Re: [MBONED] Mail regarding draft-tissa-pim-mcastoam
Ronald Bonica <rbonica@juniper.net> Tue, 20 March 2012 14:51 UTC
Return-Path: <rbonica@juniper.net>
X-Original-To: mboned@ietfa.amsl.com
Delivered-To: mboned@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E61BC21F85BB for <mboned@ietfa.amsl.com>; Tue, 20 Mar 2012 07:51:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.682
X-Spam-Level:
X-Spam-Status: No, score=-105.682 tagged_above=-999 required=5 tests=[AWL=-0.749, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, SARE_FWDLOOK=1.666, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q9jjK8NXNMCG for <mboned@ietfa.amsl.com>; Tue, 20 Mar 2012 07:51:01 -0700 (PDT)
Received: from exprod7og112.obsmtp.com (exprod7og112.obsmtp.com [64.18.2.177]) by ietfa.amsl.com (Postfix) with ESMTP id EC3A621F85A4 for <mboned@ietf.org>; Tue, 20 Mar 2012 07:51:00 -0700 (PDT)
Received: from P-EMHUB01-HQ.jnpr.net ([66.129.224.36]) (using TLSv1) by exprod7ob112.postini.com ([64.18.6.12]) with SMTP ID DSNKT2iZTo8wLo1ifSurl02l/OKvu4I4w2/c@postini.com; Tue, 20 Mar 2012 07:51:01 PDT
Received: from P-CLDFE01-HQ.jnpr.net (172.24.192.59) by P-EMHUB01-HQ.jnpr.net (172.24.192.35) with Microsoft SMTP Server (TLS) id 8.3.213.0; Tue, 20 Mar 2012 07:50:36 -0700
Received: from p-emfe01-wf.jnpr.net (172.28.145.24) by p-cldfe01-hq.jnpr.net (172.24.192.59) with Microsoft SMTP Server (TLS) id 14.1.355.2; Tue, 20 Mar 2012 07:50:36 -0700
Received: from EMBX01-WF.jnpr.net ([fe80::1914:3299:33d9:e43b]) by p-emfe01-wf.jnpr.net ([fe80::d0d1:653d:5b91:a123%11]) with mapi; Tue, 20 Mar 2012 10:50:35 -0400
From: Ronald Bonica <rbonica@juniper.net>
To: "Tissa Senevirathne (tsenevir)" <tsenevir@cisco.com>, "draft-tissa-pim-mcastoam@tools.ietf.org" <draft-tissa-pim-mcastoam@tools.ietf.org>, "mboned@ietf.org" <mboned@ietf.org>
Date: Tue, 20 Mar 2012 10:50:33 -0400
Thread-Topic: Mail regarding draft-tissa-pim-mcastoam
Thread-Index: Ac0GG/Iw6vtXBbrBTxGWarf6ZPOOwwAKaTBQABgLJlA=
Message-ID: <13205C286662DE4387D9AF3AC30EF456D768745B27@EMBX01-WF.jnpr.net>
References: <13205C286662DE4387D9AF3AC30EF456D768745564@EMBX01-WF.jnpr.net> <344037D7CFEFE84E97E9CC1F56C5F4A5C80039@xmb-sjc-214.amer.cisco.com>
In-Reply-To: <344037D7CFEFE84E97E9CC1F56C5F4A5C80039@xmb-sjc-214.amer.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [MBONED] Mail regarding draft-tissa-pim-mcastoam
X-BeenThere: mboned@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mail List for the Mboned Working Group <mboned.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mboned>, <mailto:mboned-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mboned>
List-Post: <mailto:mboned@ietf.org>
List-Help: <mailto:mboned-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mboned>, <mailto:mboned-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2012 14:51:03 -0000
Hi Tissa,
Comments inline.....
>
> 1) Backwards compatibility - Hosts running legacy software will not
> parse the new extension. They will respond to the ICMP Echo regardless
> of how it was scoped by the extension. So, the sender will not be
> protected from a barrage of responses.
>
>
> [Answer] Agreed, however draft is provided as a forward looking
> approach. Based on the progress of the draft and comments on the
> usefulness of the mcast-oam tools we are planning to contribute to
> Linux open source both RFC4884 extensions and extensions proposed in
> this document.
Currently, we don't send ICMP echoes to multicast groups because we may receive more responses than we can handle. Now assume that your draft becomes an RFC and you contribute the code to LINUX. At some future date, multiple OS vendors will implement your feature. At some date after that, the user community will upgrade their systems and your feature will be widely deployed. At that time, it will be safe to send an ICMP Echo to a multicast group.
But when will that be? The only way to be certain is to give it a try! Since this is the case, you might want to add some text to your draft concerning what the consequences might be if you try it too soon.
>
> 2) ICMP Behavior - In your draft, the ICMP Echo elicits a response from
> all receivers and intermediate routers. Currently, routers do not
> respond unless they are also receivers. Are you recommending that the
> router should both process the PING message (as a receiver) and forward
> it (as a router)?
>
>
> [Answer] We are not expecting routers to respond to ping of receiver
> detection. However, as indicated in section 3.3.1 of the draft, for
> messages that need to discover routers performing different roles, we
> generate the message with router alert bit set, hence letting each
> router in the data plane to receive a copy of the discovery OAM
> messages.
Please see RFC 6398 (BCP 168). Specifically, take a look at Section 4.
>
> 3) Security considerations - Could multicast PINGs be used as a DoS
> vector? In particular, what happens if the multicast source pings a
> group that has many, many receivers. The PING specifies a spoofed
> source address and is scoped to 0.0.0.0/0.
>
> In all fairness, this condition exists today.
>
> [Answer] Like you indicated you can do the same as of today, however,
> we strongly recommend platforms implementing this feature to rate limit
> receipt of such multicast ICMP packet to the CPU or even in the data
> plane itself.
Rate limiting inbound ICMP on the host that generates the ping won't help. That host isn't the victim.
>
> 4) ICMP Syntax - The ICMP Echo / Response messages are not extensible.
> See RFC 4884, Section 4 for details.
>
> [Answer] Yes as of RFC4884 it is not extensible, we are planning to use
> draft-shen-traceroute-ping-ext-04, which allow to extend ICMP Echo
> request messages
That much better!
Ron
>
>
> --------------------------
> Ron Bonica
> vcard: www.bonica.org/ron/ronbonica.vcf
>
- [MBONED] Mail regarding draft-tissa-pim-mcastoam Ronald Bonica
- Re: [MBONED] Mail regarding draft-tissa-pim-mcast… Tissa Senevirathne (tsenevir)
- Re: [MBONED] Mail regarding draft-tissa-pim-mcast… Ronald Bonica
- Re: [MBONED] Mail regarding draft-tissa-pim-mcast… Tissa Senevirathne (tsenevir)
- Re: [MBONED] Mail regarding draft-tissa-pim-mcast… Ronald Bonica
- Re: [MBONED] Mail regarding draft-tissa-pim-mcast… Ronald Bonica
- Re: [MBONED] Mail regarding draft-tissa-pim-mcast… Tissa Senevirathne (tsenevir)
- Re: [MBONED] Mail regarding draft-tissa-pim-mcast… Stig Venaas