IETF Logo Mail Archive

Re: [EXTERNAL] Why this is broken [was Re: Extending a /64]

Behcet Sarikaya <sarikaya2012@gmail.com> Tue, 17 November 2020 17:48 UTC

Return-Path: <sarikaya2012@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F56F3A12EC for <ipv6@ietfa.amsl.com>; Tue, 17 Nov 2020 09:48:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.846
X-Spam-Level:
X-Spam-Status: No, score=-1.846 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YlIUR_qzoV1T for <ipv6@ietfa.amsl.com>; Tue, 17 Nov 2020 09:48:18 -0800 (PST)
Received: from mail-yb1-xb2d.google.com (mail-yb1-xb2d.google.com [IPv6:2607:f8b0:4864:20::b2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFDB53A0E8D for <ipv6@ietf.org>; Tue, 17 Nov 2020 09:48:18 -0800 (PST)
Received: by mail-yb1-xb2d.google.com with SMTP id i193so19764442yba.1 for <ipv6@ietf.org>; Tue, 17 Nov 2020 09:48:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:reply-to:from:date:message-id :subject:to:cc; bh=SDmbaKoMa2nNLSt9RMVEmDl7jrPPaMje6KCmrw2aksk=; b=Cpx818k8JchdZGz15X0S1vtdKLTIhA9R/Xx3VZ9CdijjoQJLJn42VZdnYVwSHzoII+ 7hllCfksHjeVYcLX9Y4WQM0pS7k3fo0vfqOr8Au9RVm3UN4ROH4IrGrzklgqzw01qxS+ fEz/8zp0W3Ihd3KmC+uZKXiLQIeut1N++WqFwKCYnFw4W6w49BRORBJm8Mw/+eSdJ019 UEuw2MPmexipZgQq+b6HwQpT0YMDPMlhV+6jpN+NYhQLrTSOkZfQP1wu81EbF8ucXtvt 3qq7beYTIat5YiO0oo4mSuP1XQJpfbCL9uF0Fd5LpIwYOhx66/iGLElM2lzUq1So528m 0eAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=SDmbaKoMa2nNLSt9RMVEmDl7jrPPaMje6KCmrw2aksk=; b=hQY7UyZF9+EyA9/lJPkgq1ZhFKtRSGZcUaBCM6MaWPX0K0KZcq+ELeqj3IG/OEaZA2 kxXi3um/sAe4k01YuXnYy+BjtBSOTkHhQ64oP/n7ldJ545M2AEVBa+M3SVAIGti+eais WxJGKtX7WXHRyK3YVjM6TFanz3CBod/UmOrg8cJjikPvwiYuSXcPfADIyLQ0qNcDSroC SorSZZe2ebatc+hLTSu0ameeyTQweXDjiTI/RO/BjlaJGUK8QceRo6mRDsS0z7sZ8Rq6 XIgLtwhaIbN3UUV3jr63rQ5M8ifVh34F+jZLSom+UXJkvcdEeEU8onTRJ8zT4zxLVYqB ioAg==
X-Gm-Message-State: AOAM533W99I888kG3t4vzJxkwjMXXMF4q38jThHGSZLP5xfbNAoV+tE/ IritzpP5jH1kGduCR1jNNGUlHwiO7aw5d4Uz2Ow=
X-Google-Smtp-Source: ABdhPJyBc/g1eLYzeWxBG4qujgqmk2aWw7AtuZOuV8//NK/T1yM51/Fr2buuMQAUuANTUQ95qCkrJ2VPjly8EHvZ6pQ=
X-Received: by 2002:a25:41c7:: with SMTP id o190mr1120383yba.324.1605635297925; Tue, 17 Nov 2020 09:48:17 -0800 (PST)
MIME-Version: 1.0
References: <202011151920.0AFJKN9U003337@mail2.mwassocs.co.uk> <3d26bffe-b6c9-4ed7-6135-a515f9902fd7@gmail.com> <m1keOTi-0000EGC@stereo.hq.phicoh.net> <CAO42Z2wZkXryhw1u5WAFdtCvXHyyz1zeM22FP_gRxjurjsG-Jw@mail.gmail.com> <5f505585-1328-d942-2ec2-a2d96b7b4779@foobar.org> <m1kePdR-0000I6C@stereo.hq.phicoh.net> <b022d11f-b55d-07ef-307d-949ff57cd562@foobar.org> <m1keS7i-0000E0C@stereo.hq.phicoh.net> <f06db586-15ed-6dd3-d09f-06a4e3759275@mccallumwhyman.com> <m1kecJm-0000EOC@stereo.hq.phicoh.net> <5101F72E-4197-4E58-8DEF-9EB9D5541482@thehobsons.co.uk> <m1kefWI-0000ETC@stereo.hq.phicoh.net> <845e43f9-4534-a125-3105-9d345b85029f@mccallumwhyman.com> <f18f1e55-6c8f-2963-7e3a-f22a89dda46d@joelhalpern.com> <0443de45-931d-fbda-20ab-2931383a3a8d@mccallumwhyman.com> <61f8e6f7-1bfd-4c17-9e42-dc5fc10a19b5@gmail.com> <e0fe6742451d418e98c25039c8a45a21@boeing.com>
In-Reply-To: <e0fe6742451d418e98c25039c8a45a21@boeing.com>
Reply-To: sarikaya@ieee.org
From: Behcet Sarikaya <sarikaya2012@gmail.com>
Date: Tue, 17 Nov 2020 11:48:07 -0600
Message-ID: <CAC8QAcfWfb3S-Hn23x_CD8B_XwHG+QoC4Mu-4xBLXJs4cx+74Q@mail.gmail.com>
Subject: Re: [EXTERNAL] Why this is broken [was Re: Extending a /64]
To: "Templin (US), Fred L" <Fred.L.Templin@boeing.com>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, Tony Whyman <tony.whyman@mccallumwhyman.com>, "Joel M. Halpern" <jmh@joelhalpern.com>, "ipv6@ietf.org" <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000092605a05b45119ab"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/LXfP0h8WRyv-v8etkE0FPYqe7zM>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2020 17:48:22 -0000

