IETF Logo Mail Archive

Re: [6lo] ND cache entries creation on first-hop routers

Michael Richardson <mcr+ietf@sandelman.ca> Wed, 03 July 2019 18:59 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00BF71205F0; Wed, 3 Jul 2019 11:59:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8CrB_0LKvudU; Wed, 3 Jul 2019 11:59:21 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F261312047B; Wed, 3 Jul 2019 11:59:20 -0700 (PDT)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id 1757838192; Wed, 3 Jul 2019 14:57:25 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id BF4C6BB7; Wed, 3 Jul 2019 14:59:18 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Jen Linkova <furry13@gmail.com>, 6lo@ietf.org, 6tisch@ietf.org, V6 Ops List <v6ops@ietf.org>, 6man <6man@ietf.org>
In-Reply-To: <CAFU7BAQomCzfDQaAOpJO7CmQYiAVzHFThviLv7r-0=C9v4MD-w@mail.gmail.com>
References: <CAFU7BAQ4xrjNn9-EUyRhyHKDDT=f381Z4T6x6qJ=ftm2D2K4cw@mail.gmail.com> <5377.1562081856@localhost> <CAFU7BAQomCzfDQaAOpJO7CmQYiAVzHFThviLv7r-0=C9v4MD-w@mail.gmail.com>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Wed, 03 Jul 2019 14:59:18 -0400
Message-ID: <13349.1562180358@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/yc_t4s9DBt-fW4tjjLQrBUUG8tg>
Subject: Re: [6lo] ND cache entries creation on first-hop routers
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jul 2019 18:59:31 -0000

Jen Linkova <furry13@gmail.com> wrote:
    >> I didn't really understand 2.2.2: is it exploiting some corner case in the
    >> spec, or maybe just some part I am not well clued in about.  So maybe an
    >> extra paragraph to explain things.

    > It's just using the standard ND process: when the node B receives an
    > NS from node A and that NS contains the node B  address as a target
    > address and SLLAO contains node A LLA,
    > the node B would respond with NA and would create a STALE entry for
    > the node A - https://tools.ietf.org/html/rfc4861#section-7.2.3

I read through https://tools.ietf.org/html/rfc4861#section-7.3.3
and it says:

   The first time a node sends a packet to a neighbor whose entry is
   STALE, the sender changes the state to DELAY and sets a timer to
   expire in DELAY_FIRST_PROBE_TIME seconds.  If the entry is still in
   the DELAY state when the timer expires, the entry's state changes to
   PROBE.  If reachability confirmation is received, the entry's state
   changes to REACHABLE.

   Upon entering the PROBE state, a node sends a unicast Neighbor
   Solicitation message to the neighbor using the cached link-layer
   address.  While in the PROBE state, a node retransmits Neighbor
   Solicitation messages every RetransTimer milliseconds until
   reachability confirmation is obtained.  Probes are retransmitted even
   if no additional packets are sent to the neighbor.  If no response is
   received after waiting RetransTimer milliseconds after sending the
   MAX_UNICAST_SOLICIT solicitations, retransmissions cease and the
   entry SHOULD be deleted.  Subsequent traffic to that neighbor will
   recreate the entry and perform address resolution again.

Is PROBE and DELAY different states? It almost feels like a typo here.

    >> I kinda like the ping all routers trick.

    > I think it's a hack ;( we do have a mechanism for communicating
    > neighbours addresses/reachability called ND. It would be nice to
    > utilise its machinery.
    > Pinging creates additional overhead on routers and could get filtered.
    > But I'd not be surprised if it's the only way we have realistically to
    > mitigate the issue..

Yes, it's a hack.  It leverages existing behaviour, can be deployed
unilaterally by mobile phone makers, and does not require any new state in
the end device, as they don't even have to listen for the ECHO REPLY.

Let me suggest a different hack: use stateful DHCPv6.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email