Re: [spring] Lars Eggert's Discuss on draft-ietf-spring-sr-replication-segment-16: (with DISCUSS and COMMENT)
Lars Eggert <lars@eggert.org> Thu, 10 August 2023 07:54 UTC
Return-Path: <lars@eggert.org>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E80EC151088; Thu, 10 Aug 2023 00:54:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=eggert.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tu3z1QB7P9_y; Thu, 10 Aug 2023 00:54:21 -0700 (PDT)
Received: from mail.eggert.org (mail.eggert.org [IPv6:2a00:ac00:4000:400::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BCBEC14CE29; Thu, 10 Aug 2023 00:54:21 -0700 (PDT)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id C087780963; Thu, 10 Aug 2023 10:54:16 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eggert.org; s=dkim; t=1691654059; h=from:subject:date:message-id:to:cc:mime-version:content-type: in-reply-to:references; bh=7yEieMMpz1W/LHG0jr3/A12ijbSP3ZwT+Dpo4xN7l/0=; b=PGBVICtr4BpdwiKorNO8sBSvDEFDzsJGJL9YSGoYwOt1A5tYR12U9JCjKa+U4pX7Q2Thrm PXaP50RKV6FTzQqCAcujiNN2uLvtnozSre2eeyMnzwRKJISoFkP+vot3r5jbooxNlz6FPC r/Kg/isI7GGIAITJrnIeLdIc2M79nB+Bbi38GmiVYOiEeMudee1Crlzsngw9/f94jb4l1n zQLShRzOEZ7NTCLtjv7qig3bpDWkDVlJ5eTOPjUOh7Z+a7Bw49JGExOGB6jxWTWO+GB7vC yt23v2vLBA4+VMPx/9ydcW7Q1jcWR7fDA3WKlWGRX80kQhMPCcQEmBS4scQapw==
Content-Type: multipart/signed; boundary="Apple-Mail=_59602080-490A-47DD-917F-E663E9102EC8"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
From: Lars Eggert <lars@eggert.org>
In-Reply-To: <CABjMoXZPXeUYLwzfSr=sRVAqZQm1BOLB9KCPbXHrbqWrM769Vg@mail.gmail.com>
Date: Thu, 10 Aug 2023 10:54:16 +0300
Cc: The IESG <iesg@ietf.org>, draft-ietf-spring-sr-replication-segment@ietf.org, spring-chairs@ietf.org, spring@ietf.org, mankamis@cisco.com
Message-Id: <97A5A5D3-0E88-4F07-8072-91921E1540BD@eggert.org>
References: <169113757232.15080.2703586835855766334@ietfa.amsl.com> <CABjMoXZPXeUYLwzfSr=sRVAqZQm1BOLB9KCPbXHrbqWrM769Vg@mail.gmail.com>
To: Rishabh Parekh <rishabhp@gmail.com>
X-Last-TLS-Session-Version: TLSv1.2
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/AxRx2j4H0woMVOgsddyNS2HTeCA>
Subject: Re: [spring] Lars Eggert's Discuss on draft-ietf-spring-sr-replication-segment-16: (with DISCUSS and COMMENT)
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Aug 2023 07:54:25 -0000
Hi, On Aug 10, 2023, at 00:24, Rishabh Parekh <rishabhp@gmail.com> wrote: > This document introduces packet replication functionality into SR > networks. This significantly increases and complicates the attack > surface of the technology while at the same time introducing severe > new misconfiguration possibilities (e.g., multicast amplification > loops that can lead to congestion collapse of the network.) This > document does not adequately describe and discuss these issues. > > [RP] May I ask what you think is missing in the Security section text about loops? A way to detect and/or mitigate the effects of loop congestion. Or if that cannot be done in this document, a requirement that this technology MUST NOT be deployed without a control plane that either prevents loops or detects and mitigates their effects, and a normative reference to those control plane specs. > Additionally, this documents needs to specify suitable > countermeasures - it is not sufficient to leave this up to > unspecified control plane mechanisms. > > [RP] This document is just specifying behavior of a single replication segment. The use of PCE as a controller to create a tree by stitching replication segments in specified in PIM WG document (draft-ietf-pim-sr-p2mp-policy) and PCEP protocol extensions are described in PCE WG doc (draft-ietf-pce-sr-p2mp-policy). draft-ietf-pim-sr-p2mp-policy is only cited informally, and draft-ietf-pce-sr-p2mp-policy not at all. If they do contain these countermeasures, they need to be cited normatively and their use needs to be required. However, I just skimmed them and neither seems to discuss loops or congestion? > ### Section 2, paragraph 18 > ``` > In principle it is possible for different Replication segments to > replicate packets to the same Replication segment on a Downstream > node. However, such usage is intentionally left out of scope of this > document. > ``` > What was the intent of leaving this out? There seems to be complexity > here that can be abused, in which case I would have expected this to > either be explicitly forbidden or discussed in sufficient detail to > understand (and mitigate) the issues. > > [RP] This came up in WG discussion during WGLC about "sharing" a downstream replication segment across multiple "upstream" replication segments (possibly to enable Multipoint-to-Multipoint). Although this is feasible, it is only possible to do this when a complex set of conditions are satisfied. This adds complexity to both control plane and data plane (like needing "outer" and "inner" replication segment context in packets). Hence, it was kept out of scope of this document. So what you write seems to argue that this should then be explicitly forbidden? Thanks, Lars
- [spring] Lars Eggert's Discuss on draft-ietf-spri… Lars Eggert via Datatracker
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Lars Eggert
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Lars Eggert
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Lars Eggert
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh