Re: [savi] Gen-ART review of draft-ietf-savi-threat-scope-05
"Joel M. Halpern" <jmh@joelhalpern.com> Mon, 16 May 2011 17:09 UTC
Return-Path: <jmh@joelhalpern.com>
X-Original-To: savi@ietfa.amsl.com
Delivered-To: savi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 319F3E0784; Mon, 16 May 2011 10:09:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5XVrxEzx0wrI; Mon, 16 May 2011 10:09:23 -0700 (PDT)
Received: from hgblob.out.tigertech.net (hgblob.out.tigertech.net [74.114.88.71]) by ietfa.amsl.com (Postfix) with ESMTP id 4D321E074A; Mon, 16 May 2011 10:09:23 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by hgblob.tigertech.net (Postfix) with ESMTP id 1C44F3254008; Mon, 16 May 2011 10:09:23 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at hgblob.tigertech.net
Received: from [192.168.1.4] (pool-173-66-76-136.washdc.fios.verizon.net [173.66.76.136]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by hgblob.tigertech.net (Postfix) with ESMTPSA id 1928F3245458; Mon, 16 May 2011 10:09:22 -0700 (PDT)
Message-ID: <4DD15A40.2010209@joelhalpern.com>
Date: Mon, 16 May 2011 13:09:20 -0400
From: "Joel M. Halpern" <jmh@joelhalpern.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: david.black@emc.com
References: <7C4DFCE962635144B8FAE8CA11D0BF1E055F69357F@MX14A.corp.emc.com> <4DCD4DEA.2050902@joelhalpern.com> <7C4DFCE962635144B8FAE8CA11D0BF1E055F6937FA@MX14A.corp.emc.com> <4DD142AE.5030409@joelhalpern.com> <7C4DFCE962635144B8FAE8CA11D0BF1E055F693A04@MX14A.corp.emc.com>
In-Reply-To: <7C4DFCE962635144B8FAE8CA11D0BF1E055F693A04@MX14A.corp.emc.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: dmcpherson@verisign.com, savi@ietf.org, gen-art@ietf.org, christian.vogt@ericsson.com, jeanmichel.combes@gmail.com, joel.halpern@ericsson.com
Subject: Re: [savi] Gen-ART review of draft-ietf-savi-threat-scope-05
X-BeenThere: savi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mailing list for the SAVI working group at IETF <savi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/savi>, <mailto:savi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/savi>
List-Post: <mailto:savi@ietf.org>
List-Help: <mailto:savi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 May 2011 17:09:24 -0000
I can plan to make these changes at the end of the last call. Joel On 5/16/2011 12:56 PM, david.black@emc.com wrote: > Joel, > > I think the LACP discussion could be added to 4.1.1. > > I also think that there's a general theme that needs to be covered across all of 4.1.1 - 4.1.4: When there are multiple traffic egress points from a domain (4.1.1 - 4.1.4 cover four different types of domains), the SAVI checks on all the egresses should be coordinated and consistent in order to avoid surprises when the traffic switches to a different egress point. > > Thanks, > --David > >> -----Original Message----- >> From: Joel M. Halpern [mailto:jmh@joelhalpern.com] >> Sent: Monday, May 16, 2011 11:29 AM >> To: Black, David >> Cc: dmcpherson@verisign.com; fred@cisco.com; joel.halpern@ericsson.com; gen-art@ietf.org; >> savi@ietf.org; christian.vogt@ericsson.com; jeanmichel.combes@gmail.com >> Subject: Re: [savi] Gen-ART review of draft-ietf-savi-threat-scope-05 >> >> Looking at the draft more carefully (when I am more awake, sorry), I >> think what you are asking is that more text be put in section 4.1, maybe >> a subsection? That additional text would talk about placement on a >> switch that is not directly attached to the client, but is not as far >> upstream as the first hop router? That text would include mention of >> the effect of spanning tree variation and LACP path changes. >> >> Sorry I was dense, >> Joel >> >> On 5/15/2011 9:45 PM, david.black@emc.com wrote: >>> Joel, >>> >>> If LACP is running active-passive across links to two different switches, there may be no physical >> network node common to the currently active and currently passive paths for some traffic. If SAVI >> is set up poorly, a switch to the currently passive link could remove validation checks or black- >> hole traffic that was flowing on the previously active link. For example, binding an IP address to a >> single port or ports on a single switch is insufficient in such an environment (address validation >> binding needs to span switches). >>> >>> The material in 5.2.4 on Multi-LAN Hosts looks like a starting point - wrt SAVI, active-passive >> link aggregation across multiple switches can be a way to get into that sort of trouble on a single >> LAN (!). Beyond that, I think the notion that SAVI checks should be consistent across alternate >> paths for the same traffic is applicable at other scopes, e.g., all egresses from a multi-homed >> network to the ISP networks involved. >>> >>> Thanks, >>> --David >>> >>>> -----Original Message----- >>>> From: Joel M. Halpern [mailto:jmh@joelhalpern.com] >>>> Sent: Friday, May 13, 2011 11:28 AM >>>> To: Black, David >>>> Cc: dmcpherson@verisign.com; fred@cisco.com; joel.halpern@ericsson.com; gen-art@ietf.org; >>>> savi@ietf.org; christian.vogt@ericsson.com; jeanmichel.combes@gmail.com >>>> Subject: Re: [savi] Gen-ART review of draft-ietf-savi-threat-scope-05 >>>> >>>> Thank you David. >>>> I think I understand the second part of your comment (about >>>> multi-instance hosts), and