IETF Logo Mail Archive

Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09

Dino Farinacci <dino@lispers.net> Wed, 27 April 2022 22:36 UTC

Return-Path: <dino@lispers.net>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB0DAC159480 for <lisp@ietfa.amsl.com>; Wed, 27 Apr 2022 15:36:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lispers-net.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O0mTO_4EEFzu for <lisp@ietfa.amsl.com>; Wed, 27 Apr 2022 15:36:18 -0700 (PDT)
Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 979F8C157B32 for <lisp@ietf.org>; Wed, 27 Apr 2022 15:36:18 -0700 (PDT)
Received: by mail-pj1-x102b.google.com with SMTP id fv2so2629639pjb.4 for <lisp@ietf.org>; Wed, 27 Apr 2022 15:36:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lispers-net.20210112.gappssmtp.com; s=20210112; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=lzLwSVyqUMDBKreUZJt0OkSZ4mCeU1tNgFnf3OZpXM4=; b=4LQXjVYRw9AcO8+JHva6+P8hXDDEj2dV88tgOH+QZhH8R4HkyVXm8h+b0htcaBgdJd c1RdwGFvDqQzPA7hCXx5pZ7lqKS96LACVx9n1KOSw7nKD/5MIzHZmf+cZQdxXVQ2nxOf GUscRXQmKe8R//6lJNBNngOhqK+aVGLekzQFcBL/D399mX/frxPkhjfnAdbOVp7kVaDE Ika/RiOIpGzGybmAaGxVH2xxLUtObt05Iflh7pPogVYHTifY5oaspdBxPdzOWqojMvfG r4M8wj8qRpMRIJwdPyad+IwiNAPOaLgeL/15p24iMXgjpee6g0nEhEZvSr1/LDWTbSGP PIXg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=lzLwSVyqUMDBKreUZJt0OkSZ4mCeU1tNgFnf3OZpXM4=; b=TCnXrRZ6nqzRx+tXZRik4V5F8axWuFWUrxjffNN5iFEpMBMLCLqVAl+wE4gdY0kACd lhH2W5RsAVgGiWJ/iNh1UF4DyQtCpxYOj2Y6/0qIkLk5yPp1/I7rH7Ox/tBvHzmRBIxj 0BcZ5vQIiTimWZ9J+S+cX6dChrMLj4erPhmfLuodxZlL/o9cEKrtTxJ+9YCuZCrx1/wU SYP69hvYMhSp+kvB7kR7Zu8b2jQWHmXymV+8fjIV0Mp+B/h5Mx7dfSxqmLqHrLGUnGmZ klAGv8z9tbmW5aOn+5cV9hXf0wqEFvCAml3Ld6TCFYcMYUqz+2FwQRkHKf23Hh89Pxg9 lugw==
X-Gm-Message-State: AOAM533Z7kzAs4GyX+rkTCse3AHFmnaujZVp5W4ZTLhTo9scsC7WHy1V TZu41r2S6GC8VZGoImbLBHLzdkQRi84pVg==
X-Google-Smtp-Source: ABdhPJxsWIEflST7XHt8Gp19JhmnFrVIMA5jmCadFfjl9C9k/jbkv0/VeFouv/OI7Gn9UQ0mycWazQ==
X-Received: by 2002:a17:902:d5ce:b0:158:48db:9719 with SMTP id g14-20020a170902d5ce00b0015848db9719mr30394884plh.7.1651097428451; Wed, 27 Apr 2022 15:10:28 -0700 (PDT)
Received: from smtpclient.apple (c-98-33-34-184.hsd1.ca.comcast.net. [98.33.34.184]) by smtp.gmail.com with ESMTPSA id d8-20020a056a00198800b004fab740dbe6sm21392880pfl.15.2022.04.27.15.10.27 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 Apr 2022 15:10:27 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.80.82.1.1\))
From: Dino Farinacci <dino@lispers.net>
In-Reply-To: <BYAPR11MB3591A4E8856FF0AB54D6D989B6FA9@BYAPR11MB3591.namprd11.prod.outlook.com>
Date: Wed, 27 Apr 2022 15:10:25 -0700
Cc: Alvaro Retana <aretana.ietf@gmail.com>, "lisp@ietf.org list" <lisp@ietf.org>, "draft-ietf-lisp-pubsub@ietf.org" <draft-ietf-lisp-pubsub@ietf.org>, "lisp-chairs@ietf.org" <lisp-chairs@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D1B86857-499E-449F-9423-AD608A1D3DB7@lispers.net>
References: <CAMMESsyB6WXxZP-CxQ6xzYQ6rRC86TQPT+PDqc3+qvR364qdCw@mail.gmail.com> <C4E45F61-0F74-456F-860D-65500220B53E@lispers.net> <CAMMESsxsm=3MR-Rybo8m+LkUJpCnzg74GVHDfEPxLDhgxhvzYg@mail.gmail.com> <FB3CB22F-7DC2-4490-88A0-B0229C7AC647@lispers.net> <BYAPR11MB3591A4E8856FF0AB54D6D989B6FA9@BYAPR11MB3591.namprd11.prod.outlook.com>
To: "Alberto Rodriguez-Natal (natal)" <natal=40cisco.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3696.80.82.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/DoOIC_gM_xbGEYRXranYV9s_V6Q>
Subject: Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Apr 2022 22:36:20 -0000

Thanks Alberto. I can take care of the 6830bis and 6833bis changes if we need clarifications since it seems we have "opened" these documents for minor changes (per Luigi's email for 6834bis). I am waiting for Albert to give me the green flag for makingt the edits.

Dino

> On Apr 27, 2022, at 3:04 PM, Alberto Rodriguez-Natal (natal) <natal=40cisco.com@dmarc.ietf.org> wrote:
> 
> Hi Alvaro, Dino,
>  
> I scanned through the comments and discussion and it seems that we’re all on the same page. Thanks to both for the great suggestions. Give me some time to provide some comments here, since I don’t have the bandwidth right now. I’d also try to close vendor-lcaf before moving into PubSub.
>  
> Thanks!
> Alberto
>  
> From: Dino Farinacci <dino@lispers.net>
> Date: Wednesday, April 27, 2022 at 9:04 PM
> To: Alvaro Retana <aretana.ietf@gmail.com>
> Cc: lisp@ietf.org list <lisp@ietf.org>, draft-ietf-lisp-pubsub@ietf.org <draft-ietf-lisp-pubsub@ietf.org>, lisp-chairs@ietf.org <lisp-chairs@ietf.org>
> Subject: Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09
> 
> I agree with all your suggestions and hope Alberto will use as input to the changes he makes for the next rev.
> 
> >> [major] This is the only place, including rfc6830bis/rfc6833bis, where
> >>> "proxy-reply mode" is used. Is this operation specified anywhere,
> >>> maybe using a different name? This seems to be related to the
> >>> Map-Server being able to offer non-authoritative Map-Replies -- please
> >>> be specific.
> >> 
> >> In 6833bis, we refer to the P-bit in the Map-Register as "proxy Map-Reply
> >> bit". And occurs 11 times in 6833bis.
> > 
> > Ah, ok.  Please just be consistent with the terminology.  Not everyone
> > is as familiar with lisp -- including me, of course! :-)
> 
> We will make the pubsub be consistent with the text from 6833bis.
> 
> >> [major] What happens if one of these assumptions is not met? If the
> >>> rest of the specification is followed (setting the I and N bits, etc.)
> >>> what are the "failure scenarios" if the conditions are not met?
> >> 
> >> When the N bit is not set, the message is processed like a regular
> >> Map-Request (and state is not put in the subscription cache on the map-
> >> server). That wasn't clear? Alberto?
> > 
> > The assumptions I was referring to are these:
> > 
> > 129   3.  Deployment Assumptions
> > 
> > 131      The specification described in this document makes the following
> > 132      deployment assumptions:
> > 
> > 134      (1)  A unique 128-bit xTR-ID (plus a 64-bit Site-ID) identifier is
> > 135           assigned to each xTR.
> > 
> > 137      (2)  Map-Servers are configured in proxy-reply mode, i.e., they are
> > 138           solicited to generate and send Map-Reply messages for the
> > 139           mappings they are serving.
> > 
> > I think all I'm looking for is a short explanation that the pubsub
> > will not work.  Maybe something like this:
> > 
> >    If either assumption is not met, a subscription cannot be
> >    established and the network will continue operating without
> >    this enhancement.
> 
> Agree.
> 
> >> 144 4. Map-Request PubSub Additions
> >>> ...
> >>> 190 xTR-ID bit (I-bit): This bit is set to 1 to indicate that a 128
> >>> 191 bit xTR-ID and a 64 bit Site-ID fields are present at the end of
> >>> 192 the Map-Request message. For PubSub operation, an xTR MUST be
> >>> 193 configured with an xTR-ID and Site-ID, and it MUST set the I bit
> >>> 194 to 1 and include its xTR-ID and Site-ID in the Map-Request
> >>> 195 messages it generates.
> > ...
> >>> [major] "MUST set the I bit to 1 and include its xTR-ID and Site-ID"
> >>> 
> >>> What should the receiver do if the I bit is set but the ID fields are
> >>> not included?
> > ...
> >> 
> >> We will fix this. If the I bit not set, the Map-Request is not processed as a
> >> subscribe-request.
> > 
> > The question was the other way around: what if the I-bit is set but
> > the IDs are not included?   The lengths are handled by the IP/UDP
> 
> Then there will be a parsing error and the last 128-bits/64-bits of the packet will be mistakenly processed as an xTR-ID/Site-ID. It means the sender did not conform to the spec. It is an implementation bug.
> 
> > header lengths, so the Map-Request (and the rest of the packet) may
> > have the correct length while still having the I-bit set.
> > 
> > I assume the answer is that the subscription cannot be processed and
> > "normal" processing is done...but it should be stated in the document.
> 
