IETF Logo Mail Archive

Re: [lisp] Review of RFC6830bis

Alberto Rodriguez-Natal <rodrigueznatal@gmail.com> Tue, 24 October 2017 17:16 UTC

Return-Path: <rodrigueznatal@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C49DE13942C for <lisp@ietfa.amsl.com>; Tue, 24 Oct 2017 10:16:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jX_Oa9VPgfHZ for <lisp@ietfa.amsl.com>; Tue, 24 Oct 2017 10:16:09 -0700 (PDT)
Received: from mail-it0-x230.google.com (mail-it0-x230.google.com [IPv6:2607:f8b0:4001:c0b::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2203F138103 for <lisp@ietf.org>; Tue, 24 Oct 2017 10:16:09 -0700 (PDT)
Received: by mail-it0-x230.google.com with SMTP id j140so10948003itj.1 for <lisp@ietf.org>; Tue, 24 Oct 2017 10:16:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=83GnvkYaPZsBYELqF6m3bJ1V2epkQYuMOVvZKGNVdH8=; b=UiieCfKxxZAl+BBcDujP9b6fFAibYSPlKbQsKMO4id5eWTcY407hI61EGoEPVP15Um TV52razXYjvUZ79HG9+jGeoYR6XFcw9Sj0wUbNIBcOYKuzCwtTJv2D4RWby9P+9NRZVv WgBFVnx3SaLMxbbXNVsCtAaXbsvBNNVPrRv5u3cpj8/czB32rKPX502top25GMzfvxxZ RqoCsQhVqnuMGV2dzdxznm38N7hls08SKXokCQov7FI526ZQ4jXRB+hX8yWriGmhqUiA wjEp9AWGJJtJDYLC6dEdMk8q1Za4QGkAk41DAjg7s6i0ErEktlbZxaRHC5g6tnOMthiF 2LNA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=83GnvkYaPZsBYELqF6m3bJ1V2epkQYuMOVvZKGNVdH8=; b=VAG60Fips7nHRuJEK8HJYz+4+KsqifnH7Wgl08K6y5E7xyGA/PNGP2teA1knoFZy6A u7R0e0tG0Kt+35EMWYQD2ISf/RNiKS1vepEdrXDNQawaUdrmb5wlFeEq7qR/NuFuw9cy DjawIwTLvIUjdVwTLBd698Y9I2smODTaqf48uq1+nJXR7wJN/32XPxtRHq3a4sguFrxh BafOVwQs4fTOF56PklQkz37fUYc+CKAK9TqdqZMNCUdfov7E653EU/+RgppYX7Zb2KIF 0t6kQcHHZ63rdZ0k2YjCKN3uGrfgFG8E52tRfs2YK5ZooelNOIZvqQLIM6UDOMvAhzJy 3aHg==
X-Gm-Message-State: AMCzsaXBsE6wSOaZ2x0F16OZmfzGjf9pKPa0Zh8VrXDjTsYNevugf931 m2q0GuQ/GV3Sr3Z6meiLgMAGO5qUOrOt6JuVGDo=
X-Google-Smtp-Source: ABhQp+Rj/EtuhphTtJ4SP9DsZVKPAjn6an1kTVpN/qZTHyqmGf+pcz5O8fyHXK9UO93jWo71qWWWEN9YOIwY868CPmY=
X-Received: by 10.36.6.1 with SMTP id 1mr14370383itv.91.1508865367957; Tue, 24 Oct 2017 10:16:07 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.190.131 with HTTP; Tue, 24 Oct 2017 10:15:47 -0700 (PDT)
In-Reply-To: <1AAAC5C3-27FA-47A9-819F-42B2357E3A08@gmail.com>
References: <CA+YHcKHL2R2QdWEumJ3j19trhJB6STvW5q6RCGiLHnPHpDR05A@mail.gmail.com> <897096DF-C3CF-4D0C-8E04-ACEE85747C55@gmail.com> <CA+YHcKH=Htv274aopG0YB8Fw=0hkx0p4N95rGOwne9oL+84Nbg@mail.gmail.com> <1AAAC5C3-27FA-47A9-819F-42B2357E3A08@gmail.com>
From: Alberto Rodriguez-Natal <rodrigueznatal@gmail.com>
Date: Tue, 24 Oct 2017 10:15:47 -0700
Message-ID: <CA+YHcKEsmvz_4NjqB03B_f_DxM-X7eDHnJ5TFQjhy3c2HpZoHg@mail.gmail.com>
To: Dino Farinacci <farinacci@gmail.com>
Cc: "lisp@ietf.org list" <lisp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/4aa3_5eklZO3h7NhAVsdpQDjUrg>
Subject: Re: [lisp] Review of RFC6830bis
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2017 17:16:11 -0000

Thanks for making the changes Dino. See some extra responses below.


