[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RRG] Initial comments on the LISP proposal
Some initial comments on the LISP proposal:
Thanks for the comments.
1) The ICMP reply that is triggered by the first packet(s) from the
ITR to the ETR do not seem to contain any information that could
The Reply goes from the ETR to the ITR.
help the ITR know that the reply is in fact coming from a
legitimate on-path ETR. Perhaps add a message digest (MD5 or other)
to the ICMP reply so that off-path attacker risks can be mitigated?
Security is going to be addressed in the -01 draft. By using nonces
and not accepting unsolicited replies solves most of this.
2) The mechanism is really an open-ended automatic tunneling
mechanism.
This means that it will send encapsulated packets without having
any
way of knowing whether a suitably-configured decapsulator exists on
This depends on how you do the mapping. If the mapping is pushed and
the ETR registers Locators, then you do know. When you don't know,
the host sends packet a ICMP protocol unreachable message.
For TE tunnels, you do know because most likely shared-keys will be
used so there will be a bilateral setup of the tunnel. That means, a
technical contract between two ISPs.
the path. Some systems may refuse to accept encapsulated packets if
they do not have at least a tunnel interface configured a priori,
This depends on the implementation. I plan to not support it this
way. LISP does not require the implementation to configure static
tunnel interfaces in the ITRs and ETRs but strongly recommends it for
TE-ITRs and TE-ETRs.
3) Sending encapsulated packets when there is no way of knowing
whether there is a suitably-configured decapsulator on the path
could fail to reach some services, e.g., services that reside
behind NAT boxes and have "holes" punched in the NAT that only
recognize unencapsulated packets.
Same issue when you don't inject your site based route into BGP.
4) The spec doesn't say for how long the ITR will continue to send
encapsulated packets when it gets no replies back from an ETR.
I will fix that, but intentionally left it out so I can get some
implementation experience first before choosing a number.
Will it continue to send the encapsulated packets for the entire
duration of the flow? If so, this may not work in some cases (see
above) and will add unnecessary encapsulation overhead in other
cases. Either way, it seems that legacy systems may suffer before
the scheme becomes widely deployed.
We will be using routable-IDs globally only for the first phase. We
plan to have a LISP 3.0 solution soon so we never have routable IDs.
That is the best direction to pursue.
The ultimate goal should be to address all sites with PI blocks and
not have those blocks injected into BGP. We really need to get to
this goal as soon as possible (for both IPv4 and IPv6).
5) There is also the issue of unnessary IP fragmentation on the path
when the ITR is not careful about the size of the tunneled packets
it sends.
Yep, a problem with any tunneling design.
Thanks again. I will get numbers in the spec in about a month or so.
Dino
--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg