IETF Logo Mail Archive

Re: Comments on draft-yourtchenko-colitti-nd-reduce-multicast

Erik Nordmark <nordmark@acm.org> Tue, 25 February 2014 14:48 UTC

Return-Path: <nordmark@acm.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F14A11A037A for <ipv6@ietfa.amsl.com>; Tue, 25 Feb 2014 06:48:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.465
X-Spam-Level: *
X-Spam-Status: No, score=1.465 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g5YiLk2P2b0z for <ipv6@ietfa.amsl.com>; Tue, 25 Feb 2014 06:48:02 -0800 (PST)
Received: from d.mail.sonic.net (d.mail.sonic.net [64.142.111.50]) by ietfa.amsl.com (Postfix) with ESMTP id 74CED1A0309 for <ipv6@ietf.org>; Tue, 25 Feb 2014 06:48:02 -0800 (PST)
Received: from [192.168.10.18] ([78.204.24.4]) (authenticated bits=0) by d.mail.sonic.net (8.14.4/8.14.4) with ESMTP id s1PEjnNQ030064 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 25 Feb 2014 06:45:51 -0800
Message-ID: <530CAC9D.1040105@acm.org>
Date: Tue, 25 Feb 2014 06:45:49 -0800
From: Erik Nordmark <nordmark@acm.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Ole Troan <otroan@employees.org>
Subject: Re: Comments on draft-yourtchenko-colitti-nd-reduce-multicast
References: <5305AF13.5060201@acm.org> <7461F3DA-FB05-400D-9C54-2F30C73DE2B9@employees.org> <530BCF83.4090500@acm.org> <F401125A-6D2F-4306-85E2-F13DDDCAA7F3@employees.org>
In-Reply-To: <F401125A-6D2F-4306-85E2-F13DDDCAA7F3@employees.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Sonic-ID: C;jOGfhCue4xGczn+iOBdzQA== M;HHVEhSue4xGczn+iOBdzQA==
Archived-At: http://mailarchive.ietf.org/arch/msg/ipv6/4qapuTFf4CSkg7L5GQ_IL3rWX7s
Cc: Andrew Yourtchenko <ayourtch@cisco.com>, 6man WG <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Feb 2014 14:48:04 -0000

On 2/25/14 1:28 AM, Ole Troan wrote:
>
> RFC3315 says:
>    The client MAY include addresses in the IAs as a hint to the server about addresses for
>     which the client has a preference.
>
> that's not too far off from the ND register semantics. in both cases the final say of which address the host can used is moved to the network.
Ole,

Thanks for finding that text.

So a potential approach would be to have the host form its address using 
the SLAAC method it prefers (such as stable-privacy) and then go through 
the DHCP (discovery plus request/response having the IA_NA/TA with the 
formed address). I don't know if we can use the 2 packet DHCP exchange 
for this or need the 4 packet one.  The host would get lifetimes back 
from the DHCP server so it would know when it needs to renew.

If all the hosts on the link were to do this, and the DHCP service is 
100% reliable, then this would ensure no duplicates.
But it has issues with incremental deployment where some hosts do this 
but not the legacy hosts, since the legacy hosts would do current DAD 
probes and not find out about the addresses registered with the DHCP 
server. If the DHCP server is on-link it could proxy respond (and also 
implicitly learn about registrations from those DAD probes - with the 
limitations for implicit registrations which I'm trying to write down), 
but what about the case of DHCP relay(s) on the link and an off-link 
DHCP server?

In that case it seems like the DHCP relays need to relay all DAD packets 
to the DHCP server, so that it can respond (duplicate or ok), and build 
it state.

And should the DHCP service loose some or all of its state (e.g., a cold 
standby is started after a hardware failure) then it doesn't have a way 
to rebuild its state from the network until the lifetimes cause the new 
hosts to renew. And for legacy hosts the DHCP server/relay would need to 
glean on data packets to reliably find out about addresses that are in 
use since the legacy host do not "renew" with an additional DAD probe in 
a predictable time.

