Hiding Transit-Only Networks in OSPF
draft-ietf-ospf-prefix-hiding-07

[Ballot comment]
Thanks for addressing the majority of my Discuss points and Comments.

One issue remains that I have moved from the Discuss to this Comment:
I really think that the use of RFC 2119 language in 2.1.2 and subsequent
is inappropriate. In my opinion you are just describing what an
implementation does if it wants to achieve a particular effect. You are
not describing mandatory to implement interoperability behaviors.

[Ballot comment]
Thanks for addressing the majority of my Discuss points and Comments.

One issue remains that I have moved from the Discuss to this Comment:
I really think that the use of RFC 2119 language in 2.1.2 and subsequent
is inappropriate. In my opinion you are just describing what an
implementation does if it wants to achieve a particular effect. You are not
describing mandatory to implement interoperability behaviors.

[Ballot comment]
I read this draft a couple of times trying to figure out what you were hiding.  Then, I read Adrian's mutterings - I'm with him.

[Ballot discuss]
Updated Discuss to reflect progress with IPR and the "updates" metadata tag. Moved some smaller points to the Comment.

---

I am generally supportive of this work and see its utility, but I have a number of gripes with this document which I would like to discuss.

---

Section 2.1.1 begins brightly "For each numbered point-to-point
network..." There is no discussion in this document of unnumbered
interfaces.

---

Section 2.1.2

  To hide a transit-only point-to-point network, the Type 3 link MUST
  be omitted from the router-LSA.

This use of "MUST" makes it look like hiding has to be done all the time
even though it comes in a second clause. Wouldn't it be enough to
s/MUST be/is/ ?

This question carries forward to most of the sections of the document.

---

This is a longwinded mutter about "hiding".

By the end of Section 2.1.2 I was not convinced that anything has
actually been hidden from someone snooping OSPF. The corresponding
advertisement from RT2 will let us know...

- RT1 is directly connected to RT2.
- The addresses of RT1 and RT2.
- The addresses of the link ends.
- The link metrics.

It is only if there a several links between RT1 and RT2 that any
information is lost, and even then it is relatively easy to deduce.

Pedantically, I don't think you are hiding anything, but you are
removing reachability by excluding specific addresses from the RIB. This
is valuable and achieves the goals you intended (more rapid convergence
and protection from attacks). It isjust that you are not hiding
anything - you are making them unreachable.

To make this actionable, I think you need clarification in the Abstract
and Introduction: what are you hiding and from whom? Or better still:
drop the term "hiding" and talk about "reduced reachability" or "zero
reachability" of transit networks.

Hey! Section 8 actually gets around to saying the right stuff. Can you
lift some of this text to the Introduction?

>> email discussions with the authors suggest that this can be fixed
>> with a simple clarification in the Introduction

---

Section 7 suggests using RFC 5837, and I can see the utility. But it
needs to be noted that implementations must reist the temptation to
follow up one ICMP exchange by targeting the next exchange at the
source address of the response. Clearly that address will not be
reachable.

[Ballot comment]
You will want to update Alvaro's coordinates before this goes to the
RFC Editor.
       
---

In section 7, is "recommended" supposed to be "RECOMMENDED"?

---

Section 8 s/ONLY/only/

---

It is not enough to state that this document updates RFC 2328 and 5340.
You need to spell out somewhere in the document the nature of the update.

---

I think you need to discuss the interaction with RFC 3630 and RFC 5329.

[Ballot comment]

- abstract: I'd say s/minimize/reduce/ would be better in the last
sentence. (Same for intro.) The point is that you can't know any
reasonable "minimum" here, but you can I guess reduce the liklihood
of some attacks.

- I agree with Adrian's mutterings about the term "hiding."

- Section 7 seems very brief to me but then I don't know much about
routing. I also wondered that this section has no uppercase 2119
words - is the "recommended" there intended to be the same as
RECOMMENDED aka SHOULD? If so, and 5837 (An ICMP
extension?) is all that's needed, then I think it'd be clearer to
use SHOULD. If not, then couldn't you RECOMMEND some
good way to manage these no-longer-routable devices?

- Section 8: very much a quibble but I think "unauthorized access"
isn't quite right, fewer routers will be exposed-to/ available-for
any access, not just unauthorized access. I'd say better might be
to just put the full-stop after "exposed."

