Re: [secdir] Secdir review of draft-ietf-opsawg-large-flow-load-balancing-11
Anoop Ghanwani <anoop@alumni.duke.edu> Sat, 14 June 2014 00:51 UTC
Return-Path: <ghanwani@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C8121B2ACC; Fri, 13 Jun 2014 17:51:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.677
X-Spam-Level:
X-Spam-Status: No, score=-0.677 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_22=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GPhBu5eSoMxL; Fri, 13 Jun 2014 17:51:01 -0700 (PDT)
Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1390E1B2ACA; Fri, 13 Jun 2014 17:51:00 -0700 (PDT)
Received: by mail-wi0-f181.google.com with SMTP id n3so1673622wiv.14 for <multiple recipients>; Fri, 13 Jun 2014 17:50:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=+3IO2Uvg41zvYvqgeaSa1Ff/J0P/zW6uiE6OGKO96dA=; b=v2O4jWxhlzg/oaPofZrHMcxn86vMRIVJyzZBA3Zb8rRpVZio2ldd3JaGmEUURTCski SMF5eTwH412duswlyfpmtfHb6EWj690dbofuZHZ7oMBz5OV940pV6NsP1TSYxGVjVi0L 6/B+KH6uXgjxANFs+hadeF5RkDDrgEoO2Wzdyjg5VkTqY5wQOHvo/uXAJnN8PtwShSnj 7iKkDaIa04g5OJVEc9efflaR7BepXuQkRsV559derkSqWSSabx8SCGoUdCKmAfkih4j/ nTf8zqp2Qon8zKZyzXSn5l4HrENaYEQVdycbM2XOzWKFYplj0yjCuTILxLcs8r60MJXp oE6A==
MIME-Version: 1.0
X-Received: by 10.194.1.164 with SMTP id 4mr8567313wjn.17.1402707059538; Fri, 13 Jun 2014 17:50:59 -0700 (PDT)
Sender: ghanwani@gmail.com
Received: by 10.216.182.67 with HTTP; Fri, 13 Jun 2014 17:50:59 -0700 (PDT)
In-Reply-To: <0D637AC0-FD4F-4865-8D14-ADB75BAB072E@gmail.com>
References: <0D637AC0-FD4F-4865-8D14-ADB75BAB072E@gmail.com>
Date: Fri, 13 Jun 2014 17:50:59 -0700
X-Google-Sender-Auth: tfHnIjJUE-YnBMQ6867iADTNr2k
Message-ID: <CA+-tSzxkcki0eQomAfM0CX4HaRaZ3RLpZMCJ-5wJxGR1PV8_jw@mail.gmail.com>
From: Anoop Ghanwani <anoop@alumni.duke.edu>
To: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="047d7b3a817602056a04fbc13079"
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/gLqHIig9gxq95FIQ_YSSjy1x-nc
X-Mailman-Approved-At: Fri, 13 Jun 2014 18:02:53 -0700
Cc: "draft-ietf-opsawg-large-flow-load-balancing.all@tools.ietf.org" <draft-ietf-opsawg-large-flow-load-balancing.all@tools.ietf.org>, "<iesg@ietf.org> IESG" <iesg@ietf.org>, "<secdir@ietf.org>" <secdir@ietf.org>
Subject: Re: [secdir] Secdir review of draft-ietf-opsawg-large-flow-load-balancing-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Jun 2014 00:51:03 -0000
Yoav, Thanks for the review. We have just posted an updated version. On Mon, Apr 28, 2014 at 6:47 AM, Yoav Nir <ynir.ietf@gmail.com> wrote: > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > tl;dr version: the document is ready. > > I was a little surprised by the way the document is organized, and I'm not > sure who the target audience is. On the one hand it is very verbose on > explanations (that's a good thing!) and I could very well understand it > even though I lack any background on the matter. On the other hand, the > order in which things are explained seems strange: > > The introduction talks about large flows vs small flows, long-lived flows > vs short-lived flows, and Large flows vs Small flows (no, I'm not repeating > myself, capitalize Large is different from lower-case large and in fact > means both "large" and "long-lived"). This is actually explained in the introduction. We only use large flow (no capitalization needed) to mean large, long-lived flow. Everything else is a small flow. > But three things are totally missing: What is a flow? How large does a > flow have to be to be considered "large" (lower case), and how long must a > flow continue to be considered "long-lived". Even the terminology section > (1.2) defines Large, Small and small again, but not what a flow is. These > concepts are finally explained in sections 4.1, 4.3.1, and 4.3.2. > The document describes how load balancing can be achieved by moving large > flows around between links and by removing loaded links from the hash > table, so that Small (or actually un-classified) new flows will not go to > overloaded links. This is an improvement over the assumed default that is > statically assigning flows to links based on a hash. > > The document has a short security considerations section that says that it > does not impact the security of the Internet infrastructure or > applications. I tend to agree, because the parts of the network where these > protocols tends to be mostly stateless, so moving flows from one component > to another should not make a difference. It would be different if there > were supposed to be firewalls on the nodes. > The security considerations also says that load balancing might help in > resisting DoS attacks, for example if an attacker can create traffic where > the hash would collide with some Large flow. With load balancing either the > attacker's flow or the Large flow is moved, eliminating the contention. > Again, I tend to agree, although this will allow a more powerful attacker > to overload all the links, not just the ones they can target with the hash > function. Still, an attacker powerful enough to overload all the links is > likely to be able to create traffic that collides with all links anyway. > We have added to the security section based on comments from the GEN-ART review. > > I don't think there's anything missing from the security considerations. > > Hope this helps > > Yoav > Thanks, Anoop
- [secdir] Secdir review of draft-ietf-opsawg-large… Yoav Nir
- Re: [secdir] Secdir review of draft-ietf-opsawg-l… Chris Inacio
- Re: [secdir] Secdir review of draft-ietf-opsawg-l… Anoop Ghanwani
- Re: [secdir] Secdir review of draft-ietf-opsawg-l… Anoop Ghanwani
- Re: [secdir] Secdir review of draft-ietf-opsawg-l… Yoav Nir