IETF Logo Mail Archive

Re: [EXTERNAL] Why this is broken [was Re: Extending a /64]

Behcet Sarikaya <sarikaya2012@gmail.com> Tue, 17 November 2020 18:56 UTC

Return-Path: <sarikaya2012@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E4A13A1550 for <ipv6@ietfa.amsl.com>; Tue, 17 Nov 2020 10:56:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.847
X-Spam-Level:
X-Spam-Status: No, score=-1.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IMNqnmME0YIf for <ipv6@ietfa.amsl.com>; Tue, 17 Nov 2020 10:56:04 -0800 (PST)
Received: from mail-yb1-xb35.google.com (mail-yb1-xb35.google.com [IPv6:2607:f8b0:4864:20::b35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9055A3A154E for <ipv6@ietf.org>; Tue, 17 Nov 2020 10:56:04 -0800 (PST)
Received: by mail-yb1-xb35.google.com with SMTP id w5so7514173ybj.11 for <ipv6@ietf.org>; Tue, 17 Nov 2020 10:56:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to:cc; bh=8vv5w9DUHOI8nBLVdTz+uC/gGzODLtc4Kp9ivxkZaYM=; b=UDhNMmg1f0l9j6di745SBRXVb6zNCBOslbEr/VT43ETS9zdfxXjWvK7WSWbR3gQuqA l2xk6KDzyIVn/a9kdyT85vR9COtUyVZn+5q7z6+BBOy1O1rg8spZhAxaHamaerx9cPU4 TYLM6XmKLS4t93tJNatONTymqMVo2vRaWfm5VlvNP2m552DYt4+sJpl7BFcJVR1dMp8+ iUQBQB2uODj3PTaAGYZuAPHdhYUn0ztRIGDX9R/VHPGBVx9F8b6TnUNSv1Ivly8Lz/4L GAWqwpMryadNz/WcnECxhAZN+5GLO+RuRL/A6NA/Mlt+HK+zdei5w8Redtoe5qkiwoS9 Qt/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=8vv5w9DUHOI8nBLVdTz+uC/gGzODLtc4Kp9ivxkZaYM=; b=B8auDQVpukzeyLyWiFeW4Juq5G51yryiybI+gWcyJL+a3jSMPltDwg0X6Eu/592bW2 jBoW7RcSNurn3OwWeh/oggrRIgKJNCdZhUEXmxLgsvGSXA2pzqOSFr3Vreznr90bJEwb QE9Nb/8tSXIDzgwUEqbf8nAsSaWRpnhXgICaCYTO1hqusTIgKNBXwesnZLgKn6dHm8Tw KDTxpmOXSGOEJk/ppUJ+CzgoWkAhgSN7bgljajElxEAGDN0hQrKtLk5CgUilHERT/Al7 R6QXITywD4Xmh82+YDdwNfdaNT+Oh8y+XCko1Ago9n4zpE3IrzeefixTcjinq9kBK+9a zdVQ==
X-Gm-Message-State: AOAM531c8n86nwgl9nsgLP/PPAP4WtGgDL30KigVbL0K6sUfmO5IBGVY usMcC6rHRYTUXWy6TKlogtpBhlO1mAMY7kbLEB0=
X-Google-Smtp-Source: ABdhPJzOH1UOqJ8eCms9vzfsxxaQB2yJogRXvmWr+pYij555tOTnJUf/EpPBBmQLEuDuSembK5oYsC1kl15UFKraf3U=
X-Received: by 2002:a25:d9cf:: with SMTP id q198mr1196356ybg.243.1605639363607; Tue, 17 Nov 2020 10:56:03 -0800 (PST)
MIME-Version: 1.0
References: <202011151920.0AFJKN9U003337@mail2.mwassocs.co.uk> <3d26bffe-b6c9-4ed7-6135-a515f9902fd7@gmail.com> <m1keOTi-0000EGC@stereo.hq.phicoh.net> <CAO42Z2wZkXryhw1u5WAFdtCvXHyyz1zeM22FP_gRxjurjsG-Jw@mail.gmail.com> <5f505585-1328-d942-2ec2-a2d96b7b4779@foobar.org> <m1kePdR-0000I6C@stereo.hq.phicoh.net> <b022d11f-b55d-07ef-307d-949ff57cd562@foobar.org> <m1keS7i-0000E0C@stereo.hq.phicoh.net> <f06db586-15ed-6dd3-d09f-06a4e3759275@mccallumwhyman.com> <m1kecJm-0000EOC@stereo.hq.phicoh.net> <5101F72E-4197-4E58-8DEF-9EB9D5541482@thehobsons.co.uk> <m1kefWI-0000ETC@stereo.hq.phicoh.net> <845e43f9-4534-a125-3105-9d345b85029f@mccallumwhyman.com> <f18f1e55-6c8f-2963-7e3a-f22a89dda46d@joelhalpern.com> <0443de45-931d-fbda-20ab-2931383a3a8d@mccallumwhyman.com> <61f8e6f7-1bfd-4c17-9e42-dc5fc10a19b5@gmail.com> <e0fe6742451d418e98c25039c8a45a21@boeing.com> <CAC8QAcfWfb3S-Hn23x_CD8B_XwHG+QoC4Mu-4xBLXJs4cx+74Q@mail.gmail.com> <ce5f270188e64a16b78aceabaf7c5a00@boeing.com>
In-Reply-To: <ce5f270188e64a16b78aceabaf7c5a00@boeing.com>
Reply-To: sarikaya@ieee.org
From: Behcet Sarikaya <sarikaya2012@gmail.com>
Date: Tue, 17 Nov 2020 12:55:52 -0600
Message-ID: <CAC8QAcep99rZMvthjfGWZ0c_K79jeaMu1Opi53Yt6SEwpWY=og@mail.gmail.com>
Subject: Re: [EXTERNAL] Why this is broken [was Re: Extending a /64]
To: "Templin (US), Fred L" <Fred.L.Templin@boeing.com>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, Tony Whyman <tony.whyman@mccallumwhyman.com>, "Joel M. Halpern" <jmh@joelhalpern.com>, "ipv6@ietf.org" <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e7c17305b4520b4f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/LArqdY-w-7EPyMMuCdUnuqhkpzw>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2020 18:56:10 -0000

On Tue, Nov 17, 2020 at 12:36 PM Templin (US), Fred L <
Fred.L.Templin@boeing.com> wrote:

> “Host routes” is a correct analogy, yes, with the only difference being
> that the routes
>
> will be /60 and not /128. Instead of host routes, an expression I have
> used is “scalable
>
> deaggregation”, since BGP is capable of handling millions of de-aggregated
> routes as
>
> long as routing churn is kept in balance. The global Internet is already
> proof that BGP
>
> scales well under those conditions, and the BGP topology I have specified
> in this
>
> document is far simpler and far less prone to BGP update storms.
>
>
>

Yes, MNP is Mobile Node Prefix (?) so you keep/60 prefixes of each node in
the routing table and leave the detail of handling them to BGP.

This is what I referred to as "good technique" below.

Behcet

> Fred
>
>
>
> *From:* Behcet Sarikaya [mailto:sarikaya2012@gmail.com]
> *Sent:* Tuesday, November 17, 2020 9:48 AM
> *To:* Templin (US), Fred L <Fred.L.Templin@boeing.com>
> *Cc:* Brian E Carpenter <brian.e.carpenter@gmail.com>; Tony Whyman <
> tony.whyman@mccallumwhyman.com>; Joel M. Halpern <jmh@joelhalpern.com>;
> ipv6@ietf.org
> *Subject:* Re: [EXTERNAL] Why this is broken [was Re: Extending a /64]
>
>
>
> This message was sent from outside of Boeing. Please do not click links or
> open attachments unless you recognize the sender and know that the content
> is safe.
>
>
>
>
>
>
>
>
> On Mon, Nov 16, 2020 at 2:43 PM Templin (US), Fred L <
> Fred.L.Templin@boeing.com> wrote:
>
> Brian,
>
> > -----Original Message-----
> > From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Brian E Carpenter
> > Sent: Monday, November 16, 2020 12:21 PM
> > To: Tony Whyman <tony.whyman@mccallumwhyman.com>; Joel M. Halpern <
> jmh@joelhalpern.com>; ipv6@ietf.org
> > Subject: [EXTERNAL] Why this is broken [was Re: Extending a /64]
> >
> > This message was sent from outside of Boeing. Please do not click links
> or open attachments unless you recognize the sender and
> > know that the content is safe.
> >
> >
> > On 17-Nov-20 04:26, Tony Whyman wrote:
> > > On 16/11/2020 14:50, Joel M. Halpern wrote:
> > >> Tony, why are you embedding the 39 bit airplane ID into the IPv6
> > >> address.  That seems to be the fundamental thing that then has you
> > >> need very short prefixes, and doing other difficult operations.
> > >>
> > >> And if the answer is "ICAO said so", then we have a problem of really
> > >> smart aviation engineers doing network engineering.
> > >>
> > >> Yours,
> > >> Joel
> > >
> > > Perhaps the best way to answer this question is to look at the
> alternative.
> > >
> > > Aircraft MNPs are non-topological
> >
> > Thank you for that clear statement. Internet routing *is* topological.
> > Therefore, you cannot use bits in the routing prefix for non-topological
> > information. Therefore, you cannot put 39 magic bits into the routing
> > prefix; the Internet doesn't work like that. End of story. Back to the
> > drawing board.
>
> This actually works; the routing system is described here:
>
> https://datatracker.ietf.org/doc/draft-ietf-rtgwg-atn-bgp/
>
> The MNPs do not need to be topologically-fixed, because the nodes are
> mobile at all times and frequently change their topological attachments.
> True, the MNPs are non-aggregateable but that just means there will be
> one prefix per mobile node represented in the BGP routing system, and
> we have shown how BGP can handle lots of MNPs as long as the amount
> of churn can be minimized.
>
>
>
>
>
> Actually what Fred is saying here is that they use host routes.
>
> So each airplane since it is moving  constantly changing networks they
> don't change its address, these are what Fred calls MNP.
>
> So they keep so many host routes in their routing table.
>
>
>
> It is how they handle their routing table given these so many extra
> entries in it.
>
> I think they developed some good techniques to handle it.
>
>
>
> Behcet
>
>
>
> > This is so badly conceived that I suggest an IETF liaison statement to
> > ICAO may be needed.
>
> We have  a liaison statement that could be expanded on if necessary.
> But, I don't see the problem since we already have this working well.
>
> > There's nothing to stop you putting those 39 bits into the Interface
> > Identifier of the aircraft's IPv6 addresses. That would need a slightly
> > different version of RFC7217, but would still allow 25 entropy bits.
> >
> > However, you should be aware that IP addresses are intrinsically
> > forgeable. I'm not sure I would want to fly on an aircraft whose
> > identity might be trivially forged. Also, it would be trivial for
