IETF Logo Mail Archive

Re: [mpls] Are we ready to post a version soon? - Re: AD review of draft-ietf-mpls-proxy-lsp-ping

Sam Aldrin <aldrin.ietf@gmail.com> Sat, 24 January 2015 02:24 UTC

Return-Path: <aldrin.ietf@gmail.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 572F71A00CF for <mpls@ietfa.amsl.com>; Fri, 23 Jan 2015 18:24:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XMz7QQ65yMVB for <mpls@ietfa.amsl.com>; Fri, 23 Jan 2015 18:24:27 -0800 (PST)
Received: from mail-we0-x234.google.com (mail-we0-x234.google.com [IPv6:2a00:1450:400c:c03::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB5AD1A003B for <mpls@ietf.org>; Fri, 23 Jan 2015 18:24:26 -0800 (PST)
Received: by mail-we0-f180.google.com with SMTP id m14so554993wev.11 for <mpls@ietf.org>; Fri, 23 Jan 2015 18:24:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=BP/HGd6VH/TiNvYC9KAkOES7sdmU2p8h8+T4DyqkQCI=; b=mBZAl31CHW7rezlakxUF5cb7gwhzI8MTJc/293yKl/IEUy+gK62UMrk+UvkQ82HHCq 6BE4/k1itbx5QhKybMm+1AXjq1p8HnpbxIgrV1rJfmV/NGHDdkU+vxEuhFNcCCkuciBA YJUeWGDiCpfA7Q8qnqZ451sYMS8KP+wOVdW1/FiOgjnYxr53QVM67Ri/NoblYcbZk6F6 QGkaxc3E3BV1gcXS3a8OhCZvIKhUgW4z65tY2GLeIj9kKkwxuEzgrXWR/NkO+hRz91gs hkeIo3i5uvytMZRhRmg1Q0ILshjLSt56sKaqmyb7qClUVS2EP4EX/qpJHIR1YBEgwJtY NCmA==
X-Received: by 10.180.36.77 with SMTP id o13mr9414691wij.74.1422066265467; Fri, 23 Jan 2015 18:24:25 -0800 (PST)
Received: from [10.234.209.38] ([94.205.252.246]) by mx.google.com with ESMTPSA id u7sm4066025wiy.18.2015.01.23.18.24.23 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 23 Jan 2015 18:24:24 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Sam Aldrin <aldrin.ietf@gmail.com>
X-Mailer: iPhone Mail (12B440)
In-Reply-To: <54C10FC7.2030800@pi.nu>
Date: Sat, 24 Jan 2015 06:24:22 +0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <BEBC5327-7AEF-4528-B3BF-72F4C092D697@gmail.com>
References: <041f01cfe64c$51eb1ea0$f5c15be0$@olddog.co.uk> <364122F3-AD7C-4112-8C66-14CF969E1079@gmail.com> <013f01d022af$7fe6d5c0$7fb48140$@olddog.co.uk> <BE55D523-6BD3-438E-B497-28D394A538F4@gmail.com> <54C10FC7.2030800@pi.nu>
To: Loa Andersson <loa@pi.nu>
Archived-At: <http://mailarchive.ietf.org/arch/msg/mpls/i5tnUewgkQsCsjU0VX8bexE8sx8>
Cc: "draft-ietf-mpls-proxy-lsp-ping.all@tools.ietf.org" <draft-ietf-mpls-proxy-lsp-ping.all@tools.ietf.org>, "mpls-chairs@tools.ietf.org" <mpls-chairs@tools.ietf.org>, mpls <mpls@ietf.org>
Subject: Re: [mpls] Are we ready to post a version soon? - Re: AD review of draft-ietf-mpls-proxy-lsp-ping
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Jan 2015 02:24:29 -0000

Hi Loa,

I am on a business trip for the past 2+ weeks. I plan to post an updated version in the coming week. Thanks for your understanding.

