IETF Logo Mail Archive

Re: [6tisch-security] developments on 6tisch join scheduling

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Thu, 18 August 2016 13:04 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: 6tisch-security@ietfa.amsl.com
Delivered-To: 6tisch-security@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3539412DDBA; Thu, 18 Aug 2016 06:04:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.768
X-Spam-Level:
X-Spam-Status: No, score=-15.768 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.247, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Hq-JE_YcIvh; Thu, 18 Aug 2016 06:04:39 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2D6212DDC8; Thu, 18 Aug 2016 06:04:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5694; q=dns/txt; s=iport; t=1471525473; x=1472735073; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=h+hzAOMORCB852K2G3sXMXR06UsSkCJbc2rW0KXTSDo=; b=MA6wNjPE2bfCNWsV03PWDREC9WHJhk9dEXXdC9FdYV1pf7KyPjysFvU6 FpPbAUQyKUtEjxWFbIFyijE1jGCMSXj6ER09BzibYKhpIueMd8PI45or+ 3FDxydSW4rebhYYzawqrOlxdwMHUGQuP7sAHln3LBD9y0ckDqs8qH4Pdo Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0A+AgDdsbVX/4gNJK1dg0OBUge3V4F9gmaDNwKBbTgUAgEBAQEBAQFeJ4ReAQEFeQwEAgEIEQQBASgHMhQJCAIEAQ0FCBIBiBa8BwEBAQEBAQEBAQEBAQEBAQEBAQEBARyGKoRNgTkBgmOFfgWOVopuAYkehXiBco1ehmeFVIN3AR42g3puhWlFfwEBAQ
X-IronPort-AV: E=Sophos;i="5.28,539,1464652800"; d="scan'208";a="139223293"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 18 Aug 2016 13:04:32 +0000
Received: from XCH-RCD-003.cisco.com (xch-rcd-003.cisco.com [173.37.102.13]) by alln-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id u7ID4Wgu015660 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 18 Aug 2016 13:04:32 GMT
Received: from xch-rcd-001.cisco.com (173.37.102.11) by XCH-RCD-003.cisco.com (173.37.102.13) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 18 Aug 2016 08:04:31 -0500
Received: from xch-rcd-001.cisco.com ([173.37.102.11]) by XCH-RCD-001.cisco.com ([173.37.102.11]) with mapi id 15.00.1210.000; Thu, 18 Aug 2016 08:04:31 -0500
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, tisch-security <6tisch-security@ietf.org>
Thread-Topic: [6tisch-security] developments on 6tisch join scheduling
Thread-Index: AQHR+BAV/+KBXOtlnU+yNvEKrwkQAKBOrVlw
Date: Thu, 18 Aug 2016 13:04:17 +0000
Deferred-Delivery: Thu, 18 Aug 2016 13:03:59 +0000
Message-ID: <1ed0a6c6bbbe481fab1bc1c6e36c53d2@XCH-RCD-001.cisco.com>
References: <24944.1471387601@obiwan.sandelman.ca>
In-Reply-To: <24944.1471387601@obiwan.sandelman.ca>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.228.216.28]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch-security/dYOPMPCyZpSA15uuAtXGkbFre2E>
Cc: "anima-bootstrap@ietf.org" <anima-bootstrap@ietf.org>
Subject: Re: [6tisch-security] developments on 6tisch join scheduling
X-BeenThere: 6tisch-security@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch-security/>
List-Post: <mailto:6tisch-security@ietf.org>
List-Help: <mailto:6tisch-security-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2016 13:04:43 -0000

Hello Michael

About your subdivision:

One may note that to root sees it all, and it the ultimate limit of the bandwidth that may be given to join process. 
The bigger the network the slower a given JA can accept new joins. And the deeper the JA, the more overall resources will be consumed by a join.
Since this is dynamic and dependent on the network, it may be that we need the root to provide JAs with a MTBJ (mean time between joins) that depends on the rank or something.

We can wonder if the root itself could be the proxy, being triggered by a DAR message as you described. The root can afford to maintain an EST session.
The root would arbitrate when that request is being served. And that the root may instruct in the DAC when the device is entitled to continue its join process.
For this purpose, the DIO may contain new information about root capabilities in the DODAG Configuration option. 

