ietf
[Top] [All Lists]

Re: Gen-ART Review of draft-ietf-trill-pseudonode-nickname-05

2015-08-31 22:11:55
Hi Sandra,

On Mon, Aug 31, 2015 at 4:20 PM, Sandra Murphy <sandy(_at_)tislabs(_dot_)com> 
wrote:
On Aug 27, 2015, at 5:59 PM, Russ Housley <housley(_at_)vigilsec(_dot_)com> 
wrote:


(3)  In Section 11, we learn that the VLAN membership of all the
RBridge ports in an LAALP MUST be the same.  Any inconsistencies in
VLAN membership may result in packet loss or non-shortest paths.
Is there anything that can be added to the Security Considerations
that can help avoid these inconsistencies?

Interesting.  In the trill draft I recently reviewed for secdir 
(draft-ietf-trill-aa-multi-attach) it makes a similar statement that VLAN 
membership had to be consistent across all ports on all RBridges in a LAALP.  
In that draft, the consistency meant the VLANs could be left out of the 
protocol packet.

Did you see my response to your secdir review which I send 3 days ago?

  All enabled VLANs MUST be consistent on all ports connected to an
  LAALP. So the enabled VLANs need not be included in the AA-LAALP-
  GROUP-RBRIDGES TRILL APPsub-TLV. They can be locally obtained from
  the port attached to that LAALP.

I wondered if the LAALP was responsible for ensuring the consistency.  If it 
is left to the operator configuration, that’s tough.  Turns out there’s a 
dynamic VLAN registration protocol (VRP), but I could not discover that it is 
doing a consistency check.

If the draft you are looking at implies inconsistency is a possibility, then 
it must be that neither the LAALP or VRP ensures the consistency.

As per my previous response to you, as far as I know all existing
LAALPs are proprietary MC-LAG implementations and how they maintain
consistent VLAN enablement on the TRILL switch LAALP ports is out of
scope for the TRILL protocol.

Thanks,
Donald
=============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e3e3(_at_)gmail(_dot_)com

—Sandy


<Prev in Thread] Current Thread [Next in Thread>