Re: [6tisch] tagging join traffic wih DSCP: why inside IP header?
"Pascal Thubert (pthubert)" <pthubert@cisco.com> Fri, 17 November 2017 01:39 UTC
Return-Path: <pthubert@cisco.com>
X-Original-To: 6tisch@ietfa.amsl.com
Delivered-To: 6tisch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41B0312714F for <6tisch@ietfa.amsl.com>; Thu, 16 Nov 2017 17:39:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.519
X-Spam-Level:
X-Spam-Status: No, score=-14.519 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i6hXx90zkkdu for <6tisch@ietfa.amsl.com>; Thu, 16 Nov 2017 17:39:52 -0800 (PST)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEF041270AB for <6tisch@ietf.org>; Thu, 16 Nov 2017 17:39:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6565; q=dns/txt; s=iport; t=1510882792; x=1512092392; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=sqj4owcdF4BIGZzr9eNbjOnCpCPqo5YNBcos8/6Zl+w=; b=cS53FxzSY5uxdJIAldWXT/M8b6M3Yu/HrOqMW9WwkMoogeGw25WtJ2vq fhGq4LHM7hBWlyMLDAupBvks2SrrO/Fi1BM6X/2Q9DhlWQUoiqSk3ZkvZ YnGKNdwNhTEW8g/XzTfq9IiTE59ciZ5dVo36K/tVSUDSAC2zSsaQBsQKo A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DZAQCNPA5a/4kNJK1cGQEBAQEBAQEBAQEBAQcBAQEBAYM2gVIng3+ZRYFXkTyFSYIRCoIBgzoCGoRFQBcBAQEBAQEBAQFrKIUfBiNWEAIBCAQ7AwICAjAUEQIEDgWJQGSpLoIniwIBAQEBAQEBAQEBAQEBAQEBAQEBAQEdgzSCB4FVgWkpC4J3iC0xgjIFmSCJGwKVCJNIlgMCERkBgTgBIQE2gXR6FXYBgjaCWR+BZ3eMBgEBAQ
X-IronPort-AV: E=Sophos;i="5.44,406,1505779200"; d="scan'208,217";a="311235796"
Received: from alln-core-4.cisco.com ([173.36.13.137]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 17 Nov 2017 01:39:51 +0000
Received: from XCH-ALN-004.cisco.com (xch-aln-004.cisco.com [173.36.7.14]) by alln-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id vAH1dpfS007982 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 17 Nov 2017 01:39:51 GMT
Received: from xch-rcd-001.cisco.com (173.37.102.11) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 16 Nov 2017 19:39:51 -0600
Received: from xch-rcd-001.cisco.com ([173.37.102.11]) by XCH-RCD-001.cisco.com ([173.37.102.11]) with mapi id 15.00.1320.000; Thu, 16 Nov 2017 19:39:50 -0600
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
CC: Thomas Watteyne <thomas.watteyne@inria.fr>, "6tisch@ietf.org" <6tisch@ietf.org>
Thread-Topic: [6tisch] tagging join traffic wih DSCP: why inside IP header?
Thread-Index: AQHTXX7XkXA3VPJ770+1uJQzOJ8GOaMUpmAwgAKrEVGAAH18NA==
Date: Fri, 17 Nov 2017 01:39:50 +0000
Message-ID: <4673E5F7-CFF7-4283-8C59-14498F6FCC5D@cisco.com>
References: <CADJ9OA_cKxWZLvfpNXhjNgL1HurfdK-Oqj1M-wU9pK5t+1kU4g@mail.gmail.com> <20396.1510678103@obiwan.sandelman.ca> <32033.1510687749@obiwan.sandelman.ca> <92bca0456cb746c995733131edad10a2@XCH-RCD-001.cisco.com> <CADJ9OA_b2fHUg=3utnCv8iTMZcwL-n3J_H2N6uU=v8SjenjmFA@mail.gmail.com>, <12598.1510855839@obiwan.sandelman.ca>
In-Reply-To: <12598.1510855839@obiwan.sandelman.ca>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: multipart/alternative; boundary="_000_4673E5F7CFF742838C5914498F6FCC5Dciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/6tisch/bB4C-FIHULFAW8-IRbPVV_9h0eY>
Subject: Re: [6tisch] tagging join traffic wih DSCP: why inside IP header?
X-BeenThere: 6tisch@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tisch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch>, <mailto:6tisch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6tisch/>
List-Post: <mailto:6tisch@ietf.org>
List-Help: <mailto:6tisch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch>, <mailto:6tisch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Nov 2017 01:39:56 -0000
Looks like a great idea Michael. In an ideal world the Root would become a filtering Join Relay (think DHCP relay here). This way we save complexity (no need for the JR to know who the JRV is), state in the network(no compression context needed), and bytes in the packet if IP in IP is used (with 6LoRH IP in IP the root is implicit, and we may define an implicit context for it in IPHC). Like in RFC 3048, this also means extra information for the relayed packets, so the JR can point on its local state of the pledge on the way back (if the root is JR it needs the addresses of the JP or a locally significant pointer to it). Are there security implications that do not foresee, like which of the JP and JR has an SA with the JRC vs end to end protection of the join response? Pascal Le 17 nov. 2017 à 02:10, Michael Richardson <mcr+ietf@sandelman.ca<mailto:mcr+ietf@sandelman.ca>> a écrit : Thomas Watteyne <thomas.watteyne@inria.fr<mailto:thomas.watteyne@inria.fr>> wrote: If there is no IPIP, then everything is easy. But, AFAICT, we want the JRC to be able to live on the Internet, i.e. not per se co-located with the DAGroot. In that case, the Join Request looks like any data packet sent by the JP to an IPv6 address outside the mesh, which triggers IPIP because the outer IP header contains the RPI. So AFAICT, IPIP is needed unless we mandate that JRC and DAGroot are collocated. BTW: another alternative is that the DAGroot can actually run a second Join Proxy pointing at the JRC, or being much more resourceful node, even a stateful proxy. -- Michael Richardson <mcr+IETF@sandelman.ca<mailto:mcr+IETF@sandelman.ca>>, Sandelman Software Works -= IPv6 IoT consulting =-
- [6tisch] tagging join traffic wih DSCP: why insid… Thomas Watteyne
- Re: [6tisch] tagging join traffic wih DSCP: why i… Pascal Thubert (pthubert)
- Re: [6tisch] tagging join traffic wih DSCP: why i… Michael Richardson
- Re: [6tisch] tagging join traffic wih DSCP: why i… Michael Richardson
- Re: [6tisch] tagging join traffic wih DSCP: why i… Pascal Thubert (pthubert)
- Re: [6tisch] tagging join traffic wih DSCP: why i… Thomas Watteyne
- Re: [6tisch] tagging join traffic wih DSCP: why i… Pascal Thubert (pthubert)
- Re: [6tisch] tagging join traffic wih DSCP: why i… Thomas Watteyne
- Re: [6tisch] tagging join traffic wih DSCP: why i… Michael Richardson
- Re: [6tisch] tagging join traffic wih DSCP: why i… Pascal Thubert (pthubert)
- Re: [6tisch] tagging join traffic wih DSCP: why i… Michael Richardson
- Re: [6tisch] tagging join traffic wih DSCP: why i… Michael Richardson
- Re: [6tisch] tagging join traffic wih DSCP: why i… Pascal Thubert (pthubert)
- Re: [6tisch] tagging join traffic wih DSCP: why i… Michael Richardson
- Re: [6tisch] tagging join traffic wih DSCP: why i… Michael Richardson
- Re: [6tisch] tagging join traffic wih DSCP: why i… Pascal Thubert (pthubert)