Re: draft-ietf-bfd-unaffiliated-echo WGLC and IPR check

Jeffrey Haas <jhaas@pfrc.org> Fri, 14 April 2023 22:31 UTC

Return-Path: <jhaas@pfrc.org>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06F74C14CE40; Fri, 14 Apr 2023 15:31:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7dnJQiWimwHS; Fri, 14 Apr 2023 15:31:48 -0700 (PDT)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 5E0D1C14CF1A; Fri, 14 Apr 2023 15:31:48 -0700 (PDT)
Received: from smtpclient.apple (104-10-90-238.lightspeed.livnmi.sbcglobal.net [104.10.90.238]) by slice.pfrc.org (Postfix) with ESMTPSA id 269931E037; Fri, 14 Apr 2023 18:31:47 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
Subject: Re: draft-ietf-bfd-unaffiliated-echo WGLC and IPR check
From: Jeffrey Haas <jhaas@pfrc.org>
In-Reply-To: <CA+RyBmUabHhBVOnUfVMCqM_-BORKy+sj6HiTN-ezD-=mKC16oQ@mail.gmail.com>
Date: Fri, 14 Apr 2023 18:31:46 -0400
Cc: draft-ietf-bfd-unaffiliated-echo@ietf.org, rtg-bfd WG <rtg-bfd@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <BAE7E426-7CA7-4279-9736-234A2B97CEC2@pfrc.org>
References: <E3E52D3E-1DEB-42B0-97D3-75B4A9904F00@pfrc.org> <CA+RyBmWRruoBteKxsXXX7UWJ4zo2C5ruyjS+XfA7-Cadt=juag@mail.gmail.com> <196C9D52-E144-4EFA-A25B-2453122DCB13@pfrc.org> <CA+RyBmWN+6-m9p-GbHdS0MySwRjonYW43MPaZhh-K7FRVYL48w@mail.gmail.com> <9D4C734F-2D1A-4A2C-B452-0920B7101618@pfrc.org> <CA+RyBmUabHhBVOnUfVMCqM_-BORKy+sj6HiTN-ezD-=mKC16oQ@mail.gmail.com>
To: Greg Mirsky <gregimirsky@gmail.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/T2XC8ZAXhxxXdh_Zcjmm6O5xtR0>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Apr 2023 22:31:50 -0000

Greg,


> On Apr 14, 2023, at 6:23 PM, Greg Mirsky <gregimirsky@gmail.com> wrote:
> 
> Hi Jeff,
> thank you for your kind consideration of the proposal. Indeed, leaving a chunk of memory unchanged is a privacy issue. As I understand the proposal, none of the fields defined in RFC 5880 for the BFD Control message is used for demultiplexing BFD sessions and/or packet validation. Is that correct?

The Discriminator field is used for demux.  Authentication is utilized, if present.


> If that is the case, what is the need to use the BFD Control message altogether? And one more step, What is the benefit of using a well-known BFD Echo UDP port number? I believe that using a well-known port increases the security risk rather than bringing any benefits. From what I understand in the application of the mechanism, the sender can use a UDP port number assigned from the dynamic/private range of port numbers. And the payload can be anything, i.e., filled with bit pattern randomly chosen by the Sender. Am I missing something?

Please note you're trying to fight up the slope of the mountain.  This feature exists and has long been shipping in various forms already.  Our goal here is to try to take the less precise descriptions of the feature and apply some IETF rigor to it.  Thanks for helping with that effort.

Recall that the point is that using the BFD echo port in packet loopback mode and sending BFD Async packets within it is largely "talking to yourself".  The device running this proposal is still running BFD, using as much of the BFD Async machinery as makes sense in the mode.  The time fields are, as you note, useless.  However, the authentication, discriminator fields let an implementation still do demux and authentication without having to write new code.

BFD Echo mode was intentionally underspecified to allow implementations to decide what they're going to put in the packets.  Implementation considerations of BFD Echo have always had the concerns for:
- Is this packet actually sourced by the implementation
- Is spoofing happening
- How do you handle demux when there might be multiple sessions?

The fact that this information is part of the BFD control messages has clearly been a convenience to multiple implementations of Echo.

This document simply formalizes one flavor of it.

-- Jeff