Re: [6lo] ND cache entries creation on first-hop routers
Lorenzo Colitti <lorenzo@google.com> Wed, 03 July 2019 12:54 UTC
Return-Path: <lorenzo@google.com>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B303D12000F for <6lo@ietfa.amsl.com>; Wed, 3 Jul 2019 05:54:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.499
X-Spam-Level:
X-Spam-Status: No, score=-17.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xNEW3AFotzry for <6lo@ietfa.amsl.com>; Wed, 3 Jul 2019 05:54:31 -0700 (PDT)
Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FBBA1202D1 for <6lo@ietf.org>; Wed, 3 Jul 2019 05:54:28 -0700 (PDT)
Received: by mail-wr1-x42f.google.com with SMTP id n4so2653067wrw.13 for <6lo@ietf.org>; Wed, 03 Jul 2019 05:54:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=u4UHD5iytKcxcjpEO7vfhJebWvTEJ+xQzO0rXirujEg=; b=htcq2w0z4Vmw9GZClbS5wOZXClirbfUfsdWkt8E2mfxrKx86ipE//Jnqt8uTHhh1tY 2PFVTwv+EvdNS3YgtMzeyT90uS4LVv7O+Oz/erKm3POeheSVJzXilhOVPeFxzBeRvfwV unT+eJGQcgZlTCpz93LbSwXbqHZdPWQ1BcVNNJPxfDCwb+nm9KkbUTDx0BtkhJcW7WEx ashIlZ5mOxyPiyyQhIkbij6D+PdVXRcynFXvHMgwfTZooL7neAbVrM+vZNVv2u8o6YY7 Js3qD1/YfpAMDkkQ860KQ7ycTcm9O6WUXD1U3caPjlPN4ljpInP4L09GrL+wzazKAJtX ZcKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=u4UHD5iytKcxcjpEO7vfhJebWvTEJ+xQzO0rXirujEg=; b=DcJ1LhiEzPSokkDZkqsBp34T1qIIVJayJ50vrnSniUrGOt2Un/TWwPyVsm5kR+5IFr DElyk8TaQsqB5L1hFgC1nO59vHM27YJTfWaEBVxjJHI/pmA1hxstTUxXQaJvYFbpyZN+ JSBAUoPe0N/NHAOowPV7zPxeJIDbSZ7djErnnMG76YAc/OeYRBwbvTc9KkjD+B5je7uR D5P3+8CCGgx0SUUlFyjf+GgNVJn1RRUldvL4xK5TXhVwE6RJhpge9v4++TUPFYwzrtM4 7RoQ1scp7aoZeahgcHda7+fF/mGI+flc457Fg0ZPTN3az3I+E11F+WNR17DY9+5/1fme vcCQ==
X-Gm-Message-State: APjAAAUDKF9ApemT6RVwEpJWuKcMntWbvUqE1DkQxY5dIC5yzAbxqXFZ i5S+um1SDQMOngaXPhxWYCXRpg1L2r2VQ5AyxRainA==
X-Google-Smtp-Source: APXvYqwLxkEYweDRCto+WAnL30C/wf7Cf8QQn8sZCaoptciESVU1JgSe7Cstzw7EAIc9ewzd6LIw02mB23sHIMepoAU=
X-Received: by 2002:adf:900e:: with SMTP id h14mr15114312wrh.58.1562158466547; Wed, 03 Jul 2019 05:54:26 -0700 (PDT)
MIME-Version: 1.0
References: <CAFU7BAQ4xrjNn9-EUyRhyHKDDT=f381Z4T6x6qJ=ftm2D2K4cw@mail.gmail.com> <5377.1562081856@localhost> <MN2PR11MB35652B81658AF0E9F718CD52D8FB0@MN2PR11MB3565.namprd11.prod.outlook.com>
In-Reply-To: <MN2PR11MB35652B81658AF0E9F718CD52D8FB0@MN2PR11MB3565.namprd11.prod.outlook.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Wed, 03 Jul 2019 21:54:14 +0900
Message-ID: <CAKD1Yr2kOXKCLp7ZevUX8eK+RpLgyEQ5nN-gc_twrsOTKRZXnQ@mail.gmail.com>
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, "6lo@ietf.org" <6lo@ietf.org>, Jen Linkova <furry13@gmail.com>, "6tisch@ietf.org" <6tisch@ietf.org>, V6 Ops List <v6ops@ietf.org>, 6man <6man@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007b87d7058cc65c07"
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/4WNOxcUh-k_-L6qFqxRjcvwLecY>
Subject: Re: [6lo] ND cache entries creation on first-hop routers
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jul 2019 12:54:33 -0000
On Wed, Jul 3, 2019 at 5:14 PM Pascal Thubert (pthubert) <pthubert@cisco.com> wrote: > 6LoWPAN ND is immune to the remote DOS attacks on the ND cache, the ones > coming from the outside of the subnet, i.e., from a place that is out of > touch and virtually nowhere. > This is because in an RFC 6775/8505-only network, there is no reactive > operation, a packet coming from the outside of the subnet for a node that > is not registered to the router is just dropped. Just like an AP does not > copy a packet on the wireless for a MAC that is not associated. > There are problems with registration-based models as well though. First, complexity. Recovering state in the presence of router crashes is complex. Also, depending on what guarantees the network needs to provide to hosts, a registration-based model will likely use more router memory in the common case that most hosts are well-behaved (because it cannot aggressively time out entries that with classic ND can simply be thrown away after a while). Second, an explicit registration model where the router can refuse to create an address entry provides a supported path for operators to limit the number of IP addresses used by hosts, which has the negative consequences described in RFC 7934. In fact, such a model is explicitly NOT RECOMMENDED by RFC 7934 for general-purpose hosts. The relevant text is "it is RECOMMENDED that the network give the host the ability to use new addresses without requiring explicit requests."
- Re: [6lo] ND cache entries creation on first-hop … Michael Richardson
- Re: [6lo] ND cache entries creation on first-hop … Jen Linkova
- Re: [6lo] ND cache entries creation on first-hop … Pascal Thubert (pthubert)
- Re: [6lo] ND cache entries creation on first-hop … Pascal Thubert (pthubert)
- Re: [6lo] ND cache entries creation on first-hop … Lorenzo Colitti
- Re: [6lo] ND cache entries creation on first-hop … Pascal Thubert (pthubert)
- Re: [6lo] ND cache entries creation on first-hop … Michael Richardson
- Re: [6lo] ND cache entries creation on first-hop … Michael Richardson
- Re: [6lo] ND cache entries creation on first-hop … Brian E Carpenter
- Re: [6lo] ND cache entries creation on first-hop … Pascal Thubert (pthubert)
- Re: [6lo] ND cache entries creation on first-hop … Pascal Thubert (pthubert)
- Re: [6lo] ND cache entries creation on first-hop … Lorenzo Colitti
- Re: [6lo] ND cache entries creation on first-hop … Brian E Carpenter
- Re: [6lo] ND cache entries creation on first-hop … Michael Richardson
- Re: [6lo] ND cache entries creation on first-hop … Jen Linkova