Internet DRAFT - draft-boucadair-lisp-pubsub-flow-examples
draft-boucadair-lisp-pubsub-flow-examples
Locator/ID Separation Protocol M. Boucadair
Internet-Draft Orange
Intended status: Informational 10 February 2023
Expires: 14 August 2023
LISP PubSub Flow Examples
draft-boucadair-lisp-pubsub-flow-examples-03
Abstract
This document provides a set of flow examples to illustrate the use
of LISP PubSub specification.
Discussion Venues
This note is to be removed before publishing as an RFC.
Discussion of this document takes place on the Locator/ID Separation
Protocol Working Group mailing list (lisp@ietf.org), which is
archived at https://mailarchive.ietf.org/arch/browse/lisp/.
Source for this draft and an issue tracker can be found at
https://github.com/boucadair/lisp-pubsub-flow-examples.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 14 August 2023.
Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved.
Boucadair Expires 14 August 2023 [Page 1]
Internet-Draft LISP PubSub Examples February 2023
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Initial Successful Subscription . . . . . . . . . . . . . . . 3
4. Successful Notification . . . . . . . . . . . . . . . . . . . 4
5. Successful Notification with Retransmission . . . . . . . . . 5
6. Failed Notification with Retransmission . . . . . . . . . . . 6
7. Successful Subscription Update . . . . . . . . . . . . . . . 7
8. Failed Subscription with Lost Map-Notify-Ack . . . . . . . . 8
9. Stale Subscriptions . . . . . . . . . . . . . . . . . . . . . 9
10. xTR-triggered Subscription Withdrawal . . . . . . . . . . . . 11
11. 'Map-Server'-triggered Subscription Withdrawal . . . . . . . 12
12. Bootstrapping an xTR . . . . . . . . . . . . . . . . . . . . 13
12.1. Replay Attacks . . . . . . . . . . . . . . . . . . . . . 13
12.1.1. Replayed Subscription (Update) . . . . . . . . . . . 13
12.1.2. Replayed Withdrawal . . . . . . . . . . . . . . . . 17
12.1.3. Replayed Notification Updates . . . . . . . . . . . 18
13. Explicit Subscriptions . . . . . . . . . . . . . . . . . . . 18
14. Security Considerations . . . . . . . . . . . . . . . . . . . 18
15. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18
16. Normative References . . . . . . . . . . . . . . . . . . . . 18
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 19
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 19
1. Introduction
This document provides a set of flow examples as a companion to the
LISP PubSub specification [I-D.ietf-lisp-pubsub]. The document is
meant to illustrate and assess the behavior of LISP control nodes
under specific conditions.
The examples use a simplified/simple setup for the sake of
illustration.
2. Terminology
This document uses the terms defined in [I-D.ietf-lisp-pubsub].
Boucadair Expires 14 August 2023 [Page 2]
Internet-Draft LISP PubSub Examples February 2023
The following terms and notations are used in this document:
init_nonce: the nonce that is initially included in a Map-Request to
create a subscription.
initial subscription request: the Map-Request that was used to
create the initial subscription. This request has the nonce value
set to init_nonce.
nonce++: incremented nonce by 1.
init_key_id: the key identifier that was used in the Map-Request
with init_nonce.
trans_count: retransmission counter as per Section 5.7 of [RFC9301].
trans_timer: retransmission timer as per Section 5.7 of [RFC9301].
AT: Attacker
3. Initial Successful Subscription
Figure 1 shows the example of a successful subscription. The example
assumes that a security association is in place between the xTR ad
the Map-Server (Section 7.1 of [I-D.ietf-lisp-pubsub]) and that all
integrity-protection checks are successfully passed.
Boucadair Expires 14 August 2023 [Page 3]
Internet-Draft LISP PubSub Examples February 2023
+---+ +----+
|xTR| | MS |
+-+-+ +--+-+
| |
.--------------------. | |
| Generate a new key | | Map-Request(init_nonce, | .--------------------.
| and an initial | | init_key_id,..) | | Security/integrity |
| nonce. Store them +-+=========================+-+ protection check. |
| locally for this | | | | No State for this |
| subscription | | | | xTR-ID/EID is found|
'--------------------' | | | Create the sub and |
| Map-Notify(init_nonce, | | store init_nonce, |
.--------------------. | ,...) | | init_key_id, ... |
| Security/integrity +-+<========================+-+ |
| protection check. | | | '--------------------'
| Check that rcv | |Map-Notify-Ack(init_nonce|
| nonce == init_nonce| | ,...)| .--------------------.
