Skip to main content

Telechat Review of draft-ietf-lisp-alt-
review-ietf-lisp-alt-secdir-telechat-meadows-2011-12-04-00

Request Review of draft-ietf-lisp-alt
Requested revision No specific revision (document currently at 10)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2011-11-29
Requested 2011-11-15
Authors Vince Fuller , Dino Farinacci , David Meyer , Darrel Lewis
Draft last updated 2011-12-04
Completed reviews Genart Telechat review of -?? by Suresh Krishnan
Secdir Telechat review of -?? by Catherine Meadows
Assignment Reviewer Catherine Meadows
State Completed
Review review-ietf-lisp-alt-secdir-telechat-meadows-2011-12-04
Completed 2011-12-04
review-ietf-lisp-alt-secdir-telechat-meadows-2011-12-04-00
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.

These comments were written primarily for the benefit of the security area
directors.

Document editors and WG chairs should treat these comments just like any other
last call comments.

This document describes a distributed index system to be used

by the Locator/ID Separation Protocol (LISP) Ingress Tunnel Router

   (ITR) or Map Resolver (MR) to find the Egress Tunnel Router (ETR)

   which holds the mapping information for a particular Endpoint

   Identifier (EID).  The ITR or MR can then query the ETR to get the

information it needs.  This index, or Alternate Logical Topology, is built as
an overlay

network on the Internet using the Border Gateway Protocol (BGP) and the

Generic Routing Encapsulation (GRE).

Since LISP+ALT relies on BGP, the authors correctly point out that that it
shares many of

the security characteristics of BGP.  They should be commended, however, for not

merely pointing to the BGP document, but also addressing any new vulnerabilities

that could arise from using LISP+ALT.  These are mainly potential
denial-of-service attacks, for which suggested

countermeasures are included.  Another is the

possibility that EID-prefixes would be more vulnerable to leakage since they
will be more widely propagated out to

the global network.  The authors point out that addressing this problem
requires more strict prefix filtering and authentication

on  the global routing system.  The authors also discuss, in a final paragraph
(10.3), the potential use of emerging

BGP security mechanisms that would provide this authentication.

All in all, I think this is a very thorough and well-though-out discussion of
the security considerations.  My only suggestion would be to include

a forward reference to paragraph 10.3 in the discussion of prefix leakage.



Catherine Meadows

Naval Research Laboratory

Code 5543

4555 Overlook Ave., S.W.

Washington DC, 20375

phone: 202-767-3490

fax: 202-404-7942

email:

catherine.meadows at nrl.navy.mil