Re: [Ila] [5gangip] Identifier size
<Dirk.von-Hugo@telekom.de> Thu, 01 February 2018 08:43 UTC
Return-Path: <Dirk.von-Hugo@telekom.de>
X-Original-To: ila@ietfa.amsl.com
Delivered-To: ila@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56F6213163B; Thu, 1 Feb 2018 00:43:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.329
X-Spam-Level:
X-Spam-Status: No, score=-4.329 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telekom.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SPom2p5O8Fe0; Thu, 1 Feb 2018 00:43:08 -0800 (PST)
Received: from mailout24.telekom.de (MAILOUT24.telekom.de [80.149.113.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18347131631; Thu, 1 Feb 2018 00:42:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telekom.de; i=@telekom.de; q=dns/txt; s=dtag1; t=1517474580; x=1549010580; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=f5JGPTzH54FRxZnsRiw4kUzYU0mcqqDL8af1taGCkSQ=; b=QfgpVYIH3QL/k8PE9sfPxvcNu6sajfNuS+qnOAMXivK5SMGYesV1c1tU s14JnyqXNvPbMcfHlMGoJ1WkbFGZxOSGqewMHjsqzE/tgRDsi2rV/HaoU 2Kc4Yg/NS1MOFlfOr4O09qFaZt+08v9lzNMBOL6MwRkzGlbg7vAxKF0Fn klD+GY5tknWbUv/t3+pd2qarIjBb3zvwjyRfPp8KW7Ou8Z05/Nmmcrz+u 1NY6qYa3b1WAEkqaIs8EREXbtjiG9MdBtHDxvc5M2+eNXg9l4v3gqC3sw UMCSY0hhk7q4N1vQ0qZe4e29a2ZIzcPAD+pB3tAgmVXqOMD/bWWhT+Ukg A==;
Received: from q4de8psa04t.blf.telekom.de ([10.151.13.130]) by MAILOUT21.telekom.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 01 Feb 2018 09:42:57 +0100
X-IronPort-AV: E=Sophos;i="5.46,443,1511823600"; d="scan'208";a="805393082"
Received: from he105828.emea1.cds.t-internal.com ([10.169.119.31]) by Q4DE8PSA04V.blf.telekom.de with ESMTP/TLS/AES256-SHA; 01 Feb 2018 09:42:56 +0100
Received: from HE105831.EMEA1.cds.t-internal.com (10.169.119.34) by HE105828.emea1.cds.t-internal.com (10.169.119.31) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Thu, 1 Feb 2018 09:42:56 +0100
Received: from HE105831.EMEA1.cds.t-internal.com ([fe80::68a7:ffa4:81be:3178]) by HE105831.emea1.cds.t-internal.com ([fe80::68a7:ffa4:81be:3178%26]) with mapi id 15.00.1347.000; Thu, 1 Feb 2018 09:42:55 +0100
From: Dirk.von-Hugo@telekom.de
To: farinacci@gmail.com, sarikaya@ieee.org
CC: tom@herbertland.com, ila@ietf.org, david.i.allan@ericsson.com, 5gangip@ietf.org
Thread-Topic: [5gangip] [Ila] Identifier size
Thread-Index: AQHTmr7wEO5xvmepfUWlRyClBdExt6OOa4wAgAACNoCAAA0+gIAAAWwAgAAA5ICAAL2dcA==
Date: Thu, 01 Feb 2018 08:42:55 +0000
Message-ID: <65055ccf64cb4b1a9d2cbe491a32cc7f@HE105831.emea1.cds.t-internal.com>
References: <CAC8QAcfTg_osQe4HGF8w-j_w_=2rwUv9-j=M-NhKyV7GVMxFPQ@mail.gmail.com> <CALx6S35zOpTDEP2VJB2NcoDXMQrG9KF20xFqaZhfv=vqAayrUg@mail.gmail.com> <01D3C9D2-5DF2-4372-9393-8EE03CC2657A@gmail.com> <SN6PR1501MB196608E8DCE3116A80476C44D0FB0@SN6PR1501MB1966.namprd15.prod.outlook.com> <SN6PR1501MB1966BF6D467D955C4770CEC8D0FB0@SN6PR1501MB1966.namprd15.prod.outlook.com> <7696CF50-AAA1-477A-A1B3-12DD546C8610@gmail.com> <CAC8QAcfjdaRz2nWpaByxAsWPUgUJw74jg6z-Cxndb-3W9HhqYw@mail.gmail.com> <BDA6DC42-B898-43E0-8D03-AD57431E1670@gmail.com>
In-Reply-To: <BDA6DC42-B898-43E0-8D03-AD57431E1670@gmail.com>
Accept-Language: de-DE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.117.17.18]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ila/V2V_tf-t4q8FMsvcPdF0AP0bSQY>
Subject: Re: [Ila] [5gangip] Identifier size
X-BeenThere: ila@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Identifier Locator Addressing <ila.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ila>, <mailto:ila-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ila/>
