IETF Logo Mail Archive

Re: [6lo] Advocating a generalization of RFC8505 to non-6lo LANs

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Thu, 04 July 2019 13:24 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CD101201E3; Thu, 4 Jul 2019 06:24:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Level:
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=kVlgWPMq; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=eQBQmO7L
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yupCnM5s1yH3; Thu, 4 Jul 2019 06:24:39 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19C4712001A; Thu, 4 Jul 2019 06:24:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=43246; q=dns/txt; s=iport; t=1562246678; x=1563456278; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=vn55AmgHY8CGZytY7Ze0QHr8xlOtjRzL50WD/Q1Jglg=; b=kVlgWPMqswSczD6dGhMAIpJuo8kIWVHh8XvgXtB/HSSyMc6oYatvs5bt kSeTzpKXNzIfufgXOzUvP6684NqR/2zk17YnWW2tMA9sjxsgrzFseZk3j DznLMeeK98CVJ8j3NxvuNQq3AiE9ZsGhppQS1ntzexs5sZz/Xp9UzWQcR 8=;
IronPort-PHdr: 9a23:HUUkuR0OQhX8NVkKsmDT+zVfbzU7u7jyIg8e44YmjLQLaKm44pD+JxKGt+51ggrPWoPWo7JfhuzavrqoeFRI4I3J8RVgOIdJSwdDjMwXmwI6B8vQEVH7MfTndTASF8VZX1gj9Ha+YgBY
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CrAAAh/R1d/5JdJa1mGgEBAQEBAgEBAQEHAgEBAQGBZ4EVL1ADalUgBAsohByDRwOOSYJbiU2NeYJSA1AECQEBAQwBARgBCgoCAQGBS4J1AheCFSM4EwEDAQEEAQECAQVtijcMhUoBAQEBAgEBARARChMBASwGBQEEBwQCAQYCEQQBAQEgAQYDAgICHwYLFAkIAQEEDgUIGoMBgR1NAw4PAQIMiwGQYAKBOIhgcYEygnkBAQWBMgETQYMODQuCEgmBNIRyhm0XgUA/gRFGgU5QLj6BBIEWRwEBAgEBgTYBEBgrCQiCTDKCJot1JCCCMYR9I4hAjT9ACQKCF4ZWhGuET4QOl3iUb4FzjgkCBAIEBQIOAQEFgWchgVhwFTuCbAmCOIMdVIUUhT9yAQGBJ4sZASUEgigBAQ
X-IronPort-AV: E=Sophos;i="5.63,451,1557187200"; d="scan'208,217";a="588632308"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 04 Jul 2019 13:24:37 +0000
Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11]) by rcdn-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id x64DObpV008571 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 4 Jul 2019 13:24:37 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-ALN-001.cisco.com (173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 4 Jul 2019 08:24:36 -0500
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 4 Jul 2019 09:24:31 -0400
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 4 Jul 2019 08:24:31 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vn55AmgHY8CGZytY7Ze0QHr8xlOtjRzL50WD/Q1Jglg=; b=eQBQmO7L5+HOkjCQNrbz/d36klm4HcuTpTvzA6r/c+mgq9EDxd/vwwf2ass18kln7Bgd8XGRK8k4nvGhAcDshZl9IU1oZWw7gZrVjn4RcKH5GK3vlMcX0YjuzEF0MLu9ajqn3WArVjpscO/e4PFJRetOpG4gx7mAwVuSbTJvzFQ=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB4494.namprd11.prod.outlook.com (52.135.39.204) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2032.20; Thu, 4 Jul 2019 13:10:10 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::1ce9:1582:146c:c50a]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::1ce9:1582:146c:c50a%6]) with mapi id 15.20.2032.019; Thu, 4 Jul 2019 13:10:10 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Mark Smith <markzzzsmith@gmail.com>
CC: Carsten Bormann <cabo@tzi.org>, Michael Richardson <mcr+ietf@sandelman.ca>, V6 Ops List <v6ops@ietf.org>, 6man <6man@ietf.org>, "6lo@ietf.org" <6lo@ietf.org>
Thread-Topic: [6lo] Advocating a generalization of RFC8505 to non-6lo LANs
Thread-Index: AdUyXLsjbUS9G1zfTQuzwoWpAiUtYQACLMYAAAC/GgA=
Date: Thu, 04 Jul 2019 13:09:42 +0000
Deferred-Delivery: Thu, 4 Jul 2019 13:08:51 +0000
Message-ID: <MN2PR11MB3565F85F6E989972B92045CBD8FA0@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <MN2PR11MB3565AC3DE6B4480D296D500FD8FA0@MN2PR11MB3565.namprd11.prod.outlook.com> <CAO42Z2y50fxNO6q7LX6K+-PW-At8SQ0U+RTsuTwa5EGsn42c3A@mail.gmail.com>
In-Reply-To: <CAO42Z2y50fxNO6q7LX6K+-PW-At8SQ0U+RTsuTwa5EGsn42c3A@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2001:420:c0c0:1008::1d]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ab4a92f1-d375-4911-11c9-08d70080f1c8
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MN2PR11MB4494;
x-ms-traffictypediagnostic: MN2PR11MB4494:
x-ms-exchange-purlcount: 13
x-microsoft-antispam-prvs: <MN2PR11MB4494061B3A90AC7ACBC15917D8FA0@MN2PR11MB4494.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0088C92887
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(39860400002)(396003)(136003)(366004)(376002)(13464003)(189003)(199004)(51444003)(5024004)(52536014)(14444005)(66574012)(73956011)(86362001)(66946007)(6246003)(256004)(66556008)(66476007)(790700001)(6116002)(6436002)(64756008)(55016002)(76116006)(446003)(99286004)(53936002)(14454004)(66446008)(236005)(606006)(6916009)(186003)(6306002)(9686003)(54896002)(7736002)(74316002)(966005)(229853002)(486006)(8936002)(5660300002)(316002)(4326008)(478600001)(1411001)(54906003)(81166006)(2906002)(81156014)(53546011)(7696005)(71190400001)(6666004)(46003)(6506007)(68736007)(476003)(102836004)(76176011)(33656002)(8676002)(25786009)(11346002)(71200400001); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4494; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: yQ13otWxhTzBjwtUAKBr6cDCOH1JdYS0B68ffuNduJx6jq3FdKeWJUEcByUi4qn8WtaDGuHdWdR4bUBoTLTlC7ChY9MaTO+cqDbjyUVpGXGVgefc3ADoHz2qXxi3WvEhbPvEqyDTE4viMi06y15iFfXHfXuEzWU09KwmbKw+6Bx0ZbkQk0gWKSAqgP5VhnBtThZcYXq2A+pltjXsaSLnI+rkDRpWzwPvUgvFCMJhnJIHpN6QE/L8W9UyTCt7bNgVjB7dlUfI86EYIcyEXCKMVcOcXWgSnLbW5yFhXWdhehstpY5VeendqpakAFYK3QL/RnejZQfEWnTnTL+RCahChcH535AIKd2dMfUgd/uYVd8IuQS0k+1tOg0gwzyM8s34OoQw84d8UHWbZnCNJUGUhAbw3PLlGQoT8YdCtLBAMfw=
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB3565F85F6E989972B92045CBD8FA0MN2PR11MB3565namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: ab4a92f1-d375-4911-11c9-08d70080f1c8
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Jul 2019 13:10:10.6400 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pthubert@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4494
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.11, xch-aln-001.cisco.com
X-Outbound-Node: rcdn-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/i-9McW9xSffW5fFKXQ11yFrmy6M>
Subject: Re: [6lo] Advocating a generalization of RFC8505 to non-6lo LANs
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jul 2019 13:24:43 -0000

Hello Mark:

There are a number of things  that the router would like to know in the process:

  *   A sense of lifetime; how long should the router/L3AP expect that the address will be used; at time out, the router can clean up the state.
  *   A sense of order; if a wireless node moves rapidly from a L3AP to the next, or a VM moves rapidly from a server to the next, which is the most recent point of attachment
  *   A sense of ownership; if the router maintains a state about the address for a requested lifetime, then a proof of ownership can be attached, so only the owner of the address can modify the state (SAVI)
  *   A sense of service; what should the router do with that address? Examples that come to mind are inject in a routing protocol, play sleeping proxy or ND proxy.

It does not take new messages but a new option is needed to provide all that information.

All the best,

Pascal

From: Mark Smith <markzzzsmith@gmail.com>
Sent: jeudi 4 juillet 2019 14:39
To: Pascal Thubert (pthubert) <pthubert@cisco.com>
Cc: Carsten Bormann <cabo@tzi.org>; Michael Richardson <mcr+ietf@sandelman.ca>; V6 Ops List <v6ops@ietf.org>; 6man <6man@ietf.org>; 6lo@ietf.org
Subject: Re: [6lo] Advocating a generalization of RFC8505 to non-6lo LANs


On Thu., 4 Jul. 2019, 21:38 Pascal Thubert (pthubert), <pthubert@cisco.com<mailto:pthubert@cisco.com>> wrote:
This is all very right, Carsten.


