RE: [magma] MLDv2: editorial comments and questions
"Rolland Vida" <Rolland.Vida@ttt.bme.hu> Wed, 19 February 2003 13:18 UTC
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA24182; Wed, 19 Feb 2003 08:18:19 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h1JDOjp08748; Wed, 19 Feb 2003 08:24:45 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h1JDLXp08634 for <magma@optimus.ietf.org>; Wed, 19 Feb 2003 08:21:33 -0500
Received: from david.ttt.bme.hu (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA24136 for <magma@ietf.org>; Wed, 19 Feb 2003 08:14:55 -0500 (EST)
Received: from ttt-atm.ttt.bme.hu (ttt-atm.ttt.bme.hu [152.66.246.81]) by david.ttt.bme.hu (8.9.3/8.9.3) with ESMTP id OAA26468; Wed, 19 Feb 2003 14:18:41 +0100 (MET)
Received: from TTT-ATM/SpoolDir by ttt-atm.ttt.bme.hu (Mercury 1.48); 19 Feb 03 14:35:12 +0100
Received: from SpoolDir by TTT-ATM (Mercury 1.48); 19 Feb 03 14:35:11 +0100
Received: from roli (152.66.244.110) by ttt-atm.ttt.bme.hu (Mercury 1.48); 19 Feb 03 14:35:04 +0100
From: Rolland Vida <Rolland.Vida@ttt.bme.hu>
To: Erik Nordmark <Erik.Nordmark@sun.com>, magma@ietf.org
Subject: RE: [magma] MLDv2: editorial comments and questions
Date: Wed, 19 Feb 2003 14:19:46 +0100
Message-ID: <NGBBIAEIEMFIEOBPNOBJAEPACGAA.Rolland.Vida@ttt.bme.hu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <Roam.SIMC.2.0.6.1045573326.32163.nordmark@bebop.france>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
Content-Transfer-Encoding: 7bit
Sender: magma-admin@ietf.org
Errors-To: magma-admin@ietf.org
X-BeenThere: magma@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/magma>, <mailto:magma-request@ietf.org?subject=unsubscribe>
List-Id: Multicast and Anycast Group Membership <magma.ietf.org>
List-Post: <mailto:magma@ietf.org>
List-Help: <mailto:magma-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/magma>, <mailto:magma-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Erik, Here is the follow-up with my comments on the rest of the issues... > Section 6.6.1 and elsewhere talks about "Supress router-side > processing flag". > The only motivation and high-level explanation of this flag is > in appendix B: > o The S flag (Suppress Router-Side Processing) is included in queries > in order to fix robustness issues. > It would be useful for understanding if the issue and solution was > explained in more detail at the higher level. I feel like I'm reading > uncommented assembly code trying to deduct the programmers intent here! Sections 4.1.7 and 6.6.1 explain how to handle a query, depending on whether the S flag is set or not. Then, sections 6.6.3.1 and 6.6.3.2 show how to set the flag while building a query. As stated in appendix B, the S flag is necessary "to fix robustness issues". When a multicast address specific or a multicast address and source specific query is sent, several retransmissions of the query are scheduled (to assure robustness). At the first transmission, the flag is clear, and timers are lowered to LLQT. However, while waiting for the next scheduled queries to be sent, the router might receive a report that updates the timers (setting the multicast address timer or the source timers to MALI). The scheduled queries still have to be sent, in order to assure for example that a non-querier router keeps its state up to date with the current querier (it might not receive the first query). Nevertheless, the timers should not be lowered again to LLQT. Thus, in subsequent queries the S flag is set. If you think it necessary, we could add such an explanation to the text. > Section 6.6.2 talks of a "lower IPv6 address". I suspect some more > detail would be useful - even for a 32 bit quantity we have byte-order > issues thus how to compare a 128 bit quantity as an integer might > be subject to different interpretations. Ok, we could add a phrase. > Section 6.6.2 reads as the elected querier sends general queries but other > routers might send other queries. I assume that the elected querier is the > only node sending queries. Is this correct? Yes. The text says: MLDv2 elects a SINGLE router to be in Querier state per subnet [...] When a router receives a query with a lower IPv6 address, it sets the Other Querier Present timer to Other Querier Present Timeout and CEASES TO SEND QUERIES on the link if it was the previously elected querier. We believed that by saying "ceases to send queries" it would be obvious that we refer to all kind of queries. > If so it makes sense to append "as well as other queries." to the last > sentence in the first paragraph. The last sentence you refer to is: After its Other Querier Present timer expires, it should begin sending General Queries. This is correct, as when the timer expires, the new querier really starts to send ONLY Geeneral Queries. These are the only queries sent periodically. All the other queries are sent only in specific cases, as a reponse to received reports. Thus, when the querier change occurs, only general queries will be sent. However, we could append your proposal, if this makes the text clearer. > The second paragraph in 6.6.2 looks inconsistent with section 7.3.1. > The former says that the router should automatically switch to > MLDv1 queries if it hears a v1 query, but the latter talks about > this being adminstratively assurred. At a minimum this is rather > confusing. > What should an implementation do? 6.6.2 says: If a router receives an older version query, it MUST use the older version of MLD on the link. This does not say how the transition is done, whether it is automatical, or administratively assured. On the other hand, it is said that details are described in chapter 7. Now section 7.3.1 says: If an older version of MLD is present on routers, the querier MUST use the lowest version of MLD present on the network. This must be administratively assured; routers that desire to be compatible with MLDv1 MUST have a configuration option to act in MLDv1 mode. Thus, here we state that the transition should be administratively assured, as we did not succeed to come up with a consistent and correct mechanism to do it automatically. After discussing the issue on the mailing list, it was agreed that there's no reasonable scenario in which routers would periodically pop up and dissappear on a specific link, as it might be the case for the receivers. Thus, assuring the transition to be done by the administrator is acceptable. In addition, this would filter out possible attacks of malicious nodes sending out MLDv1 queries, and trying to switch the link into MLDv1 mode. Further down in section 7.3.1 it is stated: If a router is not explicitly configured to use MLDv1 and hears an MLDv1 General Query, it SHOULD log a warning. This warning would alert the administrator, who could decide to configure the MLDv1 mode or not. However, you might be right saying that the sentence from 6.6.2 might be confusing. We will try to rephrase it. > The description of detecting an old router in 7.2.1 seems rather complex > and hard to read. I understand from section 8 that this is just > a case of > when an old query is received switch to old mode and (re)start > a timer. > if the timer fires switch to new mode > but I can't parse that from the text in 7.2.1. > (I suspect the complexity is a carry over from IGMPv3 which deals with > 3 versions.) Saying "older" isn't needed - "v1" is more specific in > the case of MLDv2. > Same for section 7.3.2. Ok, we can change "older" by v1. We just wanted to keep the same terminology for timers as in IGMP, in order to ease a programmer's or a reader's life, who is already familiar with IGMP. That's why we kept terms like "Older Version Querier Present Timer" or "Older Version Host Present Timer" instead of saying "v1 querier present" or "v1 host present" > Section 9 says that the use of the unspecified source > address protects against off-link packets. This is taken out of its context. The entire prase is: The requirement that nodes verify that the IPv6 Source Address of all received MLD messages is a link-local address (or the unspecified address) defends them from acting on forged MLD messages originated off-link. Thus, the necessity to have a link-local address is the thing that protects against off-link packtes. I agree however, that we should probably treat the case of the unspecified address in a separate phrase. > This isn't true since > there is nothing in any IPv6 specification that says that routers > MUST NOT forward packets with an unspecified source address. It is this specific MLDv2 draft that says that. As I said, I agree that stating this in a separate phrase would probably make things clearer. > MLD snooping switches might have a > security issue with off-link unspecified source reports though!) As far as I see, snooping switches always stand behind an MLDv2 router. If that router drops off-link unspecified source reports, I do not see how the snooping switch could receive them. > Section 1 says: > This document specifies Version 2 of MLD. The previous version of > MLD became an Internet Standard and is specified in [RFC 2710]. In > MLDv1 is a proposed standard and the above can be read as it being > a standard. How about dropping "became and Internet Standard and"? Ok. > Section 3.1: > o If the requested filter mode is INCLUDE *and* the requested source > list is empty, then the entry corresponding to the requested > interface and multicast address is deleted if present. If no > such entry is present, the request is ignored. > I think "has no effect" is more accurate than "is ignored". > For instance, some particular API might chose to return an error > in such a case which doesn't sound like the request would be ignored. > I don't think this specification should preclude there from being such > an API. Ok. > Section 3.2 mostly talks about the interface state but it also > has this important note: > but not on socket s2. Note that MLDv2 messages are not subject to > source filtering and must always be processed by hosts and routers. > Shouldn't this be specified more visibly somewhere else? Section 3.2 talks also about source filtering, based on the interface state. Thus, I think that the phrase you refer to is included in the right place. However, we could repeat it somewhere else