IETF Logo Mail Archive

Re: [lisp] Please Review 6830bis and 6833bis

"Joel M. Halpern" <jmh@joelhalpern.com> Mon, 13 March 2017 01:30 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F34511293F5 for <lisp@ietfa.amsl.com>; Sun, 12 Mar 2017 18:30:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.702
X-Spam-Level:
X-Spam-Status: No, score=-2.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 89U1KNMH1yU0 for <lisp@ietfa.amsl.com>; Sun, 12 Mar 2017 18:30:14 -0700 (PDT)
Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2168F12711D for <lisp@ietf.org>; Sun, 12 Mar 2017 18:30:14 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id 07EE1245C4F; Sun, 12 Mar 2017 18:30:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1489368614; bh=PuBc/vn7wOn+9sVzxqmTd9/XgeZjURHdw3sTCtfP9G4=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=XNc+TfNdKUwqFC/sUa75suTUq/umpOvQCY2YJ4dpiVt2oDm3cUN8KgzTTzh3s4CfM myDEH8t/9XqG8XkJynVahqQ0NJAhh7QiuH2MGCHVFAHdUVsF+uxJdQCQFmSf3d9DgB w2ZKOchqDU1peuIHQAW2MM71ifIMfS931Gjd7nVE=
X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net
Received: from Joels-MacBook-Pro.local (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 8E4F9240BBE; Sun, 12 Mar 2017 18:30:13 -0700 (PDT)
To: Dino Farinacci <farinacci@gmail.com>
References: <993CF58D-1A15-4D9D-B5AA-B281E55985DC@gigix.net> <3BFC5564-5D8A-4023-B228-27CB2658F925@gmail.com> <34c20b11-ffc6-6102-188a-c66393d56840@joelhalpern.com> <F8CBC5DF-E10C-4921-92AF-1CCDCE7F900A@gmail.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <148ccbe9-86c6-6e1c-a1c4-82b339cf2574@joelhalpern.com>
Date: Sun, 12 Mar 2017 21:30:12 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <F8CBC5DF-E10C-4921-92AF-1CCDCE7F900A@gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/CancgLjZOTYfu0NgHgqjHa95OZE>
Cc: LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] Please Review 6830bis and 6833bis
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Mar 2017 01:30:15 -0000

Dino, I am missing something.
If, as we both seem to be saying, the "policy-denied" response can go 
with any of the existing actions, how is the receiver to know which is 
intended by the responder?

Yours,
Joel


On 3/12/17 9:19 PM, Dino Farinacci wrote:
>> <participant Given taht the only error code field we have in the
>> map reply is the ACT field, I see why you want values for ACT to
>> represent these meanings.
>
> Right. It can be used to give additional information about the
> mapping database lookup.
>
>> As a minor point, the two new replies need to specify what the
>> action should be for each of them.
>
> Sure, I can right that text. It is obvious but does need to be
> spec’ed. It means that the ITR/PITR will drop packets since there is
> no RLOC-set. And follow the typical map-cache maintenance procedures
> for refreshing entries.
>
>> The bigger problem is that it is not clear that "policy-denied"
>> always goes with one of the existing 4 actions.
>
> The “Action” field is a bit of instruction that the mapping database
> lookup system provides.
>
>> (I have trouble constructing a policy-denied:Send-Map_Request, but
>> I can see cases for the other three.)
>
> Here is an example:
>
> (1) Dino (an xTR) registers an EID. (2) The registration policy
> indicates that Joel (an xTR) can only talk to me on weekends. (3) On
> Monday an EID behind you requests to talk to an EID behind me. The
> mapping systems returns to Joel the RLOC-set “Dino” and you can encap
> to me. (4) If that EID is sending the the EID behind me tonight, the
> mapping system returns an empty RLOC-set with Action
> “policy-denied”. (5) You can cache this fact in your map-cache and
> obviously have no where to encap to since an RLOC-set was not
> returned.
>
> So, in a nutshell, this is a {source, destination} based access-list
> that is enforced in the mapping system versus implemented in the
> data-plane in the encapsulator.
>
>> In contrast, since in the authentication failure case the
>> responding ETR has no idea who the ITR is, "No-Action" seems the
>> right behavior.
>
> “No-Action” is a default action type when there is no other error
> reason to return. Hence the desire to return more specific reasons
> for lookup failure or instructions the ITR should do on lookup
> success.
>
> Dino
>
>
>

v2.23.0 | Report a Bug | By Email