[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[RRG] Re: LISP gleaning looks insecure and therefore unusable

To: Robin Whittle <rw@firstpr.com.au>
Subject: [RRG] Re: LISP gleaning looks insecure and therefore unusable
From: Dino Farinacci <dino@cisco.com>
Date: Sat, 8 Mar 2008 20:32:45 -0800
Cc: Routing Research Group <rrg@psg.com>
In-reply-to: <47D1485F.8040903@firstpr.com.au>
References: <47D1485F.8040903@firstpr.com.au>

Short version:    Gleaning seems to be completely insecure,
                 so I can't imagine how it could be useful.

You just don't use a glean until you complete a Map-Request/Map-Replyexchange. That way you test the outer SA of the packet to echo apacket back to you with the nonce you provided.

Not only do you want to verify the locator, but you want to get theother locators associated with the EID-prefix.

do not contain the word "glean".

Here is my understanding of gleaning, by way of an example:

  HostA-->--R1==>==R2==>==R3-->--HostB

HostA sends a packet to HostB.  HostB's address is within a
LISP-mapped EID prefix.  R1 functions as an ITR and (after gaining
the mapping information for HostB's address) encapsulates the packet
and tunnels it "==" to R3 which acts as an ETR.  The decapsulated
packet is sent to HostB.  (Also, perhaps R1 had no mapping, but the
packet gets to R3 via the ALT network.)

As I understand it, "gleaning" involves R3, as an ETR, taking the
outer source address of the packet it received (R1's address) as an
RLOC location, presuming it to be the address of an ETR, and the
inner packet's source address (HostA's address) and presuming this
to be an EID.

Yes, so the Map-Reply that responds to the Map-Request also providesthe EID-prefix associated with the inner SA (the source EID) from theinvoking packet.

The purpose is to have at least this gleaned mapping information:

 EID (HostA's address) mapped to RLOC (R1's address)

ready, without any delay due to mapping lookups, for the likely
event that HostB will soon send a packet right to left to HostA.

Right, but you get an unvalidated partial mapping that one has todecide if it wants to use. In our prototype, we have gleaning turnedoff by default, but when enabled, we also allow you to verify theglean. So if you turn that off, you use the glean information rightaway, otherwise you drop packets until the Map-Reply comes back.

The basic draft-farinacci-lisp-06 document can be hard to
understand, because it primarily (or solely?) applies to LISP
variants 1.0 and 1.5.  Where do LISP-NERD and LISP-ALT fit into
this?  The reader is trying to construct a concrete understanding of
how NERD and ALT would work while reading multiple documents which
reference each other in general, but perhaps not in sufficient detail.

There is a datagram based mechanism to send and receive Map-Repliesfrom the main spec. But how and where Map-Requests or Data Probes aresent, depends on the mapping database.


So Data Probes are used in:

1) LISP 1.0.
2) LISP-ALT

And Map-Requests only are used in:

1) LISP-CONS
2) Gleaning

And both Data Probes and Map-Requests are used in:

1) LISP-ALT

And Nerd doesn't use any Data Probe or Map-Request because the mappingdata comes to you via the push mechanism.


Dino



--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg

Follow-Ups:
- [RRG] Re: LISP gleaning looks insecure and therefore unusable
  - From: Robin Whittle <rw@firstpr.com.au>

References:
- [RRG] LISP gleaning looks insecure and therefore unusable
  - From: Robin Whittle <rw@firstpr.com.au>

Prev by Date: Re: [RRG] Happiness; lack thereof
Next by Date: [RRG] Re: LISP PMTU & fragmentation problems
Previous by thread: Re: [RRG] LISP gleaning looks insecure and therefore unusable
Next by thread: [RRG] Re: LISP gleaning looks insecure and therefore unusable
Index(es):
- Date
- Thread