RE: Route Information Options in Redirect Messages (updated)

"Templin, Fred L" <Fred.L.Templin@boeing.com> Wed, 08 February 2017 20:33 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 869D8129E6D for <ipv6@ietfa.amsl.com>; Wed, 8 Feb 2017 12:33:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q0ORytnBOOWR for <ipv6@ietfa.amsl.com>; Wed, 8 Feb 2017 12:33:26 -0800 (PST)
Received: from phx-mbsout-02.mbs.boeing.net (phx-mbsout-02.mbs.boeing.net [130.76.184.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1BC7129E69 for <ipv6@ietf.org>; Wed, 8 Feb 2017 12:33:25 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by phx-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id v18KXO11039060; Wed, 8 Feb 2017 13:33:25 -0700
Received: from XCH15-06-08.nw.nos.boeing.com (xch15-06-08.nw.nos.boeing.com [137.136.238.222]) by phx-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id v18KXF32038965 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=OK); Wed, 8 Feb 2017 13:33:15 -0700
Received: from XCH15-06-08.nw.nos.boeing.com (2002:8988:eede::8988:eede) by XCH15-06-08.nw.nos.boeing.com (2002:8988:eede::8988:eede) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Wed, 8 Feb 2017 12:33:14 -0800
Received: from XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) by XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) with mapi id 15.00.1178.000; Wed, 8 Feb 2017 12:33:14 -0800
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Mark Smith <markzzzsmith@gmail.com>
Subject: RE: Route Information Options in Redirect Messages (updated)
Thread-Topic: Route Information Options in Redirect Messages (updated)
Thread-Index: AdJ8F7CvYW0JrWzvRzOTQSlLsXA0KQA/bwYAACZxdWAA79nnKQAAmI2QABLuxgAAEEj3sAAjAHMAABBzxVA=
Date: Wed, 8 Feb 2017 20:33:14 +0000
Message-ID: <69bcbba5c2af4dfd92c3fea706805da7@XCH15-06-08.nw.nos.boeing.com>
References: <9910b4acd87044e89fad83bb5c795b77@XCH15-06-08.nw.nos.boeing.com> <CAJE_bqfJMW5SRDxm04rC67Xvf4YqaxihyCRUXfGW3TUq42Xk-A@mail.gmail.com> <5ebd374f4ec8454b8a3796cffe5e1919@XCH15-06-08.nw.nos.boeing.com> <CAJE_bqfN9x031TXBd8Hpiv5168=zXXN+U02gGqsxyXhpQ-SDWA@mail.gmail.com> <E291D7B9-7492-4043-BE4F-E45CB54985D7@google.com> <CAJE_bqePL1bKAZL53=oebn=2eiYKdxyULd5jS4uJk9jo1sFrcA@mail.gmail.com> <614ead862aa54a548ed4835a998a42e4@XCH15-06-08.nw.nos.boeing.com> <CAO42Z2x4WZ6ObVBkawXEhtO2SqWfoQrOCvNCNXVrkpNKrzj=LQ@mail.gmail.com> <383329d88978415c9b0a12f473787c2e@XCH15-06-08.nw.nos.boeing.com> <CAO42Z2yQp7eg9hsVR_+HcePd+OcLLM+6A1yC0-kM-D5Pm2Yasg@mail.gmail.com>
In-Reply-To: <CAO42Z2yQp7eg9hsVR_+HcePd+OcLLM+6A1yC0-kM-D5Pm2Yasg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [137.136.248.6]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/jnC4asse96uBhbHdp141wxH5Dx0>
Cc: james woodyatt <jhw@google.com>, 6man WG <ipv6@ietf.org>, =?utf-8?B?56We5piO6YGU5ZOJ?= <jinmei@wide.ad.jp>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2017 20:33:27 -0000

Hi Mark,

What you are digging into here is out of scope for this document in the same
way that orchestrating redirects for singleton destinations is out of scope for
RFC4861. All it says in the validation checks is:

  - The IP source address of the Redirect is the same as the current first-hop
     router for the specified ICMP Destination Address.

It does not say anything about how all of the potential first-hop routers on
the link coordinate among themselves to make sure that the Redirects don't
steer hosts into a rat's nest of endless loops.

Yes, just the same as for redirects of singleton destinations, there is an
implied trust basis that routers that send Redirects will behave truthfully
and consistently. It is no different for Redirects that contain RIOs.

