Re: [mpls] Spencer Dawkins' No Objection on draft-ietf-mpls-self-ping-05: (with COMMENT)
Ronald Bonica <rbonica@juniper.net> Thu, 15 October 2015 21:15 UTC
Return-Path: <rbonica@juniper.net>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28C6C1A1BC0; Thu, 15 Oct 2015 14:15:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.902
X-Spam-Level:
X-Spam-Status: No, score=-101.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5obvfH8TUuBb; Thu, 15 Oct 2015 14:15:08 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0709.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:709]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F17381A1BBE; Thu, 15 Oct 2015 14:15:07 -0700 (PDT)
Received: from BLUPR05MB1985.namprd05.prod.outlook.com (10.162.224.27) by BLUPR05MB1988.namprd05.prod.outlook.com (10.162.224.30) with Microsoft SMTP Server (TLS) id 15.1.300.14; Thu, 15 Oct 2015 21:14:49 +0000
Received: from BLUPR05MB1985.namprd05.prod.outlook.com ([10.162.224.27]) by BLUPR05MB1985.namprd05.prod.outlook.com ([10.162.224.27]) with mapi id 15.01.0300.010; Thu, 15 Oct 2015 21:14:49 +0000
From: Ronald Bonica <rbonica@juniper.net>
To: "mpls@ietf.org" <mpls@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "spencerdawkins.ietf@gmail.com" <spencerdawkins.ietf@gmail.com>
Thread-Topic: [mpls] Spencer Dawkins' No Objection on draft-ietf-mpls-self-ping-05: (with COMMENT)
Thread-Index: AdEHjoUrkTjtIQptSkuMk3hUh/8A9A==
Date: Thu, 15 Oct 2015 21:14:49 +0000
Message-ID: <BLUPR05MB1985C8B87E1F9F77A857D15DAE3E0@BLUPR05MB1985.namprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rbonica@juniper.net;
x-originating-ip: [66.129.241.14]
x-microsoft-exchange-diagnostics: 1; BLUPR05MB1988; 5:lEiOyMwAm4xVUmYm06s8i3qVZ8nBDzFzsmkSemwP5gFOW2mo/HEyuRlIW1r4IoMbCvtbX270mocaoub19gwxfK8VZh1bKoys6x7YUZBNQuCBGrCl8j11z52mc6vo54YNUHLC+ObuSm6WHBT4SsZNMA==; 24:jZefVcgUftLVZaNbbcalO7Em797AouHCOEapTLe+ViaSgW7vYBBSPHWOTaAAxKbevEQPe3rVbj2STGiQexB99e8e9AhN+y7pzXsHvmOWPtI=; 20:nXjvEqQJNHizDPOG2XcrtPcqBCdmG4HNkH5GXXNRRLur4H1WRFHvm5mMJmAk0W026bJeyYVv5paxsuIW0jAwSg==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR05MB1988;
x-microsoft-antispam-prvs: <BLUPR05MB1988CC19103A1DB5BBA166A0AE3E0@BLUPR05MB1988.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(520078)(5005006)(8121501046)(3002001); SRVR:BLUPR05MB1988; BCL:0; PCL:0; RULEID:; SRVR:BLUPR05MB1988;
x-forefront-prvs: 0730093765
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(199003)(189002)(46102003)(66066001)(230783001)(106356001)(10400500002)(74316001)(105586002)(5003600100002)(33656002)(99286002)(2201001)(2900100001)(81156007)(189998001)(87936001)(97736004)(64706001)(107886002)(54356999)(76576001)(86362001)(101416001)(77096005)(5002640100001)(2501003)(5001770100001)(5001960100002)(5004730100002)(5001920100001)(40100003)(102836002)(122556002)(5008740100001)(92566002)(5007970100001)(11100500001)(50986999); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR05MB1988; H:BLUPR05MB1985.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Oct 2015 21:14:49.8935 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR05MB1988
Archived-At: <http://mailarchive.ietf.org/arch/msg/mpls/4odYmaQjqczFRVHNBgq-ckDlzlk>
Subject: Re: [mpls] Spencer Dawkins' No Objection on draft-ietf-mpls-self-ping-05: (with COMMENT)
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Oct 2015 21:15:10 -0000
Hi Spencer,
Thanks for your thoughtful review.
In the Security Considerations section, you will find the following text:
"LSP Self-ping messages are easily forged. Therefore, an attacker can send the ingress LSR a forged LSP Self-ping message, causing the ingress LSR to terminate the LSP Self-ping session prematurely. In order to mitigate these threats, implementations SHOULD NOT assign Session-ID's in a predictable manner. Furthermore, operators SHOULD filter LSP Self-ping packets at network ingress points."
The assignment of all LSP Self-ping traffic to UDP Port 8503 facilitates the above-mentioned filtering.
Ron
------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> I was looking at
>
> o The UDP Destination Port MUST be lsp-self-ping (8503) [IANA.PORTS]
>
> and wondering why this is a MUST. Is the answer that this mechanism works
> within an administrative domain, so you can just tell the other end what the
> port number needs to be?
>
>
>
>
> ------------------------------
>
- [mpls] Spencer Dawkins' No Objection on draft-iet… Spencer Dawkins
- Re: [mpls] Spencer Dawkins' No Objection on draft… Ronald Bonica
- Re: [mpls] Spencer Dawkins' No Objection on draft… Spencer Dawkins at IETF
- Re: [mpls] Spencer Dawkins' No Objection on draft… Ronald Bonica
- Re: [mpls] Spencer Dawkins' No Objection on draft… Spencer Dawkins at IETF