List-Post: <mailto:ila@ietf.org>
List-Help: <mailto:ila-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ila>, <mailto:ila-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Feb 2018 08:43:11 -0000
Dear Dino, one reason for addressing the UE in an end-to-end manner is also to enable multiple links via different access technologies to provide the connectivity. Such heterogeneous multi-path approach is important for 5G IMO. Best Regards Dirk -----Original Message----- From: 5gangip [mailto:5gangip-bounces@ietf.org] On Behalf Of Dino Farinacci Sent: Mittwoch, 31. Januar 2018 23:21 To: sarikaya@ieee.org Cc: Tom Herbert <tom@herbertland.com>; ila@ietf.org; David Allan I <david.i.allan@ericsson.com>; 5GANGIP <5gangip@ietf.org> Subject: Re: [5gangip] [Ila] Identifier size > On Wed, Jan 31, 2018 at 4:12 PM, Dino Farinacci <farinacci@gmail.com> wrote: > > My bad, statement below should be end-system and correspondents would need to be directly attached to TRs in order to use all 128 bits of an IPv6 address field as a crypto assigned EID. > > Right, my reference was when LISP ran on the UE. > > We are interested in LISP running on UE. Why? The question isn’t why the interest in LISP but why the overlay in the UE? Dino > > Behcet > When it ran in the network, the RLOCs would be the xTRs in the network. And the EIDs on the UE could still be loopback or one of the SLAAC addresses. It doesn’t matter which ones, even if provider-assigned, because those addresses, used as EIDs wouldn’t have to be advertised into the non-PA assigned attachment carriers. > > Dino > > > > > Cheers > > D > > > > -----Original Message----- > > From: 5gangip [mailto:5gangip-bounces@ietf.org] On Behalf Of David > > Allan I > > Sent: Wednesday, January 31, 2018 1:18 PM > > To: Dino Farinacci <farinacci@gmail.com>; Tom Herbert > > <tom@herbertland.com> > > Cc: 5GANGIP <5gangip@ietf.org>; Behcet Sarikaya <sarikaya@ieee.org>; > > ila@ietf.org > > Subject: Re: [5gangip] [Ila] Identifier size > > > > For my edification, that would only be true if the end system was directly attached to the TR. Addressing would need to conform to established norms if that was not the case. Correct? > > > > Rgds > > Dave > > > > -----Original Message----- > > From: 5gangip [mailto:5gangip-bounces@ietf.org] On Behalf Of Dino > > Farinacci > > Sent: Wednesday, January 31, 2018 10:11 AM > > To: Tom Herbert <tom@herbertland.com> > > Cc: 5GANGIP <5gangip@ietf.org>; Behcet Sarikaya <sarikaya@ieee.org>; > > ila@ietf.org > > Subject: Re: [5gangip] [Ila] Identifier size > > > > For LISP, you can assign an EID to the loopback interface, all 128-bits. And then the interface addresses that are either statically conifgured or learned by SLAAC are 128-bit RLOCs. > > > > You can assign multiple EIDs to the loopback interface, be them crypto-EIDs or not, or a combination of either. > > > > If ILA (or ILNP) useds 64-bit identifiers, those can be regsitered to the LISP mapping system and return 128-bit RLOCs. Or for that matter, return any size you want. To be used by how any data-plane wants to use the addresses. > > > > Dino > > > >> On Jan 31, 2018, at 9:12 AM, Tom Herbert <tom@herbertland.com> wrote: > >> > >> > >> > >> On Wed, Jan 31, 2018 at 8:27 AM, Behcet Sarikaya <sarikaya2012@gmail.com> wrote: > >> Hi Tom, all, > >> > >> I changed this tread to identifier size issue. > >> > >> What is the motivation for crypto-graphic identifiers? Is the idea to give each device a master identifier and then it can use the a crypto graphic function to independently create its own unique identifiers for use in communications. That would be good for address per connection and 80 bits might be doable in ILA. > >> > >> Saleem pointed out that: > >> ILNPv6 will not work with more than 64 bits in the NID, and that is > >> consistent with RFC8200/STD86 (which refers to RFC4291, for the use of a 64 bit ID). > >> > >> > >> So my question is the identifier in identifier - locator separation equal to the interface id in RFC 8200? > >> > >> No, it's not. This is where one of the problems with identifier locator address split arises. SLAAC performs /64 address assignments. This is assigning a subnet to a device with the expectation that IIDs in the subnet (lower 64 bits) are assigned by the device receiving the assignment, Many mobile providers use SLAAC to assign /64 to UEs. This is in contrast to using DHCPv6 to get singleton addresses. The IID space is used by the UE for assigning addresses to downstream devices (like in tethering) as well randomizing address for local binding as a means to mitigate address scanning attacks (address scanning was used in WannaCry attack). In this sort of address assignment it's the upper sixty-four bits that identify the mobile device, the identifier for identifier/locator split would be derived from the upper sixty-four bits. > >> > >> Sixty-four bits isn't enough to encode both a locator and identifier, but I think a level of indirection will work. This is my description of that: > >> > >> A device may be assigned a /64 address via SLAAC as is common in many provider networks. In this scenario, the low order sixty-four bits contains IIDs arbitrarily assigned by devices for its purposes; so these bits cannot be used as an identifier in ILA. The alternative to support /64 prefix assignment is to encode an identifier in the upper sixty-four bits. Since only a subset of bits are available, a level of indirection is used so that when ILA transformed the upper sixty four bits contains both a locator and an index into a locator (ILA-N) specific table. The entry in the table provides the original sixty-four bit prefix so that ILA to SIR transformation can be done. > >> > >> If yes, then what happens if the UE has more than one interfaces? > >> > >> This makes it the uniqueness of the IID and the identifier is the same problem? > >> > >> In ILA, identifiers need to be unique with an ILA domain. Normally, this will mean it is unique with one SIR prefix. That is analogous to an IID being unique within a subnet. > >> > >> Tom > >> > >> _______________________________________________ > >> ila mailing list > >> ila@ietf.org > >> https://www.ietf.org/mailman/listinfo/ila > > > > _______________________________________________ > > 5gangip mailing list > > 5gangip@ietf.org > > https://www.ietf.org/mailman/listinfo/5gangip > > > > _______________________________________________ > > 5gangip mailing list > > 5gangip@ietf.org > > https://www.ietf.org/mailman/listinfo/5gangip > > _______________________________________________ 5gangip mailing list 5gangip@ietf.org https://www.ietf.org/mailman/listinfo/5gangip
- Re: [Ila] Identifier size Tom Herbert
- Re: [Ila] Identifier size Dino Farinacci
- Re: [Ila] [5gangip] Identifier size David Allan I
- Re: [Ila] [5gangip] Identifier size David Allan I
- Re: [Ila] [5gangip] Identifier size Dino Farinacci
- Re: [Ila] [5gangip] Identifier size Behcet Sarikaya
- Re: [Ila] [5gangip] Identifier size Dino Farinacci
- Re: [Ila] [5gangip] Identifier size Dirk.von-Hugo
- Re: [Ila] [5gangip] Identifier size Dino Farinacci