IETF Logo Mail Archive

Re: 6man w.g. last call for <draft-ietf-6man-grand>

Mark Smith <markzzzsmith@gmail.com> Sun, 19 July 2020 22:48 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B1E83A0982 for <ipv6@ietfa.amsl.com>; Sun, 19 Jul 2020 15:48:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.598
X-Spam-Level:
X-Spam-Status: No, score=-0.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ESOGzXHkme5X for <ipv6@ietfa.amsl.com>; Sun, 19 Jul 2020 15:48:07 -0700 (PDT)
Received: from mail-ot1-x335.google.com (mail-ot1-x335.google.com [IPv6:2607:f8b0:4864:20::335]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AF403A097E for <ipv6@ietf.org>; Sun, 19 Jul 2020 15:48:07 -0700 (PDT)
Received: by mail-ot1-x335.google.com with SMTP id n24so10779322otr.13 for <ipv6@ietf.org>; Sun, 19 Jul 2020 15:48:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5jC3LMQCpfFNsKzF0WmJj02Vo1reOkWwipGDws5OA0w=; b=BN7sqs04J61BMjhJwu3Ug2n7+3hVb42dBMVLZmfFqqZaR9l/KgRojRx+aCXbaqwjEk /qdJ+haBiJ6XjdKJQBFC+W93ZV23+5TVEPp/KXw6Wkemxkmd2SxL8R2Jrzhymz1gBspL jl2ulRphfftM4gqB5G5uD9NAXecdwXFlHg23timK8Srvl5sJDJLFub1banl8QTyN3v9A lGVlP6S0z77uDUrHWV8beDojKcjxERlnvZu0WJk15MYX1RkD6KtiPgNmuZIeJihHSGwq 7wZ51V2lL2MEWG57JxoegPFn2E9Mgizsw7LBpg2VB2B74AQa++6KQDv5NuWZPnh/vFpC t5Nw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5jC3LMQCpfFNsKzF0WmJj02Vo1reOkWwipGDws5OA0w=; b=TmLT8QBjwI9J9f8/eWg/s7kwgtK8murpHHnMMLuA38VlltPO7vCQsA2BjlWbVeMeoB nK75+m1moxa7CfM8A6TlgJfqRn/cBprnsAMValLk8FuukysaXDBt1SoXHnzN+fkJPb+J q9SJHzAdVobCnydgbu8QfD8XXOg5c2LjQ7vVNsFZCCVTyJqk/Bt0TLxJn8xWTu0rAv6K HxuvS+X18NrFvMkew3R9Qt6t053WLH+btfohW6dXbEz966jOCcwsM247nKq8B1jdUMsh PPoSQN2VvD/WL1rQ6Um272NhLWJKLQXsploE6r3EsN0MPiqT30uuTLcprOiq70g6ys2h xjag==
X-Gm-Message-State: AOAM532lzq3oMkJE9hRaFEPsTGRChXvW5JIqiQuZnaqqKjQLnakfTNZO +CKsmlK0U5wdWFB4NTfwhbnS1UqJJSjsz9FVl1s=
X-Google-Smtp-Source: ABdhPJz1+2Sf8bN6Qmv+xx7v+EtQaj5tPMH8mX1cbWhpbZkLS/6hxRbAKrKSmeyRIZDh84Yw2xdLjQ0raS/iB7eWdGs=
X-Received: by 2002:a05:6830:4d9:: with SMTP id s25mr18328557otd.153.1595198886649; Sun, 19 Jul 2020 15:48:06 -0700 (PDT)
MIME-Version: 1.0
References: <20160428004904.25189.43047.idtracker@ietfa.amsl.com> <882A1EDB-4A41-47E7-88D6-AC37D3341C6A@gmail.com> <CAO42Z2yWzcQBkDjOsaiM2Ppij0v=s1edMLyZeLbf1e89wVU3UA@mail.gmail.com> <CAFU7BAQvpHiJ9X=y72Zr5VAXs4ZGVqP1A5-snxBbrmxecPnpWA@mail.gmail.com>
In-Reply-To: <CAFU7BAQvpHiJ9X=y72Zr5VAXs4ZGVqP1A5-snxBbrmxecPnpWA@mail.gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Mon, 20 Jul 2020 08:47:40 +1000
Message-ID: <CAO42Z2xLEQFbMYLUHHza3fM2O4Df=-ZC35P=ugeEbF2cs=Oiwg@mail.gmail.com>
Subject: Re: 6man w.g. last call for <draft-ietf-6man-grand>
To: Jen Linkova <furry13@gmail.com>
Cc: Bob Hinden <bob.hinden@gmail.com>, Jen Linkova <furry@google.com>, IPv6 List <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/wHO0A1X8CbrK0O6XlrVYvp9kjDs>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Jul 2020 22:48:09 -0000

Hi Jen,

On Thu, 16 Jul 2020 at 07:59, Jen Linkova <furry13@gmail.com> wrote:
>
> On Thu, Jul 16, 2020 at 6:48 AM Mark Smith <markzzzsmith@gmail.com> wrote:
> > Unfortunately I don't support advancement right now, as I've had some
> > further fairly significant suggestions for it which I've been
> > struggling to finding time to provide. Apologies for the delay,
> > started a new job.
>
> Thanks for the ideas!
>
> > In summary, and I'll provide more details and text over the weekend:
> >
> > - I've changed my mind on the idea of an optimisation of not
> > performing this for link-local addresses i.e. only performing it for
> > off-link addresses, for two reasons:
> >


<snip>

> So basically you are suggesting s/GUA/an IPv6 address/g ?
>>

Yes. Do GRAND for all types of addresses the host creates, not just
addresses that might be reached from off link.

It would be marginally simpler for the hosts to do it universally for
all addresses than being selective.

It preloads the routers' neighbor caches with entries for all types of
the host's addresses, so if the router needs to send to a host's
Link-Local Address, the router would already have a neighbor cache
entry for the Link-Local address.

Over time, as GRAND is implemented in hosts, this would also mean that
the routers' neighbor caches become a database of all addresses
present on the link for well behaved hosts, including link-local
addresses, useful for troubleshooting. Also better than DHCPv6 for
address security auditing, as DHCPv6 doesn't record link-local
addresses or SLAAC addresses, although a smart malicious host won't do
any of GRAND, DHCPv6, MLD, DAD or possibly even ND to hide itself. I
think people are realising that scraping a router's ND cache is a
better solution for this.

Thinking about the Link-Local use case, I think routers doing GRAND
towards each other could also be a useful optimisation. As IGPs like
OSPF use Link-Local addresses as neighbor next hop addresses, GRAND
may as well be used to load the neighbor routers' caches with
Link-Local/layer 2 address entries, rather than the remote router
waiting for a packet to trigger ND. BGP using Link-Local addresses
looks to be coming too -
https://www.ietf.org/id/draft-white-linklocalnh-01.txt .

So I think it would be useful to generalise performing GRAND (towards
routers) to all IPv6 nodes, not just hosts.

Thoughts?

(I haven't provided any suggested text, I'll do so if we decide to
have routers perform GRAND too.)

<snip>
>
> Also keep in mind that in some networks only the VRRP master sends
> RAs. So hosts might never know about VRRP backup routers while those
> routers might be in the path for the return traffic flows.
>

Yes, I understand.

I was hoping there might be a way to leverage that Router flag in ND
NAs to somehow detect that situation, so link-layer unicasts could be
used, however I can't think of one.

I think it would be better to remove all the text around link-layer
unicasting of GRAND NAs for the time being.

It would be a useful thing to do if it was possible to easily indicate
to hosts that they're aware of all routers on the link, so they could
link-layer unicast GRAND NAs, however I think that requires developing
a mechanism for that, so should be left to another ID iif we want to
pursue it. ("MLDv2 Procedures for Link-Layer Unicast Delivery of
Multicast IPv6" -
https://tools.ietf.org/html/draft-smith-mldv2-link-unicast-00 - may be
able to be built on.)

Regards,
Mark.

>
> As the current version of the draft suggests sending it to all
> routers, the router lifetime does not really matter.
>
> > On Thu, 16 Jul 2020 at 03:17, Bob Hinden <bob.hinden@gmail.com> wrote:
> > >
> > > Hello,
> > >
> > > This message starts a new two week 6MAN Working Group Last Call on advancing:
> > >
> > >         Title:    Gratuitous Neighbor Discovery: Creating Neighbor Cache Entries on First-
> > >                   Hop Routers
> > >         Author:   Jen Linkova
> > >         Filename: draft-ietf-6man-grand-00
> > >         Pages:    11
> > >         Date:     March 9, 2020
> > >
> > >        https://tools.ietf.org/html/draft-ietf-6man-grand
> > >
> > > as a Proposed Standard.
> > >
> > > Substantive comments and statements of support for publishing this document should be directed to the mailing list.  Editorial suggestions can be sent to the author.  This last call will
> > > end on 29 July 2020.
> > >
> > > Thanks,
> > > Bob & Ole
> > >
> > >
> > > --------------------------------------------------------------------
> > > IETF IPv6 working group mailing list
> > > ipv6@ietf.org
> > > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > > --------------------------------------------------------------------
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
>
>
>
> --
> SY, Jen Linkova aka Furry

v2.23.0 | Report a Bug | By Email