Hi Adam, thank you for the review. Will certainly work with Ben to reach the acceptable solution. Please find my answer to your question below tagged GIM>>.
Regards, Greg On Mon, Jul 2, 2018 at 8:38 PM, Adam Roach <[email protected]> wrote: > Adam Roach has entered the following ballot position for > draft-ietf-bfd-multipoint-active-tail-09: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-bfd-multipoint-active-tail/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I had the same question that Ben poses in his DISCUSS, and support > untangling > the question before continuing progression of the document. > > ------------------------------------------------------------ > --------------- > > I've dug around some of the BFD documents but can't quite figure out how > the > tail knows which address to use when responding to a multipoint poll query. > The reason I went looking is: if the head has some means of indicating to > the > tails where such responses should be sent, then it has the ability to > coordinate > a massive DDoS attack on a selected victim address. Is this possible? > GIM>> The tail must know the identity, e.g., IP address, of the head as it uses it as one of elements in demultiplexing received BFD Control packets. In case of IP/UDP encapsulation the tail checks Source IP address against the list of valid sources. There's no Source ID in BFD control packet itself.
