Hi Greg,
Thanks for addressing the changes so promptly. I’d like to hear from the WG on
the 2 security concerns below, i.e. whether they need to be addressed and if
yes, then how. I believe if we address a) below we also address b)?
Regards,
Reshad.
: a) We should have the ability, e.g. via configuration, to prevent the number
: of MultipointTail sessions from exceeding the number of expected streams.
: Otherwise 1 misbehaving head could use up all the MultipointTail session
: resources on a tail.
: b) A misbehaving head which changes My Discriminator for a MultipointHead
: session will cause tails to create many MultipointTail sessions (4.13.2). We
: should consider adding a check to see if we have a MultipointTail session
: based on source address and the identify of the of the multipoint tree with a
: different discriminator?
7. Security Considerations
The same security considerations as those described in [RFC5880]
apply to this document. Additionally, implementations that create
MultpointTail sessions dynamically upon receipt of Multipoint BFD
Control packets MUST implement protective measures to prevent
infinite number of MultipointTail sessions being created. Below are
listed some points to be considered in such implementations.
If a Multipoint BFD Control packet did not arrive on a multicast
tree (e.g. on expected interface, with expected MPLS label, etc),
then a MultipointTail session should not be created.
If redundant streams are expected for a given multicast stream,
then the implementations should not create more MultipointTail
sessions than the number of streams. Additionally, when the
number of MultipointTail sessions exceeds the number of expected
streams, then the implementation should generate an alarm to users
to indicate the anomaly.
Katz, et al. Expires August 3, 2018 [Page 16]
Internet-Draft BFD for Multipoint Networks January 2018
The implementation should have a reasonable upper bound on the
number of MultipointTail sessions that can be created, with the
upper bound potentially being computed based on the number of
multicast streams that the system is expecting.
On 2018-01-30, 10:23 PM, "Greg Mirsky" <[email protected]> wrote:
Hi Reshad, et.al,
I've uploaded the new version of the draft:
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Bidirectional Forwarding Detection WG
of the IETF.
Title : BFD for Multipoint Networks
Authors : Dave Katz
Dave Ward
Santosh Pallagatti
Greg Mirsky
Filename : draft-ietf-bfd-multipoint-13.txt
Pages : 18
Date : 2018-01-30
Abstract:
This document describes extensions to the Bidirectional Forwarding
Detection (BFD) protocol for its use in multipoint and multicast
networks.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-bfd-multipoint/
There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-bfd-multipoint-13
https://datatracker.ietf.org/doc/html/draft-ietf-bfd-multipoint-13
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-bfd-multipoint-13
Will respond to your comments on the Active Tails shortly.
Regards,
Greg
On Mon, Jan 29, 2018 at 11:47 AM, Reshad Rahman (rrahman)
<[email protected]> wrote:
> Greg, these changes are good with me.
>
>
>
> Regards,
>
> Reshad.
>
>
>
> From: Greg Mirsky <[email protected]>
> Date: Monday, January 29, 2018 at 1:04 PM
> To: "Reshad Rahman (rrahman)" <[email protected]>
> Cc: "Carlos Pignataro (cpignata)" <[email protected]>, Jeffrey Haas
> <[email protected]>, "[email protected]" <[email protected]>
> Subject: Re: WGLC for BFD Multipoint documents (last round)
>
>
>
> Hi Reshad,
>
> nits fixed and the new text below:
>
> OLD TEXT
>
> A number of values of the state variable are added to the base BFD…
>
> NEW TEXT
>
> A number of new values of the state variable bfd.SessionType are added to
> the base BFD…
>
> Would you accept this update?
>
>
>
> Regards,
>
> Greg
>
>
>
> On Mon, Jan 29, 2018 at 5:52 AM, Reshad Rahman (rrahman)
<[email protected]>
> wrote:
>
> Hi Greg,
>
>
>
> Section 4.2. s/The head has a session of type MultipointHead Section
4.4.1/
> The head has a session of type MultipointHead, as defined in Section
4.4.1,
> /
> Section 4.4.1. “A number of values of the state variable are added to the
> base BFD…”. That sentence needs rewording IMO but maybe I’m just missing
> what it’s trying to convey.
> Section 4.6. s/Active role , / Active role, /
> Section 4.10. “MUST send packets with P bit set.”. Did we agree on “MUST
> send packets with the P bit set.”?
>
>
>
> Regards,
>
> Reshad.
>
>
>
> <snip>
>
>
