Re: Route Information Options in Redirect Messages (updated)

Mark Smith <markzzzsmith@gmail.com> Sun, 05 February 2017 01:41 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 305F912940A for <ipv6@ietfa.amsl.com>; Sat, 4 Feb 2017 17:41:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.499
X-Spam-Level:
X-Spam-Status: No, score=-0.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X6WlFqLvb3DE for <ipv6@ietfa.amsl.com>; Sat, 4 Feb 2017 17:41:26 -0800 (PST)
Received: from mail-ua0-x244.google.com (mail-ua0-x244.google.com [IPv6:2607:f8b0:400c:c08::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 443671293DF for <ipv6@ietf.org>; Sat, 4 Feb 2017 17:41:26 -0800 (PST)
Received: by mail-ua0-x244.google.com with SMTP id i68so4511337uad.1 for <ipv6@ietf.org>; Sat, 04 Feb 2017 17:41:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=eFZwSJ4l5ZCRjRZ0/bOgHI/4/FrGp333npaD8EWYWKk=; b=RTFyygTJhKVHxcBnvIBRy9ATFNfM0Pe9wz6JfW9sgMGDYuqBOS15T5FqEN5Myv18wB BzhEoZ6mlCoU4EMOYXkafHfG9nJvx+zK7cVjoETpXx8QgkoiHv65E3dxAg8r0R4ZlWbR MgAB/paozisjcXpTZABhkP8Kj8NRbeHSPerxZVISno+o9Tre/6e5ZnFmVGpfIlHSBZTl XIiGU+QWREL0sLUH26fWm/CIVZPYuwPN8U+0R+U+eTC9bhJx0/Gk2PsOr8w70JuOBRaD cAB6oHbIX+0jkwkEAKcrdOY12XPsEJKpqHJKOISzZM8nqIqlWRzW7GVHG2gnNnllcPrb Xvog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=eFZwSJ4l5ZCRjRZ0/bOgHI/4/FrGp333npaD8EWYWKk=; b=URyQlFpVR+Tt9gnZ8e6MLStyWBD+Ml2y28sUWvCigTdBNs3SMZknU1NIZyXkKqtA1z zeRxdxyB3iHabRXsb6btD7kMPxgels0DBm8idmCH2WMVF3688V0RnKfYKCaMUrkFVnIJ NNwNjv5mBty9+j4n1CnhGhOCSzUzshqIyLbWnagG/HbZLqvDahlQn++/W5oe5F/D4dw2 RDiU5JIOaX8BJh/ME4dFL0Q3v4q/VXERMuBrwu51jp/0P2MhMslmFfrqj1GCNuzetl8z HsSy/vioyY18Xw/8LRZitIpK/3y+2k/Q9BzpkMUHCetGafi1YZsvs/38mrDdYpkcZndW O4xw==
X-Gm-Message-State: AIkVDXI6R80pHUBl9DVK6ZuDhfn4/V4mUYq3XZsOA4AlYoy7wpvaeHugt+QLqO8HB2P+8HlTgVy4O5VFyISB2w==
X-Received: by 10.176.81.124 with SMTP id f57mr1661667uaa.18.1486258885243; Sat, 04 Feb 2017 17:41:25 -0800 (PST)
MIME-Version: 1.0
Received: by 10.159.33.173 with HTTP; Sat, 4 Feb 2017 17:40:54 -0800 (PST)
In-Reply-To: <9910b4acd87044e89fad83bb5c795b77@XCH15-06-08.nw.nos.boeing.com>
References: <9910b4acd87044e89fad83bb5c795b77@XCH15-06-08.nw.nos.boeing.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Sun, 5 Feb 2017 12:40:54 +1100
Message-ID: <CAO42Z2x1onTLOXtprLpjd6jj0xkdAVK=3JgYLRetLersmwcf6A@mail.gmail.com>
Subject: Re: Route Information Options in Redirect Messages (updated)
To: "Templin, Fred L" <Fred.L.Templin@boeing.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/cXz96ooCKLuNfakBt9xXGAw2sSs>
Cc: james woodyatt <jhw@google.com>, IPv6 List <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Feb 2017 01:41:27 -0000

