Re: AD review of draft-ietf-6man-rpl-option

Jari Arkko <jari.arkko@piuha.net> Sat, 08 October 2011 13:29 UTC

Message-ID: <4E9050F4.6090309@piuha.net>
Date: Sat, 08 Oct 2011 09:32:36 -0400
From: Jari Arkko <jari.arkko@piuha.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0.2) Gecko/20110906 Thunderbird/6.0.2
MIME-Version: 1.0
To: Jonathan Hui <jonhui@cisco.com>
Subject: Re: AD review of draft-ietf-6man-rpl-option
References: <E8E9970E-93F7-47E4-9F25-F4F670DF5EA1@cisco.com> <9AF35150-67E3-4947-8E34-862A6F1827EB@cisco.com> <4E614D68.90808@piuha.net> <393B51BF-579F-4A23-96A4-3CA228B95E24@cisco.com>
In-Reply-To: <393B51BF-579F-4A23-96A4-3CA228B95E24@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: IETF IPv6 Mailing List <ipv6@ietf.org>
Precedence: list

Jonathan,

I think we have converged (one suggestion inline below though). Please submit the draft.

>
>>>>> Here are my comments in more detail:
>>>>>
>>>>>> Datagrams being forwarded within a RPL domain MUST include a RPL
>>>>>> Option.  For datagrams sourced within a RPL domain, the RPL Option
>>>>>> MAHui,Y be included in the datagram itself.
>>>>> I'm not sure I understand the difference or its motivation. Do you really mean that a packet might not have the option until it hits the first router? Or are you just talking about something that happens internally on a host, but on the wire all packets would still have the option? Also, since the tunnel (or something else) is used to include the option for datagrams sourced outside the RPL domain, wouldn't it be easier to just say this:
>>>>>
>>>>> "Datagrams sent between nodes within an RPL domain MUST include an RPL Option."
>>>> Agree.
>>>>
>> OK
> I spoke too quickly on the comment above.  In fact, the RPL Option is not required when a RPL Source Route Header exists.  With SRH, there is no potential for loops, so the RPL Option is not required.  How about the following text?
>
> "Datagrams sent between nodes within a RPL domain MUST include a RPL Option or RPL Source Route Header.  Datagrams MAY include both a RPL Option and a RPL Source Route Header."

OK

>
>>>>>>   For datagrams sourced
>>>>>>    outside a RPL domain, IPv6-in-IPv6 tunneling, as specified in
>>>>>>    [RFC2473<http://tools.ietf.org/html/rfc2473>] SHOULD be used to include a RPL Option.
>>>>> This text should be aligned with whatever conclusion we will have for the issue that I raised with the other document.
>>>> Agree.  See my response to your other review.
>>>>
>> OK
>>
>>>>>> To help avoid IP-layer fragmentation, the RPL Option has a maximum
>>>>>> size of RPL_OPTION_MAX_SIZE octets and links within a RPL domain
>>>>>> SHOULD have a MTU of at least 1280 + 44 (outer IP header, Hop-by-Hop
>>>>>> Option header, Option header) + RPL_OPTION_MAX_SIZE + (additional
>>>>>> extension headers or options needed within RPL domain).
>>>>>>
>>>>> There's a same MTU issue here as in the other document.
>>>> Agree.  See my response to your other review.
>>>>
>> I have a text suggestion on the other thread now.,
> We will add the suggested text in the next revision.

