Anybody can participate in the IETF (Was: Why is IPv6 broken?)

Jeff Wheeler jsw at inconcepts.biz
Sun Jul 17 18:06:35 UTC 2011


On Sun, Jul 17, 2011 at 11:07 AM, Eliot Lear <lear at cisco.com> wrote:
> We all make mistakes in not questioning our own positions, from time to
> time.  You, Jeff, seem to be making that very same mistake.

> Rome wasn't built in a day.  The current system didn't come ready-made
> pre-built with all the bells and whistles you are used to.  It grew slowly
> over time, as we learned what works, what doesn't, and what was missing.
> Any system that attempts to deal with locator/id separation will assuredly
> not be built in a day, either.

LISP work has been going on for a long time to still not have any
useful discussion on a designed-in, trivial DoS which will affect any
ITR and make the work being done to allow ETRs to validate source
addresses (or even do loose uRPF) into a DoS vector for ETRs as well.

> While you have stated a problem relating to a security consideration –
> specifically that there is a potential reflection attack that could cause
> cache thrashing, the solution may not be what you expect.

I agree, a solution might be available.  One has not been presented
yet.  In my earliest postings to the IETF LISP list, the ones which
received zero replies, I suggest a way to significantly improve the
cache churn DoS problem.  It is not novel, as Darrel Lewis informed
me, which means that even already-available research has not been
applied to LISP in this area, and the Mapping Service protocol ties
the hands of implementors so they *cannot* apply such techniques while
still conforming to the specifications.

> Yes, you were asked.  Even so... Novelty isn't something worth arguing over,
> except in patent battles.

Really?  Novelty, by definition, advances the state of the art.  You
may not think it's very important to inform people that LISP is based
on essentially the same flow-caching scheme used in the 1990s, but I
do.

> Never is a very long time.  Many uses of "never" have been used relating to
> the Internet.  It is the corollary to "Imminent Death of the 'Net: film @
> 11."  I still have the NANOG tee-shirt with Robert Metcalfe, someone with
> considerably more notoriety, eating his hat.

And yet, I am quite comfortable with the statement that LISP can never
scale up to meet the demands of the Internet.  Perhaps with
fundamental changes to its design, and its advocates giving up some of
their current assumptions, some progress could be made.  In its
current form, though, LISP will never be a useful tool to scale the
Internet, and in fact, it cannot meet the demands of today's Internet.
 Unless, of course, you pretend that the ability to DoS any router
with a trivial amount of traffic is not worthy of concern.

-- 
Jeff S Wheeler <jsw at inconcepts.biz>
Sr Network Operator  /  Innovative Network Concepts




More information about the NANOG mailing list