Re: [Pppext] [Isis-wg] Fwd: I-D Action: draft-simpson-isis-ppp-unique-02.txt
"Les Ginsberg (ginsberg)" <ginsberg@cisco.com> Tue, 09 August 2011 19:13 UTC
Return-Path: <ginsberg@cisco.com>
X-Original-To: pppext@ietfa.amsl.com
Delivered-To: pppext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D205311E80F6; Tue, 9 Aug 2011 12:13:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.845
X-Spam-Level:
X-Spam-Status: No, score=-2.845 tagged_above=-999 required=5 tests=[AWL=-0.246, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aOAPgbT3k+oH; Tue, 9 Aug 2011 12:13:26 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) by ietfa.amsl.com (Postfix) with ESMTP id 5B30111E80F1; Tue, 9 Aug 2011 12:13:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=ginsberg@cisco.com; l=14606; q=dns/txt; s=iport; t=1312917236; x=1314126836; h=mime-version:subject:date:message-id:in-reply-to: references:from:to:cc; bh=Son4AzeYahhvAxrjZyLMVcFW4ha3IorU3SdqeAD3tIo=; b=L7YmNAT8isAlzaPQP8NghzXNBestYpiXC4NiCSLCvkB4spl3VQEYTX6n urv5B+NVumqLjRzH/aj1qz+2AMoa5V77hUFwxLLknWJnKecB5U52fgx/1 l3zD2lusirU56KzZWLQmbszh5RiGveKp5Zvz+UsHivQZxPQARbqoZ82MP s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AuAAAKGFQU6rRDoI/2dsb2JhbABCl2CPXneBQAEBAQEDAQEBDwEJFDsDCwwEAgEIEQMBAQEBCgYXAQYBJh8JCAEBBAESCAESB4dPnnwBnmKFZ18Ehy0vkDuEXocb
X-IronPort-AV: E=Sophos;i="4.67,344,1309737600"; d="scan'208";a="11441097"
Received: from mtv-core-3.cisco.com ([171.68.58.8]) by rcdn-iport-8.cisco.com with ESMTP; 09 Aug 2011 19:13:55 +0000
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by mtv-core-3.cisco.com (8.14.3/8.14.3) with ESMTP id p79JDsNN024308; Tue, 9 Aug 2011 19:13:54 GMT
Received: from xmb-sjc-222.amer.cisco.com ([128.107.191.106]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Tue, 9 Aug 2011 12:13:54 -0700
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01CC56C8.7AB2BB88"
Date: Tue, 09 Aug 2011 12:13:52 -0700
Message-ID: <AE36820147909644AD2A7CA014B1FB520F107E99@xmb-sjc-222.amer.cisco.com>
In-Reply-To: <4E4143FA.1000307@gmail.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Isis-wg] Fwd: I-D Action: draft-simpson-isis-ppp-unique-02.txt
Thread-Index: AcxWoJf9xRzMhpGdRkK47der37aY4AAJQ0kg
References: <4E4143FA.1000307@gmail.com>
From: "Les Ginsberg (ginsberg)" <ginsberg@cisco.com>
To: William Allen Simpson <william.allen.simpson@gmail.com>, IETF PPP WG <pppext@ietf.org>
X-OriginalArrivalTime: 09 Aug 2011 19:13:54.0508 (UTC) FILETIME=[7B1148C0:01CC56C8]
Cc: IETF TRILL WG <rbridge@postel.org>, IETF ISIS WG <isis-wg@ietf.org>
Subject: Re: [Pppext] [Isis-wg] Fwd: I-D Action: draft-simpson-isis-ppp-unique-02.txt
X-BeenThere: pppext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: PPP Extensions <pppext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pppext>, <mailto:pppext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pppext>
List-Post: <mailto:pppext@ietf.org>
List-Help: <mailto:pppext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pppext>, <mailto:pppext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2011 19:13:28 -0000
William - Thanx for (at last) actually including the isis-wg on this thread. I have attached an excellent review that Mike Shand provided for your 00 draft - both as context and to insure that you have seen this (I did forward this to you once before but am not sure you ever received it). After reviewing the latest version (02) it seems to me that you have not addressed any of the substance of Mike's remarks. The most relevant changes in the 02 version consist of the revision to Section 3 Resolving Conflicts As rewritten this section now says (in part): <snip> An implementation conforming with this specification MUST generate a replacement System Identifier using one of the techniques specified above, upon: (a) detecting a conflicting System Identifier in (a)(1) 1 IS-IS Hello from any neighbor, or (a)(2) 2 consecutive LSPs and/or SNPs from the same source; (b) failing to resolve participation in an area after (b)(1) incrementing its Sequence Number 3 or more times, and (b)(2) 10 seconds. <end snip> None of this addresses the concerns that Mike raised in his review - specifically: 1)How to distinguish between benign cases (receiving your own LSP and/or receiving a hellos from yourself if you have multiple ports on the same LAN) from genuine doppelgangers 2)How to prevent the introduction of a new system with a duplicate system ID from causing an existing system which has been using that system ID from having to change its ID (which is highly undesirable) 3)In general avoiding gratuitous system-id changes For this draft to go forward it would have to be demonstrated both that the problem needs to be addressed and that the solution is not worse than the original problem. The former is not borne out by field experience to date (IMHO). In its present state the proposed solution fails the second test as well. If you are serious about moving this draft forward please address the substance of the review points which have been made. Les > -----Original Message----- > From: isis-wg-bounces@ietf.org [mailto:isis-wg-bounces@ietf.org] On > Behalf Of William Allen Simpson > Sent: Tuesday, August 09, 2011 7:28 AM > To: IETF PPP WG > Cc: IETF TRILL WG; IETF ISIS WG > Subject: [Isis-wg] Fwd: I-D Action: draft-simpson-isis-ppp-unique- > 02.txt > > https://tools.ietf.org/rfcdiff?url2=draft-simpson-isis-ppp-unique- > 02.txt > > It's been months since the last update, and I'd thought we'd long since > be in the edit queue. Here's the few (mostly editorial) changes. > > Although I've tried mightily to keep extraneous explanatory text to a > minimum, some folks failed to actually read the entire document. So, > I've duplicated a little of the abstract and various section content in > the Introduction. Hopefully, that will skirt problems with folks who > think they become "expert" by skimming specifications -- without > understanding, operating, or implementing. > > One reader thought that Resolving Conflicts is optional. Wrong! The > body text clearly said, "an implementation conforming with this > specification MUST generate...." Moreover, that kind of thing is > obvious to all competent protocol designers and implementers. In > today's IETF, we have professional meeting goers instead. So, I've > added an explicit statement right at the *top* of the section for the > skimmers. It's REQUIRED! > > Also, some readers had difficulty understanding a compound sentence. > I've divided it into labeled clauses. And here's the only substantive > change: the test for conflicts has been tightened slightly, while the > timing test has been loosened. > > In previous drafts, Hellos, LSPs, and SNPs were all treated the same; > finding a conflict in any of them led to action. That's how things are > specified in ISIS itself (in excruciating detail). But one reviewer > thought we should require consecutive LSP/SNP conflicts. That's more > IETF-like: be liberal in what you receive.... > > However, I left the Hello conflict test as 1. There's no reason to > hope/wait for a change, it's a fast test, and in many cases clears up > the problem before we ever exchange LSPs/SNPs. > > In previous drafts, IS-IS Hellos were used in the timing test. Hellos > are sent periodically, so it's very conservative design. But one > reviewer thought we should use Sequence Number increments instead. It > may speed the conflict resolution slightly, and is a bit more > conservative in what we send -- assuming the implementation stops > sending as it waits the full 10 seconds for old/other LSPs to clear. > (I'm not sure all/any implementations will actually wait, but that's a > good experiment.) > > A very confused reader thought this should handle more than 1 area, > because my *TITLE* is more universal. That's just silly. Heck, it > goes > against the IS-IS principle (violated in practice) that each system is > only in one area. Added a note on inter-area conflicts. > > Explicitly state that remote management is beyond the scope. > > Any other nits? > > > -------- Original Message -------- > Subject: I-D Action: draft-simpson-isis-ppp-unique-02.txt > Date: Mon, 08 Aug 2011 09:21:50 -0700 > From: internet-drafts@ietf.org > Reply-To: internet-drafts@ietf.org > To: i-d-announce@ietf.org > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > Title : Generation of Unique IS-IS System Identifiers > Author(s) : William Allen Simpson > Filename : draft-simpson-isis-ppp-unique-02.txt > Pages : 9 > Date : 2011-08-08 > > The IS-IS routing protocol (Intermediate System to Intermediate > System, ISO 10589) requires unique System Identifiers at the link > layer. A common practice has been to use an existing IEEE 802 MAC > link-layer interface identifier. When no