Re: [MBONED] TSV Area Review of draft-ietf-mboned-mtrace-v2
Hitoshi Asaeda <asaeda@ieee.org> Thu, 25 January 2018 04:54 UTC
Return-Path: <asaeda@ieee.org>
X-Original-To: mboned@ietfa.amsl.com
Delivered-To: mboned@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49EF212D890 for <mboned@ietfa.amsl.com>; Wed, 24 Jan 2018 20:54:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ieee-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u2Y1rF_gL4Qn for <mboned@ietfa.amsl.com>; Wed, 24 Jan 2018 20:54:29 -0800 (PST)
Received: from mail-pf0-x241.google.com (mail-pf0-x241.google.com [IPv6:2607:f8b0:400e:c00::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A865612D93E for <mboned@ietf.org>; Wed, 24 Jan 2018 20:54:26 -0800 (PST)
Received: by mail-pf0-x241.google.com with SMTP id p1so4965033pfh.4 for <mboned@ietf.org>; Wed, 24 Jan 2018 20:54:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee-org.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=oZo7vKfFxRQKEiSNFBJe996UegUq13D5C2BXcdeNMmA=; b=glL1KKTUKIabmjROGVehO5zf6NmDm0dxWISsLYLOWNPHmZ3ujimVooWqILJOaFVPPU Hf8HGOqVg31AM5E2SQ7RGafxAOsMMtQaQPHKvo+VFPGmIqr40Wgi7CPwZEAZYFMcSJHa /ZQLQOZZ/RWZ0CTB8Etl13PY5uTcgYq1MEsfJptSYEuLDPDb5Ta7JHM/T7OCkxG26WJS wnXQUHetd9/XeJxCW0r2jyZ40fjx9sfXlHb6faMfRBYZUfsrGrLC05WfsSKEIKqDs+Z/ ZvxzVlIQEYzcc2bG+MweKoqOyGZ/muTm9iIk4fOBG3Xrg2vHfFd7ClFhVaeJVvOIf3qv ehdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=oZo7vKfFxRQKEiSNFBJe996UegUq13D5C2BXcdeNMmA=; b=oQjxuuUQg4E0o8wYMBm0TaVOtTKVtqiZf6xogcZUux7ZzeLyITA8swfkAkY3Bgr3L9 ol/rYrXwNj593UmMU+l1Fzglm4xsBUiBB3BsRw67En1RIzbAXWJuDDTceQm50+3j4Bvu b/N/24z6ErXzVA1t59eKS1WCQE8IAUi5RiFV2WEBVvVYTXrb9Hykkw5FA/V3t0+BgfF5 YkGGW5ihLMdmqOGOByR4jEcfQItnEjLJaEqbvrkbgSkTUJ4yqFhJAFXCL5fSobVWQIP9 idU6iBa5NHctR7EnVpPBIrYD1ZLE4UOxYUGYLnnXj0RnEeKXklybRyCf1rZTawtSTYai lx7w==
X-Gm-Message-State: AKwxytcT+s4rkxe8XHezQ9CE0SVopCFPIHPTV9yr27R+D5yBM81kYBVA IoQ4ICdcFspZ7cscwfZBuYSNZnO5cXKGIw==
X-Google-Smtp-Source: AH8x225hg3MorUk0dmnoYJs/NYrtiP2015rzYpsJEWh58PdKecw5MXYEwrzA8O6uuSyue0KsBV8xPw==
X-Received: by 10.99.183.76 with SMTP id w12mr12408027pgt.331.1516856065748; Wed, 24 Jan 2018 20:54:25 -0800 (PST)
Received: from [133.69.36.76] ([133.69.36.76]) by smtp.gmail.com with ESMTPSA id w63sm13920521pfa.173.2018.01.24.20.54.23 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 24 Jan 2018 20:54:25 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Hitoshi Asaeda <asaeda@ieee.org>
In-Reply-To: <91243C66-4C6B-4A53-BB61-B6CE153FC31F@trammell.ch>
Date: Thu, 25 Jan 2018 13:54:22 +0900
Cc: mboned@ietf.org, draft-ietf-mboned-mtrace-v2@ietf.org, tsv-art@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <B17B10CF-E535-47A9-8686-34B29741D708@ieee.org>
References: <91243C66-4C6B-4A53-BB61-B6CE153FC31F@trammell.ch>
To: "Brian Trammell (IETF)" <ietf@trammell.ch>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/mboned/loJtCFhdKt8_LcYAZxpnpnTT6tE>
Subject: Re: [MBONED] TSV Area Review of draft-ietf-mboned-mtrace-v2
X-BeenThere: mboned@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Mail List for the Mboned Working Group <mboned.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mboned>, <mailto:mboned-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mboned/>
List-Post: <mailto:mboned@ietf.org>
List-Help: <mailto:mboned-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mboned>, <mailto:mboned-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jan 2018 04:54:31 -0000
Hi Brian, Thanks for your review and comments. > 2018/01/24 18:47, Brian Trammell (IETF) <ietf@trammell.ch> wrote: > > Greetings, > > I've reviewed this document as part of the transport area review team's ongoing effort to review key IETF documents. These comments were written primarily for the transport area directors, but are copied to the document's authors for their information and to allow them to address any issues raised. When done at the time of IETF Last Call, the authors should consider this review together with any other last-call comments they receive. Please always CC tsv-art@… if you reply to or forward this review. > > Summary: > > The document is not ready for publication as a Standards Track RFC in its current state. > > The protocol appears to make appropriate use of UDP; i.e., it poses no concerns about congestion safety when implemented and used as designed with non-malicious clients. > > However, I'm concerned about the potential for abuse of mtrace2. Specifically, replies are larger than queries, so the protocol can be used for amplification, and the protocol will