OK

>
>>>>>> The action taken by using the RPL Option and the potential set of
>>>>>> sub-TLVs carried within the RPL Option MUST be specified by the RFC
>>>>>> of the protocol that use that option.  No TLVs are defined in this
>>>>>> document.
>>>>>>
>>>>> I think you should define the behavior when a node encounters a sub-TLV that it does not recognize. E.g., ignore and move on to the next sub-TLV. Or do you want a stricter policy? In any case, for future extensions it will be necessary to know how they are treated by legacy RPL nodes.
>>>> Yes, we need to define the behavior.  I'm comfortable with specifying an skip-over-and-continue policy for unknown sub-TLVs.
>>>>
>> OK
>>
>>>>>> In very specific cases, IPv6-in-IPv6 tunneling may be undesirable due
>>>>>> to the added cost and complexity required to process and carry a
>>>>>> datagram with two IPv6 headers.  [I-D.hui-6man-rpl-headers<http://tools.ietf.org/html/draft-ietf-6man-rpl-option-03#ref-I-D.hui-6man-rpl-headers>] describes
>>>>>> how to avoid using IPv6-in-IPv6 tunneling in such specific cases and
>>>>>> the risks involved.
>>>>>>
>>>>> Again, the same comments as in the other draft. Please delete this paragraph.
>>>> Agree.
>>>>
>> OK
>>
>>
>>>>>> For datagrams exiting the RPL domain, RPL Border Routers MUST remove
>>>>>> the RPL Option from the datagram.  If the RPL Option was included
>>>>>> using tunneled mode and the RPL Border Router serves as the tunnel
>>>>>> end-point, removing the outer IPv6 header serves to remove the RPL
>>>>>> Option as well.  Otherwise, the RPL Border Router assumes that the
>>>>>> RPL Option was included using transport mode and MUST remove the RPL
>>>>>> Option from the IPv6 Hop-by-Hop Option header.
>>>>>>
>>>>> The part about removing the RPL option even in a non-tunneled case relates to the issue of supporting that particular mode of operation.
>>>>>
>>>>> But in addition, I wonder if you should write the above text not in terms of packet modification operations but rather in terms of forwarding decision outcomes. Like this, for instance:
>>>>>
>>>>> "For datagrams destined to the RPL Border Router the router processes the packet in the usual way. For instance, if the RPL Option was included using tunneled mode and the RPL Border Router serves as the tunnel end-point, the router removes the outer IPv6 header, at the same removing the RPL Option as well. Datagrams destined elsewhere within the same RPL domain are forwarded to the right interface. Datagrams destined outside the RPL domain are dropped."
>>>> The intent was to allow operation where a device within the RPL domain could source a packet destined outside the RPL domain and not use tunneling.  In this case, we would like to simply remove the option at the border router rather than drop the packet.  Do you see cases where removing the option is unacceptable?
>>>>
>> I don't know.
>>
>> But maybe it doesn't matter. If we don't have other alternative encapsulations than tunneling, the point is moot. And I'm not sure we do. The two drafts really only describe the tunneling case. Even if you source a packet from an RPL domain and want to send it to an outside destination, you'll still have to use both the routing header and the option, no?
> I agree.  As mentioned above, if the packet already includes a RPL routing header, it does not also need to include the RPL option.

OK

>
>>>>>> 6. Usage of the RPL Option
>>>>>>
>>>>>>    The RPL Option is only for use within a RPL domain.  RPL routers MUST
>>>>>>    process and include the RPL Option when forwarding datagrams to other
>>>>>>    nodes within the RPL domain.  Routers on the edge of a RPL domain
>>>>>>    MUST remove the RPL Option when forwarding datagrams to nodes outside
>>>>>>    the RPL domain.
>>>>> What is it that this section says that is not already covered by sections 2 and 5:
>>>>>
>>>>> Sect 2: Datagrams being forwarded within a RPL domain MUST include a RPL Option.
>>>>>
>>>>> Sect 5: ... serves as the tunnel end-point, removing the outer IPv6 header serves to remove the RPL Option as well.  Otherwise, the RPL Border Router assumes that the RPL Option was included using transport mode and MUST remove the RPL Option from the IPv6 Hop-by-Hop Option header.
>>>> Agree.  Will remove the redundant text.
>>>>
>> OK
>>
>>>>>> This option may be used to mount several potential attacks since
>>>>>> routers may be flooded by bogus datagram containing the RPL option.
>>>>>> It is thus RECOMMENDED for routers to implement a rate limiter for
>>>>>>    datagrams using the RPL Option.
>>>>> Please open this up a bit. What specific danger does flooding by bogus datagrams and RPL options cause? What would be the default settings for the rate limiter?
>>>> The option contains information that can affect the operation of RPL.  For example, an inconsistent Rank value can cause a RPL router to reset its trickle timer.
>>>>
>>>> After some careful thought, I'm not sure specifying a default setting for a rate limiter is the best approach.  Determining what is acceptable vs. unacceptable can vary greatly between different deployments and environments.  But rather than rate limiting, how about the following:
>>>>
>>>>   This option may be used to mount several potential attacks since
>>>>   routers may be flooded by bogus datagrams containing the RPL
>>>>   option.  In particular, an inconsistent Rank value can cause a RPL
>>>>   router to reset its DIO Trickle timer.  Thus, it is RECOMMENDED
>>>>   that a RPL router monitor triggers caused by receiving a RPL
>>>>   option and log conditions when the average rate is higher than
>>>>   expected.
>>>>
>> I like your description of the problem. But given the possibility of some DIO timer issues, wouldn't it be prudent to actually have some kind of rate limiting? Maybe not rate limiting of packets with this option, but rate limiting of packets  causing a trigger to happen?
> How about the following text?
>
> "In order to avoid any unacceptable impact on network operations, an implementation MAY allow a limit to be placed on the number of triggers caused by receiving a RPL  option, and MAY allow a limit to be placed on the rate of messages sent by a specific neighbor.  It MAY also allow logging an error or sending a notification when a rate threshold is reached."

