Remote Triggered Black Hole Filtering with Unicast Reverse Path Forwarding (uRPF)
draft-ietf-opsec-blackhole-urpf-04
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2009-07-07
|
04 | Cindy Morgan | State Changes to RFC Ed Queue from Approved-announcement sent by Cindy Morgan |
2009-07-07
|
04 | (System) | IANA Action state changed to No IC from In Progress |
2009-07-07
|
04 | (System) | IANA Action state changed to In Progress |
2009-07-07
|
04 | Amy Vezza | IESG state changed to Approved-announcement sent |
2009-07-07
|
04 | Amy Vezza | IESG has approved the document |
2009-07-07
|
04 | Amy Vezza | Closed "Approve" ballot |
2009-07-02
|
04 | Cindy Morgan | State Changes to Approved-announcement to be sent from IESG Evaluation - Defer by Cindy Morgan |
2009-07-02
|
04 | Cullen Jennings | [Ballot comment] |
2009-07-02
|
04 | Adrian Farrel | [Ballot comment] I was looking in the Security Section for something about the risk associated with source-based RTBH announcements received from customers. Giving up, I … [Ballot comment] I was looking in the Security Section for something about the risk associated with source-based RTBH announcements received from customers. Giving up, I paged up and found immediately above... As a matter of policy, operators SHOULD NOT accept source-based RTBH announcements from their peers or customers, they should only be installed by local or attack management systems within their administrative domain. Would it be possible either to echo this in the Security section, or provide the reason in the previous section? |
2009-07-02
|
04 | Adrian Farrel | [Ballot Position Update] New position, No Objection, has been recorded by Adrian Farrel |
2009-07-02
|
04 | Dan Romascanu | [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu |
2009-07-02
|
04 | Tim Polk | [Ballot Position Update] New position, No Objection, has been recorded by Tim Polk |
2009-07-01
|
04 | Robert Sparks | [Ballot Position Update] New position, No Objection, has been recorded by Robert Sparks |
2009-06-30
|
04 | Cullen Jennings | [Ballot comment] I'm not real keen on using 1918 private address space for this. It is hard enough to debug when private address leak into … [Ballot comment] I'm not real keen on using 1918 private address space for this. It is hard enough to debug when private address leak into public space and this will just make it even more confusing. Could we just allocate a /24 for this? |
2009-06-30
|
04 | Cullen Jennings | [Ballot Position Update] New position, No Objection, has been recorded by Cullen Jennings |
2009-06-19
|
04 | (System) | Removed from agenda for telechat - 2009-06-18 |
2009-06-18
|
04 | Michelle Cotton | IANA Comments: As described in the IANA Considerations section, we understand this document to have NO IANA Actions. |
2009-06-16
|
04 | Samuel Weiler | Assignment of request for Telechat review by SECDIR to Rob Austein was rejected |
2009-06-16
|
04 | Samuel Weiler | Request for Telechat review by SECDIR is assigned to Rob Austein |
2009-06-16
|
04 | Samuel Weiler | Request for Telechat review by SECDIR is assigned to Rob Austein |
2009-06-16
|
04 | Lars Eggert | State Changes to IESG Evaluation - Defer from IESG Evaluation by Lars Eggert |
2009-06-16
|
04 | Ralph Droms | [Ballot Position Update] New position, No Objection, has been recorded by Ralph Droms |
2009-06-16
|
04 | Ralph Droms | [Ballot comment] In the first line of the next to last paragraph of the Introduction: By coupling unicast reverse path forwarding (RPF) [RFC3704 … |
2009-06-16
|
04 | Lars Eggert | [Ballot comment] Section 3.2., paragraph 4: > Step 1. Select your Discard Address schema. An address is chosen to > become the "discard … [Ballot comment] Section 3.2., paragraph 4: > Step 1. Select your Discard Address schema. An address is chosen to > become the "discard address". This is often chosen from 192.0.2.0/24 > (TEST-NET [RFC3330]), or from RFC 1918 [RFC1918] space. Given that both RFC1918 and RFC3330 address space comes with the note that "addresses in this block should not be used on the public Internet", it may make sense to at least also mention if not recommend the option of using a chunk of the operator's assigned public address space for this purpose. |
2009-06-16
|
04 | Lars Eggert | [Ballot Position Update] New position, No Objection, has been recorded by Lars Eggert |
2009-06-11
|
04 | Ron Bonica | [Ballot Position Update] New position, Yes, has been recorded for Ronald Bonica |
2009-06-11
|
04 | Ron Bonica | Ballot has been issued by Ron Bonica |
2009-06-11
|
04 | Ron Bonica | Created "Approve" ballot |
2009-06-11
|
04 | (System) | Ballot writeup text was added |
2009-06-11
|
04 | (System) | Last call text was added |
2009-06-11
|
04 | (System) | Ballot approval text was added |
2009-06-11