in the text, maybe in the enlarged introduction that you asked for, if this would make the text more readable. We just have to be sure not to have an enlarged introduction of tens of pages :-) > Section 3.2 continues with > Filtering of packets based upon a socket's multicast reception state > is a new feature of this service interface. The previous service > interface described no filtering based upon multicast listening > state; rather, a Start Listening operation on a socket simply caused > the node to start to listen to a multicast address on the given > interface, and packets sent to that multicast address could be > delivered to all sockets whether they had started to listen or not. > The above doesn't match reality. > While filtering based on the socket isn't required by any IETF standard > (and I think requring it is the new thing) many implementations have > some form of filtering. In some cases it is simple as in unless > the socket has issued at least one add_membership type operation > it will not receive any multicast packets (even if other sockets > have joined the group). In other cases it might be full-fledged > filtering of groups per socket. > A possible fix is to just add "Requiring " before "Filtering of > packets ...". I'm OK with that. But you should agree that we could not ask the reader to be aware of what kind of undocumented tricks different implementors use in their products. This is the first spec where this filtering is specified. That was what motivated our formulation. > Section 4: > link-local IPv6 Source Address (or the unspecified address, if the > node has not yet acquired such an address), an IPv6 Hop Limit of 1, > It is the *interface* and not the *node* that needs to > have a link-local address assigned. > s/node/sending interface/ > Same issue in section 4.2.13. Ok. > The document seems inconsistent on whether the unspecified address > can be used for v2 queries, but I think the intent is that > they only be allowed on v2 reports. Right. > If so it makes sense to > clarify the above sentence and also search for "unspecified" > and make the other text consistent. As I already stated in a previous e-mail, we could add a "source address for queries" section in 4.1. This would clarify the issue. > Section 4.2.12 says: > 1 MODE_IS_INCLUDE - indicates that the interface has a filter > mode of INCLUDE for the specified multicast address. The > Source Address [i] fields in this Multicast Address Record > contain the interface's source list for the specified > multicast address, if it is non-empty. > This reads as if MODE_IS_INCLUDE reports are sent even if the > source address list is empty, but that is not the case AFAICT. > Thus it makes sense to clarify this to say that MODE_IS_INCLUDE > is never sent with an empty list. Ok. > Section 4.2.12 says: > o A "Filter Mode Change Record" is sent by a node whenever a local > invocation of IPv6MulticastListen causes a change of the filter > mode (i.e., a change from INCLUDE to EXCLUDE, or from EXCLUDE to > INCLUDE) of the interface-level state entry for a particular > multicast address. The Record is included in a Report sent from the > interface on which the change occurred. The Record Type of a > Filter Mode Change Record may be one of the following two values: > I makes it clear later, but it would be good to add > "whether or not the source list changes at the same time" > to the above. Ok. > Section 4.2.12 says: > Unrecognized Record Type values MUST be silently ignored. > > I assume this means more than just ignoring the type field when it > isn't recognized. The question is whether it means that the > whole report be ignored, or just the multicast address record > with the unrecognized type. Which one is it? Just the specific record should be ignored. We should probably rephrase as follows: "Multicast Address Records with an unecognized Record Type value MUST be silently ignored." > Section 5 says > There are two types of events that trigger MLDv2 protocol actions on > an interface: > Presumably there is a set of timers that, when firing, trigger > MLD protocol actions as well. > It would make sense to list those timers here. All the timers that might fire on an MLDv2 host are set in the first place when a query is received. Thus, it is the reception of the query that triggers the protocol action, and not the firing of the timer. The corresponding protocol action is then described in detail. It includes setting the timer, and executing a specific operation when the timer fires. > Changing this means it makes sense to add a section 5.3 about > interface timer firing and 5.4 about multicast address timer firing. As I said, all these timers firing are just a part of the processing triggered by the query reception. And all the corresponding actions are already described in sections 5.1 and 5.2. > Section 5: > (Received MLD messages of types other than Query are silently > ignored, except as required for interoperation with the earlier > version of MLD.) > Replace "earlier version of MLD" with MLDv1 and look > for other occurances of "version" where the same thing applies. > (I