RE: Route Information Options in Redirect Messages (updated)

"Templin, Fred L" <Fred.L.Templin@boeing.com> Mon, 06 February 2017 19:15 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A3431295C2 for <ipv6@ietfa.amsl.com>; Mon, 6 Feb 2017 11:15:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KnlhFEfOqSmA for <ipv6@ietfa.amsl.com>; Mon, 6 Feb 2017 11:15:18 -0800 (PST)
Received: from phx-mbsout-02.mbs.boeing.net (phx-mbsout-02.mbs.boeing.net [130.76.184.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC012129479 for <ipv6@ietf.org>; Mon, 6 Feb 2017 11:15:18 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by phx-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id v16JFI9I003850; Mon, 6 Feb 2017 12:15:18 -0700
Received: from XCH15-06-10.nw.nos.boeing.com (xch15-06-10.nw.nos.boeing.com [137.136.239.219]) by phx-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id v16JFFfC003837 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=OK); Mon, 6 Feb 2017 12:15:15 -0700
Received: from XCH15-06-08.nw.nos.boeing.com (2002:8988:eede::8988:eede) by XCH15-06-10.nw.nos.boeing.com (2002:8988:efdb::8988:efdb) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Mon, 6 Feb 2017 11:15:14 -0800
Received: from XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) by XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) with mapi id 15.00.1178.000; Mon, 6 Feb 2017 11:15:14 -0800
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Mark Smith <markzzzsmith@gmail.com>
Subject: RE: Route Information Options in Redirect Messages (updated)
Thread-Topic: Route Information Options in Redirect Messages (updated)
Thread-Index: AdJ8F7CvYW0JrWzvRzOTQSlLsXA0KQDfEEQAAEQ3q4A=
Date: Mon, 6 Feb 2017 19:15:14 +0000
Message-ID: <32282fd010c6439db0c50f05f90349d8@XCH15-06-08.nw.nos.boeing.com>
References: <9910b4acd87044e89fad83bb5c795b77@XCH15-06-08.nw.nos.boeing.com> <CAO42Z2x1onTLOXtprLpjd6jj0xkdAVK=3JgYLRetLersmwcf6A@mail.gmail.com>
In-Reply-To: <CAO42Z2x1onTLOXtprLpjd6jj0xkdAVK=3JgYLRetLersmwcf6A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [137.136.248.6]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/MpgXNu5WNEMUDHPBvGL7IUzkxw4>
Cc: james woodyatt <jhw@google.com>, IPv6 List <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Feb 2017 19:15:20 -0000

Hi Mark,

> -----Original Message-----
> From: Mark Smith [mailto:markzzzsmith@gmail.com]
> Sent: Saturday, February 04, 2017 5:41 PM
> To: Templin, Fred L <Fred.L.Templin@boeing.com>
> Cc: IPv6 List <ipv6@ietf.org>rg>; james woodyatt <jhw@google.com>
> Subject: Re: Route Information Options in Redirect Messages (updated)
> 
> Hi Fred, James,
> 
> On 1 February 2017 at 10:14, Templin, Fred L <Fred.L.Templin@boeing.com> wrote:
> > An updated version of "Route Information Options in Redirect Messages" is now
> > available (see below). This version addresses 6man list comments posted in the
> > 1/9/2017 - 1/12/2017 timeframe, and re-aligns the work from intarea to 6man.
> > It also expands on several aspects of the proposal that were not covered in the
> > intarea draft. Please (re-)review and post comments to the list.
> >
> > Fred and James
> >
> 
> I had an idea for this sort for thing a few years ago,

This idea is indeed not new, and has already been published in a string of
informational and experimental RFCs (RFC5558, RFC5720, RFC6179, RFC6706).
RFC6706 in particular shows the inclusion of RIOs in Redirects.

> and have another couple of use cases.

That is good. We think there will be lots of additional use cases.

> I'd be interested in being a co-author.

Thanks for offering your services; James and I will discuss it.

> Firstly, I think a more user friendly name for it could be a "Prefix Redirect".

It sounds nice, but could morph into the term "Predirect" which is already
used for a different purpose in RFC6706. We could still consider it as
inline text in the draft, but I would not be in favor of its use in the title.

> The first use case is the Next Hop Resolution Protocol scenario, where
> there are a set of routers on a mutli-access link, however they're not
> running a dynamic routing protocol between themselves. There is a
> primary router that has knowledge of all other routers and the
> prefixes behind them in the link, and secondary routers that only have
> knowledge of the primary router to which they default route. When the
> primary router knows that secondary router is sending traffic to
> another secondary router on the same link, it sends a "prefix
> redirect" to the first secondary router, establishing a more direct
> path over the multi-access layer 2 link.

Yes. That is exactly the NBMA link model that has been established in
the RFCs I cited above and carries forward into 'draft-templin-aerolink'.
So, I agree with the scenario.

