Re: [MBONED] Mail regarding draft-tissa-pim-mcastoam
"Tissa Senevirathne (tsenevir)" <tsenevir@cisco.com> Tue, 20 March 2012 03:22 UTC
Return-Path: <tsenevir@cisco.com>
X-Original-To: mboned@ietfa.amsl.com
Delivered-To: mboned@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD25C21F883E for <mboned@ietfa.amsl.com>; Mon, 19 Mar 2012 20:22:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.566
X-Spam-Level:
X-Spam-Status: No, score=-7.566 tagged_above=-999 required=5 tests=[AWL=1.367, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, SARE_FWDLOOK=1.666]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nE7LFKPvi8j5 for <mboned@ietfa.amsl.com>; Mon, 19 Mar 2012 20:22:36 -0700 (PDT)
Received: from mtv-iport-2.cisco.com (mtv-iport-2.cisco.com [173.36.130.13]) by ietfa.amsl.com (Postfix) with ESMTP id 1BA4621F883D for <mboned@ietf.org>; Mon, 19 Mar 2012 20:22:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=tsenevir@cisco.com; l=4067; q=dns/txt; s=iport; t=1332213756; x=1333423356; h=mime-version:content-transfer-encoding:subject:date: message-id:in-reply-to:references:from:to; bh=q30DvJsnD/DLyV3wli6GBYc2eVyZEfOVEKujQRsHquY=; b=asL/P1mRCVdFV8W74cZyMej8mRaQkb1yN0EseUW18etGr1wGDdeNPhd4 eJ6VMrhsbXOx8ojmeEidkpYvUtzNweG8mvRZukzJZ8yfaZ2ve+nwMWcxK Us7H1jekHaJazmSQzbknj6bYhJ0uZyEhO0ZJWeBq2Nm6U3ODRrjlVx8UZ Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av8EAEz3Z0+rRDoH/2dsb2JhbABBtlCBB4IJAQEBBBIBHQoPPAQCAQgOAwQBAQsGFwEGAUUJCAEBBAESCAEZhW+BeAyYR58VikAEhTpjBIhWm0iBaIMGgTUH
X-IronPort-AV: E=Sophos;i="4.73,616,1325462400"; d="scan'208";a="36822512"
Received: from mtv-core-2.cisco.com ([171.68.58.7]) by mtv-iport-2.cisco.com with ESMTP; 20 Mar 2012 03:22:35 +0000
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by mtv-core-2.cisco.com (8.14.3/8.14.3) with ESMTP id q2K3MYUh004320; Tue, 20 Mar 2012 03:22:34 GMT
Received: from xmb-sjc-214.amer.cisco.com ([171.70.151.145]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 19 Mar 2012 20:22:34 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 19 Mar 2012 20:22:33 -0700
Message-ID: <344037D7CFEFE84E97E9CC1F56C5F4A5C80039@xmb-sjc-214.amer.cisco.com>
In-Reply-To: <13205C286662DE4387D9AF3AC30EF456D768745564@EMBX01-WF.jnpr.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Mail regarding draft-tissa-pim-mcastoam
Thread-Index: Ac0GG/Iw6vtXBbrBTxGWarf6ZPOOwwAKaTBQ
References: <13205C286662DE4387D9AF3AC30EF456D768745564@EMBX01-WF.jnpr.net>
From: "Tissa Senevirathne (tsenevir)" <tsenevir@cisco.com>
To: Ronald Bonica <rbonica@juniper.net>, draft-tissa-pim-mcastoam@tools.ietf.org, mboned@ietf.org
X-OriginalArrivalTime: 20 Mar 2012 03:22:34.0784 (UTC) FILETIME=[B16E9A00:01CD0648]
Subject: Re: [MBONED] Mail regarding draft-tissa-pim-mcastoam
X-BeenThere: mboned@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mail List for the Mboned Working Group <mboned.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mboned>, <mailto:mboned-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mboned>
List-Post: <mailto:mboned@ietf.org>
List-Help: <mailto:mboned-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mboned>, <mailto:mboned-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2012 03:22:37 -0000
Hi Ron
Thanks for the email and comments. Please see specific comments in-line.
