Re: [netmod] Performance considerations for draft-ietf-netmod-nmda-diff

Alexander Clemm <alex@futurewei.com> Wed, 17 July 2019 17:38 UTC

Return-Path: <alex@futurewei.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79766120834 for <netmod@ietfa.amsl.com>; Wed, 17 Jul 2019 10:38:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I2tzOYJom-qd for <netmod@ietfa.amsl.com>; Wed, 17 Jul 2019 10:38:22 -0700 (PDT)
Received: from NAM05-DM3-obe.outbound.protection.outlook.com (mail-eopbgr730113.outbound.protection.outlook.com [40.107.73.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DD2F12080C for <netmod@ietf.org>; Wed, 17 Jul 2019 10:38:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hNWtI8kdPUxkaW+d6xP/H3YovIyf0w8WFf+ZWZHW8Jv1KQGfTVWGGT8Zh7e/pkbTo8KiUY0n65isGyDlCuQx3qKfHYUS/onKspYi2AN7uoadnA+NkDZWHoJ7Wp78OivT+O844jt/uwNTYz2MiMNC8yiTiq/7ruFrfeuupwu/fQ5udoaF79gzZHf2Xj/MxBp2g8ias8TByl9AUEuZ2M4MvTKjixFJKVQ2WPOLACSTHTiu63ish4Ni1Ahf8omo9/36Eb4KMYF+5pFMKQhWLsSpS1Xh4iAh41Fi+xYpsnERDnvIYaCZTLvJrJuRLtpgamY6xwKbuX/xyiSZbL0gsDPryQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2V/Y9zqIGZ1JCi2Y61p2CkxgBg7sLQiVaSRU025oY5I=; b=esmAzWv+CtvRARomZn2tEfNqs7XCnk/fTX7eUM25EqgF0N0pGg6CUVfFZ2nC7T9LaCXGjsbxPkQ+uAeMkOWSyz90YLk4BwZcB/MJBTZkzzLWfPac8RjtCQpWvYJls7+g7LnzALD8JpMFZDGQ0c1oLD4+6k9UdslpkBJb209ersI7m65S5nzURGYAzyuJsVapNN7F6okGt2fX6ELCYikU4u63V6qm/0TXcZ35XBnBWkvrz2JmIEyJrAWUyS5zZBUszntLKJna7ITidSqqUZoi5YN466Zep5mHzDgnYzQf8SzqU+l38K+QnvT0ZZPppGNCu1LiHKRIqujKpOsVFYOpgw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=futurewei.com;dmarc=pass action=none header.from=futurewei.com;dkim=pass header.d=futurewei.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2V/Y9zqIGZ1JCi2Y61p2CkxgBg7sLQiVaSRU025oY5I=; b=psHkv0SPQASa6HW9Uw2uXRGMO4tSEOuRIe7BPFde2Ha9F0/IjfGKg+FWxwQ53w99zKWk5pLUCCqSQQxIh5+xmIkEeKid10t94NntYCauvn3b5xF9N8sLvjhhvDxLhCPMx46kIYyNVGBSS9iodfJGh01DsKxElpr9Dn8eSb35K0I=
Received: from BYAPR13MB2296.namprd13.prod.outlook.com (52.135.229.14) by BYAPR13MB2279.namprd13.prod.outlook.com (52.135.228.161) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.10; Wed, 17 Jul 2019 17:38:20 +0000
Received: from BYAPR13MB2296.namprd13.prod.outlook.com ([fe80::1:8d09:d7f4:52ce]) by BYAPR13MB2296.namprd13.prod.outlook.com ([fe80::1:8d09:d7f4:52ce%5]) with mapi id 15.20.2094.009; Wed, 17 Jul 2019 17:38:20 +0000
From: Alexander Clemm <alex@futurewei.com>
To: "Carey, Timothy (Nokia - US)" <timothy.carey@nokia.com>, "netmod@ietf.org" <netmod@ietf.org>
Thread-Topic: Performance considerations for draft-ietf-netmod-nmda-diff
Thread-Index: AdU8mwwresgJ1xYdQyq/B5ZPUQgj9gAKkXgQ
Date: Wed, 17 Jul 2019 17:38:19 +0000
Message-ID: <BYAPR13MB2296278768172EB1AB949BD3DBC90@BYAPR13MB2296.namprd13.prod.outlook.com>
References: <DB7PR07MB5980D16768F38512610D2B44EFC90@DB7PR07MB5980.eurprd07.prod.outlook.com>
In-Reply-To: <DB7PR07MB5980D16768F38512610D2B44EFC90@DB7PR07MB5980.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=alex@futurewei.com;
x-originating-ip: [12.111.81.80]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ede2374c-2ea7-4329-ba16-08d70add8f0c
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:BYAPR13MB2279;
x-ms-traffictypediagnostic: BYAPR13MB2279:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <BYAPR13MB2279C7C0A263A0851DCB7E77DBC90@BYAPR13MB2279.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 01018CB5B3
