IETF Logo Mail Archive

Re: [mpls] MPLS working group last call on draft-ietf-mpls-lsp-ping-relay-reply

"Adrian Farrel" <adrian@olddog.co.uk> Tue, 30 June 2015 11:30 UTC

Return-Path: <adrian@olddog.co.uk>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A29E51A1A4F for <mpls@ietfa.amsl.com>; Tue, 30 Jun 2015 04:30:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bywbEYLK7wOt for <mpls@ietfa.amsl.com>; Tue, 30 Jun 2015 04:30:55 -0700 (PDT)
Received: from asmtp2.iomartmail.com (asmtp2.iomartmail.com [62.128.201.249]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35E411A87CC for <mpls@ietf.org>; Tue, 30 Jun 2015 04:30:49 -0700 (PDT)
Received: from asmtp2.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp2.iomartmail.com (8.13.8/8.13.8) with ESMTP id t5UBUgCj031032; Tue, 30 Jun 2015 12:30:42 +0100
Received: from 950129200 (dsl-sp-81-140-15-32.in-addr.broadbandscope.com [81.140.15.32]) (authenticated bits=0) by asmtp2.iomartmail.com (8.13.8/8.13.8) with ESMTP id t5UBUevr030994 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Tue, 30 Jun 2015 12:30:40 +0100
From: Adrian Farrel <adrian@olddog.co.uk>
To: lizho.jin@gmail.com, 'loa' <loa@pi.nu>, 'mpls' <mpls@ietf.org>, 'mpls-chairs' <mpls-chairs@tools.ietf.org>, 'draft-ietf-mpls-lsp-ping-relay-reply' <draft-ietf-mpls-lsp-ping-relay-reply@tools.ietf.org>, 'db3546' <db3546@att.com>
References: <55658C63.5020209@pi.nu>, <04a101d09fad$72a48e90$57edabb0$@olddog.co.uk>, <2015060823572860485834@gmail.com>, <0cc101d0a92b$58745050$095cf0f0$@olddog.co.uk> <2015061817462442258541@gmail.com>
In-Reply-To: <2015061817462442258541@gmail.com>
Date: Tue, 30 Jun 2015 12:30:42 +0100
Message-ID: <023d01d0b328$3371e3b0$9a55ab10$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_023E_01D0B330.95493770"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQH7JukJl6LbO+JE5C9I+Kw0QjOnSgJFwoxaAlvX4+MCL8Q+aAFO35iznS8AhUA=
Content-Language: en-gb
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-7.1.0.1576-8.0.0.1202-21644.007
X-TM-AS-Result: No--38.102-10.0-31-10
X-imss-scan-details: No--38.102-10.0-31-10
X-TMASE-MatchedRID: yebcs53SkkAwJ6xbTjBa5uYAh37ZsBDCzXOot9n7ZXy2K+7tVM9UotLu X2hj/M7UF16bSyysW+9kG+By0KzAPcS+zy4ogSC2ma6DzXaohvOO74ZfTyAQsHG0zo0gbW9Vg/5 gNr8OG73jk2sEP81N83l3dGjbtMQIoNQxMWUln03hqJ6oLOc8QaX1XMd/Sqvu6i5zlFx/UHQ75C Xq3MWdGTGgLBHIzH0BkqER4EMVjM714mPfQFf9iHBRIrj8R47FOkDbNlgmO/V77G36GYsVEyJNb TCLdsD+aa5H+OyXPSTbZy9r8jP7KcMuk8ddBfJ1A9lly13c/gFUXmZR3qwgxuXiMfuH25yLmjWs e8O3KkAPHKsTVDDkGtqbIKoQspaslh5qb5HiiQcdxBAG5/hkW9aXm/w1hfBOqNarqFZajUgEMly vXguplIw+kLTnVa4YHmx+Q2IPwQGjs/o9EEhD3U+4wmL9kCTxjQ8hWNvoZB772Z2kWyv7a9eul2 9/x8ODBKyGEXMdNbtAt2YPWipvI7CeBp6EirRlvJsORwCzNhEsCc2iFTIxrQgeKEdFhii5SD2gg SXn5eBhqe3nkHkT52SNcgOmOxdxq4h6jlXiXdOn1yJegn+la9UEOicf335Wv+26ZYWzwkJ817cx u6ZqlxAYSTPd8NffBbJsBdpOyjhu5HAmvYrElqb8GfRpncAzcW+VwHmrYOUwplGJ7NxS0xYTezI ov4oH/1MonfGaXN/NKj2SM75KDV7NPQbXldR26Zzj+kMRBrbfVqwz+Cynace0H7LMCFcVwRq4ts fhpBwOxu2s7fdNV4sWCfP6Gmv5LEWU/YzFdE6eAiCmPx4NwGmRqNBHmBve1B0Hk1Q1KyLUZxEAl FPo8xec2mundr02bu3GXT7jmBFGS863JhXdzrPgg2YwqZP+P68cLWRoaCo=
Archived-At: <http://mailarchive.ietf.org/arch/msg/mpls/34Ggab2KA2hWAk5AvLB7aldYug4>
Subject: Re: [mpls] MPLS working group last call on draft-ietf-mpls-lsp-ping-relay-reply
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: adrian@olddog.co.uk
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2015 11:30:59 -0000