| Confirm the sub and+-+========================>+-+ Security/integrity |
| wait for notifs | | | | protection checks. |
'--------------------' | | | This subscription |
| | | is now ACKed |
| | '--------------------'
Figure 1: An Example of Successful Initial Subscription
4. Successful Notification
Figure 2 illustrates the example of a successful delivery of
notification updates that match an existing subscription state. This
example assumes that a security association is in place between the
xTR and the Map-Server (Section 7.1 of [I-D.ietf-lisp-pubsub]) and
that all subsequent integrity-protection checks are successfully
passed.
Boucadair Expires 14 August 2023 [Page 4]
Internet-Draft LISP PubSub Examples February 2023
+---+ +----+
|xTR| | MS |
+-+-+ +--+-+
| |
.--------------------. | | .--------------------.
| Security/integrity | | Map-Notify(nonce++, ...) | | Update is triggered|
| protection check. +-+<=========================+-+ Increment the nonce|
| Check that rcv | | | | Set trans_count and|
| nonce >= local | | | | trans_timer |
| nonce + 1 | | | '--------------------'
| | | |
| Confirms the notif | | | .--------------------.
| and update the | |Map-Notify-Ack(nonce++,..)| | Security/integrity |
| entry +-+=========================>+-+ protection checks. |
| | | | | This notification |
'--------------------' | | | is now ACKed |
| | '--------------------'
Figure 2: An Example of Successful Notification
5. Successful Notification with Retransmission
Unlike the example depicted in Figure 2, Figure 3 illustrates the
behavior that is experienced when a subset of Map-Notify messages are
lost during their transfer. This example assumes that at least one
of these Map-Notify messages is received by the target xTR.
Boucadair Expires 14 August 2023 [Page 5]
Internet-Draft LISP PubSub Examples February 2023
+---+ +----+
|xTR| | MS |
+-+-+ +--+-+
| |
| | .--------------------.
| Map-Notify(nonce, ...) | | Update is triggered|
| <==================+-+ Increment the nonce|
| | | Set trans_count and|
| | | trans_timer |
| | '--------------------'
| |
| | .--------------------.
| Map-Notify(nonce, ...) | | Increment |
| <==================+-+ trans_count and |
| | | reset trans_timer |
| | '--------------------'
| |
.--------------------. | | .--------------------.
| Security/integrity | |Map-Notify(nonce, ...) | | Increment |
| protection check. +-+<=======================+-+ trans_count and |
| Check that rcv | | | | reset trans_timer |
| nonce >= local | | | '--------------------'
| nonce + 1 | | |
| | | | .--------------------.
| Confirms the notif | |Map-Notify-Ack(nonce,...) | Security/integrity |
| and update the +-+=======================>+-+ protection checks. |
| entry | | | | This notification |
'--------------------' | | | is now ACKed |
| | '--------------------'
Figure 3: An Example of Successful Notification with Retransmission
6. Failed Notification with Retransmission
Figure 4 assumes that, due to network conditions, all Map-Notifies
are lost.
Boucadair Expires 14 August 2023 [Page 6]
Internet-Draft LISP PubSub Examples February 2023
+---+ +----+
|xTR| | MS |
+-+-+ +--+-+
| |
| | .--------------------.
| Map-Notify(nonce, ...) | | Update is triggered|
| <==================+-+ Increment the nonce|
| | | Set trans_count and|
| | | trans_timer |
| | '--------------------'
| |
| | .--------------------.
| Map-Notify(nonce, ...) | | Increment |
| <==================+-+ trans_count and |
| | | reset trans_timer |
| | '--------------------'
| |
| | .--------------------.
| Map-Notify(nonce, ...) | | Increment |
| <==================+-+ trans_count and |
| | | reset trans_timer |
| | '--------------------'
Figure 4: An Example of Failed Notification Delivery
Note that no specific action is currently specified in
[I-D.ietf-lisp-pubsub] when such a failure occurs. That is, the
entry is kept active and future updates will trigger new Map-Notify
cycles. Also, the current specification does not recommend a
behavior (e.g., regular refreshes) so that an xTR avoids maintaining
stale mappings. Such details are implementation specific (see, for
example, Section 7). In order to accommodate Map-Notify messages
lost, the nonce checks on the xTR should not be on the exact match vs
"nonce + 1"; messages with "received nonce >= local nonce + 1" should
be accepted.