On Mon, Nov 16, 2020 at 2:43 PM Templin (US), Fred L <
Fred.L.Templin@boeing.com> wrote:

> Brian,
>
> > -----Original Message-----
> > From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Brian E Carpenter
> > Sent: Monday, November 16, 2020 12:21 PM
> > To: Tony Whyman <tony.whyman@mccallumwhyman.com>; Joel M. Halpern <
> jmh@joelhalpern.com>; ipv6@ietf.org
> > Subject: [EXTERNAL] Why this is broken [was Re: Extending a /64]
> >
> > This message was sent from outside of Boeing. Please do not click links
> or open attachments unless you recognize the sender and
> > know that the content is safe.
> >
> >
> > On 17-Nov-20 04:26, Tony Whyman wrote:
> > > On 16/11/2020 14:50, Joel M. Halpern wrote:
> > >> Tony, why are you embedding the 39 bit airplane ID into the IPv6
> > >> address.  That seems to be the fundamental thing that then has you
> > >> need very short prefixes, and doing other difficult operations.
> > >>
> > >> And if the answer is "ICAO said so", then we have a problem of really
> > >> smart aviation engineers doing network engineering.
> > >>
> > >> Yours,
> > >> Joel
> > >
> > > Perhaps the best way to answer this question is to look at the
> alternative.
> > >
> > > Aircraft MNPs are non-topological
> >
> > Thank you for that clear statement. Internet routing *is* topological.
> > Therefore, you cannot use bits in the routing prefix for non-topological
> > information. Therefore, you cannot put 39 magic bits into the routing
> > prefix; the Internet doesn't work like that. End of story. Back to the
> > drawing board.
>
> This actually works; the routing system is described here:
>
> https://datatracker.ietf.org/doc/draft-ietf-rtgwg-atn-bgp/
>
> The MNPs do not need to be topologically-fixed, because the nodes are
> mobile at all times and frequently change their topological attachments.
> True, the MNPs are non-aggregateable but that just means there will be
> one prefix per mobile node represented in the BGP routing system, and
> we have shown how BGP can handle lots of MNPs as long as the amount
> of churn can be minimized.
>
>

Actually what Fred is saying here is that they use host routes.
So each airplane since it is moving  constantly changing networks they
don't change its address, these are what Fred calls MNP.
So they keep so many host routes in their routing table.

It is how they handle their routing table given these so many extra entries
in it.
I think they developed some good techniques to handle it.

