Re: [mpls] MPLS working group last call on draft-ietf-mpls-lsp-ping-relay-reply
"Lizhong Jin" <lizho.jin@gmail.com> Thu, 25 June 2015 07:52 UTC
Return-Path: <lizho.jin@gmail.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A284E1B318D for <mpls@ietfa.amsl.com>; Thu, 25 Jun 2015 00:52:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.45
X-Spam-Level:
X-Spam-Status: No, score=0.45 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MIME_CHARSET_FARAWAY=2.45, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cchr3d6DcMA0 for <mpls@ietfa.amsl.com>; Thu, 25 Jun 2015 00:52:40 -0700 (PDT)
Received: from mail-pa0-x236.google.com (mail-pa0-x236.google.com [IPv6:2607:f8b0:400e:c03::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 172061B3183 for <mpls@ietf.org>; Thu, 25 Jun 2015 00:52:39 -0700 (PDT)
Received: by pabvl15 with SMTP id vl15so45212215pab.1 for <mpls@ietf.org>; Thu, 25 Jun 2015 00:52:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-type:content-transfer-encoding:thread-index :content-language; bh=fw5/fkD6PllP1DZbhUzG3CcDVu0bD/0Bh0xpS0jG+kI=; b=Nk2tqF/XM8PTLkQlrGRe3OWr+JAi3y0Sxq+6bnHDmfZ3RqN/pA6D+bA7f4MqLlTHLW Xow6bsUKmHnUv7NS7IRCk7gKHBsoPW1bM9nX5bqkhKfb4L6sWPSBL8zzBQX3r4N99zwu ceJFfhhHCw+n6o4K/RSmgKP3f5dw5wbiFebvzbjEil2xEZsn+T4/Ro8IbHtxY05G7rvF 2imLzASDWLJMHh4VqWj4J+VT0KNqHFH5359DDQbRZT7qDrn4ws9g3+bWbgtCGAe2QjgS esPKnvlmxu0ddgM6H27UPIXiudWffZ7Xui02m/musLxq/bs228y2OeqWyqQezKhQLiU1 oWhA==
X-Received: by 10.68.224.10 with SMTP id qy10mr90059975pbc.23.1435218759631; Thu, 25 Jun 2015 00:52:39 -0700 (PDT)
Received: from LIZHONGJ ([180.166.53.21]) by mx.google.com with ESMTPSA id b3sm29087927pdg.67.2015.06.25.00.52.34 (version=TLSv1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 25 Jun 2015 00:52:38 -0700 (PDT)
From: Lizhong Jin <lizho.jin@gmail.com>
To: 'Loa Andersson' <loa@pi.nu>, 'thomas nadeau' <tnadeau@lucidvision.com>
References: <D1AEF31A.3B607%swallow@cisco.com> <558A6B2A.9010000@pi.nu> <334FDAB8-48A3-40CC-A4A4-DB414F53EAD5@lucidvision.com> <558BB212.5040303@pi.nu>
In-Reply-To: <558BB212.5040303@pi.nu>
Date: Thu, 25 Jun 2015 15:52:29 +0800
Message-ID: <007b01d0af1b$e7b6a970$b723fc50$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQI5Wjwo1OrFg9Sm2IIzsvEBzO/6iQDV8MG+AUuv9+oBwx9+mZzMXIOQ
Content-Language: zh-cn
Archived-At: <http://mailarchive.ietf.org/arch/msg/mpls/htMTajh1bMSpTqAj3u5hEwkKG7k>
Cc: 'mpls' <mpls@ietf.org>, 'draft-ietf-mpls-lsp-ping-relay-reply' <draft-ietf-mpls-lsp-ping-relay-reply@tools.ietf.org>, 'mpls-chairs' <mpls-chairs@tools.ietf.org>
Subject: Re: [mpls] MPLS working group last call on draft-ietf-mpls-lsp-ping-relay-reply
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jun 2015 07:52:44 -0000
Thank you all for the help. We will update accordingly in the next version. Regards Lizhong > -----Original Message----- > From: Loa Andersson [mailto:loa@pi.nu] > Sent: 2015年6月25日 15:48 > To: thomas nadeau; lizho.jin@gmail.com > Cc: George Swallow (swallow); adrian@olddog.co.uk; mpls; mpls-chairs; > draft-ietf-mpls-lsp-ping-relay-reply; db3546 > Subject: Re: [mpls] MPLS working group last call on > draft-ietf-mpls-lsp-ping-relay-reply > > Lizhong, > > It should be safe to remove the pre-RFC5378 disclaimer. I will address the issue > in the shepherds write-up. > > /Loa > > On 2015-06-24 12:02, thomas nadeau wrote: > > > > > > > > > >> On Jun 24, 2015, at 4:32 AM, Loa Andersson <loa@pi.nu> wrote: > >> > >> George, > >> > >> I sympathize with this, but as I recall it the current document is > >> the result of a merger between two earlier drafts: > >> > >> draft-ietf-mpls-interas-lspping (first version posted March 2007) > >> and that one goes back to draft-nadeau-mpls-interas-lspping (first > >> version posted July 2005). > >> and > >> draft-zj-mpls-lsp-ping-reply-relay (first version posted October > >> 2011) > >> > >> RFC 5378 was published Oct 2008, to be on the safe