I'm fine with all this. Thanks.
 
See follow-up to catch one of George's points.
 
Adrian
 
From: lizho.jin@gmail.com [mailto:lizho.jin@gmail.com] 
Sent: 18 June 2015 10:46
To: adrian; loa; mpls; mpls-chairs; draft-ietf-mpls-lsp-ping-relay-reply; db3546
Subject: Re: [mpls] MPLS working group last call on draft-ietf-mpls-lsp-ping-relay-reply
 
Hi Adrian,
Thanks for the reply. Please see inline below.
 
  _____  

Regards
Lizhong
 
From: Adrian Farrel <mailto:adrian@olddog.co.uk> 
Date: 2015-06-18 02:28
To: lizho.jin@gmail.com; 'loa' <mailto:loa@pi.nu> ; 'mpls' <mailto:mpls@ietf.org> ; 'mpls-chairs' <mailto:mpls-chairs@tools.ietf.org> ; 'draft-ietf-mpls-lsp-ping-relay-reply' <mailto:draft-ietf-mpls-lsp-ping-relay-reply@tools.ietf.org> ; 'db3546' <mailto:db3546@att.com> 
Subject: RE: [mpls] MPLS working group last call on draft-ietf-mpls-lsp-ping-relay-reply
Lizhong,
 
Apologies, I fumbled your response.
 
I snipped out the stuff we agree on.
 
> Thank you for the review. Please see my reply inline below. Correct me
> if other authors have different opinion.
> 
> I will update the draft after the end of last call.
 
>> Just being a good citizen and reviewing this I-D during WG last call.
>> I didn't have much time so I only found a number of nits most of which
>> are probably not significant.
>> ---
>> 
>> idnits notes the presence of a pre-RFC5378 disclaimer. Do you really 
>> need that?
>> [Lizhong] this may need the answer from chairs and AD. We only follow
>> the rules.
 
If you are following the rules, that's fine. I think the rules are that you only
need to include the disclaimer if text included in the document was written
before the date of RFC 5378 and if at least one of the authors of the text has
not given up their copyright as described in that RFC.
 
[snip]
 
>> Section 4.1
>> 
>>   The source UDP port field MUST be set
>>   to the source UDP port.
>> 
>> There is no "source UDP port" field. Perhaps the "Initiator Source Port"
>> field?
>> 
>> But also, this text is quite confusing. The text in 3.2 is much clearer.
> [Lizhong] yes, should be: 
> The source UDP port field MUST be set to the initiator source port.
 
Hmmm, I think...
 
"The Initiator Source Port field MUST be set to the source UDP port."
[Lizhong] accepted.
 
[snip]
 
> [Lizhong] traceroute is not mandatory before ping. If operator has knowledge 
> of the relay nodes, the initiator could directly send ping with Relay Node 
> Address Stack TLV containing the already known relay nodes.
 
