Hi Les, Thanks for your comments.
OSPF packet level checksum and authentication can only protect the assembled LSU packet one hop on the wire, while cannot detect any change to LSA made by the routers. This is because the OSPF packets are re-assembled on each hop, which is slightly different from IS-IS. So the problem for OSPF is mainly due to the problems inside the router, for example protocol implementations, system timers, or some hardware problem. Actually this problem has been seen in several production networks. We can improve the description in the draft to make this clear. Best regards, Jie From: Les Ginsberg (ginsberg) [mailto:[email protected]] Sent: Monday, August 01, 2016 1:30 PM To: Dongjie (Jimmy); [email protected] Cc: Zhangxudong (zhangxudong, VRP); [email protected] Subject: RE: [OSPF] Solicit feedbacks on draft-dong-ospf-maxage-flush-problem-statement Jie - The draft says (Section 2): "Since cryptographic authentication is executed at the OSPF packet level, it can only protect the assembled LSU packet for one hop and does not provide any additional protection for the corruption of LS age field." But as authentication is calculated at the OSPF packet level, any change to the LS age field for an individual LSA contained within the OSPF packet (e.g. by some packet corruption in transmission) would cause authentication to fail when the packet is received. So the statement you make is not correct. I therefore am struggling to understand what problem you believe is not addressed by existing authentication techniques. Les From: OSPF [mailto:[email protected]] On Behalf Of Dongjie (Jimmy) Sent: Sunday, July 31, 2016 8:15 PM To: [email protected]<mailto:[email protected]> Cc: Zhangxudong (zhangxudong, VRP); [email protected]<mailto:[email protected]> Subject: [OSPF] Solicit feedbacks on draft-dong-ospf-maxage-flush-problem-statement Hi all, draft-dong-ospf-maxage-flush-problem-statement describes the problems caused by the corruption of the LS Age field, and summarizes the requirements on potential solutions. This draft received good comments during the presentation on the IETF meeting in B.A. The authors would like to solicit further feedbacks from the mailing list, on both the problem statement and the solution requirements. Based on the feedbacks, we will update the problem statement draft, and work together to build suitable solutions. The URL of the draft is: https://tools.ietf.org/html/draft-dong-ospf-maxage-flush-problem-statement-00 Comments & feedbacks are welcome. Best regards, Jie
_______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
