Re: Resetting the sequence number in an authenticated BFD session
Dave Katz <dkatz@juniper.net> Fri, 11 January 2008 19:11 UTC
Return-path: <rtg-bfd-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1JDPI4-0001Zl-16; Fri, 11 Jan 2008 14:11:40 -0500
Received: from rtg-bfd by megatron.ietf.org with local (Exim 4.43) id 1JDPI2-0001X7-Ht for rtg-bfd-confirm+ok@megatron.ietf.org; Fri, 11 Jan 2008 14:11:38 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JDPI2-0001Ua-6K for rtg-bfd@ietf.org; Fri, 11 Jan 2008 14:11:38 -0500
Received: from exprod7og101.obsmtp.com ([64.18.2.155]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1JDPI0-0002ma-N9 for rtg-bfd@ietf.org; Fri, 11 Jan 2008 14:11:38 -0500
Received: from source ([66.129.224.36]) by exprod7ob101.postini.com ([64.18.6.12]) with SMTP; Fri, 11 Jan 2008 11:11:29 PST
Received: from magenta.juniper.net ([172.17.27.123]) by emailsmtp56.jnpr.net with Microsoft SMTPSVC(6.0.3790.3959); Fri, 11 Jan 2008 11:09:29 -0800
Received: from [172.16.12.139] (nimbus-sf.juniper.net [172.16.12.139]) by magenta.juniper.net (8.11.3/8.11.3) with ESMTP id m0BJ9T922372; Fri, 11 Jan 2008 11:09:29 -0800 (PST) (envelope-from dkatz@juniper.net)
In-Reply-To: <64122293A6365B4A9794DC5636F9ACFD0252D70A@ILPTEX02.ecitele.com>
References: <64122293A6365B4A9794DC5636F9ACFD0252D70A@ILPTEX02.ecitele.com>
Mime-Version: 1.0 (Apple Message framework v753)
X-Priority: 1
Content-Type: multipart/alternative; boundary="Apple-Mail-19-580552696"
Message-Id: <1A38C490-BC35-4ACA-A138-A93A03A99BE6@juniper.net>
From: Dave Katz <dkatz@juniper.net>
Date: Fri, 11 Jan 2008 12:09:28 -0700
To: Alexander Vainshtein <Alexander.Vainshtein@ecitele.com>
X-Mailer: Apple Mail (2.753)
X-OriginalArrivalTime: 11 Jan 2008 19:09:29.0859 (UTC) FILETIME=[7DD58D30:01C85485]
X-Spam-Score: -4.0 (----)
X-Scan-Signature: a8041eca2a724d631b098c15e9048ce9
Cc: Ronen Sommer <Ronen.Sommer@ecitele.com>, BFD WG <rtg-bfd@ietf.org>, Igor Danilovich <Igor.Danilovich@ecitele.com>, David Ward <dward@cisco.com>
Subject: Re: Resetting the sequence number in an authenticated BFD session
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
Errors-To: rtg-bfd-bounces@ietf.org
I am not a security expert, nor do I play one on TV, but the whole point of the sequence number scheme is to protect against replay attacks, and any scheme that allows for the arbitrary resetting of the sequence number space opens up a giant hole. If the authentication section were to carry an additional field with "next sequence number expected" then the sender who had lost track of the sequence space could recover without the receiver being vulnerable to a replay attack (the details of making this work properly with multiple packets in flight seems possible with sufficient signaling but is beyond my ability to extemporize in this email.) Note that I believe it is impossible to avoid session flapping in the case where the round-trip time between systems is greater than the detection time of the session, so it's not clear that any such solution is possible in the general case. If people feel strongly enough about this issue and cannot solve it any other way, I would suggest an extension to the base spec using a new authentication type field, as this is going to take some time and careful thought, and could be done without affecting the base spec. It's worth noting, however, that this is mostly just a particular instance of the more general problem of recovering from lost BFD state. Another interesting example is trying to handle various graceful-restart-like scenarios, including processor failover. The generic solution to these problems is to add a layer between the BFD state machine and the applications that does some intelligent hysteresis around BFD state changes and hides the flap from the applications. This can easily be done without impacting the detection time of the session for cases other than the sequence number issue. The long-overdue reissue of the generic spec will talk about this more fully, Real Soon Now. It's a little bit touchier to pull off with the sequence number stuff because it's hard to reestablish session state in less than a detection time. One straightforward approach would be to simply wait for the old session to time out (since you'll be receiving packets that don't authenticate.) This complicates the heuristics of the flap suppression a bit, but not terribly, and it also means that signaling session failure to applications when the far end key stops working will take longer than a detection time. This doesn't sound like a bad tradeoff to me, since it's a deep-end case and wouldn't impact the detection time for generic failures. The security implications are exactly what they are today for session establishment (or slightly better, since any bad-guy third party would have to block the legitimate session as well as replaying the establishment of a new one.) Another scheme could involve establishing a new session and abandoning the old one, which could be done in less than a detection time, but this opens up a giant denial-of-service hole. --Dave On Jan 10, 2008, at 1:42 PM, Alexander Vainshtein wrote: > Hi all, > I have a question related to the expected behavior of sequence > numbers in an aythenticated (MD5 or SHA1) BFD session. > > The corresdponding sections of draft-ietf-bfd-base-06 state that, > once the packet has been authenticated by the receiver, its > sequence number MUST be checked; if its value is out of range > defined by the last received sequence number and the Detect > Multiplexor, the packet MUST be discarded. > > This may result in the a BFD session going down in the situation > when the transceiver "loses" the information about its last > transmitted sequence number. A suitable use case is a multilink > interface (LAG, ML-PPP, etc.) with the links residing in different > line cards, and e BFD implemented in one of these cards: if this > card fails, the BFD would could be re-started in one of the > remaining cards. Such a restart would not affect the local session > because the BFD machine would be restarted with bfd.AuthSeqKnown = > 0, but keeping bfd.XmitAuthSeq consistent between different line > cards seems problematic. (Implemeting BFD in some common card would > resolve the situation with the multilink interfaces but would raise > similar issues when the common card fails). > > Note that this problem would not occur for a non-authenticated BFD > session. > > IMHO this problem is real, and I do not see a simple solution for it. > I would highly appreciate any feedback from the draft authors and/ > or from the WG. > > Regards, > Sasha >
- Resetting the sequence number in an authenticated… Alexander Vainshtein
- RE: Resetting the sequence number in an authentic… Nitin Bahadur
- RE: Resetting the sequence number in an authentic… Nitin Bahadur
- Re: Resetting the sequence number in an authentic… David Ward
- Re: Resetting the sequence number in an authentic… David Ward
- RE: Resetting the sequence number in an authentic… Nitin Bahadur
- Re: Resetting the sequence number in an authentic… David Ward
- RE: Resetting the sequence number in an authentic… Alexander Vainshtein
- RE: Resetting the sequence number in an authentic… Alexander Vainshtein
- Re: Resetting the sequence number in an authentic… David Ward
- Re: Resetting the sequence number in an authentic… David Ward
- RE: Resetting the sequence number in an authentic… Peter Arberg
- Re: Resetting the sequence number in an authentic… Dave Katz
- RE: Resetting the sequence number in an authentic… Alexander Vainshtein
- RE: Resetting the sequence number in an authentic… Alexander Vainshtein
- Re: Resetting the sequence number in an authentic… David Ward
- RE: Resetting the sequence number in an authentic… Alexander Vainshtein