|
04 | Ron Bonica | Note field has been cleared by Ron Bonica |
2009-06-11
|
04 | Ron Bonica | Placed on agenda for telechat - 2009-06-18 by Ron Bonica |
2009-06-11
|
04 | Ron Bonica | State Changes to IESG Evaluation from Publication Requested by Ron Bonica |
2009-06-11
|
04 | Ron Bonica | 1a. Joel Jaeggli is the shepherd for document. The shepherd believes that this document is of sufficient quality to bring to the IESG Ron Bonica … 1a. Joel Jaeggli is the shepherd for document. The shepherd believes that this document is of sufficient quality to bring to the IESG Ron Bonica is the shepherding AD. 1b. The document has received review in the working group as well as input from the creators of the method and operator community that is the intended audience for this draft. 1c. The reservation of default communities, previously a feature of this draft was removed between 01 and 02 leaving only operational practice. 1d. None 1e. Working group consensus has consistently favored this work item. Community reservation had significant detractors as current practice has operators select their own communities based on what they are willing to support and the use of such signaling requires significant coordination. 1f. No 1g. ID Nits have been passed. There are three examples located in Appendix A and B where RFC 3330 addresses cannot solely be used for the purposes of clarity RFC 1918 addresses are used to supplement them. 1h. There are no downwardly referential normative references. 1i. With the removal of the community reservation there are no IANA considerations. 1j. No such formal validation is required. 1k. included Document Announcement Write-Up for draft-ietf-opsec-blackhole-urpf currently in draft 04 having completed WG last call and AD Evaluation. Technical Summary Remote Triggered Black Hole (RTBH) filtering is a popular and effective technique for the mitigation of denial-of-service attacks. This document expands upon destination-based RTBH filtering by outlining a method to enable filtering by source address as well. Working Group Summary The WG last call period for draft-ietf-opsec-blackhole-urpf-03 was completed without opposition. Commentary on the draft in the current and prior revision at IETF 74 and before would indicate that the WG believes that the document is in suitable form to advance. AD Review revealed insufficient warning on the implications of using strict RPF. 04 revision is believed to satisfy both AD concerns and WG participants. Document Quality As it documents existing current practice both in router implementation and in operational practice and expands upon but does not obsolete rfc 3882 we believe that it is suitable to advance towards the goal of BCP status. Personnel Review by both industry peers (NANOG security BOF), and one of the originators of the method (Barry Greene) was solicited, and their input is noted in the contributions section. Joel Jaeggli Shepherded this document through the working group process. AD review was provide by R. Boninca. |
2009-06-11
|
04 | Cindy Morgan | State Changes to Publication Requested from Waiting for Writeup by Cindy Morgan |
2009-06-11
|
04 | Cindy Morgan | 1a. Joel Jaeggli is the shepherd for document. The shepherd believes that this document is of sufficient quality to bring to the IESG Ron Bonica … 1a. Joel Jaeggli is the shepherd for document. The shepherd believes that this document is of sufficient quality to bring to the IESG Ron Bonica is the shepherding AD. 1b. The document has received review in the working group as well as input from the creators of the method and operator community that is the intended audience for this draft. 1c. The reservation of default communities, previously a feature of this draft was removed between 01 and 02 leaving only operational practice. 1d. None 1e. Working group consensus has consistently favored this work item. Community reservation had significant detractors as current practice has operators select their own communities based on what they are willing to support and the use of such signaling requires significant coordination. 1f. No 1g. ID Nits have been passed. There are three examples located in Appendix A and B where RFC 3330 addresses cannot solely be used for the purposes of clarity RFC 1918 addresses are used to supplement them. 1h. There are no downwardly referential normative references. 1i. With the removal of the community reservation there are no IANA considerations. 1j. No such formal validation is required. 