side any work that > >> pre-dates RFC 5378 should have the "pre-RFC5378 disclaimer". So > >> draft-zj is in the clear. > >> > >> However, since both draft-ietf-mpls-interas-lspping and > >> draft-nadeau-mpls-interas-lspping predates RFC 5378, we need the > >> pre-RFC5378 disclaimer unless both authors of the two draft grant > >> their rights to the IETF trust. My straw man advice would be to try > >> to remove the pre-RFC5378 disclaimer based on statements from both > authors. > >> > >> George does so in the mail below. > >> > >> Tom are you willing to do so also? > > > > yes i agree. > > > >> > >> /Loa > >> > >> > >>> On 2015-06-23 17:30, George Swallow (swallow) wrote: > >>> Lizhong - > >>> > >>> If there's any text left from the original draft, then it belongs to > >>> either me or Tom. I hereby surrender my rights. > >>> > >>> Tom? > >>> > >>> George > >>> > >>>> On 6/17/15 2:28 PM, "Adrian Farrel" <adrian@olddog.co.uk> wrote: > >>>> > >>>> Lizhong, > >>>> > >>>> Apologies, I fumbled your response. > >>>> > >>>> I snipped out the stuff we agree on. > >>>> > >>>>> Thank you for the review. Please see my reply inline below. > >>>>> Correct me if other authors have different opinion. > >>>>> > >>>>> I will update the draft after the end of last call. > >>>> > >>>>>> Just being a good citizen and reviewing this I-D during WG last call. > >>>>>> I didn't have much time so I only found a number of nits most of > >>>>>> which are probably not significant. > >>>>>> --- > >>>>>> > >>>>>> idnits notes the presence of a pre-RFC5378 disclaimer. Do you > >>>>>> really need that? > >>>>>> [Lizhong] this may need the answer from chairs and AD. We only > >>>>>> follow the rules. > >>>> > >>>> If you are following the rules, that's fine. I think the rules are > >>>> that you only need to include the disclaimer if text included in > >>>> the document was written before the date of RFC 5378 and if at > >>>> least one of the authors of the text has not given up their > >>>> copyright as described in that RFC. > >>>> > >>>> [snip] > >>>> > >>>>>> Section 4.1 > >>>>>> > >>>>>> The source UDP port field MUST be set > >>>>>> to the source UDP port. > >>>>>> > >>>>>> There is no "source UDP port" field. Perhaps the "Initiator > >>>>>> Source Port" > >>>>>> field? > >>>>>> > >>>>>> But also, this text is quite confusing. The text in 3.2 is much > >>>>>> clearer. > >>>>> [Lizhong] yes, should be: > >>>>> The source UDP port field MUST be set to the initiator source port. > >>>> > >>>> Hmmm, I think... > >>>> > >>>> "The Initiator Source Port field MUST be set to the source UDP port." > >>>> > >>>> [snip] > >>>> > >>>>> [Lizhong] traceroute is not mandatory before ping. If operator has > >>>>> knowledge of the relay nodes, the initiator could directly send > >>>>> ping with Relay Node Address Stack TLV containing the already > >>>>> known relay nodes. > >>>> > >>>> That would make a valuable addition to 4.1, as well. > >>>> > >>>> [snip] > >>>> > >>>>>> I tried to work out how things would pan out if two ASes on the > >>>>>> path used the same address space within their AS. Would an > >>>>>> address appear in the stack and seem to be routable when it is > >>>>>> really an address in the other AS? > >>>>> [Lizhong] we have an example in section 5. And address of P1 and > >>>>> P2 could be same. In that case, ASBR1 must adds its interface > >>>>> address facing ASBR2 with the K bit set. Then relay reply will not > >>>>> be miss-routed. > >>>> > >>>> Ah, I get it. > >>>> But this relies on ASBT1 setting the K bit. > >>>> So I suspect this needs to not be a special case: you need to > >>>> require that the domain boundary always sets the K bit. > >>>> > >>>> [snip] > >>>> > >>>>>> The third case in 4.5 is when the receiver does not understand > >>>>>> the TLV and ignores it. In this case it will send an Echo Reply > >>>>>> without itself