IETF Logo Mail Archive

Re: [lisp] Eric Rescorla's Discuss on draft-ietf-lisp-rfc6833bis-16: (with DISCUSS and COMMENT)

Dino Farinacci <farinacci@gmail.com> Tue, 09 October 2018 00:41 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3ADA9130F63; Mon, 8 Oct 2018 17:41:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cIl6_D1jod61; Mon, 8 Oct 2018 17:41:43 -0700 (PDT)
Received: from mail-pg1-x535.google.com (mail-pg1-x535.google.com [IPv6:2607:f8b0:4864:20::535]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53146130E16; Mon, 8 Oct 2018 17:41:43 -0700 (PDT)
Received: by mail-pg1-x535.google.com with SMTP id n31-v6so8567389pgm.7; Mon, 08 Oct 2018 17:41:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=GZRGvQPg1O4U2hVrc6hRozdPaqsLDvkHbn8vHOg3T2s=; b=tQJXNTA2Rfs83+LTIN3slS8hZo1oxsrr7Bt7s7zzn2h3prfKBsSRhDe1Tw7Mo85C22 KFRlq3D9GLQR/Cc7IeLro2pExeZ4WjEogIsLVcc5dJP33YUapcySu55L+8x4pJdl5tYQ DD3uNhGZ2wDPJavmY+kxFeaHl6JsC7Exxemtxys0MRXZJPzdhmbIzgUkcCs9rcEsbgDY BcxmEPknL5TK3BOnHQUG5t5SM/+haW410z8qwP/w2Y/w/+bD3IUc8t9sHS+45MdsB8l4 DshfQeKcQsujTXe0uHZG+NtcZ9323iUYovHad2/m8G8ZW4Fl3f1dVGG58QURobfouT+R y6Uw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=GZRGvQPg1O4U2hVrc6hRozdPaqsLDvkHbn8vHOg3T2s=; b=V2DFC5fwMp/WZB6Q8VZzldtq3sO9Y4WjZ/PTTMfbtMXoLueb0qn2YC9BiyOnbFag/Z tpS9IZ5E2yyytISC10lquSTNI4uNRMLwSv829+NexTn0fX6vi1fd1P3B4VTZ4OU8KmtW 0ymk3mDZHPLMlphXrjFOWHhjsGe4Slu62ZfXTlaAiDhijTyCSsFsyr4KnDUCATdcr/F3 P+FCEX9bkxycCQXzLKvFM7FV5yj1h5Af+eqrhmRMAXIQ81LhqlSGOeYV8DGDJ/Qtqi6c 4ZzOR/nAVGiOrLspjoJgklNv4PiQtSghxTje5MGFRO1m/jgYJ7EVs4LLsGykGdbkh2QZ 04tA==
X-Gm-Message-State: ABuFfojOwkCWANiBWGOatruHqVcffRn4Lc6w5qqfKTOSCqWQug6rkvUZ LUFq91vcOoTRWbfPY/KWPsztaQtR
X-Google-Smtp-Source: ACcGV61XuaaSPvSpP7Q12fmcFZ7RIJOPh6PJ+xFTGfoL2AwbfW/Q/l7pbp1vUISdVaevoyb/ydx8aA==
X-Received: by 2002:a62:2458:: with SMTP id r85-v6mr27944386pfj.30.1539045702606; Mon, 08 Oct 2018 17:41:42 -0700 (PDT)
Received: from ?IPv6:2603:3024:151c:55f0:6c34:62cc:9f7d:1f1d? ([2603:3024:151c:55f0:6c34:62cc:9f7d:1f1d]) by smtp.gmail.com with ESMTPSA id b3-v6sm25939486pfb.151.2018.10.08.17.41.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 08 Oct 2018 17:41:41 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <CABcZeBNj_2o-5rVJBog+-OcDNEwrsPERmPbxQ6u47X6dFjFkkw@mail.gmail.com>
Date: Mon, 08 Oct 2018 17:41:39 -0700
Cc: IESG <iesg@ietf.org>, draft-ietf-lisp-rfc6833bis@ietf.org, Luigi Iannone <ggx@gigix.net>, lisp-chairs@ietf.org, "lisp@ietf.org list" <lisp@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <923B651B-873C-434D-91BC-2727E8130258@gmail.com>
References: <153805056019.26512.877252229948689152.idtracker@ietfa.amsl.com> <F1E6357D-0A02-4A2E-B98E-7B34D7AB5EA0@gmail.com> <CABcZeBMbAoo_UUjdhn0vU-cQrH9XQvs6VohBzs7q=BjbVi1BVQ@mail.gmail.com> <27454678-1FED-43EC-9D65-72F18487E619@gmail.com> <CABcZeBNj_2o-5rVJBog+-OcDNEwrsPERmPbxQ6u47X6dFjFkkw@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/L343CnOUbZnunqIryyPkeED_BHk>
Subject: Re: [lisp] Eric Rescorla's Discuss on draft-ietf-lisp-rfc6833bis-16: (with DISCUSS and COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Oct 2018 00:41:47 -0000

