IETF Logo Mail Archive

Re: [OSPF] OSPFv3 Autoconfiguration - draft-ietf-ospf-ospfv3-autoconfig-05.txt

Anton Smirnov <asmirnov@cisco.com> Fri, 07 February 2014 13:46 UTC

Return-Path: <asmirnov@cisco.com>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0FE11A0103 for <ospf@ietfa.amsl.com>; Fri, 7 Feb 2014 05:46:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.036
X-Spam-Level:
X-Spam-Status: No, score=-10.036 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yjehJVJvZIhn for <ospf@ietfa.amsl.com>; Fri, 7 Feb 2014 05:46:39 -0800 (PST)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) by ietfa.amsl.com (Postfix) with ESMTP id DA0B91A00F5 for <ospf@ietf.org>; Fri, 7 Feb 2014 05:46:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2640; q=dns/txt; s=iport; t=1391780799; x=1392990399; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=Kiz5WZwD3tNVPQSQWA3dFzGUG2mjeXTKiK77a2l63Yg=; b=iyGOFuWESrrlLiSqScvJFHVTFaSbgSFZfZUBGr4glVzxYsITmprcVNXn EnLcXFvHdNTBE7RBcZrr9qssvW1ppsDl9kNqos5Rawjjx4S3kpOtgzwXJ i7gaosHBDu0Vs2qzFtawy7TS20OmA+KWvMFj7qRQVG/tPpmF+vXhjDKGR E=;
X-IronPort-AV: E=Sophos;i="4.95,800,1384300800"; d="scan'208";a="4775121"
Received: from ams-core-3.cisco.com ([144.254.72.76]) by aer-iport-1.cisco.com with ESMTP; 07 Feb 2014 13:46:38 +0000
Received: from as-lnx.cisco.com (ams-asmirnov-8714.cisco.com [10.55.140.85]) (authenticated bits=0) by ams-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id s17DkbeF023631 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 7 Feb 2014 13:46:37 GMT
Message-ID: <52F4E3BD.6030800@cisco.com>
Date: Fri, 07 Feb 2014 14:46:37 +0100
From: Anton Smirnov <asmirnov@cisco.com>
Organization: Cisco Systems
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>, Acee Lindem <acee.lindem@ericsson.com>, Curtis Villamizar <curtis@ipv6.occnc.com>
References: <201402052058.s15KwoGH012796@maildrop2.v6ds.occnc.com> <7113CE23-C2B0-40C7-9968-22C224571B3B@ericsson.com> <F3ADE4747C9E124B89F0ED2180CC814F23C619A9@xmb-aln-x02.cisco.com>
In-Reply-To: <F3ADE4747C9E124B89F0ED2180CC814F23C619A9@xmb-aln-x02.cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Authenticated-User: asmirnov
Cc: OSPF List <ospf@ietf.org>
Subject: Re: [OSPF] OSPFv3 Autoconfiguration - draft-ietf-ospf-ospfv3-autoconfig-05.txt
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf/>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Feb 2014 13:46:41 -0000

    Hi Les,
    if I understand correctly, all this is in addition to RID 
duplication and resolution mechanisms, i.e. you do not expect that doing 
*only* this will render RID duplication resolution unnecessary, right?

    If RID selection algorithm is good (i.e. statistical spread of 
selected RIDs is even over the whole space) then quick math shows that a 
device joining home network with, say, 1000 already connected devices 
has less than 1 chance in billion to generate conflicting RID. To me 
this risk looks not worth solving.
    The big question of course is in statistical quality of RID 
selection algorithm implementations. Since there will be many different 
implementations some of them are going to be subpar. And bad 
implementation may make probability of RID conflict close to 1.
    Is this what you are worried about?

Anton


On 02/07/2014 09:31 AM, Les Ginsberg (ginsberg) wrote:
> So, I am one person who raised this concern to Acee - but the proposal outlined by Acee is not what I had in mind. There is no need to use "uptime" or to invent some unusual exchange of LSAs prior to Exchange state.
>
> Also, in regards to Curtis's comment - it is not DOS attacks that I am trying to mitigate here. As he says if an attacker is in your network and able to originate credible packets no strategy is safe.
>
> The motivating use case is to minimize disruption of a stable network when a new router is added or an existing router is replaced/rebooted. In other words non-disruptive handling of the common maintenance/upgrade scenarios.
>
> What I have in mind is this:
>
> 1)A router needs a way to advertise that it has been up and running for a minimum length of time - for the sake of discussion let's say 20 minutes. Routers then fall into two categories:
>
>    o Old routers (up >= minimum time)
>    o New routers (up < minimum time)
>
> 2)When a duplicate router-id is detected, the first tie breaker is between old routers and new routers. The old router gets to keep its router-id and the new router picks a new router-id.
> If both routers are "new" or both routers are "old" then we revert to the existing tie breakers defined in the document (link local address for directly connected routers and fingerprint info for non-neighbors).
>
> 3)Advertisement of the "old/new" state requires a single bit - but it has to be available both in hellos and the new AC-LSA. Adding it to the AC-LSA is easy to do. For hellos, there are two possibilities:
>
>     o Use one of the Options Bits
>     o Use LLS
>
> Be interested in how folks feel about this.
>
>     Les
>

v2.23.0 | Report a Bug | By Email