RE: Route Information Options in Redirect Messages (updated)
"Templin, Fred L" <Fred.L.Templin@boeing.com> Mon, 06 February 2017 19:51 UTC
Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08B9F1294A3 for <ipv6@ietfa.amsl.com>; Mon, 6 Feb 2017 11:51:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3qrvLizH0Hqn for <ipv6@ietfa.amsl.com>; Mon, 6 Feb 2017 11:51:43 -0800 (PST)
Received: from phx-mbsout-01.mbs.boeing.net (phx-mbsout-01.mbs.boeing.net [130.76.184.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64B96129469 for <ipv6@ietf.org>; Mon, 6 Feb 2017 11:51:43 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by phx-mbsout-01.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id v16Jpgk4035488; Mon, 6 Feb 2017 12:51:43 -0700
Received: from XCH15-06-08.nw.nos.boeing.com (xch15-06-08.nw.nos.boeing.com [137.136.238.222]) by phx-mbsout-01.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id v16JpW6o035266 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=OK); Mon, 6 Feb 2017 12:51:32 -0700
Received: from XCH15-06-08.nw.nos.boeing.com (2002:8988:eede::8988:eede) by XCH15-06-08.nw.nos.boeing.com (2002:8988:eede::8988:eede) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Mon, 6 Feb 2017 11:51:31 -0800
Received: from XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) by XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) with mapi id 15.00.1178.000; Mon, 6 Feb 2017 11:51:31 -0800
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Lorenzo Colitti <lorenzo@google.com>
Subject: RE: Route Information Options in Redirect Messages (updated)
Thread-Topic: Route Information Options in Redirect Messages (updated)
Thread-Index: AdJ8F7CvYW0JrWzvRzOTQSlLsXA0KQEQ3FuAABT6DsA=
Date: Mon, 06 Feb 2017 19:51:31 +0000
Message-ID: <6fe9d373c94b42d68c5607bcb95a6f63@XCH15-06-08.nw.nos.boeing.com>
References: <9910b4acd87044e89fad83bb5c795b77@XCH15-06-08.nw.nos.boeing.com> <CAKD1Yr2m-cOWZUn67DNJGi-Ofm_t5LEjKuCP1zaCGhXDCfE1ew@mail.gmail.com>
In-Reply-To: <CAKD1Yr2m-cOWZUn67DNJGi-Ofm_t5LEjKuCP1zaCGhXDCfE1ew@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [137.136.248.6]
Content-Type: multipart/alternative; boundary="_000_6fe9d373c94b42d68c5607bcb95a6f63XCH150608nwnosboeingcom_"
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/HRcLdz0oS9W5X9kc6fUhJdRokQA>
Cc: james woodyatt <jhw@google.com>, IPv6 List <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Feb 2017 19:51:46 -0000
Hi Lorenzo – see below for responses: From: Lorenzo Colitti [mailto:lorenzo@google.com] Sent: Sunday, February 05, 2017 5:27 PM To: Templin, Fred L <Fred.L.Templin@boeing.com> Cc: IPv6 List <ipv6@ietf.org>; james woodyatt <jhw@google.com> Subject: Re: Route Information Options in Redirect Messages (updated) I'm not sure about the security reliability and reliability of this scheme. The first things that come to mind are: What happens if the whole network is renumbered? Fundamentally, the entity that is authoritative for the larger prefix (i.e., the one sending the prefix redirect) is the one that controls routing to that prefix. What happens if that entity realizes that the prefix is no longer valid, and that thus the sub-prefixes are also no longer redirected? How does it withdraw those redirects? FLT>>> The renumbering event itself would be no different than renumbering for FLT>>> any DHCPv6 PD scenario – I guess it would entail a DHCPv6 “reconfigure” FLT>>> exchange. But, once a prefix is renumbered, there are a couple of ways FLT>>> that previous redirections could be cancelled. First, the redirection target FLT>>> could send unsolicited Redirects with Route Lifetimes set to 0 for the FLT>>> previous prefixes (in which case, the source will again allow future traffic FLT>>> to flow through a default router). Second, the redirection target can FLT>>> send “Destination Unreachable” messages to the source, which can then FLT>>> infer that the redirected routes are no longer valid and delete the FLT>>> redirected route. Our draft is currently silent on Destination Unreachables, FLT>>> but ‘draft-templin-aerolink’ talks about them and we could adopt some FLT>>> of that text. Second: security. I get the feeling that a lot of work needs to be done here to cover all the corner cases. One obvious example is: suppose I have 2001:db8:1:1:/64 on link, and then some host sends an unsolicited RIO announcing that it is responsible for 2001:db8:1:1:/64, or for both 2001:db8:1:1::/65 and 2001:db8:1:1:8000::/65. What happens? Hopefully the host doesn't get to MITM all the traffic on the link. FLT>>> Please check the Security Considerations section and let us know if you FLT>>> have any comments on what appears there. To your point, though, a FLT>>> Node A having received a prefix redirect with next hop Node B will FLT>>> never accept a redirect from Node C claiming to own the prefixes FLT>>> that are legitimately owned by Node B. Even assuming that a router actually legitimately redirects