Cheers
Sam

Sent from my iPhone

> On Jan 22, 2015, at 6:57 PM, Loa Andersson <loa@pi.nu> wrote:
> 
> Folks,
> 
> Counter says 158 days can we post a new version soon??
> 
> /Loa
> 
>> On 2014-12-29 03:59, Sam Aldrin wrote:
>> Hi Adrian,
>> 
>> I am sorry for not publishing a new version.
>> I will do it at the earliest.
>> Sorry again for the delay.
>> 
>> -sam
>>> On Dec 28, 2014, at 7:03 AM, Adrian Farrel <adrian@olddog.co.uk> wrote:
>>> 
>>> Hello Sam, authors, all,
>>> 
>>> Did I miss some update of this document?
>>> It's now 133 days since I first did my review, and the changes requested were
>>> not huge.
>>> 
>>> I know we all run out of energy towards the end of publication process, but if
>>> there is no-one in the WG concerned to take this the final few steps, then
>>> perhaps the WG doesn't need to request publication.
>>> 
>>> Thanks,
>>> Adrian
>>> 
>>>> -----Original Message-----
>>>> From: Adrian Farrel [mailto:adrian@olddog.co.uk]
>>>> Sent: 19 October 2014 21:31
>>>> To: 'Sam Aldrin'
>>>> Cc: 'draft-ietf-mpls-proxy-lsp-ping.all@tools.ietf.org'; 'mpls'
>>>> Subject: RE: [mpls] AD review of draft-ietf-mpls-proxy-lsp-ping
>>>> 
>>>> Hi Sam,
>>>> 
>>>>>>> Do you really need the pre-RFC5378 disclaimer?
>>>>> As this updates or add to RFC4379, we need that. Would you agree?
>>>> 
>>>> No, not really.
>>>> You can included it if you believe you are reproducing text that does not have
>>> a
>>>> transfer of copyright and for which it is hard to get the authors to confirm
>>>> copyright transfer. But the act of updating is not, itself, a reason to
>>> include the
>>>> disclaimer.
>>>> 
>>>>>>> Section 2 would be enhanced by a figure.
>>>> [snip]
>>>>> %sam - We deliberated on this and feel it will add more confusion than
>>> helping
>>>>> the reader to understand. Also, it may necessitates lot of changes to the
>>> text to
>>>>> reflect the use of R1, R2 etc.
>>>>> Would you be ok if we don't add this ASCII art and keep it simple?
>>>> 
>>>> I won't object more than to say "I thought it would help".
>>>> 
>>>>>>> It seems that proxy ping messages would be relatively easy to spoof.
>>>>>>> This, combined with the fact that the receipt of a proxy ping causes
>>>>>>> the proxy to retain state and to issue echo requests to the network
>>>>>>> looks like two DoS vectors for the price of one.
>>>>>>> 
>>>>>>> So, I think you need:
>>>>>>> - discussion of authentication for proxy requests
>>>>>>> - recommendation to rate limit receipt of proxy requests
>>>>>>> - recommendation to discard "duplicate" proxy requests
>>>>> %sam - Proxy do NOT maintain any state. Hence, not sure why the above apply
>>>>> to proxy and not regular Echo requests. When proxy echo request is, it
>>>>> (proxy LSR) merely issues a request and no state is maintained on it.
>>>>> For ex: it has no way to discard duplicate requests, because is doesn't
>>> maintain
>>>>> any state for the requests.
>>>> 
>>>> I read in 3.2 (the description of processing at a Proxy)
>>>> 
>>>>   The header fields Sender's Handle and Sequence Number are not
>>>>   examined, but are saved to be included in the MPLS proxy ping reply
>>>>   or MPLS Echo Request messages.
>>>> 
>>>> Maybe that "saving" is ambiguous? Maybe this is an implementation specific
>>> note
>>>> for the message that is being built, and is not actually "state". If so, I
>>> think you
>>>> should strike "saved to be", s/messages/message/ and add "...if one is sent as
>>> a
>>>> direct result of the received message."
>>>> 
>>>> Anyhow, the fact that a branch node will make copies of a ping to send
>>>> downstream *is* a vector.
>>>> 
>>>>>>> I'm not quite sure about the initiator being allowed to instruct the
>>>>>>> proxy about which source port it must use in an echo request.
>>>>>>> 
>>>>>>> (Incidentally, Section 3.2 doesn't restate that this has to happen
>>>>>>> although 3.2.4.1 does restate it).
>>>>>>> 
>>>>>>> What happens if the proxy request asks for a reserved port number to be
>>>>>>> used? What if the port is already in use by the proxy for something
>>>>>>> else? Why does it matter which source port the proxy uses? Why does the
>>>>>>> proxy need to be able to control that? Why can't the proxy select its
>>>>>>> own source port?
>>>>> %sam - I think there is some confusion here. The source port number is not
>>> to
>>>>> request Proxy to use, rather to issue a request, so that the replying router
>>>>> could send the reply back to the initiator at the right port.
>>>>> proxy echo request does not specify what port Proxy has to use.
>>>> 
>>>> Section 3.1 is about how to handle a received Proxy message
>>>> 
>>>>   The Reply mode and Global Flags of the Proxy Echo Parameters TLV are
>>>>   set to the values to be used in the MPLS Echo Request message header.
>>>>   The Source UDP Port is set to the value to be used in the MPLS Echo
>>>>   Request packet.  The TTL is set to the value to be used in the
>>>>   outgoing MPLS label stack.  See Section 5.1 for further details.
>>>> 
>>>> 3.2.4.1 is describing how to build an echo request from a proxy request.
>>>> 
>>>>   The message is then encapsulated in a UDP packet.  The source UDP
>>>>   port is copied from the Proxy Echo Parameters TLV.  The destination
>>>>   port copied from the proxy ping request message.
>>>> 
>>>> And to be clear section 5.1 describes the Proxy Echo Parameters TLV
>>>> 
>>>>   The Proxy Echo Parameters TLV is a TLV that MUST be included in an
>>>>   MPLS proxy ping request message.
>>>> 
>>>> I didn't go back and search the rest of the document.
>>>> 
>>>> If you do not intend that the proxy message can control the ports used in the
>>>> echo request, I think you have some text to fix. But surely this text is clear
>>> and
>>>> reflects the intention of the WG, in which case my questions hold.
>>>> 
>>>> Cheers,
>>>> Adrian
> 
> -- 
> 
> 
> Loa Andersson                        email: loa@mail01.huawei.com
> Senior MPLS Expert                          loa@pi.nu
> Huawei Technologies (consultant)     phone: +46 739 81 21 64

v2.23.0 | Report a Bug | By Email