Jeff, On Jul 12, 2011, at 20:13 , Jeff Wheeler wrote:
On Tue, Jul 12, 2011 at 11:42 AM, Leo Bicknell <bicknell@ufp.org> wrote:
I'll pick on LISP as an example, since many operators are at least aware of it. Some operators have said we need a locator and identifier split. Interesting feedback. The IETF has gone off and started playing in the sandbox, trying to figure out how to make that go.
As an operator (who understands how most things work in very great detail),
Granted. You are the real world expert. Now can you stop repeating this in each email and move on?
I found the LISP folks very much uninterested in my concerns about if LISP can ever be made to scale up to "Internet-scale," with respect to a specific DDoS vector.
This is completely false. Several people gave credit to you about the existence of the threat you pointed out.
I also think that an explosion of small, multi-homed SOHO networks would be a disaster, because we might have 3 million FIB instead of 360k FIB after a few years. These things are directly related to each-other, too.
So I emailed some LISP gurus off-list and discussed my concern. I was encouraged to post to the LISP IETF list, which I did. To my great surprise, not one single person was interested in my problem.
This is again false. We had mail exchange both privately and on the mailinglist. We proposed to you text to be added to the threats draft but you did not like it. We are asking to propose text but we have no answer from you on this point.
If you think it is a small problem, well, you should try going back to late-1990s flow-cache routing in your data-center networks and see what happens when you get DDoS. I am sure most of us remember some of those painful experiences.
Now there is a LISP "threats" draft which the working group mandates they produce, discussing various security problems. The current paper is a laundry list of "what if" scenarios, like, what if a malicious person could fill the LISP control-plane with garbage. BGP has the same issue, if some bad guy had enable on a big enough network that their peers/transits don't filter their routes, they could do a lot of damage before they were stopped.
So you are saying that BGP can be victim of similar attacks/problem.... still... if you are reading this email it means that the Internet is still running...
This sometimes happens even by accident, for example, some poor guy accidentally announcing 12/9 and giving AT&T a really bad day.
What it doesn't contain is anything relevant to the special-case DDoS that all LISP sites would be vulnerable to, due to the IMO bad flow-cache management system that is specified.
If you still think that LISP is using a flow-cache you should have a second read to the set of drafts.
I am having a very great deal of trouble getting the authors of the "threats" document to even understand what the problem is,
For the third time: this is false. We got the problem, we were asking for more specific information in order to quantify the risk. We asked you help to state the problem and explained to you where the solution should be addressed. But you seem to be stuck on the operator vs. researcher discussion, which IMHO is just pointless.
because as one of them put it, he is "just a researcher." I am sure he and his colleagues are very smart guys, but they clearly do not remember our 1990s pains.
That is the "not an operator" problem. It is understandable.
Others who have been around long enough simply dismiss this problem, because they believe the unparalleled benefits of LISP for mobility and multi-homing SOHO sites must greatly out-weigh the fact that, well, if you are a content provider and you receive a DDoS, your site will be down and there isn't a damn thing you can do about it, other than spec routers that have way, way more FIB than the number of possible routes, again due to the bad caching scheme.
The above is what I think is the "ego-invested" problem, where certain pretty smart, well-intentioned people have a lot of time, and professional credibility, invested in making LISP work. I'm sure it isn't pleasing for these guys to defend their project against my argument that it may never be able to reach Internet-scale, and that they have missed what I claim is a show-stopping problem with an easy way to improve it through several years of development. Especially since I am a guy who did not ever participate in the IETF before, someone they don't know from a random guy on the street.
I am glad that this NANOG discussion has got some of these LISP folks to pay more attention to my argument, and my suggested improvement (I am not only bashing their project; I have positive input, too.) Simply posting to their mailing list once and emailing a few draft authors did not cause any movement at all. Evidently it does get attention, though, to jump up and down on a different list. Go figure!
If operators don't provide input and *perspective* to things like LISP, we will end up with bad results.
True. That technical feedback is the most welcome. Let me now ask a simple question: why are you so strongly against LISP? You do not like it? Fine, other people do. You do not believe in it and do not see any value? Fine, other people do. You think that there are issues that cannot be solved? Fine, other people believe those issues can be solved and are scratching their head to find deployable solutions. As I said before, your technical experience and feedback is the most welcome, but let's try to focus only on the technical level. thanks Luigi Iannone