IETF Logo Mail Archive

Re: [mpls] MPLS working group last call on draft-ietf-mpls-lsp-ping-relay-reply

"lizho.jin@gmail.com" <lizho.jin@gmail.com> Thu, 18 June 2015 09:45 UTC

Return-Path: <lizho.jin@gmail.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0D4C1B30E7 for <mpls@ietfa.amsl.com>; Thu, 18 Jun 2015 02:45:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.099
X-Spam-Level:
X-Spam-Status: No, score=-0.099 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NobaNs7NfEcF for <mpls@ietfa.amsl.com>; Thu, 18 Jun 2015 02:45:48 -0700 (PDT)
Received: from mail-pa0-x241.google.com (mail-pa0-x241.google.com [IPv6:2607:f8b0:400e:c03::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84E651B30DF for <mpls@ietf.org>; Thu, 18 Jun 2015 02:45:48 -0700 (PDT)
Received: by pablj1 with SMTP id lj1so9575893pab.3 for <mpls@ietf.org>; Thu, 18 Jun 2015 02:45:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:subject:references:mime-version:message-id :content-type; bh=/yQpnmkx3fK89AlRxcuWfwdBegnzid/JVUxMGhRgTSk=; b=R6OPB7uxcdDmL7FkrMb4PoRLqXPJctiB8SlGmGgl4MxcY1b20lcdiHHr9Yepw9+YOu Y1ZiCkVrC39m85LghkkAjOa3wiHLrYn5g7DXCQV20fO1UrG1m/7fJstyW3bckxtMPKc4 9mldW9LWtGMlYRyJl4zSIL8G40iygazZEtykb341UZRoLkhwJNcWX7ibtTV4dZcFy2GF o7zOm22JOjvHGh2obdifQbgFbkVqIc1k7dHSIq64V+aHTnRpeXM6sF1km9aA0rnAMjRF I6/DJOJiwhF3z4yTxm5onyw4fSHE/OiSlwWTAz6Pf1sIsg+kjHO7o53I9utB00Py2VmL tvIg==
X-Received: by 10.68.69.98 with SMTP id d2mr19785879pbu.71.1434620748203; Thu, 18 Jun 2015 02:45:48 -0700 (PDT)
Received: from Lizhong ([61.164.211.15]) by mx.google.com with ESMTPSA id dc8sm7467563pdb.23.2015.06.18.02.45.43 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 18 Jun 2015 02:45:46 -0700 (PDT)
Date: Thu, 18 Jun 2015 17:46:27 +0800
From: "lizho.jin@gmail.com" <lizho.jin@gmail.com>
To: adrian <adrian@olddog.co.uk>, loa <loa@pi.nu>, mpls <mpls@ietf.org>, mpls-chairs <mpls-chairs@tools.ietf.org>, draft-ietf-mpls-lsp-ping-relay-reply <draft-ietf-mpls-lsp-ping-relay-reply@tools.ietf.org>, db3546 <db3546@att.com>
References: <55658C63.5020209@pi.nu>, <04a101d09fad$72a48e90$57edabb0$@olddog.co.uk>, <2015060823572860485834@gmail.com>, <0cc101d0a92b$58745050$095cf0f0$@olddog.co.uk>
X-Priority: 3
X-GUID: EC03A278-50E7-43CD-95FE-8EA6FEDED2DD
X-Has-Attach: no
X-Mailer: Foxmail 7, 2, 5, 140[en]
Mime-Version: 1.0
Message-ID: <2015061817462442258541@gmail.com>
Content-Type: multipart/alternative; boundary="----=_001_NextPart748001227483_=----"
Archived-At: <http://mailarchive.ietf.org/arch/msg/mpls/HGaGQSysmbYFEOUSeIOWt6De0S8>
Subject: Re: [mpls] MPLS working group last call on draft-ietf-mpls-lsp-ping-relay-reply
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2015 09:45:52 -0000

Hi Adrian,
Thanks for the reply. Please see inline below.



Regards
Lizhong
 
From: Adrian Farrel
Date: 2015-06-18 02:28
To: lizho.jin@gmail.com; 'loa'; 'mpls'; 'mpls-chairs'; 'draft-ietf-mpls-lsp-ping-relay-reply'; 'db3546'
Subject: RE: [mpls] MPLS working group last call on draft-ietf-mpls-lsp-ping-relay-reply
Lizhong,
 
Apologies, I fumbled your response.
 
I snipped out the stuff we agree on.
 
> Thank you for the review. Please see my reply inline below. Correct me
> if other authors have different opinion.
>
> I will update the draft after the end of last call.
 
>> Just being a good citizen and reviewing this I-D during WG last call.
>> I didn't have much time so I only found a number of nits most of which
>> are probably not significant.
>> ---
>> 
>> idnits notes the presence of a pre-RFC5378 disclaimer. Do you really 
>> need that?
>> [Lizhong] this may need the answer from chairs and AD. We only follow
>> the rules.
 
