Re: SLAAC protocol improvements for flash renumbering (Fwd: New Version Notification for draft-gont-6man-slaac-renum-02.txt)
Fernando Gont <fernando@gont.com.ar> Thu, 20 February 2020 12:03 UTC
Return-Path: <fernando@gont.com.ar>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D00C12004A for <ipv6@ietfa.amsl.com>; Thu, 20 Feb 2020 04:03:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kkVPGUedFeMZ for <ipv6@ietfa.amsl.com>; Thu, 20 Feb 2020 04:03:30 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF5F912001A for <6man@ietf.org>; Thu, 20 Feb 2020 04:03:29 -0800 (PST)
Received: from [192.168.0.10] (unknown [181.45.84.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 2DED486B41; Thu, 20 Feb 2020 13:03:25 +0100 (CET)
Subject: Re: SLAAC protocol improvements for flash renumbering (Fwd: New Version Notification for draft-gont-6man-slaac-renum-02.txt)
To: Michael Richardson <mcr+ietf@sandelman.ca>, "6man@ietf.org" <6man@ietf.org>
References: <158191113629.5878.8466218249500554614.idtracker@ietfa.amsl.com> <1adb6745-f63b-6275-39c4-cae69cf8f924@si6networks.com> <18472.1582195844@dooku>
From: Fernando Gont <fernando@gont.com.ar>
Message-ID: <e1a66ba1-694f-77a8-c5f0-f4bb663920b5@gont.com.ar>
Date: Thu, 20 Feb 2020 09:03:08 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <18472.1582195844@dooku>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/9hQQHnM_7mIHMbCjS0Vz-VtgPqg>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Feb 2020 12:03:31 -0000
Hello, Michael, Thanks for the great feedback and timely response! In-line.... On 20/2/20 07:50, Michael Richardson wrote: > > Hi, thank you for this. > > I want to suggest that you move the section 4.3/4.4 to > draft-gont-v6ops-cpe-slaac-renum, but I can't find this document to be sure. > Maybe you are still posting it. > > Then, this document is all about updates to the Host side only. Note: Section 4.4 is a host-side update. It does benefit from the router-side change proposed in Section 4.3, though. > Note the section 4.1.1 updates what the valid values are, and while that seems > like advice to routers, it's rather advice to hosts as to what they should > accept as valid. Indeed, the default values are to be employed by routers. That said, Section 4.1.2 is about processing of such values by hosts, where we suggest to cap them. At the end of the day, when routers use more appropriate values, even legacy systems would benefit from that. And even if routers don't use appropriate values, a host can do better by capping the received value to something that makes more sense. > I think that 4.2, in the section about attacks, could suggest that when a > suspicious RA is seen (such as Lifetime=0), that the host might want to check > with a unicast RS (with a randomized delay). My take is that modulo some sanity checks you can perform on some ND packets, since the protocol is inherently insecure, you trust the router, or you don't. Note that, e.g. when you receive an RA with a Router Lifetime of 0, you just honor it without cheking with a unicast RS.... > I like section 4.4, and I really think it's actually the meat of this > document. I think that the title of the document should be less about Flash > Renumbering, and just about "Improved Host Behaviour for Router Advertisements" > or some such. I'd agree that most of the meet is in Section 4.4. That said, at the end of the day the goal is to improve the behaviour of SLAAC in renumbering scenarios... and doing the right thing at routers does help a bit. So I'd rather keep the router parts, too. But we're certainly open for the wg to change our mind ;-) Thanks! Cheers, -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
- SLAAC protocol improvements for flash renumbering… Fernando Gont
- Re: SLAAC protocol improvements for flash renumbe… Michael Richardson
- Re: SLAAC protocol improvements for flash renumbe… Fernando Gont
- Re: SLAAC protocol improvements for flash renumbe… Michael Richardson
- Re: SLAAC protocol improvements for flash renumbe… Fernando Gont
- Re: SLAAC protocol improvements for flash renumbe… Gyan Mishra
- Re: SLAAC protocol improvements for flash renumbe… Michael Richardson