Sorry the delay Eric.

> 
> > > S 5.5.
> > >>        is being mapped from a multicast destination EID.
> > >> 
> > >>  5.5.  EID-to-RLOC UDP Map-Reply Message
> > >> 
> > >>     A Map-Reply returns an EID-Prefix with a prefix length that is less
> > >>     than or equal to the EID being requested.  The EID being requested is
> > > 
> > > How do I behave if I receive an EID-Prefix that is less than any of my
> > > mappings. So, I might have mappings for 10.1.0.0/16 and 10.2.0.0/16
> > > and someone asks me for 10.0.0.0/8?
> 
> > 
> > I think I'm still unclear on this point.
> 
> The spec says you cache it. That is all you can do. But it means the sender of the Map-Reply is not spec conformant. That means RLOCs are used for the coarser EID-prefix.
> 
> Sorry, cache it? My question is how to respond to the case where the Map-Request has this property.

I thought you were referring to the Map-Reply. If a Map-Request is sent for 10.0.0.0/8 a replier needs to return in a Map-Reply /8, if it is registered in the mapping system as well as all more specifics. That is seldom done since a Map-Request is triggered for a destination EID in an IP packet, but a “lig” client to ask to see if the coarser prefix exists.

> > 
> > Also, when you talk about prefix
> > > length, I assume you mean the length fo the mask?
> > 
> > Yes, this is explained later in this section. Was that not helpful??
> > 
> > I found it a bit confusing. It seems to me like there are two lengths involved here:
> > 
> > - The length of the field (4 or 16)
> > - The parts of the field that are significant (i.e., the mask)
> 
> In routing, as you know, the mask-length is always the same as the prefix-length. It is the number of bits in the mask.
> 
> 
> > I had thought that "prefix length" referred to the former, but it seems like here it
> > refers to the latter.
> 
> The length of the address is defined by the 16-bit AFI that precedes the address.
> 
> I agree, but the text refers to this as the prefix and it has a length, which is the length of the encoded field, not the length of the mask, as seen in this excerpt:
> 
>    EID-Prefix:  This prefix is 4 octets for an IPv4 address family and
>       16 octets for an IPv6 address family when the EID-Prefix-AFI is 1
>       or 2, respectively.  For other AFIs [AFI], the length varies and
>       for the LCAF AFI the format is defined in [RFC8060].  When a Map-

I will make this more clear. Thanks for the comment. Fixed in the section you cite and make it more clear the different of “address length” and “mask length” in the “EID-Prefix” definition.

> > 
> > > S 5.
> > >>       \ |           UDP Length          |        UDP Checksum           |
> > >>         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> > >>         |                                                               |
> > >>         |                         LISP Message                          |
> > >>         |                                                               |
> > >>         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> > > 
> > > What do these two diagrams correspond to? v4 and v6? This needs
> > > explanation.
> > 
> > It is th entire IP packet sent as a LISP control-message. The header before the diagrams indicate they are UDP packets.
> > 
> > A caption would probably help.
> 
> The beginning of the section shows an IPv4 UDP packet format as well as a IPv6 UDP packet format.
> 
> Agreed. I'm just saying you should put in a caption on each of them.

Done.

> >  
> > > S 5.3.
> > >>     originating Map-Request source.  If the RLOC is not in the Locator-
> > >>     Set, then the ETR MUST send the "verifying Map-Request" to the
> > >>     "piggybacked" EID.  Doing this forces the "verifying Map-Request" to
> > >>     go through the mapping database system to reach the authoritative
> > >>     source of information about that EID, guarding against RLOC-spoofing
> > >>     in the "piggybacked" mapping data.
> > > 
> > > This text here doesn't seem compatible with either of the two cases
> > > listed in "EID-prefix" above.
> > 
> > I don’t understand the comment Eric. Maybe because I can’t find the exact reference to EID-prefix where you think there is a conflict. Please cite for me. Thanks.
> > 
> > This does seem to have been assigned to the wrong text.
> > 
> > I am referring to:
> > 
> > "   A Map-Reply returns an EID-Prefix with a prefix length that is less
> >    than or equal to the EID being requested.  The EID being requested is
> >    either from the destination field of an IP header of a Data-Probe or
> >    the EID record of a Map-Request.  The RLOCs in the Map-Reply are
> > "
> > 
> > versus
> > 
> > "   EID-Prefix:  This prefix is 4 octets for an IPv4 address family and
> >       16 octets for an IPv6 address family when the EID-Prefix-AFI is 1
> >       or 2, respectively.  For other AFIs [AFI], the length varies and
> >       for the LCAF AFI the format is defined in [RFC8060].  When a Map-
> > "
> > 
> > This is just the question of whether "prefix length" refers to the field or
> > the significant bits of the field.
> 
> Prefix-length = mask-length = number-of-bits-in-mask = value-after-/.
> 
> OK, but then this second excerpt seems contradictory. We have an EID-Prefix field which has a different length which is dictated by the AFI only.

It is not contracdictory. Let me explain, if I have a map-cache entry 10.0.0.0/8 and I want to query the mapping system, then I send a Map-Request for 10.0.0.0/8. What comes back in the Map-Reply is the /8 and more specifics if they are registered.

The definition section is saying what is in a Map-Request and the other section that is describing behavior when a Map-Reply is returned.

> > > S 8.3.
> > >>     of the mapping database protocols.
> > >> 
> > >>  8.3.  Map-Server Processing
> > >> 
> > >>     Once a Map-Server has EID-Prefixes registered by its client ETRs, it
> > >>     can accept and process Map-Requests for them.
> > > 
> > > This section is confusing because the introduction says that this
> > > function is only performed by Map-Resolvers:
> > > '
> > > "The LISP Mapping Service defines two new types of LISP-speaking
> > >   devices: the Map-Resolver, which accepts Map-Requests from an
> > > Ingress
> > >   Tunnel Router (ITR) and "resolves" the EID-to-RLOC mapping using a 
> > >   mapping database; and the Map-Server, which learns authoritative
> > > EID-
> > >   to-RLOC mappings from an Egress Tunnel Router (ETR) and publishes
> > >   them in a database.”
> > 
> > The document does cover the operation of a Map-Resolver and a Map-Server. Some functions are performed only by Map-Resolvers only and other different functions are performed by Map-Servers only.
> > 
> > I am not sure what you don’t understand.
> > 
> > Sure: As I understand it, Map Resolvers process Map Requests, and Map Servers do not (that's what the quoted text seems to say). However, this sentence talks about a Map Server processing a Map Request.  That's where I am confused.
> 
> Here is a brief scenario:
> 
> (1) ITR sends Map-Request to a Map-Resolver.
> (2) Map-Resolver “finds” the Map-Server where the EID could be registered. That is the mapping database transport system, two examples are LISP-ALT and LISP-DDT.
> (3) The Map-Resolver in the case of LISP-DDT, will have a referral-cache and know which map-server is authoriative for the EID-prefix the Map-Request EID is for.
> (4) The Map-Resolver forwards the Map-Request to that Map-Server.
> 
> And hence Map-Servers process Map-Requests. The Map-Server can proxy-reply with the RLOC-set cached in its site-cache or forward to one or more ETRs (described by the RLOC-set) so they can map-reply.
> 
> Sure, this seems reasonable, but then perhaps the text above could be revised, because it reads like Map Resolvers process these requests and therefore implies that Map-Servers do not.

In the intro we are trying to explain at high-level the service interface. But since Map-Resolvers forward Map-Requests to Map-Servers, they process them to. But its through indirection.

Dino

v2.23.0 | Report a Bug | By Email