will have to look at the document more to see >>>> how to address that. >>>> >>>> I am not sure I understand what the question is regarding the LACP / >>>> link group issue. Is this really different from the issues that arise >>>> whenever the SAVI functionality is not on the leaf switch? Where in the >>>> document do you think it would help to discuss this? >>>> >>>> Thank you, >>>> Joel >>>> >>>> On 5/13/2011 1:03 AM, david.black@emc.com wrote: >>>>> I am the assigned Gen-ART reviewer for this draft. For background on >>>>> Gen-ART, please see the FAQ at >>>>> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. >>>>> >>>>> Please resolve these comments along with any other Last Call comments >>>>> you may receive. >>>>> >>>>> Document: draft-ietf-savi-threat-scope-05 >>>>> Reviewer: David L. Black >>>>> Review Date: 12 May 2011 >>>>> IETF LC End Date: 18 May 2011 >>>>> >>>>> Summary: This draft is on the right track, but has open issues, described in the review. >>>>> >>>>> This draft discusses the threats and deployment environment for IP source >>>>> address validation with particular attention to finer-grain validation that >>>>> could be used within a network to validate IP addresses closer to the sources >>>>> of network traffic than ingress to an ISP's network. >>>>> >>>>> Major issues: >>>>> >>>>> There is no discussion of link teaming or aggregation (e.g., via LACP); this >>>>> may affect source address validation functionality by requiring the same >>>>> validation checks on all aggregated ports. An important case to discuss >>>>> is where the aggregated host links are connected to ports on different switches >>>>> (e.g., in an active/passive configuration). >>>>> >>>>> The discussion of multi-instance hosts in section 5.2.3 is incomplete >>>>> in several important aspects: >>>>> >>>>> (1) Some of the software switch implementations are single instance switches >>>>> whose implementation is distributed across multiple physical servers. This >>>>> results in concerns similar to the link aggregation discussion above. >>>>> >>>>> (2) Live migration of virtual machines among physical servers causes >>>>> relocation of MAC addresses across switch ports. A so-called "gratuitous ARP" >>>>> is often used to inform the network of the MAC address move; port-based >>>>> source address validation information needs to move in response to such ARPs. >>>>> >>>>> (3) MAC address relocation is also used as a failure recovery technique; the >>>>> surviving hardware element (e.g., host in a cluster) takes over the MAC >>>>> addresses of the failed hardware; like the previous case, a "gratuitous ARP" >>>>> is a common means of informing the network that the MAC address has moved, >>>>> and source address validation information needs to move in response to it. >>>>> >>>>> Minor issues: >>>>> >>>>> There doesn't seem to be much discussion of dynamic network reconfiguration, >>>>> which may change traffic egress points. VRRP may be a useful example to >>>>> discuss beyond the typical routing protocol updates to forwarding tables. >>>>> >>>>> Nits/editorial comments: >>>>> >>>>> idnits 2.12.11 ran clean. >>>>> >>>>> Thanks, >>>>> --David >>>>> ---------------------------------------------------- >>>>> David L. Black, Distinguished Engineer >>>>> EMC Corporation, 176 South St., Hopkinton, MA 01748 >>>>> +1 (508) 293-7953 FAX: +1 (508) 293-7786 >>>>> david.black@emc.com Mobile: +1 (978) 394-7754 >>>>> ---------------------------------------------------- >>>>> >>>>> >>>>> _______________________________________________ >>>>> savi mailing list >>>>> savi@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/savi >>>>> >>> >>> > >
- [savi] Gen-ART review of draft-ietf-savi-threat-s… david.black
- Re: [savi] Gen-ART review of draft-ietf-savi-thre… Joel M. Halpern
- Re: [savi] Gen-ART review of draft-ietf-savi-thre… david.black
- Re: [savi] Gen-ART review of draft-ietf-savi-thre… Joel M. Halpern
- Re: [savi] Gen-ART review of draft-ietf-savi-thre… david.black
- Re: [savi] Gen-ART review of draft-ietf-savi-thre… Joel M. Halpern
- Re: [savi] Gen-ART review of draft-ietf-savi-thre… Jari Arkko
- Re: [savi] Gen-ART review of draft-ietf-savi-thre… Joel Halpern
- Re: [savi] Gen-ART review of draft-ietf-savi-thre… Joel Halpern
- [savi] Gen-ART review of draft-ietf-savi-threat-s… Black, David
- Re: [savi] Gen-ART review of draft-ietf-savi-thre… Black, David
- Re: [savi] Gen-ART review of draft-ietf-savi-thre… Ted Lemon
- Re: [savi] Gen-ART review of draft-ietf-savi-thre… Black, David
- Re: [savi] Gen-ART review of draft-ietf-savi-thre… Joel Halpern
- Re: [savi] Gen-ART review of draft-ietf-savi-thre… Joel M. Halpern
- Re: [savi] Gen-ART review of draft-ietf-savi-thre… Black, David
- Re: [savi] Gen-ART review of draft-ietf-savi-thre… Ted Lemon
- Re: [savi] Gen-ART review of draft-ietf-savi-thre… Joel Halpern
- Re: [savi] Gen-ART review of draft-ietf-savi-thre… Joel M. Halpern
- Re: [savi] Gen-ART review of draft-ietf-savi-thre… Black, David
- Re: [savi] Gen-ART review of draft-ietf-savi-thre… Joel Halpern Direct
- Re: [savi] Gen-ART review of draft-ietf-savi-thre… Black, David
- Re: [savi] Gen-ART review of draft-ietf-savi-thre… Russ Housley
- Re: [savi] Gen-ART review of draft-ietf-savi-thre… Ted Lemon