Also I would like to highlight the motivation of this proposal, to help
appreciate the background and the need.
Please consider a scenario like below. Where network X is run by
provider. He offers Hosting services. Assume for now there is a
multicast problem. As the operator of the network he/she does not have
access to the hosting machines. What is very helpful here would be to
have standard set of tools that can be executed from R (routers) that
will allow to exercise the data plane.
Network - X
+------------------------------+
Hosting Apps | | Hosting App
Customer Monitor | Operated and Maintained | Customer Monitor
H------- R by R ----------H
| Provider |
| |
+------------------------------+
See below more specific answers embedded.
-----Original Message-----
From: Ronald Bonica [mailto:rbonica@juniper.net]
Sent: Monday, March 19, 2012 3:02 PM
To: draft-tissa-pim-mcastoam@tools.ietf.org; mboned@ietf.org
Subject: Mail regarding draft-tissa-pim-mcastoam
Tissa,
Currently, any station sourcing traffic to a multicast group can send an
ICMP Echo message to that group. The ICMP Echo message elicits a
response from each receiver subscribed to the group. This may not be
desirable because the number of receivers, and therefore, the number of
responses, may be very large.
[Answer] Absolutely agree with the statement.
draft-tissa-pim-mcastoam draft attempts to remedy that problem by
appending an RFC 4884 extension to the ICMP Echo. The extension
specifies which stations should respond and which should not.
This raises the following questions:
1) Backwards compatibility - Hosts running legacy software will not
parse the new extension. They will respond to the ICMP Echo regardless
of how it was scoped by the extension. So, the sender will not be
protected from a barrage of responses.
[Answer] Agreed, however draft is provided as a forward looking
approach. Based on the progress of the draft and comments on the
usefulness of the mcast-oam tools we are planning to contribute to Linux
open source both RFC4884 extensions and extensions proposed in this
document.
2) ICMP Behavior - In your draft, the ICMP Echo elicits a response from
all receivers and intermediate routers. Currently, routers do not
respond unless they are also receivers. Are you recommending that the
router should both process the PING message (as a receiver) and forward
it (as a router)?
[Answer] We are not expecting routers to respond to ping of receiver
detection. However, as indicated in section 3.3.1 of the draft, for
messages that need to discover routers performing different roles, we
generate the message with router alert bit set, hence letting each
router in the data plane to receive a copy of the discovery OAM
messages.
3) Security considerations - Could multicast PINGs be used as a DoS
vector? In particular, what happens if the multicast source pings a
group that has many, many receivers. The PING specifies a spoofed source
address and is scoped to 0.0.0.0/0.
In all fairness, this condition exists today.
[Answer] Like you indicated you can do the same as of today, however, we
strongly recommend platforms implementing this feature to rate limit
receipt of such multicast ICMP packet to the CPU or even in the data
plane itself.
4) ICMP Syntax - The ICMP Echo / Response messages are not extensible.
See RFC 4884, Section 4 for details.
[Answer] Yes as of RFC4884 it is not extensible, we are planning to use
draft-shen-traceroute-ping-ext-04, which allow to extend ICMP Echo
request messages
--------------------------
Ron Bonica
vcard: www.bonica.org/ron/ronbonica.vcf
- [MBONED] Mail regarding draft-tissa-pim-mcastoam Ronald Bonica
- Re: [MBONED] Mail regarding draft-tissa-pim-mcast… Tissa Senevirathne (tsenevir)
- Re: [MBONED] Mail regarding draft-tissa-pim-mcast… Ronald Bonica
- Re: [MBONED] Mail regarding draft-tissa-pim-mcast… Tissa Senevirathne (tsenevir)
- Re: [MBONED] Mail regarding draft-tissa-pim-mcast… Ronald Bonica
- Re: [MBONED] Mail regarding draft-tissa-pim-mcast… Ronald Bonica
- Re: [MBONED] Mail regarding draft-tissa-pim-mcast… Tissa Senevirathne (tsenevir)
- Re: [MBONED] Mail regarding draft-tissa-pim-mcast… Stig Venaas