Thanks - Fred
fred.l.templin@boeing.com

> -----Original Message-----
> From: Mark Smith [mailto:markzzzsmith@gmail.com]
> Sent: Wednesday, February 08, 2017 12:06 PM
> To: Templin, Fred L <Fred.L.Templin@boeing.com>
> Cc: james woodyatt <jhw@google.com>om>; 神明達哉 <jinmei@wide.ad.jp>jp>; 6man WG <ipv6@ietf.org>
> Subject: RE: Route Information Options in Redirect Messages (updated)
> 
> Hi Fred,
> 
> On 8 Feb. 2017 06:54, "Templin, Fred L" <Fred.L.Templin@boeing.com> wrote:
> 
> Hi Mark,
> 
> 
> 
> > Ø  I think you need to be careful of not effectively reinventing a dynamic routing protocol
> 
> 
> 
> > No, there is no reinvention going on here. The behavior parallels redirects
> 
> > for singleton destination addresses, where Redirects are accepted from the
> 
> > current first-hop router, be it a default or non-default.
> 
> 
> So in my proposed case of a stub router receiving and accepting a
> prefix redirect, that is where there would be more of behaviour
> change, as, per RFC4861,
> 
> A router MUST NOT update its routing tables upon receipt of aRedirect.
> 
> For these stub routers, accepting a prefix redirect from more than
> just a default router is where I think it starts encroaching on the
> functionality of a dynamic routing protocol. It starts being possible
> to have all the stub routers in the set sending each other prefix
> redirects (perhaps maliciously) and ending up with a variety of
> different, possibly random paths across the link, with some of those
> paths creating forwarding loops. Dynamic routing protocols would
> resolve this situation to a single best path as well as eliminating
> forwarding loops. That is the sort of functionality that would be (and
> should be to keep it simple) missing from a simple prefix redirect
> mechanism.
> 
> I think limiting the problem space to that of providing a better entry
> point into the "proper" routing system/forwarding domain for stub
> routers, by only accepting them from default routers learned via RAs
> or static configuration, avoids the possibility of encountering and
> having to mitigate these more complex issues.
> 
> Perhaps that means there needs to be two different validation rules
> for the two different types of devices:
> 
> - for hosts, accept prefix redirects from current first-hop router for
> a destination covered by the prefix
> 
> - for stub routers, only accept prefix redirects from default routers
> 
> with the fundamental distinguisher between the device types being
> whether they forward non-local packets or not, and whether a stub
> router accepts them or not being dependent on whether there is a
> dynamic routing protocol enabled on the prefix redirect receiving
> interface.
> 
> 
> Regards,
> Mark.
> 
> 
> 
> 
> 
> 
> 
> 
> Thanks - Fred
> 
> 
> 
> From: Mark Smith [mailto:markzzzsmith@gmail.com]
> Sent: Tuesday, February 07, 2017 11:38 AM
> 
> 
> To: Templin, Fred L <Fred.L.Templin@boeing.com>
> Cc: 6man WG <ipv6@ietf.org>rg>; james woodyatt <jhw@google.com>om>; 神明達哉
> <jinmei@wide.ad.jp>
> Subject: RE: Route Information Options in Redirect Messages (updated)
> 
> 
> 
> 
> 
> 
> 
> On 8 Feb. 2017 05:43, "Templin, Fred L" <Fred.L.Templin@boeing.com> wrote:
> 
> Hi Jinmei-san,
> 
> <snip>
> >
> > Hmm, maybe I'm so dumb but I'm afraid I still don't understand intent
> > clearly.  Do you mean an operational assumption of this proposal is to
> > use it in a link where RA guard isn't deployed?  If so, it's far
> > better (at least to me) to just say so.
> >
> > BTW, if this proposal keeps the concept of "unsolicited redirect" and
> > also allows the destination address of '::' to bypass the host's
> > validity check of whether it's really the first hop router for the
> > destination,
> 
> No, that is not what we want to have happen. The document doesn't
> say this currently, but we want to retain a revised version of the validity
> check. The revised version of the check would say:
> 
> OLD:
>       - The IP source address of the Redirect is the same as the current
> 
>         first-hop router for the specified ICMP Destination Address.
> 
> NEW:
>       - The IP source address of the Redirect is the same as the current
>         first-hop router for the specified ICMP Destination Address, or
>         (when the ICMP Destination Address is '::') the same as the current
>         first-hop router for the specified RIOs
> 
> Would welcome better wording than this, but we definitely do want
> to retain the validity check. Comments?
> 
> 
> 
> I think you need to be careful of not effectively reinventing a
> dynamic routing protocol that ends up missing the necessary
> capabilities required of one to keep this method simple.
> 
> 
> 
> When I've thought about this sort of capability, I've thought of it as
> a hint from the routing system to the users of the forwarding domain -
> hosts and stub routers (default and connected route only routers,
> possibly with other static routes) - of a better entry point for their
> packets into the forwarding domain.
> 
> 
> 
> In the case of a stub router, if it needs or would benefit from more
> dynamic network information than just a prefix redirect hint, then I
> think that is really saying that the stub router shouldn't be a stub
> router - it needs to be a full and proper participant in the routing
> system (running dynamic routing protocol, discovering and conveying
> network topology information etc.), rather than a user of it via
> default route to the forwarding domain.
> 
> 
> 
> That's why I thought the validation should be that these prefix
> redirects are only accepted from a default router learned via an RA or
> static default router configuration, as a default router has the role
> of offering an entry point into the forwarding domain. It would
> enforce the existing boundary between the devices that are users of
> the forwarding domain, and the devices that are participants in the
> routing system that decide the paths through the forwarding domain.
> 
> 
> 
> Regards,
> 
> Mark.