IETF Logo Mail Archive

Re: In consideration of I-D.templin-6man-rio-redirect

james woodyatt <jhw@google.com> Thu, 20 July 2017 12:07 UTC

Return-Path: <jhw@google.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94B26131A5F for <ipv6@ietfa.amsl.com>; Thu, 20 Jul 2017 05:07:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zF8IDvAZUwOx for <ipv6@ietfa.amsl.com>; Thu, 20 Jul 2017 05:07:29 -0700 (PDT)
Received: from mail-wr0-x231.google.com (mail-wr0-x231.google.com [IPv6:2a00:1450:400c:c0c::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F6FF131A86 for <ipv6@ietf.org>; Thu, 20 Jul 2017 05:07:29 -0700 (PDT)
Received: by mail-wr0-x231.google.com with SMTP id k71so16431314wrc.2 for <ipv6@ietf.org>; Thu, 20 Jul 2017 05:07:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:mime-version:subject:date:references:to:in-reply-to:message-id; bh=LmVUFuvIGd0Tixg49xFmG1pRljFr0AWQ1XbJxsvwXbo=; b=gZDFiMiYuVugbuDt47gLc8CD1cNesKmaaqhdZYRiSBzmAAWJnQWb+Je5voudxSCG3m ht8f+nXVhfSMFmOEOowS9zSinIO/Vfd8fuHHmd6SpSk+eD63F7dyHXhHOyLth8mAT5Xo pn3P7X3pxe7CEJVYsZXKuXOevtQrXqwBP+QLq82sQXxkNm2GtwhnjTRoOHxO32tnh8NC S8ZiSZUy9XE4kgq0qmNQjsNG285QT6FZyhv0aa/d1f7ZX7Qt1f3ETHkiz2phAN//vPIE d8GDF2SjigDDoBoGf405gyXb+TEz1vRtnWwOJvXBvfG8tLleBVVllkSenNaMD1t+HVCn k84w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:date:references:to :in-reply-to:message-id; bh=LmVUFuvIGd0Tixg49xFmG1pRljFr0AWQ1XbJxsvwXbo=; b=esdaa1U2U3qRmo148hjxJ+RfvMV+nm+ygsm02lE5a4dxns6KUm38gdn/wDj1/Z6pYg Z7wfJT+i/C3x2RenmZ1lvHnuwGPbL1p7xsAn46kcGjco0YkgYxVHvC/dtB6nacdEZRgq hfIR+jAM5vxCPkYQkg1CGCdaU4hQBJAStjCFnd4NqrFZmM1kahh8laZ+1v+vFzlv7ciT oIhB8W5AsvjJFeABtIB5QZH7PeT3JYlZyRUk3dH+GXVLIPNzI+YWafjDp4RiZsNXxaZw KAaF2qr+yfZGHVkajAhcMCIWK5CW/z6y+CeZ7ezaK2B+4zKdeEnhME1f353eeOKNcLtm cb4g==
X-Gm-Message-State: AIVw1127LigjEr1oMwhzAd7EiLFgJp3H0e7VM7o4ox7sub9HLM1YuuXe 9muwCstrv3sUz4P0wB+/AA==
X-Received: by 10.223.133.161 with SMTP id 30mr6588480wrt.102.1500552447315; Thu, 20 Jul 2017 05:07:27 -0700 (PDT)
Received: from ?IPv6:2001:67c:370:1998:59a7:a922:e7c7:ac0e? ([2001:67c:370:1998:59a7:a922:e7c7:ac0e]) by smtp.gmail.com with ESMTPSA id l22sm2381488wmi.48.2017.07.20.05.07.26 for <ipv6@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Jul 2017 05:07:26 -0700 (PDT)
From: james woodyatt <jhw@google.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_5BEB03A6-4995-4F51-87C3-717CDD7B58AB"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Subject: Re: In consideration of I-D.templin-6man-rio-redirect
Date: Thu, 20 Jul 2017 14:07:25 +0200
References: <2C483555-4761-4149-B00D-DAA04CEE13E5@google.com> <4a50273fd30849c8836ebc1dda0076d3@XCH15-06-08.nw.nos.boeing.com> <E5191F75-C409-4A04-A370-0FF54B9814DB@cisco.com> <8009DD43-FB28-41E7-8439-EC7F559E0181@google.com>
To: IPv6 List <ipv6@ietf.org>
In-Reply-To: <8009DD43-FB28-41E7-8439-EC7F559E0181@google.com>
Message-Id: <FED9B90B-F171-48C9-99B1-9D3A09BD6238@google.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/XoCOPR9RTrvEhG70xP09WYEgp9E>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jul 2017 12:07:31 -0000

On Jul 19, 2017, at 13:18, james woodyatt <jhw@google.com> wrote:
> On Jul 19, 2017, at 11:05, Bernie Volz (volz) <volz@cisco.com <mailto:volz@cisco.com>> wrote:
>> 
>> Couldn't the LAN case be solved by sending a PIO with shorter prefix length covering the address space with on-link set but SLAAC disabled?
> 
> That could work, but it would entail a NS/NS exchange and ND cache entries at the Source for every address in use that is delegated to the Target. Another similar method could work using the existing ND Redirect messages, which would have the same effect: inserting ND cache entries for each address.
> 
> You should think of our proposal as an optimization that lifts all those ND cache entries up into the host route table for whole prefixes at a time.

In fact, while this usage scenario isn’t the primary motivation of the authors, it probably warrants further discussion because adopting this proposal might make some desirable aspects of this kind of operating environment work better.

Consider a network where the routers advertise M=1 and no PIO option at all. In conformance with RFC 7934, a DHCPv6 service is provided that grants leases to clients making Prefix Delegation (PD) requests with delegated prefixes at least 64 bits in length, i.e. if a host asks for a prefix shorter than a /64, then it gets a /64, and if it asks for a longer one, then it gets a longer one. The DHCPv6 server is configured with a pool of prefix space for which the routers serve the link. Hosts use SLAAC (or some other method) to self-assign interface addresses in the prefixes they are delegated by the DHCPv6 server, and because there is no on-link prefix advertised, they send all their non-linklocal destination packets to their default router. (A reason you might want to do this is for scalability in networks with lots of hosts and terrible L2 multicast capability.)

Without our enhancements to RIO in this draft, optimizing the path from a source address to destination on the link so that it need not be forwarded by the default router entails the router sending ND Redirect to the source and destination hosts for each to directly target the other. This is kinda perilous, because redirection host route table entries are only removed by NUD and updated only by the target sending another ND Redirect. It’s also kinda tedious that you have to arrange ND Redirect exchanges for every source/destination pair.

Wouldn’t it be better if you could redirect an entire /64 prefix all at once with a single ND Redirect message? Well, that’s what our draft does.

With the enhancements to RIO in this draft, rather than update the neighbor cached with host redirect messages, we update the host route table with prefix redirect messages. Additionally, our draft makes some improvements to the operational semantics that allow for removing stale routes in a timely way.

In any case, we think this draft is in pretty good shape to be considered for working group adoption, and it seems to use that it provides a good solution to a variety of closely inter-related problems that have been in front of this group and others for a long time. Does anyone have further questions or comments to discuss?

--james woodyatt <jhw@google.com <mailto:jhw@google.com>>

v2.23.0 | Report a Bug | By Email