a sub-prefix to a given node for a certain lifetime, what's to stop that node claiming that sub-prefix even after the original lifetime has expired? Should the host receiving the prefix redirect enforce that the prefix lifetime can never increase? FLT>>> RIOs include a Route Lifetime which gives a number of seconds before FLT>>> the prefix expires. If the node that is the owner of the prefix wishes FLT>>> to extend the Route Lifetimes, it can send unsolicited Redirects to its FLT>>> (redirected) correspondents. But, once Route Lifetime expires the FLT>>> correspondent discards the prefix and allows future packets to once FLT>>> again flow through a default router. More in general it looks like this document is trying to reinvent a fair amount of stuff that's already covered in detail, and more robustly, in homenet. Why not use those solutions instead? FLT>>> Please have a look at the use cases. The three that I have mentioned are FLT>>> 1) enterprise mobile devices (e.g., cellphones, tablets, etc.), 2) Airplanes FLT>>> in civil aviation networks, and 3) Unmanned Air Vehicles in unmanned FLT>>> air traffic management networks. Others have mentioned other use FLT>>> cases, and I think we will find that there are still many others. About FLT>>> reinventing homenet, I think you would find that these concepts have FLT>>> been around a lot longer than homenet. FLT>>> FLT>>> Thanks - Fred On Wed, Feb 1, 2017 at 8:14 AM, Templin, Fred L <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>> wrote: An updated version of "Route Information Options in Redirect Messages" is now available (see below). This version addresses 6man list comments posted in the 1/9/2017 - 1/12/2017 timeframe, and re-aligns the work from intarea to 6man. It also expands on several aspects of the proposal that were not covered in the intarea draft. Please (re-)review and post comments to the list. Fred and James -----Original Message----- From: I-D-Announce [mailto:i-d-announce-bounces@ietf.org<mailto:i-d-announce-bounces@ietf.org>] On Behalf Of internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> Sent: Monday, January 30, 2017 2:33 PM To: i-d-announce@ietf.org<mailto:i-d-announce@ietf.org> Subject: I-D Action: draft-templin-6man-rio-redirect-01.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Route Information Options in Redirect Messages Authors : Fred L. Templin James Woodyatt Filename : draft-templin-6man-rio-redirect-01.txt Pages : 7 Date : 2017-01-30 Abstract: The IPv6 Neighbor Discovery protocol provides a Redirect function allowing routers to inform recipients of a better next hop on the link toward the destination. This document specifies a backward- compatible extension to the Redirect function to allow routers to include routing information that the recipient can associate with the next hop. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-templin-6man-rio-redirect/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-templin-6man-rio-redirect-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-templin-6man-rio-redirect-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org<mailto:I-D-Announce@ietf.org> https://www.ietf.org/mailman/listinfo/i-d-announce Internet-Draft directories: http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org<mailto:ipv6@ietf.org> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
- Route Information Options in Redirect Messages (u… Templin, Fred L
- Re: Route Information Options in Redirect Message… 神明達哉
- RE: Route Information Options in Redirect Message… Templin, Fred L
- Re: Route Information Options in Redirect Message… 神明達哉
- Re: Route Information Options in Redirect Message… Mark Smith
- Re: Route Information Options in Redirect Message… Lorenzo Colitti
- RE: Route Information Options in Redirect Message… Templin, Fred L
- RE: Route Information Options in Redirect Message… Templin, Fred L
- RE: Route Information Options in Redirect Message… Templin, Fred L
- Re: Route Information Options in Redirect Message… james woodyatt
- Re: Route Information Options in Redirect Message… james woodyatt
- Re: Route Information Options in Redirect Message… 神明達哉
- RE: Route Information Options in Redirect Message… Templin, Fred L
- RE: Route Information Options in Redirect Message… Mark Smith
- RE: Route Information Options in Redirect Message… Templin, Fred L
- Re: Route Information Options in Redirect Message… james woodyatt
- RE: Route Information Options in Redirect Message… Mark Smith
- RE: Route Information Options in Redirect Message… Templin, Fred L
- Re: Route Information Options in Redirect Message… Mark Smith
- RE: Route Information Options in Redirect Message… Templin, Fred L
- RE: Route Information Options in Redirect Message… Mark Smith
- RE: Route Information Options in Redirect Message… Templin, Fred L
- Re: Route Information Options in Redirect Message… 神明達哉
- RE: Route Information Options in Redirect Message… Templin, Fred L