[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [NSIS] GIST peering concern

To: Lauri J T Liuhto <lliuhto at cs.helsinki.fi>
Subject: Re: [NSIS] GIST peering concern
From: Roland Bless <bless at tm.uka.de>
Date: Wed, 14 Nov 2007 22:38:07 +0100
Cc: nsis at ietf.org
In-reply-to: <Pine.LNX.4.64.0711051457590.483@sbz-32.cs.Helsinki.FI>
List-help: <mailto:nsis-request@ietf.org?subject=help>
List-id: Next Steps in Signaling <nsis.ietf.org>
List-post: <mailto:nsis@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=unsubscribe>
Organization: Institute of Telematics, University of Karlsruhe
References: <Pine.LNX.4.64.0711051457590.483@sbz-32.cs.Helsinki.FI>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060111 Thunderbird/1.5 Mnenhy/0.7.3.0

Hi Lauri,

Lauri J T Liuhto wrote:
> While implementing our own NSLPs and the API between GIST and NSLPs, we 
> came across something in the current NTLP i-d we think might be a 
> problem.
> 
> In section 4.3.2 "Local Processing and Validation" it is stated that: 
> "The first option (peering) MUST be chosen if the node is the final 
> destination of the Query message, or if the GIST hop count has reached 
> zero." We think this is problematic for at least two reasons.
> 
> 1) This removes flexibility from the NSLP application and forces certain 
>    behaviour. Thus it complicates NSLP application logic, since the NSLP 
>    must be aware of this exception to its peering "wishes".
> 
> 2) It could be possible to overload resources, such as memory and UDP 
>    send rate, of a GIST node. Sending Queries with an (intentionally)  
>    low GIST hop-count would lead to nodes being forced to peer, though 
>    it is stated in the same section (4.3.2), that a node can decline 
>    peering for "overload protection reasons".

I would agree here. However, I'm not sure what the rationale
was for the current text. Probably Robert has an answer.

> We suggest that an error message be defined for the case when a flow 
> endpoint does not wish to peer, or that the definition of the "Endpoint 
> Found" message be extended to include this case. Currently section 4.3.4 
> seems to state, that "Endpoint Found" can only be sent when the NSLP is 
> not present on the GIST node.

One must be careful to not open new attack possibilities
by causing error message backscatter. For diagnostic
purposes I would also recommend to send back an error.

Regards,
 Roland


_______________________________________________
nsis mailing list
nsis at ietf.org
https://www1.ietf.org/mailman/listinfo/nsis

Follow-Ups:
- RE: [NSIS] GIST peering concern
  - From: Hancock, Robert

References:
- [NSIS] GIST peering concern
  - From: Lauri J T Liuhto

Prev by Date: [NSIS] I-D ACTION:draft-ietf-nsis-rmd-12.txt
Next by Date: [NSIS] Re: [NSIS Mobility draft] Updating from -07 to -08
Previous by thread: Re: [NSIS] GIST peering concern
Next by thread: RE: [NSIS] GIST peering concern
Index(es):
- Date
- Thread