IETF Logo Mail Archive

[savi] Gen-ART review of draft-ietf-savi-threat-scope-05

<david.black@emc.com> Fri, 13 May 2011 05:08 UTC

Return-Path: <david.black@emc.com>
X-Original-To: savi@ietfa.amsl.com
Delivered-To: savi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 962D7E0681; Thu, 12 May 2011 22:08:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X0aspSjcT--Y; Thu, 12 May 2011 22:08:09 -0700 (PDT)
Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by ietfa.amsl.com (Postfix) with ESMTP id 8A985E065D; Thu, 12 May 2011 22:08:09 -0700 (PDT)
Received: from hop04-l1d11-si01.isus.emc.com (HOP04-L1D11-SI01.isus.emc.com [10.254.111.54]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p4D582dm011063 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 13 May 2011 01:08:03 -0400
Received: from mailhub.lss.emc.com (mailhubhoprd04.lss.emc.com [10.254.222.226]) by hop04-l1d11-si01.isus.emc.com (RSA Interceptor); Fri, 13 May 2011 01:07:49 -0400
Received: from mxhub06.corp.emc.com (mxhub06.corp.emc.com [128.221.46.114]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p4D55NGf026945; Fri, 13 May 2011 01:05:24 -0400
Received: from mx14a.corp.emc.com ([169.254.1.163]) by mxhub06.corp.emc.com ([128.221.46.114]) with mapi; Fri, 13 May 2011 01:05:23 -0400
From: david.black@emc.com
To: dmcpherson@verisign.com, fred@cisco.com, joel.halpern@ericsson.com, gen-art@ietf.org
Date: Fri, 13 May 2011 01:03:18 -0400
Thread-Topic: Gen-ART review of draft-ietf-savi-threat-scope-05
Thread-Index: AcwRKxLMGPOwf18pRUizv8st+VLKCw==
Message-ID: <7C4DFCE962635144B8FAE8CA11D0BF1E055F69357F@MX14A.corp.emc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EMM-MHVC: 1
X-Mailman-Approved-At: Fri, 13 May 2011 08:21:06 -0700
Cc: savi@ietf.org, david.black@emc.com, christian.vogt@ericsson.com, jeanmichel.combes@gmail.com
Subject: [savi] Gen-ART review of draft-ietf-savi-threat-scope-05
X-BeenThere: savi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mailing list for the SAVI working group at IETF <savi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/savi>, <mailto:savi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/savi>
List-Post: <mailto:savi@ietf.org>
List-Help: <mailto:savi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 May 2011 05:08:10 -0000

I am the assigned Gen-ART reviewer for this draft. For background on 
Gen-ART, please see the FAQ at 
<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Please resolve these comments along with any other Last Call comments 
you may receive.

Document: draft-ietf-savi-threat-scope-05
Reviewer: David L. Black
Review Date: 12 May 2011
IETF LC End Date: 18 May 2011

Summary: This draft is on the right track, but has open issues, described in the review.

This draft discusses the threats and deployment environment for IP source
address validation with particular attention to finer-grain validation that
could be used within a network to validate IP addresses closer to the sources
of network traffic than ingress to an ISP's network. 

Major issues:

There is no discussion of link teaming or aggregation (e.g., via LACP); this
may affect source address validation functionality by requiring the same
validation checks on all aggregated ports.  An important case to discuss
is where the aggregated host links are connected to ports on different switches
(e.g., in an active/passive configuration).

The discussion of multi-instance hosts in section 5.2.3 is incomplete
in several important aspects:

(1) Some of the software switch implementations are single instance switches
whose implementation is distributed across multiple physical servers.  This
results in concerns similar to the link aggregation discussion above.

(2) Live migration of virtual machines among physical servers causes 
relocation of MAC addresses across switch ports.  A so-called "gratuitous ARP"
is often used to inform the network of the MAC address move; port-based
source address validation information needs to move in response to such ARPs.

(3) MAC address relocation is also used as a failure recovery technique; the
surviving hardware element (e.g., host in a cluster) takes over the MAC
addresses of the failed hardware; like the previous case, a "gratuitous ARP"
is a common means of informing the network that the MAC address has moved,
and source address validation information needs to move in response to it.

Minor issues: 

There doesn't seem to be much discussion of dynamic network reconfiguration,
which may change traffic egress points.  VRRP may be a useful example to
discuss beyond the typical routing protocol updates to forwarding tables.

Nits/editorial comments:

idnits 2.12.11 ran clean.

Thanks,
--David
----------------------------------------------------
David L. Black, Distinguished Engineer
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786
david.black@emc.com        Mobile: +1 (978) 394-7754
----------------------------------------------------

v2.23.0 | Report a Bug | By Email