IETF Logo Mail Archive

Re: [mpls] MPLS working group last call on draft-ietf-mpls-lsp-ping-relay-reply

"Lizhong Jin" <lizho.jin@gmail.com> Thu, 25 June 2015 07:52 UTC

Return-Path: <lizho.jin@gmail.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A284E1B318D for <mpls@ietfa.amsl.com>; Thu, 25 Jun 2015 00:52:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.45
X-Spam-Level:
X-Spam-Status: No, score=0.45 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MIME_CHARSET_FARAWAY=2.45, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cchr3d6DcMA0 for <mpls@ietfa.amsl.com>; Thu, 25 Jun 2015 00:52:40 -0700 (PDT)
Received: from mail-pa0-x236.google.com (mail-pa0-x236.google.com [IPv6:2607:f8b0:400e:c03::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 172061B3183 for <mpls@ietf.org>; Thu, 25 Jun 2015 00:52:39 -0700 (PDT)
Received: by pabvl15 with SMTP id vl15so45212215pab.1 for <mpls@ietf.org>; Thu, 25 Jun 2015 00:52:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-type:content-transfer-encoding:thread-index :content-language; bh=fw5/fkD6PllP1DZbhUzG3CcDVu0bD/0Bh0xpS0jG+kI=; b=Nk2tqF/XM8PTLkQlrGRe3OWr+JAi3y0Sxq+6bnHDmfZ3RqN/pA6D+bA7f4MqLlTHLW Xow6bsUKmHnUv7NS7IRCk7gKHBsoPW1bM9nX5bqkhKfb4L6sWPSBL8zzBQX3r4N99zwu ceJFfhhHCw+n6o4K/RSmgKP3f5dw5wbiFebvzbjEil2xEZsn+T4/Ro8IbHtxY05G7rvF 2imLzASDWLJMHh4VqWj4J+VT0KNqHFH5359DDQbRZT7qDrn4ws9g3+bWbgtCGAe2QjgS esPKnvlmxu0ddgM6H27UPIXiudWffZ7Xui02m/musLxq/bs228y2OeqWyqQezKhQLiU1 oWhA==
X-Received: by 10.68.224.10 with SMTP id qy10mr90059975pbc.23.1435218759631; Thu, 25 Jun 2015 00:52:39 -0700 (PDT)
Received: from LIZHONGJ ([180.166.53.21]) by mx.google.com with ESMTPSA id b3sm29087927pdg.67.2015.06.25.00.52.34 (version=TLSv1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 25 Jun 2015 00:52:38 -0700 (PDT)
From: Lizhong Jin <lizho.jin@gmail.com>
To: 'Loa Andersson' <loa@pi.nu>, 'thomas nadeau' <tnadeau@lucidvision.com>
References: <D1AEF31A.3B607%swallow@cisco.com> <558A6B2A.9010000@pi.nu> <334FDAB8-48A3-40CC-A4A4-DB414F53EAD5@lucidvision.com> <558BB212.5040303@pi.nu>
In-Reply-To: <558BB212.5040303@pi.nu>
Date: Thu, 25 Jun 2015 15:52:29 +0800
Message-ID: <007b01d0af1b$e7b6a970$b723fc50$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQI5Wjwo1OrFg9Sm2IIzsvEBzO/6iQDV8MG+AUuv9+oBwx9+mZzMXIOQ
Content-Language: zh-cn
Archived-At: <http://mailarchive.ietf.org/arch/msg/mpls/htMTajh1bMSpTqAj3u5hEwkKG7k>
Cc: 'mpls' <mpls@ietf.org>, 'draft-ietf-mpls-lsp-ping-relay-reply' <draft-ietf-mpls-lsp-ping-relay-reply@tools.ietf.org>, 'mpls-chairs' <mpls-chairs@tools.ietf.org>
Subject: Re: [mpls] MPLS working group last call on draft-ietf-mpls-lsp-ping-relay-reply
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jun 2015 07:52:44 -0000

Thank you all for the help. We will update accordingly in the next version.

