[lisp] proposed fix issue #22 - processing of Encapsulated Map Requests
Vince Fuller <vaf@cisco.com> Tue, 22 September 2009 04:33 UTC
Return-Path: <vaf@cisco.com>
X-Original-To: lisp@core3.amsl.com
Delivered-To: lisp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B69E93A68C8 for <lisp@core3.amsl.com>; Mon, 21 Sep 2009 21:33:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.299
X-Spam-Level:
X-Spam-Status: No, score=-6.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_24=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v-5rZjmyDOFa for <lisp@core3.amsl.com>; Mon, 21 Sep 2009 21:33:01 -0700 (PDT)
Received: from sj-iport-3.cisco.com (sj-iport-3.cisco.com [171.71.176.72]) by core3.amsl.com (Postfix) with ESMTP id 80A0D3A682E for <lisp@ietf.org>; Mon, 21 Sep 2009 21:33:01 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApoEAA7xt0qrR7PE/2dsb2JhbAC8WohQAY8pBYQbiwI
X-IronPort-AV: E=Sophos;i="4.44,429,1249257600"; d="scan'208";a="191149544"
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-3.cisco.com with ESMTP; 22 Sep 2009 04:34:04 +0000
Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id n8M4Y4KK024655; Mon, 21 Sep 2009 21:34:04 -0700
Received: from vaf-lnx1.cisco.com (vaf-lnx1.cisco.com [171.71.118.48]) by sj-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id n8M4Y4X9002278; Tue, 22 Sep 2009 04:34:04 GMT
Received: from vaf-lnx1.cisco.com (vaf-lnx1.cisco.com [127.0.0.1]) by vaf-lnx1.cisco.com (8.14.3/8.14.3/Debian-4) with ESMTP id n8M4Qb4f017096; Mon, 21 Sep 2009 21:26:37 -0700
Received: (from vaf@localhost) by vaf-lnx1.cisco.com (8.14.3/8.14.3/Submit) id n8M4QbOd017089; Mon, 21 Sep 2009 21:26:37 -0700
X-Authentication-Warning: vaf-lnx1.cisco.com: vaf set sender to vaf@cisco.com using -f
Date: Mon, 21 Sep 2009 21:26:37 -0700
From: Vince Fuller <vaf@cisco.com>
To: Sam Hartman <hartmans-ietf@mit.edu>
Message-ID: <20090922042637.GA14702@vaf-lnx1>
References: <tsly6odv8nd.fsf@mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <tsly6odv8nd.fsf@mit.edu>
User-Agent: Mutt/1.5.18 (2008-05-17)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=5511; t=1253594044; x=1254458044; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=vaf@cisco.com; z=From:=20Vince=20Fuller=20<vaf@cisco.com> |Subject:=20proposed=20fix=20issue=20#22=20-=20processing=2 0of=20Encapsulated=20Map=20Requests |Sender:=20; bh=3V9pPrMU4eybaaVNuJSMyqIVLKgHJo1VNtcDcqEgJbs=; b=je51ehRWEFJW/RxG9TZ/n1b3D+RIVxcathcgHJOQJyc58o45HxW4Abcd16 8bymQ/10X9AeH+BQuht3BQ8a26I8dPQ837X732YPL7Vl+6b4gA8Nf7i+Acmy 9e8VIkGL1R;
Authentication-Results: sj-dkim-4; header.From=vaf@cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
Cc: lisp@ietf.org
Subject: [lisp] proposed fix issue #22 - processing of Encapsulated Map Requests
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Sep 2009 04:33:02 -0000
Hi Sam- Here's how the LISP co-authors want to resolve the open issue around the origination and processing of Encapsulated Map Requests by ITRs, Map-Resolvers, Map-Servers, and ETRs. During implementation, we actually ran this before it was raised on the mailing list and believe we have a simple but effective way to deal with it. We plan to incorporate new text in new revisions of the affected drafts (draft-ietf-lisp-05, draft-ietf-lisp-ms-03, draft-lisp-multicast-02). Thanks, --Vince (for the LISP-main and LISP-MS co-authors) -------------------- Problem summary: LISP implementors and lisp@ietf.org list members have independently found a design and implementation issue with the origination and processing of Encapsulated Map-Requests. The LISP team proposes changes to both the base LISP specification (currently, draft-ietf-lisp-04.txt) and to LISP-MS (draft-ietf-lisp-ms-02.txt) to address this. Since LISP Multicast (draft-ietf-lisp-multicast-01.txt) also uses problematic encapsulation for certain control traffic, it will also need to be modified. Background: The current LISP-MS document (draft-ietf-lisp-ms-02) states that an ITR sending a Map-Request to a Map-Resolver sets the destination IP address of the message to the EID it is requesting and the destination UDP port number to 4342 (LISP-CONTROL). The ITR then adds an additional IP+LISP header using the Map-Resolver RLOC as the destination IP address and UDP destination port 4341 (LISP-DATA). The message is sent to a configured Map-Resolver which decapsulates the Map-Request and forwards it on to the ALT. If the destination LISP site is using a Map-Server, the Map-Server receives the Map-Request on the ALT then re-encapsulates the message with an IP+LISP header using the RLOC of the ETR registered for that EID as the destination IP address and UDP destination port 4341 (LISP-DATA). Why the extra encpaulsation from ITR to MR and from MS to ETR? When an ITR is using a Map-Resolver, the ITR is not connected to the ALT and therefore has no way to route control messages destined to an EID. For this reason, the ITR uses the RLOC of a configured Map-Resolver as the destination IP address for Map-Requests; an RLOC, by definition, is routable on the non-LISP part of the Internet. To be forwarded on to the ALT, though, the target EID is also needed as a