[secdir] secdir review of draft-ietf-bfd-on-lans

Sam Hartman <hartmans-ietf@mit.edu> Wed, 04 December 2013 20:09 UTC

Return-Path: <hartmans@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 353E41AE2BD; Wed, 4 Dec 2013 12:09:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id a7tqYt30swIn; Wed, 4 Dec 2013 12:08:59 -0800 (PST)
Received: from mail.painless-security.com (mail.painless-security.com []) by ietfa.amsl.com (Postfix) with ESMTP id C5B971AD8E1; Wed, 4 Dec 2013 12:08:59 -0800 (PST)
Received: from localhost (localhost []) by mail.painless-security.com (Postfix) with ESMTP id 986DA20178; Wed, 4 Dec 2013 15:08:00 -0500 (EST)
Received: from mail.painless-security.com ([]) by localhost (mail.suchdamage.org []) (amavisd-new, port 10024) with ESMTP id 4GX0IUt-GyAz; Wed, 4 Dec 2013 15:08:00 -0500 (EST)
Received: from carter-zimmerman.suchdamage.org (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Wed, 4 Dec 2013 15:08:00 -0500 (EST)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 7050D831AE; Wed, 4 Dec 2013 15:08:55 -0500 (EST)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: secdir@ietf.org,iesg@ietf.org
Date: Wed, 04 Dec 2013 15:08:55 -0500
Message-ID: <tsl1u1s5qg8.fsf@mit.edu>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: draft-ietf-bfd-on-lans@tools.ietf.org
Subject: [secdir] secdir review of draft-ietf-bfd-on-lans
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Dec 2013 20:09:01 -0000

I seem to be getting easy documents of late.

This document describes how to run BFD over LAGs.  Multiple l2 links are
combined into a larger l2 link for better throughput and load balancing
and redundancy.
>From the standpoint of /l3 these all appear to be a single interface.

If you look at it funny and futz your tables so BFD gets to treat these
interfaces as distinct, you can use BFD to make sure members of the LAG
are up.

If the universe valued good abstraction layers, entire civilizations
would crumble in disgust every time you send one of these packets.
However, it is a useful hack for performance and code re-use.

The document claims that there are no new security considerations.
As far as I can tell, that is true.

I have no concerns.