[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Tunnel trace

To: Philip Matthews <philipma@nortelnetworks.com>, ccamp@ops.ietf.org
Subject: RE: Tunnel trace
From: Ron Bonica <ron@bonica.org>
Date: Sun, 01 Apr 2001 00:47:16 -0500
Cc: Kireeti Kompella <kireeti@juniper.net>
Delivery-date: Sat, 31 Mar 2001 22:03:26 -0800
Envelope-to: ccamp-data@psg.com

Philip,

Thanks for your comments. Response inline...

> -----Original Message-----
> From: owner-ccamp@ops.ietf.org [mailto:owner-ccamp@ops.ietf.org]On
> Behalf Of Philip Matthews
> Sent: Tuesday, March 27, 2001 11:34 PM
> To: ccamp@ops.ietf.org
> Cc: Kireeti Kompella; Ron Bonica
> Subject: Re: Tunnel trace
>
>
> I gave Ron the feedback privately after the CCAMP meeting
> that it bothered me that the protocol spec required the
> router at the head of the path to store a copy of the packet.
> To me, this opens up lots of possibilities for denial-of-service attacks.
>
> Here is the situation. There is a network with routers A, B, C ...
> and a host H. According to the current draft, the message exchange is
> - H sends a request message to A
> - A saves a copy of the request message, then sends it along the
> tunnel to B
> - B sends a reply to A
> - A forwards the reply to H
>
> If I understood what Ron told me, the reason the message exchange
> is worked this way is because
> B may not be able to reach H directly (think of the VPN case, or
> the case where
> one is using LDP as a BGP replacement in the core). But the Label
> Encap document
> has already told us how to solve that problem: just send the
> reply along the
> original tunnel until it reaches a router that can forward it to H.
>
> According to Ron, the IESG had some objections to this solution.
> I would like to know more about those objections, because this
> seems to be a
> good solution to me.

This was the strategy of the MPLS-ICMP draft. Speaking for myself (and not
necessarily echoing the sentiments of the IESG), I can see the following
problem with this stragegy:

You might be tracing the tunnel because there is a break or loop somewhere
downstream of the point where the traceProbe timed out. In that case, there
is no hope of getting the traceResponse to the tail end of the tunnel.

                                            Ron

>
> - Philip
>
>
> Kireeti Kompella wrote:
> >
> > Is the requirements draft on target?  Is the protocol spec on target?
> > Is either of interest?
> >
> > Kireeti.
>
>
>

Prev by Date: Re: Last Call on RSVP Label Allocation for Backup Tunnels
Next by Date: Re: Last Call on RSVP Label Allocation for Backup Tunnels
Prev by thread: Re: Tunnel trace
Next by thread: Two-octet bandwidth values
Index(es):
- Date
- Thread