Return-Path: <ynir.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id 794111A8997;
 Thu, 16 Oct 2014 13:31:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level: 
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, J_CHICKENPOX_22=0.6,
 SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id bv-leNguwJU7; Thu, 16 Oct 2014 13:31:08 -0700 (PDT)
Received: from mail-wg0-x22e.google.com (mail-wg0-x22e.google.com
 [IPv6:2a00:1450:400c:c00::22e])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id D4DF81A8951;
 Thu, 16 Oct 2014 13:31:07 -0700 (PDT)
Received: by mail-wg0-f46.google.com with SMTP id l18so4590297wgh.17
 for <multiple recipients>; Thu, 16 Oct 2014 13:31:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; 
 h=content-type:mime-version:subject:from:in-reply-to:date
 :content-transfer-encoding:message-id:references:to;
 bh=6tBXqAQn1NpwGL0ht0kjILFChQJ1koTJTbuj8S87/KE=;
 b=TjeA1izUVmmfyir8lHUuFlPE9uUzEOZXO5dClHg+5LR684IDMPWdXHnp1sWqlwqFAn
 efZOAfMMehq2pbLeexTR9hhcWPsUSCWqu5he7jERd3nIVf035FMeUI4erlujLghFLc8s
 6CtVDkLD91OG8g+k4s2uMFramLFbb6YffBC3cMlK0ltqLTarS2WkZeb8uSd07YVZkP+i
 t1pZSLjg8fHRzq7vaG3/qOlqopbgXeYa3GoqiIhi2ynLKkyu4JcDECX/+roBmoYZREpx
 jBiKYrvudSC+0B0JxyWk4qSGFfM33tYFWT0wc8W4Kj3lwMdix/fRJ+bP8Ab1rS32zpAv
 ArcA==
X-Received: by 10.180.76.68 with SMTP id i4mr23410970wiw.56.1413491466359;
 Thu, 16 Oct 2014 13:31:06 -0700 (PDT)
Received: from [192.168.1.104] (IGLD-84-228-54-205.inter.net.il.
 [84.228.54.205])
 by mx.google.com with ESMTPSA id bl9sm3188058wib.24.2014.10.16.13.31.05
 for <multiple recipients>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Thu, 16 Oct 2014 13:31:05 -0700 (PDT)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <0D637AC0-FD4F-4865-8D14-ADB75BAB072E@gmail.com>
Date: Thu, 16 Oct 2014 23:31:03 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <E1BF5DC9-43D6-4EEE-8D25-ECD374D50123@gmail.com>
References: <0D637AC0-FD4F-4865-8D14-ADB75BAB072E@gmail.com>
To: draft-ietf-opsawg-large-flow-load-balancing.all@tools.ietf.org,
 "<secdir@ietf.org>" <secdir@ietf.org>,
 "<iesg@ietf.org> IESG" <iesg@ietf.org>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/nBrTxdi3zLRglz_YVrSNQiy8eYw
Subject: Re: [secdir] Secdir review of
 draft-ietf-opsawg-large-flow-load-balancing-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>,
 <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>,
 <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Oct 2014 20:31:09 -0000

I=92ve been asked to re-review version 15 of this draft.  I thought that =
-11 was ready, and I still think that about -15.=20

My comments have been addressed with the exception that the definition =
of =93flow=94 is still in section 4.3.1, while flows and different types =
of flows are discussed throughout the document. It=92s a strange =
ordering, but the document is understandable as it is.

Hope this helps

Yoav

On Apr 28, 2014, at 4:47 PM, Yoav Nir <ynir.ietf@gmail.com> wrote:

> Hi
>=20
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
>=20
> tl;dr version: the document is ready.
>=20
> I was a little surprised by the way the document is organized, and I=92m=
 not sure who the target audience is. On the one hand it is very verbose =
on explanations (that=92s a good thing!) and I could very well =
understand it even though I lack any background on the matter.  On the =
other hand, the order in which things are explained seems strange:
>=20
> The introduction talks about large flows vs small flows, long-lived =
flows vs short-lived flows, and Large flows vs Small flows (no, I=92m =
not repeating myself, capitalize Large is different from lower-case =
large and in fact means both =93large=94 and =93long-lived=94).  But =
three things are totally missing: What is a flow? How large does a flow =
have to be to be considered =93large=94 (lower case), and how long must =
a flow continue to be considered =93long-lived=94. Even the terminology =
section (1.2) defines Large, Small and small again, but not what a flow =
is.  These concepts are finally explained in sections 4.1, 4.3.1, and =
4.3.2.
>=20
> The document describes how load balancing can be achieved by moving =
large flows around between links and by removing loaded links from the =
hash table, so that Small (or actually un-classified) new flows will not =
go to overloaded links. This is an improvement over the assumed default =
that is statically assigning flows to links based on a hash.
>=20
> The document has a short security considerations section that says =
that it does not impact the security of the Internet infrastructure or =
applications. I tend to agree, because the parts of the network where =
these protocols tends to be mostly stateless, so moving flows from one =
component to another should not make a difference. It would be different =
if there were supposed to be firewalls on the nodes.
> The security considerations also says that load balancing might help =
in resisting DoS attacks, for example if an attacker can create traffic =
where the hash would collide with some Large flow. With load balancing =
either the attacker=92s flow or the Large flow is moved, eliminating the =
contention. Again, I tend to agree, although this will allow a more =
powerful attacker to overload all the links, not just the ones they can =
target with the hash function. Still, an attacker powerful enough to =
overload all the links is likely to be able to create traffic that =
collides with all links anyway.
>=20
> I don=92t think there=92s anything missing from the security =
considerations.
>=20
> Hope this helps
>=20
> Yoav
>=20
>=20
>=20