IETF Logo Mail Archive

Re: [dnssd] Adoption call for draft-sctl-advertising-proxy

mellon@fugue.com Mon, 16 August 2021 15:17 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AD113A08CE for <dnssd@ietfa.amsl.com>; Mon, 16 Aug 2021 08:17:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CzMcrIhw7cI5 for <dnssd@ietfa.amsl.com>; Mon, 16 Aug 2021 08:17:29 -0700 (PDT)
Received: from mail-oi1-x22e.google.com (mail-oi1-x22e.google.com [IPv6:2607:f8b0:4864:20::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 218FA3A096F for <dnssd@ietf.org>; Mon, 16 Aug 2021 08:17:23 -0700 (PDT)
Received: by mail-oi1-x22e.google.com with SMTP id t35so27148920oiw.9 for <dnssd@ietf.org>; Mon, 16 Aug 2021 08:17:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=yLXXIUEn9WwryHOnOKAUsvDsou7Bo5VABjtomhboc6I=; b=GIDCKiUud8ijC15Nm7tkPVM3suFPFJo/tTqWq15dEVQs3y35mjNALzoVHDQhDYMGat E/8TgngYo8lLvzhDU/KB+IqPenpf3t/MdzTw4mjnNtCOAUeOqP7cMhDqhUELXybGNi1j +/aGcA4r+OqhkA8s8Qbru9x7tQyOHnesqnoSUsKCemjOWQRALd7gJ+KhaKpuLBlP+uOK cqoWILKBOAseSu6K5vjKhLm1t/sxoy71ICHlS7mP01Idamu5OHMkxyi4xVJFjfu03XM6 MNkvPNKlbhPko/Sx0HZGlr40uNmzfdstCOMcF9LNn8V+d+UF3h2e1J7l5MZLK9594sTf JH5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=yLXXIUEn9WwryHOnOKAUsvDsou7Bo5VABjtomhboc6I=; b=Rudz8peadhPkMX+VUKZKU4ihzaMyxwOclXqE3yAshCe2LoljsVqW8+ApMyCMsxN1ds UcuX40Lp/NFV/DTypZTqz9cpKiQekdv493iwOZEgTvpqUSHYCfG4pcx/jSzKANC6+PSC 5QEwW/DlrM6GLXaT0vT7CbMSJ8n9HGqZRGAUSFhpGFFmkYE4dpneu580ZY9hbjDgMz6z R/sJcYgl4ru9iEKeNw/82BBnHfjY9OPzBb1NxRkKXl/85AJHJ8NLAl3hlnaTb8kNhO2x wb0S0mlC3V9e/cJidD1JDGpZbUCNCixRSlD8Qtv2/636Q8PfENQng6pYTLOy0r9BbhSP IzWQ==
X-Gm-Message-State: AOAM532vqMuNg1c+dEE1HJ65Kpe8l6glhyJw5KuxZWJ2fZfJgxR4CRC3 tAJV/ily3VXKamahxJ+C6o0P90pATPmwnZd1hBAMuQ==
X-Google-Smtp-Source: ABdhPJxHi1r4Zv3CTRCdFbbU8iA6W/8Jlj6eQ9XRBku8RuKIbQdTguMtwGE5WcLOlfrmapbe+YWz9KzuvPNXZuHJrKw=
X-Received: by 2002:aca:2b05:: with SMTP id i5mr12149119oik.55.1629127041018; Mon, 16 Aug 2021 08:17:21 -0700 (PDT)
Received: from 115155811104 named unknown by gmailapi.google.com with HTTPREST; Mon, 16 Aug 2021 08:17:20 -0700
From: mellon@fugue.com
In-Reply-To: <CADPZrgS8i9iZ-UMAStNruqQbjC6d_yqteCt5ofsbhj6EWmZ-nA@mail.gmail.com>
References: <CADPZrgS8i9iZ-UMAStNruqQbjC6d_yqteCt5ofsbhj6EWmZ-nA@mail.gmail.com>
MIME-Version: 1.0
Date: Mon, 16 Aug 2021 08:17:20 -0700
Message-ID: <CAPt1N1=DVAj9fzV6hoUf0ehG5ixY2TWdbsU2NuFZReV9Yqx-mg@mail.gmail.com>
To: Simon Lin <simonlin@google.com>
Cc: Jonathan Hui <jonhui@google.com>, dnssd@ietf.org
Content-Type: multipart/alternative; boundary="00000000000092ff0e05c9aeb2e3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/TOZbe-qv76En43v6uGQfl2oltY4>
Subject: Re: [dnssd] Adoption call for draft-sctl-advertising-proxy
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Aug 2021 15:17:44 -0000

It generally only happens when the thread omr prefix changes. So in
production network it should be rare. But the thread network can fluctuate
a bit on startup as the mesh settles, and this can result in changes to the
omr prefix. So although this shouldn’t happen much, the time when is is
most likely is right after a power outage or right when the devices are
first installed.

-- 
mellon@fugue.com

On August 16, 2021 at 03:40:32, Simon Lin (simonlin@google.com) wrote:

> On the other hand we see conflicts all the time with SRP because of the
> two-SRP-server mDNS conflict detection algorithm, so it's pretty clear that
> SRP + mDNS conflict detection is a recipe for creating conflicts.
>
>
> Could you explain why there are so many conflicts because of
> two-SRP-server mDNS conflict detection algorithm?
>
> Are the SRP servers using SRP Anycast TLV or Unicast TLV?
>
> I would expect name conflicts to happen more often if SRP servers are
> using Anycast TLVs because a SRP client can change SRP server for each
> registration or renewing.
>
> When SRP servers are using Unicast TLV, a SRP client should stick to
> the same SRP server for registration and renewing, even after the SRP
> client is rebooted.
> A SRP client may change SRP server when there are multiple request
> failures, but I would expect it to be less often.
> So, I would not expect many name conflicts for SRP servers using Unicast
> TLVs.
>
> On Sat, Aug 14, 2021 at 6:40 AM Ted Lemon <mellon@fugue.com> wrote:
>
>
>
> On August 13, 2021 at 6:24:51 PM, Jonathan Hui (jonhui@google.com) wrote:
>
>
> Another thing to be aware of is that because of the way mDNS works, if you
> are using mDNS for discovery, a name conflict when names aren't being
> defended will sit around in the cache for a few minutes. If names are
> defended, this doesn't happen; one alternative is to just defend names and
> count on SRP to deal with conflicts, but the downside of this is that now
> there is a delay before the new information appears.
>
> This delay could potentially be minimized by retrying to register as soon
> as the SRP replication update has been acknowledged by all SRP replication
> peers—right now my code (when name defense is enabled) just waits two
> minutes before re-attempting, which is a lot longer than should be
> necessary.
>
>
> Sounds like a good idea to explore. My initial concern is that waiting for
> positive confirmation from all peers can lead to other failure modes
> resulting from poor implementation or connectivity. At the same time, those
> same assumptions are what would lead us back to needing other mitigations.
>
> The problem with anything that's ad-hoc and not integrated into the
> infrastructure is that there's no model that guarantees success. It's
> always going to be best effort. The goal has to be to make "best" as good
> as possible, but have a backup strategy for when it's not quite good
> enough.
>
>
> _______________________________________________
> dnssd mailing list
> dnssd@ietf.org
> https://www.ietf.org/mailman/listinfo/dnssd
>
>

v2.23.0 | Report a Bug | By Email