Cheers,

Pascal


> -----Original Message-----
> From: 6tisch-security [mailto:6tisch-security-bounces@ietf.org] On Behalf Of
> Michael Richardson
> Sent: mercredi 17 août 2016 00:47
> To: tisch-security <6tisch-security@ietf.org>
> Cc: anima-bootstrap@ietf.org
> Subject: [6tisch-security] developments on 6tisch join scheduling
> 
> 
> During discussions at IETF96, it became clear that the join ordering/time
> sequence envisioned for 6tisch would be less possible than I thought.
> The bad news is that a new mechanism might be hard to actually design.
> The good news is that I think a new mechanism would put 6tisch join and ANIMA
> bootstrap almost identical.
> 
> To go back, the proposal was:
>   1) a new pledge would send a NA with an EARO, which would turn into a
>      DAC/DAR process up to the 6LBR.  The 6LBR would let the JCE know
>      about the new node through mechanism TBD.
>      The new pledge would receive a NA in reply, which, for the pledge
>      would acknowledge that they might be knocking on the right door.
>      (A network which didn't like that node would reply in some negative
>      fashion, which naturally could also be forged)
> 
>   2) the JCE would reach out (via the proxy) to the pledge, on a schedule
>      determined by the JCE.  The JCE would control the order of joining,
>      and since CoAP would be used with using something like:
>           draft-wang-6tisch-6top-protocol-00
>      all joining nodes would remain quiet except when responding to
>      queries from the JCE.
> 
> The goal of having the pledge be passive was one of bandwidth conservation,
> the JCE would enroll only as many pledges as it felt it had available bandwidth in
> the upper parts of the MESH DODAG tree.  A 6tisch network might allocate a
> rather small amount of bandwidth for join messages, and utilizing the bandwidth
> responsabily is important.  That means never wasting any energy among the
> lower parts of the DODAG when the packets would just get dropped further
> upwards.
> 
> In discussions, it appears that the EARO as described in
> draft-thubert-6lo-rfc6775-update-00 might be replaced by the Crypto-ID of
> draft-sarikaya-6lo-ap-nd-02, and the process is slightly different.
> 
> One additional reason why the passive pledge turns out to be a problem is that
> the JCE does not actually know the wake/sleep schedule for the pledge.
> In the 6tisch case, it ought to be possible for the pledge to sync up to the
> schedule and so the proxy will know when it can transmit to it, but in order to
> keep the proxy from having to store a lot of data coming from the JCE, the JCE
> also needs to know the schedule out at the edge.  This does not seem
> unsolveable, but it was an additional concern raised.
> 
> Meanwhile, in ANIMA bootstrap, the initial contact is through a GRASP discovery
> (or DNSSD) to find a proxy.  The new pledge uses the proxy to initiate an EST
> session using the proxy.  The enrollment process in the ANIMA case is driven by
> the pledge, on the assumption that the ANIMA ACP has sufficient bandwidth for
> normal congestion control present in TCP and CoAP to deal with a limits.
> 
> What is needed is a way to adjust things so that the pledges will attempt to join
> in a way that does not overwhelm the network, and more so, that the proxy
> nodes can easily police that they are doing so.
> 
> So the idea is to use the ANIMA GRASP discovery mechanism to find a proxy, but
> in addition, in the reply, to get some kind of number to seed a backoff algorithm
> that causes the pledge to attempt to initiate the join process at times
> deterministic to the network.  I'm not talking about an exponential backoff.
> 
> This is where the hard part is, how to come up with a simple to describe, and
> simple to code algorithm which would fill up the available bandwidth, and be
> easily subdividable.
> 
> By subdividable, I mean, if we pass 5% of the join bandwidth to proxy A, at rank
> 3, that it would be able to easily pass some percent of that bandwidth to a new
> proxy at rank 4 in a way that does not mean reconfiguring the entire mesh to
> delegate bandwidth.
> 
> Removing the subdivable property, some simple pseudo-random number
> generator,
> with the right seed would be the right idea.   A good PRNG ought to span
> the available time space evenly.  I don't have a solution, but I'm trying to write
> up the requirements more clearly.
> 
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works  -=
> IPv6 IoT consulting =-
> 
>

v2.23.0 | Report a Bug | By Email