Re: [Pals] Stephen Farrell's Discuss on draft-ietf-pals-mc-pon-04: (with DISCUSS)
Jiangyuanlong <jiangyuanlong@huawei.com> Wed, 28 September 2016 02:13 UTC
Return-Path: <jiangyuanlong@huawei.com>
X-Original-To: pals@ietfa.amsl.com
Delivered-To: pals@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EE5112B04B; Tue, 27 Sep 2016 19:13:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.537
X-Spam-Level:
X-Spam-Status: No, score=-6.537 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.316, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LwPu3g_nWujq; Tue, 27 Sep 2016 19:13:03 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90A9512B047; Tue, 27 Sep 2016 19:13:02 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml701-cah.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CXA47277; Wed, 28 Sep 2016 02:13:00 +0000 (GMT)
Received: from SZXEMA419-HUB.china.huawei.com (10.82.72.37) by lhreml701-cah.china.huawei.com (10.201.5.93) with Microsoft SMTP Server (TLS) id 14.3.235.1; Wed, 28 Sep 2016 03:12:57 +0100
Received: from SZXEMA506-MBS.china.huawei.com ([169.254.4.3]) by SZXEMA419-HUB.china.huawei.com ([10.82.72.37]) with mapi id 14.03.0235.001; Wed, 28 Sep 2016 10:12:54 +0800
From: Jiangyuanlong <jiangyuanlong@huawei.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Edwin Mallette <edwin.mallette@gmail.com>, The IESG <iesg@ietf.org>
Thread-Topic: Stephen Farrell's Discuss on draft-ietf-pals-mc-pon-04: (with DISCUSS)
Thread-Index: AQHSDhnrM2JeV5n1TUKGxeOCmD2ke6B4MO/AgAG4aQCAADlhAIAEyw7QgA3TnoCAAXLfsA==
Date: Wed, 28 Sep 2016 02:12:54 +0000
Message-ID: <3B0A1BED22CAD649A1B3E97BE5DDD68B91765C3E@szxema506-mbs.china.huawei.com>
References: <147381075416.13170.14909169380037916813.idtracker@ietfa.amsl.com> <3B0A1BED22CAD649A1B3E97BE5DDD68B9175EEE0@szxema506-mbs.china.huawei.com> <69703e52-57c6-26b4-7517-6a968ba14620@cs.tcd.ie> <D40008DA.A2F16%edwin.mallette@gmail.com> <3B0A1BED22CAD649A1B3E97BE5DDD68B917627CD@szxema506-mbs.china.huawei.com> <a1d04012-3a1b-6e1c-261c-a0b041686014@cs.tcd.ie>
In-Reply-To: <a1d04012-3a1b-6e1c-261c-a0b041686014@cs.tcd.ie>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.74.203.119]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020206.57EB272C.0156, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.4.3, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 36a30ee8211babaf5cb8b41d26a78a84
Archived-At: <https://mailarchive.ietf.org/arch/msg/pals/ynpYjuC_CdI8iPfzmtgFsDPkWVs>
Cc: "pals-chairs@ietf.org" <pals-chairs@ietf.org>, "agmalis@gmail.com" <agmalis@gmail.com>, "draft-ietf-pals-mc-pon@ietf.org" <draft-ietf-pals-mc-pon@ietf.org>, "pals@ietf.org" <pals@ietf.org>
Subject: Re: [Pals] Stephen Farrell's Discuss on draft-ietf-pals-mc-pon-04: (with DISCUSS)
X-BeenThere: pals@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Pseudowire And LDP-enabled Services dicussion list." <pals.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pals>, <mailto:pals-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pals/>
List-Post: <mailto:pals@ietf.org>
List-Help: <mailto:pals-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pals>, <mailto:pals-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Sep 2016 02:13:06 -0000
Stephen, My interpretation is, the security issue of a fake ONU is already considered in RFC 6457 (Multi-Segment Pseudowires in Passive Optical Networks) and other PON standards (such as G.984.3/G.987.3). Whether ICCP (or PON protection) is used or not, fake ONUs will pose the same security challenge. Thus, there is no extra security issue introduced in this sense. In the real deployment of FTTx (PON) networks, all the ONUs are typically resold by the service providers; they are also configured and controlled by the service providers. Thus, PON access network can be as safe as a well-secured MPLS network. Thanks, Yuanlong -----Original Message----- From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] Sent: Tuesday, September 27, 2016 7:26 PM To: Jiangyuanlong; Edwin Mallette; The IESG Cc: pals-chairs@ietf.org; agmalis@gmail.com; draft-ietf-pals-mc-pon@ietf.org; pals@ietf.org Subject: Re: Stephen Farrell's Discuss on draft-ietf-pals-mc-pon-04: (with DISCUSS) Hiya, On 18/09/16 09:28, Jiangyuanlong wrote: > Hi Ed and Stephen, > Sorry for the slow response. > > > A further improvement over the Proposed Text: > > > > Again, similar to ICCP, activity on the attachment circuits may cause > security threats or be exploited to create denial-of-service attacks. > In many