Re: rtg-dir review: ross, russ: draft-ietf-mpls-lsp-ping-09.txt

[Ross Callon <rcallon@juniper.net>]

On the most part the document looks quite good. My one substantial
issue is the lack of a defined mechanism for authentication in
draft-ietf-mpls-lsp-ping-09.txt.

One point might be the computational cost of this: However, this would
seem to be just as much an issue for BFD, which is after all supposed
to be do-able at a very rapid rate and which does authentication. Also,
LSP Ping is potentially useful at an "interact with a human trying to
debug things" rate, which would imply that authentication should be fast
enough for at least this common case. Also, making authentication
work at a very high rate is an implementation issue, and is possible (at
least if planned for in future products).

The most obvious authentication methods (password, MD5, SHA1) are
defined for BFD (see section 6.6 of draft-ietf-bfd-base-02.txt), and probably
should also be available for LSP Ping.

Other points: The security considerations section does discuss
authentication. For example:
         "Authentication will help reduce the number of seemingly valid
         MPLS echo requests, and thus cut down the Denial of Service
         attacks;"

First of all, I don't see how you can state that authentication could
be used for this purpose, when there is no authentication defined.

Secondly, authentication only helps prevent DoS for those parts of
the system which are *after* the packets with bad authentication are
discarded. For whatever part of the system has to actually check the
authentication and discard bad packets, authentication can make
DoS *worse*, due to the fact that checking authentication itself
requires work. Whether this is a win or a loss for the specific case of
DoS attacks therefore depends upon a variety of details (such as
whether checking the authentication is done in software on a central
CPU, or is done in some sort of dedicated hardware). Possibly the
security section should explain this. Also there are other more clearly
positive advantages of authentication, such as preventing a hacker
from initiating a ping, which also might be worth discussing in the
security section.

Thanks, Ross

At 12:17 PM 6/3/2005 -0700, Alex Zinin wrote:
>Ross,
>
>   Thanks. Within a week should be fine.
>
>--
>Alex
>http://www.psg.com/~zinin
>
>Thursday, June 2, 2005, 7:43:35 PM, Ross Callon wrote:
> > Okay. I can look at this.
>
> > When do you want the review?
>
> > thanks, Ross
>
> > At 10:18 PM 6/1/2005 -0700, Alex Zinin wrote:
> >>skill-specific: Ross (MPLS)
> >>round-robin: Russ
> >>
> >>This one is out of the MPLS WG, on its way to the IETF LC, which I'm
> >>starting.
> >>
> >>http://www.ietf.org/internet-drafts/draft-ietf-mpls-lsp-ping-09.txt
> >>
> >> > Abstract
> >> >
> >> >    This document describes a simple and efficient mechanism that can be
> >> >    used to detect data plane failures in Multi-Protocol Label Switching
> >> >    (MPLS) Label Switched Paths (LSPs).  There are two parts to this
> >> >    document: information carried in an MPLS "echo request" and "echo
> >> >    reply" for the purposes of fault detection and isolation; and
> >> >    mechanisms for reliably sending the echo reply.
> >>
> >>Thank you.
> >>--
> >>Alex
> >>http://www.psg.com/~zinin