[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Idr] I-D ACTION:draft-ietf-idr-bgp-identifier-09.txt

To: Ilya Varlashkin <Ilya.Varlashkin at de.easynet.net>
Subject: Re: [Idr] I-D ACTION:draft-ietf-idr-bgp-identifier-09.txt
From: Enke Chen <enkechen at cisco.com>
Date: Wed, 14 May 2008 12:52:53 -0700
Authentication-results: rtp-dkim-1; header.From=enkechen at cisco.com; dkim=pass ( sig from cisco.com/rtpdkim1001 verified; );
Cc: idr at ietf.org
Delivered-to: ietfarch-idr-web-archive at core3.amsl.com
Delivered-to: idr at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=2076; t=1210794716; x=1211658716; c=relaxed/simple; s=rtpdkim1001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=enkechen at cisco.com; z=From:=20Enke=20Chen=20<enkechen at cisco.com> |Subject:=20Re=3A=20[Idr]=20I-D=20ACTION=3Adraft-ietf-idr-b gp-identifier-09.txt |Sender:=20 |To:=20Ilya=20Varlashkin=20<Ilya.Varlashkin at de.easynet.net>; bh=97ysmDXyh0v2Det9E0YYxwhBYWXP1cBlPljMBgO5Xec=; b=Jo27OV+E1Sh1liCHqnplm4eLR+ll0MYBAlb1+nTZVmCld1LUrUaWQE6gfx rFkpV5n3XPjytnNqcUibcYmEuGcqRqZzMfqVq4TDojp2Wd1/ULYd4fuhDCAB rMoEzKLv3Z;
In-reply-to: <7000E71D8C525042A815432358B2F1240138D4B2@paul.adoffice.local.de.easynet.net>
List-archive: <http://www.ietf.org/pipermail/idr>
List-help: <mailto:idr-request@ietf.org?subject=help>
List-id: Inter-Domain Routing <idr.ietf.org>
List-post: <mailto:idr@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
References: <20080513174501.449F63A683C@core3.amsl.com> <7000E71D8C525042A815432358B2F1240138D4B2@paul.adoffice.local.de.easynet.net>
Sender: idr-bounces at ietf.org
User-agent: Thunderbird 2.0.0.14 (Windows/20080421)

Hi, Ilya:

Please note that the OPEN message processing (and the session 
establishment) is on a per-session basis. Thus the collision resolution 
of one session (either ibgp or ebgp) would not impact another session.

Regards,   -- Enke

Ilya Varlashkin wrote:
>> -----Original Message-----
>> From: idr-bounces at ietf.org [mailto:idr-bounces at ietf.org] On 
>> Behalf Of Internet-Drafts at ietf.org
>> Sent: Tuesday, May 13, 2008 7:45 PM
>> To: i-d-announce at ietf.org
>> Cc: idr at ietf.org
>> Subject: [Idr] I-D ACTION:draft-ietf-idr-bgp-identifier-09.txt
>>
>> A New Internet-Draft is available from the on-line 
>> Internet-Drafts directories.
>>     
>
> I've looked at the draft and in current state there are potentially
> problems with sections 2.3 and 4 as follow:
>
> Consider existing iBGP session within AS-A where identifier of the
> remote side is X, and then new session connection comes from AS-B but
> also having BGP identifier of X. If AS-B is numerically larger than
> AS-A, then according to section 2.3 of the draft iBGP session towards
> router with id X should be closed.
>  This is security issue - an attacker
> with high AS number could deliberately set router-id to be same as some
> other router of a peering network (they may or may not be penalised for
> this but perhaps they want to do it anyway), effectively causing
> shutdown of iBGP session in remote AS. Nevertheless, section 4 of the
> draft says that security issues are not changed by the draft - I believe
> they're, and they make protocol weaker than original spec.
>
> If it's necessary to relax BGP ID definition and have it unique only
> locally within given AS, then in all collision detections BGP ID should
> only be compared when ASN are equal. If two sessions have same BGP ID on
> remote end but each with different ASN, then they should be considered
> as different routers.
>
> Kind regards,
> iLya
> _______________________________________________
> Idr mailing list
> Idr at ietf.org
> https://www.ietf.org/mailman/listinfo/idr
>   

_______________________________________________
Idr mailing list
Idr at ietf.org
https://www.ietf.org/mailman/listinfo/idr

References:
- [Idr] I-D ACTION:draft-ietf-idr-bgp-identifier-09.txt
  - From: Internet-Drafts
- Re: [Idr] I-D ACTION:draft-ietf-idr-bgp-identifier-09.txt
  - From: Ilya Varlashkin

Prev by Date: Re: [Idr] Early MIB Dr. Review of draft-ietf-idr-bgp4-mibv2-06.txt
Next by Date: Re: [Idr] Fwd: New Version Notification for draft-scudder-idr-rfc3392-bis-00
Previous by thread: Re: [Idr] I-D ACTION:draft-ietf-idr-bgp-identifier-09.txt
Next by thread: [Idr] I-D Action:draft-ietf-idr-rfc3392bis-00.txt
Index(es):
- Date
- Thread