Re: [secdir] Secdir review of draft-ietf-opsawg-large-flow-load-balancing-11

Yoav Nir <> Thu, 16 October 2014 20:31 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 794111A8997; Thu, 16 Oct 2014 13:31:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, J_CHICKENPOX_22=0.6, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bv-leNguwJU7; Thu, 16 Oct 2014 13:31:08 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c00::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D4DF81A8951; Thu, 16 Oct 2014 13:31:07 -0700 (PDT)
Received: by with SMTP id l18so4590297wgh.17 for <multiple recipients>; Thu, 16 Oct 2014 13:31:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; bh=6tBXqAQn1NpwGL0ht0kjILFChQJ1koTJTbuj8S87/KE=; b=TjeA1izUVmmfyir8lHUuFlPE9uUzEOZXO5dClHg+5LR684IDMPWdXHnp1sWqlwqFAn efZOAfMMehq2pbLeexTR9hhcWPsUSCWqu5he7jERd3nIVf035FMeUI4erlujLghFLc8s 6CtVDkLD91OG8g+k4s2uMFramLFbb6YffBC3cMlK0ltqLTarS2WkZeb8uSd07YVZkP+i t1pZSLjg8fHRzq7vaG3/qOlqopbgXeYa3GoqiIhi2ynLKkyu4JcDECX/+roBmoYZREpx jBiKYrvudSC+0B0JxyWk4qSGFfM33tYFWT0wc8W4Kj3lwMdix/fRJ+bP8Ab1rS32zpAv ArcA==
X-Received: by with SMTP id i4mr23410970wiw.56.1413491466359; Thu, 16 Oct 2014 13:31:06 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id bl9sm3188058wib.24.2014. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 16 Oct 2014 13:31:05 -0700 (PDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Yoav Nir <>
In-Reply-To: <>
Date: Thu, 16 Oct 2014 23:31:03 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <>
To:, "<>" <>, "<> IESG" <>
X-Mailer: Apple Mail (2.1878.6)
Subject: Re: [secdir] Secdir review of draft-ietf-opsawg-large-flow-load-balancing-11
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 16 Oct 2014 20:31:09 -0000

I’ve been asked to re-review version 15 of this draft.  I thought that -11 was ready, and I still think that about -15. 

My comments have been addressed with the exception that the definition of “flow” is still in section 4.3.1, while flows and different types of flows are discussed throughout the document. It’s a strange ordering, but the document is understandable as it is.

Hope this helps


On Apr 28, 2014, at 4:47 PM, Yoav Nir <> wrote:

> Hi
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
> tl;dr version: the document is ready.
> I was a little surprised by the way the document is organized, and I’m not sure who the target audience is. On the one hand it is very verbose on explanations (that’s a good thing!) and I could very well understand it even though I lack any background on the matter.  On the other hand, the order in which things are explained seems strange:
> The introduction talks about large flows vs small flows, long-lived flows vs short-lived flows, and Large flows vs Small flows (no, I’m not repeating myself, capitalize Large is different from lower-case large and in fact means both “large” and “long-lived”).  But three things are totally missing: What is a flow? How large does a flow have to be to be considered “large” (lower case), and how long must a flow continue to be considered “long-lived”. Even the terminology section (1.2) defines Large, Small and small again, but not what a flow is.  These concepts are finally explained in sections 4.1, 4.3.1, and 4.3.2.
> The document describes how load balancing can be achieved by moving large flows around between links and by removing loaded links from the hash table, so that Small (or actually un-classified) new flows will not go to overloaded links. This is an improvement over the assumed default that is statically assigning flows to links based on a hash.
> The document has a short security considerations section that says that it does not impact the security of the Internet infrastructure or applications. I tend to agree, because the parts of the network where these protocols tends to be mostly stateless, so moving flows from one component to another should not make a difference. It would be different if there were supposed to be firewalls on the nodes.
> The security considerations also says that load balancing might help in resisting DoS attacks, for example if an attacker can create traffic where the hash would collide with some Large flow. With load balancing either the attacker’s flow or the Large flow is moved, eliminating the contention. Again, I tend to agree, although this will allow a more powerful attacker to overload all the links, not just the ones they can target with the hash function. Still, an attacker powerful enough to overload all the links is likely to be able to create traffic that collides with all links anyway.
> I don’t think there’s anything missing from the security considerations.
> Hope this helps
> Yoav