Re: [MBONED] Mail regarding draft-tissa-pim-mcastoam
"Tissa Senevirathne (tsenevir)" <tsenevir@cisco.com> Tue, 20 March 2012 03:22 UTC
Return-Path: <tsenevir@cisco.com>
X-Original-To: mboned@ietfa.amsl.com
Delivered-To: mboned@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD25C21F883E for <mboned@ietfa.amsl.com>; Mon, 19 Mar 2012 20:22:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.566
X-Spam-Level:
X-Spam-Status: No, score=-7.566 tagged_above=-999 required=5 tests=[AWL=1.367, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, SARE_FWDLOOK=1.666]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nE7LFKPvi8j5 for <mboned@ietfa.amsl.com>; Mon, 19 Mar 2012 20:22:36 -0700 (PDT)
Received: from mtv-iport-2.cisco.com (mtv-iport-2.cisco.com [173.36.130.13]) by ietfa.amsl.com (Postfix) with ESMTP id 1BA4621F883D for <mboned@ietf.org>; Mon, 19 Mar 2012 20:22:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=tsenevir@cisco.com; l=4067; q=dns/txt; s=iport; t=1332213756; x=1333423356; h=mime-version:content-transfer-encoding:subject:date: message-id:in-reply-to:references:from:to; bh=q30DvJsnD/DLyV3wli6GBYc2eVyZEfOVEKujQRsHquY=; b=asL/P1mRCVdFV8W74cZyMej8mRaQkb1yN0EseUW18etGr1wGDdeNPhd4 eJ6VMrhsbXOx8ojmeEidkpYvUtzNweG8mvRZukzJZ8yfaZ2ve+nwMWcxK Us7H1jekHaJazmSQzbknj6bYhJ0uZyEhO0ZJWeBq2Nm6U3ODRrjlVx8UZ Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av8EAEz3Z0+rRDoH/2dsb2JhbABBtlCBB4IJAQEBBBIBHQoPPAQCAQgOAwQBAQsGFwEGAUUJCAEBBAESCAEZhW+BeAyYR58VikAEhTpjBIhWm0iBaIMGgTUH
X-IronPort-AV: E=Sophos;i="4.73,616,1325462400"; d="scan'208";a="36822512"
Received: from mtv-core-2.cisco.com ([171.68.58.7]) by mtv-iport-2.cisco.com with ESMTP; 20 Mar 2012 03:22:35 +0000
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by mtv-core-2.cisco.com (8.14.3/8.14.3) with ESMTP id q2K3MYUh004320; Tue, 20 Mar 2012 03:22:34 GMT
Received: from xmb-sjc-214.amer.cisco.com ([171.70.151.145]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 19 Mar 2012 20:22:34 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 19 Mar 2012 20:22:33 -0700
Message-ID: <344037D7CFEFE84E97E9CC1F56C5F4A5C80039@xmb-sjc-214.amer.cisco.com>
In-Reply-To: <13205C286662DE4387D9AF3AC30EF456D768745564@EMBX01-WF.jnpr.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Mail regarding draft-tissa-pim-mcastoam
Thread-Index: Ac0GG/Iw6vtXBbrBTxGWarf6ZPOOwwAKaTBQ
References: <13205C286662DE4387D9AF3AC30EF456D768745564@EMBX01-WF.jnpr.net>
From: "Tissa Senevirathne (tsenevir)" <tsenevir@cisco.com>
To: Ronald Bonica <rbonica@juniper.net>, draft-tissa-pim-mcastoam@tools.ietf.org, mboned@ietf.org
X-OriginalArrivalTime: 20 Mar 2012 03:22:34.0784 (UTC) FILETIME=[B16E9A00:01CD0648]
Subject: Re: [MBONED] Mail regarding draft-tissa-pim-mcastoam
X-BeenThere: mboned@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mail List for the Mboned Working Group <mboned.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mboned>, <mailto:mboned-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mboned>
List-Post: <mailto:mboned@ietf.org>
List-Help: <mailto:mboned-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mboned>, <mailto:mboned-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2012 03:22:37 -0000
