[secdir] Re: Secdir early review of draft-ietf-mpls-mldp-multi-topology-05
"Mankamana Mishra (mankamis)" <mankamis@cisco.com> Thu, 16 May 2024 19:31 UTC
Return-Path: <mankamis@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B409C14F696; Thu, 16 May 2024 12:31:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.166
X-Spam-Level:
X-Spam-Status: No, score=-15.166 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.582, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SPF_HELO_PERMERROR=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b="O7TUBcgN"; dkim=pass (1024-bit key) header.d=cisco.com header.b="OKneiwbI"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZQKAGte-EjTB; Thu, 16 May 2024 12:31:42 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5799CC14F603; Thu, 16 May 2024 12:31:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; i=@cisco.com; l=20458; q=dns/txt; s=iport; t=1715887902; x=1717097502; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=XcfyT+RA/qb+Dp6aIbyClyAEuW7ifqnqln85Dc1Q78I=; b=O7TUBcgNWyxI5oLVQsDIxFbHrGacvxlw7lkscxqiNu6RE7Gl1tjqJiQO 6HETqRtnGnQDoT8Mo/udybKrKkpbmp0oN7GPj0m4mHC8+hAJCrw4O34on ptgQwUPm0jme3PzQLWpK6hEASG4xsPCj3Xfr1eqHxN5KdODSKDiHshjQE Y=;
X-CSE-ConnectionGUID: X0Uqhj60SZ2tQo1jDX4ZZw==
X-CSE-MsgGUID: wnGbtG6HQ9CRBvTnWxbUSw==
X-IPAS-Result: A0AEAADsXUZmmIoNJK1aGwEBAQEBAQEBBQEBARIBAQEDAwEBAWWBFgYBAQELAYFAMVJ6AoEaSIRVg0wDhE5fiG4DlziGUoElA1YPAQEBDQEBRAQBAYUGAhaIKwImNAkOAQICAgEBAQEDAgMBAQEBAQEBAQYBAQUBAQECAQcFFAEBAQEBAQEBHhkFEA4nhTsHMg2GWQEBAQEDEhEdAQElEgEPAgEIEQMBAisCAgIvHQgCBAENBQgagl4BghxIAwGjCQGBQAKKKHqBMoEBggwBAQYEBd13CYFIAYgtASSBMQICiGMnG4FJRIEUAUKCaD6CYQKBYh4GgzU6gi+BbYMliUuDD0GBUgIuboEIR4IYdgQFBhGBKHAOAgYWcSiCGgF0gSo0A3YoW4ZsVHciAyYzIQIRAVUTFws+CRYCFgMbFAQwDwkLJioGNgISDAYGBlkgFgkEIwMIBANEAyBxEQMEGgQLB3WBdoE1BBNHgTgGiW8MgXuBDAIFISmBTCmBDhaCektsE4EKAoJpgXYOEk+DUYRLY4EUgTgdQAMLbT0UIQYOGwUEHwGBGAWiSwSDB4EwIwMEHVYmGhQHBAZAGgUvARgFDCsPA5MVgymLKqNPCoQTmzyGJheEBYx+hnqRU2SYYiCjNoUHAgQCBAUCDwEBBoFlOoFbcBWDIlIZD4d/hiIZg2HHG3g7AgcBCgEBAwmKaAEB
IronPort-PHdr: A9a23:Kmd2vBNxg0xfpeJ7qHIl6nfPWUAX0o4cdiYP4ZYhzrVWfbvmotLpP VfU4rNmi1qaFYnY6vcRk+PNqOigQm0P55+drWoPOIJBTR4LiMga3kQgDceJBFe9LavCZC0hF 8MEX1hgrDmgKUYAIM/lfBXJp2GqqzsbGxHxLw1wc+H8HI3bisWs/+uz4JbUJQ5PgWn1bbZ7N h7jtQzKrYFWmd54J6Q8wQeBrnpTLuJRw24pbV7GlBfn7cD295lmmxk=
IronPort-Data: A9a23:i77+yqPaRSZbPSXvrR2cl8FynXyQoLVcMsEvi/4bfWQNrUoihD0Hy jEdD2iGbPfbYTf0eo8nOYm2oRwHv5+Gn99iSXM5pCpnJ55oRWUpJjg4wmPYZX76whjrFRo/h ykmQoCdaphyFjmF/kvF3oHJ9RFUzbuPSqf3FNnKMyVwQR4MYCo6gHqPocZh6mJTqYb/W1PlV e/a+ZWFZAf4gmAsaQr41orawP9RlKWq0N8nlgRWicBj5Df2i3QTBZQDEqC9R1OQrl58R7PSq 07rldlVz0uBl/sfIorNfoXTLiXmdoXv0T2m0RK6bUQNbi9q/UTe2o5jXBYVhNw+Zz+hx7idw /0V3XC8pJtA0qDkwIwgvxdk/y5WDfV74b/FfyCEg5aP9kqfcVfcn8dcExRjVWEY0r4f7WBm/ PgcLnUGaQqOwr/wy7OgQe4qjcMmRCXpFNpA4Tc7k3eAVrB/GsCrr6bivbe02B81j8ZNFPPff OISaCFka1LLZBgn1lI/Us1hxrb33ySlG9FegE2TiqArzDbz9V1a6pLzDNzqata3ftoAyy50o UqdojymWUtFXDCF8hKA6na3ru7CgS29X5gdfJW07PdknBiSy3AdTRgOUUD+pP21kgu7RtZDK gkI/TIpqa895QqiSt3VXhCkrjiDpBF0c8FdGOE78imMx7bapQGDCQA5oiVpYdgisoo9QiYnk wLPlNLyDjspu7qQIZ6AyluKhQPqBDEVLzFaXh1eUTICutvPkN0BvA2aG76PD5WJptHyHDjxx RWDoy4/m6gfgKY3O0OTowmvb9WE+MChc+Il2jg7SF5J+e+QWWJIT4Ws7V6e5vFaIcPECFKAp 3MD3cOZ6Yji7K1hdgTTHY3h/5nwu55p1QEwZ3Y0Q/HNEBz2qhaekXh4um0WGauQGp9slcXVS EHSoxhNw5RYIWGna6R6C6roVJ13nfS9S4W6CqGMBjarXnSXXFLZlM2JTRPAt10BbGBz+U3CE c7CLpbyVypy5VpPlWfpGI/xLoPHNghlmDuMHsqkp/hW+bGff3WSAawUK0eDa/tx7aWP5m3oH yV3aaO3J+FkeLSmOEH/qNdLRXhTdChTLc6t8aR/KLXcSjeK7Ul8UZc9N5t7Jdw890mU/8+Vl kyAtrhwkwSl3SCadF3SMBiOqtrHBP5CkJ7yBgR1VX6A0Hk4aoHp56AaH6bbt5F+nAC/5ZaYl 8U4Rvg=
IronPort-HdrOrdr: A9a23:Y2FEJKnsxTw+ed15ad+heWm+Ti7pDfNjiWdD5ihNYBxZY6Wkfp +V7ZcmPE7P6Ar5BktApTnZAtjwfZq9z/JICYl4B8baYOCUghrZEGgC1/qs/9SEIVydygcz79 YcT0ETMqyWMbE+t7eF3ODaKadv/DDkytHVuQ629R4EJm8aDtAF0+46MHflLqQcfng/OXNNLu vn2iMxnUvaRZ14VLXcOlA1G8L4i5ngkpXgbRQaBxghxjWvoFqTgoLSIlyz5DtbdylA74sD3A H+/jAR4J/Nj9iLjjvnk0PD5ZVfn9XsjvFZAtaXt8QTIjLwzi61eYVIQdS5zXAIidDqzGxvvM jHoh8mMcg2wWjWZHuJrRzk3BSl+Coy6kXl1USTjRLY0I/ErXMBeoh8bLBiA1/kAnkbzZZBOW VwriSkXq9sfFb9deLGloH1vl9R5xKJSDEZ4J0uZjRkIPkjgflq3M0iFIc/KuZbIMo8g7pXS9 VGHYXS4u1bfkidaG2ctm5zwMa0VnB2BRueRFMe0/blmQS+sUoJh3fw/vZv1Uso5dY4Ud1J9u 7EOqNnmPVHSdIXd7t0AKMETdGsAmLATBrQOCbKSG6XWJ0vKjbIsdr68b817OaldNgBy4Yzgo 3IVBdduXQpc0zjBMWS1NlA8wzLQm+6QTPxo/suqqRRq/n5Xv7mICeDQFchn4+ppOgeGNTSX7 KpNJdfE5bYXCLT8EZyrnvDsrVpWA4juZcuy6MGsnq107b2FrE=
X-Talos-CUID: 9a23:DWVM4mgE9j+sinOS44JJEsSLFzJuQiXg1XfSfReDOzx1cbrMS3OgpJFWjJ87
X-Talos-MUID: 9a23:Pp4U/w8T07YDEWsnIH9eKD6Qf9huzK6yJx4tqMQtgeOaCSpPKz2gtyviFw==
X-IronPort-Anti-Spam-Filtered: true
Received: from alln-core-5.cisco.com ([173.36.13.138]) by alln-iport-6.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 May 2024 19:31:41 +0000
Received: from rcdn-opgw-5.cisco.com (rcdn-opgw-5.cisco.com [72.163.7.169]) by alln-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id 44GJVf0a012529 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 16 May 2024 19:31:41 GMT
X-CSE-ConnectionGUID: CEcuvnLaTDC+Dlx2KVKdtw==
X-CSE-MsgGUID: Nh+SSBO2SMOd6DHWTKngEA==
Authentication-Results: rcdn-opgw-5.cisco.com; dkim=pass (signature verified) header.i=@cisco.com; spf=Pass smtp.mailfrom=mankamis@cisco.com; dmarc=pass (p=reject dis=none) d=cisco.com
X-IronPort-AV: E=Sophos;i="6.08,165,1712620800"; d="scan'208,217";a="9349097"