7. Successful Subscription Update
Figure 5 illustrates the example of uccessful update of an existing
subscription. The triggers for such a refresh are implementation
specific.
Boucadair Expires 14 August 2023 [Page 7]
Internet-Draft LISP PubSub Examples February 2023
+---+ +----+
|xTR| | MS |
+-+-+ +--+-+
| |
.--------------------. | | .--------------------.
| Increment the last | | Map-Request(nonce, ...) | | Security/integrity |
| seen nonce +-+=========================>+-+ protection check. |
'--------------------' | | | Found an entry for |
| | | this xTR-ID |
.--------------------. | Map-Notify(nonce,...) | | Check that rcv |
| Security/integrity +-+<=========================+-+ nonce >= local |
| protection check. | | | | nonce + 1 |
| Check that rcv | | | '--------------------'
| nonce == snd nonce | | |
| Confirm the sub and| | Map-Notify-Ack(nonce,...) .--------------------.
| wait for notifs +-+=========================>+-+ Security/integrity |
'--------------------' | | | protection check. |
| | | This subscription |
| | | update is ACKed |
| | '--------------------'
Figure 5: An Example of Successful Subscription Update
8. Failed Subscription with Lost Map-Notify-Ack
This example is similar to Section 3, except that the Map-Notify-Ack
is not delivered to the Map-Server. The Map-Server retransmits the
Map-Notify 3 times and then removes the subscription. A Map-Notify
to explicitly indicate the reason for such a removal is also
generated by the Map-Server. If the xTR receives this Map-Notify,
the xTR may decide to send the Map-Request to reinstall back the
removed state. The procedure to reinstall the state is similar to
Figure 1.
Boucadair Expires 14 August 2023 [Page 8]
Internet-Draft LISP PubSub Examples February 2023
+---+ +----+
|xTR| | MS |
+-+-+ +--+-+
| |
.--------------------. | |
| Generate a new key | | Map-Request(init_nonce, | .--------------------.
| and an initial | | init_key_id,..) | | Security/integrity |
| nonce. Store them +-+==============================>+-+ protection check. |
| locally for this | | | | No State for this |
| subscription | | | | xTR-ID/EID is found|
'--------------------' | | | Create the sub and |
| | | store init_nonce, |
.--------------------. | Map-Notify(init_nonce,...) | | init_key_id, ... |
| Security/integrity +-+<==============================+-+ Set trans_count and|
| protection check. | | | | trans_timer |
| Check that rcv | | | '--------------------'
| nonce == init_nonce| | Map-Notify-Ack(init_nonce,...)|
| Confirm the sub and+-+===========> |
| wait for notifs | | |
'--------------------' | |
| | .--------------------.
| Map-Notify(nonce, ...) | | Increment |
| <==================+-+ trans_count and |
| | | reset trans_timer |
| | '--------------------'
| |
| | .--------------------.
| Map-Notify(nonce, ...) | | Increment |
| <==================+-+ trans_count and |
| | | reset trans_timer |
| | '--------------------'
| |
| | .--------------------.
|Map-Notify(nonce, AFI, ACT,...)| | Remove the subscri-|
| <=========================+-+ ption |
| | '--------------------'
... |
Figure 6: An Example of Failed Initial Subscription
9. Stale Subscriptions
For various reasons, an xTR may lose its subscriptions (or at least
the nonce of a subscription). Note that losing the nonce is not
compliant with the following from the PubSub specification:
The xTR MUST keep track of the last nonce seen in a Map-Notify
received as a publication from the Map-Server for the EID-Record.
Boucadair Expires 14 August 2023 [Page 9]
Internet-Draft LISP PubSub Examples February 2023
If the same key is used, the Map-Request is likely to be rejected by
the Map-Server and, thus, stale subscriptions will be maintained by
the Map-Server. The request is silently discarded by the Map-Server.
This behavior is similar to this behavior in [RFC9301]:
If a Map-Register is received with a nonce value that is not
greater than the saved nonce, it MUST drop the Map-Register
message and SHOULD log the fact that a replay attack could have
occurred.
