Re: [Pppext] proposed TRILL IS-IS System ID text
James Carlson <carlsonj@workingcode.com> Thu, 27 January 2011 20:31 UTC
Return-Path: <carlsonj@workingcode.com>
X-Original-To: pppext@core3.amsl.com
Delivered-To: pppext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 87EEC28C17C for <pppext@core3.amsl.com>;
Thu, 27 Jan 2011 12:31:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.549
X-Spam-Level:
X-Spam-Status: No, score=-102.549 tagged_above=-999 required=5 tests=[AWL=0.050,
BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZyVezx2b9W+i for
<pppext@core3.amsl.com>; Thu, 27 Jan 2011 12:31:34 -0800 (PST)
Received: from carlson.workingcode.com
(carlsonj-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1d9::2]) by
core3.amsl.com (Postfix) with ESMTP id 4A95228C17B for <pppext@ietf.org>;
Thu, 27 Jan 2011 12:31:34 -0800 (PST)
Received: from [75.150.68.97] (carlson [75.150.68.97]) (authenticated bits=0)
by carlson.workingcode.com (8.14.2+Sun/8.14.4) with ESMTP id p0RKYalG011575
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
Thu, 27 Jan 2011 15:34:36 -0500 (EST)
Message-ID: <4D41D6DC.2040406@workingcode.com>
Date: Thu, 27 Jan 2011 15:34:36 -0500
From: James Carlson <carlsonj@workingcode.com>
User-Agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US;
rv:1.9.1.7) Gecko/20100214 Lightning/1.0b1 Thunderbird/3.0.1
MIME-Version: 1.0
To: William Allen Simpson <william.allen.simpson@gmail.com>
References: <4D415111.4010009@gmail.com> <4D41ABED.5070308@gmail.com>
In-Reply-To: <4D41ABED.5070308@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-DCC-x.dcc-servers-Metrics: carlson; whitelist
Cc: pppext@ietf.org, rbridge@postel.org
Subject: Re: [Pppext] proposed TRILL IS-IS System ID text
X-BeenThere: pppext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: PPP Extensions <pppext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/pppext>,
<mailto:pppext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pppext>
List-Post: <mailto:pppext@ietf.org>
List-Help: <mailto:pppext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pppext>,
<mailto:pppext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jan 2011 20:31:35 -0000
On 01/27/11 12:31, William Allen Simpson wrote: > On 1/27/11 6:03 AM, William Allen Simpson wrote: >> 3. An implementation that has only PPP links might have no previously >> configured Media Access Control (MAC) that can function as an >> IS-IS System ID. In this case, the System ID is formed by adding >> a randomly generated 14-bit leading number (in place of an OUI) to >> the link's unique LCP Magic Number. The Magic Number MUST be >> unique for all links and all known link peers. This pseudo-MAC >> MUST have both the "locally-assigned" and "broadcast/multicast" >> (group) bits set to 1; that is, the least significant two bits of >> the most significant octet are both set to 1. >> > Looking at this again, and remembering how fanatic the new RFC Editors (TM) > are about abbreviations, probably needs to expand OUI, too: > > .... In this case, the System ID is formed by appending > the link's unique 32-bit LCP Magic Number after a randomly generated > 14-bit number in place of an Organizationally Unique Identifier (OUI). > > [Also makes the number of bits explicit: N/2**23 birthday attack; > considerably less than having 2 identical MACs from the same vendor, or > being killed by lightning. Could put that in the Security Considerations?] [Sorry for the duplicate on the PPP list; Thunderbird hurt me with the CC-list again.] Yes, I see where you're going with this. I don't think it's a "Security" issue. It's actually a correctness issue -- if there are duplicates, then IS-IS falls down. That aside, what you're suggesting is still a bit uncomfortable to me. You're essentially saying that this draft can forge up a new way of creating IS-IS System IDs on its own just to be helpful. I'm not so sure that it can or should. I think it's out of scope. While I certainly agree that, if implemented properly (and if existing system architectures allow implementation), what you're describing should work nicely, I don't want to run afoul of the IS-IS folks by tromping so squarely on their turf. In particular, IS-IS simply mandates that System IDs must be unique across the domain in which they're used. Not that they're "extremely unlikely to be duplicated" -- but that they're _never_ duplicated. The existing protocol clearly puts the responsibility for that in the hands of system implementers, not the link layer designers. Now, you're certainly within your rights to claim that MAC addresses are a feeble mechanism, and you may well be right that there are systems that duplicate them (though I can't say *I* have ever seen this), but the ISO people behind IS-IS appear (to me at least) to think differently. It's not a matter of statistics, or of field experience, but of specification. Instead, I think the issue you're talking about is really a fundamental issue in IS-IS itself, and is not one that is created by or altered by or in any way related to PPP or TRILL. IS-IS already supports point-to-point links without PPP or TRILL. And if you were to build an IS-IS router with only point-to-point links and without some source of a System ID, you would run into exactly this problem. But as the links on this hypothetical router are just plain old point-to-point links, you would not have the benefit of the mechanism you're proposing to have to this draft. And the same problem occurs if you run an IS-IS router with only PPP links using OSINLCP. So, it's not specifically a TRILL issue. It's the same problem, and it's not something that I think we ought to be addressing. We can certainly call it out, though. I think that if this is to be addressed -- it's probably the least important issue I can imagine in TRILL, and likely needs no fixing at all, as I strongly suspect that real systems won't have the problem -- it should be addressed in the TRILL IS-IS document, or perhaps in the base IS-IS documents themselves. It's IS-IS itself that demands a single unique System ID (PPP frankly doesn't care), and it's TRILL that demands zero configuration. At a minimum, I want to hear from IS-IS and TRILL experts before I go ahead with proposing any new random-number-based System ID mechanism. If they sign on, then I'll go ahead with it. But my off-the-cuff guess is that they'll have objections, and more objections probably aren't helpful in getting to consensus. -- James Carlson 42.703N 71.076W <carlsonj@workingcode.com>
- [Pppext] proposed TRILL IS-IS System ID text William Allen Simpson
- Re: [Pppext] proposed TRILL IS-IS System ID text William Allen Simpson
- Re: [Pppext] proposed TRILL IS-IS System ID text James Carlson
- Re: [Pppext] proposed TRILL IS-IS System ID text James Carlson
- Re: [Pppext] proposed TRILL IS-IS System ID text William Allen Simpson
- Re: [Pppext] proposed TRILL IS-IS System ID text Vernon Schryver
- Re: [Pppext] proposed TRILL IS-IS System ID text James Carlson
- Re: [Pppext] proposed TRILL IS-IS System ID text Donald Eastlake
- [Pppext] [Fwd: Re: [rbridge] proposed TRILL IS-IS… James Carlson
- Re: [Pppext] [rbridge] proposed TRILL IS-IS Syste… William Allen Simpson
- Re: [Pppext] [rbridge] proposed TRILL IS-IS Syste… William Allen Simpson
- Re: [Pppext] [rbridge] proposed TRILL IS-IS Syste… Donald Eastlake