IETF Logo Mail Archive

Re: [MBONED] [Msr6] MSR6 BOF 3rd Issue Category: More details are requested about the large scale use cases, including issue 8-11

Dino Farinacci <farinacci@gmail.com> Wed, 02 November 2022 22:11 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: mboned@ietfa.amsl.com
Delivered-To: mboned@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D75A8C14CE36; Wed, 2 Nov 2022 15:11:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GIpYh38sOz5v; Wed, 2 Nov 2022 15:11:48 -0700 (PDT)
Received: from mail-pj1-x1030.google.com (mail-pj1-x1030.google.com [IPv6:2607:f8b0:4864:20::1030]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7A63C14CE2F; Wed, 2 Nov 2022 15:11:48 -0700 (PDT)
Received: by mail-pj1-x1030.google.com with SMTP id q1-20020a17090a750100b002139ec1e999so77219pjk.1; Wed, 02 Nov 2022 15:11:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=a3LzJsAL6Yvy0HNHMFqtTIpcUC9UJvK0N3UlC+Tv+NU=; b=KkKhRTXpiXpDE4UAtumjQ5m8ltpHZSv4DqD38iFpkkd/Jz9FgOkZyUkOukbcI/rZEy is7/331Zjk5dTq+wZSGyjUYwIK1yGg92bFI5pIwSSgsBbboK7tP63XhIUhnLiAbR5I2E SLjnI4jXXqfRC5WTQDqBd0HSs7UX6cefMi5v+FHU13xNcf6K9+H6XHIYOoLUii9szPgW hIg3pbzqlEpIoV2Z1u19fboH6moM4tXlDgO+EKfIGoliOxANgbrg5ZWe74UHZhZCVgKn 3695DuuLlydFScpS4r9t1IXk1gTiQRE6xdazc9ZTHoyLXRUhsKSKVN8zqxCB2SuP/pKc sb0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=a3LzJsAL6Yvy0HNHMFqtTIpcUC9UJvK0N3UlC+Tv+NU=; b=3aUJBpg/mikKGTOY8oXKt/p9B4bi/TOoC/puKOBdIk9n4U1nuaDnmQG2fx8hafsfFN V0KZxSJll4Cxg6El4rLTQjyRZ7ZTL79BmIRDJcaxdR5sfwMzXIFgQ5WB1i6OgRQtlqJW kqApq2a65/Hk3k/TbzjSLArpsq5Xig+rh/88YXgO4FrgTkN82bgr8jaeMhoP1jmWel4W WQaHLlXRmkdRTtf0w+ZEApv2H3GWN1VnMeSWnNNIoH1kwNFBk141sy6KO9Z6nBiRwPsA u9cmsw/aoVfPZCkzT36BYDDf3Qh//plOJwxOXR/VyyydfNwbl9oqzGBI5AV0XkIAnHK/ qH+w==
X-Gm-Message-State: ACrzQf2lUrwGbrgHpqpqvut8C8D89tAkpmfZ7XrRerXbHLsgs63nEOuI dnhO0/xP6IWmO5anB3fZ7Lk=
X-Google-Smtp-Source: AMsMyM74aCFEn8aa3YuvyAE1jAHGbcxTZ/mDJr8hEkVz9W3+3ZCBlUazd0OiiDf20jsI235CcTFCMQ==
X-Received: by 2002:a17:902:f708:b0:178:9b70:310b with SMTP id h8-20020a170902f70800b001789b70310bmr26582469plo.65.1667427108086; Wed, 02 Nov 2022 15:11:48 -0700 (PDT)
Received: from smtpclient.apple (c-98-234-33-188.hsd1.ca.comcast.net. [98.234.33.188]) by smtp.gmail.com with ESMTPSA id p14-20020a170902ebce00b00186b6bb2f48sm8781831plg.129.2022.11.02.15.11.47 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 02 Nov 2022 15:11:47 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <Y2HqfVIOKKeDfdF0@faui48e.informatik.uni-erlangen.de>
Date: Wed, 02 Nov 2022 15:11:45 -0700
Cc: Jeffrey Zhang <zzhang@juniper.net>, "Xiejingrong (Jingrong)" <xiejingrong=40huawei.com@dmarc.ietf.org>, BIER WG <bier@ietf.org>, "msr6@ietf.org" <msr6@ietf.org>, "mboned@ietf.org" <mboned@ietf.org>, "pim@ietf.org" <pim@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <5A79421D-7843-4F60-9165-0A077FF2695A@gmail.com>
References: <1A893DF5-816E-4D09-AAC6-065BBD1BD409@gmail.com> <Y1X2kvbLv0qXtD8z@faui48e.informatik.uni-erlangen.de> <DDD735E2-0930-4CB8-8992-E3E74C715D16@gmail.com> <Y1a8+EK9qA2kKDBF@faui48e.informatik.uni-erlangen.de> <03B2B681-FE16-4961-8932-1F3F29932837@gmail.com> <0d2e78fefe9e4cef87c52493b7fefc80@huawei.com> <BL0PR05MB56528FCEF7FDE262F633A24FD4329@BL0PR05MB5652.namprd05.prod.outlook.com> <C10FBD6A-E651-49BB-B2EC-0C04FC966C4A@gmail.com> <Y1/nUmnoYQhTn7OO@faui48e.informatik.uni-erlangen.de> <15F231E4-1D93-4531-AEA1-B4DC06F25A69@gmail.com> <Y2HqfVIOKKeDfdF0@faui48e.informatik.uni-erlangen.de>
To: Toerless Eckert <tte@cs.fau.de>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/mboned/l2R2wUXLlCR_zpH7Rv7DRs4sWIU>
Subject: Re: [MBONED] [Msr6] MSR6 BOF 3rd Issue Category: More details are requested about the large scale use cases, including issue 8-11
X-BeenThere: mboned@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Mail List for the Mboned Working Group <mboned.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mboned>, <mailto:mboned-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mboned/>
List-Post: <mailto:mboned@ietf.org>
List-Help: <mailto:mboned-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mboned>, <mailto:mboned-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2022 22:11:50 -0000

I'm not going to argue what has succeeded in the past or what has failed. They are subjective comments and are not productive for moving forward.

Removed text I'm not going to respond to.

My point was that its "easier to DoS attack a data-plane then a control-plane". I didn't make any other assertions about control-plane security.

> MSDP was then (predictably ?) the first protocol that brought down
> a good part of the Internet control plane when it was attacked UNINTENTIONAL:

This is simply not true. I was debugging such events at the time and the Internet was working or I wouldn't be able to debug it. ;-)

>> If not controlled, unlike SR, a general source-routing approach is loaded with security issues.
> 
> High level, you are arguing that control plane state is more trustworthy or
> better controlled than packet header state, but IP multicast control plane state

No I am not. Its easier to get access to the data-plane by an ordinary user. So anyone can really attack the data-plane, and they might not even know it. I did not mention trust at all.

Dino

v2.23.0 | Report a Bug | By Email