passive optical networks the optical paths between OLT and > ONUs traverse publicly accessible facilities including public > attachments (e.g. telephone poles), which opens up the risk of > excessive link bouncing by optical layer impairment. While ICCP for > MC-PON interconnects in the MPLS domain and does not traverse the PON > network, risks do include introduction of a malicious ONU which could > cause, for example, excessive link bouncing. This link bouncing > could result in increased ICCP exchanges similar to the malicious CE > case described in [RFC7275 <https://tools.ietf.org/html/rfc7275>]. > Operators of such networks should take additional care to restrict > unauthorized ONUs and to limit the impact of link bouncing at the > OLT, as these could result in service impairment. So I guess limitation to single domains the assertion that this ICCP is not used on the publicly accessible links (telephone poles etc.) is good enough for me to clear. (Will do that in a bit.) On the text above - is "link bouncing" really the worst thing that can happen if someone introduces a malicious ONU? That would be surprising. So I'd suggest maybe using another example threat in this bit: "While ICCP for MC-PON interconnects in the MPLS domain and does not traverse the PON network, risks do include introduction of a malicious ONU which could cause, for example,..." E.g. couldn't a fake ONU inject/monitor traffic? Cheers, S. > > > > Are you OK with this proposal? > > > > Thanks, > > Yuanlong > > > > -----Original Message----- From: Edwin Mallette > [mailto:edwin.mallette@gmail.com] Sent: Thursday, September 15, 2016 > 11:05 PM To: Stephen Farrell; Jiangyuanlong; The IESG Cc: > pals-chairs@ietf.org; agmalis@gmail.com; > draft-ietf-pals-mc-pon@ietf.org; pals@ietf.org Subject: Re: Stephen > Farrell's Discuss on draft-ietf-pals-mc-pon-04: (with DISCUSS) > > > > > > > > On 9/15/16, 5:39 AM, "Stephen Farrell" > <stephen.farrell@cs.tcd.ie<mailto:stephen.farrell@cs.tcd.ie>> wrote: > > > >> > >> > >> On 14/09/16 03:39, Jiangyuanlong wrote: > >>> Hi Stephen, > >>> > >>> To be clear, it is proposed to add "in a single administrative > >>> domain" to the end of "this ICCP application SHOULD only be used >>> in > >>> well-managed and highly monitored service provider PON access > >>> networks..." Thus we have the following texts "this ICCP >>> application > >>> SHOULD only be used in well-managed and highly monitored service > >>> provider PON access networks in a single administrative domain". > >> > >> That's more consistent yes. > >> > >>> > >>> Typically, the PON network and the MPLS network interconnection >>> as > >>> described in the document (for scenarios including FTTx, MSO and > >>> mobile backhaul) are under the control of a single service >>> provider. > >>> So the proposed change does not inflict any real constraint. > >> > >> Sorry but I'm still not seeing how "under the control of" and > >> "telephone poles" make for it being reasonable to depend on the >> fairly > >> modest security mechanisms that are available, and IIUC, that are >> not > >> often used (in less threatened environments). Can you clarify that >> for > >> me? > >> > >> Thanks, > >> S. > > Hi Stephen, > > > > I suppose what might not be clear, at least in the security section, > is that ICCP for MC-PON does not operate between the OLT and > ONU/ONT. > > Without going into too much detail in terms of how security > mechanisms work on PON access networks, I¹ve attempted to propose > some additional text in the second paragraph of the security section > to attempt to clarify that the risk isn¹t to ICCP via a direct ICCP > protocol interaction. There is some risk to ICCP that can be caused > by mucking around with the ONU or the physical fiber path between the > OLT and ONU. Does this help address your concern ? > > > > Original Text: > > > > Again, similar to ICCP, activity on the attachment circuits may cause > security threats or be exploited to create denial-of-service attacks. > In many passive optical networks the optical paths between OLT and > ONTs traverse publicly accessible facilities including public > attachments (e.g. > > telephone poles), which opens up the risk of excessive link bouncing > by optical layer impairment. Other risks include a malicious ONT, > which can lead to excessive ICCP exchanges similar to the malicious > CE case described in [RFC7275]. Operators of such networks should > take additional care to restrict unauthorized ONTs and to limit the > impact of link bouncing, as these could result in service > impairment. > > > > > > Proposed Text: > > > > Again, similar to ICCP, activity on the attachment circuits may cause > security threats or be exploited to create denial-of-service attacks. > In many passive optical networks the optical paths between OLT and > ONUs traverse publicly accessible facilities including public > attachments (e.g. > > telephone poles), which opens up the risk of excessive link bouncing > by optical layer impairment. While ICCP for MC-PON does not operate > between the OLT and ONU, risks do include introduction of a malicious > ONU which could cause, for example, excessive link bouncing. This > link bouncing could result in increased ICCP exchanges similar to the > malicious CE case described in [RFC7275 > <https://tools.ietf.org/html/rfc7275>]. Operators of such networks > should take additional care to restrict unauthorized ONUs and to > limit the impact of link bouncing at the OLT, as these could result > in service impairment. > > > > Cheers! > > > > Ed > > > >> > >>> > >>> ICCP is a sub-type of LDP protocol (RFC5036), the same security > >>> measures of LDP are applicable too, that is, ICCP peer PEs (LDP > >>> peers) are in the same MPLS administration domain, access list >>> and > >>> authentication mechanisms can be used between the PEs (e.g., all >>> LDP > >>> packets are denied by the OLT if they are received from the > >>> interfaces connecting the ONUs). As this document is based on >>> ICCP > >>> (i.e., LDP), we can use all these mechanisms described in RFC5036 >>> and > >>> RFC7275. > >>> > >>> Are you satisfied with this resolution? Do you have any >>> suggestions? > >>> > >>> Thanks, Yuanlong > >>> > >>> > >>> -----Original Message----- From: Stephen Farrell > >>> [mailto:stephen.farrell@cs.tcd.ie] Sent: Wednesday, September >>> 14, > >>> 2016 7:53 AM To: The IESG Cc: >>> draft-ietf-pals-mc-pon@ietf.org<mailto:draft-ietf-pals-mc-pon@ietf.org>; >>> Andrew > >>> G. Malis; pals-chairs@ietf.org<mailto:pals-chairs@ietf.org>; >>> agmalis@gmail.com<mailto:agmalis@gmail.com>; >>> pals@ietf.org<mailto:pals@ietf.org> > >>> Subject: Stephen Farrell's Discuss on draft-ietf-pals-mc-pon-04: > >>> (with DISCUSS) > >>> > >>> Stephen Farrell has entered the following ballot position for > >>> draft-ietf-pals-mc-pon-04: Discuss > >>> > >>> When responding, please keep the subject line intact and reply to >>> all > >>> email addresses included in the To and CC lines. (Feel free to >>> cut > >>> this introductory paragraph, however.) > >>> > >>> > >>> Please refer to > >>> https://www.ietf.org/iesg/statement/discuss-criteria.html for >>> more > >>> information about IESG DISCUSS and COMMENT positions. > >>> > >>> > >>> The document, along with other ballot positions, can be found >>> here: > >>> https://datatracker.ietf.org/doc/draft-ietf-pals-mc-pon/ > >>> > >>> > >>> > >>> --------------------------------------------------------------------- > >>> - > >>> > >>> > >> DISCUSS: > >>> --------------------------------------------------------------------- > >>> - > >>> > >>> > >>> > >>> Is this extension to ICCP really compatible with section 10 of > >>> RFC7275? RFC7275 says "It ought not be deployed on or over the > >>> public Internet. ICCP is not intended to be applicable when the > >>> Redundancy Group spans PEs in different administrative domains" > >>> whereas this draft only refers to the "well-managed" stuff and >>> says > >>> nothing about multiple domains, and this draft also refers to >>> public > >>> contexts such as telephone poles. Can you justify for me how >>> using > >>> ICCP here is safe? (It may well be, but I'm entirely unsure, >>> probably > >>> mostly due to my ignorance of PON deployments.) > >>> > >>> The same point was made in the secdir review [1] which did get a > >>> response. Sadly, I didn't get how the response answered the >>> question. > >>> > >>> > >>> [1] > >>> https://www.ietf.org/mail-archive/web/secdir/current/msg06762.html > >>> >>> > >>> > >>> > >>> > >> > > > >
- [Pals] Stephen Farrell's Discuss on draft-ietf-pa… Stephen Farrell
- Re: [Pals] Stephen Farrell's Discuss on draft-iet… Jiangyuanlong
- Re: [Pals] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [Pals] Stephen Farrell's Discuss on draft-iet… Edwin Mallette
- Re: [Pals] Stephen Farrell's Discuss on draft-iet… Jiangyuanlong
- Re: [Pals] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [Pals] Stephen Farrell's Discuss on draft-iet… Jiangyuanlong