IETF Logo Mail Archive

Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09

Dino Farinacci <dino@lispers.net> Wed, 27 April 2022 19:04 UTC

Return-Path: <dino@lispers.net>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 552FAC14F723 for <lisp@ietfa.amsl.com>; Wed, 27 Apr 2022 12:04:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lispers-net.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MrJLcVh8EbCG for <lisp@ietfa.amsl.com>; Wed, 27 Apr 2022 12:04:37 -0700 (PDT)
Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38664C159A39 for <lisp@ietf.org>; Wed, 27 Apr 2022 12:03:37 -0700 (PDT)
Received: by mail-pl1-x634.google.com with SMTP id n18so2386794plg.5 for <lisp@ietf.org>; Wed, 27 Apr 2022 12:03:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lispers-net.20210112.gappssmtp.com; s=20210112; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=D7dMfAnQEhTWwRhBUdtyT2XdSPSNffD9+i5g8DSJp1o=; b=cSsoAQ15FF9nQFchi70xSuipV01/nvR01qmAFGoXWJQHejYcUpfiEGO9CWNchzdvb6 pqVkfW/1bDJPzaDjMq3U3bbdtor64WNiqL5wj2XD7dgYivgmScdOjyfkECUJFVjzlVEB J3WreKxtBV22NIwEf9eQVTSMyoE8/BqfFPhq06KmH3wzcyvtnf4K7s5KxsyohKQCEeLY F5a5d4CC6igSxLftxUE0mnZYDeSmlzrG+XPDeHLRr1UfyrwJ8CyjQsiKbMu+83zC26Dp 1bkFRIn+Jm8ieRvBPxY7y7rbKtv6mY69jbgATrnVRBrooOuEjgAkWVNN+hOKx32B6Mmk B1Rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=D7dMfAnQEhTWwRhBUdtyT2XdSPSNffD9+i5g8DSJp1o=; b=dg6AkVWJ9qLnYNxXUMfjyPFRY5aJbxE0HhGPlVOE+UTNzSQyU7bxBNcm4EGQ05jMRB 6hohnNgk9pkY15O7d4L714Jvj5Lpp+AmYIWTSa4D6bpLKfaNeO3nubvrQJN5IX8xlYdW Fr/1ry8u3HIXfjrcAMcDUtpO0KqLD1bVwSqASNfcrfVVdeJIdpLi4Zc5s1qpBdlOrPCV Ris6zUH+dCTwHHnzENsaXRsY7nONhnwKtmXLx3irAxOYdb9eYSHMHaiGlORgYHa9VhWe h/qp8SMXN1FITi6iWnz4/Z50VOb/qcXkJoC2NFyl0lJnKtwsMSSCMPvEhjSwfyJkwCi+ b1DQ==
X-Gm-Message-State: AOAM531VkvX7vvAbdfPiBUnYzf9gk5lp0HfD3GRdsrzOwgQeWPCyzBKd 0l9IfcaiH+/gOetcHzx6dy3QOg==
X-Google-Smtp-Source: ABdhPJwtm3SgYuG1f7o9hb1M1iWwRVTMHbuHr2Rnu+Ei4zA3Trj5yzTHWZn8n0l7HQWEqkYiKLJj0A==
X-Received: by 2002:a17:90b:4f82:b0:1d1:b8fd:7e36 with SMTP id qe2-20020a17090b4f8200b001d1b8fd7e36mr45467456pjb.194.1651086216058; Wed, 27 Apr 2022 12:03:36 -0700 (PDT)
Received: from smtpclient.apple (c-98-234-33-188.hsd1.ca.comcast.net. [98.234.33.188]) by smtp.gmail.com with ESMTPSA id w14-20020a63c10e000000b003c14af505f8sm41913pgf.16.2022.04.27.12.03.34 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 Apr 2022 12:03:35 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.80.82.1.1\))
From: Dino Farinacci <dino@lispers.net>
In-Reply-To: <CAMMESsxsm=3MR-Rybo8m+LkUJpCnzg74GVHDfEPxLDhgxhvzYg@mail.gmail.com>
Date: Wed, 27 Apr 2022 12:03:33 -0700
Cc: "lisp@ietf.org list" <lisp@ietf.org>, draft-ietf-lisp-pubsub@ietf.org, lisp-chairs@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <FB3CB22F-7DC2-4490-88A0-B0229C7AC647@lispers.net>
References: <CAMMESsyB6WXxZP-CxQ6xzYQ6rRC86TQPT+PDqc3+qvR364qdCw@mail.gmail.com> <C4E45F61-0F74-456F-860D-65500220B53E@lispers.net> <CAMMESsxsm=3MR-Rybo8m+LkUJpCnzg74GVHDfEPxLDhgxhvzYg@mail.gmail.com>
To: Alvaro Retana <aretana.ietf@gmail.com>
X-Mailer: Apple Mail (2.3696.80.82.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/hN4tpuZl2nm86UVTqqmH24q0Tx8>
Subject: Re: [lisp] AD Review of draft-ietf-lisp-pubsub-09
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Apr 2022 19:04:40 -0000

