IETF Logo Mail Archive

Re: [lisp] Please Review 6830bis and 6833bis

Dino Farinacci <farinacci@gmail.com> Mon, 13 March 2017 01:45 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E92712948B for <lisp@ietfa.amsl.com>; Sun, 12 Mar 2017 18:45:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hpt5fYBx1XTQ for <lisp@ietfa.amsl.com>; Sun, 12 Mar 2017 18:45:47 -0700 (PDT)
Received: from mail-it0-x232.google.com (mail-it0-x232.google.com [IPv6:2607:f8b0:4001:c0b::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A20712944E for <lisp@ietf.org>; Sun, 12 Mar 2017 18:45:47 -0700 (PDT)
Received: by mail-it0-x232.google.com with SMTP id g138so23844414itb.0 for <lisp@ietf.org>; Sun, 12 Mar 2017 18:45:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=mHmlO4MeyWbmk/92TxibLjXCOMeNp4qGNuzN/IpErbk=; b=QQK0L0jjdTyZsEyt6O48dJzpqzX4OXRH/+PmmqQNEiXCcIDNk8bu59tub/xO6hX0wy gQPrRJ8PhM7y8BIVLW2tN7nN4z7TKgT+dS3PJ/exaPIoc3JbufwUm/ny7Of5m7h5A1Qh A3IGhj0y+ZTLmdOQeet7OkAjtqZouZmM9N5m/vHMhQIfHnBcOmdi9+zATLI1KfWOUOnZ RvZo4+FagUZB61LRR0v8+D0dGCemnngH083MDNl4t2Pl1+ZgIVMg9xR2KLwlli/akKi+ zn1MQWgzcwHZ7pUojL/2Fum2NqLiDvYblPUUK/luHOSytQcLGkvCabJbBsP3oWjK9psw T/og==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=mHmlO4MeyWbmk/92TxibLjXCOMeNp4qGNuzN/IpErbk=; b=KEXgNifqPEyMBMK5m6c/so0hahFMShuNoDa3mcMQwzQBtbJdRqCkIeg4HfTN+O3eqC KgFw2hv+nv93fGMJ2D9spYwj9s/DeEnzHurF8Dc6fzwclD95Y/h+5F09J9cmQAW5hFbN Oe3Wa0002weCwR9FWtfnDH9RlAh/bgoEWVmdAdWPNg2CklIieX5sjIs8PyAKW+eAclDq EFdmwSGbaiiyYr7Z+NFxYnTtyvuL/Tr/CA+yKUo2xljaUQv1rtMV7wrDQ+JYbW+AM+UY Ss2ETByJ8jmaPcxi6vPg74Y+bkFNleFTA5FBexCKc1dJFufMsHKhlxl+lFZ2XrmcRCd0 snWg==
X-Gm-Message-State: AFeK/H3aZM1h4AtlgAEMaD55hoYyDjci21V1WTktFUK/vA1VkOls1MPnvo4oxwHhqYo9XQ==
X-Received: by 10.36.9.202 with SMTP id 193mr8595832itm.98.1489369546889; Sun, 12 Mar 2017 18:45:46 -0700 (PDT)
Received: from ?IPv6:2602:306:c41c:86d0:a053:cee1:9795:5dde? ([2602:306:c41c:86d0:a053:cee1:9795:5dde]) by smtp.gmail.com with ESMTPSA id h12sm7669441iod.57.2017.03.12.18.45.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 12 Mar 2017 18:45:46 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <148ccbe9-86c6-6e1c-a1c4-82b339cf2574@joelhalpern.com>
Date: Sun, 12 Mar 2017 18:45:45 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <5B81BE0A-37B7-4A7E-941E-C8353E42EC3D@gmail.com>
References: <993CF58D-1A15-4D9D-B5AA-B281E55985DC@gigix.net> <3BFC5564-5D8A-4023-B228-27CB2658F925@gmail.com> <34c20b11-ffc6-6102-188a-c66393d56840@joelhalpern.com> <F8CBC5DF-E10C-4921-92AF-1CCDCE7F900A@gmail.com> <148ccbe9-86c6-6e1c-a1c4-82b339cf2574@joelhalpern.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/fKSWh_fBaede_dAkFRg9ITrEbmg>
Cc: LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] Please Review 6830bis and 6833bis
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Mar 2017 01:45:49 -0000

> Dino, I am missing something.
> If, as we both seem to be saying, the "policy-denied" response can go with any of the existing actions, how is the receiver to know which is intended by the responder?

I don’t think it does. Let’s look at each existing action:

>   (0) No-Action

This action code comes with a RLOC-set and tells an ITR to encapsulate to RLOCs in the RLOC-set. This is certainly not denying anything.

>   (1) Natively-Forward

This is an action code that tells the ITR that the EID it requested is not in the mapping system and could be a non-EID and the address is routable in the underlay. This is certainly not denying anything.

>   (2) Send-Map-Request

This action code could be returned when overlapping EID-prefixes are registered to the mapping system. This is an instruction from the Map-Replier (either from an ETR or a map-server) that a longest match lookup that matches this entry should invoke a Map-Request.

>   (3) Drop

This action code is telling the ITR to drop packets, but has no specific reason for doing so.

The two new action codes I am proposing (and if others think there could be more, please suggest them):

(4) Policy-Denied

An access-list violation is denied and the requestor must not get the RLOC-set due to the policy configured in the ETR or Map-Server.

(5) Authentication-Failure

Whatever authentication mechanism that is being used, the verifier has decided the Map-Requester cannot get access to the registered database-mapping.

I believe, based on how I describe it above, they are all discrete.

Dino

v2.23.0 | Report a Bug | By Email