Regards
Lizhong

> -----Original Message-----
> From: Loa Andersson [mailto:loa@pi.nu]
> Sent: 2015年6月25日 15:48
> To: thomas nadeau; lizho.jin@gmail.com
> Cc: George Swallow (swallow); adrian@olddog.co.uk; mpls; mpls-chairs;
> draft-ietf-mpls-lsp-ping-relay-reply; db3546
> Subject: Re: [mpls] MPLS working group last call on
> draft-ietf-mpls-lsp-ping-relay-reply
> 
> Lizhong,
> 
> It should be safe to remove the pre-RFC5378 disclaimer. I will address the
issue
> in the shepherds write-up.
> 
> /Loa
> 
> On 2015-06-24 12:02, thomas nadeau wrote:
> >
> >
> >
> >
> >> On Jun 24, 2015, at 4:32 AM, Loa Andersson <loa@pi.nu> wrote:
> >>
> >> George,
> >>
> >> I sympathize with this, but as I recall it the current document is
> >> the result of a merger between two earlier drafts:
> >>
> >> draft-ietf-mpls-interas-lspping (first version posted  March 2007)
> >> and that one goes back to draft-nadeau-mpls-interas-lspping (first
> >> version posted July 2005).
> >> and
> >> draft-zj-mpls-lsp-ping-reply-relay (first version posted October
> >> 2011)
> >>
> >> RFC 5378 was published Oct 2008, to be on the safe side any work that
> >> pre-dates RFC 5378 should have the "pre-RFC5378 disclaimer". So
> >> draft-zj is in the clear.
> >>
> >> However, since both draft-ietf-mpls-interas-lspping and
> >> draft-nadeau-mpls-interas-lspping predates RFC 5378, we need the
> >> pre-RFC5378 disclaimer unless both authors of the two draft grant
> >> their rights to the IETF trust. My straw man advice would be to try
> >> to remove the pre-RFC5378 disclaimer based on statements from both
> authors.
> >>
> >> George does so in the mail below.
> >>
> >> Tom are you willing to do so also?
> >
> > yes i agree.
> >
> >>
> >> /Loa
> >>
> >>
> >>> On 2015-06-23 17:30, George Swallow (swallow) wrote:
> >>> Lizhong -
> >>>
> >>> If there's any text left from the original draft, then it belongs to
> >>> either me or Tom.  I hereby surrender my rights.
> >>>
> >>> Tom?
> >>>
> >>> George
> >>>
> >>>> On 6/17/15 2:28 PM, "Adrian Farrel" <adrian@olddog.co.uk> wrote:
> >>>>
> >>>> Lizhong,
> >>>>
> >>>> Apologies, I fumbled your response.
> >>>>
> >>>> I snipped out the stuff we agree on.
> >>>>
> >>>>> Thank you for the review. Please see my reply inline below.
> >>>>> Correct me if other authors have different opinion.
> >>>>>
> >>>>> I will update the draft after the end of last call.
> >>>>
> >>>>>> Just being a good citizen and reviewing this I-D during WG last
call.
> >>>>>> I didn't have much time so I only found a number of nits most of
> >>>>>> which are probably not significant.
> >>>>>> ---
> >>>>>>
> >>>>>> idnits notes the presence of a pre-RFC5378 disclaimer. Do you
> >>>>>> really need that?
> >>>>>> [Lizhong] this may need the answer from chairs and AD. We only
> >>>>>> follow the rules.
> >>>>
> >>>> If you are following the rules, that's fine. I think the rules are
> >>>> that you only need to include the disclaimer if text included in
> >>>> the document was written before the date of RFC 5378 and if at
> >>>> least one of the authors of the text has not given up their
> >>>> copyright as described in that RFC.
> >>>>
> >>>> [snip]
> >>>>
> >>>>>> Section 4.1
> >>>>>>
> >>>>>>    The source UDP port field MUST be set
> >>>>>>    to the source UDP port.
> >>>>>>
> >>>>>> There is no "source UDP port" field. Perhaps the "Initiator
> >>>>>> Source Port"
> >>>>>> field?
> >>>>>>
> >>>>>> But also, this text is quite confusing. The text in 3.2 is much
> >>>>>> clearer.
> >>>>> [Lizhong] yes, should be:
> >>>>> The source UDP port field MUST be set to the initiator source port.
> >>>>
> >>>> Hmmm, I think...
> >>>>
> >>>> "The Initiator Source Port field MUST be set to the source UDP port."
> >>>>
> >>>> [snip]
> >>>>
> >>>>> [Lizhong] traceroute is not mandatory before ping. If operator has
> >>>>> knowledge of the relay nodes, the initiator could directly send
> >>>>> ping with Relay Node Address Stack TLV containing the already
