yeh - I read that but am not convinced that the message is clear enough of what can happen if those rules are not followed Scott --- Date: Tue, 25 Sep 2007 23:02:52 +0100 From: Stewart Bryant <stbryant@xxxxxxxxx> To: "Scott O. Bradner" <sob@xxxxxxxxxxx> Cc: ietf@xxxxxxxx, ipfix@xxxxxxxx, tsv-dir@xxxxxxxx Subject: Re: [IPFIX] draft-ietf-ipfix-protocol-26.txt Scott > Historically the biggest issue with IPFIX has been that most > implementers want to run it over UDP with consequences be dammed. - > this was weaseled in the IPFIX Requirements document (RFC 3917) by > requiring (in section 6.3.1) that "For the data transfer, a congestion > aware protocol must be supported." This draft meets that requirement by > making the implementation of SCTP a MUST. That will not stop many > implementers from ignoring the requirement for implementation or users > to enable UDP and thus creating a potentially very high bandwidth > non-congestion avoiding fire hose that can quite easily wipe out a net > by misconfiguration or become a DoS engine by purposeful configuration. > > I'm not sure if anything can be actually be done about this risk - It > might help some to say that UDP is a "MUST NOT" but I doubt it - in any > case it would help somewhat, imho, to expand section 10.3 to be clearer > about the threats posed by any use of a non-congestion avoiding > transport protocol or to do that in the Security Considerations section > There is text in section 10.1 which states: UDP MAY be used although it is not a congestion aware protocol. However, the IPFIX traffic between Exporter and Collector MUST run in an environment where IPFIX traffic has been provisioned for or is contained through some other means. This sets out the set of conditions that MUST be fulfilled in order to run IPFIX over UDP safely. Stewart _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf