IETF Logo Mail Archive

Re: [pim] [MBONED] IGMPv3 backward compatibility issue killing SSM

Brian Haberman <brian@innovationslab.net> Fri, 23 February 2024 15:35 UTC

Return-Path: <brian@innovationslab.net>
X-Original-To: pim@ietfa.amsl.com
Delivered-To: pim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB02DC14F6BD for <pim@ietfa.amsl.com>; Fri, 23 Feb 2024 07:35:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=innovationslab-net.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pd7IoAmAhtIZ for <pim@ietfa.amsl.com>; Fri, 23 Feb 2024 07:35:03 -0800 (PST)
Received: from mail-yb1-xb36.google.com (mail-yb1-xb36.google.com [IPv6:2607:f8b0:4864:20::b36]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0984BC14F6BE for <pim@ietf.org>; Fri, 23 Feb 2024 07:35:02 -0800 (PST)
Received: by mail-yb1-xb36.google.com with SMTP id 3f1490d57ef6-dc6dcd9124bso1033337276.1 for <pim@ietf.org>; Fri, 23 Feb 2024 07:35:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=innovationslab-net.20230601.gappssmtp.com; s=20230601; t=1708702502; x=1709307302; darn=ietf.org; h=in-reply-to:autocrypt:from:references:cc:to:content-language :subject:user-agent:mime-version:date:message-id:from:to:cc:subject :date:message-id:reply-to; bh=V+eA36+hwQJcIz5M4PuS5phnCmFnayhMqtrpwaxEQfo=; b=OzoQVUjNOzAAAqoxZQoDPbDWaorCaFtPn4n31J32C/Jz+VefjWR/2cN2i6kfL/bgTe fQnKcKt6yNSwnJm5xCDvT4uVdQ0bHhBJPeP6Lzk3qWAjMuBkQ4rfZpIgGVZEt07kkFAQ l+87fgl/vheUEI/qXdelRCufnb1SbG+DT/Y0i8IlyICq/ZK4IYWdTkhFVOLfIf9RYmlJ vg5rdBVKw+/HamNCYI4Ne7DlocBUBeZSlH+rHSTc5yO80dftGRivkacCuJBRKOJ6954n NNe5qXQcwHy83U7ObKhkkcTqPGWoCWVfdk/7TA80dnGTRR0B7IOToTSMkt4AHCqZiOr8 RP/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708702502; x=1709307302; h=in-reply-to:autocrypt:from:references:cc:to:content-language :subject:user-agent:mime-version:date:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=V+eA36+hwQJcIz5M4PuS5phnCmFnayhMqtrpwaxEQfo=; b=TS/WngL1XOpqWq5SwR+ZG55Hf549WyVUft8XJOhtdITmSN5CdLdPExQ6wvBeCo1qU6 qhNDAW0NEN4ZI5doIzXxEHbWZRxaJzW4iWgyPDHEbv2dLSoKB2xaRaTzOFj0d8z7/Nqu jM0gRCofXTB7G765s2wz2oD6vbEAcrnkE9s9Uq5b8kjZ+tZOTDZm4wEDVKAcKjOepflA gKP292k3dOfQXYLim+builcx3XG8Txu1tY0VF8jEMWUceFRJ7X0SuWWnP9iSPKAToyUA 61Pwv66fkMPdIl208z9BrquZTun8osaqp1JaphcGQkGxINGjEG9M/hexbhIeYKOncWyl S4pA==
X-Forwarded-Encrypted: i=1; AJvYcCUUiSEvuxFxczc8/gkk7wiJRHiHm+5HkkLJUlih+gLpuVt764dAv8fnXune0oOyIaot3srOS9IdYO5c+4o=
X-Gm-Message-State: AOJu0YzsCczls514W3OIavBXQn4N9Vusnpbq5697/w0t4D6h1k4WwcGw XLuqb6vInjY77b2AVRFcyaqfLBCmGr7gjx302uAmEkiFZjVaxubNjPrukdfYuwhCTjJYf2QnZ8D c
X-Google-Smtp-Source: AGHT+IGvfvRZh55SS7MbF2WvHYGZsNvfeZPnH5nWygam/MakywkciPOLJu6+BeKsm8+cV1WbpM+X1A==
