Re: [secdir] Secdir review of draft-ietf-opsawg-large-flow-load-balancing-11

Anoop Ghanwani <anoop@alumni.duke.edu> Sat, 14 June 2014 00:51 UTC

Return-Path: <ghanwani@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C8121B2ACC; Fri, 13 Jun 2014 17:51:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.677
X-Spam-Level:
X-Spam-Status: No, score=-0.677 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_22=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GPhBu5eSoMxL; Fri, 13 Jun 2014 17:51:01 -0700 (PDT)
Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1390E1B2ACA; Fri, 13 Jun 2014 17:51:00 -0700 (PDT)
Received: by mail-wi0-f181.google.com with SMTP id n3so1673622wiv.14 for <multiple recipients>; Fri, 13 Jun 2014 17:50:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=+3IO2Uvg41zvYvqgeaSa1Ff/J0P/zW6uiE6OGKO96dA=; b=v2O4jWxhlzg/oaPofZrHMcxn86vMRIVJyzZBA3Zb8rRpVZio2ldd3JaGmEUURTCski SMF5eTwH412duswlyfpmtfHb6EWj690dbofuZHZ7oMBz5OV940pV6NsP1TSYxGVjVi0L 6/B+KH6uXgjxANFs+hadeF5RkDDrgEoO2Wzdyjg5VkTqY5wQOHvo/uXAJnN8PtwShSnj 7iKkDaIa04g5OJVEc9efflaR7BepXuQkRsV559derkSqWSSabx8SCGoUdCKmAfkih4j/ nTf8zqp2Qon8zKZyzXSn5l4HrENaYEQVdycbM2XOzWKFYplj0yjCuTILxLcs8r60MJXp oE6A==
MIME-Version: 1.0
X-Received: by 10.194.1.164 with SMTP id 4mr8567313wjn.17.1402707059538; Fri, 13 Jun 2014 17:50:59 -0700 (PDT)
Sender: ghanwani@gmail.com
Received: by 10.216.182.67 with HTTP; Fri, 13 Jun 2014 17:50:59 -0700 (PDT)
In-Reply-To: <0D637AC0-FD4F-4865-8D14-ADB75BAB072E@gmail.com>
References: <0D637AC0-FD4F-4865-8D14-ADB75BAB072E@gmail.com>
Date: Fri, 13 Jun 2014 17:50:59 -0700
X-Google-Sender-Auth: tfHnIjJUE-YnBMQ6867iADTNr2k
Message-ID: <CA+-tSzxkcki0eQomAfM0CX4HaRaZ3RLpZMCJ-5wJxGR1PV8_jw@mail.gmail.com>
From: Anoop Ghanwani <anoop@alumni.duke.edu>
To: Yoav Nir <ynir.ietf@gmail.com>
Content-Type: multipart/alternative; boundary=047d7b3a817602056a04fbc13079
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/gLqHIig9gxq95FIQ_YSSjy1x-nc
X-Mailman-Approved-At: Fri, 13 Jun 2014 18:02:53 -0700
Cc: "draft-ietf-opsawg-large-flow-load-balancing.all@tools.ietf.org" <draft-ietf-opsawg-large-flow-load-balancing.all@tools.ietf.org>, "<iesg@ietf.org> IESG" <iesg@ietf.org>, "<secdir@ietf.org>" <secdir@ietf.org>
Subject: Re: [secdir] Secdir review of draft-ietf-opsawg-large-flow-load-balancing-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Jun 2014 00:51:03 -0000

Yoav,

Thanks for the review.  We have just posted an updated version.

On Mon, Apr 28, 2014 at 6:47 AM, Yoav Nir <ynir.ietf@gmail.com>; wrote:

>
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
>
> tl;dr version: the document is ready.
>
> I was a little surprised by the way the document is organized, and I'm not
> sure who the target audience is. On the one hand it is very verbose on
> explanations (that's a good thing!) and I could very well understand it
> even though I lack any background on the matter.  On the other hand, the
> order in which things are explained seems strange:
>
> The introduction talks about large flows vs small flows, long-lived flows
> vs short-lived flows, and Large flows vs Small flows (no, I'm not repeating
> myself, capitalize Large is different from lower-case large and in fact
> means both "large" and "long-lived").


This is actually explained in the introduction.  We only use large flow (no
capitalization needed) to mean large, long-lived flow.  Everything else is
a small flow.


> But three things are totally missing: What is a flow? How large does a
> flow have to be to be considered "large" (lower case), and how long must a
> flow continue to be considered "long-lived". Even the terminology section
> (1.2) defines Large, Small and small again, but not what a flow is.  These
> concepts are finally explained in sections 4.1, 4.3.1, and 4.3.2.


> The document describes how load balancing can be achieved by moving large
> flows around between links and by removing loaded links from the hash
> table, so that Small (or actually un-classified) new flows will not go to
> overloaded links. This is an improvement over the assumed default that is
> statically assigning flows to links based on a hash.
>
> The document has a short security considerations section that says that it
> does not impact the security of the Internet infrastructure or
> applications. I tend to agree, because the parts of the network where these
> protocols tends to be mostly stateless, so moving flows from one component
> to another should not make a difference. It would be different if there
> were supposed to be firewalls on the nodes.
> The security considerations also says that load balancing might help in
> resisting DoS attacks, for example if an attacker can create traffic where
> the hash would collide with some Large flow. With load balancing either the
> attacker's flow or the Large flow is moved, eliminating the contention.
> Again, I tend to agree, although this will allow a more powerful attacker
> to overload all the links, not just the ones they can target with the hash
> function. Still, an attacker powerful enough to overload all the links is
> likely to be able to create traffic that collides with all links anyway.
>

We have added to the security section based on comments from the GEN-ART
review.

>
> I don't think there's anything missing from the security considerations.
>
> Hope this helps
>
> Yoav
>

Thanks,
Anoop