Hi Fred, James,

On 1 February 2017 at 10:14, Templin, Fred L <Fred.L.Templin@boeing.com> wrote:
> An updated version of "Route Information Options in Redirect Messages" is now
> available (see below). This version addresses 6man list comments posted in the
> 1/9/2017 - 1/12/2017 timeframe, and re-aligns the work from intarea to 6man.
> It also expands on several aspects of the proposal that were not covered in the
> intarea draft. Please (re-)review and post comments to the list.
>
> Fred and James
>

I had an idea for this sort for thing a few years ago, and have
another couple of use cases. I'd be interested in being a co-author.

Firstly, I think a more user friendly name for it could be a "Prefix Redirect".

The first use case is the Next Hop Resolution Protocol scenario, where
there are a set of routers on a mutli-access link, however they're not
running a dynamic routing protocol between themselves. There is a
primary router that has knowledge of all other routers and the
prefixes behind them in the link, and secondary routers that only have
knowledge of the primary router to which they default route. When the
primary router knows that secondary router is sending traffic to
another secondary router on the same link, it sends a "prefix
redirect" to the first secondary router, establishing a more direct
path over the multi-access layer 2 link.

The more specific example of this use case I was thinking of was an
ADSL broadband scenario common here in .au, where in the telephone
exchanges (C.O.s in US terminology), customer ADSL traffic is
aggregated at layer 2 (Ethernet), and then switched between
subscribers attached to the same exchange by an off-site BRAS, with
that inter-subscriber traffic having to traverse the backhaul link to
the BRAS twice.

In this scenario a "prefix redirect" sent to the customer RGs would
allow the intra-exchange traffic to stay local rather than traversing
the backhaul link. This could also be more useful if there is a CDN
subnet present in the exchange, allowing the RGs to send and receive
traffic directly to/from the CDN over the intra-exchange network,
further keeping traffic local to the exchange. There are some security
issues here, however if they are overcome, it could be very beneficial
to keep intra-exchange traffic local, as backhaul and BRAS resources
are comparatively quite expensive compared to intra-exchange layer 2
aggregation resources.

The other use case, which I think is likely the one the in mind when
the draft was written was delegation of prefixes to individual hosts,
so that inter-host traffic is direct between hosts rather than via the
hosts' default router. I think referring to RFC7934 would be useful
for this case.

Specific to sections of the draft:

1.  Introduction

I think describing these sorts of messages as a "hint" can be a good
way to convey the concept. e.g.,

'Routers sending these redirect messages are providing a "hint" to the
recipient about an alternate and more optimal forwarding path to the
destinations covered by the prefix. The recipient can ignore this
hint. Sending of traffic by the recipient should still be successful,
although less optimal."


3.1.  Validation of Redirect Messages

When thinking about the ADSL scenario above, I'd thought that the RGs
should only be accepting "prefix redirect" messages from known default
router(s), learned via RAs or static configuration. As long as bogus
RAs are prevented from being spoofed on the link, which is necessary
in an untrusted broadband environment, this would prevent unauthorised
traffic redirection.

RFC4861 does to a level of of this sort of validation for single
address redirects:

"The IP source address of the Redirect is the same as the current
        first-hop router for the specified ICMP Destination Address."

however I don't think it is enough validation for these "prefix redirects".

A scenario would be that the BRAS sends a "prefix redirect" to RG A
for RGB's /56. RG B would now be the next hop for the /56, and
therefore RG B could send a "prefix redirect" to RG A for a /57 (or
two "prefix redirects" for the two /57s covering the /56), causing RG
A to now send that traffic where ever RG B wanted it to be sent,
rather than to where the BRAS directed RG A to send it.

So I think the validations for a single address redirect in RFC4861
apply, except that "prefix redirects" should only be accepted from a
default router, learned via an RA or static configuration.

3.3.  Host Specification

I think it would be worth mentioning that in the ADSL/RG scenario
above (if included), the RGs are acting as a host on their WAN
interface and that processing of these "prefix redirects" is occurring
for the same reason that RGs process RAs, as per the W-3 requirement
in RFC7084.



I think that is it for the moment.

Regards,
Mark.