datatracker.ietf.org
Sign in
Version 5.6.2.p6, 2014-09-03
Report a bug

Protecting the Router Control Plane
draft-ietf-opsec-protect-control-plane-06

Diffs

Document history

DateVersionByText
2012-08-22 RFC (System) post-migration administrative database adjustment to the No Objection position for Sean Turner
2012-08-22 RFC (System) post-migration administrative database adjustment to the No Objection position for Stewart Bryant
2012-08-22 RFC (System) post-migration administrative database adjustment to the Yes position for Jari Arkko
2012-08-22 RFC (System) post-migration administrative database adjustment to the No Objection position for Adrian Farrel
2012-08-22 RFC (System) post-migration administrative database adjustment to the No Objection position for Lars Eggert
2012-08-22 RFC (System) post-migration administrative database adjustment to the No Objection position for Russ Housley
2011-03-31 RFC Cindy Morgan State changed to RFC Published from RFC Ed Queue.
2011-03-31 RFC Cindy Morgan [Note]: 'RFC 6192' added
2011-03-30 RFC (System) RFC published
2010-12-23 06 Amy Vezza State changed to RFC Ed Queue from Approved-announcement sent.
2010-12-23 06 (System) IANA Action state changed to No IC from In Progress
2010-12-23 06 (System) IANA Action state changed to In Progress
2010-12-23 06 Amy Vezza IESG state changed to Approved-announcement sent
2010-12-23 06 Amy Vezza IESG has approved the document
2010-12-23 06 Amy Vezza Closed "Approve" ballot
2010-12-23 06 Amy Vezza Approval announcement text regenerated
2010-12-23 06 Amy Vezza Ballot writeup text changed
2010-12-17 06 Ron Bonica State changed to Approved-announcement to be sent from Approved-announcement to be sent::Point Raised - writeup needed.
2010-12-17 06 Ron Bonica Ballot writeup text changed
2010-12-17 06 (System) Removed from agenda for telechat - 2010-12-16
2010-12-16 06 Amy Vezza State changed to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation::AD Followup.
2010-12-16 06 Stewart Bryant
[Ballot comment]
Related to my (now cleared) discuss

OLD
For network deployments where the protocols
    used do not rely on IP options, the filter is ...[show all]
2010-12-16 06 Stewart Bryant [Ballot Position Update] Position for Stewart Bryant has been changed to No Objection from Discuss
2010-12-16 06 Lars Eggert [Ballot Position Update] Position for Lars Eggert has been changed to No Objection from Discuss
2010-12-16 06 Jari Arkko [Ballot Position Update] Position for Jari Arkko has been changed to Yes from Discuss by Jari Arkko
2010-12-16 06 Ron Bonica Ballot writeup text changed
2010-12-16 06 Ron Bonica Ballot writeup text changed
2010-12-16 06 Jari Arkko
[Ballot comment]
Ari Keränen had this comment:

4.  Security Considerations

    The filter above leaves the router susceptible to discovery from any
    host in the Internet ...[show all]
2010-12-16 06 Jari Arkko
[Ballot discuss]
This is a good document, but I had trouble with one aspect. The document
talks about filtering and rate limiting ICMP traffic and ...[show all]
2010-12-16 06 Jari Arkko [Ballot Position Update] New position, Discuss, has been recorded by Jari Arkko
2010-12-16 06 Jari Arkko
[Ballot comment]
Ari Keränen had this comment:

4.  Security Considerations

    The filter above leaves the router susceptible to discovery from any
    host in the Internet ...[show all]
2010-12-16 06 Lars Eggert
[Ballot comment]
Section 3., paragraph 0:
> 3.  Method

  You should be MUCH more clear that Section 3.1 gives a particular
  EXAMPLE of how one ...[show all]
2010-12-16 06 Lars Eggert
[Ballot discuss]
Appendix A., paragraph 0:
> Appendix A.  Configuration Examples

  DISCUSS: I believe that the sequence of configuration commands in
  appendix A.1 and A ...[show all]
2010-12-16 06 Lars Eggert [Ballot Position Update] New position, Discuss, has been recorded
2010-12-16 06 Gonzalo Camarillo [Ballot Position Update] New position, No Objection, has been recorded
2010-12-15 06 Sean Turner [Ballot Position Update] Position for Sean Turner has been changed to No Objection from Discuss
2010-12-15 06 Adrian Farrel
[Ballot comment]
Section 1

  While software instructions run on both planes, the
  router control plane software is usually not optimized for high speed
  packet handling ...[show all]
2010-12-15 06 Tim Polk [Ballot comment]
Nice document.  Clear presentation, much appreciated.

+1 on Sean's discuss...
2010-12-15 06 Tim Polk [Ballot Position Update] New position, No Objection, has been recorded
2010-12-15 06 Russ Housley
[Ballot discuss]
Based on the discussion that followed the posting of the Gen-ART
  Review by Roni Even on 2010-12-03. I expected a revided I-D to ...[show all]
2010-12-15 06 Russ Housley [Ballot Position Update] Position for Russ Housley has been changed to No Objection from Discuss
2010-12-15 06 Russ Housley
[Ballot discuss]
Based on the discussion that followed the posting of the Gen-ART
  Review by Roni Even on 2010-12-03. I expected a revided I-D to ...[show all]
2010-12-15 06 Russ Housley [Ballot Position Update] New position, Discuss, has been recorded
2010-12-15 06 (System) New version available: draft-ietf-opsec-protect-control-plane-06.txt (diff from previous)
2010-12-15 05 Stewart Bryant
[Ballot comment]
"Modern router architecture design maintains a strict separation of forwarding and router control plane hardware and software."

