Re: [savnet] Some thoughts on SAVNET
tolidan@tsinghua.edu.cn Mon, 21 March 2022 13:00 UTC
Return-Path: <tolidan@tsinghua.edu.cn>
X-Original-To: savnet@ietfa.amsl.com
Delivered-To: savnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 75C5D3A0029
for <savnet@ietfa.amsl.com>; Mon, 21 Mar 2022 06:00:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001,
RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001,
RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=tsinghua.edu.cn
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id oHc2yG02xNag for <savnet@ietfa.amsl.com>;
Mon, 21 Mar 2022 06:00:42 -0700 (PDT)
Received: from zg8tmty1ljiyny4xntqumjca.icoremail.net
(zg8tmty1ljiyny4xntqumjca.icoremail.net [165.227.154.27])
by ietfa.amsl.com (Postfix) with SMTP id 349303A003C
for <savnet@ietf.org>; Mon, 21 Mar 2022 06:00:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=tsinghua.edu.cn; s=dkim; h=Received:From:To:Subject:Date:
Message-ID:MIME-Version:Content-Type:Thread-Index:
Content-Language; bh=seRCg3OjD4dcY5VYnSy2DeaXvrVC7h7UcYBIzy8m7L0
=; b=Nr9VikGqX//9m2oEfIBxjJdq0iFvF67TmdPn5b6UqmzoYV+T8usqQUlWklG
CpQkiv2AtRGjbtgJvtAJ1c0h67Ctrh4D7UZjkLXSEaqDXEZKjCJbKlJVJdndqXsB
4HASylE8UNqCAYdMJuUn7C07zxxYF1O/7vMFXfHHWkQ42l4M=
Received: from DESKTOPA8LSRCM (unknown [124.126.202.153])
by web4 (Coremail) with SMTP id ywQGZQAnOCbvdjhi9zj2EA--.36150S2;
Mon, 21 Mar 2022 21:00:32 +0800 (CST)
From: <tolidan@tsinghua.edu.cn>
To: "'Jari Arkko'" <jari.arkko@piuha.net>,
<savnet@ietf.org>
Date: Mon, 21 Mar 2022 21:00:38 +0800
Message-ID: <008001d83d23$aa642870$ff2c7950$@tsinghua.edu.cn>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0081_01D83D66.B889B260"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: Adg9IKZCScySjjGkSTmN7FDMCwF42g==
Content-Language: zh-cn
X-CM-TRANSID: ywQGZQAnOCbvdjhi9zj2EA--.36150S2
X-Coremail-Antispam: 1UD129KBjvJXoW3GFWrArWruw1fZF15Wr17Jrb_yoWxGw1fpF
WfKas8Grn5JryfJFW7Xw4xZF1F9rWkKFW3Jw1rGw4DZws8GFyS9Fy0qr45uasruw4fZw1j
vr4j9r98Ar90vaDanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2
9KBjDU0xBIdaVrnRJUUUB2b7Iv0xC_Kw4lb4IE77IF4wAFF20E14v26r1j6r4UM7CY07I2
0VC2zVCF04k26cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rw
A2F7IY1VAKz4vEj48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_Ar0_tr1l84ACjcxK6xII
jxv20xvEc7CjxVAFwI0_Cr0_Gr1UM28EF7xvwVC2z280aVAFwI0_GcCE3s1l84ACjcxK6I
8E87Iv6xkF7I0E14v26rxl6s0DM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVAYj202
j2C_Xr0_Wr1l5I8CrVAqjxCE14ACF2xKxwAqx4xG64kEw2xG04xIwI0_Jr0_Gr1l5I8CrV
CF0I0E4I0vr24lYx0E2Ix0cI8IcVAFwI0_Jr0_Jr4lYx0Ex4A2jsIE14v26r1j6r4UMcvj
eVCFs4IE7xkEbVWUJVW8JwACjcxG0xvY0x0EwIxGrwAKzVCY07xG64k0F24l42xK82IYc2
Ij64vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUGVWUWwC20s02
6x8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r1Y6r17MIIYrxkI7VAKI48JMIIF0x
vE2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I0E14v26r1j6r4UMIIF0xvE
42xK8VAvwI8IcIk0rVWUJVWUCwCI42IY6I8E87Iv67AKxVWUJVW8JwCI42IY6I8E87Iv6x
kF7I0E14v26r4j6r4UJbIYCTnIWIevJa73UjIFyTuYvjxUgnmRUUUUU
X-CM-SenderInfo: pwroxvtdq632xlqjx3vdohv3gofq/1tbiAgIMCV7nFRwKvgAAsB
Archived-At: <https://mailarchive.ietf.org/arch/msg/savnet/A8TBnqVdpp3DLou0HeFrnzaMZr0>
Subject: Re: [savnet] Some thoughts on SAVNET
X-BeenThere: savnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <savnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/savnet>,
<mailto:savnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/savnet/>
List-Post: <mailto:savnet@ietf.org>
List-Help: <mailto:savnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savnet>,
<mailto:savnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2022 13:00:48 -0000
Continue the discussion with Jari here. In the previous email I said that OSPF is not enough to discover the real forwarding path in the data plane, because the data-plane forwarding path may not only be determined by OSPF. Static routing, ACL-like routing redirection may also change the real data-plane forwarding path. We can argue that there are two possible solutions: learning the actual forwarding path used vs. the set of possible forwarding paths. There are two issues. 1) We need a way to determine which are “possible” forwarding paths. For intra-domain SAV, since network topology is a connected graph, if we do not consider the routing/configuration choices, every incoming interface may be the “possible” incoming interface. If we consider the routing/configuration choices, there will be a “delay” between routing update and SAV learning. But maybe we can add the “possible” path from FRR (fast rerouting). For inter-domain SAV, if we want to consider “possible” forwarding path, we can ask each AS to send the prefix notification message to all the neighboring ASes from which a BGP routing message is announced, instead of only sending the prefix notification to the neighboring AS which is selected as the next hop. 2) Accuracy. If we can select the real forwarding path, the improper