> The more specific example of this use case I was thinking of was an
> ADSL broadband scenario common here in .au, where in the telephone
> exchanges (C.O.s in US terminology), customer ADSL traffic is
> aggregated at layer 2 (Ethernet), and then switched between
> subscribers attached to the same exchange by an off-site BRAS, with
> that inter-subscriber traffic having to traverse the backhaul link to
> the BRAS twice.

Sounds good to me, and more use cases like this are welcome.

> In this scenario a "prefix redirect" sent to the customer RGs would
> allow the intra-exchange traffic to stay local rather than traversing
> the backhaul link. This could also be more useful if there is a CDN
> subnet present in the exchange, allowing the RGs to send and receive
> traffic directly to/from the CDN over the intra-exchange network,
> further keeping traffic local to the exchange. There are some security
> issues here, however if they are overcome, it could be very beneficial
> to keep intra-exchange traffic local, as backhaul and BRAS resources
> are comparatively quite expensive compared to intra-exchange layer 2
> aggregation resources.

Keeping the intra-exchange traffic local is the right idea, and not only
provides a more direct path but also reduces the load on critical network
infrastructure.

> The other use case, which I think is likely the one the in mind when
> the draft was written was delegation of prefixes to individual hosts,
> so that inter-host traffic is direct between hosts rather than via the
> hosts' default router. I think referring to RFC7934 would be useful
> for this case.

This idea has been around in 'draft-templin-aerolink' and its predecessor
RFCs (RFC5558, RFC5720, RFC6179, RFC6706) for many years. I mentioned
this to the RFC7934 authors before its publication but was rebuffed.

> Specific to sections of the draft:
> 
> 1.  Introduction
> 
> I think describing these sorts of messages as a "hint" can be a good
> way to convey the concept. e.g.,
> 
> 'Routers sending these redirect messages are providing a "hint" to the
> recipient about an alternate and more optimal forwarding path to the
> destinations covered by the prefix. The recipient can ignore this
> hint. Sending of traffic by the recipient should still be successful,
> although less optimal."

While I agree with you, I wonder if anything needs to be said in the
draft since RFC4861 already says:

"  A router MUST limit the rate at which Redirect messages are sent, in
   order to limit the bandwidth and processing costs incurred by the
   Redirect messages when the source does not correctly respond to the
   Redirects, or the source chooses to ignore unauthenticated Redirect
   messages.  More details on the rate-limiting of ICMP error messages
   can be found in [ICMPv6]."

This (sort of) permits sources to ignore redirects, which could in
essence mean that the source can interpret redirects as a hint.
But, if you think our draft should say more we could consider it.

> 3.1.  Validation of Redirect Messages
> 
> When thinking about the ADSL scenario above, I'd thought that the RGs
> should only be accepting "prefix redirect" messages from known default
> router(s), learned via RAs or static configuration. As long as bogus
> RAs are prevented from being spoofed on the link, which is necessary
> in an untrusted broadband environment, this would prevent unauthorised
> traffic redirection.

We talk about trust in security considerations. But, note that not only
the default router but also the "current first-hop router" could send
redirects.

> RFC4861 does to a level of of this sort of validation for single
> address redirects:
> 
> "The IP source address of the Redirect is the same as the current
>         first-hop router for the specified ICMP Destination Address."
> 
> however I don't think it is enough validation for these "prefix redirects".

We say more about this in security considerations.

> A scenario would be that the BRAS sends a "prefix redirect" to RG A
> for RGB's /56. RG B would now be the next hop for the /56, and
> therefore RG B could send a "prefix redirect" to RG A for a /57 (or
> two "prefix redirects" for the two /57s covering the /56), causing RG
> A to now send that traffic where ever RG B wanted it to be sent,
> rather than to where the BRAS directed RG A to send it.

RG B could certainly redirect RG A to RG C, that is true. And, if there
is a chance that RG B is being untruthful then RG A should ignore the
messages. Again, the place to discuss this is in security considerations.

> So I think the validations for a single address redirect in RFC4861
> apply, except that "prefix redirects" should only be accepted from a
> default router, learned via an RA or static configuration.

It depends on the security scenario. If routers on the link can truly trust
each other, then it should be OK for RG B to redirect A to C. If some other
form of trust enforcement is needed (e.g., SEND) then so be it.

But, the security considerations for a redirected prefix vs. a redirected
address are one and the same. If there is any chance of spoofing, then
accepting a spoofed redirect would lead to corruption in either case.
In other words, it is never OK to accept a spoofed redirect whether
it only includes a singleton destination address or an entire prefix.

> 3.3.  Host Specification
> 
> I think it would be worth mentioning that in the ADSL/RG scenario
> above (if included), the RGs are acting as a host on their WAN
> interface and that processing of these "prefix redirects" is occurring
> for the same reason that RGs process RAs, as per the W-3 requirement
> in RFC7084.

I like this citation, and agree it would be worth adding.

> I think that is it for the moment.

Thanks for these very helpful comments!

Fred

> Regards,
> Mark.