Firstly I agree with the sentiment ...[show all]
2010-12-15 05 Stewart Bryant
[Ballot discuss]
For network deployments where the protocols used rely on IP options, the filter is simpler to design in that it can drop all ...[show all]
2010-12-15 05 Stewart Bryant [Ballot Position Update] New position, Discuss, has been recorded
2010-12-15 05 Robert Sparks [Ballot Position Update] New position, No Objection, has been recorded
2010-12-15 05 Dan Romascanu [Ballot comment]
I support Sean's DISCUSS
2010-12-15 05 Dan Romascanu [Ballot Position Update] New position, Yes, has been recorded
2010-12-15 05 Ralph Droms
[Ballot comment]
It might be useful to add DHCP to the example because of the DHCP
relay function, rate limiting inbound DHCP traffic from clients ...[show all]
2010-12-15 05 Ralph Droms
[Ballot discuss]
I'm surprised DHCP isn't mentioned anywhere in the document.  Wouldn't the DHCP relay function be implemented in the router control ...[show all]
2010-12-15 05 Ralph Droms [Ballot Position Update] New position, No Objection, has been recorded
2010-12-14 05 Peter Saint-Andre [Ballot Position Update] New position, No Objection, has been recorded
2010-12-14 05 Sean Turner
[Ballot discuss]
As noted in the Glen Zorn's SECDIR review (http://www.ietf.org/mail-archive/web/secdir/current/msg02282.html) the RADIUS port #s ...[show all]
2010-12-14 05 Sean Turner [Ballot Position Update] New position, Discuss, has been recorded
2010-12-13 05 Adrian Farrel
[Ballot comment]
Thanks.
Revision -05 addresses the Routing Area Directorate review.
I will return and perform my own review, but for now I have cleared ...[show all]
2010-12-13 05 Adrian Farrel [Ballot Position Update] Position for Adrian Farrel has been changed to No Objection from Discuss
2010-12-12 05 (System) Sub state has been changed to AD Follow up from New Id Needed
2010-12-12 05 (System) New version available: draft-ietf-opsec-protect-control-plane-05.txt (diff from previous)
2010-12-03 04 Adrian Farrel
[Ballot discuss]
This is an interim Discuss. I shall return and possibly add further comments after I have reviewed the document.

The Routing Directorate review ...[show all]
2010-12-03 04 Adrian Farrel [Ballot Position Update] New position, Discuss, has been recorded
2010-12-03 04 Ron Bonica State changed to IESG Evaluation::Revised ID Needed from IESG Evaluation.
2010-12-03 04 Ron Bonica State changed to IESG Evaluation from Waiting for AD Go-Ahead.
2010-12-03 04 (System) State changed to Waiting for AD Go-Ahead from In Last Call.
2010-12-01 04 Ron Bonica Placed on agenda for telechat - 2010-12-16 by Ron Bonica
2010-12-01 04 Ron Bonica Note field has been cleared by Ron Bonica
2010-12-01 04 Ron Bonica [Ballot Position Update] New position, Yes, has been recorded for Ronald Bonica
2010-12-01 04 Ron Bonica Ballot has been issued by Ron Bonica
2010-12-01 04 Ron Bonica Created "Approve" ballot
2010-11-29 04 Amanda Baber We understand that this document does not require any IANA actions.
2010-11-19 04 Cindy Morgan Last call sent
2010-11-19 04 Cindy Morgan
State changed to In Last Call from Last Call Requested.

The following Last Call Announcement was sent out:

From: The IESG <iesg-secretary@ietf.org>;
To ...[show all]
2010-11-19 04 Ron Bonica Last Call was requested by Ron Bonica
2010-11-19 04 Ron Bonica State Changes to Last Call Requested from AD Evaluation::AD Followup by Ron Bonica
2010-11-19 04 (System) Ballot writeup text was added
2010-11-19 04 (System) Last call text was added
2010-11-19 04 (System) Ballot approval text was added
2010-10-25 04 (System) Sub state has been changed to AD Follow up from New Id Needed
2010-10-25 04 (System) New version available: draft-ietf-opsec-protect-control-plane-04.txt (diff from previous)
2010-10-22 03 Ron Bonica State Changes to AD Evaluation::Revised ID Needed from AD Evaluation by Ron Bonica
2010-09-15 03 Ron Bonica State Changes to AD Evaluation from AD is watching by Ron Bonica
2010-09-15 03 Ron Bonica State Changes to AD is watching from Publication Requested by Ron Bonica
2010-09-15 03 Ron Bonica Draft Added by Ron Bonica in state Publication Requested
2010-08-23 03 (System) New version available: draft-ietf-opsec-protect-control-plane-03.txt (diff from previous)
2010-08-06 02 (System) New version available: draft-ietf-opsec-protect-control-plane-02.txt (diff from previous)
2010-07-09 01 (System) New version available: draft-ietf-opsec-protect-control-plane-01.txt (diff from previous)
2010-07-04 00 (System) New version available: draft-ietf-opsec-protect-control-plane-00.txt