X-Received: by 2002:a25:bc84:0:b0:dc2:470b:887e with SMTP id e4-20020a25bc84000000b00dc2470b887emr149505ybk.21.1708702501871; Fri, 23 Feb 2024 07:35:01 -0800 (PST)
Received: from [192.168.1.4] ([172.59.217.180]) by smtp.gmail.com with ESMTPSA id v14-20020a25fc0e000000b00dc254858399sm3263810ybd.2.2024.02.23.07.34.59 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 23 Feb 2024 07:35:00 -0800 (PST)
Message-ID: <51503fac-9b66-4c4f-bdff-56b886b225f6@innovationslab.net>
Date: Fri, 23 Feb 2024 10:34:58 -0500
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Hitoshi Asaeda <asaeda@ieee.org>, Stig Venaas <stig@venaas.com>
Cc: "mboned@ietf.org" <mboned@ietf.org>, "pim@ietf.org" <pim@ietf.org>
References: <CAHANBtKf03ukXH4sgwN0WVdkaVXnbRYdAGBDmQK56YXrS-z6yA@mail.gmail.com> <CAHANBtKdfS0cPceqv8_R+ToeGOBdUksH7gArKqegqSt_Q0Sf0Q@mail.gmail.com> <ZXtzwBljE45Og27f@faui48e.informatik.uni-erlangen.de> <EDE809A0-E672-4A3B-9F46-E08ECD3D4C23@akamai.com> <edc9d539-4b6c-f238-54c6-210c152e2065@juniper.net> <e9ed1779-4f43-4f71-b8c3-d813bcea81d1@innovationslab.net> <532D7FE8-B721-4CF8-A54D-CF139BD8128B@ieee.org> <8DF64ABE-E20A-4C2C-A3D5-63ECEE24EA6C@juniper.net> <d8704ceb-932b-4878-ae3b-6e9cdc523078@innovationslab.net> <CAHANBt+yvv0DT7TYVc4FF5V9y42fHY=GvTYPw-K2ed1XTVLsXg@mail.gmail.com> <76454dcc-61ae-49bf-9c71-1b424994bcce@innovationslab.net> <9DB48B26-1B1C-4B30-B46C-D447194A68AC@ieee.org> <CAHANBtL9hJrPXB+XuFp4ESQMx1Qv4nGEdPoiUonTNMACXJh1eA@mail.gmail.com> <8309259A-32B8-4D82-83F0-C8659418E1E9@ieee.org>
From: Brian Haberman <brian@innovationslab.net>
Autocrypt: addr=brian@innovationslab.net; keydata= xsFNBGFCWtIBEAC2FIgMIrH27l4L1Uu+vxCBakOv0Y1nxsu61+aulA78two2kCl7OCF+myP8 KQHEFMoZSn+ZvR+QDFyhsHe7qDK0CVf1K3n97PptXG5kvbnDJdwVJV0w9zYC17/VDgGAKLqj 0iNDVc9mYg/zCYdPn616UAj7hNpFgc9f982gLokyR/xbMNvtOwOpToysK+7Oc25oOam0xuUx CHcE4BfzJHO2VmUgWHeTvxervtIeMcn5PUlQ4XhzYH88mLlI1Uno7W5Dfx8FjXLNNAq4aNBM 6QND2LRekYi75pSTFXNpYIZvmgVT/VB6SHpsyJ3Hkio4YqGkPiqCEcB6U1lArT2FmXnzsTOt 6ydx6ONClxtcOmoEWrES+8tU+knaCEo1/XOrWtivTFMzn3Mahf726XxQBG55FkhqQ/Mir70e mTtpm8MDf+Qj4o5OsSF01l0MMxwOPiB57pz+XuUoWvLEjLgnb83eY0/YpBJdYESL3zZ3zMBo zA65cUozqSGHwQnlE1ACRDKhsReSYmiPJR5o3pWvNf5z+1M3tyn4qpuPxFFA1X8tEstpoC9t QoX8oextRj9BXlJCcCOwSVbCN8buO7aJMN3PIwSewjYvNLMxLrMph/8jNAHIaZnIt3CRHAq6 RsEAv8VQBWruIyNyyX0N8upnOpvriqx1eI2yS/B/Z2D8fQoFewARAQABzSlCcmlhbiBIYWJl cm1hbiA8YnJpYW5AaW5ub3ZhdGlvbnNsYWIubmV0PsLBlAQTAQgAPhYhBKm74/fFK6tXux1c k5E020tPLWqqBQJhQlrSAhsDBQkHhh8tBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJE0 20tPLWqq9fAP/1BO1H3SxphcXPbIsuJ+LoBCoKhrIftwGrLZzyiHYyLSFJ/HWLH2Kv79XJP4 6GkpTCk3VfJp6LEjw9FItwXUn0BEf0LyEy1L7w81YXPq+e4kwTPaQI8CgnbpSS9HBkcUj2r9 bwCjf+QZMqfgbz4d2MkVdVrIM2XPLYQND+Xtu1tyTTnrvFndLQFkDdqHAM9HqoikoNqWqz5j