>>>> The same database mapping entries MUST be configured on all ETRs for a
>>>> given site.  In a steady state, the EID-Prefixes for the site and the
>>>> Locator-Set for each EID-Prefix MUST be the same on all ETRs.
>>>>
>>>> [AR] Is this still the case when overlapping prefixes and/or
>>>> merge-semantics are in place?
>>>
>>> Response (3).
>>>
>>> Well, yes. Let me answer with an example. Say there are two xTRs A and B and they are connecting the LISP site for 10.0.0.0/8. Say 10.1.0.0/16 moves out to another LISP site, a LISP site that is multihomed with xTRs A’ and B’. Both A’ and B’ need to be configured (i.e. in this case discover) that the /16 moved into their site.
>>
>> [AR2] My question was more with regard to the Locator-Set. Let's say
>> that two different ETRs serving the same site are registering only
>> their own RLOCs and are leveraging on the merge-semantics capability
>
> There was a decision back when RFC6830 was published to not support this. And that we would address it in the NAT-traversal document where the use-case required this behavior.

[AR3] But this is used today independently of NAT-traversal. It is not
uncommon to configure the ETRs with just the interfaces, not the
addresses, that should be used for RLOC connectivity. These interfaces
will then get dynamically assigned RLOC addresses (e.g. via DHCP) that
the ETRs will register to the Map-Server. The deployment is leveraging
on the merge capability of the Map-Server rather than on configuring
all the RLOC addresses in all the ETRs (since the addresses are
unknown at the time of configuration).

>>>> When multiple organizations inside of a LISP site are using private
>>>> addresses [RFC1918] as EID-Prefixes, their address spaces MUST remain
>>>> segregated due to possible address duplication.  An Instance ID in the
>>>> address encoding can aid in making the entire AFI-based address
>>>> unique.
>>>>
>>>> [AR] This text is used to introduce the concept of Instance-IDs. I
>>>> don't think we should mention private addresses here. Instance ID may
>>>> be used even when not private addresses are in place or for purposes
>>>> other than possible address duplication. If anything, the private
>>>> addresses duplication should be an example only.
>>>
>>> Response (1).
>>>
>>> Making a reference to private addresses is actually very important. There are a lot of container and VMs within cloud provider deployments that use it. It is probably the most popular use-case of LISP.
>>
>> [AR2] My intention was to state that we should not tie Instance-IDs to
>> the address duplication problem of private addresses. Indeed,
>> preventing address duplication is one of the major use-cases for
>> Instance-IDs but they are applicable beyond that particular use-case.
>
> I don’t follow your point, the fact you use EIDs within an IID means the EIDs are private to that IID. Regardless if they are RFC1918 addresses or registry allocated addresses.

[AR3] I would suggest the following text as a replacement for the
current paragraph. Feel free to edit as you see fit.

"There are several cases where segregation is needed at the EID level.
For instance, this is the case for deployments containing overlapping
addresses, traffic isolation policies or multi-tenant virtualization.
For these and others scenarios where segregation is needed, Instance
IDs can be used."

>>>> An ITR SHOULD only set the E-bit in an encapsulated data packet when
>>>> it knows the ETR is
>>>> enabled for echo-noncing.  This is conveyed by the E-bit in the
>>>> Map-Reply message.
>>>>
>>>> [AR] There should be probably a mention to merge-semantics and/or
>>>> proxy-reply here.
>>>
>>> Response (3).
>>>
>>> Why? Merge semantics only apply to Map-Registers. Not the Map-Reply an ETR sends to an ITR. That is when it conveys it can support echo-noncing.
>>
>> [AR2] My point was that merge-semantics and proxy-reply may affect the
>> E-bit process. For instance, if the MS is merging different
>> Map-Registers, (some with the E-bit set, some without), which value
>> for the E-bit should the MS return in a Map-Reply?
>
> It doesn’t because the Map-Server maintains the original individual Map-Registers as well. And RLOC-probing causes the E-bit to be specified in the Map-Reply by the ETR.

[AR3] How about we also include this sentence then?

"An ITR can always verify if an ETR supports echo-noncing via sending
an RLOC-probe to trigger a Map-Reply."

Alberto

v2.23.0 | Report a Bug | By Email