1k. included Document Announcement Write-Up for draft-ietf-opsec-blackhole-urpf currently in draft 04 having completed WG last call and AD Evaluation. Technical Summary Remote Triggered Black Hole (RTBH) filtering is a popular and effective technique for the mitigation of denial-of-service attacks. This document expands upon destination-based RTBH filtering by outlining a method to enable filtering by source address as well. Working Group Summary The WG last call period for draft-ietf-opsec-blackhole-urpf-03 was completed without opposition. Commentary on the draft in the current and prior revision at IETF 74 and before would indicate that the WG believes that the document is in suitable form to advance. AD Review revealed insufficient warning on the implications of using strict RPF. 04 revision is believed to satisfy both AD concerns and WG participants. Document Quality As it documents existing current practice both in router implementation and in operational practice and expands upon but does not obsolete rfc 3882 we believe that it is suitable to advance towards the goal of BCP status. Personnel Review by both industry peers (NANOG security BOF), and one of the originators of the method (Barry Greene) was solicited, and their input is noted in the contributions section. Joel Jaeggli Shepherded this document through the working group process. AD review was provide by R. Boninca. |
2009-06-11
|
04 | Cindy Morgan | [Note]: 'Joel Jaeggli (joelja@bogus.com) is the document shepherd.' added by Cindy Morgan |
2009-06-11
|
04 | Ron Bonica | State Changes to Waiting for Writeup from AD Evaluation::AD Followup by Ron Bonica |
2009-06-05
|
04 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
2009-06-05
|
04 | (System) | New version available: draft-ietf-opsec-blackhole-urpf-04.txt |
2009-05-21
|
04 | Ron Bonica | State Changes to AD Evaluation::Revised ID Needed from AD Evaluation by Ron Bonica |
2009-05-01
|
04 | Ron Bonica | State Changes to AD Evaluation from Publication Requested by Ron Bonica |
2009-04-29
|
04 | Cindy Morgan | 1a. Joel Jaeggli is the shepherd for document. The shepherd believes that this document is of sufficient quality to bring to the IESG Ron Bonica … 1a. Joel Jaeggli is the shepherd for document. The shepherd believes that this document is of sufficient quality to bring to the IESG Ron Bonica is the shepherding AD. 1b. The document has received review in the working group as well as input from the creators of the method and operator community that is the intended audience for this draft. 1c. The reservation of default communities, previously a feature of this draft was removed between 01 and 02 leaving only operational practice. 1d. None 1e. Working group consensus has consistently favored this work item. Community reservation had significant detractors as current practice has operators select their own communities based on what they are willing to support and the use of such signaling requires significant coordination. 1f. No 1g. ID Nits have been passed. There are three examples located in Appendix A and B where RFC 3330 addresses cannot solely be used for the purposes of clarity RFC 1918 addresses are used to supplement them. 1h. There are no downwardly referential normative references. 1i. With the removal of the community reservation there are no IANA considerations. 1j. No such formal validation is required. 1k. included Document Announcement Write-Up for draft-ietf-opsec-blackhole-urpf currently in draft 03 having completed WG last call. Technical Summary Remote Triggered Black Hole (RTBH) filtering is a popular and effective technique for the mitigation of denial-of-service attacks. This document expands upon destination-based RTBH filtering by outlining a method to enable filtering by source address as well. Working Group Summary The WG last call period for draft-ietf-opsec-blackhole-urpf-03 has been completed without opposition. Commentary on the draft in the current and prior revision at IETF 74 and before would indicate that the WG believes that the document is in suitable form to advance. Document Quality As it documents existing current practice both in router implementation and in operational practice and expands upon but does not obsolete rfc 3882 we believe that it is suitable to advance towards the goal of BCP status. Personnel Review by both industry peers (NANOG security BOF), and one of the originators of the method (Barry Greene) was solicited, and their input is noted in the contributions section. Joel Jaeggli Shepherded this document through the working group process. |
2009-04-29
|
04 | Cindy Morgan | Draft Added by Cindy Morgan in state Publication Requested |
2009-03-30
|
03 | (System) | New version available: draft-ietf-opsec-blackhole-urpf-03.txt |
2009-03-08
|
02 | (System) | New version available: draft-ietf-opsec-blackhole-urpf-02.txt |
2009-03-06
|
01 | (System) | New version available: draft-ietf-opsec-blackhole-urpf-01.txt |
2009-01-20
|
00 | (System) | New version available: draft-ietf-opsec-blackhole-urpf-00.txt |