[babel] Babel and undefined behaviour [was: babel Digest, Vol 17, Issue 4]
Juliusz Chroboczek <jch@irif.fr> Thu, 05 January 2017 15:27 UTC
Return-Path: <jch@irif.fr>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 846A1129B62 for <babel@ietfa.amsl.com>; Thu, 5 Jan 2017 07:27:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3vVTTatGMI6F for <babel@ietfa.amsl.com>; Thu, 5 Jan 2017 07:27:05 -0800 (PST)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E8EB129459 for <babel@ietf.org>; Thu, 5 Jan 2017 07:27:05 -0800 (PST)
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/56228) with ESMTP id v05FR3cp008837; Thu, 5 Jan 2017 16:27:03 +0100
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 4BF5FD79EF; Thu, 5 Jan 2017 16:27:03 +0100 (CET)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id moeCHwGYILrm; Thu, 5 Jan 2017 16:27:02 +0100 (CET)
Received: from trurl.irif.fr (dra38-1-82-225-44-56.fbx.proxad.net [82.225.44.56]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 4725CD79B5; Thu, 5 Jan 2017 16:26:59 +0100 (CET)
Date: Thu, 05 Jan 2017 16:26:59 +0100
Message-ID: <87y3ypr0ho.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: Tony Przygienda <tonysietf@gmail.com>
In-Reply-To: <CA+wi2hMe05L9GkpU-3r-t+weg8cyC7nG4Wu41pNcmNx721RG5A@mail.gmail.com>
References: <mailman.102.1483560014.29717.babel@ietf.org> <CA+wi2hMe05L9GkpU-3r-t+weg8cyC7nG4Wu41pNcmNx721RG5A@mail.gmail.com>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [194.254.61.138]); Thu, 05 Jan 2017 16:27:03 +0100 (CET)
X-Miltered: at korolev with ID 586E65C7.002 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 586E65C7.002 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 586E65C7.002 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/a9Y0QbU9eTAhW3XaCLJM5LHuLBo>
Cc: Babel at IETF <babel@ietf.org>
Subject: [babel] Babel and undefined behaviour [was: babel Digest, Vol 17, Issue 4]
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2017 15:27:07 -0000
Hi Tony, good to hear from you.
> FSM cannot "overspecify" a protocol unless you are perfectly happy with
> "undefined" behavior on certain transitions.
Yes, Babel is tolerant of undefined behaviour in many cases. Please bear
with me while I lecture a little.
Traditional link-state protocols are based on an algorithm that is extremely
refined: their correctness crucially depends on three non-trivial properties:
1. the LSDBs are synchronised at all times;
2. Dijkstra converges;
3. the concatenation of each node's truncated tree yields a forest.
These properties are not built into the algorithm, they must be guaranteed
by the protocol. (1) is why OSPF and IS-IS use a reliable transport and
split large routing domains into areas; (2) and (3) are why link-state
protocols are restricted to integer metrics and lowest-metric route
selection without filtering (within areas).
Babel is more similar to BGP: it uses a primitive and therefore robust
algorithm, that can survive filtering, non-isotonic metrics, unreliable
transports, and different neighbour acquisition algorithms. The only
requirements Babel puts on the implementation are:
1. In the flat routing case, Babel is safe (yields a loop-free tree) as
long as:
(a) no message is received before it is sent; and
(b) the feasibility condition is respected.
2. Babel is complete (eventually yields all possible routes) as long as:
(a) every neighbour is eventually acquired;
(b) every update is eventually received;
(c) every request eventually reaches the source.
Because the algorithm is so robust, there are fewer requirements on the
protocol. For example, property 2.a above can be satisfied by acquiring
a neighbour as soon as we receive a packet, as soon as we receive a Hello,
as soon as we receive an IHU, or at any other time as soon as this happens
often enough.
(Aside: note that filtering is a structured way of violating property 2b.
That's fine, Babel remains safe in the presence of filtering, although it
is no longer complete.)
(Aside: as we've discussed before, Tony, property 1.a does not assume
a global clock -- it merely says that the happens-before relation is
well-founded.)
> Descriptive language is nothing but ad-hoc extended FSM description along the
> lines "if THAT happens, do THIS" ..
There are a few places in Babel where the protocol says "it doesn't matter
when you do this, as long as it eventually happens". I don't know how to
express that in an FSM, even a non-deterministic one.
> In OSPF, it was largely a question of "style" given John is
> a mathematician by trade
The notion of "often enough" is well established in Maths, although it's
usually called "infinitely often". Of course, since Babel uses expiry
timers, "often enough" really means "before the timer expires and flushes
your incomplete state".
-- Juliusz
- Re: [babel] babel Digest, Vol 17, Issue 4 Tony Przygienda
- [babel] Babel and undefined behaviour [was: babel… Juliusz Chroboczek