IETF Logo Mail Archive

Re: [mpls] Questions for draft-ietf-mpls-tp-on-demand-cv-05

Sam Aldrin <aldrin.ietf@gmail.com> Tue, 26 July 2011 21:27 UTC

Return-Path: <aldrin.ietf@gmail.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCF8811E80A7 for <mpls@ietfa.amsl.com>; Tue, 26 Jul 2011 14:27:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.603
X-Spam-Level:
X-Spam-Status: No, score=-1.603 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_93=0.6, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LFpy63h5vxtv for <mpls@ietfa.amsl.com>; Tue, 26 Jul 2011 14:27:12 -0700 (PDT)
Received: from mail-pz0-f53.google.com (mail-pz0-f53.google.com [209.85.210.53]) by ietfa.amsl.com (Postfix) with ESMTP id BE7D821F8A66 for <mpls@ietf.org>; Tue, 26 Jul 2011 14:27:12 -0700 (PDT)
Received: by pzk6 with SMTP id 6so1396619pzk.26 for <mpls@ietf.org>; Tue, 26 Jul 2011 14:27:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=references:in-reply-to:mime-version:content-transfer-encoding :content-type:message-id:cc:x-mailer:from:subject:date:to; bh=juPJ3M13+d9Kph94VTtMwq4M+swCiqZgRvNuhehlhwg=; b=HMpgN7547KceZAk9gi2Y7v+E651wgW7LMomcn7hfZETKY2C2sIjCxY9BsoODo7Ck34 poybAJnYA/9uwvFc3Dfz4LwEanRTxDzhganMc8BoI2v74ibq01CUPpbWBj9sNjIx2atR 6ArPXsIpeBmziJPcjabBxIGWzN1+fAu3wto7k=
Received: by 10.68.13.105 with SMTP id g9mr11407469pbc.135.1311715631408; Tue, 26 Jul 2011 14:27:11 -0700 (PDT)
Received: from [130.129.23.104] (dhcp-1768.meeting.ietf.org [130.129.23.104]) by mx.google.com with ESMTPS id d1sm936616pbj.72.2011.07.26.14.27.09 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 26 Jul 2011 14:27:10 -0700 (PDT)
References: <4DFA60E3.90807@pi.nu> <791AD3077F94194BB2BDD13565B6295D13B65A62@Polydeuces.office.hd> <C0AC8FAB6849AB4FADACCC70A949E2F10B2256B154@EUSAACMS0701.eamcs.ericsson.se> <791AD3077F94194BB2BDD13565B6295D13B69562@Polydeuces.office.hd> <C0AC8FAB6849AB4FADACCC70A949E2F10B2484A3ED@EUSAACMS0701.eamcs.ericsson.se> <791AD3077F94194BB2BDD13565B6295D13B695EF@Polydeuces.office.hd> <D6432A3783F045B694EA0467F7173898@nsl.ad.nec.co.jp> <C0AC8FAB6849AB4FADACCC70A949E2F10B24DDE877@EUSAACMS0701.eamcs.ericsson.se> <60F069FADFF94B1C8594EEB26514F486@nsl.ad.nec.co.jp>
In-Reply-To: <60F069FADFF94B1C8594EEB26514F486@nsl.ad.nec.co.jp>
Mime-Version: 1.0 (iPad Mail 8J2)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="us-ascii"
Message-Id: <5DA50667-3D9E-4E5F-951A-8125326A3B15@gmail.com>
X-Mailer: iPad Mail (8J2)
From: Sam Aldrin <aldrin.ietf@gmail.com>
Date: Tue, 26 Jul 2011 14:29:00 -0700
To: Zhenlong Cui <c-sai@bx.jp.nec.com>
Cc: "mpls@ietf.org" <mpls@ietf.org>, "draft-ietf-mpls-tp-on-demand-cv@tools.ietf.org" <draft-ietf-mpls-tp-on-demand-cv@tools.ietf.org>
Subject: Re: [mpls] Questions for draft-ietf-mpls-tp-on-demand-cv-05
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mpls>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2011 21:27:13 -0000

As Eric said in earlier email, these questions are more related to RFC4379 and not just this draft.
Having said that, please find responses inline.

Sam

Sent from my iPad

On Jul 26, 2011, at 2:03 PM, "Zhenlong Cui" <c-sai@bx.jp.nec.com> wrote:

