[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Begin last call on draft-ietf-opsec-routing-capabilities-00.txt
Hi Dan,
I agree with you that internal memory should be added to the resource list.
For limiting the resource for managment function, I think it should be
addressed in section 5.2 rather than 5.1 if the only concern for limiting
resource for mgt. function is to ensure resource for routing function.
However, I am not sure whether there are other functions other than routing
to be assured with esource for functioning properly. If this is the case,
definitely limiting resource for management function (probably also routing)
is appropriate.
Thanks,
Miao
> -----Original Message-----
> From: owner-opsec@psg.com [mailto:owner-opsec@psg.com] On
> Behalf Of Romascanu, Dan (Dan)
> Sent: Wednesday, January 31, 2007 8:01 PM
> To: patrick cain; opsec@ops.ietf.org
> Subject: RE: Begin last call on
> draft-ietf-opsec-routing-capabilities-00.txt
>
> I have a comment concerning Section 5.1.- Ensure Resources
> for Management Functions. While this section is well written,
> and I agree with what is included by now, I believe that the
> scope of the section should also address the threat of using
> for management functions an amount of resources at ingress to
> the device, on egress from the device, for internal
> transmission, internal memory and processing higher than
> normal at the detriment of the routing capabilities. The
> reasons for doing this are to a certain extent similar to the
> ones that are mentioned in Section 5.3 for IP multicast
> traffic. The experience has shown that management stacks that
> were not designed carefully enough or had bugs could be used
> for DoS attacks that create a high level of traffic at
> ingress and egress which if prioritized relative to the
> routing protocol can saturate the in-band communication
> channels, or could consume internal CPU and memory resources
> that preempt the normal functionality of the router. For this
> purpose I suggest that section 5.1 is extended to deal with
> both minimal and maximal limits of resources used for
> management functions and re-named 'Ensure and Limit Resources
> for Management Functions'.
>
> I would also suggest that internal memory is added to the
> list of resources taken into considerations in Section 5
> together with resources at ingress to the device, on egress
> from the device, for internal transmission, and processing.
>
> I hope this helps.
>
> Dan
>
>
>
>
>
> > -----Original Message-----
> > From: owner-opsec@psg.com [mailto:owner-opsec@psg.com] On Behalf Of
> > patrick cain
> > Sent: Saturday, January 13, 2007 5:07 PM
> > To: opsec@ops.ietf.org
> > Subject: Begin last call on
> > draft-ietf-opsec-routing-capabilities-00.txt
> >
> > Hi,
> >
> > I hope everyone had (or will have) a calm and happy holiday season.
> > Continuing our goal of progressing through all the OPSEC
> documents...
> >
> > The authors and co-chairs think that this document is ready for
> > progression.
> > This begins working group last call on:
> >
> > http://www.ietf.org/internet-drafts/draft-ietf-opsec-routing-c
> > apabilities-00
> > .txt
> >
> > "Routing Control Plane Security Capabilities"
> >
> >
> > The last call will terminate at the end of the month (Wednesday
> > January 31, 2007).
> >
> > Comments to the list please.
> >
> > Thanks,
> > Pat (and Ross)
> >
> >
>
>