Re: [Rift] Jim raised the concern about TTL issue at IETF118 and require to add some text to rift-applicability draft
wei.yuehua@zte.com.cn Tue, 26 December 2023 03:08 UTC
Return-Path: <wei.yuehua@zte.com.cn>
X-Original-To: rift@ietfa.amsl.com
Delivered-To: rift@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA7E4C14F5EA; Mon, 25 Dec 2023 19:08:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.801
X-Spam-Level:
X-Spam-Status: No, score=-1.801 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vDQEjdtNDGHy; Mon, 25 Dec 2023 19:08:01 -0800 (PST)
Received: from mxhk.zte.com.cn (mxhk.zte.com.cn [63.216.63.35]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2442C14F61F; Mon, 25 Dec 2023 19:08:00 -0800 (PST)
Received: from mxct.zte.com.cn (unknown [192.168.251.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mxhk.zte.com.cn (FangMail) with ESMTPS id 4Szfph5VFqz4xPG7; Tue, 26 Dec 2023 11:07:56 +0800 (CST)
Received: from mse-fl1.zte.com.cn (unknown [10.5.228.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mxct.zte.com.cn (FangMail) with ESMTPS id 4Szfp445W0z4x6Ck; Tue, 26 Dec 2023 11:07:24 +0800 (CST)
Received: from szxlzmapp07.zte.com.cn ([10.5.230.251]) by mse-fl1.zte.com.cn with SMTP id 3BQ37C57069004; Tue, 26 Dec 2023 11:07:12 +0800 (+08) (envelope-from wei.yuehua@zte.com.cn)
Received: from mapi (szxlzmapp04[null]) by mapi (Zmail) with MAPI id mid13; Tue, 26 Dec 2023 11:07:14 +0800 (CST)
Date: Tue, 26 Dec 2023 11:07:14 +0800
X-Zmail-TransId: 2b06658a4362ffffffffd27-b19b5
X-Mailer: Zmail v1.0
Message-ID: <202312261107143654996@zte.com.cn>
In-Reply-To: <etPan.65809680.293a9c4e.148c9@futurewei.com>
References: 202312161448290183570@zte.com.cn, etPan.65809680.293a9c4e.148c9@futurewei.com
Mime-Version: 1.0
From: wei.yuehua@zte.com.cn
To: alvaro.retana@futurewei.com, james.n.guichard@futurewei.com, jhead@juniper.net
Cc: prz@juniper.net, draft-ietf-rift-applicability.shepherd@ietf.org, jefftant.ietf@gmail.com, zzhang@juniper.net, draft-ietf-rift-applicability.authors@ietf.org, rift@ietf.org
Content-Type: multipart/mixed; boundary="=====_001_next====="
X-MAIL: mse-fl1.zte.com.cn 3BQ37C57069004
X-Fangmail-Gw-Spam-Type: 0
X-Fangmail-Anti-Spam-Filtered: true
X-Fangmail-MID-QID: 658A438C.000/4Szfph5VFqz4xPG7
Archived-At: <https://mailarchive.ietf.org/arch/msg/rift/wv0QXPBbHT8RiMUaYONamNfy_Rg>
Subject: Re: [Rift] Jim raised the concern about TTL issue at IETF118 and require to add some text to rift-applicability draft
X-BeenThere: rift@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of Routing in Fat Trees <rift.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rift>, <mailto:rift-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rift/>
List-Post: <mailto:rift@ietf.org>
List-Help: <mailto:rift-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rift>, <mailto:rift-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Dec 2023 03:08:05 -0000
Hi, Happy holidays! Your comments are resolved, and a new version was just uploaded. https://mailarchive.ietf.org/arch/msg/rift/zPJ3XaPD7tYWX_q2wBUmyRn37r4/ Best Wishes, Yuehua Wei Original From: AlvaroRetana <alvaro.retana@futurewei.com> To: prz@juniper.net <prz@juniper.net>;Alvaro Retana <alvaro.retana@futurewei.com>;魏月华00019655; Cc: jhead@juniper.net <jhead@juniper.net>;draft-ietf-rift-applicability.shepherd@ietf.org <draft-ietf-rift-applicability.shepherd@ietf.org>;jefftant.ietf@gmail.com <jefftant.ietf@gmail.com>;zzhang@juniper.net <zzhang@juniper.net>;draft-ietf-rift-applicability.authors@ietf.org <draft-ietf-rift-applicability.authors@ietf.org>;James Guichard <james.n.guichard@futurewei.com>; Date: 2023年12月19日 02:59 Subject: Re: Jim raised the concern about TTL issue at IETF118 and require to add some text to rift-applicability draft Works for me. Thanks! On December 16, 2023 at 1:48:42 AM, wei.yuehua@zte.com.cn (wei.yuehua@zte.com.cn) wrote: hi,Tony and Alvaro, Based on your comments, the text is amended as following: ----- 5.17 TTL/HopLimit of 1 vs. 255 on LIEs/TIEs The use of a packet's Time to Live (TTL) (IPv4) or Hop Limit (IPv6) to verify whether the packet was originated by an adjacent node on a connected link has been used in RIFT. LIEs/TIEs MUST be sent with an IPv4 Time to Live (TTL) or an IPv6 Hop Limit (HL) of either 1 or 255 to prevent RIFT information reaching beyond a single L3 next-hop in the fabric. LIEs/TIEs arriving with IPv4 Time to Live (TTL) or an IPv6 Hop Limit (HL) different than 1 or 255 MUST be ignored. RIFT explicitly requires the use of a TTL/HL value of 1 *or* 255 when sending/receiving LIEs and TIEs so that implementors have a choice between the two. TTL (or HL) = 1 protects against the information disseminating more than 1 hop in the fabric and should be the default unless configured otherwise. TTL (or HL) = 255 can lead RIFT TIE packet propagation to more than one hop (multicast address is already local subnetwork range) in case of implementation problems but does protect against a remote attack as well, and