- Section 10, paragraph 2: sigh - the ack for the idea is fine, I'm
just non-actionably lamenting the USPTO's idea of invention;-(

[Ballot discuss]
Updated Discuss as Stewart has Deferred the IESG discussion to allow the working group to discuss the IPR claim.

---

I am generally supportive of this work and see its utility, but I have a number of gripes with this document which I would like to discuss.

---

It is not enough to state that this document updates RFC 2328. You need
to spell out somewhere in the document the nature of the update. The
implication of "updates" is that all new implementations of RFC 2328
must also implement this document in order to be conformant to RFC 2328.
Is this what you intended.

Same for RFC 5340.

---

I think you need to discuss the interaction with RFC 3630 and RFC 5329.

---

Section 2.1.1 begins brightly "For each numbered point-to-point
network..." There is no discussion in this document of unnumbered
interfaces.

---

Section 2.1.2

  To hide a transit-only point-to-point network, the Type 3 link MUST
  be omitted from the router-LSA.

This use of "MUST" makes it look like hiding has to be done all the time
even though it comes in a second clause. Wouldn't it be enough to
s/MUST be/is/ ?

This question carries forward to most of the sections of the document.

---

This is a longwinded mutter about "hiding".

By the end of Section 2.1.2 I was not convinced that anything has
actually been hidden from someone snooping OSPF. The corresponding
advertisement from RT2 will let us know...

- RT1 is directly connected to RT2.
- The addresses of RT1 and RT2.
- The addresses of the link ends.
- The link metrics.

It is only if there a several links between RT1 and RT2 that any
information is lost, and even then it is relatively easy to deduce.

Pedantically, I don't think you are hiding anything, but you are
removing reachability by excluding specific addresses from the RIB. This
is valuable and achieves the goals you intended (more rapid convergence
and protection from attacks). It isjust that you are not hiding
anything - you are making them unreachable.

To make this actionable, I think you need clarification in the Abstract
and Introduction: what are you hiding and from whom? Or better still:
drop the term "hiding" and talk about "reduced reachability" or "zero
reachability" of transit networks.

Hey! Section 8 actually gets around to saying the right stuff. Can you
lift some of this text to the Introduction?

---

Section 7 suggests using RFC 5837, and I can see the utility. But it
needs to be noted that implementations must reist the temptation to
follow up one ICMP exchange by targeting the next exchange at the
source address of the response. Clearly that address will not be
reachable.

[Ballot discuss]
I am generally supportive of this work and see its utility, but I have a number of gripes with this document which I would like to discuss.

---

The write-up is missing details of the discussion in the WG of the IPR
disclosure. Usually, this is as simple as "The IPR disclosure was
brought to the attention of the WG on . There were no follow-up
comments from the WG."

Can the shepherd confirm this was the case?

---

It is not enough to state that this document updates RFC 2328. You need
to spell out somewhere in the document the nature of the update. The
implication of "updates" is that all new implementations of RFC 2328
must also implement this document in order to be conformant to RFC 2328.
Is this what you intended.

Same for RFC 5340.

---

I think you need to discuss the interaction with RFC 3630 and RFC 5329.

---

Section 2.1.1 begins brightly "For each numbered point-to-point
network..." There is no discussion in this document of unnumbered
interfaces.

---

Section 2.1.2

  To hide a transit-only point-to-point network, the Type 3 link MUST
  be omitted from the router-LSA.

This use of "MUST" makes it look like hiding has to be done all the time
even though it comes in a second clause. Wouldn't it be enough to
s/MUST be/is/ ?

This question carries forward to most of the sections of the document.

---

This is a longwinded mutter about "hiding".

By the end of Section 2.1.2 I was not convinced that anything has
actually been hidden from someone snooping OSPF. The corresponding
advertisement from RT2 will let us know...

- RT1 is directly connected to RT2.
- The addresses of RT1 and RT2.
- The addresses of the link ends.
- The link metrics.

It is only if there a several links between RT1 and RT2 that any
information is lost, and even then it is relatively easy to deduce.

Pedantically, I don't think you are hiding anything, but you are
removing reachability by excluding specific addresses from the RIB. This
is valuable and achieves the goals you intended (more rapid convergence
and protection from attacks). It isjust that you are not hiding
anything - you are making them unreachable.