> No, that is not what happens. And I believe we DON'T need to change 6833bis for this. Or the pubsub draft. If the sender sets the I-bit, it is saying the the xTR-ID/Site-ID are at the end of the message. A receiver can detect the error because after processing that last EID-record, if there are no bytes left from processing the message, it can conclude that the I-bit was set errorneously.
> 
> > 
> >>> 253 (3) The Map-Server MUST send the Map-Notify to one of the ITR-RLOCs
> >>> 254 received in the Map-Request (which one is implementation
> >>> 255 specific).
> >>> 
> >>> [major] Does this need to be specified here? Where are Map-Notify
> >>> messages sent to? I couldn't find a specific answer, but it seems to
> >>> me that choosing a destination address should be pretty "basic"; i.e.
> >>> something that should have been specified in the base spec.
> >> 
> >> It is basic but there are many choices, *especially* in the presents of NATs.
> >> You can send to one of the "Local" RLOCs or to the source IP address of the
> >> Map-Request. If you want to get the message back to the xTR you need to use
> >> the source IP address.
> > 
> > Yes.  The point was that choosing an address is not an issue that
> > comes up only when sending Map-Notify messages when using pubsub -- it
> > is a general issue.  Any considerations should be mentioned in the
> > "general" document (rfc6833bis) so that all extensions can benefit and
> > don't have to include additional text about it.
> 
> Well not totally true. It is only used because an ITR-RLOC is included in a Map-Request, so a responding Map-Reply message should use it. Since a Map-Notify is a Map-Request ack for a subscribption requesst, its only these two types of messages that have this issue. All other "replies" to "query type messages" uses the source IP address from the query.
> 
> > 
> > 
> >>> 331 When the xTR receives a Map-Notify with an EID not local to the xTR,
> >>> 332 the xTR knows that the Map-Notify has been received to update an
> >>> 333 entry on its map-cache. Processing of unsolicited Map-Notify
> >>> 334 messages MUST be explicitly enabled via configuration at the xTR.
> >>> 335 The xTR MUST keep track of the last nonce seen in a Map-Notify
> >>> 336 received as a publication from the Map-Server for the EID-Record. If
> >>> 337 a Map-Notify received as a publication has a nonce value that is not
> >>> 338 greater than the saved nonce, the xTR drops the Map-Notify message
> >>> 339 and logs the fact a replay attack could have occurred. To compare
> >>> 340 two nonces, the xTR uses the serial number arithmetic defined in
> >>> 341 [RFC1982] with SERIAL_BITS = 64. The nonce field space (64 bits) is
> >>> 342 considered large enough to not be depleted during normal operation of
> >>> 343 the protocol (e.g., assuming a fast publication rate of one Map-
> >>> 344 Notify per EID-Record per Map-Server per second, the nonce field
> >>> 345 space will not be depleted in 0.5 trillion years). The same
> >>> 346 considerations discussed in Section 5.6 of [I-D.ietf-lisp-rfc6833bis]
> >>> 347 regarding storing Map-Register nonces apply here for Map-Notify
> >>> 348 nonces.
> >>> 
> >>> [major] "Processing of unsolicited Map-Notify messages MUST be
> >>> explicitly enabled via configuration at the xTR."
> >>> 
> >>> rfc6833bis added the Map-Notify-Ack, but it doesn't require
> >>> configuration anywhere to process unsolicited Map-Notify messages.
> >>> IOW, this requirement is not in line with rfc6833bis.
> >> 
> >> Its because in 6833bis all Map-Notify messages are always solicited.
> > 
> > Yes, I missed that.
> > 
> > Can it be assumed that if the xTR sends a "subscription request" it
> > will accept unsolicited Map-Notify messages?  This may be an
> 
> Yes, but I'd argue about terminology. The Map-Notify is solicited because of the subscripton request. But the actual message is soliciting an acknowedge Map-Notify message.
> 
> We call it unsolicited, because some time later, if there is an RLOC-change to an EID subscribed, the message will come without any message requesting it (i.e. it is event triggered).
> 
> > implementation detail, but it seems to me that adding the extra
> > configuration step is unnecessary if the xTR is requesting the
> > information.
> 
> Right.
> 
> Dino
> 
> > 
> > 
> > Alvaro.
> > 
> > _______________________________________________
> > lisp mailing list
> > lisp@ietf.org
> > https://www.ietf.org/mailman/listinfo/lisp
> 
> _______________________________________________
> lisp mailing list
> lisp@ietf.org
> https://www.ietf.org/mailman/listinfo/lisp

v2.23.0 | Report a Bug | By Email