IETF Logo Mail Archive

Re: [6man] New Version Notification for draft-nordmark-6man-impatient-nud-00.txt

Erik Nordmark <nordmark@acm.org> Tue, 24 May 2011 16:50 UTC

Return-Path: <nordmark@acm.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88E74E073D for <ipv6@ietfa.amsl.com>; Tue, 24 May 2011 09:50:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.099
X-Spam-Level:
X-Spam-Status: No, score=-103.099 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X9i7QVhG2tFT for <ipv6@ietfa.amsl.com>; Tue, 24 May 2011 09:50:12 -0700 (PDT)
Received: from a.mail.sonic.net (a.mail.sonic.net [64.142.16.245]) by ietfa.amsl.com (Postfix) with ESMTP id 08BECE0730 for <ipv6@ietf.org>; Tue, 24 May 2011 09:50:12 -0700 (PDT)
Received: from [171.70.217.188] (dhcp-171-70-217-188.cisco.com [171.70.217.188]) (authenticated bits=0) by a.mail.sonic.net (8.13.8.Beta0-Sonic/8.13.7) with ESMTP id p4OGo6n6018737 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Tue, 24 May 2011 09:50:07 -0700
Message-ID: <4DDBE1BF.7040104@acm.org>
Date: Tue, 24 May 2011 09:50:07 -0700
From: Erik Nordmark <nordmark@acm.org>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: Ray Hunter <v6ops@globis.net>
Subject: Re: [6man] New Version Notification for draft-nordmark-6man-impatient-nud-00.txt
References: <4DDABDA6.2070705@globis.net>
In-Reply-To: <4DDABDA6.2070705@globis.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: ipv6@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 May 2011 16:50:12 -0000

On 5/23/11 1:03 PM, Ray Hunter wrote:
> re: http://tools.ietf.org/html/draft-nordmark-6man-impatient-nud-00
>
> I'm afraid have more questions than answers.
>
> Are there any implications for different nodes having different NUD
> timeout behavior on a link, and this no longer being symmetrical?

No - the reachability state in RFC 4861 is unidirectional. This can 
easily happen today on a host when TCP provides reachability 
confirmations to the IP stack, which just indicates forward reachability 
to the nexthop router. The return traffic might arrive to the host from 
a different router.

> If I can think of two examples......
>
> e.g. 1. Say Node A (router) declares node C (end node) unreachable but
> Node B (alternate back up router) has not yet timed out node C?
>
> I'm guessing this case is just like a split-brain segment, so is not
> significant compared to existing failures.
>
> Now the case of router failover....
>
> e.g. 2. Say Node A (end host) declares node B (router) unreachable
> locally, but node B (router) is still up and running but has not yet
> timed out Node A.
>
> Is that significant? I suspect so. After all if the raison d'etre of
> changing NUD timers is to quicken / slow down router failover, surely
> Node B (the router) also has to time out at the same speed as the end
> host (Node A) otherwise the router will continue to advertise valid
> routes to node A, and packets will black hole/queue anyway until NUD on
> node B also notices the failure.

Are you assuming that the routers inject host routes into the routing 
system based on the ND state? The routers inject a route for the subnet 
prefix which isn't tied to the ND state in any way.

(If you look at 6lowpan plus roll you'll see a different behavior, which 
is part of the reason for having explicit host registration in 
draft-ietf-6lowpan-nd.)

> Vice versa is also true, if the router notices the failure first, but
> the end node does not react to the failure and hangs around retrying
> NUD, packets may queue/black hole in the other direction.
 >
> In the good old days we had things like gratuitous ARP for such events
> to attempt to wake up end nodes to refresh their cache, but if they got
> lost in some layer 2 STP thrashing it didn't help much anyway.
>
> Is there thus a need for any over-ridden NUD parameters to be
> synchronized across all nodes on a link e.g. via RA messages?

No.

> Is there a minimum and maximum timeout needed? To prevent danger of an
> update storm [as specified in RFC2461 that all Neighbor Solicitations
> are rate-limited on a per-neighbor basis] or "stuck in stale".

A rate limit makes sense. RFC 4861 already has this with one per second. 
If ND retransmits more than three times it probably makes sense to 
recommend binary exponential backoff for the timer.

   Erik



> regards,
> RayH
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email