send replies to a client address which is sent in cleartext without integrity protection, so the potential for redirection via spoofing exists. > > The first, I think, could be addressed by requiring the initial query to be a near-maximum-size UDP packet, or at least larger than the reply packets. I may misunderstand this comment, but.. Do you think creating the initial query to be a near-maximum-size UDP packet (maybe by padding with zero?) addresses the security concern? A malicious user would cause more disruption by sending big query packets than by sending small ones. Since only one mtrace query can be sent per UDP packet, there is no “amplification” exposure in which a packet could contain a large number of queries, yielding a much higher volume of response data for a given packet. The ratio of response data per mtrace query is unchanged by sending big query packets and using extra bandwidth for the queries is undesirable. > The security concept in sections 9.1 and 9.2 seems to assume that client filtering at a network border is sufficient; however, this does not appear to address the case of inside an administrative domain spoofing its address. There are two different types of filtering being mixed up in this comment: (1) Filtering by administrative boundary (which only makes sense at a border). (2) Filtering to allow only acceptable source addresses (which can be applied on any router and can be used to filter out unwanted sources within an administrative domain). We think that we can satisfy your concern by clarifying this point (with editorial update). We’ll provide some text for (2) in the revision. > Section 9.5 acknowledges the potential of the protocol for amplification, but should provide concrete advice for rate limiting. We think it is difficult to provide concrete advice for rate limiting, because it hardly depends on the environments and situations/conditions. The WG also agreed that the rate limit is left to the router's implementation. If you believe we should specify some advice for concrete value for rate limiting, could you kindly give some example? > One question: this may be a moot question (I did not review mtrace v1), but it appears that mtrace2 is designed to share a port with mtrace1, and I don't see any version field in the messages. How is version transition handled by this protocol? Is it possible to run a mixed network with both mtrace versions and have the right thing (probably downgrade) happen, or is the assumption that mtrace version migration is a flag day? A related editorial suggestion: a list of changes from mtrace v1 to mtrace v2 in an appendix would be useful. There is no mtrace v1 specification. Some vendors and UNIX OSes implemented mtrace (aka mtrace “v1”) without the standard specification. It was mentioned in section 10 (Acknowledgements) as follows; This specification started largely as a transcription of Van Jacobson's slides from the 30th IETF, and the implementation in mrouted 3.3 by Ajit Thyagarajan. Van's original slides credit Steve Casner, Steve Deering, Dino Farinacci and Deb Agrawal. The original multicast traceroute client, mtrace (version 1), has been implemented by Ajit Thyagarajan, Steve Casner and Bill Fenner. The problem is that since no standard specification, there is no interoperability with the different mtrace v1 implementations. Mtrace v1 is not only obsolete but also no specification; hence it is difficult or meaningless to clearly show the diffs between mtrace v1 and v2, IMO. Regarding backward compatibility, as briefly mentioned in section 1 (as follows); Mtrace2 supports both IPv4 and IPv6. Unlike the previous version of Mtrace, which implements its query and response as Internet Group Management Protocol (IGMP) messages [8], all Mtrace2 messages are UDP-based. mtrace v1 was implemented on top of IGMP, while mtrace v2 is defined with UDP. There is no compatibility between them, and the WG agreed on ignoring this compatibility. Also it may be worth noting that we can handle new (e.g., v3) mtrace versions by supporting new TLV types, with downward compatibility provided for the mtrace2 TLV types at this moment. Best regards, -- Hitoshi Asaeda
- [MBONED] TSV Area Review of draft-ietf-mboned-mtr… Brian Trammell (IETF)
- Re: [MBONED] TSV Area Review of draft-ietf-mboned… Hitoshi Asaeda
- Re: [MBONED] TSV Area Review of draft-ietf-mboned… Brian Trammell (IETF)
- Re: [MBONED] TSV Area Review of draft-ietf-mboned… Toerless Eckert
- Re: [MBONED] TSV Area Review of draft-ietf-mboned… Toerless Eckert