To make this actionable, I think you need clarification in the Abstract
and Introduction: what are you hiding and from whom? Or better still:
drop the term "hiding" and talk about "reduced reachability" or "zero
reachability" of transit networks.

Hey! Section 8 actually gets around to saying the right stuff. Can you
lift some of this text to the Introduction?

---

Section 7 suggests using RFC 5837, and I can see the utility. But it
needs to be noted that implementations must reist the temptation to
follow up one ICMP exchange by targeting the next exchange at the
source address of the response. Clearly that address will not be
reachable.

[Ballot comment]
You will want to update Alvaro's coordinates before this goes to the
RFC Editor.
       
---

In section 7, is "recommended" supposed to be "RECOMMENDED"?

---

Section 8 s/ONLY/only/

IANA has reviewed draft-ietf-ospf-prefix-hiding-04, which is currently
in Last Call, and has the following comments:

IANA understands that, upon approval of this document, there are no
IANA Actions which IANA must complete.

The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Subject: Last Call:  (Hiding Transit-only Networks in OSPF) to Proposed Standard


The IESG has received a request from the Open Shortest Path First IGP WG
(ospf) to consider the following document:
- 'Hiding Transit-only Networks in OSPF'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2012-07-06. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  A transit-only network is defined as a network connecting routers
  only.  In OSPF, transit-only networks are usually configured with
  routable IP addresses, which are advertised in Link State
  Advertisements (LSAs) but not needed for data traffic.  In addition,
  remote attacks can be launched against routers by sending packets to
  these transit-only networks.  This document presents a mechanism to
  hide transit-only networks to speed up network convergence and
  minimize remote attack vulnerability.

  This document updates RFC 2328 and RFC 5340.





The file can be obtained via
http://datatracker.ietf.org/doc/draft-ietf-ospf-prefix-hiding/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-ietf-ospf-prefix-hiding/ballot/


The following IPR Declarations may be related to this I-D:

  http://datatracker.ietf.org/ipr/1798/

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

    Proposed Standard

(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

    Technical Summary

    This draft mechanisms to prevent the advertisements of prefixes
    associated with transit-only network. In OSPFv2, the protocol encoding
    for the Network-LSA is modified. In OSFPv3, prefix advertisement
    suppression can be accomplished without any protocol encoding changes.

    Working Group Summary

    The function is fairly straight-forward and the only discussion was
    related to OSPFv3 whether the DR should suppress advertisement of
    all prefixes on the link or whether it should be based on the
    individual link-LSA advertisements. After some discussion, we decided
    on the latter.

    Document Quality

    The document has gone through several WG review cycles and
    revisions. There is at least one implementation and another under
    development.

    Personnel
     
    Acee Lindem is the document shepherd and Stewart Bryant is the
    responsible AD.


(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

    The document was presented in Bejing and went through several WG
    reviews.

(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

    No.

(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.

    No.

(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the interested community has
discussed those issues and has indicated that it still wishes to advance
the document, detail those concerns here.

  None.

(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.

  Yes. 

(8) Has an IPR disclosure been filed that references this document?
If so, summarize any discussion and conclusion regarding the IPR
disclosures.
   
  Yes - Defensive patent. https://datatracker.ietf.org/ipr/1423/

(9) How solid is the consensus of the interested community behind this
document? Does it represent the strong concurrence of a few individuals,
with others being silent, or does the interested community as a whole
understand and agree with it?

  These is consensus behind the draft and many believe it is useful.

(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)

  No.

(11) Identify any ID nits the Document Shepherd has found in this
document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be
thorough.

  All idnits errors and warnings have been resolved.

(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

  Not applicable.

(13) Have all references within this document been identified as
either normative or informative?

  Yes.

(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?

    No.

(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in
the Last Call procedure.

    No. 

(16) Will publication of this document change the status of any existing
RFCs? Are those RFCs listed on the title page header, listed in the
abstract, and discussed in the introduction? If the RFCs are not listed
in the Abstract and Introduction, explain why, and point to the part of
the document where the relationship of this document to the other RFCs
is discussed. If this information is not in the document, explain why
the interested community considers it unnecessary.

    Yes. Updates RFC 2328 and RFC 5340.

(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 5226).

    This document doesn't require any IANA actions.

(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.

    None. 

(19) Describe reviews and automated checks performed by to validate
sections of the document written in a formal language, such as XML code,
BNF rules, MIB definitions, etc.

    Not Applicable.