IETF Logo Mail Archive

Re: [pim] [MBONED] IGMPv3 backward compatibility issue killing SSM

Hitoshi Asaeda <asaeda@ieee.org> Tue, 02 January 2024 16:28 UTC

Return-Path: <asaeda@ieee.org>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F282C14F709 for <pim@ietfa.amsl.com>; Tue, 2 Jan 2024 08:28:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ieee.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23w3IsWhxjXS for <pim@ietfa.amsl.com>; Tue, 2 Jan 2024 08:28:35 -0800 (PST)
Received: from mail-pl1-x62f.google.com (mail-pl1-x62f.google.com [IPv6:2607:f8b0:4864:20::62f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F78FC14F706 for <pim@ietf.org>; Tue, 2 Jan 2024 08:28:35 -0800 (PST)
Received: by mail-pl1-x62f.google.com with SMTP id d9443c01a7336-1d3f8af8297so33209495ad.2 for <pim@ietf.org>; Tue, 02 Jan 2024 08:28:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; t=1704212914; x=1704817714; darn=ietf.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Ysvm3iqc0QVSxsog5bsNhT2xn+UNbni7e+ixNfymqQ0=; b=KCZ6MLSd60SlWnizsumbAP00oGr5TbK6bWMD1/VBrZnQgQXtm8EmzfEZdqScVYsa3z 1vYy4IJlMunxNdVW19biAiFFrGPRkD5SZJomVwBL39FFa7Ngls78wHWheOFRa7Hgx59Z GPfpoenSVstKCsmgh0GMxI8YX07VzeItBhGSE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704212914; x=1704817714; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ysvm3iqc0QVSxsog5bsNhT2xn+UNbni7e+ixNfymqQ0=; b=K9L0dKPW7JcjJCtrIT4lu8438wYCVru4Qnb3xrq3zignzPzaih54QdJ0Gdzb8jiTR6 0sg4HRE9tsw/b1LHGQozHKq3Il43VRauAoFMyag4t950rmi9IWEUlnEIdRY+7w/8UyM8 oxxxe9Yn36065LQnFNYYu0F32KwcSuP7hX4wRl4hTNjrZwaCfhGLitF8gLhdkyTefPPR UQr7aLGPKhGnfINzSiHFiaHthEZ+gt22G9mZ7qXeEapAZ8FNoXvZIfKV3MyDn2pIZZx2 dUlPDNkp4VVMXfBK3sxgOtle2sHtbChSGV6mp8AEl/iwoLUiP/fogUrmGYzUP+VT+yhA tsPQ==
X-Gm-Message-State: AOJu0YxO9dk4n0Wef6o0d5JmlK0nCOfx+FdQrfjLQX1beTJaiQWFbHJz 7KrHFocLHwXurYLMOtMw3vk2TDibzmMr
X-Google-Smtp-Source: AGHT+IE3Q4+c/glEy5wKIg1oo6t0ljTkLTWOum+mRJL2Y8ZwX+Ev7NkB+GXmc7Q3URWKlAJQi1d4Ig==
X-Received: by 2002:a17:902:d545:b0:1d4:a81b:9cc with SMTP id z5-20020a170902d54500b001d4a81b09ccmr2374098plf.90.1704212914389; Tue, 02 Jan 2024 08:28:34 -0800 (PST)
Received: from smtpclient.apple (zz20164245726F66C1A1.userreverse.dion.ne.jp. [111.102.193.161]) by smtp.gmail.com with ESMTPSA id e12-20020a170902784c00b001d1d27259cesm22782451pln.180.2024.01.02.08.28.32 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Jan 2024 08:28:34 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.4\))
From: Hitoshi Asaeda <asaeda@ieee.org>
In-Reply-To: <e9ed1779-4f43-4f71-b8c3-d813bcea81d1@innovationslab.net>
Date: Wed, 03 Jan 2024 01:28:30 +0900
Cc: Leonard Giuliano <lenny@juniper.net>, "Holland, Jake" <jholland=40akamai.com@dmarc.ietf.org>, Toerless Eckert <tte@cs.fau.de>, Dave Katz <dkatz@juniper.net>, "mboned@ietf.org" <mboned@ietf.org>, "fenner@fenron.com" <fenner@fenron.com>, "pim@ietf.org" <pim@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <532D7FE8-B721-4CF8-A54D-CF139BD8128B@ieee.org>
References: <CAHANBtKf03ukXH4sgwN0WVdkaVXnbRYdAGBDmQK56YXrS-z6yA@mail.gmail.com> <CAHANBtKdfS0cPceqv8_R+ToeGOBdUksH7gArKqegqSt_Q0Sf0Q@mail.gmail.com> <ZXtzwBljE45Og27f@faui48e.informatik.uni-erlangen.de> <EDE809A0-E672-4A3B-9F46-E08ECD3D4C23@akamai.com> <edc9d539-4b6c-f238-54c6-210c152e2065@juniper.net> <e9ed1779-4f43-4f71-b8c3-d813bcea81d1@innovationslab.net>
To: Brian Haberman <brian@innovationslab.net>
X-Mailer: Apple Mail (2.3696.120.41.1.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/pim/TaEIsmWfOLeswzCZhme2HPSNtd4>
Subject: Re: [pim] [MBONED] IGMPv3 backward compatibility issue killing SSM
X-BeenThere: pim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Protocol Independent Multicast <pim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pim>, <mailto:pim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim/>
List-Post: <mailto:pim@ietf.org>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pim>, <mailto:pim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jan 2024 16:28:39 -0000