> > an attacker to observe that a particular address belongs to a
> > particular aircraft.
>
> The ATN/IPS will be a secured network with no connections to the Internet
> and open only to authorized users. An enterprise network for civil
> aviation,
> if you will. Unauthorized users will not have access to the network, and
> even
> for authorized users the multi-layered security services will ensure
> secured
> communications.
>
> Fred
>
> > One more comment below...
> >
> > > and hence could be densely allocated.
> > > However, if you want to go the distance and specify the minimum length
> > > identifier then:
> > >
> > > 1. You need to set up a new registration database for aircraft (in
> order
> > > to assign the new identifier) and one that is global rather than state
> > > based - which is the present approach.
> > >
> > > 2. You need to update the specification for the Aircraft Personality
> > > Module and organise the fleet wide upgrade necessary to ensure that
> > > every affected aircraft gets a new ICAO global Aircraft Identifier.
> > >
> > > 3. Safety Authorities will now identify a new hazard potentially
> > > resulting from a mis-match between the existing ICAO 24-bit identifier
> > > (which still has to be used for radar, ADS-B, TCAS, etc.), and the new
> > > airframe identifier.
> > >
> > > 4. We need to develop procedures and systems for mitigating the new
> > > hazard, assuming it is deemed serious enough.
> > >
> > > 5. The protocol gateways that are planned to avoid having to upgrade
> the
> > > existing ATC Systems in the same timeframe would now have to include a
> > > lookup table between the "old" NSAP Addresses and the "new" IPv6
> Addresses.
> > >
> > > 6. The Safety Authority would identify a new hazard resulting from a
> > > table configuration/maintenance error and procedures/mitigations would
> > > be needed to counter the threat.
> > >
> > > 7. The address mapping would have to extend to the application
> protocols.
> > >
> > > In other words - a lot of negatives each with a potentially large cost
> > > attached to them.
> > >
> > > The next step is to accept that it is worth "wasting" a few more bits
> > > and using the existing ICAO 24-bit aircraft identifier instead of some
> > > new global aircraft identifier. This avoids issues 1 to 4 above.
> > >
> > > In order to avoid 5, 6  and 7, we need to have a simple algorithm to
> > > convert between aircraft ATN/OSI NSAP Addresses and ATN/IPS IPv6
> > > Addresses.
> >
> > Are you aware that we already "solved" that in 1996 (
> https://tools.ietf.org/html/rfc1888), and scrapped it in 2005?
> >
> > Regards
> >    Brian
> >
> >
> >
> > > The existing (legacy) NSAP Address format for aircraft
> > > addresses starts off with some constant prefix and is then followed by
> > > an airline identifier, the ICAO 24-bit identifier, an 8 bit subnet id
> > > and a 48-bit End System id (it follows a structure originally proposed
> > > by NIST). The last two can be readily combined into a 64-bit host
> > > identifier. Indeed, if we based the MNP on the ICAO 24-bit then the
> only
> > > thing stopping a simple algorithm is the missing airline identifier
> part
> > > - this cannot be readily predicted from the ICAO 24-bit identifier
> > > without access to the registration database.
> > >
> > > In order to avoid a lookup table in the protocol gateway, etc. we need
> > > to have an airline identifier in the MNP. 15 bits appears to be the
> > > minimum we can get away with (in order to avoid a new airline
> > > identifier, the proposal is to generate a 15-bit identifier by encoding
> > > the existing ICAO three character airline identifier using ITA-2 letter
> > > shift). Hence 24 +15 = 39.
> > >
> > > The industry's network providers also regard embedding an airline
> > > identifier in the MNP as highly desirable. It is used in the existing
> > > system for diagnostic purposes and firewalls.
> > >
> > > This is not an "ICAO says so" at all. This is practical engineering to
> > > deliver a new system as an evolution from an existing system and with
> > > limited budgets. Start with a clean sheet of paper and you could use a
> > > lot less that 39 bits. Unfortunately, we do not have that luxury.
> > >
> > > Tony
> > >
> > > --------------------------------------------------------------------
> > > IETF IPv6 working group mailing list
> > > ipv6@ietf.org
> > > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > > --------------------------------------------------------------------
> > >
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>
>

v2.23.0 | Report a Bug | By Email