That would make a valuable addition to 4.1, as well.
[Lizhong] OK, then we could add the following in section 4 to avoid misunderstanding:
In the following section, we describe the relay reply procedures with traceroute 
operation. If operator has knowledge of the relay nodes, the initiator could do LSP 
Ping by directly sending Echo Request with Relay Node Address Stack TLV 
containing the already known relay nodes.
 
[snip]
 
>> I tried to work out how things would pan out if two ASes on the path 
>> used the same address space within their AS. Would an address appear in
>> the stack and seem to be routable when it is really an address in the
>> other AS?
> [Lizhong] we have an example in section 5. And address of P1 and P2 could be 
> same. In that case, ASBR1 must adds its interface address facing ASBR2 with 
> the K bit set. Then relay reply will not be miss-routed.
 
Ah, I get it.
But this relies on ASBT1 setting the K bit. 
So I suspect this needs to not be a special case: you need to require that the
domain boundary always sets the K bit.
[Lizhong] yes, we use "SHOULD" to make the requirement. See below description in section 4.2:
If a node spans two addressing domains (with respect to this 
message) where nodes on either side may not be able to reach nodes in the 
other domain, then the final address added SHOULD set the K bit.
 
[snip]
 
>> The third case in 4.5 is when the receiver does not understand the TLV
>> and ignores it. In this case it will send an Echo Reply without itself
>> including the TLV.
> [Lizhong] the receiver is unable to send the Echo Reply, because it does
> know the destination IP address and UDP port number. So if the receiver
> could not understand the TLV, then the relay message will be dropped.
 
Section 4.5 of 4379 says:
 
   The destination IP address and UDP port are copied from the
   source IP address and UDP port of the echo request.
 
That is what the legacy receiver will attempt to do. It doesn't matter whether
the optional Relay Node Address Stack TLV is in the echo request message or not,
the legacy node will follow 4379. So it *will* be able to respond.
[Lizhong] Are you referring the case when the receiver receives Echo Request? In that
case, yes, it will respond without including the TLV. It is a sub-case of case 1. And I
will add the following in the first case:
If the receiver does not recognize the Relay Node Address Stack TLV, as per 
section 3 and 4.5 of [RFC4379], it will send an Echo Reply without including the TLV.
If you are referring the case when the receiver receives Relayed Echo Reply, if it could
not understand the TLV, it will also not understand the message type "Relayed Echo Reply".
So the packet will be dropped.
 
>> Section 6 should note that the new TLV provides a way for Echo Reply
>> messages to be diverted so that information can be collected. For
>> example, if a stack entry can be inserted, the Echo Reply messages can
>> be caused to transit another AS unrelated to the LSP under test. Since
>> the Echo Reply reveals path information about the LSP, this is a
>> valuable attack.  Having said that, you can say how this TLV is 
>> protected in the Echo Reply message.
> 
> [Lizhong] Do you mean the new TLV could be used to collect path information
> unrelated to the LSP under test? This is not true. Only the node along the
LSP 
> will add path information into the new TLV. The relay node in the new TLV
> will only relay the Echo Reply to the initiator, and will not add information
to
> the new TLV.
 
I think you misunderstand how security attacks might work. Suppose I am able to
do one of two things:
1. Modify the control plane code on a router that adds or processes a
    Relay Node Address Stack TLV so that it adds a bogus entry to the
     TLV. The prospect of modifications to control plane code is generally
     considered to be so disastrous that it is just noted without any 
     further precautions (after all, if you can get at the control plane
     code, you can make the routers do anything).
2. Intercept and modify a packet in transit. This is the main risk I am 
    talking about.
[Lizhong] If one router's control plane in the network is hijacked, it could send any 
information to the third party. It is a general problem. But I understand you concern.
I will add the following to try to mitigate your concern.
The Relay Node Address Stack TLV has the path information of the LSP, and 
such information may be maliciously used by any uncontrolled LSR/LER. We have
two ways to reduce the path information in the TLV:
1. it is recommended to clear the K bit in the relay address entry unless you have to.
2. it is encouraged to use NIL address entry to hide node information if possible.
 
Cheers,
Adrian

v2.23.0 | Report a Bug | By Email