IETF Logo Mail Archive

Re: [lisp] Please Review 6830bis and 6833bis

"Joel M. Halpern" <jmh@joelhalpern.com> Mon, 13 March 2017 01:59 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68A8F12944E for <lisp@ietfa.amsl.com>; Sun, 12 Mar 2017 18:59:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.702
X-Spam-Level:
X-Spam-Status: No, score=-2.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6wQjLLH6UiAt for <lisp@ietfa.amsl.com>; Sun, 12 Mar 2017 18:59:41 -0700 (PDT)
Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E5AF1293F5 for <lisp@ietf.org>; Sun, 12 Mar 2017 18:59:41 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id 7C2F5240BBE; Sun, 12 Mar 2017 18:59:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1489370381; bh=B+T1+/9et3xgyMML+zXOY26G7V63KaNLivjh2yUCMEk=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=NK+GNG5vafCmHL0u2PC1BsuxJP6PoFVLKLGmXwv42B+QYefmB++YkYiNOOImDjifg pVvYdM43vpxAxuJg7L7narKlEXWEki3JSt+vo1qkagw0/Mxx56nH8K8YAxVvIzM4OL AkXHxuo24GNrazdcTEu0++GZnVxCWtqu+kVfu6zo=
X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net
Received: from Joels-MacBook-Pro.local (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 11EDB240469; Sun, 12 Mar 2017 18:59:40 -0700 (PDT)
To: Dino Farinacci <farinacci@gmail.com>
References: <993CF58D-1A15-4D9D-B5AA-B281E55985DC@gigix.net> <3BFC5564-5D8A-4023-B228-27CB2658F925@gmail.com> <34c20b11-ffc6-6102-188a-c66393d56840@joelhalpern.com> <F8CBC5DF-E10C-4921-92AF-1CCDCE7F900A@gmail.com> <148ccbe9-86c6-6e1c-a1c4-82b339cf2574@joelhalpern.com> <5B81BE0A-37B7-4A7E-941E-C8353E42EC3D@gmail.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <9d479957-5385-b972-2612-d218a4be69b0@joelhalpern.com>
Date: Sun, 12 Mar 2017 21:59:40 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <5B81BE0A-37B7-4A7E-941E-C8353E42EC3D@gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/69DpgQT4GkhwgFOOOHHEleN_-i8>
Cc: LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] Please Review 6830bis and 6833bis
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Mar 2017 01:59:42 -0000

<just to be clear, still hatless, jsut trying to understand as a
participant>

It looks to me like Policy_Denied and Authentication-Failure are error 
codes, not dispositions.  They presumably go with the "Drop" action (as 
is the defined behavior for any ACT which is not understood.

Given that the action is the same as Drop, it seems safe, but odd, to 
use different action codes.  Is there a difference in the action at the 
receiver?

If there is no difference, would it not make sense to encode this 
information in some other field?  It seems to be for diagnositirc 
purposes, not action.

Yours,
Joel

On 3/12/17 9:45 PM, Dino Farinacci wrote:
>> Dino, I am missing something. If, as we both seem to be saying, the
>> "policy-denied" response can go with any of the existing actions,
>> how is the receiver to know which is intended by the responder?
>
> I don’t think it does. Let’s look at each existing action:
>
>> (0) No-Action
>
> This action code comes with a RLOC-set and tells an ITR to
> encapsulate to RLOCs in the RLOC-set. This is certainly not denying
> anything.
>
>> (1) Natively-Forward
>
> This is an action code that tells the ITR that the EID it requested
> is not in the mapping system and could be a non-EID and the address
> is routable in the underlay. This is certainly not denying anything.
>
>> (2) Send-Map-Request
>
> This action code could be returned when overlapping EID-prefixes are
> registered to the mapping system. This is an instruction from the
> Map-Replier (either from an ETR or a map-server) that a longest match
> lookup that matches this entry should invoke a Map-Request.
>
>> (3) Drop
>
> This action code is telling the ITR to drop packets, but has no
> specific reason for doing so.
>
> The two new action codes I am proposing (and if others think there
> could be more, please suggest them):
>
> (4) Policy-Denied
>
> An access-list violation is denied and the requestor must not get the
> RLOC-set due to the policy configured in the ETR or Map-Server.
>
> (5) Authentication-Failure
>
> Whatever authentication mechanism that is being used, the verifier
> has decided the Map-Requester cannot get access to the registered
> database-mapping.
>
> I believe, based on how I describe it above, they are all discrete.
>
> Dino
>
>
>

v2.23.0 | Report a Bug | By Email