Re: [sidr] AD Review of sidr-origin-validation-signaling-09
Chris Morrow <morrowc@ops-netman.net> Wed, 30 November 2016 02:02 UTC
Return-Path: <morrowc@ops-netman.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDA891294B2; Tue, 29 Nov 2016 18:02:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.398
X-Spam-Level:
X-Spam-Status: No, score=-3.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MFIWc1GKUV_H; Tue, 29 Nov 2016 18:02:30 -0800 (PST)
Received: from relay.kvm02.ops-netman.net (relay.kvm02.ops-netman.net [IPv6:2606:700:e:550:5c82:28ff:fe25:4960]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05E43129466; Tue, 29 Nov 2016 18:02:29 -0800 (PST)
Received: from mail.ops-netman.net (mailserver.ops-netman.net [199.168.90.119]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by relay.kvm02.ops-netman.net (Postfix) with ESMTPS id 12B5F40A49; Wed, 30 Nov 2016 02:02:28 +0000 (UTC)
Received: from morrowc-glaptop4.roam.corp.google.com.ops-netman.net (static-96-241-182-39.washdc.fios.verizon.net [96.241.182.39]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mail.ops-netman.net (Postfix) with ESMTPSA id E42A710EECE83; Wed, 30 Nov 2016 02:02:27 +0000 (UTC)
Date: Tue, 29 Nov 2016 21:02:27 -0500
Message-ID: <yj9od1hdrah8.wl%morrowc@ops-netman.net>
From: Chris Morrow <morrowc@ops-netman.net>
To: "John G. Scudder" <jgs@juniper.net>
In-Reply-To: <917E9000-8F1F-4E4F-BDEC-767E3510A71A@juniper.net>
References: <88A45E79-880B-4F82-9FAA-80C05627A49F@cisco.com> <917E9000-8F1F-4E4F-BDEC-767E3510A71A@juniper.net>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/24.3 Mule/6.0 (HANACHIRUSATO)
Organization: Operations Network Management, Ltd.
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/kDkZf70QNazrxtzQTW9WcO81Qug>
Cc: "sidr@ietf.org" <sidr@ietf.org>, "sidr-chairs@ietf.org" <sidr-chairs@ietf.org>, "draft-ietf-sidr-origin-validation-signaling@ietf.org" <draft-ietf-sidr-origin-validation-signaling@ietf.org>, "Sandra L. Murphy" <sandy@tislabs.com>
Subject: Re: [sidr] AD Review of sidr-origin-validation-signaling-09
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Nov 2016 02:02:32 -0000
At Tue, 29 Nov 2016 20:23:55 -0500, "John G. Scudder" <jgs@juniper.net> wrote: > > On Nov 13, 2016, at 1:40 AM, Alvaro Retana (aretana) > <aretana@cisco.com> wrote: > > C1. The reference to rfc7607 should be Informative. > > Done (in -10 candidate source). > > > C2. [Major] Security Considerations. I think that there is one > > consideration that should be mentioned in this section: Given that > > the largest value is preferred (2 = invalid), there is an attack > > vector where a router in the path (yes, even an internal router) can > > inject a community indicating that the route is invalid; the > > communities are not protected. This action could result in > > inconsistent routing or in even a DoS. I know the document is not > > explicit about what to do with the validation state (which is ok), > > but the clear intention (from rfc6811 and rfc7115) is that it will > > be used to make routing decisions. Please add some text about this > > potential issue. > > I started to write something about this and then realized I don't > understand what you mean. At first I thought you were saying that an > attacker that can forge an OV community can bias route > selection. While this is true of course, it's also not unique to OV > (Localpref has this property for example). It probably wouldn't be > hard to write a sentence to summarize this, if necessary. > > However, you specifically refer to the invalid state: "a router in the > path ... can inject a community indicating that the route is > invalid". This makes me think you think there's something special > about "invalid", and I don't know what it is. You also say something > about the sorting order, which I'm also not sure why that would > matter. I read this with the implicit: "Of course 'invalid == drop'." So, if between an edge/core nodes you marked the edge -> core prefix stream (mid-stream) with 'invalid' the core may discard all routes seen and so marked. This COULD move traffic away from a single edge node (or nodes) and bias traffic across longer/other paths OR it could isolate folk behind the edge node(s). Of course, just wiping out the prefixes in flight and stitching back together the tcp session... same effect. -chris
- [sidr] AD Review of sidr-origin-validation-signal… Alvaro Retana (aretana)
- Re: [sidr] AD Review of sidr-origin-validation-si… Randy Bush
- Re: [sidr] AD Review of sidr-origin-validation-si… Alvaro Retana (aretana)
- Re: [sidr] AD Review of sidr-origin-validation-si… John G. Scudder
- Re: [sidr] AD Review of sidr-origin-validation-si… Randy Bush
- Re: [sidr] AD Review of sidr-origin-validation-si… Chris Morrow
- Re: [sidr] AD Review of sidr-origin-validation-si… John G. Scudder
- Re: [sidr] AD Review of sidr-origin-validation-si… Chris Morrow
- Re: [sidr] AD Review of sidr-origin-validation-si… Randy Bush
- Re: [sidr] AD Review of sidr-origin-validation-si… John G. Scudder
- Re: [sidr] AD Review of sidr-origin-validation-si… Randy Bush
- Re: [sidr] AD Review of sidr-origin-validation-si… Chris Morrow
- Re: [sidr] AD Review of sidr-origin-validation-si… Randy Bush
- Re: [sidr] AD Review of sidr-origin-validation-si… John G. Scudder
- Re: [sidr] AD Review of sidr-origin-validation-si… Alvaro Retana (aretana)
- Re: [sidr] AD Review of sidr-origin-validation-si… Randy Bush