The MPLS WG Archive

Cell Relay Retreat>MPLS WG Archive>month:2003-Mar> msg00372



[Date Prev][Date Next][Thread Prev][Thread Next]  
  [Date Index][Thread Index][Author Index][Subject Index]

[PWE3] MPLS PID

  • From: "David Allan" <dallan@nortelnetworks.com>
  • Date: Thu, 27 Mar 2003 14:10:45 -0500
  • Cc: "'Thomas D. Nadeau'" <tnadeau@lucidvision.com>, "'George Swallow'" <swallow@cisco.com>, "W. Mark Townsley" <townsley@cisco.com>, "Andrew G. Malis" <Andy.Malis@vivacenetworks.com>, "'mpls@uu.net'" <mpls@UU.NET>, tnadeau@cisco.com

Title: RE: [PWE3] MPLS PID

Hang on....

Using CRC as a sanity check (ensuring somthing starting with 0x04 is actually an IP packet) prior to load balancing is the suggestion, an imperfect improvement assuming the first nybble cannot be completely trusted as authoritative indication of payload type. Suggesting that it is then vulnerable to malicious attacks is a non-sequitor. The goal is to avoid misordering flows across the network. A rogue packet is a flow unto itself and would only impact its neighbors if load spreading was somehow stateful.

Did I miss somthing?
Dave



> -----Original Message-----
> From: Ferrell, William [mailto:William.Ferrell@titan.com]
> Sent: Thursday, March 27, 2003 12:34 PM
> To: 'Naidu, Venkata'; 'Shahram Davari'; 'curtis@fictitious.org'
> Cc: 'Thomas D. Nadeau'; 'George Swallow'; W. Mark Townsley;
> Andrew G. Malis; 'mpls@uu.net'; tnadeau@cisco.com
> Subject: RE: [PWE3] MPLS PID
>
>
> I tend to agree , useing the CRC is one of the oldest and
> proven methods but is one of the easiest to subvert and
> corrupt. When developing the protocol one has to keep in mind
> of a way of integrating a security solution. oftens we've put
> in a functional solution and then been forced change/modify
> it to fit with a security option and ending up with a less
> effective product in the end. Will
>
> -----Original Message-----
> From: Naidu, Venkata [mailto:Venkata.Naidu@Marconi.com]
> Sent: Thursday, March 27, 2003 12:12 PM
> To: 'Shahram Davari'; 'curtis@fictitious.org'
> Cc: 'Thomas D. Nadeau'; 'George Swallow'; W. Mark Townsley;
> Andrew G. Malis; 'mpls@uu.net'; tnadeau@cisco.com
> Subject: RE: [PWE3] MPLS PID
>
>
> Shahram,
>
> -> First of all I meant computing CRC over the first 20 byte of
> -> payload header
> -> and comparing it to the suspected IP CRC in octets 11 and 12
> -> of the payload.
> -> If they match then it is IPv4, if not it is something else
> -> (similar procedure for IPv6)
> ->
> -> Secondly I am proposing it now. Is there a problem?
>
>   Yes. There is a problem. First of all relaying on CRC to
>   figure out the *type* of payload is not at all advisable.
>   One could produce (there is a remote possibility) a payload
>   which is not IPv4 or IPv6 but the CRC can be matched to
>   the payload of first 20 bytes to the bytes in 11 & 12.
>
>   RFC1071 uses 16 bit's one's compliment, which we all know
>   that won't catch all the bit errors/flips.
>
> Venkata.
>