IETF Logo Mail Archive

RE: encoding Subnet ID in link-local addrs (Re: about violation of standards)

"Mudric, Dusan (Dusan)" <dmudric@avaya.com> Mon, 29 April 2019 14:32 UTC

Return-Path: <dmudric@avaya.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37545120337 for <ipv6@ietfa.amsl.com>; Mon, 29 Apr 2019 07:32:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.121
X-Spam-Level:
X-Spam-Status: No, score=-6.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_NEUTRAL=0.779] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=avaya365.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TJmrXcA-W5sg for <ipv6@ietfa.amsl.com>; Mon, 29 Apr 2019 07:32:06 -0700 (PDT)
Received: from p-us1-iereast-outbound.us1.avaya.com (p-us1-iereast-outbound.us1.avaya.com [135.11.29.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C0F0120333 for <ipv6@ietf.org>; Mon, 29 Apr 2019 07:32:06 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A2EkAADvCcdc/wUHmMZmGwEBAQEDAQEBBwMBAQGBUgUBAQELAYE9UAOBPR0DBDMKhAaDRwOPDZsnFIEQAxg8DwEtAoQ+AheGHCM1CA4BAwEBAQQBAQEBAgICaRwMg0U5MgEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQUCODkCAQMSEREMAQE3AQ8CAQgNBQgCJgICAjAVAg4CBAENDRMHhGoDHAECAqJJAoEGL4hfcYEvGgKCXQEBBYR6GIIOCQkBgQEnAYtJF4FBPoERRoFOfj6ECD4VgnMygiaKc4JJhGOTd2UJAoIJh0eLB4INhjSDVgOJDYwNlE0CAgICBAUCDgEBBYFQATeBVnAVgyeCDwwXg0yKU3KBKZFwAYEgAQE
X-IPAS-Result: A2EkAADvCcdc/wUHmMZmGwEBAQEDAQEBBwMBAQGBUgUBAQELAYE9UAOBPR0DBDMKhAaDRwOPDZsnFIEQAxg8DwEtAoQ+AheGHCM1CA4BAwEBAQQBAQEBAgICaRwMg0U5MgEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQUCODkCAQMSEREMAQE3AQ8CAQgNBQgCJgICAjAVAg4CBAENDRMHhGoDHAECAqJJAoEGL4hfcYEvGgKCXQEBBYR6GIIOCQkBgQEnAYtJF4FBPoERRoFOfj6ECD4VgnMygiaKc4JJhGOTd2UJAoIJh0eLB4INhjSDVgOJDYwNlE0CAgICBAUCDgEBBYFQATeBVnAVgyeCDwwXg0yKU3KBKZFwAYEgAQE
X-IronPort-AV: E=Sophos;i="5.60,409,1549947600"; d="scan'208";a="337917197"
Received: from unknown (HELO co300216-co-erhwest.avaya.com) ([198.152.7.5]) by p-us1-iereast-outbound.us1.avaya.com with ESMTP; 29 Apr 2019 10:32:03 -0400
X-OutboundMail_SMTP: 1
Received: from unknown (HELO AZ-US1EXHC04.global.avaya.com) ([135.11.85.15]) by co300216-co-erhwest-out.avaya.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 29 Apr 2019 10:32:03 -0400
Received: from PW365VMAP01.avaya.com (135.11.29.21) by az-us1exhc04.global.avaya.com (135.11.85.15) with Microsoft SMTP Server (TLS) id 14.3.408.0; Mon, 29 Apr 2019 10:31:55 -0400
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (104.47.42.51) by PW365VMAP01.avaya.com (135.11.29.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1531.3; Mon, 29 Apr 2019 09:31:54 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Avaya365.onmicrosoft.com; s=selector1-avaya-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A7kYHG3fnAYf3cNQu1LZvKiEblzEIXPJTPF2sHgqgcs=; b=zcGJko4ynCVkEARwmt13Oyk2IPwhkch0a0l3khlMI4ffoscRMuIvA9KLs1GQjctoco1+jmhWKWOm3tYlKZxltjdC8sWtbcfw4OolDKbe0H97ncAhcUNHPeVuGP/BaGcagfTbgeq0td6IFEadb72kB7hIBFi06SlVmBJ48hXQEbk=
Received: from DM6PR15MB2506.namprd15.prod.outlook.com (20.176.71.32) by DM6PR15MB2667.namprd15.prod.outlook.com (20.179.162.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1835.12; Mon, 29 Apr 2019 14:31:50 +0000
Received: from DM6PR15MB2506.namprd15.prod.outlook.com ([fe80::f9bf:a95a:e7db:2480]) by DM6PR15MB2506.namprd15.prod.outlook.com ([fe80::f9bf:a95a:e7db:2480%5]) with mapi id 15.20.1835.018; Mon, 29 Apr 2019 14:31:50 +0000
