IETF Logo Mail Archive

Re: [DNSOP] Cache utilization review and suggestion for EDNS client-subnet

Mukund Sivaraman <muks@isc.org> Thu, 04 February 2016 14:43 UTC

Return-Path: <muks@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98AB51B3087 for <dnsop@ietfa.amsl.com>; Thu, 4 Feb 2016 06:43:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level:
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uFFAiI_NSL4l for <dnsop@ietfa.amsl.com>; Thu, 4 Feb 2016 06:43:50 -0800 (PST)
Received: from mail.banu.com (mail.banu.com [IPv6:2a01:4f8:140:644b::225]) by ietfa.amsl.com (Postfix) with ESMTP id 2FA421B2CDC for <dnsop@ietf.org>; Thu, 4 Feb 2016 06:43:50 -0800 (PST)
Received: from jurassic.l0.malgudi.org (unknown [115.118.209.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.banu.com (Postfix) with ESMTPSA id 867A22FA028A; Thu, 4 Feb 2016 14:43:46 +0000 (GMT)
Date: Thu, 04 Feb 2016 20:13:39 +0530
From: Mukund Sivaraman <muks@isc.org>
To: Yuri Schaeffer <yuri@nlnetlabs.nl>
Message-ID: <20160204144339.GA32208@jurassic.l0.malgudi.org>
References: <20151228022914.GA11204@jurassic.l0.malgudi.org> <56B32D33.5020203@nlnetlabs.nl> <20160204111710.GA8514@jurassic.l0.malgudi.org> <56B33CC0.8070102@nlnetlabs.nl> <20160204124621.GA28915@jurassic.l0.malgudi.org> <56B35738.2050600@nlnetlabs.nl>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="wac7ysb48OaltWcw"
Content-Disposition: inline
In-Reply-To: <56B35738.2050600@nlnetlabs.nl>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/KhhPi1-JIlgTSu94CvqkKO7CFm4>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Cache utilization review and suggestion for EDNS client-subnet
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2016 14:43:52 -0000

Hi Yuri

On Thu, Feb 04, 2016 at 02:50:48PM +0100, Yuri Schaeffer wrote:
> > I don't follow. Are you saying you are saving the SOURCE
> > PREFIX-LENGTH from the original query (responsible for the cache
> > entry) alongside the cache entry?
> 
> Yes.
> 
> > If so, I don't follow why this is required. Can you explain?
> 
> Certainly!
> 
> Suppose I query for 128.0.0.0/4 and get the response is 128.0.0.0/4/8.
> And suppose I would cache it like:
> 
> A)	128.0.0.0/?/8
> 
> That is, discard the SOURCE PREFIX-LENGTH.
> 
> Maybe I also ask for 129.0.0.0/8 for which the authority replies with
> the same SCOPE. My cache now contains:
> 
> A)	128.0.0.0/?/8
> B)	129.0.0.0/?/8
> 
> Suppose again I want to have an answer for 128.0.0.0/4. Which cache
> entry would be correct - if any? Do I need to requery the authority?
> Do I need to consider the bits from the client address that where
> masked? Or would I pretend the mask bits are 0? I can't decide, but I
> sure like to use my cache rather than asking the authority!
> 
> If I had saved this in my cache:
> 
> A)	128.0.0.0/4/8
> B)	129.0.0.0/8/8
> 
> The answer should be obvious: "A". The server wants to receive 8 bits
> information but this is the answer I would have got when I would
> provide just 4.

Is this example for considering that a 128.0.0.0/4/8 answer is different
from a 128.0.0.0/4/4 answer when both are available answers to be
returned by an auth for a 128.0.0.0/4/0 query? Other than that, I don't
see what saving SOURCE PREFIX-LENGTH seperately alongside
<address,address-prefix-length> would provide. If both answers were
treated identically, it can be cached at 128.0.0.0/4.

If any one of these two different answers is found in cache, from the
description above, you'd use it and not fetch from authority (where you
might get the other answer for a 128.0.0.0/4 query). I.e., this is no
different from caching at /SOURCE when SCOPE > SOURCE.

A 128.0.0.0/4/0 query will only have the first 4 ADDRESS bits set.  So
if we consider that a SCOPE > SOURCE answer is an answer to the question
at all, the answer is only valid for those first 4 ADDRESS bits, i.e.,
SOURCE PREFIX-LENGTH bits. There are no more defined bits in
ADDRESS. The answer's ADDRESS field has to equal the query's ADDRESS
field.

It seems the scheme you are describing to save the SOURCE PREFIX-LENGTH
is used in distinguishing between /SOURCE/SOURCE and /SOURCE/(>SOURCE)
answers. It was in reply to this comment:

> The draft doesn't state that the answer is for the SOURCE
> PREFIX-LENGTH when SCOPE > SOURCE. At all other times, the answer is
> meant to be cached at the SCOPE PREFIX-LENGTH.

You are describing what you're doing in implementation. I hope you
understand my concern that none of the above is specified.

		Mukund

v2.23.0 | Report a Bug | By Email