[MEXT] [RFC3775-update] HA loop threat

To: <mext at ietf.org>
Subject: [MEXT] [RFC3775-update] HA loop threat
From: "Benjamin Lim" <benjamin.limck at sg.panasonic.com>
Date: Tue, 5 Aug 2008 13:22:38 +0800
Delivered-to: ietfarch-monami6-web-archive at core3.amsl.com
Delivered-to: mext at core3.amsl.com
List-archive: <http://www.ietf.org/pipermail/mext>
List-help: <mailto:mext-request@ietf.org?subject=help>
List-id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-post: <mailto:mext@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
Sender: mext-bounces at ietf.org
Thread-index: Acj2u0ZsnUTlG3WSQmCio8d08vWW3g==

Hi,

I am unable to ticket this issue on issue list (no permission to create new ticket), so I place proposed text in the ML.

Propose to add some text in the security consideration section to highlight such risk of routing loop among HAs.

Target section is section 15.1. under "Threats involving Binding Updates sent to home agents and correspondent nodes."

Old text
----------
None

New text
----------
A malicious mobile node associated to multiple home agents could create a routing loop amongst them. This can be achieved when a mobile node binds one home address located on a first home agent to another home address on a second home agent. This type of binding will force the home agents to route the same packet among each other without knowledge that a routing loop has been created. Such looping problem is limited to cases where a mobile node has multiple home agents. One possible deployment that may encounter such issue is the 3GPP System Architecture Evolution (SAE), where it permits a mobile device to be associated to multiple home agents. These home agents differentiate the different packet networks that the mobile device has association to (e.g. home, office). For the single home agent case, a policy at the home agent would prevent the binding of one home address to another home address hosted by the same home agent.

Motivation
----------
This threat will force HAs to route the same packet among each other without knowledge that a routing loop has been created, thus consuming the resources of the home agents. If launched in full scale (e.g. multiple sets of home addresses), this might 'shut down' the HA and affect the network. Hence, the proposal is to document it to allow people to have some knowledge such an issue may occur.

Regards,
Benjamin Lim

_______________________________________________
MEXT mailing list
MEXT at ietf.org
https://www.ietf.org/mailman/listinfo/mext

Prev by Date: Re: [MEXT] Queries/comments on 'Binding Revocation for IPv6 Mobility' draft
Next by Date: Re: [MEXT] Consensus call: Binding revocation will NOT use GSM
Previous by thread: [MEXT] Queries/comments on 'Binding Revocation for IPv6 Mobility' draft
Next by thread: [MEXT] FW: Third Nomcom 2008-9 Call for Volunteers!
Index(es):
- Date
- Thread

[MEXT] [RFC3775-update] HA loop threat

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.