IETF Logo Mail Archive

Re: [OSPF] Solicit feedbacks on draft-dong-ospf-maxage-flush-problem-statement

"Les Ginsberg (ginsberg)" <ginsberg@cisco.com> Mon, 01 August 2016 07:08 UTC

Return-Path: <ginsberg@cisco.com>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A326712B058 for <ospf@ietfa.amsl.com>; Mon, 1 Aug 2016 00:08:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.807
X-Spam-Level:
X-Spam-Status: No, score=-15.807 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bkVuxs6UI1EY for <ospf@ietfa.amsl.com>; Mon, 1 Aug 2016 00:08:47 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 339CB12B051 for <ospf@ietf.org>; Mon, 1 Aug 2016 00:08:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=21206; q=dns/txt; s=iport; t=1470035327; x=1471244927; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=EzLKRi0j6Y1PFwWFVriGY5LTUwz4NikiIiRAo0HHJfQ=; b=j8ibC21wtfYbKzG/iBdBFGP+CzNv4SO7ZKczRe8McV4KQzwMcHQik73T maUofahc9qbrMIzbKkVF9Xj5dnakNQAfFXwriVYh6XB0SqPZQsK7xRnfE erxtAsZoTRi/s0yUy+cCO1kfXw9/QKfDHe9hZn9KHPacuReJVo3Jh8Xa6 g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AXAwDk9J5X/5JdJa1dgndOVnwGtnyCD4F9JoV3AoEoOBQBAQEBAQEBXSeEXgEBBS1BCxACAQgRBAEBIQcHMhQJCAEBBAENBQgTiBYOwE4BAQEBAQEBAQEBAQEBAQEBAQEBAQEXBYYqhE2EdoUlBYgni0mFQwGGF4hggXKNVIZkhUyDdgEeNoN6bgGHUX8BAQE
X-IronPort-AV: E=Sophos;i="5.28,454,1464652800"; d="scan'208,217";a="305148357"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 01 Aug 2016 07:08:45 +0000
Received: from XCH-RCD-002.cisco.com (xch-rcd-002.cisco.com [173.37.102.12]) by rcdn-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id u7178jAM016649 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 1 Aug 2016 07:08:45 GMT
Received: from xch-aln-001.cisco.com (173.36.7.11) by XCH-RCD-002.cisco.com (173.37.102.12) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Mon, 1 Aug 2016 02:08:44 -0500
Received: from xch-aln-001.cisco.com ([173.36.7.11]) by XCH-ALN-001.cisco.com ([173.36.7.11]) with mapi id 15.00.1210.000; Mon, 1 Aug 2016 02:08:44 -0500
From: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>
To: "Dongjie (Jimmy)" <jie.dong@huawei.com>, "ospf@ietf.org" <ospf@ietf.org>
Thread-Topic: [OSPF] Solicit feedbacks on draft-dong-ospf-maxage-flush-problem-statement
Thread-Index: AdHrotQx7qQBc/FNQaCYWeXjvZMkwgAEikTQAA1i4QAACjvfYA==
Date: Mon, 01 Aug 2016 07:08:44 +0000
Message-ID: <0369fc017f8d47568594d3eb9f684649@XCH-ALN-001.cisco.com>
References: <76CD132C3ADEF848BD84D028D243C92774EFB09A@NKGEML515-MBX.china.huawei.com> <90433b8486184c9cb4b947e7ffb9fc73@XCH-ALN-001.cisco.com> <76CD132C3ADEF848BD84D028D243C92774EFB143@NKGEML515-MBX.china.huawei.com>
In-Reply-To: <76CD132C3ADEF848BD84D028D243C92774EFB143@NKGEML515-MBX.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.24.82.92]
Content-Type: multipart/alternative; boundary="_000_0369fc017f8d47568594d3eb9f684649XCHALN001ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ospf/_kzyR3NdrnV6OZhmOeTgiyq0ERI>
Cc: "Zhangxudong (zhangxudong, VRP)" <zhangxudong@huawei.com>, "lizhenqiang@chinamobile.com" <lizhenqiang@chinamobile.com>
Subject: Re: [OSPF] Solicit feedbacks on draft-dong-ospf-maxage-flush-problem-statement
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ospf/>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Aug 2016 07:08:49 -0000

Jie -

Fully agree that IS-IS and OSPF differ in this regard.

https://www.ietf.org/id/draft-ietf-isis-remaining-lifetime-01.txt addresses problems where corruption of the remaining lifetime occurs either during transmission/reception or due to some DOS attack. This isn't a concern w OSPF (hope you agree).

