ICMP Echo message elicits a response from each receiver subscribed to the group. This may not be desirable because the number of receivers, and therefore, the number of responses, may be very large.

draft-tissa-pim-mcastoam draft attempts to remedy that problem by appending an RFC 4884 extension to the ICMP Echo. The extension specifies which stations should respond and which should not.

This raises the following questions:

1) Backwards compatibility - Hosts running legacy software will not parse the new extension. They will respond to the ICMP Echo regardless of how it was scoped by the extension. So, the sender will not be protected from a barrage of responses.

2) ICMP Behavior - In your draft, the ICMP Echo elicits a response from all receivers and intermediate routers. Currently, routers do not respond unless they are also receivers. Are you recommending that the router should both process the PING message (as a receiver) and forward it (as a router)?

3) Security considerations - Could multicast PINGs be used as a DoS vector? In particular, what happens if the multicast source pings a group that has many, many receivers. The PING specifies a spoofed source address and is scoped to 0.0.0.0/0.

In all fairness, this condition exists today. 

4) ICMP Syntax -  The ICMP Echo / Response messages are not extensible. See RFC 4884, Section 4 for details.



--------------------------
Ron Bonica
vcard:       www.bonica.org/ron/ronbonica.vcf

v2.23.0 | Report a Bug | By Email