IETF Logo Mail Archive

RE: [v6ops] Why MHMP is still not operational

Vasilenko Eduard <vasilenko.eduard@huawei.com> Tue, 02 August 2022 07:15 UTC

Return-Path: <vasilenko.eduard@huawei.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 910EBC157B4B; Tue, 2 Aug 2022 00:15:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g29A2VUVB12Q; Tue, 2 Aug 2022 00:15:09 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08A89C157B41; Tue, 2 Aug 2022 00:15:09 -0700 (PDT)
Received: from fraeml707-chm.china.huawei.com (unknown [172.18.147.206]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4LxmQz6z4Pz688d6; Tue, 2 Aug 2022 15:12:43 +0800 (CST)
Received: from mscpeml100001.china.huawei.com (7.188.26.227) by fraeml707-chm.china.huawei.com (10.206.15.35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Tue, 2 Aug 2022 09:15:05 +0200
Received: from mscpeml500001.china.huawei.com (7.188.26.142) by mscpeml100001.china.huawei.com (7.188.26.227) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Tue, 2 Aug 2022 10:15:04 +0300
Received: from mscpeml500001.china.huawei.com ([7.188.26.142]) by mscpeml500001.china.huawei.com ([7.188.26.142]) with mapi id 15.01.2375.024; Tue, 2 Aug 2022 10:15:04 +0300
From: Vasilenko Eduard <vasilenko.eduard@huawei.com>
To: "otroan@employees.org" <otroan@employees.org>
CC: "6man@ietf.org" <6man@ietf.org>, v6ops list <v6ops@ietf.org>
Subject: RE: [v6ops] Why MHMP is still not operational
Thread-Topic: [v6ops] Why MHMP is still not operational
Thread-Index: Adil2GrmE3vepLa2TFqTNR74rxw42P//+/EA//8u8NA=
Date: Tue, 02 Aug 2022 07:15:04 +0000
Message-ID: <8eca97a9a840451f96f6f29590a813bf@huawei.com>
References: <a4248748209f4b87ae1a4f0e5e639eaa@huawei.com> <CEE6EC15-A360-4A48-B551-B09078B4C9B6@employees.org>
In-Reply-To: <CEE6EC15-A360-4A48-B551-B09078B4C9B6@employees.org>
Accept-Language: zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.81.211.8]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/2sMfemG-Cewo2_gefity06zVPRM>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Aug 2022 07:15:10 -0000

Hi Ole, sorry, but it is not enough.

The only way discussed there is to:
- get the same policy information
- format it differently according to RFC4191 and RFC 7078
- feed it to the host.
Then the host would be capable to choose the next hop before the source address.

It has 2 fundamental problems:
- nobody would follow such a complexity
- RFC 7078 is not supported on hosts and CPE (and never be supported on Android - it is DHCP)

Eduard
-----Original Message-----
From: otroan@employees.org [mailto:otroan@employees.org] 
Sent: Tuesday, August 2, 2022 12:42 AM
To: Vasilenko Eduard <vasilenko.eduard@huawei.com>
Cc: 6man@ietf.org; v6ops list <v6ops@ietf.org>
Subject: Re: [v6ops] Why MHMP is still not operational

I am not aware of much progress on MHMP since RFC7157 and RFC8043.

O.


> On 1 Aug 2022, at 22:11, Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org> wrote:
> 
> Hi all,
> There were a few comments on IETF to draft-vv-6man-nd-support-mhmp that the problem was resolved.
> The finger was pointed to PvD (provisioning domains) RFC 8801.
> I would say that RFC 8028 is more relevant (fixed more MHMP ND issues), but let's discuss PvD.
>  
> PvD in principle has a negligible influence on MHMP at the ND level.
> Explicit (special ND options) or Implicit (separate LLA+RA) PvD just helps to emulate many virtual routers out of one physical.
> Exactly the same effect would be on the link if many physical routers would be on the link.
> It does not matter whether virtual or physical routers are feeding different information to the link.
> OK. We would make this comment in the next version of the document. It looks obvious.
> In fact, just a PIOs list per router is enough information to make an MHMP decision for ND. PvD does not help ND.
> PvD is very valuable to connect PIOs to DNSes that is very needed for MHMP in general (proper DNS is important too) but not for the ND part.
>  
> The problem is about the assumption made throughout SASA (RFC 6724) that the next hop is chosen before the source address.
> Section 7: “This specification of source address selection assumes that routing (more precisely, selecting an outgoing interface on a node with multiple interfaces) is done before source address selection.”
> As Brian pointed out to me, bind() may help to choose the source address first. That is probably the case for server applications.
> The normal client application would probably use getaddrinfo() in the majority of cases. All OSes are compliant with RFC 6724. It means that the next hop would be chosen before the source address.
> The next hop choice is currently specified as a random round-robin by RFC 4861.
> Reminder, RFC 8028 and RFC 6724 have “Rule 5.5 of RFC 6724 states that the source address used to send to a given destination address should, if possible, be chosen from a prefix known to be advertised by the next-hop router for that destination.”
> It means that the only PIO1 leading to the “walled garden” would become not available for choice because it is sourced from Router1 only that was not chosen at random.
> Ups, getaddrinfo() would choose the next hop (random) and then source address that would be filtered on the internet (it would not reach the destination).
> The same problem would prevent choosing the best Carrier for cost/delay/latency/policy reasons. getaddrinfo() just randomly points to the wrong source address. In full compliance with RFC 6724.
>  
> RFC 6724 logic should be reversed. RFC 6724 is ready for it – it was assumed as an option.
> draft-vv-6man-nd-support-mhmp section 4 and 6.1 discusses how to choose a source address.
> DNS, PvD, and simpler methods are included.
>  
> It is the reason why ULA+NPT is the only way for Carrier redundancy yet.
> getaddrinfo() randomly chooses the wrong source address if it has the choice.
>  
> PS: I am extremely surprised how it did happen that the forwarding decision (next hop) has been decided to make before the packet is constructed (source address is not chosen)?!? It is illogical. It is a request for trouble.
>  
> <image001.png>
> Best Regards
> Eduard Vasilenko
> Senior Architect
> Europe Standardization & Industry Development Department
> Tel: +7(985) 910-1105, +7(916) 800-5506
>  
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email