yeh - I read that but am not convinced that the message is clear
enough of what can happen if those rules are not followed
Scott
---
Date: Tue, 25 Sep 2007 23:02:52 +0100
From: Stewart Bryant <stbryant(_at_)cisco(_dot_)com>
To: "Scott O. Bradner" <sob(_at_)harvard(_dot_)edu>
Cc: ietf(_at_)ietf(_dot_)org, ipfix(_at_)ietf(_dot_)org,
tsv-dir(_at_)ietf(_dot_)org
Subject: Re: [IPFIX] draft-ietf-ipfix-protocol-26.txt
Scott
Historically the biggest issue with IPFIX has been that most
implementers want to run it over UDP with consequences be dammed. -
this was weaseled in the IPFIX Requirements document (RFC 3917) by
requiring (in section 6.3.1) that "For the data transfer, a congestion
aware protocol must be supported." This draft meets that requirement by
making the implementation of SCTP a MUST. That will not stop many
implementers from ignoring the requirement for implementation or users
to enable UDP and thus creating a potentially very high bandwidth
non-congestion avoiding fire hose that can quite easily wipe out a net
by misconfiguration or become a DoS engine by purposeful configuration.
I'm not sure if anything can be actually be done about this risk - It
might help some to say that UDP is a "MUST NOT" but I doubt it - in any
case it would help somewhat, imho, to expand section 10.3 to be clearer
about the threats posed by any use of a non-congestion avoiding
transport protocol or to do that in the Security Considerations section
There is text in section 10.1 which states:
UDP MAY be used although it is not a congestion aware protocol.
However, the IPFIX traffic between Exporter and Collector MUST run
in an environment where IPFIX traffic has been provisioned for or is
contained through some other means.
This sets out the set of conditions that MUST be fulfilled in order to
run IPFIX over
UDP safely.
Stewart
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf