Re: [dnssd] WGLC on draft-ietf-dnssd-hybrid-03
"Ray Hunter (v6ops)" <v6ops@globis.net> Fri, 25 March 2016 14:54 UTC
Return-Path: <v6ops@globis.net>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E38712DAFB for <dnssd@ietfa.amsl.com>; Fri, 25 Mar 2016 07:54:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OrB0AIw5pArN for <dnssd@ietfa.amsl.com>; Fri, 25 Mar 2016 07:54:04 -0700 (PDT)
Received: from globis01.globis.net (mail.globis.net [IPv6:2001:470:1f15:62e::2]) by ietfa.amsl.com (Postfix) with ESMTP id 29E8A12DAFA for <dnssd@ietf.org>; Fri, 25 Mar 2016 07:54:04 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by globis01.globis.net (Postfix) with ESMTP id E9B4840340; Fri, 25 Mar 2016 15:54:01 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at globis01.globis.net
Received: from globis01.globis.net ([127.0.0.1]) by localhost (mail.globis.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5cNcHYescX2s; Fri, 25 Mar 2016 15:53:59 +0100 (CET)
Received: from Rays-MacBook-Pro.local (178-84-244-32.dynamic.upc.nl [178.84.244.32]) (Authenticated sender: v6ops@globis.net) by globis01.globis.net (Postfix) with ESMTPA id CABD1402CE; Fri, 25 Mar 2016 15:53:58 +0100 (CET)
Message-ID: <56F55105.4050809@globis.net>
Date: Fri, 25 Mar 2016 15:53:57 +0100
From: "Ray Hunter (v6ops)" <v6ops@globis.net>
User-Agent: Postbox 4.0.8 (Macintosh/20151105)
MIME-Version: 1.0
To: draft-ietf-dnssd-hybrid@tools.ietf.org
Content-Type: multipart/alternative; boundary="------------030705000807030408090702"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnssd/gecGOKuBnF_zvH7eq4JVYv-qnn8>
Cc: dnssd@ietf.org
Subject: Re: [dnssd] WGLC on draft-ietf-dnssd-hybrid-03
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion of extensions to Bonjour \(mDNS and DNS-SD\) for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Mar 2016 14:54:06 -0000
I have read this draft. I find the work interesting, although I'm not yet convinced of the chosen compromises with respect to use of this draft in Homenet. Specifically: 1. I'm concerned that there's a hard coded tie between a "zone" and a "link" which might lead to a lot of noise. Zone enumeration appears to be performed by retransmission of queries to the relevant proxy on the remote link. If a specialised end node that is a member of particular zone e.g. "A3 printers" moves to another building, there's no mechanism to say that the associated enumeration zone should also move with the device. In other words, the default is that all queries for all zones are probably going to have to be forwarded to ALL links in the (common) namespace. That could lead to a lot of unnecessary noise on an enterprise scale network, and which could also be killing for Homenet devices that are trying to be energy efficient. If I look back at the source of inspiration of zeroconf networking, Appletalk II, there was a ZIP (Zone Information Protocol) to enable a logical clustering of services, that was independent of network numbers and links. 2. I'm concerned at the potential for protocol storms. AFAICS There's no dedicated field in the protocol that tracks the ultimate source and destination of forwarded queries and replies. If a device is placed somewhere in the network that does not adequately understand how the hybrid mechanism works, and either queries or replies are inappropriately "leaked" between hybrid proxies, this could cause incorrect re-transmission of queries and responses and ultimately a packet storm. I also don't see how if two hybrid proxies are present and active on a link, they are going to be able to distinguish between original multicast requests from an end node on this link, and forwarded requests (potentially also using mulitcast) received from off-link via the other hybrid proxy. That suggess to me the hybrid proxies have to be "topology aware" which is a tall order. Unless of course I've misunderstood the forwarding mechanism. As a comparison, when DHCPv6 messages are relayed (by a DHCPv6 relay) a new explicit relay forwarding option is pushed onto the front of the message, and popped off the reply. That ensures that the forward (via RELAY-FORW) and reverse path (via RELAY-REPL) are respected at all times. 3. There doesn't seem to be any mechanism to be able to track replies with respect to queries. Multicast queries appear to result in unicast responses, and vice versa. It isn't clear from the draft if this may cause a security issue. How can the recipient of a unicast reply validate that it is a valid reply to a query sent via this proxy? So for example, could a rogue node on bldgd2 could answer on behalf of a node on bldg1? regards, -- regards, RayH <https://www.postbox-inc.com/?utm_source=email&utm_medium=siglink&utm_campaign=reach>
- [dnssd] WGLC on draft-ietf-dnssd-hybrid-03 Tim Chown
- Re: [dnssd] WGLC on draft-ietf-dnssd-hybrid-03 Ray Hunter (v6ops)
- Re: [dnssd] WGLC on draft-ietf-dnssd-hybrid-03 Tim Chown
- Re: [dnssd] WGLC on draft-ietf-dnssd-hybrid-03 Markus Stenberg
- Re: [dnssd] WGLC on draft-ietf-dnssd-hybrid-03 Ralph Droms
- Re: [dnssd] WGLC on draft-ietf-dnssd-hybrid-03 Tom Pusateri
- Re: [dnssd] WGLC on draft-ietf-dnssd-hybrid-03 Dave Thaler