[netlmm] FW: TLV header in the GRE Keys draft
Vijay Devarapalli <vijay@wichorus.com> Tue, 19 May 2009 23:44 UTC
Return-Path: <vijay@wichorus.com>
X-Original-To: netlmm@core3.amsl.com
Delivered-To: netlmm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 842C93A6B88 for <netlmm@core3.amsl.com>; Tue, 19 May 2009 16:44:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 4.468
X-Spam-Level: ****
X-Spam-Status: No, score=4.468 tagged_above=-999 required=5 tests=[AWL=5.000, BAYES_00=-2.599, RCVD_NUMERIC_HELO=2.067]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9UL2lU4xLLIg for <netlmm@core3.amsl.com>; Tue, 19 May 2009 16:44:49 -0700 (PDT)
Received: from outbound.mse15.exchange.ms (outbound.mse15.exchange.ms [216.52.164.185]) by core3.amsl.com (Postfix) with ESMTP id 0896D3A693D for <netlmm@ietf.org>; Tue, 19 May 2009 16:44:48 -0700 (PDT)
Received: from 38.96.10.141 ([38.96.10.141]) by mse15be2.mse15.exchange.ms ([172.30.10.130]) via Exchange Front-End Server owa.mse15.exchange.ms ([172.30.10.124]) with Microsoft Exchange Server HTTP-DAV ; Tue, 19 May 2009 23:46:25 +0000
User-Agent: Microsoft-Entourage/12.10.0.080409
Date: Tue, 19 May 2009 16:46:25 -0700
From: Vijay Devarapalli <vijay@wichorus.com>
To: NETLMM Mailing List <netlmm@ietf.org>, Ahmad Muhanna <amuhanna@nortel.com>
Message-ID: <C63892E1.7983%vijay@wichorus.com>
Thread-Topic: TLV header in the GRE Keys draft
Thread-Index: AcnY3AVLmsmSfi5hIkqA/gbGZ4XWlA==
In-Reply-To: <4A006CEC.3060809@piuha.net>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Subject: [netlmm] FW: TLV header in the GRE Keys draft
X-BeenThere: netlmm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: NETLMM working group discussion list <netlmm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/netlmm>, <mailto:netlmm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netlmm>
List-Post: <mailto:netlmm@ietf.org>
List-Help: <mailto:netlmm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netlmm>, <mailto:netlmm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 May 2009 23:44:55 -0000
Hello folks, I had an offline discussion with the Ads on restricting the possible valid values for the 'Next Header' field in the TLV header in draft-ietf-netlmm-grekey-option-09.txt. See below. Jari suggested making this change during the AUTH48 stage. Here is the suggested text change for this OLD: Next Header 8-bit unsigned integer which indicates the protocol number of the payload header following this TLV header. It is set to the protocol number as assigned by IANA at the following http://www.iana.org/assignments/protocol-numbers. e.g., if an IPv6 header follows, it should be '41'; '47' if it is a GRE header that follows. NEW: Next Header 8-bit unsigned integer which indicates the protocol number of the payload header following this TLV header. The valid values for this field are '4' (IPv4), '41' (IPv6), '47' (GRE), and '50' (ESP). The values are taken from the protocol numbers as assigned by IANA at the http://www.iana.org/assignments/protocol-numbers. All others values are not permitted. If the MAG or the LMA node receives a packet with the TLV header where the 'Next Header' field is set to anything other than the above mentioned four protocols, it SHOULD silently discard the packet. Feel free to modify the text. Vijay ------ Forwarded Message From: Jari Arkko <jari.arkko@piuha.net> Date: Tue, 05 May 2009 19:44:28 +0300 To: Vijay Devarapalli <vijay@wichorus.com> Cc: Pasi Eronen <Pasi.Eronen@nokia.com> Subject: Re: TLV header in the GRE Keys draft I think that sounds reasonable. Bring it up in AUTH48. Jari Vijay Devarapalli wrote: > Hi Jari, Pasi, > > I think we need to restrict the values for the "Next Header" field in the > TLV header in draft-ietf-netlmm-grekey-option to just IPv4, IPv6 or GRE. > > A typical MAG or LMA implementation would turn off most of the ports, allow > a certain number of ports and only process a limited number of control plane > packets. The TLV header causes issues. Basically on top of the DS-MIPv6 port > (since the UDP header is always there before the TLV header), you can carry > pretty much any protocol. All the 140 protocols described on the IANA page > can carried inside the TLV header. > http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml > > An implementation can address this by dropping anything other the relevant > protocols after the TLV header. But I am not sure if all implementers will > do this. So it would better if we specify in draft-ietf-netlmm-grekey-option > that only IPv4, IPv6 or GRE can follow the TLV header. If there is anything > else, the MAG or the LMA should drop the packet. > > I just noticed that this document got approved. So can we add this > restriction in the AUTH48 stage? > > Vijay
- [netlmm] FW: TLV header in the GRE Keys draft Vijay Devarapalli
- Re: [netlmm] TLV header in the GRE Keys draft Ahmad Muhanna