[mpls] Eric Rescorla's Discuss on draft-ietf-mpls-tp-shared-ring-protection-05: (with DISCUSS and COMMENT)
Eric Rescorla <ekr@rtfm.com> Wed, 24 May 2017 06:21 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: mpls@ietf.org
Delivered-To: mpls@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0638E1204DA; Tue, 23 May 2017 23:21:32 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Eric Rescorla <ekr@rtfm.com>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-mpls-tp-shared-ring-protection@ietf.org, Eric Gray <Eric.Gray@Ericsson.com>, mpls-chairs@ietf.org, Eric.Gray@Ericsson.com, mpls@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.51.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <149560689201.28401.2592268750185030462.idtracker@ietfa.amsl.com>
Date: Tue, 23 May 2017 23:21:32 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/3lZeRZQa9DlImmMxwRF0lA2S0RI>
Subject: [mpls] Eric Rescorla's Discuss on draft-ietf-mpls-tp-shared-ring-protection-05: (with DISCUSS and COMMENT)
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 May 2017 06:21:32 -0000
Eric Rescorla has entered the following ballot position for draft-ietf-mpls-tp-shared-ring-protection-05: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-mpls-tp-shared-ring-protection/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- The security considerations of this document seem unacceptably incomplete, as they basically just point to other documents. The RPS protocol defined in this document is carried in the G-ACh [RFC5586], which is a generalization of the Associated Channel defined in [RFC4385]. The security considerations specified in these documents apply to the proposed RPS mechanism. The security considerations of those documents don't seem that great either. However, I believe that they miss a new security issue raised by the mechanism in this draft, which is that a member of the ring appears to be able to forge reports of errors at other parts of the ring. Specifically, S 5.1.3.3 says: When a node is in a pass-through state, it MUST transfer the received RPS Request in the same direction. When a node is in a pass-through state, it MUST enable the traffic flow on protection ring tunnels in both directions. This seems not to involve any filtering, which suggests that node B can send a forged SF from C->D and from D->C, which at least potentially temporarily breaks the link there, causing traffic diversion. More generally, this system assumes that every node trusts every other node completely. That must at least be stated. Incidentally, the text above appears to contain a bug in that it doesn't talk about processing incoming RPS requests intended for the receiving node, but I may just have missed the section where it says that. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- S 4.1.1. protect these LSPs that traverse the ring, a clockwise working ring tunnel (RcW_D) via E->F->A->B->C->D, and its anticlockwise protection ring tunnel (RaP_D) via D->C->B->A->F->E->D are established, Also, an anti-clockwise working ring tunnel (RaW_D) via C->B->A->F->E->D, and its clockwise protection ring tunnel (RcP_D) via D->E->F->A->B->C->D Why does the protection tunnel include D on both ends whereas the working tunnel does not? S 4.2. packets are periodically exchanged between each pair of MEPs to monitor the link health. Three consecutive lost CC packets will be interpreted as a link failure. Is this a normative statement (i.e., does it need a MUST). S 4.3.2.1. Why do you ever not use short wrapping? S 5.1.4.1 A node MUST revert from pass-through state to the idle state when it detects NR codes incoming from both directions. Both directions revert simultaneously from the pass-through state to the idle state. incoming within what time frame?
- [mpls] Eric Rescorla's Discuss on draft-ietf-mpls… Eric Rescorla
- Re: [mpls] Eric Rescorla's Discuss on draft-ietf-… Huub van Helvoort
- Re: [mpls] Eric Rescorla's Discuss on draft-ietf-… Eric Rescorla
- Re: [mpls] Eric Rescorla's Discuss on draft-ietf-… Spencer Dawkins at IETF