Re: [IPFIX] draft-ietf-ipfix-protocol-26.txt

To: "Scott O. Bradner" <sob at harvard.edu>
Subject: Re: [IPFIX] draft-ietf-ipfix-protocol-26.txt
From: Stewart Bryant <stbryant at cisco.com>
Date: Tue, 25 Sep 2007 23:02:52 +0100
Authentication-results: ams-dkim-2; header.From=stbryant@cisco.com; dkim=pass ( sig from cisco.com/amsdkim2001 verified; );
Cc: ietf at ietf.org, ipfix at ietf.org, tsv-dir at ietf.org
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1508; t=1190757768; x=1191621768; c=relaxed/simple; s=amsdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=stbryant@cisco.com; z=From:=20Stewart=20Bryant=20<stbryant@cisco.com> |Subject:=20Re=3A=20[IPFIX]=20draft-ietf-ipfix-protocol-26.txt |Sender:=20; bh=xn++igkHgMf0ABhkoRjUx+w3LmL5xoLt10w8FWNW4fc=; b=Cu+K2h/3647xJv6oZCpz6gI8VS1O06goKaXbZ2sWzrpi4SgebvreOmz9urhDcO68iIy/70qJ vKMA7nqP0+xto+Sg40YtPldylVR+Hlyx74MVjHehf/7bJS7WqHh98j5c;
In-reply-to: <20070925111608.9C12A587283@newdev.eecs.harvard.edu>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <20070925111608.9C12A587283@newdev.eecs.harvard.edu>
Reply-to: stbryant at cisco.com
User-agent: Thunderbird 2.0.0.6 (Macintosh/20070728)

Scott

Historically the biggest issue with IPFIX has been that most
implementers want to run it over UDP with consequences be dammed.  -
this was weaseled in the IPFIX Requirements document (RFC 3917) by
requiring (in section 6.3.1) that "For the data transfer, a congestion
aware protocol must be supported."  This draft meets that requirement by
making the implementation of SCTP a MUST.  That will not stop many
implementers from ignoring the requirement for implementation or users
to enable UDP and thus creating a potentially very high bandwidth
non-congestion avoiding fire hose that can quite easily wipe out a net
by misconfiguration or become a DoS engine by purposeful configuration.
I'm not sure if anything can be actually be done about this risk - It might help some to say that UDP is a "MUST NOT" but I doubt it - in any case it would help somewhat, imho, to expand section 10.3 to be clearer about the threats posed by any use of a non-congestion avoiding transport protocol or to do that in the Security Considerations section


There is text in section 10.1 which states:

UDP MAY be used although it is not a congestion aware protocol. However, the IPFIX traffic between Exporter and Collector MUST run in an environment where IPFIX traffic has been provisioned for or is contained through some other means.

This sets out the set of conditions that MUST be fulfilled in order to run IPFIX over UDP safely.

Stewart

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Follow-Ups:
- Re: [IPFIX] draft-ietf-ipfix-protocol-26.txt
  - From: Scott O. Bradner

References:
- draft-ietf-ipfix-protocol-26.txt
  - From: Scott O. Bradner

Prev by Date: Re: IETF solution for pairing cellular hosts
Next by Date: Re: [IPFIX] draft-ietf-ipfix-protocol-26.txt
Previous by thread: RE: draft-ietf-ipfix-protocol-26.txt
Next by thread: Re: [IPFIX] draft-ietf-ipfix-protocol-26.txt
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: [IPFIX] draft-ietf-ipfix-protocol-26.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.