Re: [dna] AD review of draft-ietf-dna-simple
Jari Arkko <jari.arkko@piuha.net> Thu, 09 July 2009 18:04 UTC
Return-Path: <jari.arkko@piuha.net>
X-Original-To: dna@core3.amsl.com
Delivered-To: dna@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F118628C178 for <dna@core3.amsl.com>; Thu, 9 Jul 2009 11:04:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.446
X-Spam-Level:
X-Spam-Status: No, score=-2.446 tagged_above=-999 required=5 tests=[AWL=0.153, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dDJHzZ-2vfyH for <dna@core3.amsl.com>; Thu, 9 Jul 2009 11:04:45 -0700 (PDT)
Received: from smtp.piuha.net (p130.piuha.net [IPv6:2001:14b8:400::130]) by core3.amsl.com (Postfix) with ESMTP id 0D0D728C23B for <dna@ietf.org>; Thu, 9 Jul 2009 11:04:34 -0700 (PDT)
Received: from smtp.piuha.net (localhost [127.0.0.1]) by smtp.piuha.net (Postfix) with ESMTP id 020A219872A; Thu, 9 Jul 2009 21:05:00 +0300 (EEST)
Received: from [IPv6:::1] (unknown [IPv6:2001:14b8:400::130]) by smtp.piuha.net (Postfix) with ESMTP id 468981986EE; Thu, 9 Jul 2009 21:05:00 +0300 (EEST)
Message-ID: <4A56314B.5090509@piuha.net>
Date: Thu, 09 Jul 2009 21:04:59 +0300
From: Jari Arkko <jari.arkko@piuha.net>
User-Agent: Thunderbird 2.0.0.22 (X11/20090608)
MIME-Version: 1.0
To: Bernard Aboba <bernard_aboba@hotmail.com>
References: <4A55E27D.80200@piuha.net> <BLU137-W109A872CE0057E72AD0EF93260@phx.gbl>
In-Reply-To: <BLU137-W109A872CE0057E72AD0EF93260@phx.gbl>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV using ClamSMTP
Cc: dna@ietf.org, draft-ietf-dna-simple@tools.ietf.org
Subject: Re: [dna] AD review of draft-ietf-dna-simple
X-BeenThere: dna@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNA working group mailing list <dna.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dna>, <mailto:dna-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dna>
List-Post: <mailto:dna@ietf.org>
List-Help: <mailto:dna-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dna>, <mailto:dna-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jul 2009 18:04:47 -0000
Bernard, Thanks for your response. I think I understand the logic better now. Suresh, can we change the draft as suggested by Bernard? Jari Bernard Aboba wrote: > > > The probing node SHOULD include a Source link-layer address option in > > > the probe messages. If the node believes that the source address of > > > the NS may not be unique on the newly attached link, it MAY omit the > > > Source link-layer address option in the probe messages. > > > > I would like to understand this better. How does a general purpose > > operating system implementation deal with the above? How does it know > > that "the source address of the NS may not be unique"? > > The goal of DNA is not only to detect network attachment, but also to > seed the ND cache so as to immediately enable incoming and outgoing > communications. By including the SLLA in unicast probe messages, the > node can seed the ND cache of the router tgo enable communications > in the opposite direction. > > > AFAICT, if you omit the SLLA and no link change happened, then most > > likely the router will remember your NC anyway, and be able to respond. > > Only if the ND cache entry had not expired. Remember, the biggest win > for DNA is when moving between links. > > > However, if it does not remember you, a new NS/NA would be required, > but > > DNA would still succeed, albeit a bit slower. > > > However, if the host did move to a new link, then including the SLLA > > might cause disruption for another host that already holds the same > > address but uses a different link layer address. > > The probes are sent to a unicast IP and MAC address. Therefore they > can only be received if the node moves to a link on which the node has > a valid IP address. > > > Why is the recommendation written as it is above? Is the assumption > that > > colliding addresses are so rare that the optimization makes sense? On > > the other hand, it would appear that even without the SLLA DNA would > > still work in most cases. > > There are situations in which a node is unlikely to encounter > collisions, and therefore DAD is not required. One is where the IP > address > was allocated via DHCP, and the lease has not yet expired. If the DHCP > server is properly implemented, it will not hand out the same address to > more than one host. DNAv4 makes this assumption. > > During development of the draft, there was discussion as to whether there > were other situations in which this assumption could be made as well. > For example, in situations where an IPv6 address is not manually or > randomly assigned, but is based on a MAC address, would it be > reasonable to include the SLLA (and also not to do DAD). As I > recall, the decision was made *not* to override any of the existing > recommendations on DAD. For consistency's sake then, the SLLA > should not be included in those same cases. > > > In any case, I don't think we can require general purpose > > implementations to assess the likelihood of collisions. > > Sure -- but the document should be written so as to clearly spell > out the situations under which the SLLA is included. Those are the > same circumstances in which the document should enable DAD to > be avoided. However, currently the document is not consistent in > this regard. > > > Perhaps it would be easier to require that by default, no SLLA is > included > > and that only through specific configuration option the SLLA use > can be turned on and > > DNA made to operate faster/more reliably. > > If the SLLA is only included in situations where DAD can be avoided, then > I don't think this is an issue. That's how DNAv4 works. > > > > For the purpose of sending neighbor solicitations to previous > > > routers, the host first needs to pick a subset of operable IPv6 > > > addresses (candidate set) that it wishes to use. How this subset of > > > addresses is picked is based on host configuration. e.g. The host > > > may select configured addresses from each of zero, one or two > > > previously connected links. > > > > Please specify a default strategy. E.g., "How this subset of addresses > > is picked is based on host configuration. By default the host should > > select configured addresses from two previously connected links." > > DNAv4 enables the host to send probes to all