[Rift] AD Review of draft-ietf-rift-rift-16 (4.2.3.3)
Alvaro Retana <aretana.ietf@gmail.com> Tue, 14 February 2023 13:00 UTC
Return-Path: <aretana.ietf@gmail.com>
X-Original-To: rift@ietfa.amsl.com
Delivered-To: rift@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81B8CC1BE871; Tue, 14 Feb 2023 05:00:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YiHAyrtnPX-T; Tue, 14 Feb 2023 05:00:06 -0800 (PST)
Received: from mail-pg1-x533.google.com (mail-pg1-x533.google.com [IPv6:2607:f8b0:4864:20::533]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E79CC1BE86D; Tue, 14 Feb 2023 05:00:06 -0800 (PST)
Received: by mail-pg1-x533.google.com with SMTP id s8so10160972pgg.11; Tue, 14 Feb 2023 05:00:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date :mime-version:from:from:to:cc:subject:date:message-id:reply-to; bh=gkBnfWl9E5zml95WmOzwje5kO+WdBaa5qLU1CFAFl0A=; b=lZum/U5n5zcDqAzOVQ+8NbVJajLcqdSYyjQflg/8CLGFaq8wy2MNIe4EEUWKMiFVbK GwRUx/yoZEIF7LdJQTx6OlAm/s9ACjJ3v0Ll+X44sh4IcYxSjSTFwGfZJh0vWdAolQ0Y 4VkoM52QRd0k+6blAXHMZCfK9ZNe/MResjyCGm9JDqDRTt0Iog6157baiBugPUVSbnRI IFsVp7E9IIZGuxTC4tWhmdj/ZdzTuUO3EiIen/4tzNonHiv7mDJ11Wsh0IS3xgy7mcmU aud4BCfAN6kxEySc4zjHgtg+KGt913L+Kep8ulmtQ1iOSy/vWbyMjNHG4fXBErz5lqrN lVvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date :mime-version:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=gkBnfWl9E5zml95WmOzwje5kO+WdBaa5qLU1CFAFl0A=; b=bpScB1eyxPK/h2sMBMm889Bne88BOZfm6OCYFLcry1NxxrovKPqbKQ+8gnBB3KeJqd t0crESNE596aReebdYNYcGK6Ba82smoyW4mZbXzYtCJyYpCRqJc0dRFlVjfHIJ4oLpp2 AsrUFkzCBxyR7/tyqOtEPnuLhjy2A3BeUyogDVQ0MfXDrt26xl5ULaOnhhsBwFoKGiB5 8Dudjq4dNO9oxzV+dc5r9fLkNvsBMriFsLNwg8hcex4WVbaQdywHi7OnEo6nfjOsenMJ xkaXe9Kc4AtYzzW2s+B49MeBmvBWKGKGH0fbRPVtF3wrqMhekLGOBqqRqs+sfCLikDyI LwaA==
X-Gm-Message-State: AO0yUKVGSyBDXvrEHnm1QTxJ3GN6VNYxMcQmsWbnXprZsA5bz2hqrezA 1MGAn3EPFUen2QIKD8AlwVG2iVc4rkSbP6dM6aE=
X-Google-Smtp-Source: AK7set98WdRg55R0ozUS0FsBZvZgBOKbiSC4suKjqTpR1gB0tESTb/7iZEbsHBwr6Uk5u2AVXJMGmdeWxefCjBGXcjs=
X-Received: by 2002:a63:6d04:0:b0:4b9:c65b:44dc with SMTP id i4-20020a636d04000000b004b9c65b44dcmr326405pgc.48.1676379605370; Tue, 14 Feb 2023 05:00:05 -0800 (PST)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Tue, 14 Feb 2023 07:00:04 -0600
From: Alvaro Retana <aretana.ietf@gmail.com>
MIME-Version: 1.0
Date: Tue, 14 Feb 2023 07:00:04 -0600
Message-ID: <CAMMESsysz8Yk7e2Snzq7Rivihfv50=F=ks3X_cAUsFKoaaSCiQ@mail.gmail.com>
To: Jordan Head <jhead@juniper.net>
Cc: draft-ietf-rift-rift@ietf.org, rift-chairs@ietf.org, "rift@ietf.org" <rift@ietf.org>, "EXT-zhang.zheng@zte.com.cn" <zhang.zheng@zte.com.cn>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/rift/C4m1lOvDJ9nLl7jhrlhqXonS7Ak>
Subject: [Rift] AD Review of draft-ietf-rift-rift-16 (4.2.3.3)
X-BeenThere: rift@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of Routing in Fat Trees <rift.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rift>, <mailto:rift-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rift/>
List-Post: <mailto:rift@ietf.org>
List-Help: <mailto:rift-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rift>, <mailto:rift-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2023 13:00:07 -0000
Hi! Just 4.2.3.3. Alvaro. 