destination IP address. Adding an extra encpasulation header allows two-stage routing to the destination addresses used in those different contexts. Similarly, since an ETR using a Map-Server is not connected to the ALT, traffic between between Map-Server and ETR must use RLOC-based native forwarding. An ETR thus sends its Map-Register messages using its RLOC as the IP source address and the Map-Server RLOC as the IP destination. Likewise, a Map-Server forwards Map-Requests to an ETR using its RLOC as the IP source address and the ETR RLOC as the IP destination; to do this, it must encapsulate the original Map-Request since the original destination IP address is an EID that is only routable on the ALT. Problem details: As described above, an Encapsulated Map Request currently uses destination UDP port 4341 (LISP-DATA). This creates two potential problems: 1) A packet received by an ETR on port UDP 4341 cannot be immediately determined to be control or data. This means that an ETR must perform significant processing on such a packet before determining whether it needs to either take some control action or forward the packet to a destination host. This could make it difficult to implement ETR functionality on a router that uses specialized forwarding hardware. 2) It is currently possible for an encapsulated user UDP datagram received by an ETR with outer header UDP port 4341 to be misinterpreted as an Encapsulated Map Request. This is because an end system application can use UDP port 4342 as a source port for traffic. Return traffic to an such an application would be received by an ETR with outer header destination port 4341 (LISP-DATA) and inner header destination UDP port 4342; this could be consumed by an ETR and not forwarded correctly. The assignment by the IANA of well-known LISP "service" port numbers will prevent this problem in the future but there may be difficulties with early trials and deployment prior to such an assignment. Solution: 1) Modify the base LISP specification (draft-ietf-lisp-05) to define a new LISP control message type called Encapsulated Control Message. 2) Modify the LISP-MS document (draft-ietf-lisp-ms-03) to specify that Encapsulated Map Requests use the new message type and that they are sent to UDP port 4342 (LISP-CONTROL) instead of 4341 (LISP-DATA). 3) Modify the LISP Multicast document (draft-ietf-lisp-multicast-02.txt) to similarly replace all use of UDP port 4341 with port 4342 for encapsulated unicast PIM Join/Prune messages. These changes greatly simplify processing of LISP packets by an ETR: all traffic received on UDP port 4341 is decapsulated and forwarded to an end system while all traffic received on port 4342 is processed by the ETR itself. Furthermore, these changes eliminate any user vs. control message ambiguity for traffic received by an ETR on port 4341.
- [lisp] #22: rough support for fixing MS requires … Sam Hartman
- [lisp] proposed fix issue #22 - processing of Enc… Vince Fuller
- Re: [lisp] proposed fix issue #22 - processing of… Sam Hartman
- Re: [lisp] proposed fix issue #22 - processing of… Sam Hartman
- Re: [lisp] proposed fix issue #22 - processing of… Margaret Wasserman
- Re: [lisp] proposed fix issue #22 - processing of… Dino Farinacci
- Re: [lisp] proposed fix issue #22 - processing of… Dino Farinacci
- Re: [lisp] proposed fix issue #22 - processing of… Sam Hartman
- Re: [lisp] proposed fix issue #22 - processing of… Margaret Wasserman
- Re: [lisp] proposed fix issue #22 - processing of… Dino Farinacci
- Re: [lisp] proposed fix issue #22 - processing of… Dino Farinacci
- Re: [lisp] proposed fix issue #22 - processing of… Joel M. Halpern
- Re: [lisp] proposed fix issue #22 - processing of… Margaret Wasserman
- Re: [lisp] proposed fix issue #22 - processing of… Dino Farinacci
- Re: [lisp] proposed fix issue #22 - processing of… Joel M. Halpern
- Re: [lisp] proposed fix issue #22 - processing of… Dino Farinacci
- Re: [lisp] proposed fix issue #22 - processing of… Dino Farinacci
- Re: [lisp] proposed fix issue #22 - processing of… Margaret Wasserman
- Re: [lisp] proposed fix issue #22 - processing of… Joel M. Halpern
- Re: [lisp] proposed fix issue #22 - processing of… Margaret Wasserman
- Re: [lisp] proposed fix issue #22 - processing of… Dino Farinacci
- Re: [lisp] proposed fix issue #22 - processing of… Dino Farinacci
- Re: [lisp] proposed fix issue #22 - processing of… Dino Farinacci
- Re: [lisp] proposed fix issue #22 - processing of… Margaret Wasserman
- Re: [lisp] proposed fix issue #22 - processing of… Dino Farinacci
- Re: [lisp] proposed fix issue #22 - processing of… Vince Fuller
- Re: [lisp] proposed fix issue #22 - processing of… Sam Hartman
- Re: [lisp] proposed fix issue #22 - processing of… Joel M. Halpern
- Re: [lisp] proposed fix issue #22 - processing of… Sam Hartman
- Re: [lisp] proposed fix issue #22 - processing of… Dino Farinacci
- Re: [lisp] proposed fix issue #22 - processing of… Vince Fuller
- Re: [lisp] proposed fix issue #22 - processing of… Sam Hartman
- Re: [lisp] proposed fix issue #22 - processing of… Margaret Wasserman
- Re: [lisp] proposed fix issue #22 - processing of… Dino Farinacci