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(39850400004)(346002)(136003)(376002)(396003)(366004)(199004)(189003)(68736007)(9326002)(296002)(110136005)(316002)(25786009)(790700001)(186003)(7696005)(2501003)(26005)(6506007)(14444005)(8936002)(606006)(478600001)(71200400001)(33656002)(99286004)(236005)(14454004)(71190400001)(6116002)(52536014)(76176011)(5660300002)(54896002)(7736002)(102836004)(3846002)(486006)(86362001)(53936002)(8676002)(66556008)(64756008)(66476007)(66446008)(66946007)(256004)(74316002)(6306002)(6246003)(229853002)(6436002)(9686003)(11346002)(55016002)(2906002)(76116006)(66066001)(53546011)(446003)(81156014)(476003)(81166006); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR13MB2279; H:BYAPR13MB2296.namprd13.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: futurewei.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: uCmok2NrLWJZEvV7w/coK6VvgLBRsJDsjZa38U0nz+mVB6aFAvMhKEK60R6kT4dD9T9R7Kixkzuw3dhR1bcMnScNBPncw40u0neth+Pr34CrfVDk5yVJl6OUA8KQ48darOCvhM770jPJy3N3/MAwKwS+uc2c+U5XHNrvVhoWOGUB7NMADWV7lDMsVpmrNChrvREN70lDuP8RIMkecCfndz+pM+vfxkKusIqNjfPYrUGZjQ2pHJPpOli21ABGvze1eeQk+xqPrjf8knlNwV7kXww91hpqS8mFEUVk0Uo/CP2avHNIynjBr0XX1Ktor/S8oe4+sJRK2cQjh4knfFf7ez1LTHPUUpCqq9JAsPE/nBsSndfye39C+TXr6Ltj+0BjpCjCDtowh/M0y7ZSC1+JMe0lGXY/De4fcmyDh20WDaE=
Content-Type: multipart/alternative; boundary="_000_BYAPR13MB2296278768172EB1AB949BD3DBC90BYAPR13MB2296namp_"
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ede2374c-2ea7-4329-ba16-08d70add8f0c
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jul 2019 17:38:19.8561 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: aclemm@futurewei.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR13MB2279
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/Y74vCfpgfsz2bTjb4ZcNNup9XQo>
X-Mailman-Approved-At: Mon, 29 Jul 2019 09:59:53 -0700
Subject: Re: [netmod] Performance considerations for draft-ietf-netmod-nmda-diff
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jul 2019 21:02:31 -0000

Hi Tim,

this aspect is currently mentioned in the security considerations, specifically the last paragraph (https://tools.ietf.org/html/draft-ietf-netmod-nmda-diff-02#page-14), mentioning the fact that comparing datastores for differences requires a certain amount of processing resources, which could be leveraged by an attacker to consume resources via illegitimate requests, and outlining mitigations (ranging from NACM, to limiting the number of requests per time interval and reserving the option to reject a request).   Do you think this is sufficient?   Adding a separate performance considerations section is of course possible but would be somewhat redundant.

--- Alex

From: netmod <netmod-bounces@ietf.org>; On Behalf Of Carey, Timothy (Nokia - US)
Sent: Wednesday, July 17, 2019 5:50 AM
To: netmod@ietf.org
Subject: [netmod] Performance considerations for draft-ietf-netmod-nmda-diff

Hi,

In reviewing the NMDA differences draft, a comment was made that we need to be careful resources requirements placed on the target elements in order to perform the comparison.
In some situations the datastores can be quite large and the compute capabilities (CPU, memory) somewhat constrained. Should we add a performance consideration section in this draft with maybe how we would expect a server to respond if the requirements of the request or the associated response exceed the "current" capabilities of the target?

BR,
Tim