If you are following the rules, that's fine. I think the rules are that you only
need to include the disclaimer if text included in the document was written
before the date of RFC 5378 and if at least one of the authors of the text has
not given up their copyright as described in that RFC.
 
[snip]
 
>> Section 4.1
>> 
>>   The source UDP port field MUST be set
>>   to the source UDP port.
>> 
>> There is no "source UDP port" field. Perhaps the "Initiator Source Port"
>> field?
>> 
>> But also, this text is quite confusing. The text in 3.2 is much clearer.
> [Lizhong] yes, should be: 
> The source UDP port field MUST be set to the initiator source port.
 
Hmmm, I think...
 
"The Initiator Source Port field MUST be set to the source UDP port."
[Lizhong] accepted.
 
[snip]
 
> [Lizhong] traceroute is not mandatory before ping. If operator has knowledge 
> of the relay nodes, the initiator could directly send ping with Relay Node 
> Address Stack TLV containing the already known relay nodes.
 
That would make a valuable addition to 4.1, as well.
[Lizhong] OK, then we could add the following in section 4 to avoid misunderstanding:
In the following section, we describe the relay reply procedures with traceroute 
operation. If operator has knowledge of the relay nodes, the initiator could do LSP 
Ping by directly sending Echo Request with Relay Node Address Stack TLV 
containing the already known relay nodes.
 
[snip]
 
>> I tried to work out how things would pan out if two ASes on the path 
>> used the same address space within their AS. Would an address appear in
>> the stack and seem to be routable when it is really an address in the
>> other AS?
> [Lizhong] we have an example in section 5. And address of P1 and P2 could be 
> same. In that case, ASBR1 must adds its interface address facing ASBR2 with 
> the K bit set. Then relay reply will not be miss-routed.
 
Ah, I get it.
But this relies on ASBT1 setting the K bit. 
So I suspect this needs to not be a special case: you need to require that the
domain boundary always sets the K bit.
[Lizhong] yes, we use "SHOULD" to make the requirement. See below description in section 4.2:
If a node spans two addressing domains (with respect to this 
message) where nodes on either side may not be able to reach nodes in the 
other domain, then the final address added SHOULD set the K bit.
 
[snip]
 
>> The third case in 4.5 is when the receiver does not understand the TLV
>> and ignores it. In this case it will send an Echo Reply without itself
>> including the TLV.
> [Lizhong] the receiver is unable to send the Echo Reply, because it does
> know the destination IP address and UDP port number. So if the receiver
> could not understand the TLV, then the relay message will be dropped.
 
Section 4.5 of 4379 says:
 
   The destination IP address and UDP port are copied from the
   source IP address and UDP port of the echo request.
 
That is what the legacy receiver will attempt to do. It doesn't matter whether
the optional Relay Node Address Stack TLV is in the echo request message or not,
the legacy node will follow 4379. So it *will* be able to respond.
[Lizhong] Are you referring the case when the receiver receives Echo Request? In that
case, yes, it will respond without including the TLV. It is a sub-case of case 1. And I
will add the following in the first case:
If the receiver does not recognize the Relay Node Address Stack TLV, as per 
section 3 and 4.5 of [RFC4379], it will send an Echo Reply without including the TLV.
If you are referring the case when the receiver receives Relayed Echo Reply, if it could
not understand the TLV, it will also not understand the message type "Relayed Echo Reply".
So the packet will be dropped.
 
>> Section 6 should note that the new TLV provides a way for Echo Reply
>> messages to be diverted so that information can be collected. For
>> example, if a stack entry can be inserted, the Echo Reply messages can
>> be caused to transit another AS unrelated to the LSP under test. Since
>> the Echo Reply reveals path information about the LSP, this is a
>> valuable attack.  Having said that, you can say how this TLV is 
>> protected in the Echo Reply message.
>
> [Lizhong] Do you mean the new TLV could be used to collect path information
> unrelated to the LSP under test? This is not true. Only the node along the
LSP 
> will add path information into the new TLV. The relay node in the new TLV
> will only relay the Echo Reply to the initiator, and will not add information
to
> the new TLV.
 
I think you misunderstand how security attacks might work. Suppose I am able to
do one of two things:
1. Modify the control plane code on a router that adds or processes a
    Relay Node Address Stack TLV so that it adds a bogus entry to the
     TLV. The prospect of modifications to control plane code is generally
     considered to be so disastrous that it is just noted without any 
     further precautions (after all, if you can get at the control plane
     code, you can make the routers do anything).
2. Intercept and modify a packet in transit. This is the main risk I am 
    talking about.
[Lizhong] If one router's control plane in the network is hijacked, it could send any 
information to the third party. It is a general problem. But I understand you concern.
I will add the following to try to mitigate your concern.
The Relay Node Address Stack TLV has the path information of the LSP, and 
such information may be maliciously used by any uncontrolled LSR/LER. We have
two ways to reduce the path information in the TLV:
1. it is recommended to clear the K bit in the relay address entry unless you have to.
2. it is encouraged to use NIL address entry to hide node information if possible.
 
Cheers,
Adrian

v2.31.3 | Report a Bug | By Email | System Status