Re: [Isis-wg] Fingerprint generation issue-//FW: ISIS-autoconf-04 submitted //FW: New Version Notification for draft-liu-isis-auto-conf-04.txt

David Lamparter <equinox@diac24.net> Mon, 20 July 2015 08:35 UTC

Return-Path: <equinox@diac24.net>
X-Original-To: isis-wg@ietfa.amsl.com
Delivered-To: isis-wg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1E2E1A036E for <isis-wg@ietfa.amsl.com>; Mon, 20 Jul 2015 01:35:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Wv_m9RoJ5DQ for <isis-wg@ietfa.amsl.com>; Mon, 20 Jul 2015 01:35:33 -0700 (PDT)
Received: from eidolon.nox.tf (eidolon.nox.tf [85.239.127.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21A631A0252 for <isis-wg@ietf.org>; Mon, 20 Jul 2015 01:35:33 -0700 (PDT)
Received: from equinox by eidolon.nox.tf with local (Exim 4.85) (envelope-from <equinox@diac24.net>) id 1ZH6XO-000D9I-DO; Mon, 20 Jul 2015 10:35:03 +0200
Date: Mon, 20 Jul 2015 10:35:02 +0200
From: David Lamparter <equinox@diac24.net>
To: "Liubing (Leo)" <leo.liubing@huawei.com>
Message-ID: <20150720083502.GO620419@eidolon>
References: <8AE0F17B87264D4CAC7DE0AA6C406F45C2212AE1@nkgeml506-mbx.china.huawei.com> <F3ADE4747C9E124B89F0ED2180CC814F5949ADAB@xmb-aln-x02.cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <F3ADE4747C9E124B89F0ED2180CC814F5949ADAB@xmb-aln-x02.cisco.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/isis-wg/IPBJhn5bdg6-4LBTIm3JgYqrLdM>
Cc: Mikael Abrahamsson <mikael.abrahamsson@t-systems.se>, "Les Ginsberg \(ginsberg\)" <ginsberg@cisco.com>, Martin Winter <mwinter@netdef.org>, "isis-wg@ietf.org list" <isis-wg@ietf.org>
Subject: Re: [Isis-wg] Fingerprint generation issue-//FW: ISIS-autoconf-04 submitted //FW: New Version Notification for draft-liu-isis-auto-conf-04.txt
X-BeenThere: isis-wg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF IS-IS working group <isis-wg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/isis-wg/>
List-Post: <mailto:isis-wg@ietf.org>
List-Help: <mailto:isis-wg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/isis-wg>, <mailto:isis-wg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jul 2015 08:35:36 -0000

Bing,


I fully agree with Les that distinguishing own LSPs from possibly a
previous run vs. another active router needs more consideration.
Changing the seq# to something random (or rather, adding a random
number) should make the latter work much better.

In general, from an implementation perspective, I would appreciate if
you used more exact language.  How many are "multiple iterations"?  Are
you updating section 7.3.16.2 of ISO 10589-2002?  Does this procedure
apply for all LSPs or just fragment 0 which contains the fingerprint?


Not directly related to Les' previous comment:

Routers that have both a hardware random number generator and
persistent writable storage should probably generate and store an
additional random unique ID on first boot.  (Which I'd mention in the
draft because implementors will otherwise miss the idea.)

For section 3.3.3, I would suggest using a MAC address (lowest on
system?) as first SysID and only move to a random SysID when a collision
needs to be resolved.  I know Mikael's "vendor X shipped zillions of
devices with the same MAC" story, but the case to optimise for is the
most reasonably common one.  Devices do generally have unique MAC
addresses.  Starting with the MAC will cover 99% of scenarios, and
you're still covering the remaining 1% with the resolution algorithm.

FWIW, the network still won't work if a MAC collision persists on Layer
2.  And the isis autoconf draft doesn't say you should change the MAC
address of the interface [which in fact some hardware doesn't even
support].  So real target case here is devices that have no MAC address
because either they autogenerate a local admin [02:...] MAC or don't
have any interfaces that use EUI-48.  But if you do have a unique
persistently assigned 48-bit MAC - we should opportunistically start
with that.

Last, this is not terribly important, but I do disagree on your
assumption that "At the point when double-duplication happens, routers
should have much more entropies available."  If a common reason (e.g.
power outage) causes several routers to reboot, they can quite likely be
in very similar state for an unexpectedly long period of time.  The
result from this would be that the routers continue to do the same thing
until by some external influence they get different entropy.  This
doesn't imply a need for a different procedure, just that the procedure
may run several times until it finally settles.