+---+ +----+
|xTR| | MS |
+-+-+ +--+-+
| |
| Map-Request(nonce, | .--------------------.
| init_key_id,..) | | Security/integrity |
+==============================>+-+ protection check. |
| | | A state for |
| | | xTR-ID/EID is found|
| | | but the nonce check|
| | | fails: rcv nonce < |
| | | local nonce + 1. |
| | | Discard the packet |
| | '--------------------'
Figure 7: An Example of Stale Subscriptions
If the Map-Server stores all the key-ids that were used by an xTR for
its subscriptions, the Map-Server may accept overriding an existing
state without enforcing the nonce check but if and only if a new key
is used (see Figure 8) and that the new security association
succeeds.
Boucadair Expires 14 August 2023 [Page 10]
Internet-Draft LISP PubSub Examples February 2023
+---+ +----+
|xTR| | MS |
+-+-+ +--+-+
| |
| Map-Request(nonce, | .--------------------.
| new key_id, ...) | | Security/integrity |
+=========================>+-+ protection check. |
| | | A state for |
.--------------------. | Map-Notify (nonce, ...) | | xTR-ID/EID is found|
| Security/integrity +-+<=========================+-+ but the new auth |
| protection check. | | | | key is used, the |
| Check that rcv | | | | state is updated |
| nonce == snd nonce | | | '--------------------'
| Confirm the sub and| | Map-Notify-Ack(nonce,...) .--------------------.
| wait for notifs +-+=========================>+-+ Security/integrity |
'--------------------' | | | protection check. |
| | | This subscription |
| | | update is ACKed |
| | '--------------------'
Figure 8: An Example of Stale Subscriptions Avoidance with New KEys
However, the approach in Figure 8 may have scalability issues as the
Map-Server must store all the key identifiers that were ever used.
Otherwise, an attacker can replay a message for which the key-id is
not stored anymore by the Map-Server. This issue is not encountered
if LISP-SEC messages are timestamped.
Note that currently none of LISP specifications use timestamps.
10. xTR-triggered Subscription Withdrawal
Figure 9 illustrates the observed exchange to successfully delete a
subscription.
Boucadair Expires 14 August 2023 [Page 11]
Internet-Draft LISP PubSub Examples February 2023
+---+ +----+
|xTR| | MS |
+-+-+ +--+-+
| |
.--------------------. | | .--------------------.
| Increment the last | | Map-Request(nonce, AFI=0...) | | Security/integrity |
| seen nonce +-+==============================>+-+ protection check. |
'--------------------' | | | Found an entry for |
| | | this xTR-ID |
.--------------------. | Map-Notify(nonce,...) | | Check that rcv |
| Security/integrity +-+<==============================+-+ nonce >= local |
| protection check. | | | | nonce + 1 |
| Check that rcv | | | '--------------------'
| nonce == snd nonce | | |
| Send Map-Notfiy-ACK| | Map-Notify-Ack(nonce,...) | .--------------------.
| +-+==============================>+-+ Security/integrity |
'--------------------' | | | protection check. |
| | | This withdrawal is |
| | | confirmed |
| | '--------------------'
Figure 9: An Example of Successful Subscription Withdrawal
11. 'Map-Server'-triggered Subscription Withdrawal
Figure 10 illustrates the observed exchange to notify the withdrawal
of a subscription at the initiative of the Map-Server.
+---+ +----+
|xTR| | MS |
+-+-+ +--+-+
| |
.--------------------. | | .--------------------.
| Security/integrity | | Map-Notify(nonce, TTL=0, ...) | | Update is triggered|
| protection check. +-+<==============================+-+ Increment the nonce|
| Check that rcv | | | | Set trans_count and|
| nonce >= local | | | | trans_timer |
| nonce + 1 | | | '--------------------'
| | | |
| Confirms the notif | | | .--------------------.
| and remove the | | Map-Notify-Ack(nonce, ...) | | Security/integrity |
| entry +-+==============================>+-+ protection checks. |
| | | | | This notification |
'--------------------' | | | is now ACKed |
| | '--------------------'
Figure 10: An Example of Successful Notification of Subscription
withdrawal
Boucadair Expires 14 August 2023 [Page 12]
Internet-Draft LISP PubSub Examples February 2023
12. Bootstrapping an xTR
When first bootrsapped, an xTR may delete any (stale) state that
might be associated with its provisioned xTR-ID and security
association. To that aim, the xTR sends a Map-Request that has only
one ITR-RLOC with AFI = 0.
A Map-Notify will be sent back by the Map-Server even if no
subscription is found as illustrated in Figure 11.