Behcet

> This is so badly conceived that I suggest an IETF liaison statement to
> > ICAO may be needed.
>
> We have  a liaison statement that could be expanded on if necessary.
> But, I don't see the problem since we already have this working well.
>
> > There's nothing to stop you putting those 39 bits into the Interface
> > Identifier of the aircraft's IPv6 addresses. That would need a slightly
> > different version of RFC7217, but would still allow 25 entropy bits.
> >
> > However, you should be aware that IP addresses are intrinsically
> > forgeable. I'm not sure I would want to fly on an aircraft whose
> > identity might be trivially forged. Also, it would be trivial for
> > an attacker to observe that a particular address belongs to a
> > particular aircraft.
>
> The ATN/IPS will be a secured network with no connections to the Internet
> and open only to authorized users. An enterprise network for civil
> aviation,
> if you will. Unauthorized users will not have access to the network, and
> even
> for authorized users the multi-layered security services will ensure
> secured
> communications.
>
> Fred
>
> > One more comment below...
> >
> > > and hence could be densely allocated.
> > > However, if you want to go the distance and specify the minimum length
> > > identifier then:
> > >
> > > 1. You need to set up a new registration database for aircraft (in
> order
> > > to assign the new identifier) and one that is global rather than state
> > > based - which is the present approach.
> > >
> > > 2. You need to update the specification for the Aircraft Personality
> > > Module and organise the fleet wide upgrade necessary to ensure that
> > > every affected aircraft gets a new ICAO global Aircraft Identifier.
> > >
> > > 3. Safety Authorities will now identify a new hazard potentially
> > > resulting from a mis-match between the existing ICAO 24-bit identifier
> > > (which still has to be used for radar, ADS-B, TCAS, etc.), and the new
> > > airframe identifier.
> > >
> > > 4. We need to develop procedures and systems for mitigating the new
> > > hazard, assuming it is deemed serious enough.
> > >
> > > 5. The protocol gateways that are planned to avoid having to upgrade
> the
> > > existing ATC Systems in the same timeframe would now have to include a
> > > lookup table between the "old" NSAP Addresses and the "new" IPv6
> Addresses.
> > >
> > > 6. The Safety Authority would identify a new hazard resulting from a
> > > table configuration/maintenance error and procedures/mitigations would
> > > be needed to counter the threat.
> > >
> > > 7. The address mapping would have to extend to the application
> protocols.
> > >
> > > In other words - a lot of negatives each with a potentially large cost
> > > attached to them.
> > >
> > > The next step is to accept that it is worth "wasting" a few more bits
> > > and using the existing ICAO 24-bit aircraft identifier instead of some
> > > new global aircraft identifier. This avoids issues 1 to 4 above.
> > >
> > > In order to avoid 5, 6  and 7, we need to have a simple algorithm to
> > > convert between aircraft ATN/OSI NSAP Addresses and ATN/IPS IPv6
> > > Addresses.
> >
> > Are you aware that we already "solved" that in 1996 (
> https://tools.ietf.org/html/rfc1888), and scrapped it in 2005?
> >
> > Regards
> >    Brian
> >
> >
> >
> > > The existing (legacy) NSAP Address format for aircraft
> > > addresses starts off with some constant prefix and is then followed by
> > > an airline identifier, the ICAO 24-bit identifier, an 8 bit subnet id
> > > and a 48-bit End System id (it follows a structure originally proposed
> > > by NIST). The last two can be readily combined into a 64-bit host
> > > identifier. Indeed, if we based the MNP on the ICAO 24-bit then the
> only
> > > thing stopping a simple algorithm is the missing airline identifier
> part
> > > - this cannot be readily predicted from the ICAO 24-bit identifier
> > > without access to the registration database.
> > >
> > > In order to avoid a lookup table in the protocol gateway, etc. we need
> > > to have an airline identifier in the MNP. 15 bits appears to be the
> > > minimum we can get away with (in order to avoid a new airline
> > > identifier, the proposal is to generate a 15-bit identifier by encoding
> > > the existing ICAO three character airline identifier using ITA-2 letter
> > > shift). Hence 24 +15 = 39.
> > >
> > > The industry's network providers also regard embedding an airline
> > > identifier in the MNP as highly desirable. It is used in the existing
> > > system for diagnostic purposes and firewalls.
> > >
> > > This is not an "ICAO says so" at all. This is practical engineering to
> > > deliver a new system as an evolution from an existing system and with
> > > limited budgets. Start with a clean sheet of paper and you could use a
> > > lot less that 39 bits. Unfortunately, we do not have that luxury.
> > >
> > > Tony
> > >
> > > --------------------------------------------------------------------
> > > IETF IPv6 working group mailing list
> > > ipv6@ietf.org
> > > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > > --------------------------------------------------------------------
> > >
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email