Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09
Alvaro Retana <aretana.ietf@gmail.com> Wed, 27 April 2022 11:29 UTC
Return-Path: <aretana.ietf@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B68FC1594A5; Wed, 27 Apr 2022 04:29:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TRRJFNkgn1WK; Wed, 27 Apr 2022 04:29:41 -0700 (PDT)
Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [IPv6:2a00:1450:4864:20::331]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0175AC23902B; Wed, 27 Apr 2022 04:29:08 -0700 (PDT)
Received: by mail-wm1-x331.google.com with SMTP id m62so956779wme.5; Wed, 27 Apr 2022 04:29:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc:content-transfer-encoding; bh=rB2J8cgDh5UQtO2kf09etIH2QodRiT4MLVvSLCmOg34=; b=Z/nqvDJWH2706vdqxKcyOzjbaYRnY26vyg39FxJ4nDka9Ybmap1rdTu5FYJxdIx0bl 4D8jUuVib139zOKOn8r+ZfGbRFkDq+ZhlBGOtRvDqeQVAHHD6iTveSCe1xb0gDNWzFpu kbeu6T1ySMx9pG6bN69YlvbZBsWTXeU2XNQcw9HbQ0AS/EUSXCzXp19cINUql1Z+NDdV o2/ZjdPdujo4Vbr54hwCcjSi1axcYPjRB/IwcI+LOzTwLT5BuV10GV9enkUQhiN9NaHe jwRkzqgc3jSY1Ra4v3U378FdeKpD0iR4TFsTbkY5CnETYr+8NUUKbk+PyqJ06xVtGFrD d+AQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc:content-transfer-encoding; bh=rB2J8cgDh5UQtO2kf09etIH2QodRiT4MLVvSLCmOg34=; b=VPdZtDtKkDmasGg9hWDEDHHZJ9XEe46Ehyh+UjutOq+lWMyYyKC5OCwX/7Xt1fsOX/ JNAYJTjjQaiZddJYAqIW3mMrg3Fdnvzb8WJ/fyZZcGgbUJxE+q2Jk8DAerWYeyike3Wi iRppEmqW6hhDmXKVc/f3CCELBdpY0QEEMDpOCRiEbbABXiw2Yu8r/J2F3mJB2fXEhiPD nX6/qCyxFX/yrpI34NtU0mTV1AFITJa9A69aGvzCs6NgGlw97AoJzND+zKZiUSBs8vEI 4RUHw3IF2C3ecFo8CZLuCCjnwBpQkUgHWUAXc+JkucssodTQY7wLXLcT+0xKM1/scp27 5DCA==
X-Gm-Message-State: AOAM532caVBiK6Ro4jN77BqJNWBKAj/5r5VuCBS3KX+0RoEU1RNS9wY2 8llU+C2qua7AuocKgmien/6URophYz8PSVj2DSFUMqgHwbI=
X-Google-Smtp-Source: ABdhPJxkxAcKauGqDyb+ww2WW/VELt2THuZsZ1ZIR8p0TN/P8B0VFIt8qiW/Bvk9fjML+Ld/IBz6i9NlfS7uWolPvAM=
X-Received: by 2002:a05:600c:3d18:b0:38e:c876:190c with SMTP id bh24-20020a05600c3d1800b0038ec876190cmr34522546wmb.19.1651058946749; Wed, 27 Apr 2022 04:29:06 -0700 (PDT)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Wed, 27 Apr 2022 04:29:06 -0700
From: Alvaro Retana <aretana.ietf@gmail.com>
In-Reply-To: <C4E45F61-0F74-456F-860D-65500220B53E@lispers.net>
References: <CAMMESsyB6WXxZP-CxQ6xzYQ6rRC86TQPT+PDqc3+qvR364qdCw@mail.gmail.com> <C4E45F61-0F74-456F-860D-65500220B53E@lispers.net>
MIME-Version: 1.0
Date: Wed, 27 Apr 2022 04:29:06 -0700
Message-ID: <CAMMESsxsm=3MR-Rybo8m+LkUJpCnzg74GVHDfEPxLDhgxhvzYg@mail.gmail.com>
To: Dino Farinacci <dino@lispers.net>
Cc: lisp@ietf.org, draft-ietf-lisp-pubsub@ietf.org, lisp-chairs@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/YsKXb8JqApyF2k9O5XvVcPA0Akc>
Subject: Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Apr 2022 11:29:42 -0000
On April 26, 2022 at 6:05:24 PM, Dino Farinacci wrote: > Alvaro, here are some responses. I cut out text I didn't need to comment on. Thanks Dino -- some replies inline. > > [major] This is the only place, including rfc6830bis/rfc6833bis, where > > "proxy-reply mode" is used. Is this operation specified anywhere, > > maybe using a different name? This seems to be related to the > > Map-Server being able to offer non-authoritative Map-Replies -- please > > be specific. > > In 6833bis, we refer to the P-bit in the Map-Register as "proxy Map-Reply > bit". And occurs 11 times in 6833bis. Ah, ok. Please just be consistent with the terminology. Not everyone is as familiar with lisp -- including me, of course! :-) > > [major] What happens if one of these assumptions is not met? If the > > rest of the specification is followed (setting the I and N bits, etc.) > > what are the "failure scenarios" if the conditions are not met? > > When the N bit is not set, the message is processed like a regular > Map-Request (and state is not put in the