Malisa, I there no way for a forwarding node to recognize joining traffic from the 6tisch.arpa Uri-Host option? I assume that's encrypted end-to-end? Trying to see whether there is anything, in the current spec, which allows a forwarding node to identify join traffic... Thanks, Thomas
On Mon, Nov 6, 2017 at 5:46 PM, Michael Richardson <[email protected]> wrote: > > Mališa Vučinić <[email protected]> wrote: > > At the interim today, we discussed the need of tagging join traffic > at > > the Join Proxy (JP). The problem is that JP forwards into the network > > traffic that originates from untrusted pledges, which can cause the > > exchange of 6P commands at intermediate nodes on the path from JP to > > 6LBR. > > > A malicious pledge is therefore able to affect scheduling of > > intermediate nodes in the network which could potentially result in > > resource exhaustion. A bandwidth cap at JP, that is currently > > recommended in minimal-security draft, limits but doesn’t completely > > solve the problem. An attacker with access to multiple JPs could > inject > > enough traffic to disturb the network. > > > Pascal proposed using ToS bits in the IPv6 header to tag join > > traffic. As part of the JP behavior in minimal-security draft, we > would > > specify that each forwarded packet must be tagged. Then, it would be > up > > to individual SFs to determine what to do with this traffic. > > To be specific, I think that the JP should set the DSCP bits in the packet > as per rfc2597 section 6, we want AF43 (0b100110). > > > -- > Michael Richardson <[email protected]>, Sandelman Software Works > -= IPv6 IoT consulting =- > > > > > _______________________________________________ > 6tisch mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/6tisch > > -- _______________________________________ Thomas Watteyne, PhD Research Scientist & Innovator, Inria Sr Networking Design Eng, Linear Tech Founder & co-lead, UC Berkeley OpenWSN Co-chair, IETF 6TiSCH www.thomaswatteyne.com _______________________________________
_______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
