Re: [lisp] Map-Versioning
Dino Farinacci <dino@cisco.com> Tue, 02 June 2009 17:31 UTC
Return-Path: <dino@cisco.com>
X-Original-To: lisp@core3.amsl.com
Delivered-To: lisp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6F9653A6FEF for <lisp@core3.amsl.com>; Tue, 2 Jun 2009 10:31:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FVdNPkEEqWt2 for <lisp@core3.amsl.com>; Tue, 2 Jun 2009 10:31:10 -0700 (PDT)
Received: from sj-iport-3.cisco.com (sj-iport-3.cisco.com [171.71.176.72]) by core3.amsl.com (Postfix) with ESMTP id 593383A6FC3 for <lisp@ietf.org>; Tue, 2 Jun 2009 10:31:10 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.41,292,1241395200"; d="scan'208";a="166555217"
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-3.cisco.com with ESMTP; 02 Jun 2009 17:31:07 +0000
Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id n52HV7P6024674; Tue, 2 Jun 2009 10:31:07 -0700
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id n52HV7g6019643; Tue, 2 Jun 2009 17:31:07 GMT
Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 2 Jun 2009 10:31:07 -0700
Received: from [192.168.1.2] ([10.21.82.243]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 2 Jun 2009 10:31:07 -0700
Message-Id: <7442BA71-4AB7-46CC-9260-BDBF12854787@cisco.com>
From: Dino Farinacci <dino@cisco.com>
To: Sam Hartman <hartmans-ietf@mit.edu>
In-Reply-To: <tslk53u8zsu.fsf@mit.edu>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Tue, 02 Jun 2009 10:31:06 -0700
References: <tsleiu3exaj.fsf@mit.edu> <4A2404D0.9080406@joelhalpern.com> <4A240834.7000106@uclouvain.be> <tslws7vdgb2.fsf@mit.edu> <4A87C591-F5C3-4180-8FBB-D71E65F00145@net.t-labs.tu-berlin.de> <tslk53u8zsu.fsf@mit.edu>
X-Mailer: Apple Mail (2.935.3)
X-OriginalArrivalTime: 02 Jun 2009 17:31:07.0363 (UTC) FILETIME=[E9852330:01C9E3A7]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=3099; t=1243963867; x=1244827867; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dino@cisco.com; z=From:=20Dino=20Farinacci=20<dino@cisco.com> |Subject:=20Re=3A=20[lisp]=20Map-Versioning |Sender:=20; bh=Cx8/I90f1RfxVKvnYH0j0fdd6s8o0xJZFRCt0MevMEo=; b=UaRRVI745VoavoDgcDt8wI34er8SZlTuP6BovFjSkXTKvXUhZtsuw1Jl6Y JO2oRJsIaTeXKBsFXYwEipvGICOzj2lQuen30BuzBJAi6aezMqy1PUY3ADsK BxIyy4zUOA;
Authentication-Results: sj-dkim-2; header.From=dino@cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
Cc: Olivier Bonaventure <Olivier.Bonaventure@uclouvain.be>, lisp@ietf.org
Subject: Re: [lisp] Map-Versioning
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2009 17:31:11 -0000
Sam, let me phrase what we have been discussing another way. We have the following subject matters: (1) How to update ITRs which have old map-caches when a database mapping for a LISP site changes. (2) Should we put an 8-bit flags field in the data encapsulation header. (3) Are there anymore MTU issues. (4) Can the loc-reach-bits in the data encapsulation header can compromised. I believe the status for each is: (1) You can use SMRs for map-cache updates according to the existing spec or you can use draft-iannone-lisp-mapping-versioning-00.txt, referred to as "map-versioning". The later requires header format changes and Luigi gave 3 options in his IETF presentation. (2) We have *some* consensus gain on this. However, the E-bit for doing nonce-echoing has not been fully flushed out. So we should wait for changes IMO. (3) I looked through all of Fred Templin's emails and his suggested text and made clarifying changes to draft-ietf-lisp-01.txt. So I think this issue is closed. We have 2 mechanisms to deal with MTU issues with encapsulation. One is stateless and the other is stateful which was offered by Luigi and team. They are simple mechanisms that use existing standards (Fragmentation and PMTU Discovery). (4) We have documented in the latest spec (went in many revisions ago) that the loc-reach-bits are a hint and used for a certain class of failures (close to the