2404 4.2.3.3. Flooding 2406 The mechanism used to distribute TIEs is the well-known (albeit 2407 modified in several respects to take advantage of Fat Tree topology) 2408 flooding mechanism used in link-state protocols. Although flooding 2409 is initially more demanding to implement it avoids many problems with 2410 update style used in diffused computation by distance vector 2411 protocols. However, since flooding tends to present a significant 2412 burden in large, densely meshed topologies (Fat Trees being 2413 unfortunately such a topology) RIFT provides as solution a close to 2414 optimal global flood reduction and load balancing optimization in 2415 Section 4.2.3.9. [] "well-known...flooding mechanism used in link-state protocols. ...avoids many problems with...distance vector protocols." Please don't assume knowledge and remove references/comparisons to/with other protocols. [] "close to optimal global flood reduction" I might have to read §4.2.3.9, but this sounds like marketing to me. 2417 As described before, TIEs themselves are transported over UDP with 2418 the ports indicated in the LIE exchanges and using the destination 2419 address on which the LIE adjacency has been formed. For unnumbered 2420 IPv4 interfaces same considerations apply as in other link-state 2421 routing protocols and are largely implementation dependent. [] "For unnumbered IPv4 interfaces same considerations apply as in other link-state routing protocols and are largely implementation dependent." Assumes knowledge of other protocols. Besides that, the sentence doesn't say much by pointing to considerations that are "largely implementation dependent". 2423 TIEs are uniquely identifed by `TIEID` schema element. `TIEID` space 2424 is a total order achieved by comparing the elements in sequence 2425 defined in the element and comparing each value as an unsigned 2426 integer of corresponding length. They contain a `seq_nr` element to 2427 distinguish newer versions of same TIE. TIEIDs also carry 2428 `origination_time` and `origination_lifetime`. Field 2429 `origination_time` contains the absolute timestamp when the TIE was 2430 generated. Field `origination_lifetime` carries lifetime when the 2431 TIE was generated. Those are normally disregarded during comparison 2432 and carried purely for debugging/security purposes if present. They 2433 may be used for comparison of last resort to differentiate otherwise 2434 equal ties and they can be used on fabrics with synchronized clock to 2435 prevent lifetime modification attacks. [nit] s/identifed by `TIEID`/identified by the `TIEID` [major] "total order achieved by comparing the elements in sequence" When comparing, which value is considered better/more recent? [minor] "They contain a `seq_nr` element to distinguish newer versions of same TIE. TIEIDs also carry `origination_time` and `origination_lifetime`." TIEID doesn't contain any of that: /** Unique ID of a TIE. */ struct TIEID { /** direction of TIE */ 1: required common.TieDirectionType direction; /** indicates originator of the TIE */ 2: required common.SystemIDType originator; /** type of the tie */ 3: required common.TIETypeType tietype; /** number of the tie */ 4: required common.TIENrType tie_nr; } (python.immutable = "") But the TIEHeader does: /** Header of a TIE. */ struct TIEHeader { /** ID of the tie. */ 2: required TIEID tieid; /** Sequence number of the tie. */ 3: required common.SeqNrType seq_nr; /** Absolute timestamp when the TIE was generated. */ 10: optional common.IEEE802_1ASTimeStampType origination_time; /** Original lifetime when the TIE was generated. */ 12: optional common.LifeTimeInSecType origination_lifetime; } [minor] The grammar could be better: s/ TIEIDs also carry `origination_time` and `origination_lifetime`. Field `origination_time` contains the absolute timestamp when the TIE was generated. Field `origination_lifetime` carries lifetime when the TIE was generated. / The TIEHEader can also carry an `origination_time` that contains the absolute timestamp of when the TIE was generated, and an `origination_lifetime` to indicate the original lifetime when the TIE was generated. [major] "Those are normally disregarded during comparison..." Does this refer to the text in the second sentence ("`TIEID` space is a total order achieved by comparing the elements in sequence...") or to some other comparison. Also, this makes me think that you have been referring to the TIEHeader (and not the TIEID) all along -- is that correct? [major] "normally disregarded during comparison...