including the TLV. > >>>>> [Lizhong] the receiver is unable to send the Echo Reply, because > >>>>> it does know the destination IP address and UDP port number. So if > >>>>> the receiver could not understand the TLV, then the relay message will > be dropped. > >>>> > >>>> Section 4.5 of 4379 says: > >>>> > >>>> The destination IP address and UDP port are copied from the > >>>> source IP address and UDP port of the echo request. > >>>> > >>>> That is what the legacy receiver will attempt to do. It doesn't > >>>> matter whether the optional Relay Node Address Stack TLV is in the > >>>> echo request message or not, the legacy node will follow 4379. So > >>>> it *will* be able to respond. > >>>> > >>>>>> Section 6 should note that the new TLV provides a way for Echo > >>>>>> Reply messages to be diverted so that information can be > >>>>>> collected. For example, if a stack entry can be inserted, the > >>>>>> Echo Reply messages can be caused to transit another AS unrelated > >>>>>> to the LSP under test. Since the Echo Reply reveals path > >>>>>> information about the LSP, this is a valuable attack. Having > >>>>>> said that, you can say how this TLV is protected in the Echo Reply > message. > >>>>> > >>>>> [Lizhong] Do you mean the new TLV could be used to collect path > >>>>> information unrelated to the LSP under test? This is not true. > >>>>> Only the node along the > >>>> LSP > >>>>> will add path information into the new TLV. The relay node in the > >>>>> new TLV will only relay the Echo Reply to the initiator, and will > >>>>> not add information > >>>> to > >>>>> the new TLV. > >>>> > >>>> I think you misunderstand how security attacks might work. Suppose > >>>> I am able to do one of two things: > >>>> 1. Modify the control plane code on a router that adds or processes a > >>>> Relay Node Address Stack TLV so that it adds a bogus entry to the > >>>> TLV. The prospect of modifications to control plane code is > generally > >>>> considered to be so disastrous that it is just noted without any > >>>> further precautions (after all, if you can get at the control plane > >>>> code, you can make the routers do anything). > >>>> 2. Intercept and modify a packet in transit. This is the main risk I am > >>>> talking about. > >>>> > >>>> Cheers, > >>>> Adrian > >>>> > >>>> _______________________________________________ > >>>> mpls mailing list > >>>> mpls@ietf.org > >>>> https://www.ietf.org/mailman/listinfo/mpls > >> > >> -- > >> > >> > >> Loa Andersson email: loa@mail01.huawei.com > >> Senior MPLS Expert loa@pi.nu > >> Huawei Technologies (consultant) phone: +46 739 81 21 64 > > -- > > > Loa Andersson email: loa@mail01.huawei.com > Senior MPLS Expert loa@pi.nu > Huawei Technologies (consultant) phone: +46 739 81 21 64
- [mpls] MPLS working group last call on draft-ietf… Loa Andersson
- Re: [mpls] MPLS working group last call on draft-… Adrian Farrel
- Re: [mpls] MPLS working group last call on draft-… lizho.jin@gmail.com
- [mpls] Closed - MPLS working group last call on d… Loa Andersson
- Re: [mpls] MPLS working group last call on draft-… lizho.jin@gmail.com
- Re: [mpls] MPLS working group last call on draft-… Adrian Farrel
- Re: [mpls] MPLS working group last call on draft-… lizho.jin@gmail.com
- Re: [mpls] MPLS working group last call on draft-… George Swallow (swallow)
- Re: [mpls] MPLS working group last call on draft-… George Swallow (swallow)
- Re: [mpls] MPLS working group last call on draft-… Loa Andersson
- Re: [mpls] MPLS working group last call on draft-… thomas nadeau
- Re: [mpls] MPLS working group last call on draft-… Loa Andersson
- Re: [mpls] MPLS working group last call on draft-… Lizhong Jin
- Re: [mpls] MPLS working group last call on draft-… Adrian Farrel
- Re: [mpls] MPLS working group last call on draft-… Adrian Farrel
- Re: [mpls] MPLS working group last call on draft-… lizho.jin@gmail.com