Re: [secdir] Secdir review of draft-ietf-opsawg-large-flow-load-balancing-11

Anoop Ghanwani <> Sat, 14 June 2014 00:51 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 6C8121B2ACC; Fri, 13 Jun 2014 17:51:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.677
X-Spam-Status: No, score=-0.677 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_22=0.6, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id GPhBu5eSoMxL; Fri, 13 Jun 2014 17:51:01 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c05::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1390E1B2ACA; Fri, 13 Jun 2014 17:51:00 -0700 (PDT)
Received: by with SMTP id n3so1673622wiv.14 for <multiple recipients>; Fri, 13 Jun 2014 17:50:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=+3IO2Uvg41zvYvqgeaSa1Ff/J0P/zW6uiE6OGKO96dA=; b=v2O4jWxhlzg/oaPofZrHMcxn86vMRIVJyzZBA3Zb8rRpVZio2ldd3JaGmEUURTCski SMF5eTwH412duswlyfpmtfHb6EWj690dbofuZHZ7oMBz5OV940pV6NsP1TSYxGVjVi0L 6/B+KH6uXgjxANFs+hadeF5RkDDrgEoO2Wzdyjg5VkTqY5wQOHvo/uXAJnN8PtwShSnj 7iKkDaIa04g5OJVEc9efflaR7BepXuQkRsV559derkSqWSSabx8SCGoUdCKmAfkih4j/ nTf8zqp2Qon8zKZyzXSn5l4HrENaYEQVdycbM2XOzWKFYplj0yjCuTILxLcs8r60MJXp oE6A==
MIME-Version: 1.0
X-Received: by with SMTP id 4mr8567313wjn.17.1402707059538; Fri, 13 Jun 2014 17:50:59 -0700 (PDT)
Received: by with HTTP; Fri, 13 Jun 2014 17:50:59 -0700 (PDT)
In-Reply-To: <>
References: <>
Date: Fri, 13 Jun 2014 17:50:59 -0700
X-Google-Sender-Auth: tfHnIjJUE-YnBMQ6867iADTNr2k
Message-ID: <>
From: Anoop Ghanwani <>
To: Yoav Nir <>
Content-Type: multipart/alternative; boundary="047d7b3a817602056a04fbc13079"
X-Mailman-Approved-At: Fri, 13 Jun 2014 18:02:53 -0700
Cc: "" <>, "<> IESG" <>, "<>" <>
Subject: Re: [secdir] Secdir review of draft-ietf-opsawg-large-flow-load-balancing-11
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 14 Jun 2014 00:51:03 -0000


Thanks for the review.  We have just posted an updated version.

On Mon, Apr 28, 2014 at 6:47 AM, Yoav Nir <> wrote:

> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
> tl;dr version: the document is ready.
> I was a little surprised by the way the document is organized, and I'm not
> sure who the target audience is. On the one hand it is very verbose on
> explanations (that's a good thing!) and I could very well understand it
> even though I lack any background on the matter.  On the other hand, the
> order in which things are explained seems strange:
> The introduction talks about large flows vs small flows, long-lived flows
> vs short-lived flows, and Large flows vs Small flows (no, I'm not repeating
> myself, capitalize Large is different from lower-case large and in fact
> means both "large" and "long-lived").

This is actually explained in the introduction.  We only use large flow (no
capitalization needed) to mean large, long-lived flow.  Everything else is
a small flow.

> But three things are totally missing: What is a flow? How large does a
> flow have to be to be considered "large" (lower case), and how long must a
> flow continue to be considered "long-lived". Even the terminology section
> (1.2) defines Large, Small and small again, but not what a flow is.  These
> concepts are finally explained in sections 4.1, 4.3.1, and 4.3.2.

> The document describes how load balancing can be achieved by moving large
> flows around between links and by removing loaded links from the hash
> table, so that Small (or actually un-classified) new flows will not go to
> overloaded links. This is an improvement over the assumed default that is
> statically assigning flows to links based on a hash.
> The document has a short security considerations section that says that it
> does not impact the security of the Internet infrastructure or
> applications. I tend to agree, because the parts of the network where these
> protocols tends to be mostly stateless, so moving flows from one component
> to another should not make a difference. It would be different if there
> were supposed to be firewalls on the nodes.
> The security considerations also says that load balancing might help in
> resisting DoS attacks, for example if an attacker can create traffic where
> the hash would collide with some Large flow. With load balancing either the
> attacker's flow or the Large flow is moved, eliminating the contention.
> Again, I tend to agree, although this will allow a more powerful attacker
> to overload all the links, not just the ones they can target with the hash
> function. Still, an attacker powerful enough to overload all the links is
> likely to be able to create traffic that collides with all links anyway.

We have added to the security section based on comments from the GEN-ART

> I don't think there's anything missing from the security considerations.
> Hope this helps
> Yoav