[but]...may be used for comparison of last resort" Are they used or not? The use of "normally" doesn't help because it immediately points are possible exceptions... If used, how are they compared? Which one is better/more recent? [minor] "can be used on fabrics with synchronized clock" §4.3.4 says that RIFT assumes that all nodes are sync'ed, so "fabrics with synchronized clock" would mean all the time, right? [major] "can be used...to prevent lifetime modification attacks" "can be used" or "are used"? It seems (from a quick read of §4.4.3), that neither are used -- but that the remaining lifetime (remaining_lifetime) is. Is that correct? Looking closer, I noticed that the origination_lifetime and the remaining_lifetime come from the same variable: 12: optional common.LifeTimeInSecType origination_lifetime; ... 2: required common.LifeTimeInSecType remaining_lifetime; But I couldn't figure out where the LifeTimeInSecType is decremented as there's no TIE FSM. Where is that specified? This is the related text in the Security Considerations: 5755 7.4. Lifetime 5757 Traditional IGP protocols are vulnerable to lifetime modification and 5758 replay attacks that can be somewhat mitigated by using techniques 5759 like [RFC7987]. RIFT removes this attack vector by protecting the 5760 lifetime behind a signature computed over it and additional nonce 5761 combination which makes even the replay attack window very small and 5762 for practical purposes irrelevant since lifetime cannot be 5763 artificially shortened by the attacker. [major] "Traditional IGP protocols are vulnerable...somewhat mitigated by using techniques like [RFC7987]." Remove all mentions of other protocols! Also, the reference is irrelevant because it points to an IS-IS specification. [minor] s/lifetime/remaining lifetime [] s/which makes even the replay attack window very small and for practical purposes irrelevant since lifetime cannot be artificially shortened by the attacker./which results in the inability of an attacker to artificially shorten the remaining lifetime. 2437 Remaining lifetime counts down to 0 from origination lifetime. TIEs 2438 with lifetimes differing by less than `lifetime_diff2ignore` MUST be 2439 considered EQUAL (if all other fields are equal). This constant MUST 2440 be larger than `purge_lifetime` to avoid retransmissions. [] It would be very nice if the naming and its use was consistent. For example, you mentioned the "origination_lifetime" above, but "origination lifetime" here. It makes it really hard to search and to keep track of where things are specified. [major] "This constant MUST be larger than `purge_lifetime` to avoid retransmissions." They are both *constants*, which intuitively mean that they have a set value. Note that neither is listed in Appendix C.1 (Configurable Protocol Constants), should they be? 2442 All valid TIE types are defined in `TIETypeType`. This enum indicates 2443 what TIE type the TIE is carrying. In case the value is not known to 2444 the receiver, the TIE MUST be re-flooded. This allows for future 2445 extensions of the protocol within the same major schema with types 2446 opaque to some nodes with some restrictions. [] Note my comments before about consistency related to TIE Types.
- [Rift] AD Review of draft-ietf-rift-rift-16 (4.2.… Alvaro Retana
- Re: [Rift] AD Review of draft-ietf-rift-rift-16 (… Tony Przygienda
- Re: [Rift] AD Review of draft-ietf-rift-rift-16 (… Jordan Head