the receiving remote router will ignore such TIE packet unless the remote router is exactly 254 hops away and accepts only TTL=1. [RFC5082] defines a Generalized TTL Security Mechanism (GTSM). The GTSM is applicable to LIEs/TIEs implementations that use a TTL or HL of 255. It provides a defense from infrastructure attacks based on forged protocol packets from outside the fabric. For implementations that use a TTL or HL of 1, there are some security threats that are left open. For example, it is relatively easy to spoof a packet remotely so that it has a TTL of 1 within the fabric. Please see the Security Considerations in [RFC5082]. I appreciate your comments. Best Regards, Yuehua Wei From: AntoniPrzygienda <prz@juniper.net> To: 魏月华00019655;Jordan Head <jhead@juniper.net>;james.n.guichard@futurewei.com <james.n.guichard@futurewei.com>; Cc: draft-ietf-rift-applicability.authors@ietf.org <draft-ietf-rift-applicability.authors@ietf.org>;draft-ietf-rift-applicability.shepherd@ietf.org <draft-ietf-rift-applicability.shepherd@ietf.org>;alvaro.retana@futurewei.com <alvaro.retana@futurewei.com>;jefftant.ietf@gmail.com <jefftant.ietf@gmail.com>;Jeffrey (Zhaohui) Zhang <zzhang@juniper.net>; Date: 2023年12月16日 04:19 Subject: Re: Jim raised the concern about TTL issue at IETF118 and require to add some text to rift-applicability draft okey, I fully support adding this to applicability draft with amedments below here the comment as to correctness TTL=1 protects against the information disseminating more than 1 hop in the fabric and should be the default unless configured otherwise TTL=255 can lead to more than one hop RIFT TIE packet propagation (multicast address is already local subnetwork range) in case of implementation problems but does protect against a remote attack as well and the receiving remote router will ignore such unless the remote router is exactly 254 hops away and accepts only TTL=1. the ‘MUST be ignored’ should be amended (unless explicitly configured otherwise). Just like in case of MTU mismatch a knob is always necessary due to some deployment corner cases AFAIS this can be still discussed, we’re not RFC yet and implementations can be knob’ed to accept anyting and send anything (just like the ‘OSPF security check’ knob so common today … tony Juniper Business Use Only From: wei.yuehua@zte.com.cn <wei.yuehua@zte.com.cn> Date: Friday, 15 December 2023 at 04:31 To: Jordan Head <jhead@juniper.net>, james.n.guichard@futurewei.com <james.n.guichard@futurewei.com> Cc: Antoni Przygienda <prz@juniper.net>, draft-ietf-rift-applicability.authors@ietf.org <draft-ietf-rift-applicability.authors@ietf.org>, draft-ietf-rift-applicability.shepherd@ietf.org <draft-ietf-rift-applicability.shepherd@ietf.org>, alvaro.retana@futurewei.com <alvaro.retana@futurewei.com>, jefftant.ietf@gmail.com <jefftant.ietf@gmail.com>, Jeffrey (Zhaohui) Zhang <zzhang@juniper.net> Subject: Jim raised the concern about TTL issue at IETF118 and require to add some text to rift-applicability draft [External Email. Be cautious of content] hi Jordan and Jim, Jim raised the concern about TTL issue at IETF118 (https://datatraker.ietf.org/doc/minutes-118-rift/), and require to add some text to the rift-applicability draft to wrap up the draft with base spec together. The following text is proposed to add to new version of draft-ietf-rift-applicability as a section of "5. Operational Considerations", please review and comment, thanks! 5.17 TTL/HopLimit of 1 vs. 255 on LIEs/TIEs The use of a packet's Time to Live (TTL) (IPv4) or Hop Limit (IPv6) to verify whether the packet was originated by an adjacent node on a connected link has been used in RIFT. LIEs/TIEs MUST be sent with an IPv4 Time to Live (TTL) or an IPv6 Hop Limit (HL) of either 1 or 255 to prevent RIFT information reaching beyond a single L3 next-hop in the fabric. LIEs/TIEs arriving with IPv4 Time to Live (TTL) or an IPv6 Hop Limit (HL) different than 1 or 255 MUST be ignored. RIFT explicitly requires the use of a TTL/HL value of 1 *or* 255 when sending/receiving LIEs and TIEs so that implementors have a choice between the two. [RFC5082] defines a Generalized TTL Security Mechanism (GTSM). The GTSM is applicable to LIEs/TIEs implementations that use a TTL or HL of 255. It provides a defense from infrastructure attacks based on forged protocol packets from outside the fabric. For implementations that use a TTL or HL of 1, there are some security threats that are left open. For example, it is relatively easy to spoof a packet remotely so that it has a TTL of 1 within the fabric. Please see the Security Considerations in [RFC5082]. Best Regards, Yuehua Wei Non-Junipe
- Re: [Rift] Jim raised the concern about TTL issue… wei.yuehua
- Re: [Rift] Jim raised the concern about TTL issue… Antoni Przygienda
- Re: [Rift] Jim raised the concern about TTL issue… wei.yuehua
- Re: [Rift] Jim raised the concern about TTL issue… Jordan Head
- Re: [Rift] Jim raised the concern about TTL issue… wei.yuehua