[pim] Re: Gorry Fairhurst's Discuss on draft-ietf-pim-p2mp-policy-ping-15: (with DISCUSS and COMMENT)
Gorry Fairhurst <gorry@erg.abdn.ac.uk> Wed, 24 September 2025 07:14 UTC
Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: pim@mail2.ietf.org
Delivered-To: pim@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 30CD567E710A; Wed, 24 Sep 2025 00:14:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=erg.abdn.ac.uk
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2AunuDnmwMF6; Wed, 24 Sep 2025 00:14:57 -0700 (PDT)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [IPv6:2001:630:42:150::2]) by mail2.ietf.org (Postfix) with ESMTP id D7A2867E7102; Wed, 24 Sep 2025 00:14:56 -0700 (PDT)
Received: from [192.168.1.130] (fgrpf.plus.com [212.159.18.54]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id 10F201B00183; Wed, 24 Sep 2025 08:14:49 +0100 (BST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=erg.abdn.ac.uk; s=default; t=1758698096; bh=s4gsivOfxXCMbH3BPN5XrlXH09diKGCNXuTpIkbqpAg=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=t9peOJqexcEupgdrMUlZ32EevneKGxh5bDOmhVbDqyJ8+8E6S3vd/7m17X1rl5EV0 wnoa7e6LFLSYX6FJhsqEfHXupJtjqNm6wEaLttK6q6ThHdu6Tdn9SgDVFtKmtKWNIQ uyOz/bXhovmptzy20Tw4C2ZSodfbUBtq+x1b/RflNC54hVquEixeYDJU3i982HqlDF TsMzZpdJPV781aK7xz/f6gDbN//jE1cNX/uCFASBwq9CAoyuTQQP0F0c8Bn9g2CcuN 8SsDYeNgcHog4y8otYeTk/Bg7L4AVKCfq6YihC1M2RzSPWDqqqcrln7FbbcZijxX+B omCCeYiadXX5g==
Content-Type: multipart/alternative; boundary="------------MWE3JcfCj00pfCOtrbdCoboZ"
Message-ID: <62bc3286-2954-47d2-9993-3e0e8d48cfd5@erg.abdn.ac.uk>
Date: Wed, 24 Sep 2025 08:14:48 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-GB
To: "Hooman Bidgoli (Nokia)" <hooman.bidgoli@nokia.com>, The IESG <iesg@ietf.org>
References: <175430237226.1024074.3464494852104313835@dt-datatracker-5bd446d5fd-c47nq> <PH0PR08MB6581AFA1665581B274C7BC449109A@PH0PR08MB6581.namprd08.prod.outlook.com> <e01339ea-216d-4a3a-b5d5-9b3956517ab8@erg.abdn.ac.uk> <PH0PR08MB6581AB65EAD40CB5451661A59116A@PH0PR08MB6581.namprd08.prod.outlook.com> <97d93714-dc24-4409-8890-43ef81ab6605@erg.abdn.ac.uk> <PH0PR08MB65811A0DF04D8BC830D1268D911DA@PH0PR08MB6581.namprd08.prod.outlook.com>
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Organization: UNIVERSITY OF ABERDEEN
In-Reply-To: <PH0PR08MB65811A0DF04D8BC830D1268D911DA@PH0PR08MB6581.namprd08.prod.outlook.com>
Message-ID-Hash: QSRECCI4NXEQP26SNLQ2CYPYH7IJZ7VP
X-Message-ID-Hash: QSRECCI4NXEQP26SNLQ2CYPYH7IJZ7VP
X-MailFrom: gorry@erg.abdn.ac.uk
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-pim.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-pim-p2mp-policy-ping@ietf.org" <draft-ietf-pim-p2mp-policy-ping@ietf.org>, "pim-chairs@ietf.org" <pim-chairs@ietf.org>, "pim@ietf.org" <pim@ietf.org>, "mmcbride7@gmail.com" <mmcbride7@gmail.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [pim] Re: Gorry Fairhurst's Discuss on draft-ietf-pim-p2mp-policy-ping-15: (with DISCUSS and COMMENT)
List-Id: Protocol Independent Multicast <pim.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/pim/j-HAxGM4Jg2Xb_s6a_ppSjyowqg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Owner: <mailto:pim-owner@ietf.org>
List-Post: <mailto:pim@ietf.org>
List-Subscribe: <mailto:pim-join@ietf.org>
List-Unsubscribe: <mailto:pim-leave@ietf.org>
