[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[RRG] Re: LISP gleaning looks insecure and therefore unusable



Short version:    Gleaning seems to be completely insecure,
                 so I can't imagine how it could be useful.

You just don't use a glean until you complete a Map-Request/Map-Reply exchange. That way you test the outer SA of the packet to echo a packet back to you with the nonce you provided.

Not only do you want to verify the locator, but you want to get the other locators associated with the EID-prefix.

do not contain the word "glean".

Here is my understanding of gleaning, by way of an example:

  HostA-->--R1==>==R2==>==R3-->--HostB

HostA sends a packet to HostB.  HostB's address is within a
LISP-mapped EID prefix.  R1 functions as an ITR and (after gaining
the mapping information for HostB's address) encapsulates the packet
and tunnels it "==" to R3 which acts as an ETR.  The decapsulated
packet is sent to HostB.  (Also, perhaps R1 had no mapping, but the
packet gets to R3 via the ALT network.)

As I understand it, "gleaning" involves R3, as an ETR, taking the
outer source address of the packet it received (R1's address) as an
RLOC location, presuming it to be the address of an ETR, and the
inner packet's source address (HostA's address) and presuming this
to be an EID.

Yes, so the Map-Reply that responds to the Map-Request also provides the EID-prefix associated with the inner SA (the source EID) from the invoking packet.

The purpose is to have at least this gleaned mapping information:

 EID (HostA's address) mapped to RLOC (R1's address)

ready, without any delay due to mapping lookups, for the likely
event that HostB will soon send a packet right to left to HostA.

Right, but you get an unvalidated partial mapping that one has to decide if it wants to use. In our prototype, we have gleaning turned off by default, but when enabled, we also allow you to verify the glean. So if you turn that off, you use the glean information right away, otherwise you drop packets until the Map-Reply comes back.

The basic draft-farinacci-lisp-06 document can be hard to
understand, because it primarily (or solely?) applies to LISP
variants 1.0 and 1.5.  Where do LISP-NERD and LISP-ALT fit into
this?  The reader is trying to construct a concrete understanding of
how NERD and ALT would work while reading multiple documents which
reference each other in general, but perhaps not in sufficient detail.

There is a datagram based mechanism to send and receive Map-Replies from the main spec. But how and where Map-Requests or Data Probes are sent, depends on the mapping database.

So Data Probes are used in:

1) LISP 1.0.
2) LISP-ALT

And Map-Requests only are used in:

1) LISP-CONS
2) Gleaning

And both Data Probes and Map-Requests are used in:

1) LISP-ALT

And Nerd doesn't use any Data Probe or Map-Request because the mapping data comes to you via the push mechanism.

Dino



--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg