[pim] Re: Gorry Fairhurst's Discuss on draft-ietf-pim-p2mp-policy-ping-15: (with DISCUSS and COMMENT)

Gorry Fairhurst <gorry@erg.abdn.ac.uk> Wed, 24 September 2025 07:14 UTC

Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: pim@mail2.ietf.org
Delivered-To: pim@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 30CD567E710A; Wed, 24 Sep 2025 00:14:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=erg.abdn.ac.uk
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2AunuDnmwMF6; Wed, 24 Sep 2025 00:14:57 -0700 (PDT)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [IPv6:2001:630:42:150::2]) by mail2.ietf.org (Postfix) with ESMTP id D7A2867E7102; Wed, 24 Sep 2025 00:14:56 -0700 (PDT)
Received: from [192.168.1.130] (fgrpf.plus.com [212.159.18.54]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id 10F201B00183; Wed, 24 Sep 2025 08:14:49 +0100 (BST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=erg.abdn.ac.uk; s=default; t=1758698096; bh=s4gsivOfxXCMbH3BPN5XrlXH09diKGCNXuTpIkbqpAg=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=t9peOJqexcEupgdrMUlZ32EevneKGxh5bDOmhVbDqyJ8+8E6S3vd/7m17X1rl5EV0 wnoa7e6LFLSYX6FJhsqEfHXupJtjqNm6wEaLttK6q6ThHdu6Tdn9SgDVFtKmtKWNIQ uyOz/bXhovmptzy20Tw4C2ZSodfbUBtq+x1b/RflNC54hVquEixeYDJU3i982HqlDF TsMzZpdJPV781aK7xz/f6gDbN//jE1cNX/uCFASBwq9CAoyuTQQP0F0c8Bn9g2CcuN 8SsDYeNgcHog4y8otYeTk/Bg7L4AVKCfq6YihC1M2RzSPWDqqqcrln7FbbcZijxX+B omCCeYiadXX5g==
Content-Type: multipart/alternative; boundary="------------MWE3JcfCj00pfCOtrbdCoboZ"
Message-ID: <62bc3286-2954-47d2-9993-3e0e8d48cfd5@erg.abdn.ac.uk>
Date: Wed, 24 Sep 2025 08:14:48 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-GB
To: "Hooman Bidgoli (Nokia)" <hooman.bidgoli@nokia.com>, The IESG <iesg@ietf.org>
References: <175430237226.1024074.3464494852104313835@dt-datatracker-5bd446d5fd-c47nq> <PH0PR08MB6581AFA1665581B274C7BC449109A@PH0PR08MB6581.namprd08.prod.outlook.com> <e01339ea-216d-4a3a-b5d5-9b3956517ab8@erg.abdn.ac.uk> <PH0PR08MB6581AB65EAD40CB5451661A59116A@PH0PR08MB6581.namprd08.prod.outlook.com> <97d93714-dc24-4409-8890-43ef81ab6605@erg.abdn.ac.uk> <PH0PR08MB65811A0DF04D8BC830D1268D911DA@PH0PR08MB6581.namprd08.prod.outlook.com>
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Organization: UNIVERSITY OF ABERDEEN
In-Reply-To: <PH0PR08MB65811A0DF04D8BC830D1268D911DA@PH0PR08MB6581.namprd08.prod.outlook.com>
Message-ID-Hash: QSRECCI4NXEQP26SNLQ2CYPYH7IJZ7VP
X-Message-ID-Hash: QSRECCI4NXEQP26SNLQ2CYPYH7IJZ7VP
X-MailFrom: gorry@erg.abdn.ac.uk
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-pim.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-pim-p2mp-policy-ping@ietf.org" <draft-ietf-pim-p2mp-policy-ping@ietf.org>, "pim-chairs@ietf.org" <pim-chairs@ietf.org>, "pim@ietf.org" <pim@ietf.org>, "mmcbride7@gmail.com" <mmcbride7@gmail.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [pim] Re: Gorry Fairhurst's Discuss on draft-ietf-pim-p2mp-policy-ping-15: (with DISCUSS and COMMENT)
List-Id: Protocol Independent Multicast <pim.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/pim/j-HAxGM4Jg2Xb_s6a_ppSjyowqg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Owner: <mailto:pim-owner@ietf.org>
List-Post: <mailto:pim@ietf.org>
List-Subscribe: <mailto:pim-join@ietf.org>
List-Unsubscribe: <mailto:pim-leave@ietf.org>

On 24/09/2025 00:15, Hooman Bidgoli (Nokia) wrote:
>
> Hi Gorry
>
> Thanks for the suggestion!
>
> I incorporated your suggestion in version 24.
>
> Please have a look and hopefully this will address your concerns
>
> Thanks again
>
> Hooman
>
Thank you, I appreciate the addition, and have now changed mny position 
to "No Objection".

Best wishes,

Gorry

> *From:*Gorry Fairhurst <gorry@erg.abdn.ac.uk>
> *Sent:* Tuesday, September 23, 2025 11:23 AM
> *To:* Hooman Bidgoli (Nokia) <hooman.bidgoli@nokia.com>; The IESG 
> <iesg@ietf.org>
> *Cc:* draft-ietf-pim-p2mp-policy-ping@ietf.org; pim-chairs@ietf.org; 
> pim@ietf.org; mmcbride7@gmail.com
> *Subject:* Re: Gorry Fairhurst's Discuss on 
> draft-ietf-pim-p2mp-policy-ping-15: (with DISCUSS and COMMENT)
>
>
> On 18/09/2025 17:19, Hooman Bidgoli (Nokia) wrote:
>
>     Hi Gorry
>
>     It was brought to my attention that you replied and I had missed
>     it. Sorry for confusion.
>
>     So P2MP Ping is no different then ICMP or what is said in RFC 4379.
>
>     It is exactly the same procedures which the implementation has to
>     rate limit the LSP ping traffic going to the control checking the
>     timestamp checking the source address etc…
>
>     The reason I didn’t mention RFC 4379 in the document is because I
>     point to RFC 6425 section 8 which in order points to RFC 4379.
>     Since p2mp policy is a identical to point-to-multipoint mpls
>     -extensions to lsp ping I think it is better to point to rfc6425
>     rather then directly pointing to rfc 4379.
>
>     Does this answer your question?
>
>     Also the reason I didn’t add any additional text compare to
>     rfc6425 is because the procedures are exactly the same.
>
>     If you would like I can add some extra text the document section 6
>     but honestly the parent rfc 6425 is taking care of this.
>
>     Please let me know your preference
>
>     Thanks
>
>     Hooman
>
> Thanks Hooman,
>
> That seems clear. I do think this is important enough to see the 
> requirement called-out in a document that is published in 2025.
>
> I suggest the simplest could be to simply quote the text from RFC 
> 4379, something like:
>
> [[The security considerations in RFC 4379 apply to this document, and 
> specifically it is noted
>
>    "To avoid potential Denial-of-Service attacks, it is RECOMMENDED that
>    implementations regulate the LSP ping traffic going to the control
>    plane.  A rate limiter SHOULD be applied to the well-known UDP port"
>    allocated for this service."
>
> ]]
>
> Please let me know if this or similar text can be included in the 
> security considerations?
>
> Best wishes,
>
> Gorry
>
>     *From:*Gorry Fairhurst <gorry@erg.abdn.ac.uk>
>     <mailto:gorry@erg.abdn.ac.uk>
>     *Sent:* Friday, September 12, 2025 5:03 AM
>     *To:* Hooman Bidgoli (Nokia) <hooman.bidgoli@nokia.com>
>     <mailto:hooman.bidgoli@nokia.com>; The IESG <iesg@ietf.org>
>     <mailto:iesg@ietf.org>
>     *Cc:* draft-ietf-pim-p2mp-policy-ping@ietf.org;
>     pim-chairs@ietf.org; pim@ietf.org; mmcbride7@gmail.com
>     *Subject:* Re: Gorry Fairhurst's Discuss on
>     draft-ietf-pim-p2mp-policy-ping-15: (with DISCUSS and COMMENT)
>
>     	
>
>     *CAUTION:*This is an external email. Please be very careful when
>     clicking links or opening attachments. See the URL nok.it/ext for
>     additional information.
>
>     On 11/09/2025 21:25, Hooman Bidgoli (Nokia) wrote:
>
>         Hi Gorry
>
>           
>
>         My apologies for missing this email.
>
>           
>
>         Thanks for your comments.
>
>           
>
>         This document is the extension of RFC 6425 so I agree and added a sentence that security considerations of section 8 of RFC 6425 should be followed.
>
>           
>
>         Also I fixed the NiT.
>
