Re: Adam Roach's No Objection on draft-ietf-bfd-multipoint-active-tail-09: (with COMMENT)
Greg Mirsky <gregimirsky@gmail.com> Wed, 04 July 2018 23:29 UTC
Return-Path: <gregimirsky@gmail.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C87C130E0F; Wed, 4 Jul 2018 16:29:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U-gLEjHQGJ9n; Wed, 4 Jul 2018 16:29:19 -0700 (PDT)
Received: from mail-lf0-x244.google.com (mail-lf0-x244.google.com [IPv6:2a00:1450:4010:c07::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98337130DEE; Wed, 4 Jul 2018 16:29:18 -0700 (PDT)
Received: by mail-lf0-x244.google.com with SMTP id a4-v6so5428176lff.5; Wed, 04 Jul 2018 16:29:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=+ONKbTuwoBkU0C6y8pwzbfTuUYzaAnBUg1cwTVI3CB8=; b=UAl7eIU8mE9QObPekNi5u6hUNEIVU8UudnTF4rW9UDdjZEqDvIJtEZ4W3LkVVDH77O cgtNlOmY5Trz5qD8BMlfL0LD+/p3uyDX55LyMbsd32YijgA7g9HisbhG1Ue6IAjBTiRb 0WxRhfsCwwR5npzW24vfItIlt4mWqYe59RgwbyEz5Nx/mclxkFNTD0DIVZrDxtVUjprs Ch7UR7+rISbfgTWZcH9Vk08INJa1wiJDrpWWJb8CH6hpTIDkiRaD64GCB/M+H0l/XJL9 /pF7nFPG0DkKcFhSllersQFCPRN9hdO10dfbLRrMAf3mWvWS11jE/ixujUV2xLSYc5Jn QYiw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=+ONKbTuwoBkU0C6y8pwzbfTuUYzaAnBUg1cwTVI3CB8=; b=g1OTFvOiwLICTA6vYdUgd8kq2X4LrBBlYVKnWg1fRNyo+aOAqc/RqRvCiqQpn6cpxc BfaW6XBd0FY1Gd4nA7VihFlzhLSEU/MRswIgeB47bBYaeI/6iIRAzXGni6p0pQtOAZML VvzrAUdurBLLlNlQFXomuBZlArGdkwxAORcBvax3MufRXSU2LhdmRjIoQILDjI/8e0pm qQlwKZ85zjsw5cb1iJ2YZUp4QGgs80XkxCWyQroVbeZTEKsz+we1Yi+4VgDY4VQ5sqv1 n/q4hC1Aa2zaQoIStEBNAupLsweDvqCTgqCt2czBu1045OBdJBMNcjZbbfz4m9OXT+hI H24g==
X-Gm-Message-State: APt69E0ID/IabJQN5tuhOp+GBt+Zoudcl+ssMe+Rz75Rk4/jhKLxGneP JP4otCH+zsH8s8Z0InOwIsNT2TsGMf4ivrmsWDw=
X-Google-Smtp-Source: AAOMgpfmvlCSylfzSWQfsTFbHXGL3GUq/2JDU53A1rGkE+JCo+bUuZxq5sOQln8QSSKHrx1RxoBTfHUBMZPCQzd+C5k=
X-Received: by 2002:a19:ea5c:: with SMTP id i89-v6mr2531550lfh.19.1530746956797; Wed, 04 Jul 2018 16:29:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a2e:6e08:0:0:0:0:0 with HTTP; Wed, 4 Jul 2018 16:29:16 -0700 (PDT)
In-Reply-To: <153058912996.16070.5798291010834862166.idtracker@ietfa.amsl.com>
References: <153058912996.16070.5798291010834862166.idtracker@ietfa.amsl.com>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Wed, 04 Jul 2018 16:29:16 -0700
Message-ID: <CA+RyBmXFkQfDguKLJjs9qipbvoZnR+wTT=X0Zz+TXD6cZFnApA@mail.gmail.com>
Subject: Re: Adam Roach's No Objection on draft-ietf-bfd-multipoint-active-tail-09: (with COMMENT)
To: Adam Roach <adam@nostrum.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-bfd-multipoint-active-tail@ietf.org, Reshad Rahman <rrahman@cisco.com>, bfd-chairs@ietf.org, rtg-bfd@ietf.org
Content-Type: multipart/alternative; boundary="00000000000099dd8c057034cc22"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/-7t6dhpYlb2Aw0IT4cM1GNnO3Xs>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jul 2018 23:29:22 -0000
Hi Adam, thank you for the review. Will certainly work with Ben to reach the acceptable solution. Please find my answer to your question below tagged GIM>>. Regards, Greg On Mon, Jul 2, 2018 at 8:38 PM, Adam Roach <adam@nostrum.com> wrote: > Adam Roach has entered the following ballot position for > draft-ietf-bfd-multipoint-active-tail-09: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-bfd-multipoint-active-tail/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I had the same question that Ben poses in his DISCUSS, and support > untangling > the question before continuing progression of the document. > > ------------------------------------------------------------ > --------------- > > I've dug around some of the BFD documents but can't quite figure out how > the > tail knows which address to use when responding to a multipoint poll query. > The reason I went looking is: if the head has some means of indicating to > the > tails where such responses should be sent, then it has the ability to > coordinate > a massive DDoS attack on a selected victim address. Is this possible? > GIM>> The tail must know the identity, e.g., IP address, of the head as it uses it as one of elements in demultiplexing received BFD Control packets. In case of IP/UDP encapsulation the tail checks Source IP address against the list of valid sources. There's no Source ID in BFD control packet itself.