From: "Mudric, Dusan (Dusan)" <dmudric@avaya.com>
To: Alexandre Petrescu <alexandre.petrescu@gmail.com>, "ipv6@ietf.org" <ipv6@ietf.org>, Ole Troan <otroan@employees.org>, "," <jinmei@wide.ad.jp>
CC: "Pascal Thubert (pthubert" <pthubert@cisco.com>
Subject: RE: encoding Subnet ID in link-local addrs (Re: about violation of standards)
Thread-Topic: encoding Subnet ID in link-local addrs (Re: about violation of standards)
Thread-Index: AQHU/A7HNVm8W1+e1UilnG8VUtmmS6ZOtn5QgAGc6wCAAtRrYA==
Date: Mon, 29 Apr 2019 14:31:49 +0000
Message-ID: <DM6PR15MB25060E0CCDFF2D4CAC7B7C89BB390@DM6PR15MB2506.namprd15.prod.outlook.com>
References: <DM6PR15MB25060A2397F2949C08B4A896BB3D0@DM6PR15MB2506.namprd15.prod.outlook.com> <b9e5830f-93a8-bd76-b89f-a4c9d677bce0@gmail.com> <DM6PR15MB25063731096796F863842B8ABB3E0@DM6PR15MB2506.namprd15.prod.outlook.com> <118221f3-2575-dd9e-d0c6-4e932f382e8c@gmail.com>
In-Reply-To: <118221f3-2575-dd9e-d0c6-4e932f382e8c@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dmudric@avaya.com;
x-originating-ip: [104.129.196.170]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 76cdb720-8760-4412-6518-08d6ccaf6ab7
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:DM6PR15MB2667;
x-ms-traffictypediagnostic: DM6PR15MB2667:
x-microsoft-antispam-prvs: <DM6PR15MB266793FA22764999E05F1B43BB390@DM6PR15MB2667.namprd15.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0022134A87
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(136003)(346002)(366004)(396003)(39860400002)(189003)(199004)(97736004)(14454004)(71190400001)(71200400001)(74316002)(33656002)(2906002)(3846002)(6116002)(9686003)(53936002)(8936002)(6436002)(305945005)(7736002)(8676002)(93886005)(68736007)(2501003)(81156014)(81166006)(25786009)(478600001)(4326008)(229853002)(6506007)(52536014)(256004)(14444005)(5024004)(6246003)(76176011)(11346002)(446003)(66556008)(55016002)(26005)(476003)(76116006)(66476007)(73956011)(66946007)(64756008)(66446008)(486006)(186003)(316002)(55236004)(5660300002)(99286004)(86362001)(66574012)(7696005)(66066001)(102836004)(110136005); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR15MB2667; H:DM6PR15MB2506.namprd15.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: avaya.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: OJ8Pztdgv8PKIuVpRvy1AZA1rjC7FeF3VXDo3TMIy51vGcyOVgRUD0KLn5PVonxUFGi0xnXnkvc9K9ISBnRgn+RLB+ej4D5bvS1En6J1UjQVO524HriFml6ZOfHdncg/6cOZGqQEq056yUE0/DxwkDLkbNSh+7cHPZJO7H27sDKXzJvSF3pIhqU20mBE7ihkOWBabdGYXuOQp9V58mDT59OxsjLAgjkXu6O0zsnVptIOKjJfkHqNunN5Yvxiz+Y4v8h7cQvcatgBE1ZYpkBXFlQ8T0HPDQg9KZ/uwG96RtvCIfDRF+fe/71cA//zua29qHFJOZsFlKidy+//sUtc13l37IAiQQsghovRKboFN4A4D45Zki6ngEkecG4s8l+uNgqU1rzn4GFgsssaEplpFwE6+zywz7VnefsY9jUfacg=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 76cdb720-8760-4412-6518-08d6ccaf6ab7
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Apr 2019 14:31:50.0300 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 04a2636c-326d-48ff-93f8-709875bd3aa9
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR15MB2667
X-OriginatorOrg: avaya.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/ZaROfG8au93EI1i9IXFkCI9Jlgk>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Apr 2019 14:32:09 -0000