On 24/09/2025 00:15, Hooman Bidgoli (Nokia) wrote: > > Hi Gorry > > Thanks for the suggestion! > > I incorporated your suggestion in version 24. > > Please have a look and hopefully this will address your concerns > > Thanks again > > Hooman > Thank you, I appreciate the addition, and have now changed mny position to "No Objection". Best wishes, Gorry > *From:*Gorry Fairhurst <gorry@erg.abdn.ac.uk> > *Sent:* Tuesday, September 23, 2025 11:23 AM > *To:* Hooman Bidgoli (Nokia) <hooman.bidgoli@nokia.com>; The IESG > <iesg@ietf.org> > *Cc:* draft-ietf-pim-p2mp-policy-ping@ietf.org; pim-chairs@ietf.org; > pim@ietf.org; mmcbride7@gmail.com > *Subject:* Re: Gorry Fairhurst's Discuss on > draft-ietf-pim-p2mp-policy-ping-15: (with DISCUSS and COMMENT) > > > On 18/09/2025 17:19, Hooman Bidgoli (Nokia) wrote: > > Hi Gorry > > It was brought to my attention that you replied and I had missed > it. Sorry for confusion. > > So P2MP Ping is no different then ICMP or what is said in RFC 4379. > > It is exactly the same procedures which the implementation has to > rate limit the LSP ping traffic going to the control checking the > timestamp checking the source address etc… > > The reason I didn’t mention RFC 4379 in the document is because I > point to RFC 6425 section 8 which in order points to RFC 4379. > Since p2mp policy is a identical to point-to-multipoint mpls > -extensions to lsp ping I think it is better to point to rfc6425 > rather then directly pointing to rfc 4379. > > Does this answer your question? > > Also the reason I didn’t add any additional text compare to > rfc6425 is because the procedures are exactly the same. > > If you would like I can add some extra text the document section 6 > but honestly the parent rfc 6425 is taking care of this. > > Please let me know your preference > > Thanks > > Hooman > > Thanks Hooman, > > That seems clear. I do think this is important enough to see the > requirement called-out in a document that is published in 2025. > > I suggest the simplest could be to simply quote the text from RFC > 4379, something like: > > [[The security considerations in RFC 4379 apply to this document, and > specifically it is noted > > "To avoid potential Denial-of-Service attacks, it is RECOMMENDED that > implementations regulate the LSP ping traffic going to the control > plane. A rate limiter SHOULD be applied to the well-known UDP port" > allocated for this service." > > ]] > > Please let me know if this or similar text can be included in the > security considerations? > > Best wishes, > > Gorry > > *From:*Gorry Fairhurst <gorry@erg.abdn.ac.uk> > <mailto:gorry@erg.abdn.ac.uk> > *Sent:* Friday, September 12, 2025 5:03 AM > *To:* Hooman Bidgoli (Nokia) <hooman.bidgoli@nokia.com> > <mailto:hooman.bidgoli@nokia.com>; The IESG <iesg@ietf.org> > <mailto:iesg@ietf.org> > *Cc:* draft-ietf-pim-p2mp-policy-ping@ietf.org; > pim-chairs@ietf.org; pim@ietf.org; mmcbride7@gmail.com > *Subject:* Re: Gorry Fairhurst's Discuss on > draft-ietf-pim-p2mp-policy-ping-15: (with DISCUSS and COMMENT) > > > > *CAUTION:*This is an external email. Please be very careful when > clicking links or opening attachments. See the URL nok.it/ext for > additional information. > > On 11/09/2025 21:25, Hooman Bidgoli (Nokia) wrote: > > Hi Gorry > > > > My apologies for missing this email. > > > > Thanks for your comments. > > > > This document is the extension of RFC 6425 so I agree and added a sentence that security considerations of section 8 of RFC 6425 should be followed. > > > > Also I fixed the NiT. > > > > I hope this addresses your concern? > > > > Thanks > > Hooman > > Thanks