> >>>>> known relay nodes.
> >>>>
> >>>> That would make a valuable addition to 4.1, as well.
> >>>>
> >>>> [snip]
> >>>>
> >>>>>> I tried to work out how things would pan out if two ASes on the
> >>>>>> path used the same address space within their AS. Would an
> >>>>>> address appear in the stack and seem to be routable when it is
> >>>>>> really an address in the other AS?
> >>>>> [Lizhong] we have an example in section 5. And address of P1 and
> >>>>> P2 could be same. In that case, ASBR1 must adds its interface
> >>>>> address facing ASBR2 with the K bit set. Then relay reply will not
> >>>>> be miss-routed.
> >>>>
> >>>> Ah, I get it.
> >>>> But this relies on ASBT1 setting the K bit.
> >>>> So I suspect this needs to not be a special case: you need to
> >>>> require that the domain boundary always sets the K bit.
> >>>>
> >>>> [snip]
> >>>>
> >>>>>> The third case in 4.5 is when the receiver does not understand
> >>>>>> the TLV and ignores it. In this case it will send an Echo Reply
> >>>>>> without itself including the TLV.
> >>>>> [Lizhong] the receiver is unable to send the Echo Reply, because
> >>>>> it does know the destination IP address and UDP port number. So if
> >>>>> the receiver could not understand the TLV, then the relay message
will
> be dropped.
> >>>>
> >>>> Section 4.5 of 4379 says:
> >>>>
> >>>>    The destination IP address and UDP port are copied from the
> >>>>    source IP address and UDP port of the echo request.
> >>>>
> >>>> That is what the legacy receiver will attempt to do. It doesn't
> >>>> matter whether the optional Relay Node Address Stack TLV is in the
> >>>> echo request message or not, the legacy node will follow 4379. So
> >>>> it *will* be able to respond.
> >>>>
> >>>>>> Section 6 should note that the new TLV provides a way for Echo
> >>>>>> Reply messages to be diverted so that information can be
> >>>>>> collected. For example, if a stack entry can be inserted, the
> >>>>>> Echo Reply messages can be caused to transit another AS unrelated
> >>>>>> to the LSP under test. Since the Echo Reply reveals path
> >>>>>> information about the LSP, this is a valuable attack.  Having
> >>>>>> said that, you can say how this TLV is protected in the Echo Reply
> message.
> >>>>>
> >>>>> [Lizhong] Do you mean the new TLV could be used to collect path
> >>>>> information unrelated to the LSP under test? This is not true.
> >>>>> Only the node along the
> >>>> LSP
> >>>>> will add path information into the new TLV. The relay node in the
> >>>>> new TLV will only relay the Echo Reply to the initiator, and will
> >>>>> not add information
> >>>> to
> >>>>> the new TLV.
> >>>>
> >>>> I think you misunderstand how security attacks might work. Suppose
> >>>> I am able to do one of two things:
> >>>> 1. Modify the control plane code on a router that adds or processes a
> >>>>     Relay Node Address Stack TLV so that it adds a bogus entry to the
> >>>>      TLV. The prospect of modifications to control plane code is
> generally
> >>>>      considered to be so disastrous that it is just noted without any
> >>>>      further precautions (after all, if you can get at the control
plane
> >>>>      code, you can make the routers do anything).
> >>>> 2. Intercept and modify a packet in transit. This is the main risk I
am
> >>>>     talking about.
> >>>>
> >>>> Cheers,
> >>>> Adrian
> >>>>
> >>>> _______________________________________________
> >>>> mpls mailing list
> >>>> mpls@ietf.org
> >>>> https://www.ietf.org/mailman/listinfo/mpls
> >>
> >> --
> >>
> >>
> >> Loa Andersson                        email: loa@mail01.huawei.com
> >> Senior MPLS Expert                          loa@pi.nu
> >> Huawei Technologies (consultant)     phone: +46 739 81 21 64
> 
> --
> 
> 
> Loa Andersson                        email: loa@mail01.huawei.com
> Senior MPLS Expert                          loa@pi.nu
> Huawei Technologies (consultant)     phone: +46 739 81 21 64

v2.23.0 | Report a Bug | By Email