[mpls] Are we ready to post a version soon? - Re: AD review of draft-ietf-mpls-proxy-lsp-ping
Loa Andersson <loa@pi.nu> Thu, 22 January 2015 14:57 UTC
Return-Path: <loa@pi.nu>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D7231A1A9D for <mpls@ietfa.amsl.com>; Thu, 22 Jan 2015 06:57:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8ME6P2CqXAOb for <mpls@ietfa.amsl.com>; Thu, 22 Jan 2015 06:57:20 -0800 (PST)
Received: from pipi.pi.nu (pipi.pi.nu [83.168.239.141]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D8751A1AA6 for <mpls@ietf.org>; Thu, 22 Jan 2015 06:57:20 -0800 (PST)
Received: from [192.168.1.12] (unknown [49.149.201.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: loa@pi.nu) by pipi.pi.nu (Postfix) with ESMTPSA id D8714180155B; Thu, 22 Jan 2015 15:57:16 +0100 (CET)
Message-ID: <54C10FC7.2030800@pi.nu>
Date: Thu, 22 Jan 2015 22:57:11 +0800
From: Loa Andersson <loa@pi.nu>
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Sam Aldrin <aldrin.ietf@gmail.com>, adrian@olddog.co.uk
References: <041f01cfe64c$51eb1ea0$f5c15be0$@olddog.co.uk> <364122F3-AD7C-4112-8C66-14CF969E1079@gmail.com> <013f01d022af$7fe6d5c0$7fb48140$@olddog.co.uk> <BE55D523-6BD3-438E-B497-28D394A538F4@gmail.com>
In-Reply-To: <BE55D523-6BD3-438E-B497-28D394A538F4@gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/mpls/qwpj0imtDrKYF0huLTgPBMp2zqg>
Cc: draft-ietf-mpls-proxy-lsp-ping.all@tools.ietf.org, mpls <mpls@ietf.org>, "mpls-chairs@tools.ietf.org" <mpls-chairs@tools.ietf.org>
Subject: [mpls] Are we ready to post a version soon? - Re: AD review of draft-ietf-mpls-proxy-lsp-ping
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jan 2015 14:57:22 -0000
Folks, Counter says 158 days can we post a new version soon?? /Loa On 2014-12-29 03:59, Sam Aldrin wrote: > Hi Adrian, > > I am sorry for not publishing a new version. > I will do it at the earliest. > Sorry again for the delay. > > -sam >> On Dec 28, 2014, at 7:03 AM, Adrian Farrel <adrian@olddog.co.uk> wrote: >> >> Hello Sam, authors, all, >> >> Did I miss some update of this document? >> It's now 133 days since I first did my review, and the changes requested were >> not huge. >> >> I know we all run out of energy towards the end of publication process, but if >> there is no-one in the WG concerned to take this the final few steps, then >> perhaps the WG doesn't need to request publication. >> >> Thanks, >> Adrian >> >>> -----Original Message----- >>> From: Adrian Farrel [mailto:adrian@olddog.co.uk] >>> Sent: 19 October 2014 21:31 >>> To: 'Sam Aldrin' >>> Cc: 'draft-ietf-mpls-proxy-lsp-ping.all@tools.ietf.org'; 'mpls' >>> Subject: RE: [mpls] AD review of draft-ietf-mpls-proxy-lsp-ping >>> >>> Hi Sam, >>> >>>>>> Do you really need the pre-RFC5378 disclaimer? >>>> As this updates or add to RFC4379, we need that. Would you agree? >>> >>> No, not really. >>> You can included it if you believe you are reproducing text that does not have >> a >>> transfer of copyright and for which it is hard to get the authors to confirm >>> copyright transfer. But the act of updating is not, itself, a reason to >> include the >>> disclaimer. >>> >>>>>> Section 2 would be enhanced by a figure. >>> [snip] >>>> %sam - We deliberated on this and feel it will add more confusion than >> helping >>>> the reader to understand. Also, it may necessitates lot of changes to the >> text to >>>> reflect the use of R1, R2 etc. >>>> Would you be ok if we don't add this ASCII art and keep it simple? >>> >>> I won't object more than to say "I thought it would help". >>> >>>>>> It seems that proxy ping messages would be relatively easy to spoof. >>>>>> This, combined with the fact that the receipt of a proxy ping causes >>>>>> the proxy to retain state and to issue echo requests to the network >>>>>> looks like two DoS vectors for the price of one. >>>>>> >>>>>> So, I think you need: >>>>>> - discussion of authentication for proxy requests >>>>>> - recommendation to rate limit receipt of