> RFC 6775/8505 on a new (greenfield) foo (as in IP over foo) is pretty much a
> no-brainer, if that foo has points where the 6LBR functionality is naturally
> centralized.

No brainer it is, but for Lorenzo's issues on state preservation or reconstruction upon router reboot.

I think that can be overcome.

I've been thinking for a while how to build something like this using existing protocols and host or router behaviour.

Fundamentally two stages:

- collect nodes' link local addresses

- query nodes' for their other GUA or ULA addresses

Collecting nodes LLAs can be done via collecting source addresses from node emitted RSess and/or MLDv2 reports.

Once they've been collected, then nodes are unicast queried by routers for their other addresses via either ICMPv6 Node Information queries or Inverse ND.

(There is currently a limitation with ICMPv6 NI that it doesn't report temporary addresses for security reasons. That could be lifted by e.g. saying that all addressed including temporaries are reported if the NI query source address is an LLA i.e. limited to a query from an on-link source, or both LLA source and that the LLA is that of a known default router.)

A new node on the link effectively announces its LLA to existing routers via RS and MLDv2 joins for solicited node groups for its addresses (and other multicast groups it may join).

If a node configures a new address, it joins the address's Solicited Node Multicast group. Routers use that as a signal to unicast query the node it for its updated address list to discover the new address.

(DAD is another possible way for routers to collect new address information, however I think Ericsson have some IPR over that idea, and it also doesn't work for anycast addresses, because DADs aren't performed for them).

Routers detect when an address disappears via standard ND NUD.

A new router on a link can collect existing nodes' LLAs via a general MLD query, as it does anyway to collect the set of multicast groups on the link. Once the new router has that set of LLAs, it then unicast queries the nodes for their other addresses.


Perhaps a bit of pedantry, however if nodes are "Neighbours", since we now have possibly multiple addresses per node/neighbour, ND isn't really discovering neighbours, it's actually discovering the presence of addresses, not "neighbours". Address Discovery or Address Presence Discovery would perhaps be a more accurate name for this function.

Regards,
Mark.



> Not so easy for brownfield, i.e., in networks where classic ND is already used in
> some hosts and some routers.  “Efficient ND” (which was essentially RFC 6775
> for Ethernet and thus also traditional Wi-Fi) mostly didn’t take off at the time
> because we didn’t articulate a cohabitation (“transition”) strategy.  I’m sure
> we can do that if we put a little more focus on it, leading to another
> specification that describes how to run in mixed classic/efficient ND networks.

For I started that at 6lo and there is text in https://datatracker.ietf.org/doc/html/draft-ietf-6lo-backbone-router , e.g., in section 3.2. The coexistence is also discussed in https://tools.ietf.org/html/draft-thubert-6lo-unicast-lookup but at some point it is not a 6lo problem anymore and that work should really move somewhere else.

Being non-maintenance, it seems too early for 6MAN. If so maybe we should form a short-lived WG to sort out the issues raised by Lorenzo,  yours (coexistence) and mine (limit use of broadcast / interface with a fabric mapping server and do unicast lookup when possible).

