Re: [v6ops] Why MHMP is still not operational
otroan@employees.org Mon, 01 August 2022 21:42 UTC
Return-Path: <otroan@employees.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7D1CC15A727; Mon, 1 Aug 2022 14:42:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GaLRoFJUaL80; Mon, 1 Aug 2022 14:42:11 -0700 (PDT)
Received: from clarinet.employees.org (clarinet.employees.org [198.137.202.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8E08C13CCD0; Mon, 1 Aug 2022 14:42:10 -0700 (PDT)
Received: from astfgl.hanazo.no (ti0389q160-1689.bb.online.no [212.251.183.172]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA512) (No client certificate requested) by clarinet.employees.org (Postfix) with ESMTPSA id 78C934E11B1D; Mon, 1 Aug 2022 21:42:09 +0000 (UTC)
Received: from smtpclient.apple (localhost [IPv6:::1]) by astfgl.hanazo.no (Postfix) with ESMTP id C0BB8746B2DB; Mon, 1 Aug 2022 23:42:02 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
Subject: Re: [v6ops] Why MHMP is still not operational
From: otroan@employees.org
In-Reply-To: <a4248748209f4b87ae1a4f0e5e639eaa@huawei.com>
Date: Mon, 01 Aug 2022 23:42:02 +0200
Cc: "6man@ietf.org" <6man@ietf.org>, v6ops list <v6ops@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <CEE6EC15-A360-4A48-B551-B09078B4C9B6@employees.org>
References: <a4248748209f4b87ae1a4f0e5e639eaa@huawei.com>
To: Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/ee1Qwn8KXyDBUYcMiGodCSo0BC4>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Aug 2022 21:42:11 -0000
I am not aware of much progress on MHMP since RFC7157 and RFC8043. O. > On 1 Aug 2022, at 22:11, Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org> wrote: > > Hi all, > There were a few comments on IETF to draft-vv-6man-nd-support-mhmp that the problem was resolved. > The finger was pointed to PvD (provisioning domains) RFC 8801. > I would say that RFC 8028 is more relevant (fixed more MHMP ND issues), but let's discuss PvD. > > PvD in principle has a negligible influence on MHMP at the ND level. > Explicit (special ND options) or Implicit (separate LLA+RA) PvD just helps to emulate many virtual routers out of one physical. > Exactly the same effect would be on the link if many physical routers would be on the link. > It does not matter whether virtual or physical routers are feeding different information to the link. > OK. We would make this comment in the next version of the document. It looks obvious. > In fact, just a PIOs list per router is enough information to make an MHMP decision for ND. PvD does not help ND. > PvD is very valuable to connect PIOs to DNSes that is very needed for MHMP in general (proper DNS is important too) but not for the ND part. > > The problem is about the assumption made throughout SASA (RFC 6724) that the next hop is chosen before the source address. > Section 7: “This specification of source address selection assumes that routing (more precisely, selecting an outgoing interface on a node with multiple interfaces) is done before source address selection.” > As Brian pointed out to me, bind() may help to choose the source address first. That is probably the case for server applications. > The normal client application would probably use getaddrinfo() in the majority of cases. All OSes are compliant with RFC 6724. It means that the next hop would be chosen before the source address. > The next hop choice is currently specified as a random round-robin by RFC 4861. > Reminder, RFC 8028 and RFC 6724 have “Rule 5.5 of RFC 6724 states that the source address used to send to a given destination address should, if possible, be chosen from a prefix known to be advertised by the next-hop router for that destination.” > It means that the only PIO1 leading to the “walled garden” would become not available for choice because it is sourced from Router1 only that was not chosen at random. > Ups, getaddrinfo() would choose the next hop (random) and then source address that would be filtered on the internet (it would not reach the destination). > The same problem would prevent choosing the best Carrier for cost/delay/latency/policy reasons. getaddrinfo() just randomly points to the wrong source address. In full compliance with RFC 6724. > > RFC 6724 logic should be reversed. RFC 6724 is ready for it – it was assumed as an option. > draft-vv-6man-nd-support-mhmp section 4 and 6.1 discusses how to choose a source address. > DNS, PvD, and simpler methods are included. > > It is the reason why ULA+NPT is the only way for Carrier redundancy yet. > getaddrinfo() randomly chooses the wrong source address if it has the choice. > > PS: I am extremely surprised how it did happen that the forwarding decision (next hop) has been decided to make before the packet is constructed (source address is not chosen)?!? It is illogical. It is a request for trouble. > > <image001.png> > Best Regards > Eduard Vasilenko > Senior Architect > Europe Standardization & Industry Development Department > Tel: +7(985) 910-1105, +7(916) 800-5506 > > _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops
- Why MHMP is still not operational Vasilenko Eduard
- Re: [v6ops] Why MHMP is still not operational otroan
- RE: [v6ops] Why MHMP is still not operational Vasilenko Eduard