Re: [secdir] secdir review of draft-ietf-pwe3-mpls-transport-04
Stewart Bryant <stbryant@cisco.com> Mon, 03 August 2009 15:37 UTC
Return-Path: <stbryant@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 61A3B3A6DF6; Mon, 3 Aug 2009 08:37:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.454
X-Spam-Level:
X-Spam-Status: No, score=-10.454 tagged_above=-999 required=5 tests=[AWL=0.145, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WjhJmtlWU5Wn; Mon, 3 Aug 2009 08:37:05 -0700 (PDT)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by core3.amsl.com (Postfix) with ESMTP id E72DB3A6E47; Mon, 3 Aug 2009 08:37:04 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.43,315,1246838400"; d="scan'208";a="46355798"
Received: from ams-dkim-1.cisco.com ([144.254.224.138]) by ams-iport-1.cisco.com with ESMTP; 03 Aug 2009 15:37:06 +0000
Received: from ams-core-1.cisco.com (ams-core-1.cisco.com [144.254.224.150]) by ams-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id n73Fb6hK007113; Mon, 3 Aug 2009 17:37:06 +0200
Received: from cisco.com (mrwint.cisco.com [64.103.71.48]) by ams-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id n73Fb6tY019640; Mon, 3 Aug 2009 15:37:06 GMT
Received: from dhcp-gpk02-vlan300-64-103-65-48.cisco.com (localhost [127.0.0.1]) by cisco.com (8.11.7p3+Sun/8.8.8) with ESMTP id n73Fb5D13738; Mon, 3 Aug 2009 16:37:05 +0100 (BST)
Message-ID: <4A770420.1040402@cisco.com>
Date: Mon, 03 Aug 2009 16:37:04 +0100
From: Stewart Bryant <stbryant@cisco.com>
User-Agent: Thunderbird 2.0.0.19 (Macintosh/20081209)
MIME-Version: 1.0
To: Radia Perlman <Radia.Perlman@sun.com>
References: <4A76F9D3.3080806@sun.com>
In-Reply-To: <4A76F9D3.3080806@sun.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=2357; t=1249313826; x=1250177826; c=relaxed/simple; s=amsdkim1002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=stbryant@cisco.com; z=From:=20Stewart=20Bryant=20<stbryant@cisco.com> |Subject:=20Re=3A=20secdir=20review=20of=20draft-ietf-pwe3- mpls-transport-04 |Sender:=20; bh=bO2T5a77kwdWJzAIviBRO0SfVInUJRd//DJSwvyQUjg=; b=rD9XUUzAPfNp3G+mmOEZQRpe0G3Ccx4zbK5fDPOc2XIgr8tEUWyQdlFSoY qRUQp2HQKPE0DfjyRkwWaEwAr77rGkLudF0z+3/lindRs93gX7dxMEVwcRfC Y/+vM+r+5E;
Authentication-Results: ams-dkim-1; header.From=stbryant@cisco.com; dkim=pass ( sig from cisco.com/amsdkim1002 verified; );
Cc: swallow@cisco.com, tom.nadeau@bt.com, mmorrow@cisco.com, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-pwe3-mpls-transport-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: stbryant@cisco.com
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Aug 2009 15:37:06 -0000
Radia Thank you for the review. Radia Perlman wrote: > This document describes how to make an MPLS-TP path one one party > (party A) > appear to be an MPLS-TP link of another (party B), in other words, > tunneling > party B's MPLS-TP information over party A's -provided path. > > As noted in the security considerations section, there are no new > security > issues raised by using this already-existing mechanism for this purpose. > > One comment: Rao Cherukuri's email address seems to be missing > from "authors' addresses". > > A couple of questions, really...it looks like the term "Transport" is > used > in the MPLS/ITU context to mean more like layer 3, rather than end-to-end > layer 4 (like TCP). Although this always seemed a much more natural use > of the term "transport" (since layer 3 and layer 2 really do transport > things > and layer 4 doesn't), why is it is called "TP" here? Yes we are using the term transport in the way that ITU-T SG15 use the term. I would say that we are defining it the same way, but that do not seem to have a crisp definition themselves :) in other words we are designing a replacement for SDH and similar methods of providing long distance physical connectivity The term MPLS-TP stands for MPLS Transport Profile. This is the subset of the MPLS protocol suite needed to provide Transport Network Connectivity. > > And in the security considerations section it mentions the problem of > static configuration having the possibility of a forwarding loop. > Again just > a comment -- admittedly a packet can go round the loop a few times before > the TTL expires, but given that there is a TTL, it seems like a > looping MPLS > path might not be too bad. Transport networks are traffic engineered rather than best effort so the impact is that the packet consumes remaining TTL times the budgeted capacity, which effects the bandwidth/delay provided to other services. > Especially if part of the static configuration would > be the TTL to initiate packets on, for a particular MPLS path. An interesting thought, which I would like to ponder. It turns out that we often know the TTL since we use TTL expiry to deliver OAM messages to MIPS. > > But as for the document being reviewed -- no security issues. > > Radia > > Thanks Stewart > >
- [secdir] secdir review of draft-ietf-pwe3-mpls-tr… Radia Perlman
- Re: [secdir] secdir review of draft-ietf-pwe3-mpl… Stewart Bryant