I agree with all your suggestions and hope Alberto will use as input to the changes he makes for the next rev.

>> [major] This is the only place, including rfc6830bis/rfc6833bis, where
>>> "proxy-reply mode" is used. Is this operation specified anywhere,
>>> maybe using a different name? This seems to be related to the
>>> Map-Server being able to offer non-authoritative Map-Replies -- please
>>> be specific.
>> 
>> In 6833bis, we refer to the P-bit in the Map-Register as "proxy Map-Reply
>> bit". And occurs 11 times in 6833bis.
> 
> Ah, ok.  Please just be consistent with the terminology.  Not everyone
> is as familiar with lisp -- including me, of course! :-)

We will make the pubsub be consistent with the text from 6833bis.

>> [major] What happens if one of these assumptions is not met? If the
>>> rest of the specification is followed (setting the I and N bits, etc.)
>>> what are the "failure scenarios" if the conditions are not met?
>> 
>> When the N bit is not set, the message is processed like a regular
>> Map-Request (and state is not put in the subscription cache on the map-
>> server). That wasn't clear? Alberto?
> 
> The assumptions I was referring to are these:
> 
> 129	3.  Deployment Assumptions
> 
> 131	   The specification described in this document makes the following
> 132	   deployment assumptions:
> 
> 134	   (1)  A unique 128-bit xTR-ID (plus a 64-bit Site-ID) identifier is
> 135	        assigned to each xTR.
> 
> 137	   (2)  Map-Servers are configured in proxy-reply mode, i.e., they are
> 138	        solicited to generate and send Map-Reply messages for the
> 139	        mappings they are serving.
> 
> I think all I'm looking for is a short explanation that the pubsub
> will not work.  Maybe something like this:
> 
>    If either assumption is not met, a subscription cannot be
>    established and the network will continue operating without
>    this enhancement.

Agree.

>> 144 4. Map-Request PubSub Additions
>>> ...
>>> 190 xTR-ID bit (I-bit): This bit is set to 1 to indicate that a 128
>>> 191 bit xTR-ID and a 64 bit Site-ID fields are present at the end of
>>> 192 the Map-Request message. For PubSub operation, an xTR MUST be
>>> 193 configured with an xTR-ID and Site-ID, and it MUST set the I bit
>>> 194 to 1 and include its xTR-ID and Site-ID in the Map-Request
>>> 195 messages it generates.
> ...
>>> [major] "MUST set the I bit to 1 and include its xTR-ID and Site-ID"
>>> 
>>> What should the receiver do if the I bit is set but the ID fields are
>>> not included?
> ...
>> 
>> We will fix this. If the I bit not set, the Map-Request is not processed as a
>> subscribe-request.
> 
> The question was the other way around: what if the I-bit is set but
> the IDs are not included?   The lengths are handled by the IP/UDP

Then there will be a parsing error and the last 128-bits/64-bits of the packet will be mistakenly processed as an xTR-ID/Site-ID. It means the sender did not conform to the spec. It is an implementation bug.

> header lengths, so the Map-Request (and the rest of the packet) may
> have the correct length while still having the I-bit set.
> 
> I assume the answer is that the subscription cannot be processed and
> "normal" processing is done...but it should be stated in the document.