> Hi Eric,
> 
> I remember you said earlier that you should drop the packet from unknown source nodes, because there is a security problem with
> responding.
> On the other hand, you say that you should send a reply when the request includes an unknown TLV.
> 
Unknown source is not same as receiving malformed Tlv or unsupported tlv.
> I think if the responder receives a request it checks the type of the TLV before it checks the identifiers.
> 
> So, my question is "if the responder receives a request from an unknown source node that includes an unknown TLV, does the responder
> have to reply to the unknown source node?". If yes, this has the security problem you mentioned earlier, doesn't it?
If received from unknown source, most vendors drop the packet.
> 
> 
> Lastly, I suggest that add some mention to this draft regarding responder's behavior for new TLV.
> 1) Which return code to send when source/destination identifiers are wrong or drop the request.
As said above, it should be dropped, if the source is unknown.
> 2) Which return code to send when ingress if_num/egress if_num of DSMAP TLV are wrong or drop the request.
Return code 5, dsmap mismatch. This is already defined in rfc4379.
> 
> 
> Best,
> Zhenlong
> 
>> -----Original Message-----
>> From: Eric Gray [mailto:eric.gray@ericsson.com]
>> Sent: Wednesday, July 27, 2011 12:56 AM
>> To: Zhenlong Cui
>> Cc: mpls@ietf.org; draft-ietf-mpls-tp-on-demand-cv@tools.ietf.org
>> Subject: RE: [mpls] Questions for draft-ietf-mpls-tp-on-demand-cv-05
>> 
>> Zhenlong,
>> 
>> Q-1: See RFC 4379, where these regitry entries are derived from.
>>     RFC 4379 sets up a number of registries - including the TLV
>>     registry - and defines explicitly how to handle unknown TLV
>>     types in section 3, in two very obscure paragraphs on page
>>     10, just before section 3.1.
>> 
>> Q-2: "ingress port" is not correct - thanks for spotting this
>>     cut-and-paste duplication error.
>> 
>> --
>> Eric
>> 
>> -----Original Message-----
>> From: Zhenlong Cui [mailto:c-sai@bx.jp.nec.com]
>> Sent: Tuesday, July 12, 2011 5:20 AM
>> To: mpls@ietf.org; draft-ietf-mpls-tp-on-demand-cv@tools.ietf.org
>> Subject: [mpls] Questions for draft-ietf-mpls-tp-on-demand-cv-05
>> 
>> Dear Authors,
>> 
>> Two questions regarding the idenfifiers TLV and DSMAP TLV.
>> 
>> Question 1:
>>>>> Which return code to send when identifiers are wrong (Malformed echo
>>>>> request received?) or drop the packet.
>>>>> 
>>>>> EG > Drop the packet, probably log the error, possibly run off
>>>>> EG > screaming into the night.  What does one do when one gets
>>>>> EG > something either not recognizably intended for one, or not
>>>>> EG > from a source that one recognizes?  From a security point
>>>>> EG > of view, we cannot require an implementation to reply to
>>>>> EG > the requester in this case (this is an attack vector for
>>>>> EG > all kinds of hate and discontent).  Nor can we forbid it.
>>>>> 
>> If the "type" of identifier TLV is incorrect, then should this request frame be dropped? Should we reply to the requestor(One
>> or
>> more of the TLVs was not understood)? Can this way two answers be generated?
>> 
>> 
>> Question 2:
>> In section 2.1.1, Is below("ingress port") correct?
>> 
>>   Egress IF_Num identifies the ingress port on the target node.  A
>>   value of 0 indicates that the port is not part of the identifier.
>> 
>> 
>> Best,
>> zhenlong
>> 
>>> -----Original Message-----
>>> From: mpls-bounces@ietf.org [mailto:mpls-bounces@ietf.org] On Behalf Of Rolf Winter
>>> Sent: Monday, June 27, 2011 8:04 PM
>>> To: Eric Gray; mpls@ietf.org; draft-ietf-mpls-tp-on-demand-cv@tools.ietf.org
>>> Subject: Re: [mpls] Verification call on draft-ietf-mpls-tp-on-demand-cv
>>> 
>>> I think that's OK, since the value is not beyond but within the TLV. Taken from 4379:
>>> 
>>> Types are defined below; Length is the length of the Value field in
>>> octets.  The Value field depends on the Type; it is zero padded to
>>> align to a 4-octet boundary.
>>> 
>>> That means the length is the length of the actual value (excluding the padding). So the beginning of the next TLV is determined
>>> by the length plus a value that makes it align on a 4-octet boundary (which of course can be 0). I cannot follow your argument
>>> why this is not correct. I am sure I am missing something trivial, so sorry for spamming the list. But all information
>> is
>>> encoded in the packet (plus the simple rule quoted above). Otherwise, a node needs to understand the internal structure
>> of
>>> each TLV to extract the value instead of applying the simple rule above.
>>> 
>>> 
>>> Best,
>>> 
>>> Rolf
>>> 
>>> 
>>> NEC Europe Limited | Registered Office: NEC House, 1 Victoria Road, London W3 6BL | Registered in England 2832014
>>> 
