[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lisp-interest] LISP-ALT and security

To: "Erik Nordmark" <erik.nordmark@sun.com>
Subject: Re: [lisp-interest] LISP-ALT and security
From: "Benson Schliesser" <bensons@riot.queuefull.net>
Date: Thu, 31 Jul 2008 10:15:31 -0400 (EDT)
Cc: "Scott Brim" <swb@employees.org>, "Roque Gagliano" <rgaglian@fing.edu.uy>, lisp-interest@lists.civil-tongue.net
Importance: Normal
In-reply-to: <48917F8F.60205@sun.com>
References: <245483372-1217441290-cardhu_decombobulator_blackberry.rim.net-1673143275-@bxe036.bisx.prod.on.blackberry> <48917F8F.60205@sun.com>
Sender: owner-list-interest@lists.civil-tongue.net
User-agent: SquirrelMail/1.4.10a-1.fc6

On Thu, July 31, 2008 05:02, Erik Nordmark wrote:
> From a security perspective there isn't an issue with allowing an ETR
> who has authority to speak for /22 EID prefix to provide separate
> information (priorities, weights, even RLOCs) for different sub-sets of
> that /22.

On the surface this would seem true. However, today an RIR assigns a block
to an ISP and the ISP sub-delegates from that block to their customers.
The ISP has authority to speak (BGP-wise) for a /22 they've been assigned,
and I suppose any component of it that they de-aggregate for routing
regionalization etc (as long as their peers will accept that). But do we
want to allow an ISP to indicate which RLOC, weights, etc, to use to reach
the sub-delegated end-network? I'd suggest that in LISP the end-site which
is paying for the bandwidth, and possibly paying for one or more
additional/resilient ISP connections, should be the "authority" in this
regard.

To address your point directly, there may not be an ETR that is
authoritative for a /22, but rather there may be a handful of ETRs that
are authoritative for smaller sub-blocks (i.e. /24s). The delegating ISP
may have the capability (say, as a man-in-the-middle) to respond for
shorter prefixes, but it's not clear to me whether this is a good
attribute from a security perspective.

>
> (It might have an impact on scaling, but that is a different matter.)

Indeed. The ALT topology puts a handful of providers in the path of a
map-request, whom may not be in the path of the flow that follows the
map-reply. I think we can expect this to add latency to flow
establishment. I'd hate to see a delegation-security mechanism adds yet
more latency.

On the other hand, some of those providers could pro-actively respond with
information about de-aggregation in response to the initial map-request.
This would reduce establishment latency at the cost of additional packet
overhead. I'm not sure I like this approach either, especially given that
the additional traffic may have to flow via paths (say, transit-provider
connections) that I would otherwise avoid with my data flow (say, by using
peer connections).

I don't know for sure, but I suspect that we may never be able to find a
solution that scales exactly as well as the current Internet and still
provides the capabilities of LISP.

Cheers,
-Benson

Follow-Ups:
- RE: [lisp-interest] LISP-ALT and security
  - From: "Darrel Lewis (darlewis)" <darlewis@cisco.com>

References:
- Re: [lisp-interest] LISP-ALT and security
  - From: bensons@riot.queuefull.net
- Re: [lisp-interest] LISP-ALT and security
  - From: Erik Nordmark <erik.nordmark@sun.com>

Prev by Date: Re: [lisp-interest] LISP-ALT and security
Next by Date: RE: [lisp-interest] LISP-ALT and security
Previous by thread: Re: [lisp-interest] LISP-ALT and security
Next by thread: RE: [lisp-interest] LISP-ALT and security
Index(es):
- Date
- Thread