subscription cache on the map- > server). That wasn't clear? Alberto? The assumptions I was referring to are these: 129 3. Deployment Assumptions 131 The specification described in this document makes the following 132 deployment assumptions: 134 (1) A unique 128-bit xTR-ID (plus a 64-bit Site-ID) identifier is 135 assigned to each xTR. 137 (2) Map-Servers are configured in proxy-reply mode, i.e., they are 138 solicited to generate and send Map-Reply messages for the 139 mappings they are serving. I think all I'm looking for is a short explanation that the pubsub will not work. Maybe something like this: If either assumption is not met, a subscription cannot be established and the network will continue operating without this enhancement. > > 144 4. Map-Request PubSub Additions > > ... > > 190 xTR-ID bit (I-bit): This bit is set to 1 to indicate that a 128 > > 191 bit xTR-ID and a 64 bit Site-ID fields are present at the end of > > 192 the Map-Request message. For PubSub operation, an xTR MUST be > > 193 configured with an xTR-ID and Site-ID, and it MUST set the I bit > > 194 to 1 and include its xTR-ID and Site-ID in the Map-Request > > 195 messages it generates. ... > > [major] "MUST set the I bit to 1 and include its xTR-ID and Site-ID" > > > > What should the receiver do if the I bit is set but the ID fields are > > not included? ... > > We will fix this. If the I bit not set, the Map-Request is not processed as a > subscribe-request. The question was the other way around: what if the I-bit is set but the IDs are not included? The lengths are handled by the IP/UDP header lengths, so the Map-Request (and the rest of the packet) may have the correct length while still having the I-bit set. I assume the answer is that the subscription cannot be processed and "normal" processing is done...but it should be stated in the document. > > 253 (3) The Map-Server MUST send the Map-Notify to one of the ITR-RLOCs > > 254 received in the Map-Request (which one is implementation > > 255 specific). > > > > [major] Does this need to be specified here? Where are Map-Notify > > messages sent to? I couldn't find a specific answer, but it seems to > > me that choosing a destination address should be pretty "basic"; i.e. > > something that should have been specified in the base spec. > > It is basic but there are many choices, *especially* in the presents of NATs. > You can send to one of the "Local" RLOCs or to the source IP address of the > Map-Request. If you want to get the message back to the xTR you need to use > the source IP address. Yes. The point was that choosing an address is not an issue that comes up only when sending Map-Notify messages when using pubsub -- it is a general issue. Any considerations should be mentioned in the "general" document (rfc6833bis) so that all extensions can benefit and don't have to include additional text about it. > > 331 When the xTR receives a Map-Notify with an EID not local to the xTR, > > 332 the xTR knows that the Map-Notify has been received to update an > > 333 entry on its map-cache. Processing of unsolicited Map-Notify > > 334 messages MUST be explicitly enabled via configuration at the xTR. > > 335 The xTR MUST keep track of the last nonce seen in a Map-Notify > > 336 received as a publication from the Map-Server for the EID-Record. If > > 337 a Map-Notify received as a publication has a nonce value that is not > > 338 greater than the saved nonce, the xTR drops the Map-Notify message > > 339 and logs the fact a replay attack could have occurred. To compare > > 340 two nonces, the xTR uses the serial number arithmetic defined in > > 341 [RFC1982] with SERIAL_BITS = 64. The nonce field space (64 bits) is > > 342 considered large enough to not be depleted during normal