[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-nakibly-v6ops-tunnel-loops as a WG item? (was Re: Agenda for 78th IETF)
It is important to document all issues, good and bad, with automatic
tunneling, and we found Gabi's analysis useful with 6rd. As such, I
support it becoming a WG document.
However, one thing that is missing here is a sufficient discussion of
the operational environment for which the automatic mechanisms mentioned
are targeted or are deployed today. For example, 6rd is targeted at a
certain domain of operation within an SP network, ISATAP is more
commonly found within enterprise deployments, etc. As such, if we
publish this as an IETF work, I think it at least needs a clear mention
that such operational domain considerations are not a part of the
analysis, or an expansion of scope to include them. Also, the real
threat of tunnel loops is dependent upon where the loops can be launched
and sustained (some loops are bad, some don't really matter), and other
mitigations may exist outside of those described in the document when
deploying an automatic tunneling mechanism that is not reachable on the
open Internet.
As for the mitigation recommendations described in the document, some
are borderline protocol modifications (as they recommend filtering
techniques beyond what is typically configurable by standard ACLs), and
as such could be stepping out of charter a bit for v6ops. I would be far
more comfortable with an Informational target with no normative text
(and no text suggesting what kind of "simple" checks a router "can" do,
but rather text suggesting what a router "could" in the event that some
other router fails to do something else...).
- Mark
On 7/4/10 12:43 AM, Fred Baker wrote:
> Over to the list. Opinions?
>
> On Jul 3, 2010, at 12:23 PM, Gabi Nakibly wrote:
>
>> Fred,
>> I would like to propose the adoption of the
>> draft draft-nakibly-v6ops-tunnel-loops as a WG item. The draft documents the
>> routing loop attack and mitigation measures and practices as discussed on the
>> list. I believe that the document contains some useful information for network
>> operators who wishes to securely deploy IPv6 within an IPv4 network. The
>> document falls under goal #2 of the WG charter:
>>
>> 2. Publish Informational or BCP RFCs that identify potential security
>> risks in the operation of shared IPv4/IPv6 networks, and document
>> operational practices to eliminate or mitigate those risks.
>>
>> I will appreciate yours and the list's feedback.
>>
>> Best regards,
>> Gabi
>>
>> ----- Original Message ----
>>> From: Fred Baker <fred@cisco.com>
>>> To: IPv6 Operations <v6ops@ops.ietf.org>
>>> Sent: Mon, June 28, 2010 9:55:41 AM
>>> Subject: Agenda for 78th IETF
>>>
>>> I rather expected to get requests for
>>>
>>> draft-sarikaya-v6ops-prefix-delegation-01.txt
>>> draft-nakibly-v6ops-tunnel-loops-02.txt
>>> draft-korhonen-v6ops-3gpp-eps-03.txt
>>> draft-ietf-v6ops-incremental-cgn-01.txt
>>>
>>> What I have is the following.
>>>
>>> Those who want agenda time should please post drafts to support it and should
>>> let me know. We were in fact given two slots in the initial agenda. If things
>>> remain as they stand, I'll cut that back to one.
>>>
>>> Begin forwarded message:
>>>
>>>> From: Fred Baker <fred@cisco.com>
>>>> Date: June 24, 2010 5:33:31 AM PDT
>>>> To: IPv6 Operations <v6ops@ops.ietf.org>
>>>> Subject: Agenda call
>>>>
>>>> Anyone who wants time, please drop me a note.
>>>>
>>>> Note that the Secretariat and IESG are currently struggling with the agenda,
>>> and we may very well wind up with one slot instead of two. I want to give all
>>> the time needed for discussions we need to have, and not waste time arguing for
>>> the second slot if we won't actually use it. So I really need to know this week.
>>>
>>> Begin forwarded message:
>>>
>>>> From: "Gunter Van de Velde (gvandeve)" <gvandeve@cisco.com>
>>>> Date: June 24, 2010 7:19:46 AM PDT
>>>> To: "Fred Baker (fred)" <fred@cisco.com>, "IPv6 Operations"
>>> <v6ops@ops.ietf.org>
>>>> Cc: "Ole Troan" <ot@cisco.com>, <tjc@ecs.soton.ac.uk>
>>>> Subject: RE: Agenda call
>>>>
>>>> Ole, Tim and myself would like few minutes on the harmful tunnels work.
>>>> It is to be re-submitted very soon.
>>>>
>>>> G/
>>>>
>>>
>>>
>>> Begin forwarded message:
>>>
>>>> From: Rajeev Koodli <rkoodli@cisco.com>
>>>> Date: June 24, 2010 5:51:55 AM PDT
>>>> To: Fred Baker <fred@cisco.com>
>>>> Subject: Re: Agenda call
>>>>
>>>>
>>>> ------ Forwarded Message
>>>> From: Rajeev Koodli <rkoodli@cisco.com>
>>>> Date: Sat, 19 Jun 2010 18:09:06 -0700
>>>> To: Fred Baker <fred@cisco.com>
>>>> Conversation: Looking for v6ops agenda items
>>>> Subject: Re: Looking for v6ops agenda items
>>>>
>>>>
>>>> Hi Fred,
>>>>
>>>> I would like 10 minutes please. Depending on the "agenda density", I could
>>>> use 5 more minutes for Q&A.
>>>>
>>>> draft-ietf-v6ops-v6-in-mobile-networks
>>>>
>>>> Thanks,
>>>>
>>>> -Rajeev
>>>>
>>> Begin forwarded message:
>>>
>>>> From: "Gunter Van de Velde (gvandeve)" <gvandeve@cisco.com>
>>>> Date: June 24, 2010 7:22:15 AM PDT
>>>> To: "Fred Baker (fred)" <fred@cisco.com>
>>>> Cc: "Tony Hain (ahain)" <ahain@cisco.com>, "Chip Popoviciu (cpopovic)"
>>> <cpopovic@cisco.com>
>>>> Subject: RE: Agenda call
>>>>
>>>> Hi Fred,
>>>>
>>>> I would like to ask 10 minutes time to discuss "IP protocol
>>>> selection"... its not a draft yet, but the idea is out there and I just
>>>> have to write it down... should be done rather soon once I get to it.
>>>>
>>>> G/
>>> Begin forwarded message:
>>>
>>>> From: <Jason.Weil@cox.com>
>>>> Date: June 27, 2010 11:39:30 AM PDT
>>>> To: <fred@cisco.com>
>>>> Cc: <marla.azinger@frontiercorp.com>, <tli@cisco.com>
>>>> Subject: RE: Agenda call
>>>>
>>>> Fred,
>>>>
>>>> Tony Li, Marla Azinger and I would like a few minutes to discuss a CIDR for
>>> IPv6 draft which is basically an update to RFC4632. It will be submitted to the
>>> list shortly. Either Marla or I will be in attendance to present.
>>>>
>>>> Thanks,
>>>>
>>>> Jason
>>>
>>>
>>>
>>
>>
>>
>>
>
> http://www.ipinc.net/IPv4.GIF
>
>
>