Received: from mail-mw2nam12lp2041.outbound.protection.outlook.com (HELO NAM12-MW2-obe.outbound.protection.outlook.com) ([104.47.66.41]) by rcdn-opgw-5.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 May 2024 19:31:40 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X38jttbpjDbadQ9cg2Gd2VOSJtdK0gwNeW0Vu8dF+5/y8yJIDTLYWg7IkjW0lKx+W17rcnU3ghd3/wq4o4Ls8NCZk97WNPlGnmFi/oPUUGsHnULVoeUEV4RTQkegHu7zhhvRYmqq2QrZC4KDNglqNIlGASTv2Gh+W5Iom8yW7U6isTJaKgvqVxScoexyLb048HmVbll09yrmrUvRaw5JuRFPJCA78dudtk8tjZSXp2iMA07O0wfnsm0s0W0NMq7TUUB8TrlSKnEnFeH/7ExMmrdKR1BGgqAE5s6QKDAow6N9Qq5fKQaMboh/Ty/nlp+7Fgg3QTQSDXqrWYKpXdEwLA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XcfyT+RA/qb+Dp6aIbyClyAEuW7ifqnqln85Dc1Q78I=; b=VZRwruTAvaMvys4Pbtbn+NVWSeo5kEjYULP8qhor/n8XddrgX03EjT7k6hW1lAZTLJdocIquDxn5BjGsj4Io/BxTM3ONO6G0nCLWbY1OYRKfjjUqirEV4mFfqOzyiVc8e7a0Pf6xtqkRBnooRKKPFCOnh2gKjAyX/dJRZ0SdAO5u8T2vzg1JmKRpw0GcKO8JnHdiDpZxr3rjxDkJY+s3q50u7xbFXBTUUC5QMQO9A3fcNpA7lp8Hqwgnj7s3ErG06n5HBntzLQ9R/zipjGd93+gJcTnJaIVw4o2dxUHxHCvSU33jJIzdvcTh60bRexg2ZA37MV1kuaMHe1kwEwvUtg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XcfyT+RA/qb+Dp6aIbyClyAEuW7ifqnqln85Dc1Q78I=; b=OKneiwbIrX+zalTpU0NDco69XGVeRITPK5+1MgfNaugb6hfTpLhHiWDDwlczYt7orfB//BFFzn12ME0jl01XEzPGqqJXzxPwjADldolZ3HGJYN0A8cVhj0dTSiDvp0QwFw+ofL/EuwxCPLleUrq+w7jRffUerKdxwHJkf3fGsSM=
Received: from BYAPR11MB2725.namprd11.prod.outlook.com (2603:10b6:a02:c5::25) by PH8PR11MB6974.namprd11.prod.outlook.com (2603:10b6:510:225::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7587.28; Thu, 16 May 2024 19:31:38 +0000
Received: from BYAPR11MB2725.namprd11.prod.outlook.com ([fe80::9acc:3642:88f9:e251]) by BYAPR11MB2725.namprd11.prod.outlook.com ([fe80::9acc:3642:88f9:e251%4]) with mapi id 15.20.7544.052; Thu, 16 May 2024 19:31:38 +0000
From: "Mankamana Mishra (mankamis)" <mankamis@cisco.com>
To: Christian Huitema <huitema@huitema.net>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: Secdir early review of draft-ietf-mpls-mldp-multi-topology-05
Thread-Index: AQHanRyt5zIfAxXcpky/zqMjXTc2DLGaU7aF
Date: Thu, 16 May 2024 19:31:38 +0000
Message-ID: <BYAPR11MB272598C8A58BDAB845E2CD17DFED2@BYAPR11MB2725.namprd11.prod.outlook.com>
References: <171471494247.48444.5882617286909060303@ietfa.amsl.com>
In-Reply-To: <171471494247.48444.5882617286909060303@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BYAPR11MB2725:EE_|PH8PR11MB6974:EE_
x-ms-office365-filtering-correlation-id: 6af0b7d4-908b-4bae-4c3e-08dc75dece5e
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230031|366007|376005|1800799015|38070700009;
x-microsoft-antispam-message-info: ymCMKSw5w/XJwf2j0Rw73NFc7BVxc6neh6PpF0nyS/rUdwSDPIYRTacvQeho83iHMTYF03aogdSQsh2UQWOCYhzIQeDT2xl7bQ08JRfwwMfv31lOYAtynR4MEcCwD8z5wruKLhQroybITSIbChfrFj5wmmNhhDxV/Y4vhH/o/1tlGGum8aWWGUcXaarFeXTEHZdT0XVsgW5ntHGPsW4SJMrztkG3qOc/yq6XPCEmyXB3kced5iqPJgwYXQvA1nZ5QqQPkMG05qUAN3cvZuapa9d1ebLpYQYVAF6Ay+F7WkronCMtgkQP5uQpH1BOiE+/s64gm5PUrzWuS0GM1Cjs/c/sf4zfBR5ttTpRZ1slxQN5omIO4r5Bf6SF9Tibin7DdxmCtkeenDbQt6lC+2QQ0kUqAs11wCRD7HQi+PukTesr+lnDdYABkXQK9BHIQD5hClsZcgjrUXodw1tz92PSdXqn8z848gfUnxycBIDhuJQu3DniXJ6sgoaabsP451Pf4aJNUPiYDXu59YfbZfDd0nwCTA9MZTv4h2MOZM27dh7QwFonDYze2y7vczV4GRhZux+UVzFgiIxKRGdH/PU3a/9Qb44+N4q2CN2nL1jQF0Ab2NJEySJsG/1o3mODE4To8oDDOs+e9aguiWbf+RuZdsxwtxGwHqyPCjmgDm8BF/ETFFL2Fe+ghykxfUJeqeuSykp6dpzP4ggju3x3nSAdiImzk7PoXhVajW1rTrWxX9ZIZexwsOHHKeD4J7N+FUde5/60nctPHKLWwZYj+ys4N9OKlCdfN2cZgSh6ePIEAKB7Pmbp95Gyb816nJiaefQ1gQ3Q/oiBcPhpI5UGoo9E9I9BesLqhZcvxVc1/NjwdrHiUiYJKcW3l1eKsdh54EOx6qcvI5T0dCB/hjw82gGsIyOgSUzrYNqzpXoTyIdRyJ6QDZ88s0Urqyhm8O/3NkUsDa+23pFmW2Vwxnse4FrtqQS1MjhGUSl2HYnhCeGSW0K4nZAHpdwjEHwbBcAN4LsX5QXT84/xOHJ/w3VRctjhEhHxXxkhl0iWIBc4Fczdp5u11fuV0KXX4bCc44hFjyJ0dlQNouKIQz4mNUW5IUuSuw4zA/+qzqVfSdPkFABPqmdQNMXD9kJx4B47qiFJNVr1k2w93E21UWhHlta2I/UR+d4daDXkpMbuGVWyE9tCx+1fiVl5J1ZG+t6b3/X9qG5JCiWYG5kdFdNWkwpZ5qOSKht91ilO2T4tMOwRo7USDs6CaAOlzEL3Ld4S+asa2BMYBj4zdS+zJp5Z9DuQa28revNGFZRRZkeUAxYpmA4k+g4WikVGnItUDryfrVxGvY/c0No2cmkJWdeF4rjqdDz7Mw==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BYAPR11MB2725.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(366007)(376005)(1800799015)(38070700009);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: LAry/lxEryN+DawzfOC9w00IwAevtOl5FB0UaQKMh18YtwZ8jWhV+pZr/tvB51GZc1OaBBz46xC2UCcsW2bRMDH4jgcZl7TMNJ3ZMw9nhznSMcVhb7999R+DlQbUAZ5dKG24WcU+hdXJY3n5rZlawtR2xqWaIyTHYLftGGw5lxZF0Ezi+daAIp2t46G6/mn+IY2HZkdiS7skXYsancv716aPx5NhDXOBCG0xPcls0+6pjgrNWh79eNr9vP8R+wRFzW3+705DeIgipwRPpWXzlzyDO36uET6NXlJo6U0VYVQOn6cSqEgIrdLK/Q0LHbA+YZscOW2w87VLEDHQBHePSBMBgVx6fXRFNMz8qZmXnApKubcvvALJlpHepqrNJwosrz9rRSO/+9S39VGTUHTpovqfl8tc2CyPw7Y1dMF/QtBSpaPdwCsFJj9jleGDrYli4O8wfzn4ukMToesO8Tz5tqB8u4Q15l/rfXj9GYOuoVYGm/58MyscW5WzDu60ztlSaug4thcGOaSBDwQC01sxjJWUBpW/KBmxrJyWmxshSygkU4NbMrRf9XFcvCVYgiOW8cwnHYBKT839JPQA1e5inSukpTbA4Q7FjdZDpomNfhNMIfgW0OSe9xvC4LluJTXW5U2JHSNzqK+ABoJisjI2crAc+yUbIC7qUDBPPd08wGYiVVCqfYqQJEKuo2x4X3X4HgWCE3+497j1cb/fIz/NsLBz63inNobBPZ/Q0jp+MDcmjYlMXPg81b4tuwn/XgNpxf9y20QNOuQb8CxBRjcNChOCRoVrryfnvMagCG06ScFyF3ZbkGAKCUU7jUzN2HMZV5wp3FRYDOyB+xDA5y1FIqIOoZ4rsd3+tzFWjhkQ//cA18Vkrogda26NxVoSeLwr2fZI8QmkT1VnLfm+9qj3HxApw2Ob8jcE9AdResjAqZVKhugx4MIaWUhHL1ELvQSuOqUo0AVI3nItXWLxXpKJnKlOSBWEKTQK9iFfTu9pqJ0w0cdqy9lxh07hqR13r+fEU1XnBKLH0PU0jvfx92a9WmaASV1weW8xfgmGCtMoopc5zL1yXw+XJLct5CENHZ/EZleJBPYoP4LrKIJl3nIbt9cpm0gfwDR4KwsJKTK+kPsCFL3B41GY9aCvlREKrWRgSgOHkQQDH+0NkrlahCqimn3uSVKSpzZLsFTMLnjjW1XrgX3wNZokjWx33USZ1IF3K7/D4n6F9gIPf2wfmvYGpCCRZN5HAcnkWQaOhlO+aLCsyMXllLkD9tY8vqh3epKW4SvAyq5pJnP7mkj8xRS5cUGO++PxB2qT3wqLCooSv6GGFbCcQikvTA47QRs4kixjQ2W7QZBWslEJW/a+ocJw80y4mQoA9EOrguMBZyI4nRa6tpERt2rMKVzT4dsiz2oWp6buRvoD/D+oy7H4FptCpsa5DIxRbCXGdeJI0JwQaA167SjrIU7NVrh56RciFoPoOSLg1JIv0x1BD+e4EAX5tSje4xGVW/gndbPt+mzIXXfaP884VHK20yGgkjbtMCx2XHtNy8To6lPB1+uiDXEM62KuVcbHHBNnpTWtev6lN/7laBcgcjgPZhIJsdU2f42SjfQs0VdAUuKL9wL02HQ1V0PWe5FC4vwO0APNhdEedooOs0PQmjx17kTjFBq8QWs7
Content-Type: multipart/alternative; boundary="_000_BYAPR11MB272598C8A58BDAB845E2CD17DFED2BYAPR11MB2725namp_"
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB2725.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6af0b7d4-908b-4bae-4c3e-08dc75dece5e
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 May 2024 19:31:38.5211 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: kUTDYoSXwhGL23v42fhndD5cAQNg5BvnfnIpIHpavmSToIMSmdScmgTO5Kby2JkvzOchAWNbiN156/NhS2Hfxw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR11MB6974
X-Outbound-SMTP-Client: 72.163.7.169, rcdn-opgw-5.cisco.com
X-Outbound-Node: alln-core-5.cisco.com
Message-ID-Hash: LMU4Z2P2S6EPM55KLM5VLF5DWGGK67K6
X-Message-ID-Hash: LMU4Z2P2S6EPM55KLM5VLF5DWGGK67K6
X-MailFrom: mankamis@cisco.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-mpls-mldp-multi-topology.all@ietf.org" <draft-ietf-mpls-mldp-multi-topology.all@ietf.org>, "mpls@ietf.org" <mpls@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [secdir] Re: Secdir early review of draft-ietf-mpls-mldp-multi-topology-05
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/n0eLDyNt-hXCOL9TGcU3rQJbu4o>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>
Hi Christian Thanks for reviewing it. For comment “but I would encourage the authors to examine at least two risks: creating multiple topologies create additional work in the "control plane", thus potential resource exhaustion if trying to support too many topologies; traffic carried by multiple topologies may end up competing for finite data plane resource, thus risking local overload. I am speculating, but have the authors studied the corresponding failure modes? How hard is it for configuration mistakes or adversarial actions to exploit such failure modes? ” * In terms of implementation, yes, the total number of flex algo can depend on the hardware resources available. But these constraints are true for any technology so I do not think we need to write it in draft explicitly. * Same comment for the data plane and config issue too. * This draft has been implemented and deployed too. But there is no problem deploying as the specification is defined today. Please let me know if you have any questions. Mankamana From: Christian Huitema via Datatracker <noreply@ietf.org> Date: Thursday, May 2, 2024 at 10:42 PM To: secdir@ietf.org <secdir@ietf.org> Cc: draft-ietf-mpls-mldp-multi-topology.all@ietf.org <draft-ietf-mpls-mldp-multi-topology.all@ietf.org>, mpls@ietf.org <mpls@ietf.org> Subject: Secdir early review of draft-ietf-mpls-mldp-multi-topology-05 Reviewer: Christian Huitema Review result: Ready I have reviewed this document following a request from the routing Area director to the security directorate. This is an early review, for the