[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Tunnel trace

To: ccamp@ops.ietf.org
Subject: Re: Tunnel trace
From: "Philip Matthews" <philipma@nortelnetworks.com>
Date: Tue, 27 Mar 2001 23:34:26 -0500
CC: Kireeti Kompella <kireeti@juniper.net>, Ron Bonica <rbonica@mci.net>
Delivery-date: Wed, 28 Mar 2001 06:19:20 -0800
Envelope-to: ccamp-data@psg.com
Organization: Nortel Networks

I gave Ron the feedback privately after the CCAMP meeting
that it bothered me that the protocol spec required the
router at the head of the path to store a copy of the packet.
To me, this opens up lots of possibilities for denial-of-service attacks.

Here is the situation. There is a network with routers A, B, C ...
and a host H. According to the current draft, the message exchange is
- H sends a request message to A
- A saves a copy of the request message, then sends it along the tunnel to B
- B sends a reply to A
- A forwards the reply to H

If I understood what Ron told me, the reason the message exchange is worked this way is because
B may not be able to reach H directly (think of the VPN case, or the case where
one is using LDP as a BGP replacement in the core). But the Label Encap document
has already told us how to solve that problem: just send the reply along the
original tunnel until it reaches a router that can forward it to H.

According to Ron, the IESG had some objections to this solution.
I would like to know more about those objections, because this seems to be a
good solution to me.

- Philip

Kireeti Kompella wrote:
> 
> Is the requirements draft on target?  Is the protocol spec on target?
> Is either of interest?
> 
> Kireeti.

Prev by Date: Re: Two-octet bandwidth values
Next by Date: Re: Two-octet bandwidth values
Prev by thread: Tunnel trace
Next by thread: RE: Tunnel trace
Index(es):
- Date
- Thread