JPaxpJfxqmWr86vNThI7sD0rgMX5TWj7Flngzv2G9/uGEz4rHOIwK6KKiXNKk79kTqjUCQ9j tXl8BC2LQj8xsnWeGISTMR3xbiBPeTX94686O6KcLl7QIVKVS+nqs2l2j2gaXo1AjhBXO7gP GFN+rZzPOUZnPQUek3FeQoZCkfC/ljWBPooCpBe2euv5uZ4NbfKHAr9nmmhg4Uh1IceMxMQ/ /kB2wXTbuoprWLkK02r/y9LyGI5zLqLNl0NG17erJ0NCke76xYJkKBYezgBj1pZmYQDC1Sox fKlsaFCWkBrcKuGWc49qbEtWVM8h/mw+0w5pFyKX733xa6A+S8TOPYng/qFYgauotV9unjjt b7Npn7XyYzypk7QqKo4zipBqpHKeQ96Y/FKXSHPuTVj7dGK3Dn4b0q9Dgti7ogCc8F3tJcZI E0R8Q+4TRcQ192dLvyyTrv4h9BY6q5aB56Z6dsn11TAx7YCAzsFNBGFCWtIBEACqN6OFHSNq jiPy8s05QTC2fCqi0G5CcbRFXcqmHDEKdwqHk5VuOEL8CcWKNzOEMCt6EJvNL4ivfeHs1e7f rfm08+0Da0xAFiab92B9lOTLfv/NkKZ3jakQs06rtSzX7tYDbnmDeX206Uqff1mDjsiXHoAJ fdW7CjNLdWp42B3fkSjUR8mUgeNPqO4Jhgd7d3tTN2ov7M0rS7kUoE6Gd01LmNoPUQ024g8G ecMXVBldgg78aKmehs5pSWLmoBfczymGmNT/++9B6btmy7ruU+febVXRaQJY7aqpkTL7oy4H 3LMRSy/0BXHm1WgO7201Aj7PuaXM424hAhzmAJhO5AvlT9PuS9eSaIP0sqgP7ZTX7UezVj1H Tv5VJtgHI1fiNfhd/KFqDQDGaKdlM0iysyPanSCscjsWqAG0Od2TPdSuURqvgt8suBZrAAfK d55Ovguy+8uCi047sQxShUonw7TxGl3FMAe04PBIOgMCB/uys4yDUjYrawrlNigvx60Nec+T ExE+qszoO57If3/rG78J2ntGjog+yTDNffkbzljcy3YDe3k/r+T2FKOcWxJTlwSWAs1aVLZ7 DWx73lpYrSNJxiU7PrPihfS/Doy3VfmfF/RbH/xmkuPvsyrVfd16pEEtHGi5hBk2KQyjVqi1 IWwXV9ZVOQFBE9nJ7i6A7Aw3EwARAQABwsF8BBgBCAAmFiEEqbvj98Urq1e7HVyTkTTbS08t aqoFAmFCWtICGwwFCQeGHy0ACgkQkTTbS08taqrpIBAAjc6GdUjCyVsZLYwV8bMM4loltFrx z/mroCIFW4PZ0u4zENaloQbHuhDx7Ii6mR9jRiVNbXP4XvuyhjlUO+pt6hGrPbzsmV9vGvN0 2nkGYmSpxQNEzHQf/CJyLhPWY5qTJlDEr4zHbloG2KRPQ6dv9mdRIyAwDxNDSq2tVlrJC+b4 hG9vYp9msCZspqVDRTzvRTZQoWAvGJUaUgZd/FLPTfFePAmX+enXkUKl332i82xNU/nTix73 WajK7WhWC2GugrEbi42fJgUKRtYWhY36QyxucB1VWUacn7iKt/eLfPrCVVsHP2j4vqjlL/HJ 38TvbqfI4WbXyXF630U7IOlMT8//vpo3Y8hjWw0p5dm22fyPcjfnqxDdDefKCJpN215JgvDi Ww42J+VDTsd+5FJYCSUqg3jXmJl1z6FewF5hjuUGf/VdKCrhFocfh1b8VFgne2M1vyNcPoS8 23lJOMpcVAmzFhmVl5y/az/kgPJzbQggSByv3pZZUlJttLKf9BSGwmKcoGEgNo8p/DUyMkQV kVCJdmnamJzYEa/s3XRasTZhoWzNSjIEfeJaLd8dVXTzByMzgYuj/raFP1UF33GQ8W+zr23b VLVc8pEjMQlWeRGfJRyvG4ZOYpFk0c7jw8LpERCd/1SGHL3RQ3CwOqouQgKV+0BjMbY6A6Vj CuWio7k=
In-Reply-To: <8309259A-32B8-4D82-83F0-C8659418E1E9@ieee.org>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------ns6jCOhVdDzEYslAUG4gXga8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/pim/tAkgBPfGLH3jSdW3dQfL4ApebAc>
Subject: Re: [pim] [MBONED] IGMPv3 backward compatibility issue killing SSM
X-BeenThere: pim@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Protocol Independent Multicast <pim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pim>, <mailto:pim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pim/>
List-Post: <mailto:pim@ietf.org>
List-Help: <mailto:pim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pim>, <mailto:pim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Feb 2024 15:35:06 -0000

