Virtual Router Redundancy Protocol (vrrp)

Smith, Mark - Sydney | 3 May 2002 02:23

Picon

RE: Q's about VRRPv3 draft

Hi Bob,

Sorry not to get back to you sooner. I've been a bit busy recently preparing
for a product launch. At least I've had plenty of time to think a few things
through.

<snip>

> 
> Care to suggest some text?  I submitted a new VRRP (for IPv4) 
> draft so the 
> other clarifications could included in a new RFC.  This could 
> be added as well.
> 

I'll do a bit more thinking about this, I thought I needed to get back to
you with something ... I've added a few things below.

> > > >8.2  ND Neighbour Solicitation
>

<snip>

> I added text to the new VRRP for IPv6 draft.  Does this suffice?
> 

It certainly does. There is a tiny grammar error though - "hosts" probably
should be "host's"

VRRP for IPv4 would also benefit from a paragraph specifying similar

(Continue reading)

Aron Silverton | 6 May 2002 18:33

Picon

KAME VRRP Plans

To all those interested, it appears:

http://www.kame.net/roadmap-2002.html

that the KAME project has plans to implement VRRPv3 with work beginning 
in October '02 and scheduled for completion by March '03.

Aron

--

-- 
Aron J. Silverton
Motorola Laboratories, Networks and Infrastructure Research
Motorola, Inc.

Telephone: 847-576-8747    
Fax: 847-576-3420
Pager: 800-759-8888 PIN 1147344
mailto: Aron.J.Silverton <at> Motorola.com

Ravi Singh | 14 May 2002 22:50

Picon

VRRP: authentication -- really required ??

Hello!

VRRP for IPv4 (RFC 2338) and VRRP for IPv6
(draft-ietf-vrrp-ipv6-spec-02.txt - Feb 28, 2002), have a section on
security considerations.

In my opinion, these sections are not required because trying to do
auth checks on VRRP packets serves no purpose.

The intended aim is to ENSURE that there is only 1 master for a certain
VRID, on a LAN. And that the master be THE ONE with the highest priority
among the set of correctly configured VRRP routers for this VRID.

This can NOT be ensured by the authentication schemes as described in VRRP
RFC/draft.

Scenario:
On a certain LAN, there is a bunch of routers configured for a certain
VRID. They are all configured with the same authentication mechanism with
identical parameters. The router, in this group, with the highest priority
would become the master (say M).
Now, lets assume another router (say X) comes up configured for the
same VRID as the group above. If X is configured such that its
authentication parameters are different from those of the group, then it
will ultimately (after 3*AdvInterval) also change state to master for the
same VRID. This would happen because X would discard the received
advertisements from M (due to auth failure) and after 3*AdvInterval it
would assume there is no correctly configured master. And X would
also assume mastership. The question boils down to, how does either of X
or M know that is NOT the mis-configured one ?

(Continue reading)

PC Drew | 15 May 2002 14:08

Re: VRRP: authentication -- really required ??

You bring up an excellent point: death by mis-configuration is not good.  I 
wonder, however, if a solution is simply to rearrange some statements in 
section 7.1 of the RFC?  Section 7.1 says validate TTL, VRRP version, 
packet length, checksum, and authentication.  Then validate that the VRID 
is valid for the receiving interface.

A solution to the problem you bring up is to verify that the VRID is valid 
on the reciving interface, then perform the authentication.  If the 
authentication fails and it's in an initial state, then the VRRP 
implementation should believe it is misconfigured and may notify network 
management of the misconfiguration and NOT try to become a master.  On the 
flip side, if authentication fails and it's not in an initial state (i.e. 
it's already a backup or a master), it must drop the packet and may notify 
network management of a misconfiguration on the part of the sender.

With regard to your other point about not needing authentication, I 
disagree.  Without authentication, it becomes much easier to forge VRRP 
packets and disrupt entire flows of traffic.  While nothing can be 
completely secure, I consider authenticating these kinds of control packets 
a must on the public internet.

--On Tuesday, May 14, 2002 01:50:54 PM -0700 Ravi Singh 
<ravsingh <at> IPRG.nokia.com> wrote:

> Hello!
>
> VRRP for IPv4 (RFC 2338) and VRRP for IPv6
> (draft-ietf-vrrp-ipv6-spec-02.txt - Feb 28, 2002), have a section on
> security considerations.
>

(Continue reading)

Ravi Singh | 15 May 2002 19:55

Picon

Re: VRRP: authentication -- really required ??

Please see inline....

