[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: about R1bis
marcelo bagnulo braun wrote:
Two more issues related to R1bis that came to my mind:
1 - Is it important to defend a peer from a fake R1bis?
I mean, R1bis may enable some attacks similar to sending a fake TCP RST
If a peer receives a R1bis packet refering to an established context, it
will try to restablish the context, sending an I2 packet. If we assume
that the R1bis packet is fake and that the validator is not correct, the
receiver will siliently discard the I2 packet. At this point the
receiver will try to resend the I2 packet or try to send an I1 packet
again. I2 will continue to be discarded, but I1 packet will get a R2
reply, which imho will be good enough in this case. I guess that this
covers this case pretty good, so i don't think that anything else is
And faking an R1bis requires knowing the context tag.
2 - Do we want that the failure detection probes trigger a context
recovery mechanisms i.e. R1bis?
In the considered scenario, when the initial path between the ulids is
working fine, the transmission of probes to verify that the current path
is working may result in triggering the context recovery mechanisms i.e.
the transmission of a R1bis packet. Such behaviour may not be the
optimum for dealing with the case of the server that wants to discard
But I don't think we need to have optimality; question is whether it
works or not.
the clients contexts, in order to let the clients to handle fault
tolernace (the scenario suggested by Iljitsch in the ams meeting). A
possibility for dealing with this would be that probes that verify that
the current path is working do not contain context specific information
(as oposed to probes used for exploring the alternative paths, that in
order to be used for flooding prevention must carry context specific
information). I know that this would imply a change in the failure
detection protocol in Jari's draft, but maybe it would be worth to
consider this issue.
PS: agree that interaction with context confusion mechanisms needs to be
be clearly understood in order to get the full picture about this R1bis