What remains is the possibility that an implementation has some bug and unintentionally modifies the age to something other than what it should be due to the actual elapsed time since LSA generation. I suppose a mechanism equivalent to what the IS-IS draft defined i.e. setting the age to "new" (0 in OSPF case) when first receiving a non-self-generated LSA could be useful to prevent negative impacts of such an implementation bug. Is this what you intend?

As written, the draft makes claims that are at least misleading - and I believe actually incorrect. In Section 6 you say:

"The LS age field may be altered as a result of
   packet corruption, such modification cannot be detected by LSA
   checksum nor OSPF packet cryptographic authentication."

This isn't correct.

What would be helpful - at least to me - is to move from a generic problem statement to the specific problem you want to solve and the proposed solution. This also requires you to more clearly state the cases where there is an actual vulnerability. It would be a lot easier to support the draft if this were done.

   Les


From: Dongjie (Jimmy) [mailto:jie.dong@huawei.com]
Sent: Sunday, July 31, 2016 11:48 PM
To: Les Ginsberg (ginsberg); ospf@ietf.org
Cc: Zhangxudong (zhangxudong, VRP); lizhenqiang@chinamobile.com
Subject: RE: [OSPF] Solicit feedbacks on draft-dong-ospf-maxage-flush-problem-statement

Hi Les,

Thanks for your comments.

OSPF packet level checksum and authentication can only protect the assembled LSU packet one hop on the wire, while cannot detect any change to LSA made by the routers. This is because the OSPF packets are re-assembled on each hop, which is slightly different from IS-IS. So the problem for OSPF is mainly due to the problems inside the router, for example protocol implementations, system timers, or some hardware problem. Actually this problem has been seen in several production networks.

We can improve the description in the draft to make this clear.

Best regards,
Jie

From: Les Ginsberg (ginsberg) [mailto:ginsberg@cisco.com]
Sent: Monday, August 01, 2016 1:30 PM
To: Dongjie (Jimmy); ospf@ietf.org<mailto:ospf@ietf.org>
Cc: Zhangxudong (zhangxudong, VRP); lizhenqiang@chinamobile.com<mailto:lizhenqiang@chinamobile.com>
Subject: RE: [OSPF] Solicit feedbacks on draft-dong-ospf-maxage-flush-problem-statement

Jie -

The draft says (Section 2):

"Since cryptographic authentication is executed at the OSPF packet
   level, it can only protect the assembled LSU packet for one hop and
   does not provide any additional protection for the corruption of LS
   age field."

But as authentication is calculated at the OSPF packet level, any change to the LS age field for an individual LSA contained within the OSPF packet (e.g. by some packet corruption in transmission) would cause authentication to fail when the packet is received. So the statement you make is not correct. I therefore am struggling to understand what problem you believe is not addressed by existing authentication techniques.

   Les



From: OSPF [mailto:ospf-bounces@ietf.org] On Behalf Of Dongjie (Jimmy)
Sent: Sunday, July 31, 2016 8:15 PM
To: ospf@ietf.org<mailto:ospf@ietf.org>
Cc: Zhangxudong (zhangxudong, VRP); lizhenqiang@chinamobile.com<mailto:lizhenqiang@chinamobile.com>
Subject: [OSPF] Solicit feedbacks on draft-dong-ospf-maxage-flush-problem-statement

Hi all,

draft-dong-ospf-maxage-flush-problem-statement describes the problems caused by the corruption of the LS Age field, and summarizes the requirements on potential solutions. This draft received good comments during the presentation on the IETF meeting in B.A.

The authors would like to solicit further feedbacks from the mailing list, on both the problem statement and the solution requirements. Based on the feedbacks, we will update the problem statement draft, and work together to build suitable solutions.

The URL of the draft is:
https://tools.ietf.org/html/draft-dong-ospf-maxage-flush-problem-statement-00

Comments & feedbacks are welcome.

Best regards,
Jie

v2.23.0 | Report a Bug | By Email