IETF Logo Mail Archive

RE: Neighbor Unreachability Detection is too impatient

Alan Kavanagh <alan.kavanagh@ericsson.com> Tue, 31 May 2011 17:22 UTC

Return-Path: <alan.kavanagh@ericsson.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42322E088E for <ipv6@ietfa.amsl.com>; Tue, 31 May 2011 10:22:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Level:
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XQwsCoOcmhwb for <ipv6@ietfa.amsl.com>; Tue, 31 May 2011 10:22:10 -0700 (PDT)
Received: from imr4.ericy.com (imr4.ericy.com [198.24.6.8]) by ietfa.amsl.com (Postfix) with ESMTP id 4E93FE088C for <ipv6@ietf.org>; Tue, 31 May 2011 10:22:10 -0700 (PDT)
Received: from eusaamw0712.eamcs.ericsson.se ([147.117.20.181]) by imr4.ericy.com (8.14.3/8.14.3/Debian-9.1ubuntu1) with ESMTP id p4VHM1cg024773; Tue, 31 May 2011 12:22:07 -0500
Received: from EUSAACMS0701.eamcs.ericsson.se ([169.254.1.65]) by eusaamw0712.eamcs.ericsson.se ([147.117.20.181]) with mapi; Tue, 31 May 2011 13:22:03 -0400
From: Alan Kavanagh <alan.kavanagh@ericsson.com>
To: Mark Townsley <mark@townsley.net>, Erik Nordmark <nordmark@acm.org>
Date: Tue, 31 May 2011 13:22:02 -0400
Subject: RE: Neighbor Unreachability Detection is too impatient
Thread-Topic: Neighbor Unreachability Detection is too impatient
Thread-Index: AcwZgmYA/X0tP2XEQ+qX0cChAxVT+AGM6+Zw
Message-ID: <1B6D0317D3AD964FBF3956DEFA3524D50B3123439F@EUSAACMS0701.eamcs.ericsson.se>
References: <4DDAAB85.8000103@acm.org> <A060557C-E12B-4D7A-9454-27CDC7764F42@townsley.net>
In-Reply-To: <A060557C-E12B-4D7A-9454-27CDC7764F42@townsley.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_1B6D0317D3AD964FBF3956DEFA3524D50B3123439FEUSAACMS0701e_"
MIME-Version: 1.0
Cc: "ipv6@ietf.org" <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 May 2011 17:22:11 -0000

Hi Mark

That BBF WT-146 NUD for session monitoring was based on the idea that NUD is native to IPv6 compliant devices such as host, cpe and routers and was chosen as a passive way to do session monitoring.

Alan

________________________________
From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On Behalf Of Mark Townsley
Sent: May-23-11 3:47 PM
To: Erik Nordmark
Cc: ipv6@ietf.org
Subject: Re: Neighbor Unreachability Detection is too impatient


Erik Kline and I wrote up an experience we had with NUD and a broken IPv6 firewall on my home network.

http://sites.google.com/site/ipv6center/icmpv6-is-non-optional

In short, NUD thought that a host which was in the neighbor cache really wasn't available (due to incorrect FW blocking at the host) removed it from the neighbor cache and started dropping packets (and causing timeouts in gmail). In test, it took about 8 pings for the problem to manifest (time for NUD to retry enough to fail), which was followed by the classic IPv6 to IPv4 failover by the host (Windows Vista).

On one hand, if NUD had been more patient we may have never noticed. However, tracking down a bug that showed up less often would have clearly been more difficult to diagnose. Double-edged sword.

Also, the Broadband Forum's WT-146 (which isn't a public document, but if you are BBF member you can take a look at it)  specifies NUD as a monitoring mechanism for "IPv6 sessions" over access links (which ultimately may be tied into billing, alerts, etc.).

- Mark



On May 23, 2011, at 8:46 PM, Erik Nordmark wrote:


This draft proposes to change the requirement that NUD can not retransmit more than three times, so that NUD can be more robust against temporary network outages.

Comments?

  Erik

-------- Original Message --------
Subject: New Version Notification for draft-nordmark-6man-impatient-nud-00.txt
Date: Mon, 23 May 2011 11:43:16 -0700
From: internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>
To: nordmark@cisco.com<mailto:nordmark@cisco.com>
CC: nordmark@cisco.com<mailto:nordmark@cisco.com>

A new version of I-D, draft-nordmark-6man-impatient-nud-00.txt has been successfully submitted by Erik Nordmark and posted to the IETF repository.

Filename: draft-nordmark-6man-impatient-nud
Revision: 00
Title: Neighbor Unreachability Detection is too impatient
Creation date: 2011-05-23
WG ID: Individual Submission
Number of pages: 5

Abstract:
  IPv6 Neighbor Discovery includes Neighbor Unreachability Detection.
  That function is very useful when a host has an alternative, for
  instance multiple default routers, since it allows the host to switch
  to the alternative in short time.  This time is 3 seconds after the
  node starts probing.  However, if there are no alternatives, this is
  far too impatient.  This document proposes an approach where an
  implementation can choose the timeout behavior to be different based
  on whether or not there are alternatives.




The IETF Secretariat
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org<mailto:ipv6@ietf.org>
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email