routers representing links > with valid IP addresses. There is no language about subsets. This hasn't > been an issue in practice, since a host will typically not have a > large number > of valid IP addresses. So I'd prefer that this language be removed > entirely. > > > > Where flooding may cause performance issues within the LAN, host > > > SHOULD limit the number of unicast solicitations. > > This is a red herring that should have been removed from the document long > ago. The initial deployment of DNAv4 uncovered some AP implementations > that were non-compliant with IEEE 802.1D, but those issues have long since > been fixed. There is no known "flooding" issue at this time. > > > Again, the guidance for general purpose implementations in inadequate. > > Please specify a default strategy. I believe limiting the number of > > unicast solicitations to some small number (4?) by default is adequate > > (there are a number of messages on a new link even on DNAv4 and > regular ND). > > > > > The probing node SHOULD NOT include a Source link-layer address > > > option if it has not performed duplicate address detection [RFC4862], > > > for the source address of the NS, on the newly attached link. > > > > Performed DAD, when? Presumably it has been performed when the address > > first configured, no? And since DNA is the first thing that runs > after a > > link change, DAD has not been run at this point either. So what does > > your recommendation really mean here? Never include SLLA? > > It means that you only include SLLA in situations in which DAD can be > avoided (such as where DHCPv6 is in use). > > > In any case, at this point we do not yet *know* if we are on a newly > > attached link or not. Therefore, we do not know if we've run DAD in the > > past on this link. > > The probe is constructed to test whether the node is on the link or not. > If the address was assigned by DHCPv6 on the link, then the probe can > omit the SLLA and if the probe succeeds, then DAD is not required. > > > > > Please clarify. > > > > > Hosts checking their network attachment are unsure of their address > > > status, and may be using Tentative link-layer addressing information > > > in their router or neighbour solicitations. > > > > > > A router which desires to support hosts' DNA operations MUST process > > > Tentative Options from unicast source addressed Router and Neighbour > > > Solicitations, as described in [I-D.ietf-dna-tentative]. > > > > This is the first time dna-tentative is referenced in this document. I > > wonder if there's really a need to have a normative reference, or even > > mention this. > > I don't think so, since the WG decided to not modify DAD procedures > except for the DHCPv6 case. > > > > > > 7. Constants > > > > > > > > > These constants are described as in [I-D.ietf-dna-protocol]. > > > > > > UNICAST_RA_INTERVAL > > > > > > Definition: The interval corresponding to the maximum average > > > rate of Router Solicitations that the router is prepared to > > > service with unicast responses. This is the interval at which > > > the token bucket controlling the unicast responses is > > > replenished. > > > > > > Value: 50 milliseconds > > > > > > MAX_UNICAST_RA_BURST > > > > > > Definition: The maximum size burst of Router Solicitations that > > > the router is prepared to service with unicast responses. This > > > is the maximum number of tokens allowed in the token bucket > > > controlling the unicast responses. > > > > > > Value: 20 > > > > > > > None of these appear to have anything to do with the Simple DNA > > procedure. Please remove. The only item that I can see be of relevance > > in this section is SEND_NA_GRACE_TIME. > > I agree. Not sure why this material remains in the document. > > > > When providing fast responses to router solicitations, it is possible > > > to cause collisions with other signaling packets on contention based > > > media. This can cause repeated packet loss or delay when multiple > > > routers are present on the link. > > > > > > As such the fast router advertisement system is NOT RECOMMENDED in > > > this form for media which are susceptible to collision loss. Such > > > environments may be better served using the procedures defined in > > > [I-D.ietf-dna-protocol]. > > > > This does not appear to have anything to do with Simple DNA either > > (router-side fast responses are not a subject of this specification). > > Delete? > > Yup. > > > > The host MAY delay SEND_NA_GRACE_TIME after transmission before > > > adopting a new default router, if it is operating on a network where > > > there is significant threat of RA spoofing. > > > > I would simply say that this delay MAY be imposed when the host's > > current default router is a SEND-secured one. This prevents the > > downgrade from SEND to non-SEND, but does not require any > configuration, > > and it doesn't slow things down when you were already using a non-SEND > > router. > > > > > It is easy for hosts soliciting without SEND to deplete a SEND > > > router's fast advertisement token buckets, and consume additional > > > bandwidth. As such, a router MAY choose to preserve a portion of > > > their token bucket to serve solicitations with SEND signatures. > > > > Again, this has very little to do with this specification. Move this to > > the fast RA spec instead. > > > > Editorial: > > > > Move draft-ietf-dna-protocol to informative references. > > Right. >
- [dna] AD review of draft-ietf-dna-simple Jari Arkko
- Re: [dna] AD review of draft-ietf-dna-simple Bernard Aboba
- Re: [dna] AD review of draft-ietf-dna-simple Jari Arkko
- Re: [dna] AD review of draft-ietf-dna-simple Suresh Krishnan
- Re: [dna] AD review of draft-ietf-dna-simple Bernard Aboba
- Re: [dna] AD review of draft-ietf-dna-simple Suresh Krishnan
- Re: [dna] AD review of draft-ietf-dna-simple Bernard Aboba
- Re: [dna] AD review of draft-ietf-dna-simple Bernard Aboba
- Re: [dna] AD review of draft-ietf-dna-simple Greg Daley
- Re: [dna] AD review of draft-ietf-dna-simple Jari Arkko
- Re: [dna] AD review of draft-ietf-dna-simple Jari Arkko
- Re: [dna] AD review of draft-ietf-dna-simple Jari Arkko
- Re: [dna] AD review of draft-ietf-dna-simple Bernard Aboba
- Re: [dna] AD review of draft-ietf-dna-simple Bernard Aboba
- Re: [dna] AD review of draft-ietf-dna-simple Suresh Krishnan