Re: [PATCH V6 net-next] LISP: Locator/Identifier Separation Protocol

[Lori Jakab <lojakab@cisco.com>]

On 6/27/14, 10:13 AM, David Miller wrote:
> From: Lori Jakab <lojakab@cisco.com>
> Date: Fri, 27 Jun 2014 09:19:50 +0300
>
>> Map-Requests can and should be rate limited. Also, if there is no
>> mapping for a packet in the map-cache (while we're waiting for a
>> reply), it is sent to a Proxy-ETR, a dedicated LISP infrastructure box
>> part of the LISP architecture, and gets delivered to the destination.
> Sorry, I don't buy this.
>
> Still sounds DOS'able to me, you cannot process an infinite amount of
> packets backlogged on pending Map Requests, your only choice is to
> start dropping packets.

I think I did not explain the concept of the P-ETR very well.  It is 
like a default route, and you don't backlog packets while you wait on 
pending Map-Requests.  The impact is that packets sent to the P-ETR take 
a detour, but they still get delivered.  After the Map-Reply comes in, 
packets will take the optimal route.  So even with a fixed size cache, 
you still don't need to drop packets.

>
>> If I understand correctly, the route cache was a hash table with
>> multiple keys. We intend to have a trie based look-up table for
>> LISP. Additionally, IPv4 routing was and still is a required component
>> for every networked host, while LISP will be an optional feature.
> I think you misunderstand the problem space.
>
> If you have to lookup on EIDs you have to consider the full 32-bit
> value, even if you use a trie.  Therefore you will have to limit
> the size of your cache, and trim it when it hits certain thresholds.
>
> Therefore it has the same problems that the routing cache had.
>
> The reason the DoS'ability disappeared with the routing cache removed
> is that the remaining datastructures operate on a fixed sized database
> which is not influenced by traffic patterns sent by external hosts.
>
> Read that critical component again: "not influenced by traffic
> patterns sent by external hosts"
>
> LISP fails that test regardless of the data structures you use, any
> external host can influence your cache and how often you have to
> create new entries.
>
> That's a bad design and fundamentally exploitable.

The OVS datapath's flow table is also influenced by traffic patterns 
sent by external hosts.  But while the IPv4 routing table is not 
optional for a networked host, OVS and LISP are, and people deploying 
them can still find value using them, in controlled environments at least.