IETF Logo Mail Archive

Re: 6MAN Adoption call on raft-chakrabarti-nordmark-6man-efficient-nd-04

Lorenzo Colitti <lorenzo@google.com> Thu, 09 January 2014 07:18 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F4641AE0A0 for <ipv6@ietfa.amsl.com>; Wed, 8 Jan 2014 23:18:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.916
X-Spam-Level:
X-Spam-Status: No, score=-1.916 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id InkogEprptDX for <ipv6@ietfa.amsl.com>; Wed, 8 Jan 2014 23:18:07 -0800 (PST)
Received: from mail-ie0-x22d.google.com (mail-ie0-x22d.google.com [IPv6:2607:f8b0:4001:c03::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 0DB071AE098 for <ipv6@ietf.org>; Wed, 8 Jan 2014 23:18:06 -0800 (PST)
Received: by mail-ie0-f173.google.com with SMTP id u16so700192iet.18 for <ipv6@ietf.org>; Wed, 08 Jan 2014 23:17:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=Ux35qYbEmHRC5bVMO1lpw/icUmS03mcJ6ca1fIuyBGo=; b=dghOZP+8xgt0d/v9eYSfkcD64WoTAC4zUKl5RsJ9mHX8nw+JmBKrlrMGFxC5ymKK4x xXwluCzdFVdmYAEi+E//CSyCExcs6PtY8A4EEV7EuCg8IW+yVyCFZsbJFa0S91Q7nkNg 9x4Pa1H+QPQlIwtPHeXq5xVwSXilAvKJrBgWNLV7onIeQN5W3mlNmJZVNhoaucJdugKC O1WBOtCfnzdr0GJsSVpYxRdWsbEI3PSOCzQBg52HJkLKywfYTadsPVSYo6nTSVmJc31P 9JmgLlqPsRNcNL7nFevo7g6LBzQ3hDdKutxgzD9c4FdkkKpxA1cwkhWBZZ9CyXg7fajf K6nA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=Ux35qYbEmHRC5bVMO1lpw/icUmS03mcJ6ca1fIuyBGo=; b=lq/U88B++LqpYLnLLjeEtZuBOPMfqjuBrhLIruTnbVZd4Kgijc5nQ02k02nUe2wgrJ 0CmV1ZH40kW1NY9FiRy240Q7AtM8Ub19554/JIYIP3qH3gQnGc8yGEkASHec1/4IncJz NOfIxBqboc2KRcqmDpomHVFibI0yfj1KyHuIkwBDNoaIVH5NHpdkO1GdxNeue4jB1SMZ b4Cm1Ck9ageO10MSnherhaZi4WVeve/b6lNS7Dnp/8GqLWilSK+EyBQj6eooctBWtoR3 bjiNY2bY9m5KzLA9AQQFBz7LOtTcHbbWdq51ML03w8HBODvlmHJrswPuNY5kBBUEWy+i q0QQ==
X-Gm-Message-State: ALoCoQkb5S0EVWwlA5Ebkbp2tSlqJDphL7EiV+2/b2AfcFCUzKbmQsWRM2OCaWvxsqgEHqDjLOsi6QZFktiROPtqoLTxgnKs5EdAntnd4F7TOeUA7QPvbRictde9YvvZK88OuF3stdcZxAALIJ2FJgWnYIFTGi1MMEWgOH46YJIgUFkUhBLdYEthduNHCW+BnNp8gDt5VDL/
X-Received: by 10.43.71.65 with SMTP id yj1mr1147635icb.2.1389251877567; Wed, 08 Jan 2014 23:17:57 -0800 (PST)
MIME-Version: 1.0
Received: by 10.64.7.36 with HTTP; Wed, 8 Jan 2014 23:17:37 -0800 (PST)
In-Reply-To: <alpine.DEB.2.02.1401090803040.20074@uplift.swm.pp.se>
References: <1F653502-AD41-4EB6-A43D-541356810DF2@employees.org> <CAKD1Yr1XPKibHenLMcNDRnfCht6X8tF2nMq1HgOiQv6eR9m6Yg@mail.gmail.com> <alpine.DEB.2.02.1401081305120.20074@uplift.swm.pp.se> <CAKD1Yr2AtF1CMqFxE1W63tXrS5OsbhJGfktN=sAaZtsBOSVg2Q@mail.gmail.com> <alpine.DEB.2.02.1401090707580.20074@uplift.swm.pp.se> <CAKD1Yr2yjPOWWHBx5dzwhNCT8fx9SEQg1wbPgGJSN3aS5bg5tg@mail.gmail.com> <alpine.DEB.2.02.1401090803040.20074@uplift.swm.pp.se>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Thu, 09 Jan 2014 16:17:37 +0900
Message-ID: <CAKD1Yr25XJejF7sdHE2ycpcHNSyq=07+mKeLdj338=-LvsME-Q@mail.gmail.com>
Subject: Re: 6MAN Adoption call on raft-chakrabarti-nordmark-6man-efficient-nd-04
To: Mikael Abrahamsson <swmike@swm.pp.se>
Content-Type: multipart/alternative; boundary="bcaec51f96cfaab1f004ef84684c"
Cc: 6man Chairs <6man-chairs@tools.ietf.org>, 6man WG <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jan 2014 07:18:09 -0000

On Thu, Jan 9, 2014 at 4:05 PM, Mikael Abrahamsson <swmike@swm.pp.se> wrote:

>
>> I'm afraid I don't understand the question. You can't "just drop packets
>> not in your ND table already" - otherwise you won't be able to talk to a
>> new host that just joined the link. What I believe you can do is, even when
>> you are under full-scale attack, allow the following to work:
>>
>
> If you glean the DAD packet the host most likely will emit, then that
> works around the problem.


Or the RSes which it also most likely will emit (and, with
draft-6man-resilient-rs, which it will continue to emit until you send it
an RA), yes.


> 1. Communications to and from devices in your table keep working.
>> 2. New directly-connected devices can make it into your neighbour cache.
>>
>> Is there something else would you want to do?
>>
>
> No, that is exactly what I want to do,


So if that's what you want to do, then I think you can do it with the
current ND protocol, even if you are under full-scale attack, with the
implementation optimizations I described (gleaning and prioritization).


> but I don't want to start doing discovery because I received a packet from
> an external source to an address on my LAN I don't currently have any
> decent knowledge of that it is in use.
>

Why not? What's the downside of sending out an NS for an address that's not
there? You consume an ND cache slot for the incomplete entry, but if you
use the optimizations you'll always have enough space to avoid a DoS
scenario.

v2.23.0 | Report a Bug | By Email