>           
>
>         I hope this addresses your concern?
>
>           
>
>         Thanks
>
>         Hooman
>
>     Thanks for your reply,
>
>     My request was simply to learn out more about how this particular
>     method would provide rate-limiting (or congestion control). A
>     useful starting point would be to look at about whether the
>     requirement for rate-limiting in Section 6 of RFC 4379 applies.
>
>     I look forward to understanding this and was hoping that it would
>     then be possible to add some text to this proposed specification,
>     although I'd suggest in a modern specification the requirements
>     for safe sharing of the Internet needs to be in the body of the
>     specification, not just discussed as a security consideration.
>
>     Best wishes,
>
>     Gorry
>
>     (WIT AD)
>
>           
>
>           
>
>         -----Original Message-----
>
>         From: Gorry Fairhurst via Datatracker<noreply@ietf.org> <mailto:noreply@ietf.org> 
>
>         Sent: Monday, August 4, 2025 6:13 AM
>
>         To: The IESG<iesg@ietf.org> <mailto:iesg@ietf.org>
>
>         Cc:draft-ietf-pim-p2mp-policy-ping@ietf.org;pim-chairs@ietf.org;pim@ietf.org;mmcbride7@gmail.com;mmcbride7@gmail.com
>
>         Subject: Gorry Fairhurst's Discuss on draft-ietf-pim-p2mp-policy-ping-15: (with DISCUSS and COMMENT)
>
>           
>
>           
>
>         CAUTION: This is an external email. Please be very careful when clicking links or opening attachments. See the URL nok.it/ext for additional information.
>
>           
>
>           
>
>           
>
>         Gorry Fairhurst has entered the following ballot position for
>
>         draft-ietf-pim-p2mp-policy-ping-15: Discuss
>
>           
>
>         When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)
>
>           
>
>           
>
>         Please refer tohttps://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
>
>         for more information about how to handle DISCUSS and COMMENT positions.
>
>           
>
>           
>
>         The document, along with other ballot positions, can be found here:
>
>         https://datatracker.ietf.org/doc/draft-ietf-pim-p2mp-policy-ping/
>
>           
>
>           
>
>           
>
>         ----------------------------------------------------------------------
>
>         DISCUSS:
>
>         ----------------------------------------------------------------------
>
>           
>
>         Thanks for preparing this document.
>
>           
>
>         As I understand, the described mechanism generates a response over a protocol that is not rate-limited or congestion controlled. Therefore, I'd like to see text that guards against a Denial-of-Service attack to send MPLS echo requests/replies that seek to increase their workload. As such, I suggest a warning/scoping is added that this traffic needs to avoid sending/processing such requests, possibly in the last para of the introduction.
>
>           
>
>         RFC 6425 includes some text that might be a suitable starting point:
>
>           
>
>             As is described in [RFC4379], to avoid potential denial-of-service
>
>             attacks, it is RECOMMENDED to regulate the LSP ping traffic passed to
>
>             the control plane.  A rate limiter should be applied to the incoming
>
>             LSP ping traffic.
>
>           
>
>           
>
>         ----------------------------------------------------------------------
>
>         COMMENT:
>
>         ----------------------------------------------------------------------
>
>           
>
>         NiT:
>
>           
>
>         /As specified in section 3.2 of [RFC6425] ,/As specified in section 3.2 of [RFC6425],/
>
>         - Please remove space before comma.
>
>           
>
>           
>