> Date: Wed, 15 May 2002 06:08:31 -0600
> From: PC Drew <drewpc <at> ibsncentral.com>
> To: vrrp <at> drcoffsite.com
> Subject: Re: VRRP: authentication  -- really required ??
>
> You bring up an excellent point: death by mis-configuration is not good.  I
> wonder, however, if a solution is simply to rearrange some statements in
> section 7.1 of the RFC?  Section 7.1 says validate TTL, VRRP version,
> packet length, checksum, and authentication.  Then validate that the VRID
> is valid for the receiving interface.
>
> A solution to the problem you bring up is to verify that the VRID is valid
> on the reciving interface, then perform the authentication.  If the
> authentication fails and it's in an initial state, then the VRRP
> implementation should believe it is misconfigured and may notify network
> management of the misconfiguration and NOT try to become a master.  On the
> flip side, if authentication fails and it's not in an initial state (i.e.
> it's already a backup or a master), it must drop the packet and may notify
> network management of a misconfiguration on the part of the sender.

Isn't there an assumption being made here that the misconfigured one is
coming up (in INIT state) when there already is a master. On a LAN, where
routers never crash/reboot and where it is possible to ensure that the
misconfigured  (from auth viewpoint) router will come up after master
election (among properly configured ones) has already happened this will
work,provided the protocol is changed to REQUIRE a router be in INIT state
for about 3*AdvTime.
However, are the above assumptions, fair assumptions to make ?

(Continue reading)

Group

gmane.ietf.vrrp.

Search Archive

Page

1

Articles in period: 5

May 2002

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

draft-zhou-pim-vrrp-01 (22 May 2013)
Biggest Fake Conference in Computer Science (27 Apr 2013)
vrrp Digest, Vol 81, Issue 3 (22 Feb 2013)
Proposal for Maintenance Event for VRRP [RFC-5798] (21 Feb 2013)
Proposal for Maintenance Event for VRRP [RFC-5798] (19 Feb 2013)
Problem in addition of IP address to vrrp interface (19 Nov 2012)
FW: IPv6 G-ARP (24 Sep 2012)
VRRPV3-MIB protocol error trap question (4 Sep 2012)
Doubt in VRRPv3 Master to backup state (30 Aug 2012)
Doubt in Accept mode in VRRPv3 (7 Aug 2012)
RFC 5798 - ipv6 link-local configuration (17 May 2012)
Fwd: RFC5798 - clarification on checksum calculation (15 May 2012)
RFC5798 - clarification on checksum calculation (15 May 2012)
VRRPv3 IPv6 RFC-5798 checksum (7 May 2012)
RFC5798 - clarification on checksum calculation (2 Apr 2012)
RFC5798 - clarification on checksum calculation (29 Mar 2012)
Publication of RFC 6527 on VRRPv3 MIB (9 Mar 2012)
VRRP Algo (6 Mar 2012)
Backup->Master transition and ARP reply question (20 Feb 2012)
FW: Protocol Action: 'Definitions of Managed Objects for VRRPv3' to Pr (1 Dec 2011)
An update on draft-ietf-vrrp-unified-mib (29 Sep 2011)

Archives

2	May 2013
1	April 2013
4	March 2013
19	February 2013
1	November 2012
5	September 2012
2	August 2012
7	May 2012
2	April 2012
3	March 2012
3	February 2012
1	December 2011
1	September 2011
5	June 2011
9	April 2011
1	March 2011
4	February 2011
8	January 2011
1	December 2010
4	October 2010
4	September 2010
1	August 2010
7	July 2010
4	June 2010
1	April 2010
9	March 2010
2	February 2010
3	January 2010
5	December 2009
5	November 2009
20	October 2009
25	July 2009
5	April 2009
6	March 2009
2	February 2009
1	January 2009
3	December 2008
45	November 2008
18	October 2008
3	September 2008
10	August 2008
12	July 2008
6	June 2008
4	April 2008
7	March 2008
23	January 2008
4	December 2007
6	November 2007
14	October 2007
3	September 2007
15	August 2007
10	July 2007
5	June 2007
3	May 2007
30	April 2007
23	March 2007
11	February 2007
5	January 2007
1	December 2006
10	October 2006
10	September 2006
8	July 2006
6	June 2006
4	May 2006
2	April 2006
12	March 2006
5	February 2006
7	January 2006
11	December 2005
13	October 2005
4	September 2005
1	August 2005
10	July 2005
4	June 2005
10	May 2005
13	April 2005
10	March 2005
31	February 2005
12	January 2005
2	November 2004
6	October 2004
8	September 2004
1	August 2004
8	July 2004
12	June 2004
14	May 2004
11	April 2004
1	March 2004
13	February 2004
1	January 2004
5	December 2003
35	November 2003
20	October 2003
42	September 2003
38	August 2003
22	July 2003
9	June 2003
28	May 2003
4	April 2003
17	March 2003
15	February 2003
7	January 2003
35	December 2002
30	November 2002
19	October 2002
12	September 2002
10	August 2002
4	June 2002
5	May 2002
1	April 2002

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template