Hi Ron Thanks for the email and comments. Please see specific comments in-line. Also I would like to highlight the motivation of this proposal, to help appreciate the background and the need. Please consider a scenario like below. Where network X is run by provider. He offers Hosting services. Assume for now there is a multicast problem. As the operator of the network he/she does not have access to the hosting machines. What is very helpful here would be to have standard set of tools that can be executed from R (routers) that will allow to exercise the data plane. Network - X +------------------------------+ Hosting Apps | | Hosting App Customer Monitor | Operated and Maintained | Customer Monitor H------- R by R ----------H | Provider | | | +------------------------------+ See below more specific answers embedded. -----Original Message----- From: Ronald Bonica [mailto:rbonica@juniper.net] Sent: Monday, March 19, 2012 3:02 PM To: draft-tissa-pim-mcastoam@tools.ietf.org; mboned@ietf.org Subject: Mail regarding draft-tissa-pim-mcastoam Tissa, Currently, any station sourcing traffic to a multicast group can send an ICMP Echo message to that group. The ICMP Echo message elicits a response from each receiver subscribed to the group. This may not be desirable because the number of receivers, and therefore, the number of responses, may be very large. [Answer] Absolutely agree with the statement. draft-tissa-pim-mcastoam draft attempts to remedy that problem by appending an RFC 4884 extension to the ICMP Echo. The extension specifies which stations should respond and which should not. This raises the following questions: 1) Backwards compatibility - Hosts running legacy software will not parse the new extension. They will respond to the ICMP Echo regardless of how it was scoped by the extension. So, the sender will not be protected from a barrage of responses. [Answer] Agreed, however draft is provided as a forward looking approach. Based on the progress of the draft and comments on the usefulness of the mcast-oam tools we are planning to contribute to Linux open source both RFC4884 extensions and extensions proposed in this document. 2) ICMP Behavior - In your draft, the ICMP Echo elicits a response from all receivers and intermediate routers. Currently, routers do not respond unless they are also receivers. Are you recommending that the router should both process the PING message (as a receiver) and forward it (as a router)? [Answer] We are not expecting routers to respond to ping of receiver detection. However, as indicated in section 3.3.1 of the draft, for messages that need to discover routers performing different roles, we generate the message with router alert bit set, hence letting each router in the data plane to receive a copy of the discovery OAM messages. 3) Security considerations - Could multicast PINGs be used as a DoS vector? In particular, what happens if the multicast source pings a group that has many, many receivers. The PING specifies a spoofed source address and is scoped to 0.0.0.0/0. In all fairness, this condition exists today. [Answer] Like you indicated you can do the same as of today, however, we strongly recommend platforms implementing this feature to rate limit receipt of such multicast ICMP packet to the CPU or even in the data plane itself. 4) ICMP Syntax - The ICMP Echo / Response messages are not extensible. See RFC 4884, Section 4 for details. [Answer] Yes as of RFC4884 it is not extensible, we are planning to use draft-shen-traceroute-ping-ext-04, which allow to extend ICMP Echo request messages -------------------------- Ron Bonica vcard: www.bonica.org/ron/ronbonica.vcf
- [MBONED] Mail regarding draft-tissa-pim-mcastoam Ronald Bonica
- Re: [MBONED] Mail regarding draft-tissa-pim-mcast… Tissa Senevirathne (tsenevir)
- Re: [MBONED] Mail regarding draft-tissa-pim-mcast… Ronald Bonica
- Re: [MBONED] Mail regarding draft-tissa-pim-mcast… Tissa Senevirathne (tsenevir)
- Re: [MBONED] Mail regarding draft-tissa-pim-mcast… Ronald Bonica
- Re: [MBONED] Mail regarding draft-tissa-pim-mcast… Ronald Bonica
- Re: [MBONED] Mail regarding draft-tissa-pim-mcast… Tissa Senevirathne (tsenevir)
- Re: [MBONED] Mail regarding draft-tissa-pim-mcast… Stig Venaas