Hi Brian and folks,

I have a different opinion about Lenny's comment.

Dependency or relation between protocol designs and operational issues (or policies) should be always minimized.
Protocol behavior should not be solidly relies on the address range.

IP multicast has a long history for allocating (or chopping) its address ranges. We had adopted complicated "address scopes" such as administrative/site-local/organization-local scope... How we can interact with SSM range and them?
I've just remembered GLOP. How SSM and GLOP can be interacted with?
One may deduce, no need to interact with them, use SSM range.
Then what address ranges are obsolete today? What range should be used now? Is its decision persistent?
Such a dirty hack or patch work is not sustainable for designing protocols.

What I'm saying here may be a bit too conceptual. So, please ignore the points if people agree to relying on the SSM range. However, even so, I guess the following point must be taken into account.
Section 2 in RFC4604 says;
   A host or router may be configured to apply SSM semantics to
   addresses other than those in the IANA-allocated range.  The GMP
   module on a host or router SHOULD have a configuration option to set
   the SSM address range(s).  If this configuration option exists, it
   MUST default to the IANA-allocated SSM range.  The mechanism for
   setting this configuration option MUST at least allow for manual
   configuration.  Protocol mechanisms to set this option may be defined
   in the future.
I think this paragraph implies that applications that want to invoke SSM services can use any multicast address range. 
If RFC4604 should be the normative reference, RFC4604 itself must be also revised.

Regards,

Hitoshi


> On Jan 2, 2024, at 22:39, Brian Haberman <brian@innovationslab.net> wrote:
> 
> Lenny's assessment is correct from my perspective. Section 7.3.2 specifies that IGMP version compatibility is kept on a per-group basis. This should preclude compliant routers from disabling SSM service in the SSM address range.
> 
> Section 7.3.1 discusses the compatibility mode configuration option for IGMPv3 routers, but there is not a recommended default setting for that option.
> 
> Are there aspects of RFC 4604 that people think need to be updated?
> 
> Regards,
> Brian
> 
> On 12/19/23 4:09 PM, Leonard Giuliano wrote:
>> As I understand, RFC4604 explicitly prevents SSM service from being killed
>> by the presence of an IGMPv1/2 host (assuming the router is SSM aware,
>> which in 2023 is a fairly valid assumption).  That is bc the router should
>> ignore any v1/v2 reports in the ssm range (232/8).  And as I understand,
>> RFC3376 Sect 7.3.2 provides backwards compatibility for v1/2 hosts, but
>> only on a *per-group* basis- not for the whole LAN.
>> Combining the two, SSM service is protected in SSM range (232/8).  In
>> non-SSM range, due to backward compat, you could lose SSM behavior- but
>> since you are in non-SSM range, all bets were off in the first place.
>> So unless I'm missing something, I don't see see the risk of SSM being
>> killed by v3 backwards compatibility.  Adding DKatz, who know this stuff
>> way better than me in case I misinterpreted any of these specs.
>> -Lenny
>> On Mon, 18 Dec 2023, Holland, Jake wrote:
>> |
>> | On 12/14/23, 1:29 PM, "pim on behalf of Toerless Eckert" <pim-bounces@ietf.org <mailto:pim-bounces@ietf.org> on behalf of tte@cs.fau.de <mailto:tte@cs.fau.de>> wrote:
>> | > The elephant IMHO is that rfc3376bis is so far not including changes to IGMPv3 behaviors
>> | > about backeward compatibility with v1/v2 routers on the LAN, and exactly this behavior is
>> | > killing SSM in deployment because any such router when it becomes querier will kill SSM
>> | > ... because hosts will revert to v1/v2 and not report their SSM (S,G) memberships.
>> |
>> | +1, this is a serious problem.  The current default behavior bakes a DOS for SSM into the
>> | protocol.
>> |
>> | > If there are routers that have config options to disable this backward compatibility with
>> | > older routers, i would love to learn about it.
>> |
>> | When using linux routing there is `sysctl net.ipv4.force_igmp_version=3`, but it says because
>> | of the difference in the security considerations between MLD and IGMP it doesn't actually
>> | ignore v1 and v2 even when it's set:
>> | https://urldefense.com/v3/__https://sysctl-explorer.net/net/ipv4/force_igmp_version/__;!!NEt6yMaO-gk!BhrKkLRDUzon0XP8RebeJvai8X02-AU2RBEGA0iJrQsgSIeCPBd4KVVIUoc5jD59w8aYpNbAYiTFWo_sN87x_ZENUoioNQ$
>> |
>> | (MLD permits an "ignore v1 completely" setting, but says it should only be used when
>> | source filtering is critical:
>> | https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/rfc3810*section-10.2__;Iw!!NEt6yMaO-gk!BhrKkLRDUzon0XP8RebeJvai8X02-AU2RBEGA0iJrQsgSIeCPBd4KVVIUoc5jD59w8aYpNbAYiTFWo_sN87x_ZEHCk8UTw$  )
>> |
>> | > - Replace with something like:
>> | >
>> | > This revision of IGMPv3 version 3 removes automatic fallback to IGMP version 2 and version 1
>> | > routers on the same network as specified in [RFC3376]. Instead,
>> | > such older version router behavior MUST be explicitly configured.
>> |
>> | While I agree that to the greatest extent we can induce, IGMPv3 queriers from now
>> | on should maintain the capability to propagate SSM and accept IGMPv3 membership
>> | reports under all circumstances (even when there is an IGMPv1 or v2 receiver on the
>> | LAN), I'm not sure it makes sense to ship text that makes all the currently deployed
>> | routers retroactively non-compliant with a MUST in the new IGMPv3.
>> |
>> | But I'd support adding a section that describes the problem and provides a well-
>> | justified and strong recommendation that the default behavior be changed from
>> | what's in RFC 3376 and that a config option be provided to ignore IGMPv1 and v2
>> | packets, like with MLD.
>> |
>> | It might be worth saying something like now that we have RFC 8815 and in light of
>> | the experimental status of RFC 3618 (MSDP) and its deployment BCP in 4611, source
>> | filtering should always be considered critical for clients that support it?  (Not sure that's
>> | necessary, just a brainstorming idea to point to some of the docs that cover new
>> | operational experience since 3376...)
>> |
>> | > IGMPv3 routers MUST have a configuration option, disabled by default, to operate
>> | > as an IGMPv2 router. When enabled, all procedures of [RFC2236] apply. Configuring this
>> | > option is necessary in the presence of non-IGMPv3 capable IGMP snooping switches or
>> | > PIM routers. These are rare but may still be depoyed.
>> | >
>> | > When operating in IGMP version 3, routers MUST ignore version 1 and version 2 queries.
>> | > In version 3, the presence of those older version queries constitutes a misconfiguration
>> | > or attack, and these messages SHOULD result in logging of an error (rate-limited).
>> | >
>> | > - And in an appropriate part of the host behavior:
>> | >
>> | > IGMP version 3 hosts MUST have a configuration option, disabled by default, to ignore
>> | > IGMP version 1 and version 2 queries. This option SHOULD be auto-enabled when the host
>> | > is running SSM receiver applications, and hence depends on IGMP version 3 to operate in the
>> | > network.
>> | >
>> | > This is about as much as i think we can do if we still want to go full standard with rfc3376bis.
>> | > I can think of no operational deployment where the introduction of devices with existing
>> | > older RFC compatibility would cause interoperability issues. At worst the new router would
>> | > need to be explicitly configured for IGMPv2, which in my experience most routers deployed
>> | > into IGMPv3 environments are done anyhow.
>> | >
>> | > Comments welcome. Would love to see positive replies in which case i will be happy to explicitly
>> | > sugest the text changes for this elephant issue to the draft.
>> |
>> | Thanks for raising this, Toerless, the IGMP downgrade problem has been a major source of pain
>> | for some deployments that rely on SSM.
>> |
>> | - Jake
>> |
>> |
>> | _______________________________________________
>> | MBONED mailing list
>> | MBONED@ietf.org
>> | https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/mboned__;!!NEt6yMaO-gk!BhrKkLRDUzon0XP8RebeJvai8X02-AU2RBEGA0iJrQsgSIeCPBd4KVVIUoc5jD59w8aYpNbAYiTFWo_sN87x_ZG9c7AK9g$
>> |
> _______________________________________________
> MBONED mailing list
> MBONED@ietf.org
> https://www.ietf.org/mailman/listinfo/mboned

v2.23.0 | Report a Bug | By Email