benefit of the security area director, the transport area director, and the document authors. Multi topology routing using MPLS. As I understand it from my 10,000ft high point of view, within a graph of routers and links, instead of just computing a single set of forwarding tables with a single routing metric such as "shortest path", MTR allows for computing multiple such forwarding tables, each using specific metrics and possibly specific constraints. Each set of forwarding tables and selected paths is regarded as a topology. The multiple topologies can be computed using the Multi-Topology Routing (MTR) extensions to IGP such as OSPF or IS-IS, or the MTR extensions to the Label Distribution Protocol (LDP). The draft is concerned with creating such topologies using MPLS, starting with point to multipoint or multipoint to multipoint MTR graphs established with Multipoint LDP (mLDP). The flexible algorithm (FA, RFC9350) is used to create sub-topologies from existing topologies, by applying constraints. The draft goes no defining the protocol elements to add such functions to LDP, defining topologies for IPv4 or IPv6, ensuring support for multipoint, or defining how to use Label Switched Path (LSP) Ping to test the topologies. Such drafts may be easy to read when people are very familiar with the current work in the routing area. For me, they were a bit of a stretch. I would probably need much more time than assigned to this review to fully understand how the various mechanisms interoperate, beyond the 10,000ft view mentioned earlier. My high level summary would be that this draft defines an extension, so simple mechanisms like LDP can now be used to create a variety of topologies. The classic risks with extensions are resource exhaustion and the difficulty to manage the increased complexity. The security section says that "This extension to mLDP does not introduce any new security considerations beyond that already apply to the base LDP specification [RFC5036], base mLDP specification [RFC6388], and MPLS security framework [RFC5920]." That may very well be true, but I would encourage the authors to examine at least two risks: creating multiple topologies create additional work in the "control plane", thus potential resource exhaustion if trying to support too many topologies; traffic carried by multiple topologies may end up competing for finite data plane resource, thus risking local overload. I am speculating, but have the authors studied the corresponding failure modes? How hard is it for configuration mistakes or adversarial actions to exploit such failure modes?
- [secdir] Secdir early review of draft-ietf-mpls-m… Christian Huitema via Datatracker
- [secdir] Re: Secdir early review of draft-ietf-mp… Mankamana Mishra (mankamis)