[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Begin last call on draft-ietf-opsec-routing-capabilities-00.txt

To: "patrick cain" <pcain@coopercain.com>, <opsec@ops.ietf.org>
Subject: RE: Begin last call on draft-ietf-opsec-routing-capabilities-00.txt
From: "Romascanu, Dan $Dan$" <dromasca@avaya.com>
Date: Wed, 31 Jan 2007 14:01:27 +0200
References: <01a801c73724$7453ae60$7401a8c0@familyroom>

I have a comment concerning Section 5.1.- Ensure Resources for
Management Functions. While this section is well written, and I agree
with what is included by now, I believe that the scope of the section
should also address the threat of using for management functions an
amount of resources at ingress to the device, on egress from the device,
for internal transmission, internal memory and processing higher than
normal at the detriment of the routing capabilities. The reasons for
doing this are to a certain extent similar to the ones that are
mentioned in Section 5.3 for IP multicast traffic. The experience has
shown that management stacks that were not designed carefully enough or
had bugs could be used for DoS attacks that create a high level of
traffic at ingress and egress which if prioritized relative to the
routing protocol can saturate the in-band communication channels, or
could consume internal CPU and memory resources that preempt the normal
functionality of the router. For this purpose I suggest that section 5.1
is extended to deal with both minimal and maximal limits of resources
used for management functions and re-named 'Ensure and Limit Resources
for Management Functions'. 

I would also suggest that internal memory is added to the list of
resources taken into considerations in Section 5 together with resources
at ingress to the device, on egress from the device, for internal
transmission, and processing.

I hope this helps. 

Dan


 
 

> -----Original Message-----
> From: owner-opsec@psg.com [mailto:owner-opsec@psg.com] On 
> Behalf Of patrick cain
> Sent: Saturday, January 13, 2007 5:07 PM
> To: opsec@ops.ietf.org
> Subject: Begin last call on 
> draft-ietf-opsec-routing-capabilities-00.txt
> 
> Hi,
> 
> I hope everyone had (or will have) a calm and happy holiday season.
> Continuing our goal of progressing through all the OPSEC documents...
> 
> The authors and co-chairs think that this document is ready 
> for progression.
> This begins working group last call on:
> 
> http://www.ietf.org/internet-drafts/draft-ietf-opsec-routing-c
> apabilities-00
> .txt
> 
>  "Routing Control Plane Security Capabilities"
>               
> 
> The last call will terminate at the end of the month 
> (Wednesday January 31, 2007).
> 
> Comments to the list please.
> 
> Thanks,
> Pat (and Ross) 
> 
>

Follow-Ups:
- RE: Begin last call on draft-ietf-opsec-routing-capabilities-00.txt
  - From: Miao Fuyou <miaofy@huawei.com>

References:
- Begin last call on draft-ietf-opsec-routing-capabilities-00.txt
  - From: "patrick cain" <pcain@coopercain.com>

Prev by Date: RE: Begin last call on draft-ietf-opsec-routing-capabilities-00.txt
Next by Date: RE: Begin last call on draft-ietf-opsec-routing-capabilities-00.txt
Previous by thread: RE: Begin last call on draft-ietf-opsec-routing-capabilities-00.txt
Next by thread: RE: Begin last call on draft-ietf-opsec-routing-capabilities-00.txt
Index(es):
- Date
- Thread