Hi Hitoshi,

On 2/23/24 4:29 AM, Hitoshi Asaeda wrote:
>> How common is it that
>> there is accidentally an older querier in the network?
> 
> I don’t think “how it is common” is the point.
> The point is that, say IGMPv2 general query, which may be accidentally or intentionally happened, legally stops IGMPv3 join/leave operations.
> 

Some of that is already stated in the Security Considerations section 
(9.1) related to forged Query messages. I could expand that to 
explicitly mention accidental or mis-configured systems.

Regards,
Brian

> Regards,
> 
> Hitoshi
> 
> 
>> On Feb 22, 2024, at 15:28, Stig Venaas <stig@venaas.com> wrote:
>>
>> Hi all
>>
>> I think the main question is what changes would be needed, if any,
>> before publishing the bis documents. I don't think those documents
>> should add any new MUSTs as implementations that were compliant to the
>> original RFCs should still be compliant. We can have other documents
>> discuss the behavior. But if people believe it is important, we can
>> add some language, possibly RECOMMEND, MAY or SHOULD.
>>
>> It would be good to get feedback from the WG on whether we should add
>> any text regarding this or not.
>>
>> My understanding is that the potential problem is with querier
>> election and falling back to older querier. How common is it that
>> there is accidentally an older querier in the network? In general all
>> devices should be v3 capable when using IGMPv3, and most devices
>> should support it by now.
>>
>> Regards,
>> Stig
>>
>> On Thu, Feb 22, 2024 at 12:22 PM Hitoshi Asaeda <asaeda@ieee.org> wrote:
>>>
>>> Hi Brian,
>>>
>>> I apologize if I repeat and loop back to the same discussion.
>>>
>>> Toerless previously mentioned;
>>>
>>>> RFC3376 (and currently rfc3376bis too) writes (line numbers from idnits):
>>>>
>>>> 1837       *  If any older versions of IGMP are present on routers, the querier
>>>> 1838          MUST use the lowest version of IGMP present on the network.  This
>>>> 1839          must be administratively assured; routers that desire to be
>>>> 1840          compatible with IGMPv1 and IGMPv2 MUST have a configuration option
>>>> 1841          to act in IGMPv1 or IGMPv2 compatibility modes.
>>>>
>>>> The second sentence is either english that i do not understand, or it is in contradiction to
>>>> the first sentence. If there is a configuration option to enable/disable router compatibility
>>>> with IGMPv1/IGMPv2, and i disable this configuration option on my router, then i would
>>>> be in contradiction to the first sentence, wouldn't i ?
>>>
>>> I also have the similar feeling, but IMO (as I said previously, too), keeping this backward compatibility mode is Ok. The reasonable solution is that disabling the backward compatibility mode is the default (MUST?). And enabling the backward compatibility mode can be selected by operation (SHOULD? MAY?).
>>> Above rule is applied to any address range, but using SSM address range does not affect anything (i.e., always use IGMPv3/MLDv2 in SSM range).
>>>
>>> What do you think?
>>>
>>> Regards,
>>>
>>> Hitoshi
>>>
>>>
>>>> On Feb 22, 2024, at 8:43, Brian Haberman <brian@innovationslab.net> wrote:
>>>>
>>>> Hi Stig,
>>>>
>>>> On 1/5/24 11:27 AM, Stig Venaas wrote:
>>>>> Hi Brian
>>>>> I'm personally fine with no changes, if we make changes then I think
>>>>> they should be at most recommendations. Hopefully we will see more
>>>>> widespread IGMPv3 support and this will be less of an issue. It will
>>>>> also help if implementations have IGMPv3 enabled by default.
>>>>> Section 7.2 is the more problematic part, but the issue is mainly with
>>>>> some unmanaged/unexpected device using version 1 or 2 I believe. If
>>>>> there are unexpected pim routers present or some pim router has wrong
>>>>> configuration, then things may break in many ways even if we were to
>>>>> address the v3 fallback. E.g. the unexpected device may become DR and
>>>>> not supporting v3 at all, or not having correct RP configuration.
>>>>
>>>> I have not seen any suggested text changes for 7.2 to address the unexpected use of v1 or v2. Still open to adding recommendations for default settings of the compatibility mode variables, but haven't heard anyone agreeing with such a change.
>>>>
>>>> Regards,
>>>> Brian
>>>> _______________________________________________
>>>> MBONED mailing list
>>>> MBONED@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/mboned
>>>
>

v2.23.0 | Report a Bug | By Email