IETF Logo Mail Archive

AD reviews of draft-ietf-6man-rpl-option and draft-ietf-6man-rpl-routing-header

Jari Arkko <jari.arkko@piuha.net> Thu, 28 July 2011 17:55 UTC

Return-Path: <jari.arkko@piuha.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC16F11E80E2 for <ipv6@ietfa.amsl.com>; Thu, 28 Jul 2011 10:55:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.447
X-Spam-Level:
X-Spam-Status: No, score=-102.447 tagged_above=-999 required=5 tests=[AWL=0.152, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MMKZxY8kEcSy for <ipv6@ietfa.amsl.com>; Thu, 28 Jul 2011 10:55:17 -0700 (PDT)
Received: from p130.piuha.net (p130.piuha.net [IPv6:2001:14b8:400::130]) by ietfa.amsl.com (Postfix) with ESMTP id 1F23B11E807B for <ipv6@ietf.org>; Thu, 28 Jul 2011 10:55:17 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 0B6672CE66; Thu, 28 Jul 2011 20:55:15 +0300 (EEST)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B6nnAzGMrfiw; Thu, 28 Jul 2011 20:55:14 +0300 (EEST)
Received: from [IPv6:::1] (p130.piuha.net [IPv6:2001:14b8:400::130]) by p130.piuha.net (Postfix) with ESMTP id 4DDC72CC4B; Thu, 28 Jul 2011 20:55:13 +0300 (EEST)
Message-ID: <4E31A280.1040504@piuha.net>
Date: Thu, 28 Jul 2011 13:55:12 -0400
From: Jari Arkko <jari.arkko@piuha.net>
User-Agent: Thunderbird 2.0.0.24 (X11/20101027)
MIME-Version: 1.0
To: JP Vasseur <jpv@cisco.com>, Jonathan Hui <jhui@archrock.com>
Subject: AD reviews of draft-ietf-6man-rpl-option and draft-ietf-6man-rpl-routing-header
References: <4DFBC587.9090807@piuha.net>
In-Reply-To: <4DFBC587.9090807@piuha.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: IETF IPv6 Mailing List <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jul 2011 17:55:18 -0000

JP, Jonathan,

Has there a been response to the two reviews from June? I'd like to move 
these drafts forward...