+---+ +----+
|xTR| | MS |
+-+-+ +--+-+
| |
.--------------------. | | .--------------------.
| Generate a random | | Map-Request(nonce, AFI=0...) | | Security/integrity |
| nonce and new key +-+==============================>+-+ protection check. |
'--------------------' | | | No entry is found |
| | | for this xTR-ID |
.--------------------. | Map-Notify(nonce, ...) | | |
| Security/integrity +-+<==============================+-+ |
| protection check. | | | | |
| Check that rcv | | | '--------------------'
| nonce == snd nonce | | |
| Send Map-Notfiy-ACK| | Map-Notify-Ack(nonce,...) |
| +-+==============================>+
'--------------------' | |
| |
Figure 11: An Example of Clearing State when Bootstrapping
12.1. Replay Attacks
12.1.1. Replayed Subscription (Update)
Figure 12 shows the example of a replayed subscription request. The
request will be silently dropped the Map-Server because of nonce
check failure. This example assumes that a state is maintained by
the Map-Server for this xTR.
Boucadair Expires 14 August 2023 [Page 13]
Internet-Draft LISP PubSub Examples February 2023
+---+ +----+
| AT| | MS |
+-+-+ +--+-+
| |
| Map-Request(init_nonce, | .--------------------.
| init_key_id,..) | | Security/integrity |
+==============================>+-+ protection check. |
| | | A state is for |
+---+ | | xTR-ID/EID is found|
|xTR| | | but the nonce check|
+-+-+ | | fails: rcv nonce < |
| | | local nonce + 1. |
| | | Discard the packet |
| | '--------------------'
| |
Figure 12: An Example of Handling of Replayed Initial Subscription
Note that legitimate Map-Requests issued from the authentic xTR may
be blocked as a side effect of enforcing a rate-lmit of the replayed
messages. An example is shown in Figure 13.
+---+ +----+
| AT| | MS |
+-+-+ +--+-+
| |
| Map-Request(init_nonce, | .--------------------.
| init_key_id,..) | | Security/integrity |
+==========================>+-+ protection check. |
| ... | | A state is found |
+==========================>+-+ xTR-ID/EID is found|
| | | but the nonce check|
| | | fails: rcv nonce < |
| | | local nonce + 1 |
| | '--------------------'
| |
| (more requests) | .--------------------.
| +-+ Rate-limit xTR-ID |
| | | requests is reached|
+----+ | '--------------------'
|xTR | |
+-+--+ Map-Request(...) | .--------------------.
|==========================================>+-+ Discard |
| '--------------------'
Figure 13: An Example of Handling of Replayed Initial Subscription
Boucadair Expires 14 August 2023 [Page 14]
Internet-Draft LISP PubSub Examples February 2023
If replayed attacks are not counted as part of the rate-limit policy,
legitimate Map-Requests will be procecced as illustrated in
Figure 14.
+---+ +----+
| AT| | MS |
+-+-+ +--+-+
| |
| Map-Request(init_nonce, | .--------------------.
| init_key_id,..) | | Security/integrity |
+==========================>+-+ protection check. |
| ... | | A state is found |
+==========================>+-+ xTR-ID/EID is found|
| | | but the nonce check|
| | | fails: rcv nonce < |
| | | local nonce + 1 |
| | '--------------------'
+----+ |
|xTR | |
+-+--+ Map-Request(...) | .--------------------.
|==========================================>+-+ Process |
| '--------------------'
Figure 14: An Example of Handling of Replayed Initial Subscription
Suppose now that the xTR deletes it subscription. An attacker may
replay valid Map-Request messages that were used for subscription or
updates. These messages can't be detected by the Map-Server as being
replay messages. The attacker may vary the source IP address of the
Map-Request to trigger as many Map-Notifies sent to other xTRs.
These Map-Notify messages will be ignored by the xTR as they don't
have any matching state.
Boucadair Expires 14 August 2023 [Page 15]
Internet-Draft LISP PubSub Examples February 2023
+---+ +----+
|xTR| | MS |
+---+ +--+-+
| Map-Request(nonce, AFI=0...) |
+==================================================>+
| Map-Notify(nonce, AFI=0...) |
|<==================================================+
| Map-Notify-Ack |
+==================================================>+
| +---+ |
| AT| |
+-+-+ |
| Map-Request(nonce, | .--------------------.
| key_id, ..) | | Security/integrity |
+==============================>+-+ protection check. |
| | | No state is found |
+---+ | | for xTR-ID/EID. |
|xTR| | | Add a subscription |
+-+-+ Map-Notify(nonce, ...) | | entry for this xTR |
|<================================================+-+ |
| ... | | |
| | '--------------------'
| |
Figure 15: An Example of Handling of Replayed Map-Requests when
no State
Note that if LISP-SEC messages are timestamped, the replayed packets
would be detected and, thus, be silently ignored by the Map-Server.
