Re: [mpls] Last Call: <draft-ietf-mpls-mldp-node-protection-05.txt> (mLDP Node Protection) to Proposed Standard
"Adrian Farrel" <adrian@olddog.co.uk> Wed, 02 September 2015 17:27 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC5381B32FF; Wed, 2 Sep 2015 10:27:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.701
X-Spam-Level:
X-Spam-Status: No, score=-100.701 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_LOW=-0.7, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fjwIhBjmaluv; Wed, 2 Sep 2015 10:27:48 -0700 (PDT)
Received: from asmtp4.iomartmail.com (asmtp4.iomartmail.com [62.128.201.175]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A78791B3E01; Wed, 2 Sep 2015 10:27:44 -0700 (PDT)
Received: from asmtp4.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp4.iomartmail.com (8.13.8/8.13.8) with ESMTP id t82HRgwx028662; Wed, 2 Sep 2015 18:27:42 +0100
Received: from 950129200 (79.135.99.37.dsl.gradwelldsl.co.uk [79.135.99.37] (may be forged)) (authenticated bits=0) by asmtp4.iomartmail.com (8.13.8/8.13.8) with ESMTP id t82HRfQH028640 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Wed, 2 Sep 2015 18:27:41 +0100
From: Adrian Farrel <adrian@olddog.co.uk>
To: ietf@ietf.org
References: <20150825221944.10283.10646.idtracker@ietfa.amsl.com>
In-Reply-To: <20150825221944.10283.10646.idtracker@ietfa.amsl.com>
Date: Wed, 02 Sep 2015 18:27:39 +0100
Message-ID: <029c01d0e5a4$ab85bc10$02913430$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQEqIwc7hetHUf8AKCZhmWU6iSerQZ93AjeQ
Content-Language: en-gb
X-TM-AS-MML: disable
X-TM-AS-Product-Ver: IMSS-7.1.0.1576-8.0.0.1202-21788.001
X-TM-AS-Result: No--12.897-10.0-31-10
X-imss-scan-details: No--12.897-10.0-31-10
X-TMASE-MatchedRID: fE0JoqABJp1fsB4HYR80ZggKAWhuC2ojb6bRSg4rpzt8Tu6cvkQQvFWS MEnTg+B3IGyO8oFp++l7N8FVJMlRBmX3SpdG0+lWcFEiuPxHjsU0AKed0u9fB81BXOF9hjmyFkz B+NuZzggfq7xky/eNBSDs3TkzD4BpFmZR/WNHV55mVHNo7XGkncvg6MApgEQa9ItC2dmXn10gPo MwpIOZ2A1DTI4WbUmgTqcgx+NG01QwyJaonFEa5QPZZctd3P4BF4q8hdmZvAgL+XoSP8zSWiXcO 6fodzRlyXiVJCvFtMfpEPJCupgFYppS18w4gxhDOjf3A4DTYuHMeau/FrxSZK/FMdJb10vOk3XN gcgycofq+42aYZGs2faVc6PNxfFSCOBZR9t1Wn9QiFNNqFvt1YB84MMvKleapIR/M6uhPD+jxYy RBa/qJX3mXSdV7KK4OubYLCVnBVEgBwKKRHe+rwKKpotPaXT0vDiha7KR167QznawWwpguKu4CC 8NT2xzc+/mxAM85xg=
Archived-At: <http://mailarchive.ietf.org/arch/msg/mpls/R8LgrIHvvqrnhOAT-Hz2hOTjepc>
Cc: mpls@ietf.org, draft-ietf-mpls-mldp-node-protection@ietf.org
Subject: Re: [mpls] Last Call: <draft-ietf-mpls-mldp-node-protection-05.txt> (mLDP Node Protection) to Proposed Standard
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: adrian@olddog.co.uk
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 17:27:50 -0000
Hi, I took a look at this I-D although I was not lucky enough to win the ballot to be Routing Directorate reviewer. At least that saves me from some boilerplate :-) IMHO this I-D describes useful function that is practical to implement. The document is clear and ready for publication. It might benefit from another read to fix a few points of grammar, but I am sure the RFC editor will handle that without risking the meaning of the document. I provide a few pointless nits to prove I read the document. Thanks, Adrian === Abstract s/has/have/ --- Abstract I regret that "LSR" is not a well-known abbreviation and has to be expanded. Ditto "P2P" --- Section 1 Same issues with abbreviations. Add LFA. s/setup/set up/ s/LST/LSR/ --- Section 2.1 The sentence "After determining..." has unbalanced parentheses. s/don't/does not/ --- I suspect that Section 6 is enough and that the Sec ADs will wonder whether or not it is. What is new here? Well I suppose there is the potential for an LSR to get hit with a lot of tLDP sessions and a multiplier of tLDP LSPs (one for every protected LSP that transits the LSR). Is that a vector for attack? I don't think so. So you could add something like... The procedures in this document add two new TLVs to existing LDP messages. Those TLVs can be protected by the mechanisms that are used to protect LDP messages as described in [RFC6388] and [RFC5920]. If it were possible to attack the mechanisms described in this document an LSR (a PLR or a MPT) could be induced to support a large number of tLDP sessions and set up an even larger number of LSPs. The security mechanisms in [RFC6388] and [RFC5920] are believed to be adequate, but an implementation could provide additional protection by counting such protection sessions and LSPs and producing a log message to the operator if a threshold is crossed.