-David


On Sun, Jul 19, 2015 at 08:52:36PM +0000, Les Ginsberg (ginsberg) wrote:
> Bing -
> 
> Understood that a device can only advertise things that it knows. If
> it does not have access to serial # (for example) then it cannot use
> that as part of the fingerprint. But this section "should" be meant to
> define suggested behavior. The suggested behavior SHOULD be to
> advertise a fingerprint that is unlikely to be duplicated. The
> suggestion to use some randomly generated number in such cases is
> good.
> 
> It is Section 3.3.4 that concerns me. When a box restarts it is quite
> likely that it will receive copies of its LSPs from its previous
> incarnation. This will appear to be "double duplication" when in fact
> it is not. If it is NOT double duplication then - as you discuss -
> when the restarting router generates a new version of its LSP with a
> higher sequence number the false indication of double duplication will
> be resolved. It is only when double duplication persists that it can
> be considered as real. In such cases, using LSP sequence # as a
> fingerprint extension is not the best choice as if the double
> duplication is real both of the sytems are quite likely to choose the
> same new sequence #. Generating a different pseudo-random # in such a
> case is better.
> 
> I think the intent of this section is good - but some clarification is
> still needed.
> 
>    Les
> 
> > -----Original Message-----
> > From: Isis-wg [mailto:isis-wg-bounces@ietf.org] On Behalf Of Liubing (Leo)
> > Sent: Friday, July 17, 2015 12:28 AM
> > To: isis-wg@ietf.org list
> > Cc: Les Ginsberg (ginsberg); Martin Winter; David Lamparter
> > Subject: [Isis-wg] Fingerprint generation issue-//FW: ISIS-autoconf-04
> > submitted //FW: New Version Notification for draft-liu-isis-auto-conf-04.txt
> > 
> > Hi Dear all,
> > 
> > As discussed with Les as below, let me elaborate a bit more on the
> > Fingerprint generation issue.
> > 
> > In section 3.3.3 in the draft, it lists some resources for generating
> > distinguishers:
> > o  MAC address(es)
> > o  Configured IP address(es)
> > o  Hardware IDs (e.g.  CPU ID)
> > o  Device serial number(s)
> > o  System clock at a certain specific time o  Arbitrary received packet
> > 
> > However, due to the feedback from the implementation team (as CCed), for
> > small CPE boxes, at the initial stage only MAC address is available most of the
> > time.
> > So, it's reasonable to use MAC address as the Sys-id. For Fingerprint, it's
> > tricky to generate high quality random numbers due to the lack of entropy.
> > 
> > For this reason, we defined a "Double-Duplication" resolution mechanism in
> > the 04 version draft. At the time Double-Duplication is detected, the devices
> > have been booted for some time, and there should be enough entropy to
> > tiebreak the double-duplication.
> > 
> > Best regards,
> > Bing
> > 
> > -----Original Message-----
> > From: Liubing (Leo)
> > Sent: Friday, July 17, 2015 2:41 PM
> > To: 'Les Ginsberg (ginsberg)'; isis-wg@ietf.org list
> > Subject: RE: ISIS-autoconf-04 submitted //FW: New Version Notification for
> > draft-liu-isis-auto-conf-04.txt
> > 
> > > > [Bing] The logic is this:
> > > > 1. At the initial stage, there is not much entropy for generating a
> > > > high quality Fingerprint. (This is the feedback from the
> > > > implementation team.) 2. Then, very unfortunately, the sys-id and
> > > Fingerprint both duplicated.
> > > > 3. At the time the Double-Duplication is detected, there should be
> > > > enough entropy (e.g. lots of random packets, LSP num etc.) to make
> > > > tiebreaker of the duplication.
> > > > Does this sound reasonable for you?
> > >
> > > [Les:] I would prefer that we define a robust fingerprint. This is not
> > > that difficult.  If there are concerns about the difficulties please
> > > make them public.
> > 
> > [Bing] It's not difficult to "define" one, but for small devices, there is some
> > practical difficulties.
> > I'll initiate another thread to discuss this issue.
> > 
> > _______________________________________________
> > Isis-wg mailing list
> > Isis-wg@ietf.org
> > https://www.ietf.org/mailman/listinfo/isis-wg