permit ratio will be minimized, but there may be improper block. If we can select all the “possible” paths, the improper block ratio will be reduced. If setting every interface as the possible incoming interface, the improper block ration will be zero, but it does not help solve the source address spoofing problem at all. Dan 发件人: savnet-bounces@ietf.org <savnet-bounces@ietf.org> 代表 Jari Arkko 发送时间: 2022年3月21日 20:13 收件人: savnet@ietf.org 主题: [savnet] Some thoughts on SAVNET I’ve been reading through the meeting materials. Some questions and comments below. These are of course my opinions only but provided in case they are useful for your consideration. Intro/chairs slides: * Looked good, right framing for the discussion. Gap analysis – overall good, some comments though: * Nice focus on incentives (e.g., page 4) – good! * “Traditional Internet architecture lacks SAV (source address validation)”. To me this seemed a bit too hard statement to make. Source address checking is as old as the dial-up times in the 1990s. But it is of limited capability or coverage though. * ”SAV for access network - SAVI [RFC 6620, 6959, 7039, 7219, 7513, 8074]”. Is this list of RFCs complete? Ingress filtering in the access networks predates the work on SAVI, see e.g. RFC 2267. * I was trying to think about the root cause situation (slide 9), and wondered about fundamentals of routing. Not that I know much about it, but … Could it be that there are actually three root causes?: * One, if you do not use all the information that would be available. For instance, if you *did* have a network topology map like the one on slide 8, you *could* in theory calculate that P2 can only come from AS2, whereas P3 could come from AS1, AS3, or AS5 given their connectivity. RFC 8704 doesn’t seem to use this info.. and I’m not sure if that’s because of BGP’s nature as a distance vector/path vector protocol. * Secondly, not all necessary information is passed from the networks to each other. * Thirdly, something happens in network part X, and this needs to be taken into account in network part Y in real-time. There doesn’t seem to be a way around this actually, it is always the case that X knows the situation before Y, so either you (a) ensure that no data plane packets get sent before you’ve confirmed that Y has learned about the change (introducing an undesirable delay) or (b) accept that before Y learns of the true situation, some packets may be improperly discarded or passed through a SAV check. Given this, it would seem to be that to improve SAV, one has to primarily ensure that enough data is shared and that all the shared data is actually used. This does not necessarily need a new network protocol, if existing routing protocols pass the necessary information. It would seem to be the case that OSPF for instance does, if I have understood things correctly. Of course, you may wish to ensure that there’s less temporary glitches when something changes. However, that doesn’t fundamentally seem to be possible with introducing a delay of some kind. But one can of course reduce the delay by ensuring that either a routing protocol or new protocol communicates a change as soon as it has happened. Would appreciate comments on this. Am I missing something? * Overall question about incentives is whether an incremental improvement in SAV with a cost is more desirable than putting the same cost in some other activity. DSAV: * Overall looked good * I really liked having a set of open questions, thanks for this! * Is there an open question of whether a DSAV protocol could be an extension of a routing protocol? * Authenticating the DSAV protocol messages seems to be a clearly required requirement. Perhaps based on the same methods used for authenticating routing protocol statements. Still, it is unclear if there’s an actual difference. If I am a network X, I can show that I own prefix P (e.g., via RPKI) and statements about that will be believed by receivers. And since X has a peering agreement with Y, Y believes that the messages come from a legitimate peer. However, it is less clear to me how routing protocol information (you can reach Z via X) or other source address data (X will be sending from prefixes P and Q) can be believed… ESAV: * Nicely explained, overall good again * Presentation doesn’t include details of how tags are generated and verified, but there’s a lot of material on hierarchies. Is that the right choice? Draft section 8.3 was clearer to me. Still, details may also matter, how many bits, etc. * Incentive question: If the problem is that network X hasn’t done its access-side source address validation correctly, what are the chances that it will add tag-generating feature on its outgoing interface? Would the ESAV only be done between networks that didn’t have a SAV problem to begin with? Jari
- [savnet] Some thoughts on SAVNET Jari Arkko
- Re: [savnet] Some thoughts on SAVNET tolidan