for your reply, > > My request was simply to learn out more about how this particular > method would provide rate-limiting (or congestion control). A > useful starting point would be to look at about whether the > requirement for rate-limiting in Section 6 of RFC 4379 applies. > > I look forward to understanding this and was hoping that it would > then be possible to add some text to this proposed specification, > although I'd suggest in a modern specification the requirements > for safe sharing of the Internet needs to be in the body of the > specification, not just discussed as a security consideration. > > Best wishes, > > Gorry > > (WIT AD) > > > > > > -----Original Message----- > > From: Gorry Fairhurst via Datatracker<noreply@ietf.org> <mailto:noreply@ietf.org> > > Sent: Monday, August 4, 2025 6:13 AM > > To: The IESG<iesg@ietf.org> <mailto:iesg@ietf.org> > > Cc:draft-ietf-pim-p2mp-policy-ping@ietf.org;pim-chairs@ietf.org;pim@ietf.org;mmcbride7@gmail.com;mmcbride7@gmail.com > > Subject: Gorry Fairhurst's Discuss on draft-ietf-pim-p2mp-policy-ping-15: (with DISCUSS and COMMENT) > > > > > > CAUTION: This is an external email. Please be very careful when clicking links or opening attachments. See the URL nok.it/ext for additional information. > > > > > > > > Gorry Fairhurst has entered the following ballot position for > > draft-ietf-pim-p2mp-policy-ping-15: Discuss > > > > When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) > > > > > > Please refer tohttps://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > > for more information about how to handle DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-pim-p2mp-policy-ping/ > > > > > > > > ---------------------------------------------------------------------- > > DISCUSS: > > ---------------------------------------------------------------------- > > > > Thanks for preparing this document. > > > > As I understand, the described mechanism generates a response over a protocol that is not rate-limited or congestion controlled. Therefore, I'd like to see text that guards against a Denial-of-Service attack to send MPLS echo requests/replies that seek to increase their workload. As such, I suggest a warning/scoping is added that this traffic needs to avoid sending/processing such requests, possibly in the last para of the introduction. > > > > RFC 6425 includes some text that might be a suitable starting point: > > > > As is described in [RFC4379], to avoid potential denial-of-service > > attacks, it is RECOMMENDED to regulate the LSP ping traffic passed to > > the control plane. A rate limiter should be applied to the incoming > > LSP ping traffic. > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > NiT: > > > > /As specified in section 3.2 of [RFC6425] ,/As specified in section 3.2 of [RFC6425],/ > > - Please remove space before comma. > > > > >
- [pim] Gorry Fairhurst's Discuss on draft-ietf-pim… Gorry Fairhurst via Datatracker
- [pim] Re: Gorry Fairhurst's Discuss on draft-ietf… Hooman Bidgoli (Nokia)
- [pim] Re: Gorry Fairhurst's Discuss on draft-ietf… Gorry Fairhurst
- [pim] Re: Gorry Fairhurst's Discuss on draft-ietf… Hooman Bidgoli (Nokia)
- [pim] Re: Gorry Fairhurst's Discuss on draft-ietf… Hooman Bidgoli (Nokia)
- [pim] Re: Gorry Fairhurst's Discuss on draft-ietf… Gorry Fairhurst
- [pim] Re: Gorry Fairhurst's Discuss on draft-ietf… Hooman Bidgoli (Nokia)
- [pim] Re: Gorry Fairhurst's Discuss on draft-ietf… Gorry Fairhurst