Early Review of draft-ietf-intarea-probe-06
review-ietf-intarea-probe-00-intdir-early-combes-2017-10-27-01

Request Review of draft-ietf-intarea-probe
Requested rev. no specific revision (document currently at 10)
Type Early Review
Team Internet Area Directorate (intdir)
Deadline 2017-10-30
Requested 2017-10-16
Requested by Suresh Krishnan
Other Reviews Genart Telechat review of -07 by Joel Halpern (diff)
Secdir Telechat review of -07 by Yaron Sheffer (diff)
Opsdir Telechat review of -07 by Stefan Winter (diff)
Review State Completed
Reviewer Jean-Michel Combes
Review review-ietf-intarea-probe-00-intdir-early-combes-2017-10-27
Posted at https://mailarchive.ietf.org/arch/msg/int-dir/NCsPGXR3hcsX5ZKx1TBm_1GhF8g
Reviewed rev. 06 (document currently at 10)
Review result Almost Ready
Draft last updated 2017-10-27
Review completed: 2017-10-27

Review
review-ietf-intarea-probe-00-intdir-early-combes-2017-10-27

Hi,

please don't take into account of my previous email (i.e., wrong announced version of the draft).

Here is the right email.

I am an assigned INT directorate reviewer for draft-ietf-intarea-probe-06. These comments were written primarily for the benefit of the Internet Area Directors. Document editors and shepherd(s) should treat these comments just like they would treat comments from any other IETF contributors and resolve them along with any other Last Call comments that have been received. For more details on the INT Directorate, see http://www.ietf.org/iesg/directorate.html.


                PROBE: A Utility For Probing Interfaces
                      draft-ietf-intarea-probe-06

<snip>

1.  Introduction

<snip>

If the probed interface resides on a node that is directly connected to the probed node, PROBE reports that the interface is up if it appears in the IPv4 Address Resolution Protocol (ARP) table or the IPv6 Neighbor Cache. Otherwise, it reports that the interface does not exist.

<JMC>
Comment:
Normative references to "IPv4 Address Resolution Protocol (ARP) table" (i.e., RFC 826) and "IPv6 Neighbor Cache" (i.e., RFC 4861) are missing.
</JMC>

<snip>

2.  ICMP Extended Echo Request

<snip>

o  L (local) - The L-bit is set of the probed interface resides on the probed node. The L-bit is clear if the probed interface is directly connected to the probed node.

<JMC>
Typo:
s/"The L-bit is set of the probed interface resides on the probed node."/"The L-bit is set if the probed interface resides on the probed node."
</JMC>

<snip>

3.  ICMP Extended Echo Reply

<snip>

o  F (IPv4) - The F-bit is set if the A-bit is also set and IPv4 is running on the probed interface.  Otherwise, the F-bit is clear.

o  S (IPv6) - The S-bit is set if the A-bit is also set and IPv6 is running on the probed interface.  Otherwise, the S-bit is clear.

o  E (Ethernet) - The E-bit is set if the A-bit is also set and IPv4 is running on the probed interface.  Otherwise, the E-bit is clear.

<JMC>
Question:
Why IPv4 must also run to have the E-bit set?
Question:
Why the E-bit is not set if IPv4 is not running and IPv6 is running?
</JMC>

4.  ICMP Message Processing

<snip>

   o  Set the Code field as described Section 4.1

   o  If the Code Field is equal to No Error (0) and the L-bit is clear,
      set the A-Bit.

   o  If the Code Field is equal to No Error (0) and the L-bit is set
      and the probed interface is active, set the A-bit.

<JMC>
Question:
Why the A-bit is not set when Code Field is equal to Multiple Interfaces Satisfy Query (3) and the L-bit is clear?
Question:
Same question when L-bit is set.
</JMC>

<snip>

8.  Security Considerations

<snip>

In order to protect local resources, implementations SHOULD rate-limit incoming ICMP Extended Echo Request messages.

<JMC>
Comment:
IMHO, the main security threat I see with this mechanism is to use it as "reflection" scanning: to discover nodes "behind" the proxy interface, without raising alarms from security probes watching the networks hosting these nodes.
So, rate-limit can help to mitigate this potential threat too.
</JMC>

9.  References

9.1.  Normative References

<snip>

<JMC>
Comment:
Too add normative references to "IPv4 Address Resolution Protocol (ARP) table" (i.e., RFC 826) and "IPv6 Neighbor Cache" (i.e., RFC 4861), as commented previously.
</JMC>

<snip>

Thanks in advance for your replies.

Best regards,

JMC.