> >>
> >> Le 25/04/2019 à 16:32, Mudric, Dusan (Dusan) a écrit :
> >>>
> >>>> 2 IPv6 link-local addresses are typically self-configured according
> >>>> to 4 RFCs and relying on the fe80::/10 IANA allocation, RFC 54 0
> >>>> bits, and RFC MAC-based 64bit Interface IDs.  In some cases, it is
> >>>> advantageous to manually configure link-local addresses.  This is
> >>>> useful for easy remembering by humans, and for parameter resilience
> >>>> during network interface replacement.
> >>>>
> >>>> Manual configuration of an LL may use short IID and Subnet ID The
> >>>> Subnet ID presence in the link-local address is useful in some
> >>>> wireless settings where the subnet structure parameters depend on
> >>>> the link locality.  Other settings may also benefit.
> >>>>
> >>>> When manually setting the link-local address it is necessary to
> >>>> know the length of the prefix of the subnet on which this
> >>>> link-local address is present.  This length is necessary for
> >>>> on-link determination.
> >>>>
> >>> [Dusan] Is the Subnet ID unique per host?
> >>
> >> In  my setting, the Subnet ID in the LL address is unique per subnet,
> >> not per host.  There is a subnet formed by the front bumper interface
> >> in the follower car and the rear bumper interface of the lead car.
> >>
> >> The Subnet ID in an LL address would be unique per a set of hosts in
> >> that subnet.
> >>
> >>> Is it possible that all hosts on the link share the same Subnet ID?
> >>
> >> Yes, they should.
> >>
> >>> Can somebody provide more details about the problem and how this
> >>> solution will solve the problem?
> >>
> >> More details about the problem: RFC4291 54 0 bits would refuse to
> >> change to accomodate this solution's Subnet ID in an LL address;
> >> another detail is that one particular OS would not allow the manual
> >> configuration of an LL address setting some of these 54 0 bits.
> >>
> >> Alex
> >>
> >>>
> > [Dusan] These are RFC4291 and OS limitations, if you would define Subnet
> ID in LL address.
> 
> Agreed.
> 
> > Based on the comment above, I gather you are talking about vehicle-
> > to-vehicle (V2V) communication.
> 
> YEs.  How IP could be used in V2V communications? one would look at the
> IPWAVE WG Problem Statement and Use Cases
> draft-ietf-ipwave-vehicular-networking-08
> section 'V2V' and an Architecture Figure 1 depicting a relevant topology of
> V2V and V2I.
> 
> > Looks like there are several cars talking to each other on the local
> > link. They form a subnet.
> 
> Yes.  In my setting, there can be two or three cars in a subnet.  When there
> are two in a subnet they are either a convoy of two cars, or a convoy of three
> cars with two subnets: car-subnet1-car-subnet2-car.
> When there are three cars in a subnet the convoy is not linear, but a
> triangular formation: the leader has two first followers, and they are more
> like in a triangle than in a line.
> 
> > Somehow, somewhere, there is a master
> > device that knows this is a subnet.
> 
> Yes, that is the Cloud who knows the subnets; it knows the frequencies
> (channels) on which subnets are; one subnet is in a channel and vice-versa;
> the cloud also knows, or imposes, who are the participants in each subnet
> and their relative position in the convoy (Leader, First Follower, Second
> Follower).
> 
> > May be that device's link is on
> > the subnet. ...
> 
> YEs.  There is an IP-OBU (Internet Protocol On-Board Unit) on each car; this
> IP-OBU has several IP-enabled interfaces; the interface of an IP- OBU in one
> car forms a subnet with the interface of another IP-OBU in another car.
> >
> 
> >
> > - Can you please provide more details about the topology first,
> 
> The topology in a linear convoy is like this:
> 
>       car1                       car2                        car3
>     ---------                   ---------                  ---------
>    | IP-OBU1 | ---subnet1 ---- | IP-OBU2 | --- subnet2--- | IP-OBU3 |
>     ---------                   ---------                  ---------
>        |in-car                     |                          |
>        |subnets: Ethernet, WiFi, CAN, BT, etc
> 
> (subnet1 is on 5880 MHz, subnet2 is on 5890 MHz)
> 
> (in the triangular convoy the figure is different)
> 
> > - then, details about the restrictions with the current LL definition
> > in that topology,
> 
> In the above topology the restrictions with RFC4291 definitions, and the
> FreeBSD implementations are the following:
> 
> - RFC4291 needs 64bit MAC-based IIDs on the LLs on subnet1 and subnet2.
>    The inconvenients of these restrictions are the following:
>    - 64bit IIDs are too long to remember and type; easy to remember
>      addresses are good for network debugging.
>    - MAC-based IIDs may have some privacy risk; attackers on the road
>      may listen to these IIDs (they are sent outside the car) and make
>      associations that may help tracking users, like web cookies do.
>    - RFC 4291 54 0 bits make it impossible to assign subnet-specific
>      link-local addresses to subnet1 and subnet2.
>      A RFC4291-compliant link-local address, like fe80::IID/64, assigned
>      to
>      an interface on subnet2, and replying from a ping from subnet1, does
>      not give ensurance that subnets (on 5880 MHz or on 5890 MHz) are set
>      up wrongly.  It may be that the channels are set wrong (subnets are
>      set up wrongly) as much as it may be that that fe80::IID/64 is in
>      the
>      same subnet as the pinger and the channels are right.
> 
>      On another hand, if the LL addresses were like
>      fe80:1::X on subnet1 and fe80:2::Y on subnet 2, then a ping issued
>      from subnet1 to fe80:2::X and replying OK means clearly that the
>      channels are set wrongly.
> 
>      RFC4291 54 0 bits prevent this use of subnet-specific LL addresses.
> 
> - FreeBSD OS:
>    - forbids the manual assignment of LL addresses on interfaces (it is
>      impossible to ifconfig add fe80::2 on an interface).
>    - FreeBSD OS does not implement OCB mode.  OCB mode is an
>      essential kind of link in vehicular communications.
> 
> > - then, details about the expected improvements if LL has the Subnet ID?
> 
> The expected improvements are the following:
> 
> - human users type short LL addresses, like fe80:1::1 instead of long to type
> addresses like fe80::IID64bit
> - use fe80:1::1 and fe80:2::1 in two distinct subnets; if a ping from
> fe80:1::1 to fe80:1::2 that does not reply means the channels are wrong;
> otherwise (with fe80::IID) it is impossible to say whether the channels are
> wrong or that wrong address was used to ping (all fe80::IID64bit) look the
> same to a human - they are 'random').
> - BSD allowing manual configuration of LL addresses may have other benefits
> outside the OCB context
> 
> > Once we understand these three categories, we will be able to talk
> > about solutions. May be the solution will be generic enough to help
> > other mobile hosts too, not just V2V.
> YEs, easy to remember link-local addresses can be used by sys admin to
> diagnose links between UE and pGW.  Currently these link-local addresses on
> the UE and pGW are negotiated at link setup time (LCP protocool).
> This negotiations comes up with 64bit IIDs.  They get in the routing tables of
> both.  When human tries to test whether they work human needs to copy
> paste that long address and ping it; it would have been easier if the
> negotiation gave shorter IIDs like 1, or 2.
> 
> Second, the pGW uses a distinct routing table entry for each UE attached to
> it.  IT would probably make sense to have the nexthop of that entry of a
> simple form and that also identifies briefly that entry: a nexthop like fe80:1::2
> means that the first '1' is the UE number 1.
> 
> YEs, we could talk about solutions that are valid outside V2V and OCB mode.
> 
> Alex
[Dusan] Great topology and problem descriptions. Thanks. 

I have further questions and initial proposals. 

- Why is it important to assign LLs manually?

- Is it more important to assign Subnet IDs or IIDs? Based on the examples above, managing Subnet IDs on a local link will allow 
-- grouping of devices (cars and devices within cars) within LL Subnets, and
-- a better control of devices on the LL Subnets.

- If the control can be done based on Subnet IDs, do these IDs have to be short and simple? 

- Would so simple LL addresses, like fe80:1::2 in the example, cause any security risks?

- Would it be more flexible to assign LL Subnet IDs automatically (for example using RA)?  The automatic assignment would allow simple LL Subnet IDs.

- Would LL Subnets benefit from the knowledge of the global subnets? I expect  the cloud that knows about subnets is also assigning the subnet prefixes for global addresses in Car1, Car2 and Car3.  Potentially, the same global prefixes can be reused within LL addresses, as Subnet IDs.

-  If global or random Subnet IDs are used, and they are long, can DNS help to reach subnets (for example resolve Subnet2Host1 name into fe80:Subnet2:1, so a user does not need to know  and type the long Subnet2Host1 number when pinging fe80:Subnet2:1)?

v2.23.0 | Report a Bug | By Email