Jari

Jari Arkko kirjoitti:
> I have reviewed this draft. Some of the issues from the other draft 
> are visible in this one as well, and I saw two additional substantive 
> issues:
>
> - we need to specify the behavior with regards to the data in this 
> option better
> - the text about processing packets in RPL border routers should be 
> written in a different manner
>
> Both of these should be easily addressed, however. Please revise the 
> draft and we can send the draft to IETF Last Call.
>
> Here are my comments in more detail:
>
>> Datagrams being forwarded within a RPL domain MUST include a RPL
>> Option.  For datagrams sourced within a RPL domain, the RPL Option
>> MAY be included in the datagram itself.
>
> I'm not sure I understand the difference or its motivation. Do you 
> really mean that a packet might not have the option until it hits the 
> first router? Or are you just talking about something that happens 
> internally on a host, but on the wire all packets would still have the 
> option? Also, since the tunnel (or something else) is used to include 
> the option for datagrams sourced outside the RPL domain, wouldn't it 
> be easier to just say this:
>
> "Datagrams sent between nodes within an RPL domain MUST include an RPL 
> Option."
>
>>   For datagrams sourced
>>    outside a RPL domain, IPv6-in-IPv6 tunneling, as specified in
>>    [RFC2473 <http://tools.ietf.org/html/rfc2473>] SHOULD be used to 
>> include a RPL Option.
>
> This text should be aligned with whatever conclusion we will have for 
> the issue that I raised with the other document.
>
>> To help avoid IP-layer fragmentation, the RPL Option has a maximum
>> size of RPL_OPTION_MAX_SIZE octets and links within a RPL domain
>> SHOULD have a MTU of at least 1280 + 44 (outer IP header, Hop-by-Hop
>> Option header, Option header) + RPL_OPTION_MAX_SIZE + (additional
>> extension headers or options needed within RPL domain).
>>   
>
> There's a same MTU issue here as in the other document.
>
>> The action taken by using the RPL Option and the potential set of
>> sub-TLVs carried within the RPL Option MUST be specified by the RFC
>> of the protocol that use that option.  No TLVs are defined in this
>> document.
>>   
>
> I think you should define the behavior when a node encounters a 
> sub-TLV that it does not recognize. E.g., ignore and move on to the 
> next sub-TLV. Or do you want a stricter policy? In any case, for 
> future extensions it will be necessary to know how they are treated by 
> legacy RPL nodes.
>
>> In very specific cases, IPv6-in-IPv6 tunneling may be undesirable due
>> to the added cost and complexity required to process and carry a
>> datagram with two IPv6 headers.  [I-D.hui-6man-rpl-headers 
>> <http://tools.ietf.org/html/draft-ietf-6man-rpl-option-03#ref-I-D.hui-6man-rpl-headers>] 
>> describes
>> how to avoid using IPv6-in-IPv6 tunneling in such specific cases and
>> the risks involved.
>>   
>
> Again, the same comments as in the other draft. Please delete this 
> paragraph.
>
>> For datagrams exiting the RPL domain, RPL Border Routers MUST remove
>> the RPL Option from the datagram.  If the RPL Option was included
>> using tunneled mode and the RPL Border Router serves as the tunnel
>> end-point, removing the outer IPv6 header serves to remove the RPL
>> Option as well.  Otherwise, the RPL Border Router assumes that the
>> RPL Option was included using transport mode and MUST remove the RPL
>> Option from the IPv6 Hop-by-Hop Option header.
>>   
>
> The part about removing the RPL option even in a non-tunneled case 
> relates to the issue of supporting that particular mode of operation.
>
> But in addition, I wonder if you should write the above text not in 
> terms of packet modification operations but rather in terms of 
> forwarding decision outcomes. Like this, for instance:
>
> "For datagrams destined to the RPL Border Router the router processes 
> the packet in the usual way. For instance, if the RPL Option was 
> included using tunneled mode and the RPL Border Router serves as the 
> tunnel end-point, the router removes the outer IPv6 header, at the 
> same removing the RPL Option as well. Datagrams destined elsewhere 
> within the same RPL domain are forwarded to the right interface. 
> Datagrams destined outside the RPL domain are dropped."
>
>> 6. Usage of the RPL Option
>>
>>    The RPL Option is only for use within a RPL domain.  RPL routers MUST
>>    process and include the RPL Option when forwarding datagrams to other
>>    nodes within the RPL domain.  Routers on the edge of a RPL domain
>>    MUST remove the RPL Option when forwarding datagrams to nodes outside
>>    the RPL domain.
>
> What is it that this section says that is not already covered by 
> sections 2 and 5:
>
> Sect 2: Datagrams being forwarded within a RPL domain MUST include a 
> RPL Option.
>
> Sect 5: ... serves as the tunnel end-point, removing the outer IPv6 
> header serves to remove the RPL Option as well.  Otherwise, the RPL 
> Border Router assumes that the RPL Option was included using transport 
> mode and MUST remove the RPL Option from the IPv6 Hop-by-Hop Option 
> header.
>
>> This option may be used to mount several potential attacks since
>> routers may be flooded by bogus datagram containing the RPL option.
>> It is thus RECOMMENDED for routers to implement a rate limiter for
>>    datagrams using the RPL Option.
>>   
>
> Please open this up a bit. What specific danger does flooding by bogus 
> datagrams and RPL options cause? What would be the default settings 
> for the rate limiter?
>
>>    Opt Data Len:  8-bit field indicating the length of the option, in
>>          octets, excluding the Option Type and Opt Data Len fields.
>>
>>    Down 'O':  1-bit flag as defined in Section 11 of
>>          [I-D.ietf-roll-rpl 
>> <http://tools.ietf.org/html/draft-ietf-6man-rpl-option-03#ref-I-D.ietf-roll-rpl>]. 
>>
>>
>>    Rank-Error 'R':  1-bit flag as defined in Section 11 of
>>          [I-D.ietf-roll-rpl 
>> <http://tools.ietf.org/html/draft-ietf-6man-rpl-option-03#ref-I-D.ietf-roll-rpl>]. 
>>
>>
>>    Forwarding-Error 'F':  1-bit flag as defined in Section 11 of
>>          [I-D.ietf-roll-rpl 
>> <http://tools.ietf.org/html/draft-ietf-6man-rpl-option-03#ref-I-D.ietf-roll-rpl>]. 
>>
>>
>>    RPLInstanceID:  8-bit field as defined in Section 11 of
>>          [I-D.ietf-roll-rpl 
>> <http://tools.ietf.org/html/draft-ietf-6man-rpl-option-03#ref-I-D.ietf-roll-rpl>]. 
>>
>>
>>    SenderRank:  16-bit field as defined in Section 11 of
>>          [I-D.ietf-roll-rpl 
>> <http://tools.ietf.org/html/draft-ietf-6man-rpl-option-03#ref-I-D.ietf-roll-rpl>]. 
>>
>>
>>    Values within the RPL Option are expected to change en-route. 
>
> This specification needs to describe what the behavior of a router is 
> with the content of the option. I think this is easy, you should just 
> add to the end: "The processing shall follow the rules described in 
> Section 11.2 of [roll-rpl].
>
> As an aside, the entire Section 11 is marked in roll-rpl as 
> non-normative. I don't think that's actually right as far as 11.2 
> goes, because it contains tons of MUSTs and SHOULDs. Perhaps you want 
> to fix that in AUTH48...
>
> Jari
>
>

v2.23.0 | Report a Bug | By Email