proxy requests >>>>>> - recommendation to discard "duplicate" proxy requests >>>>>> >>>> %sam - Proxy do NOT maintain any state. Hence, not sure why the above apply >>>> to proxy and not regular Echo requests. When proxy echo request is, it >>>> (proxy LSR) merely issues a request and no state is maintained on it. >>>> For ex: it has no way to discard duplicate requests, because is doesn't >> maintain >>>> any state for the requests. >>> >>> I read in 3.2 (the description of processing at a Proxy) >>> >>> The header fields Sender's Handle and Sequence Number are not >>> examined, but are saved to be included in the MPLS proxy ping reply >>> or MPLS Echo Request messages. >>> >>> Maybe that "saving" is ambiguous? Maybe this is an implementation specific >> note >>> for the message that is being built, and is not actually "state". If so, I >> think you >>> should strike "saved to be", s/messages/message/ and add "...if one is sent as >> a >>> direct result of the received message." >>> >>> Anyhow, the fact that a branch node will make copies of a ping to send >>> downstream *is* a vector. >>> >>>>>> I'm not quite sure about the initiator being allowed to instruct the >>>>>> proxy about which source port it must use in an echo request. >>>>>> >>>>>> (Incidentally, Section 3.2 doesn't restate that this has to happen >>>>>> although 3.2.4.1 does restate it). >>>>>> >>>>>> What happens if the proxy request asks for a reserved port number to be >>>>>> used? What if the port is already in use by the proxy for something >>>>>> else? Why does it matter which source port the proxy uses? Why does the >>>>>> proxy need to be able to control that? Why can't the proxy select its >>>>>> own source port? >>>> %sam - I think there is some confusion here. The source port number is not >> to >>>> request Proxy to use, rather to issue a request, so that the replying router >>>> could send the reply back to the initiator at the right port. >>>> proxy echo request does not specify what port Proxy has to use. >>> >>> Section 3.1 is about how to handle a received Proxy message >>> >>> The Reply mode and Global Flags of the Proxy Echo Parameters TLV are >>> set to the values to be used in the MPLS Echo Request message header. >>> The Source UDP Port is set to the value to be used in the MPLS Echo >>> Request packet. The TTL is set to the value to be used in the >>> outgoing MPLS label stack. See Section 5.1 for further details. >>> >>> 3.2.4.1 is describing how to build an echo request from a proxy request. >>> >>> The message is then encapsulated in a UDP packet. The source UDP >>> port is copied from the Proxy Echo Parameters TLV. The destination >>> port copied from the proxy ping request message. >>> >>> And to be clear section 5.1 describes the Proxy Echo Parameters TLV >>> >>> The Proxy Echo Parameters TLV is a TLV that MUST be included in an >>> MPLS proxy ping request message. >>> >>> I didn't go back and search the rest of the document. >>> >>> If you do not intend that the proxy message can control the ports used in the >>> echo request, I think you have some text to fix. But surely this text is clear >> and >>> reflects the intention of the WG, in which case my questions hold. >>> >>> Cheers, >>> Adrian >> > -- Loa Andersson email: loa@mail01.huawei.com Senior MPLS Expert loa@pi.nu Huawei Technologies (consultant) phone: +46 739 81 21 64
- [mpls] AD review of draft-ietf-mpls-proxy-lsp-ping Adrian Farrel
- Re: [mpls] AD review of draft-ietf-mpls-proxy-lsp… Adrian Farrel
- Re: [mpls] AD review of draft-ietf-mpls-proxy-lsp… Sam Aldrin
- Re: [mpls] AD review of draft-ietf-mpls-proxy-lsp… Sam Aldrin
- Re: [mpls] AD review of draft-ietf-mpls-proxy-lsp… Adrian Farrel
- Re: [mpls] AD review of draft-ietf-mpls-proxy-lsp… Adrian Farrel
- Re: [mpls] AD review of draft-ietf-mpls-proxy-lsp… Sam Aldrin
- [mpls] Are we ready to post a version soon? - Re:… Loa Andersson
- Re: [mpls] Are we ready to post a version soon? -… Sam Aldrin