On Sun, Aug 23, 2020 at 05:39:14PM -0400, Michael Richardson wrote:
>
> Robert Wilton via Datatracker <[email protected]> wrote:
> > 6.10.1. Fundamental Concepts of Autonomic Addressing
>
> > For a PE device or NID, how does it know which interfaces to run ACP
> > over?
>
> I think that "PE" here means "Provider Edge"?
> The answer is that it runs the GRASP DULL on *ALL* interfaces, because it the
> device may have no idea it is a Provider Edge device on that Interface.
>
> A Provider might want to turn this off, and they could well do that once the
> device has joined the ACP and gotten management control. But, the risk of
> doing that is that the cables will get plugged in wrong, and the operator
> will lose access to the device.
In addition to loosing access to the device, the authenticated presence of
an ACP neighbor on an interface should also result in the appropriate
configuratoin
of the data plane, and in reverse the absence as well:
When someone mis-plugs a cable, a CE facing interface might be miscabled to
a PE interface assumed to be inside the provider domain - and now the customer
could gain access to the SP infrastructure. Very often that infra is so fragile
that one might be able to inject a virus in short time. A malicious attacker
today likely needs to get some insight into the SP network from someone and
then bribe a lowly paid worker to accidentially misplug a cable for 10
minutes...
With ACP, the data-plane for "internal" config could immediately be shut down
as soon as there is no ACP neighbor.
Nice short term, small one pager ASA idea ;-))
Cheers
Toerless
> In this case, I think that ANIMA's ACP prefers connectivity over the small
> amount of privacy lost by indicating that an IKEv2 is listening on an IPv6
> Link-Local address. There is no security breach possible because the IKEv2
> (or DTLS) connection will not complete without the right trust anchors
> present.
>
> A smart heuristic might be to include some kind of dead-man's switch.
> The management interface might turn the DULL off on some interfaces for a
> period of time, and if the management interface is lost, then the interfaces
> would stop being suppressed. This falls into the quality of implementation
> category at this point.
>
> --
> Michael Richardson <[email protected]>, Sandelman Software Works
> -= IPv6 IoT consulting =-
--
---
[email protected]
_______________________________________________
Anima mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/anima