OK otherwise, but I would prefer to see a default for such a rate limit in the spec. That is, specify that by default such limit should  be <some rate>.


>
>>>>>>    Opt Data Len:  8-bit field indicating the length of the option, in
>>>>>>          octets, excluding the Option Type and Opt Data Len fields.
>>>>>>
>>>>>>    Down 'O':  1-bit flag as defined in Section 11 of
>>>>>>          [I-D.ietf-roll-rpl<http://tools.ietf.org/html/draft-ietf-6man-rpl-option-03#ref-I-D.ietf-roll-rpl>].
>>>>>>
>>>>>>    Rank-Error 'R':  1-bit flag as defined in Section 11 of
>>>>>>          [I-D.ietf-roll-rpl<http://tools.ietf.org/html/draft-ietf-6man-rpl-option-03#ref-I-D.ietf-roll-rpl>].
>>>>>>
>>>>>>    Forwarding-Error 'F':  1-bit flag as defined in Section 11 of
>>>>>>          [I-D.ietf-roll-rpl<http://tools.ietf.org/html/draft-ietf-6man-rpl-option-03#ref-I-D.ietf-roll-rpl>].
>>>>>>
>>>>>>    RPLInstanceID:  8-bit field as defined in Section 11 of
>>>>>>          [I-D.ietf-roll-rpl<http://tools.ietf.org/html/draft-ietf-6man-rpl-option-03#ref-I-D.ietf-roll-rpl>].
>>>>>>
>>>>>>    SenderRank:  16-bit field as defined in Section 11 of
>>>>>>          [I-D.ietf-roll-rpl<http://tools.ietf.org/html/draft-ietf-6man-rpl-option-03#ref-I-D.ietf-roll-rpl>].
>>>>>>
>>>>>>    Values within the RPL Option are expected to change en-route.
>>>>> This specification needs to describe what the behavior of a router is with the content of the option. I think this is easy, you should just add to the end: "The processing shall follow the rules described in Section 11.2 of [roll-rpl].
>>>> Agree.
>>>>
>>>>> As an aside, the entire Section 11 is marked in roll-rpl as non-normative. I don't think that's actually right as far as 11.2 goes, because it contains tons of MUSTs and SHOULDs. Perhaps you want to fix that in AUTH48...
>>>> Right.
>>>>
>> OK
> Thanks.
>
> --
> Jonathan Hui
>
>

AD review of draft-ietf-6man-rpl-option Jari Arkko
AD reviews of draft-ietf-6man-rpl-option and draf… Jari Arkko
Re: AD reviews of draft-ietf-6man-rpl-option and … JP Vasseur
Re: AD review of draft-ietf-6man-rpl-option Jonathan Hui
Re: AD review of draft-ietf-6man-rpl-option Jari Arkko
Re: AD review of draft-ietf-6man-rpl-option Jonathan Hui
Re: AD review of draft-ietf-6man-rpl-option JP Vasseur
Re: AD review of draft-ietf-6man-rpl-option Jari Arkko