comments last call IDR draft-ietf-idr-flow-spec-03.txt
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
comments last call IDR draft-ietf-idr-flow-spec-03.txt
I have a few textual nits which I will forward to the authors, however I
have an areas of concern in from an implementation perspective.
section-3 page 10 paragraph states
If a given component type within a prefix in unknown, the prefix in
question cannot be used for traffic filtering purposes by the
receiver. Since a Flow Specification as the semantics of a logical
AND of all components, if a component is FALSE by definition it
cannot be applied. However for the purposes of BGP route propagation
this prefix should still be transmitted since BGP route distribution
is independent on NLRI semantics.
It seems possible that a maliciously crafted set of components or
construct that might cause damage to a particular implementation could
be created such that it would bypass some routers(implementations) and
not other's, such that malicious data could be injected into routing
system some distance from the target and blindly forwarded because the
point of injection is unable to validate the components it doesn't
implement.
I would of course be happy to have my impression be mollified if it is
unjustified.
_______________________________________________
OPS-DIR mailing list
OPS-DIR at ietf.org
https://www.ietf.org/mailman/listinfo/ops-dir
_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www.ietf.org/mailman/listinfo/ietf
Note Well: Messages sent to this mailing list are the opinions
of the senders and do not imply endorsement by the IETF.
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