Thus it seems like in order to solve DAD using DHCPv6 we need to
1. solve how do reliably do implicit registrations from DAD (and data 
packets?) for legacy hosts in DHCP relay/server
2. new interaction between DHCP relay and server to handle legacy hosts 
in normal operation
3. ditto in the case of DHCP server state loss

Note that this doesn't remove the need to multicast Neighbor Solutions 
for address resolutions, since the DHCP server or relay is not required 
to be implemented in the router (it might be in some deployments and 
products). Even when it implemented in the router, there would need to 
be a mechanism to share the state of IP->MAC address between the routers 
on the link.
Thus to solve that we need
4. DHCP server track MAC address to get IP->MAC binding
5. Sharing of DHCP server state with all the routers on the link

With the above we still haven't addressed the unsolicited multicast RAs, 
thus we'd also need
6. Method to avoid multicast RAs - host driven unicast RS to refresh?

Note that if we solve 1, 5', and 6 we have a complete solution i.e.
1. solve how do reliably do implicit registrations from DAD (and data 
packets) in routers
5': sharing of that registration state (explicitly or implicitly) 
between the routers on the link
6. Method to avoid multicast RAs - host driven unicast RS to refresh?


Thus I don't see how "reusing DHCP" makes for less work - it seems to 
create a lot more  work by changing not only hosts and routers but also 
DHCP servers and DHCP relays plus defining additional need for state 
sharing which doesn't exist today.

[And as I've indicated, I think that #1 is actually hard even if there 
are products that do that with constrained applicability today. More 
about that later since it doesn't affect the difference between "reuse 
DHCP" and other parts of the solution space AFAICT.]
>
>> Currently RFC 3315 separates address assignment and DAD - the client SHOULD perform DAD on an address that is assigned by the DHCP server. This separation goes back to DHCPv4 where there was a similar check (I think using ICMP echo) which I believe is there for the reason that the DHCP servers list of assigned addresses could get out of sync with the hosts. (If DAD fails the host declines the address hence will get a different one.)
>>
>> I don't see how we can do this without host changes even for the case of IA_NA and IA_TA DHCP assigned addresses; the hosts would need to remove the code which does the DAD check for DHCP. (And there would be additional DHCP protocol changes needed to support CGA and stable-privacy-addresses and any future address assignment scheme.)
> are there two issues here?
> 1) DAD detecting a duplicate address
> 2) DAD wasting bandwidth and energy
Yes, we can think about those separate.
I'd call #1 something like "More robust/reliable DAD" in the presense of 
packet loss, sleeping hosts, etc.
>
> on a WIFI link, DAD is sent L2 unicast to the AP. then the AP is expected to forward that packet as L2 multicast back onto the link. if we assume some smarts on the AP, then it doesn't have to send the packet back out on the wire, but only bridge it up to router(s) for example. (this isn't as far fetched as it seems, there are deployed products doing this already).
Presumably the AP would do that for a large set of packets - e.g., all 
solicited-node MC addresses.
>
> given all knowing state in the network, then collisions shouldn't happen. if the network suspected it had lost state, it could try to resolve the address on the link before assigning the address to the host.
Unless the host that has the address is in deep sleep at that point in time.

>
> leaving the host unchanged in this scheme only leaves us with the problem of the sleeping host waking up at ever beacon with a DTIM indication. since there wouldn't be a multicast message, it wouldn't have to stay awake actually waiting for a frame.
If the network lost the state about the address, how can it remember to 
which MAC address it can unicast it?
I think it needs to multicast the frame. And the host needs to be in 
shallow sleep so the multicast will wake it up.

(Philosophically having completely separate behavior and code to deal 
with infrequent events like this is a bad idea; that behavior/code will 
not be exercised hence it is very likely to have bugs.)
>
> to conclude, if my understanding is correct (which it may very well not be, since I haven't really understood how 802.11 works before now), then DAD isn't a big issue. it can be solved (and is in deployed products) on the AP multicast handling.
I don't see the details of how this would work. Hence I can't declare it 
to be solved.
>
> we could of course also specify in a new IPv6 over foo document that DAD attempts = 0 on these links, or perhaps better add a signal in RAs.
DAD attempts = 0 might make sense for EUI-64 derived addresses. But 
since we are moving away from those I'm not sure that is a good idea.

     Erik

v2.23.0 | Report a Bug | By Email