Re: [mpls] MPLS-RT review of draft-bonica-mpls-self-ping

Ronald Bonica <rbonica@juniper.net> Thu, 12 March 2015 02:50 UTC

From: Ronald Bonica <rbonica@juniper.net>
To: "lizho.jin@gmail.com" <lizho.jin@gmail.com>, mpls-chairs <mpls-chairs@tools.ietf.org>, draft-bonica-mpls-self-ping <draft-bonica-mpls-self-ping@tools.ietf.org>, mpls-ads <mpls-ads@tools.ietf.org>
Thread-Topic: MPLS-RT review of draft-bonica-mpls-self-ping
Thread-Index: AQHQUBZCJvzLYgooPEWTjWPAAzQbFJ0V/JCHgAI/60A=
Date: Thu, 12 Mar 2015 02:50:28 +0000
Message-ID: <CO1PR05MB44294439D8B4C216054A1E5AE060@CO1PR05MB442.namprd05.prod.outlook.com>
References: <54EC4776.5040402@pi.nu> <2015031100220789189743@gmail.com>
In-Reply-To: <2015031100220789189743@gmail.com>
Accept-Language: en-US
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_CO1PR05MB44294439D8B4C216054A1E5AE060CO1PR05MB442namprd_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Mar 2015 02:50:28.7972 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR05MB442
Archived-At: <http://mailarchive.ietf.org/arch/msg/mpls/k-zEY7G7zAnCe0ukXy52nZ0VhtM>
Cc: mpls <mpls@ietf.org>
Subject: Re: [mpls] MPLS-RT review of draft-bonica-mpls-self-ping
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Mar 2015 02:50:35 -0000

For section 6, originally ingress could identify the LSP ping packet with well-known UDP port, and configure ACL rule to reduce risk of attack. But now it is more difficult to filter the packet with access list, which may increase the risk.

Lizhong,

Implementation know the port(s) upon which they send MPLS Self-ping traffic. They can configure ACLs on that port or those ports. ACLs can protect dynamic ports, so long as they are predictable.

                                                                    Ron

Re: [mpls] MPLS-RT review of draft-bonica-mpls-se… Carlos Pignataro (cpignata)
Re: [mpls] MPLS-RT review of draft-bonica-mpls-se… Loa Andersson
Re: [mpls] MPLS-RT review of draft-bonica-mpls-se… Eric Gray
Re: [mpls] MPLS-RT review of draft-bonica-mpls-se… Ron Bonica
Re: [mpls] MPLS-RT review of draft-bonica-mpls-se… Ronald Bonica
Re: [mpls] MPLS-RT review of draft-bonica-mpls-se… Gregory Mirsky
[mpls] MPLS-RT review of draft-bonica-mpls-self-p… Mach Chen
Re: [mpls] MPLS-RT review of draft-bonica-mpls-se… lizho.jin@gmail.com
Re: [mpls] MPLS-RT review of draft-bonica-mpls-se… Ronald Bonica
Re: [mpls] MPLS-RT review of draft-bonica-mpls-se… Ronald Bonica
Re: [mpls] MPLS-RT review of draft-bonica-mpls-se… Ronald Bonica
Re: [mpls] MPLS-RT review of draft-bonica-mpls-se… Ronald Bonica
Re: [mpls] MPLS-RT review of draft-bonica-mpls-se… Ronald Bonica
Re: [mpls] MPLS-RT review of draft-bonica-mpls-se… lizho.jin@gmail.com
Re: [mpls] MPLS-RT review of draft-bonica-mpls-se… Adrian Farrel
Re: [mpls] MPLS-RT review of draft-bonica-mpls-se… Ronald Bonica
Re: [mpls] MPLS-RT review of draft-bonica-mpls-se… Gregory Mirsky
Re: [mpls] MPLS-RT review of draft-bonica-mpls-se… Carlos Pignataro (cpignata)
Re: [mpls] MPLS-RT review of draft-bonica-mpls-se… Ronald Bonica
Re: [mpls] MPLS-RT review of draft-bonica-mpls-se… Ronald Bonica
Re: [mpls] MPLS-RT review of draft-bonica-mpls-se… Gregory Mirsky
Re: [mpls] MPLS-RT review of draft-bonica-mpls-se… Ronald Bonica
Re: [mpls] MPLS-RT review of draft-bonica-mpls-se… Lizhong Jin
Re: [mpls] MPLS-RT review of draft-bonica-mpls-se… Loa Andersson