Re: rtg-dir review: ross, russ: draft-ietf-mpls-lsp-ping-09.txt

[Alex Zinin <zinin@psg.com>]

Ross, Russ-

 Thanks for reviewing, guys. I'll send your comments to the WG cc'ing the
 rtg-dir.

 Ross, regarding lack of authentication per se, I can see how an argument
 can be made that this is not worse than what the current IP ping/tracert
 have. I does seem strange that the doc tells what the authentication can
 do while there is none.

-- 
Alex
http://www.psg.com/~zinin

Monday, June 13, 2005, 7:07:26 AM, Ross Callon wrote:
> On the most part the document looks quite good. My one substantial
> issue is the lack of a defined mechanism for authentication in
> draft-ietf-mpls-lsp-ping-09.txt.

> One point might be the computational cost of this: However, this would
> seem to be just as much an issue for BFD, which is after all supposed
> to be do-able at a very rapid rate and which does authentication. Also,
> LSP Ping is potentially useful at an "interact with a human trying to
> debug things" rate, which would imply that authentication should be fast
> enough for at least this common case. Also, making authentication
> work at a very high rate is an implementation issue, and is possible (at
> least if planned for in future products).

> The most obvious authentication methods (password, MD5, SHA1) are
> defined for BFD (see section 6.6 of draft-ietf-bfd-base-02.txt), and probably
> should also be available for LSP Ping.

> Other points: The security considerations section does discuss
> authentication. For example:
>          "Authentication will help reduce the number of seemingly valid
>          MPLS echo requests, and thus cut down the Denial of Service
>          attacks;"

> First of all, I don't see how you can state that authentication could
> be used for this purpose, when there is no authentication defined.

> Secondly, authentication only helps prevent DoS for those parts of
> the system which are *after* the packets with bad authentication are
> discarded. For whatever part of the system has to actually check the
> authentication and discard bad packets, authentication can make
> DoS *worse*, due to the fact that checking authentication itself
> requires work. Whether this is a win or a loss for the specific case of
> DoS attacks therefore depends upon a variety of details (such as
> whether checking the authentication is done in software on a central
> CPU, or is done in some sort of dedicated hardware). Possibly the
> security section should explain this. Also there are other more clearly
> positive advantages of authentication, such as preventing a hacker
> from initiating a ping, which also might be worth discussing in the
> security section.

> Thanks, Ross

> At 12:17 PM 6/3/2005 -0700, Alex Zinin wrote:
>>Ross,
>>
>>   Thanks. Within a week should be fine.
>>
>>--
>>Alex
>>http://www.psg.com/~zinin
>>
>>Thursday, June 2, 2005, 7:43:35 PM, Ross Callon wrote:
>> > Okay. I can look at this.
>>
>> > When do you want the review?
>>
>> > thanks, Ross
>>
>> > At 10:18 PM 6/1/2005 -0700, Alex Zinin wrote:
>> >>skill-specific: Ross (MPLS)
>> >>round-robin: Russ
>> >>
>> >>This one is out of the MPLS WG, on its way to the IETF LC, which I'm
>> >>starting.
>> >>
>> >>http://www.ietf.org/internet-drafts/draft-ietf-mpls-lsp-ping-09.txt
>> >>
>> >> > Abstract
>> >> >
>> >> >    This document describes a simple and efficient mechanism that can be
>> >> >    used to detect data plane failures in Multi-Protocol Label Switching
>> >> >    (MPLS) Label Switched Paths (LSPs).  There are two parts to this
>> >> >    document: information carried in an MPLS "echo request" and "echo
>> >> >    reply" for the purposes of fault detection and isolation; and
>> >> >    mechanisms for reliably sending the echo reply.
>> >>
>> >>Thank you.
>> >>--
>> >>Alex
>> >>http://www.psg.com/~zinin