>>> 
>>>> -----Original Message-----
>>>> From: Eric Gray [mailto:eric.gray@ericsson.com]
>>>> Sent: Montag, 27. Juni 2011 12:42
>>>> To: Rolf Winter; mpls@ietf.org; draft-ietf-mpls-tp-on-demand-
>>>> cv@tools.ietf.org
>>>> Subject: RE: [mpls] Verification call on draft-ietf-mpls-tp-on-demand-
>>>> cv
>>>> 
>>>> IMO, that would be a problem with RFC 4379.  Perhaps there is
>>>> an errata?
>>>> 
>>>> TLVs are meant to follow each other, where the beginning of the
>>>> next TLV is determined by the length of the current TLV - hence
>>>> it is not correct to specify any content as having any value at
>>>> all if it is beyond the end of the TLV.
>>>> 
>>>> -----Original Message-----
>>>> From: Rolf Winter [mailto:Rolf.Winter@neclab.eu]
>>>> Sent: Monday, June 27, 2011 5:06 AM
>>>> To: Eric Gray; mpls@ietf.org; draft-ietf-mpls-tp-on-demand-
>>>> cv@tools.ietf.org
>>>> Subject: RE: [mpls] Verification call on draft-ietf-mpls-tp-on-demand-
>>>> cv
>>>> Importance: High
>>>> 
>>>> Hi Eric,
>>>> 
>>>> just one more to follow up. You say:
>>>> 
>>>>> EG > 24 is correct for the Static LSP Sub-TLV (it is 6 words long,
>>>>> EG > even if the last two octets "Must be Zero").  The length of
>>>>> EG > the Static Pseudowire Sub-TLV - on the other hand - was made
>>>>> EG > longer by the addition of the 2-word AGI.  Nice catch!
>>>> 
>>>> In RFC 4379, section 3.2, the MUST be Zero parts don't seem to be
>>>> included in the length of the sub-TLVs. Why are they included here?
>>>> 
>>>> Best,
>>>> 
>>>> Rolf
>>>> 
>>>> 
>>>> NEC Europe Limited | Registered Office: NEC House, 1 Victoria Road,
>>>> London W3 6BL | Registered in England 2832014
>>>> 
>>>> 
>>>>> 
>>>>> EG > Apparently.
>>>>> 
>>>>> Which return code to send when identifiers are wrong (Malformed echo
>>>>> request received?) or drop the packet.
>>>>> 
>>>>> EG > Drop the packet, probably log the error, possibly run off
>>>>> EG > screaming into the night.  What does one do when one gets
>>>>> EG > something either not recognizably intended for one, or not
>>>>> EG > from a source that one recognizes?  From a security point
>>>>> EG > of view, we cannot require an implementation to reply to
>>>>> EG > the requester in this case (this is an attack vector for
>>>>> EG > all kinds of hate and discontent).  Nor can we forbid it.
>>>>> 
>>>>> Using the per-interface model and say the DSMAP TLV did not match the
>>>>> ingress IF identifier, then should this request frame be dropped?
>>>>> Should we reply to the requestor? Can this way two answers be
>>>>> generated?
>>>>> 
>>>>> Nit (section 2.1): s/mpls/MPLS/
>>>>> 
>>>>> EG > Thanks.
>>>>> 
>>>>> 
>>>>> Best,
>>>>> 
>>>>> 
>>>>> 
>>>>> Rolf
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> NEC Europe Limited | Registered Office: NEC House, 1 Victoria Road,
>>>>> London W3 6BL | Registered in England 2832014
>>>>> 
>>>>> 
>>>>>> -----Original Message-----
>>>>>> From: mpls-bounces@ietf.org [mailto:mpls-bounces@ietf.org] On
>>>> Behalf
>>>>> Of
>>>>>> Loa Andersson
>>>>>> Sent: Donnerstag, 16. Juni 2011 22:01
>>>>>> To: mpls@ietf.org; draft-ietf-mpls-tp-on-demand-cv@tools.ietf.org;
>>>>> Ross
>>>>>> Callon; George Swallow; MPLS-TP ad hoc team
>>>>>> Subject: [mpls] Verification call on draft-ietf-mpls-tp-on-demand-
>>>> cv
>>>>>> 
>>>>>> Working Group.
>>>>>> 
>>>>>> the authors of draft-ietf-mpls-tp-on-demand-cv have updated the ID
>>>>>> after wg last call and published version -04 of the document.
>>>>>> 
>>>>>> A document detailing how the comments have been addressed will be
>>>>>> found at:
>>>>>> http://www.pi.nu/~loa/comments-on-03.xls
>>>>>> 
>>>>>> This is to start a working group call to verify that all comments
>>>>>> been adequately addressed. Please send your comments to the
>>>>>> mpls working group mailing list before June 24th.
>>>>>> 
>>>>>> Loa
>>>>>> on behalf of the MPLS wg co-chairs
>>>>>> 
>>>>>> --
>>>>>> 
>>>>>> 
>>>>>> Loa Andersson                         email:
>>>>> loa.andersson@ericsson.com
>>>>>> Sr Strategy and Standards Manager            loa@pi.nu
>>>>>> Ericsson Inc                          phone: +46 10 717 52 13
>>>>>>                                              +46 767 72 92 13
>>>>>> _______________________________________________
>>>>>> mpls mailing list
>>>>>> mpls@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/mpls
>>>>> _______________________________________________
>>>>> mpls mailing list
>>>>> mpls@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/mpls
>>> _______________________________________________
>>> mpls mailing list
>>> mpls@ietf.org
>>> https://www.ietf.org/mailman/listinfo/mpls
> 
> 
> _______________________________________________
> mpls mailing list
> mpls@ietf.org
> https://www.ietf.org/mailman/listinfo/mpls

v2.23.0 | Report a Bug | By Email