Re: [Anima] Mirja Kühlewind's Discuss on draft-ietf-anima-stable-connectivity-07: (with DISCUSS)

Mon, 08 Jan 2018 10:30:25 -0800 

On 09/01/2018 06:09, Michael Richardson wrote:
> 
> Mirja Kuehlewind (IETF) <i...@kuehlewind.net> wrote:
>     >> Am 05.01.2018 um 23:30 schrieb Michael Richardson 
> <mcr+i...@sandelman.ca>:
>     >>
>     >>
>     >> Mirja Kühlewind <i...@kuehlewind.net> wrote:
>     >>> "DNS naming is set up to provide the ACP IPv6 address of network
>     >>> devices.  Unbeknownst to the application, MPTCP is used.  MPTCP
>     >>> mutually discovers between the NOC and network device the data-plane
>     >>> address and caries all traffic across it when that MPTCP subflow
>     >>> across the data-plane can be built."
>     >>
>     >> Section 2.1.5 is discussion, it discusses ways in which the
>     >> anticipated low performance (compared to what the box might do with its
>     >> hardware accelerated forwarding).
>     >>
>     >> If we have an application that needs the bandwidth of the native 
> hardware,
>     >> the connection can be initated over the ACP (that's what would be in 
> DNS).
>     >> One presumes that an MPTCP layer could then enumerate the available 
> IPs at
>     >> each end and then start off additional flows on the other destinations.
> 
>     > MPTCP adda an additional TCP flow but for the application that still
>     > looks like one flow. As I said I’m not sure if that is what you want.
> 
> I think that this might be exactly what the application might want.
> As stable-connectivity doesn't detail the requirements of the application,
> the point of this section is to point out that the bandwidth limitations of
> the ACP need not be a constraint when the network is healthy.

But that ducks the security issue. I don't think that's OK. Since the ACP
secures connections *below* TCP and MPTCP allows paths that bypass the ACP,
this is a security hole you can drive a large truck through.

    Brian

> 
> If you feel that 2.1.5 doesn't explain this well, then please say so.
> 
> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        | network architect  [
> ]     m...@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    
> [
> 
> 
> 
> _______________________________________________
> Anima mailing list
> Anima@ietf.org
> https://www.ietf.org/mailman/listinfo/anima
> 

_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima

Reply via email to