No, that is not what happens. And I believe we DON'T need to change 6833bis for this. Or the pubsub draft. If the sender sets the I-bit, it is saying the the xTR-ID/Site-ID are at the end of the message. A receiver can detect the error because after processing that last EID-record, if there are no bytes left from processing the message, it can conclude that the I-bit was set errorneously.

> 
>>> 253 (3) The Map-Server MUST send the Map-Notify to one of the ITR-RLOCs
>>> 254 received in the Map-Request (which one is implementation
>>> 255 specific).
>>> 
>>> [major] Does this need to be specified here? Where are Map-Notify
>>> messages sent to? I couldn't find a specific answer, but it seems to
>>> me that choosing a destination address should be pretty "basic"; i.e.
>>> something that should have been specified in the base spec.
>> 
>> It is basic but there are many choices, *especially* in the presents of NATs.
>> You can send to one of the "Local" RLOCs or to the source IP address of the
>> Map-Request. If you want to get the message back to the xTR you need to use
>> the source IP address.
> 
> Yes.  The point was that choosing an address is not an issue that
> comes up only when sending Map-Notify messages when using pubsub -- it
> is a general issue.  Any considerations should be mentioned in the
> "general" document (rfc6833bis) so that all extensions can benefit and
> don't have to include additional text about it.

Well not totally true. It is only used because an ITR-RLOC is included in a Map-Request, so a responding Map-Reply message should use it. Since a Map-Notify is a Map-Request ack for a subscribption requesst, its only these two types of messages that have this issue. All other "replies" to "query type messages" uses the source IP address from the query.

> 
> 
>>> 331 When the xTR receives a Map-Notify with an EID not local to the xTR,
>>> 332 the xTR knows that the Map-Notify has been received to update an
>>> 333 entry on its map-cache. Processing of unsolicited Map-Notify
>>> 334 messages MUST be explicitly enabled via configuration at the xTR.
>>> 335 The xTR MUST keep track of the last nonce seen in a Map-Notify
>>> 336 received as a publication from the Map-Server for the EID-Record. If
>>> 337 a Map-Notify received as a publication has a nonce value that is not
>>> 338 greater than the saved nonce, the xTR drops the Map-Notify message
>>> 339 and logs the fact a replay attack could have occurred. To compare
>>> 340 two nonces, the xTR uses the serial number arithmetic defined in
>>> 341 [RFC1982] with SERIAL_BITS = 64. The nonce field space (64 bits) is
>>> 342 considered large enough to not be depleted during normal operation of
>>> 343 the protocol (e.g., assuming a fast publication rate of one Map-
>>> 344 Notify per EID-Record per Map-Server per second, the nonce field
>>> 345 space will not be depleted in 0.5 trillion years). The same
>>> 346 considerations discussed in Section 5.6 of [I-D.ietf-lisp-rfc6833bis]
>>> 347 regarding storing Map-Register nonces apply here for Map-Notify
>>> 348 nonces.
>>> 
>>> [major] "Processing of unsolicited Map-Notify messages MUST be
>>> explicitly enabled via configuration at the xTR."
>>> 
>>> rfc6833bis added the Map-Notify-Ack, but it doesn't require
>>> configuration anywhere to process unsolicited Map-Notify messages.
>>> IOW, this requirement is not in line with rfc6833bis.
>> 
>> Its because in 6833bis all Map-Notify messages are always solicited.
> 
> Yes, I missed that.
> 
> Can it be assumed that if the xTR sends a "subscription request" it
> will accept unsolicited Map-Notify messages?  This may be an

Yes, but I'd argue about terminology. The Map-Notify is solicited because of the subscripton request. But the actual message is soliciting an acknowedge Map-Notify message.

We call it unsolicited, because some time later, if there is an RLOC-change to an EID subscribed, the message will come without any message requesting it (i.e. it is event triggered).

> implementation detail, but it seems to me that adding the extra
> configuration step is unnecessary if the xTR is requesting the
> information.

Right.

Dino

> 
> 
> Alvaro.
> 
> _______________________________________________
> lisp mailing list
> lisp@ietf.org
> https://www.ietf.org/mailman/listinfo/lisp

v2.23.0 | Report a Bug | By Email