understand that this type of language makes sense for IGMP > since there are two earlier versions.) Ok. > Section 5.2: > When a new Query with the Router Alert option arrives on an > The "router alert" is checked above. > Using the expression "valid query" throughout the section captures > the validity checks at the beginning of the section. Ok. > Section 6.2.2 says in the first paragraph > kept per multicast address per attached link. > but the "per attached link" doesn't appear in section 6.2.3 for the > source timer which looks confusing. > It would be better to say > kept per multicast address record. Ok. > Section 9.1: > Change "MLDv2 receivers" to "MLDv2 listeners". Ok. > Section 10. > It would make sense to ask the IANA to assign a *link local > scope* multicast > address. > It would make sense to say ICMPv6 instead of ICMP in this section > as well. Ok. > The specification potentially introduces new name spaces. > At least the multicast address record type is such a name space. > It would make sense to state this in the IANA considerations section. > (I'm Assuming that the assignment of new types be restricted to standards > action.) Ok. > Section A.2 #1 made me believe that routers in this protocol > would track membership per host which it clearly doesn't do. it does not say that. It only says, that with MLDv1 it was not possible, because of host suppression. In MLDv2, it becomes possible. > And doing it per host doesn't seem to be an improvement. We did not say that it must be done, but that it can be done. As far as I know, several router vendors, e.g., Cisco, do implement explicit host tracking. > For instance, asking a host whether it wants group X would > still require a timeout since the listener does not respond to queries > for groups in which it is not interested. This spec does not specify explicit host tracking. Nevertheless, if you want to do that, you can do it without modifying the protocol behavior. All the reports and the queries are the same. Only that the routers, upon receiving a report, memorize additional information too (e.g., host address). > What could be done without host supression is for the router to > count the number of hosts interested in a particular group > (at least for include mode - haven't thought about exclude mode) > which makes it easier for the router to detect when it is likely > that the last listener has unsubscribed without having to query for > every leave. You cannot do that. You cannot count the number of hosts, if you do not memorize their identity (address), as you cannot make the difference between a retrannsmitted report (because of robustness) of an already known host, and the first report of a new host. But I underline once again that this document does not specify explicit host tracking. We only said that with MLDv2 it becomes possible, if someone wants to do it. > Appendix A.2 #2 seems to have an odd conclusion as the last sentence. > Since MLDv2 mandates compatibility with MLDv1 and MLDv1 has host > supression > Thus I don't see how the snooping switches can be made simpler by removing > anything at this point in time. In some future date when the v1 > compatibility > is removed that might be the case. The fact that we assure the compatibility with MLDv1 does not mean that we will have MLDv1 hosts or routers in each and every part of the network. If it would be the case, we would be always in MLDv1 compatibility mode, and the MLDv2 protocol would never be used at its best. Therefore, a scenario in which an MLDv2 snooping switch receives indeed an MLDv2 report does not seem ackward to me. If the processing of this v2 packet is made simpler for the switch, then I think that this is a good thing. > A point that is missing is that in the precense of MLD snooping switches > the utility of host supression is zero. Ok, we could add a specific phrase saying that. > That coupled with #3 and #4 > seems to make a strong case for removing host supression. > But #1 and the current #2 seems weak arguments at best. As I said, router vendors do implement explicit host tracking, at least in IPv4. If they do it, I imagine that they have their reasons (fast leave, security, accounting, whatever...). If this mechanism was made possible by removing the host suppression, then I think that #1 is quite a strong argument. > Appendix B > Change "65,535 seconds" to either "65,535 milliseconds" or "65 seconds". Ok. Thanks, Rolland _______________________________________________ magma mailing list magma@ietf.org https://www1.ietf.org/mailman/listinfo/magma
- [magma] MLDv2: editorial comments and questions Erik Nordmark
- RE: [magma] MLDv2: editorial comments and questio… Rolland Vida
- RE: [magma] MLDv2: editorial comments and questio… Rolland Vida
- RE: [magma] MLDv2: editorial comments and questio… Rolland Vida
- RE: [magma] MLDv2: editorial comments and questio… Erik Nordmark
- RE: [magma] MLDv2: editorial comments and questio… Erik Nordmark
- RE: [magma] MLDv2: introduction Erik Nordmark
- RE: [magma] MLDv2: editorial comments and questio… Erik Nordmark
- RE: [magma] MLDv2: editorial comments and questio… Rolland Vida