All the best,

Pascal

> -----Original Message-----
> From: Carsten Bormann <cabo@tzi.org<mailto:cabo@tzi.org>>
> Sent: jeudi 4 juillet 2019 13:22
> To: Pascal Thubert (pthubert) <pthubert@cisco.com<mailto:pthubert@cisco.com>>
> Cc: Michael Richardson <mcr+ietf@sandelman.ca<mailto:mcr%2Bietf@sandelman.ca>>; 6lo@ietf.org<mailto:6lo@ietf.org>; V6 Ops List
> <v6ops@ietf.org<mailto:v6ops@ietf.org>>; 6man <6man@ietf.org<mailto:6man@ietf.org>>
> Subject: Re: [6lo] Advocating a generalisation of RFC8505 to non-6lo LANs
>
> RFC 6775/8505 on a new (greenfield) foo (as in IP over foo) is pretty much a
> no-brainer, if that foo has points where the 6LBR functionality is naturally
> centralized.
>
> Not so easy for brownfield, i.e., in networks where classic ND is already used in
> some hosts and some routers.  “Efficient ND” (which was essentially RFC 6775
> for Ethernet and thus also traditional WiFi) mostly didn’t take off at the time
> because we didn’t articulate a cohabitation (“transition”) strategy.  I’m sure
> we can do that if we put a little more focus on it, leading to another
> specification that describes how to run in mixed classic/efficient ND networks.
>
> Grüße, Carsten
>
>
> > On Jul 4, 2019, at 12:28, Pascal Thubert (pthubert) <pthubert@cisco.com<mailto:pthubert@cisco.com>>
> wrote:
> >
> > Hello Brian:
> >
> > Yes, I'm willing to make the case.
> >
> > There are a number of reasons to enable a registration method on beyond
> 6lo networks:
> > - It is useful in wireless in general because it addresses non-transit
> > multipoint links (see
> > https://datatracker.ietf.org/doc/draft-thubert-6man-ipv6-over-wireless
> > /) and NBMA ML-subnets
> > - it is useful in particular in Wi-Fi because it reduces the need for broadcast
> quite dramatically.
> > - It is useful in a switched fabric to maintain an accurate state in
> > the overlay mapping server (see
> > https://datatracker.ietf.org/doc/draft-thubert-6lo-unicast-lookup/)
> > - It is useful in a situation of host mobility in general, (see the
> > discussion in
> > https://tools.ietf.org/html/draft-ietf-rift-rift-06#section-5.3.3 )
> > - It is useful for routers with hardware assist forwarding to avoid
> > the punting dance and dropping of packets
> > - It provides SAVI properties with a workable Secure ND (see
> > https://datatracker.ietf.org/doc/draft-ietf-6lo-ap-nd/)
> > - It provides an abstract interface to the router to get routing
> > services (already used with RIFT, RPL, see
> > https://datatracker.ietf.org/doc/draft-ietf-roll-unaware-leaves/, and
> > ND proxy, see
> > https://datatracker.ietf.org/doc/draft-ietf-6lo-backbone-router/)
> > - It solves a number of problems including Jen's, but also sleeping devices on
> non-6lo networks, remote DOS against router and ND cache, and more.
> >
> > All in all I see it as a much needed modernization of ND to cope with the
> evolutions of the network (IOT, Wi-Fi and overlays) and with the new needs
> and behaviors (instant connectivity, fast roaming).
> >
> > All the best,
> >
> > Pascal
> >
> >> -----Original Message-----
> >> From: 6lo <6lo-bounces@ietf.org<mailto:6lo-bounces@ietf.org>> On Behalf Of Michael Richardson
> >> Sent: jeudi 4 juillet 2019 02:58
> >> To: 6lo@ietf.org<mailto:6lo@ietf.org>; V6 Ops List <v6ops@ietf.org<mailto:v6ops@ietf.org>>; 6man <6man@ietf.org<mailto:6man@ietf.org>>
> >> Subject: Re: [6lo] ND cache entries creation on first-hop routers
> >>
> >>
> >> Brian E Carpenter <brian.e.carpenter@gmail.com<mailto:brian.e.carpenter@gmail.com>> wrote:
> >>>> I’m interested to have a parallel discussion on where RFC 8505 can
> >>>> not apply. In the products and use cases I’m aware of, it could,
> >>>> since we are actually faking it by snooping ND and DHCP to achieve
> >>>> similar but less accurate results.
> >>
> >>> So if you are advocating a generalisation of RFC8505 to non-6lo
> >>> LANs, that's certainly a discussion we could have, IMHO.
> >>
> >> I think that it could be applied in situations of servers, such as
> >> data centers where there are multiple tenants. (Many VM
> >> infrastructures have shared front-end networks)
> >>
> >> I think that temporary addressess are not a feature in some of those
> >> deployments that everyone wants, and thus having a registration
> >> system is a feature.
> >>
> >> This does not solve the smartphone on new WIFI issue, which is a
> >> different situation completely.
> >>
> >> --
> >> ]               Never tell me the odds!                 | ipv6 mesh networks [
> >> ]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
> >> ]     mcr@sandelman.ca<mailto:mcr@sandelman.ca>  http://www.sandelman.ca/        |   ruby on rails    [
> >
> > _______________________________________________
> > 6lo mailing list
> > 6lo@ietf.org<mailto:6lo@ietf.org>
> > https://www.ietf.org/mailman/listinfo/6lo
> >
> >

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org<mailto:ipv6@ietf.org>
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email