operation of > > 343 the protocol (e.g., assuming a fast publication rate of one Map- > > 344 Notify per EID-Record per Map-Server per second, the nonce field > > 345 space will not be depleted in 0.5 trillion years). The same > > 346 considerations discussed in Section 5.6 of [I-D.ietf-lisp-rfc6833bis] > > 347 regarding storing Map-Register nonces apply here for Map-Notify > > 348 nonces. > > > > [major] "Processing of unsolicited Map-Notify messages MUST be > > explicitly enabled via configuration at the xTR." > > > > rfc6833bis added the Map-Notify-Ack, but it doesn't require > > configuration anywhere to process unsolicited Map-Notify messages. > > IOW, this requirement is not in line with rfc6833bis. > > Its because in 6833bis all Map-Notify messages are always solicited. Yes, I missed that. Can it be assumed that if the xTR sends a "subscription request" it will accept unsolicited Map-Notify messages? This may be an implementation detail, but it seems to me that adding the extra configuration step is unnecessary if the xTR is requesting the information. Alvaro.
- [lisp] AD Review of draft-ietf-lisp-pubsub-09 Alvaro Retana
- [lisp] draft-ietf-lisp-pubsub-09 Robert Raszuk
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Alberto Rodriguez-Natal (natal)
- Re: [lisp] draft-ietf-lisp-pubsub-09 Alberto Rodriguez-Natal (natal)
- Re: [lisp] draft-ietf-lisp-pubsub-09 Robert Raszuk
- Re: [lisp] draft-ietf-lisp-pubsub-09 Alberto Rodriguez-Natal (natal)
- Re: [lisp] draft-ietf-lisp-pubsub-09 Robert Raszuk
- Re: [lisp] draft-ietf-lisp-pubsub-09 mohamed.boucadair
- Re: [lisp] draft-ietf-lisp-pubsub-09 Robert Raszuk
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Alvaro Retana
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Alberto Rodriguez-Natal (natal)
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Luigi Iannone
- Re: [lisp] draft-ietf-lisp-pubsub-09 Dino Farinacci
- Re: [lisp] draft-ietf-lisp-pubsub-09 Dino Farinacci
- Re: [lisp] draft-ietf-lisp-pubsub-09 Dino Farinacci
- Re: [lisp] draft-ietf-lisp-pubsub-09 Dino Farinacci
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Dino Farinacci
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Alvaro Retana
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Dino Farinacci
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Alberto Rodriguez-Natal (natal)
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Dino Farinacci
- Re: [lisp] draft-ietf-lisp-pubsub-09 Alvaro Retana
- Re: [lisp] draft-ietf-lisp-pubsub-09 Alvaro Retana
- Re: [lisp] draft-ietf-lisp-pubsub-09 Dino Farinacci
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Alvaro Retana
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Dino Farinacci
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Alberto Rodriguez-Natal (natal)
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Alberto Rodriguez-Natal (natal)
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Dino Farinacci
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Alberto Rodriguez-Natal (natal)
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Dino Farinacci
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Alberto Rodriguez-Natal (natal)
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Dino Farinacci
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Alvaro Retana
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 mohamed.boucadair
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Alvaro Retana
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Alberto Rodriguez-Natal (natal)
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Luigi Iannone
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Alvaro Retana
- Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09 Alberto Rodriguez-Natal (natal)