destination LISP site) and that the loc-reach- bits need verification by round-trip exchange between the receiver (that wants to take action on the loc-reach-bit change) and the sender of the loc-reach-bits. Dino On Jun 2, 2009, at 7:40 AM, Sam Hartman wrote: > Your slides jump right into describing the solution with map > versioning, which really isn't such a great place to start a > discussion of it. > > That discussion should start with the problem. > > If I understand the mail between you and Dino correctly, there are two > concerns you have. > > 1) An attacker can manipulate the reachability bits and either create > a DOS or cause traffic to take a path that gives the attacker some > advantage. > > 2) Certain update situations could get the ITR and ETR out of sync > about what the reachability bits map to and this could cause a problem > for traffic. > > Is that the problem you're trying to solve? > > Dino's answer seems to be that: > > 1) If you care about these attacks you can verify the reachability > bits. Presumably we (the WG) will need to consider what mandatory > guidance to give on this issue if we don't adopt map versioning. > > 2) There exist algorithms for adding/removing a locator in which the > changes to the reachability bits are non-ambiguous. Presumably if we > don't adopt map versioning we'll need to make sure that the spec > mandates such an update procedure. > > Have I got things right as far as I've gone? > _______________________________________________ > lisp mailing list > lisp@ietf.org > https://www.ietf.org/mailman/listinfo/lisp
- [lisp] How blocked on versioning and PMTU are we? Sam Hartman
- Re: [lisp] How blocked on versioning and PMTU are… Joel M. Halpern
- Re: [lisp] How blocked on versioning and PMTU are… Damien Saucez
- Re: [lisp] How blocked on versioning and PMTU are… Sam Hartman
- [lisp] Map-Versioning Luigi Iannone
- Re: [lisp] Map-Versioning Sam Hartman
- Re: [lisp] Map-Versioning Dino Farinacci
- Re: [lisp] Map-Versioning Olivier Bonaventure
- [lisp] Path MTU concerns and proposed resolutions Templin, Fred L
- Re: [lisp] Path MTU concerns and proposed resolut… Sam Hartman
- Re: [lisp] Path MTU concerns and proposed resolut… Dino Farinacci
- Re: [lisp] Path MTU concerns and proposed resolut… Eliot Lear
- Re: [lisp] Map-Versioning Dino Farinacci
- Re: [lisp] Map-Versioning Joel M. Halpern
- Re: [lisp] Map-Versioning Dino Farinacci
- Re: [lisp] Path MTU concerns and proposed resolut… Templin, Fred L
- Re: [lisp] Path MTU concerns and proposed resolut… Templin, Fred L
- Re: [lisp] Map-Versioning Olivier Bonaventure
- [lisp] SEAL-lite Templin, Fred L
- Re: [lisp] SEAL-lite Sam Hartman
- Re: [lisp] SEAL-lite Templin, Fred L
- Re: [lisp] Path MTU concerns and proposed resolut… Templin, Fred L
- Re: [lisp] SEAL-lite Templin, Fred L
- Re: [lisp] Path MTU concerns and proposed resolut… Templin, Fred L
- Re: [lisp] Map-Versioning Luigi Iannone
- Re: [lisp] Map-Versioning Luigi Iannone
- Re: [lisp] Path MTU concerns and proposed resolut… Templin, Fred L
- [lisp] Question regarding LISP+ALT Michael Menth
- Re: [lisp] Question regarding LISP+ALT David Meyer
- Re: [lisp] Question regarding LISP+ALT Michael Menth
- Re: [lisp] Question regarding LISP+ALT David Meyer
- Re: [lisp] Path MTU concerns and proposed resolut… Sam Hartman
- Re: [lisp] Path MTU concerns and proposed resolut… Templin, Fred L
- Re: [lisp] Map-Versioning Dino Farinacci
- Re: [lisp] Map-Versioning Dino Farinacci
- Re: [lisp] Map-Versioning Sam Hartman
- Re: [lisp] Map-Versioning Dino Farinacci
- Re: [lisp] Map-Versioning Luigi Iannone
- Re: [lisp] Map-Versioning Luigi Iannone
- Re: [lisp] Map-Versioning Templin, Fred L
- Re: [lisp] [#1] Path MTU concerns and proposed re… Sam Hartman
- Re: [lisp] Map-Versioning Dino Farinacci
- Re: [lisp] Map-Versioning Luigi Iannone
- Re: [lisp] Map-Versioning John Zwiebel
- Re: [lisp] Map-Versioning Luigi Iannone