IETF Logo Mail Archive

Re: [6man] New Version Notification for draft-nordmark-6man-impatient-nud-00.txt

Ray Hunter <v6ops@globis.net> Mon, 23 May 2011 21:40 UTC

Return-Path: <v6ops@globis.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DFA5E0867 for <ipv6@ietfa.amsl.com>; Mon, 23 May 2011 14:40:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.656
X-Spam-Level:
X-Spam-Status: No, score=-3.656 tagged_above=-999 required=5 tests=[AWL=0.942, BAYES_00=-2.599, GB_I_LETTER=-2, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hd37-xZ7ytVr for <ipv6@ietfa.amsl.com>; Mon, 23 May 2011 14:40:25 -0700 (PDT)
Received: from globis01.globis.net (RayH-1-pt.tunnel.tserv11.ams1.ipv6.he.net [IPv6:2001:470:1f14:62e::2]) by ietfa.amsl.com (Postfix) with ESMTP id D93D1E079C for <ipv6@ietf.org>; Mon, 23 May 2011 14:40:24 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by globis01.globis.net (Postfix) with ESMTP id CBD37870083; Mon, 23 May 2011 23:40:23 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at globis01.globis.net
Received: from globis01.globis.net ([127.0.0.1]) by localhost (mail.globis.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DxeMpbFubEi0; Mon, 23 May 2011 23:40:18 +0200 (CEST)
Received: from Rays-iMac.local (unknown [192.168.0.3]) (Authenticated sender: Ray.Hunter@globis.net) by globis01.globis.net (Postfix) with ESMTPA id B9119870023; Mon, 23 May 2011 23:40:18 +0200 (CEST)
Message-ID: <4DDAD442.7040400@globis.net>
Date: Mon, 23 May 2011 23:40:18 +0200
From: Ray Hunter <v6ops@globis.net>
User-Agent: Postbox Express 1.0.1 (Macintosh/20100705)
MIME-Version: 1.0
To: Philip Homburg <pch-v6ops@u-1.phicoh.com>
Subject: Re: [6man] New Version Notification for draft-nordmark-6man-impatient-nud-00.txt
References: <m1QObow-0001hFC@stereo.hq.phicoh.net> <4DDACD31.9020602@globis.net> <m1QOcaZ-0001hFC@stereo.hq.phicoh.net>
In-Reply-To: <m1QOcaZ-0001hFC@stereo.hq.phicoh.net>
Content-Type: multipart/alternative; boundary="------------070502020308030209080809"
Cc: ipv6@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 May 2011 21:40:26 -0000

Philip Homburg wrote:
> In your letter dated Mon, 23 May 2011 23:10:09 +0200 you wrote:
>    
>> Who says that NUD can't also be used to declare an interface down/
>> detect router neighbor loss?
>>
>> Maybe think of a BGP process running over TCP receiving ICMP
>> unreachables because the local NUD has declared the neighbor
>> unreachable. Meanwhile the other BGP partner router is still retrying at
>> TCP layer because NUD has not timed out on that node. Or am I seeing
>> non-existent links here?
>>      
>
> Let's say router A declares router B unreachable because of some ND problem.
> Meanwhile router B still considers router A reachable.
>
> Now obviously, router A (and the routing system) will try to avoid routing
> packets from A to B because that link is down.
>
> B still assumes that A is reachable so it will continue to forward packets to
> A. As long a A does not drop those packets, everything will be fine. I don't
> think there is a reason to drop incoming packets when a neighbor on a link is
> unreachable, but if an implementation does that, then that will break the
> independence and will cause problems.
>
> But for relatively stable links consisting of just BGP peers, it may make more
> sense to just hardwire the ND entries and disable ND.
>
>
>    
You are probably 100% correct for BGP. And I'm reasonably convinced BGP 
is relatively bullet-proof (even if one well-known network provider that 
I know does not give BGP TCP sessions priority over normal user traffic, 
so BGP neighbors can flap on high user load.) It was just one example 
off the top of my head of a dependency.

The only point I'm making is that there may well be stuff out there that 
has become reliant on the current symmetrical behavior of NUD. ARP 
caches generally took a very long time before they started sending back 
an ICMP unreachable. AFAIK NUD is pretty instantaneous once it declares 
something unreachable.

It was after all a selling-point of NDP and neighbor discovery in 
general that it "fixed" the half-open link problem.

RFC 2461 "Unlike ARP, Neighbor Discovery detects half-link failures"

And now it mightn't live up to that promise: at least in transitory 
situations that might last for an extended period of comparable duration 
to timeouts in other protocol layers / applications, unless the timers/ 
retry counts are synchronized across all nodes on the link. Timers and 
race conditions can be very tricky to catch/ debug, as I'm sure you know.

Just raising a flag. Maybe this is significant, maybe not. Just thought 
I'd ask.

regards,
RayH

v2.23.0 | Report a Bug | By Email