Re: [mpls] Stephen Farrell's Discuss on draft-ietf-mpls-mldp-node-protection-05: (with DISCUSS and COMMENT)

IJsbrand Wijnands <ice@cisco.com> Wed, 16 September 2015 09:17 UTC

Return-Path: <ice@cisco.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9E471B3A9B; Wed, 16 Sep 2015 02:17:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2b-Jt618j081; Wed, 16 Sep 2015 02:17:31 -0700 (PDT)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C15901B39E4; Wed, 16 Sep 2015 02:15:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1490; q=dns/txt; s=iport; t=1442394932; x=1443604532; h=mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=FPO2mH2T1cw0YjZzQRd6mJDdmsyEXL1r0rN8V3NDXGM=; b=c+SO9e9i+hDPTjTpxDg1zg6gl9s7wWz4oe1ZTU09BiIn/1c2P3mRG5m7 I6glWMSTxd2/m+fthUJcWAIGXo3y3Tgewvvwx2ckNOxJ2GEySXUky2eXG 14hwa1w4RNfZj1jxP+yhr35niktfBLps3efnH0jtVG3+SdYwWof4PNNnl s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0A8BQBTMvlV/xbLJq1drXoBAQEBAQEFAYEKmwICgg8BAQEBAQGBC4QkAQEDASNWEAsaAh8HAgJXBi6ICwi1CJRKAQEBAQEBAQEBAQEBAQEBAQEBARmBIoUKglaCboRaMweCaS+BFAEElV6NA5sQY4JDgUA8il0BAQE
X-IronPort-AV: E=Sophos;i="5.17,538,1437436800"; d="scan'208";a="605152003"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Sep 2015 09:15:30 +0000
Received: from ams-iwijnand-8816.cisco.com (ams-iwijnand-8816.cisco.com [10.60.202.87]) by aer-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id t8G9FTxU023059 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 16 Sep 2015 09:15:29 GMT
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\))
From: IJsbrand Wijnands <ice@cisco.com>
In-Reply-To: <55F92978.7020403@cs.tcd.ie>
Date: Wed, 16 Sep 2015 11:15:29 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <B2786AC4-516A-49BF-BECA-A3399F189DF3@cisco.com>
References: <20150915121844.9126.51946.idtracker@ietfa.amsl.com> <55E921B2-C178-45D6-8E7F-12E4DB950583@cisco.com> <55F92978.7020403@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.1993)
Archived-At: <http://mailarchive.ietf.org/arch/msg/mpls/UbqIXfbD6MY8cLOAf6y37IAOlPY>
Cc: mpls@ietf.org, mpls-chairs@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-mpls-mldp-node-protection.shepherd@ietf.org, draft-ietf-mpls-mldp-node-protection@ietf.org, draft-ietf-mpls-mldp-node-protection.ad@ietf.org
Subject: Re: [mpls] Stephen Farrell's Discuss on draft-ietf-mpls-mldp-node-protection-05: (with DISCUSS and COMMENT)
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2015 09:17:34 -0000

Hi Stephen,


>>  The procedures in this document add two new TLVs to existing LDP
>>  messages.  Those TLVs can be protected by the mechanisms that are
>>  used to protect LDP messages as described in [RFC6388] and [RFC5920].
>>  If it were possible to attack the mechanisms described in this 
>>  document an LSR (a PLR or a MPT) could be induced to support a large
> 
> Can't "N" also cause the potential DoS, if N is the compromised LSR?
> But the main thing is that once this mechanism is supported, any LSR
> (that is compromised) could try use this as a DoS vector/accelerator.

Yes, I guess it does.

> 
>>  number of tLDP sessions and set up an even larger number of LSPs.
>>  The security mechanisms in [RFC6388] and [RFC5920] are believed to be
>>  adequate, but an implementation could provide additional protection
>>  by counting such protection sessions and LSPs and producing a log
>>  message to the operator if a threshold is crossed.
>> —
> 
> Yes, that text seems about right and good enough to clear
> when you post a revision with that in it.

Cool, will do.

> 
> I could maybe quibble about the current security mechanisms being
> adequate bit (are they really? say in a network with a small but
> persistent percentage of compromised routers?) but I'll not quibble
> in this case, as I guess that is a more general problem and it'd
> not be right to try force a solution via this document.

Thx!,

Ice.