Such invalid messages won't then interfere with legitimate Map-
Requests if the Map-Server has sufficient resources to process the
timestamp of all received requests. An example of processing
timestamped Map-Requests (rate-limit not reached) is depicted in
Figure 16.
Boucadair Expires 14 August 2023 [Page 16]
Internet-Draft LISP PubSub Examples February 2023
+---+ +----+
| AT| | MS |
+-+-+ +--+-+
| |
| Map-Request(init_nonce, | .--------------------.
| init_key_id,..) | | Security/integrity |
+==========================>+-+ protection check. |
| | | The message is |
| | discarded because |
+---+ | | timestamp checks |
|xTR| | | fail |
+-+-+ | '--------------------'
| |
| Map-Request(...) | .--------------------.
|==========================================>+-+ Processed |
| '--------------------'
Figure 16: An Example of Handling of Replayed Subscription with
Timestamp
12.1.2. Replayed Withdrawal
Figure 17 depicts the example of the exchange that occurs when an
attacker sends a replayed withdrawal request. The request will be
silently discared by the Map-Server if state is already present.
+---+ +----+
| AT| | MS |
+-+-+ +--+-+
| |
| | .--------------------.
| Map-Request(nonce, AFI=0,...) | | Security/integrity |
+==============================>+-+ protection check. |
| | | A state is found |
+---+ | | xTR-ID/EID is found|
|xTR| | | but the nonce check|
+-+-+ | | fails: rcv nonce < |
| | | local nonce + 1 |
| | | Discard the packet |
| | '--------------------'
| |
Figure 17: An Example of Handling of Replayed Removal of a
Subscription
Boucadair Expires 14 August 2023 [Page 17]
Internet-Draft LISP PubSub Examples February 2023
12.1.3. Replayed Notification Updates
Figure 18 illustrates the observed exchange when a replayed
notification update is sent by a misbehaving node (AT) to an xTR.
This example assumes that the replayed message is a replay of Map-
Server triggered withdrawal and that a state matching this
notification is maintained by the xTR.
+---+ +----+
|xTR| | AT |
+-+-+ +--+-+
| |
.--------------------. | |
| Security/integrity | | Map-Notify(nonce, TTL=0, ...) |
| protection check. +-+<==============================+
| Check that rcv | | |
| nonce >= local | | |
| nonce + 1 | | |
| | | |
| Discard the message| | |
| because the nonce | | |
| checks fails | | |
'--------------------' | |
| |
Figure 18: An Example of Replayed Notification of Subscription
Withdrawal
Note that if no state is maintained by the xTR, the Map-Notify will
be silently discarded.
13. Explicit Subscriptions
TBC.
14. Security Considerations
This document does not introduce any security considerations beyond
those already discussed in [I-D.ietf-lisp-pubsub].
15. IANA Considerations
This document does not make any request to IANA.
16. Normative References
Boucadair Expires 14 August 2023 [Page 18]
Internet-Draft LISP PubSub Examples February 2023
[I-D.ietf-lisp-pubsub]
Rodriguez-Natal, A., Ermagan, V., Cabellos-Aparicio, A.,
Barkai, S., and M. Boucadair, "Publish/Subscribe
Functionality for the Locator/ID Separation Protocol
(LISP)", Work in Progress, Internet-Draft, draft-ietf-
lisp-pubsub-11, 10 February 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-lisp-
pubsub-11>.
[RFC9301] Farinacci, D., Maino, F., Fuller, V., and A. Cabellos,
Ed., "Locator/ID Separation Protocol (LISP) Control
Plane", RFC 9301, DOI 10.17487/RFC9301, October 2022,
<https://www.rfc-editor.org/rfc/rfc9301>.
Acknowledgments
Thanks to TBC.
Author's Address
Mohamed Boucadair
Orange
35000 Rennes
France
Email: mohamed.boucadair@orange.com
Boucadair Expires 14 August 2023 [Page 19]