unique MAC is available, > this document specifies automatic generation of identifiers. It is > fully interoperable with systems that do not support this > extension. > > Additionally, the extension automatically resolves conflicts > between > System Identifiers. > > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-simpson-isis-ppp-unique- > 02.txt > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > This Internet-Draft can be retrieved at: > ftp://ftp.ietf.org/internet-drafts/draft-simpson-isis-ppp-unique-02.txt > _______________________________________________ > I-D-Announce mailing list > I-D-Announce@ietf.org > https://www.ietf.org/mailman/listinfo/i-d-announce > Internet-Draft directories: http://www.ietf.org/shadow.html > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > _______________________________________________ > Isis-wg mailing list > Isis-wg@ietf.org > https://www.ietf.org/mailman/listinfo/isis-wg
--- Begin Message ---I have some comments on this draft. If a duplicated MAC is used as a System Identifier within an IS-IS area, this leads to the condition colloquially called "LSR War". Currently, IS-IS has no method to detect or resolve such conflicts. It is something of an exaggeration to say that IS-IS has NO method to detect this situation. It will result in the affected systems persistently increasing the sequence numbers of their LSPs, in an attempt to assert their own LSPs over the duplicates. Most implementations will detect this condition and raise appropriate system warning messages. Admittedly, the consequences, while this persists, are quite serious. After detecting a conflicting System Identifier in a neighbor, or receiving 3 or more IS-IS Hellos and failing to resolve participation in an area within 10 seconds, an implementation conforming with this specification MUST generate a replacement System Identifier using one of the techniques specified above. I don't understand this paragraph. It talks about detecting the conflicting system IDs in the neighbor using ISHs. But the problem arises across an entire flooding domain (a single level 1 area or the level 2 domain). It is possible, and indeed probable that the offending system IDs are not adjacent, but will still cause the same level of disruption. I also don't understand what is meant by "failing to resolve participation in an area within 10 seconds". Surely this doesn't mean a simple mismatch of area address, or any other reason for failing to bring up an L1 adjacency. I'm guessing the author means receiving a hello with the same system ID as itself? But this can occur benignly when a system has multiple interfaces onto the same LAN ( either deliberately or by some bridging misconfiguration), and it is indeed hearing its own hellos. So this seems to make no sense at all, and clearly wouldn't work. For it to work, it would have to be based on receiving an LSP which somehow indicated the conflict. But receiving your own LSPs (with your own system ID) is a normal occurrence, especially when rejoining a domain after a crash etc. So a means needs to be provided to distinguish the common benign case, from a genuine doppelganger. Other that using some other "more unique" id to distinguish really different system (which just punts the problem), it seems that some variant of the normal detection method (i.e. detecting a persitent sequence number increment), is the only viable alternative. Yet this draft says nothing about such a mechanism. Whatever method were chosen, it would have to be proof against false positives, since accidentally invoking a changed system ID would seem to make the cure worse than the disease. Indeed, there seems to be a danger that bringing up a new system with an incorrectly assigned system ID (the usual case is accidentally joining a test network to the production network) would cause the existing (and previously stable) system to change its ID. Note that gratuitously changing a system ID can affect things other that the operation of IS-IS itself. For example the system ID is often used as the key in the hash function for preventing polarisation in hop by hop forwarding ECMP paths, so changing the system ID is likely to affect traffic patterns adversely. This whole thing needs to be MUCH, more carefully thought out, if indeed a solution is to be attempted. Mike On 25/04/2011 18:25, Stewart Bryant wrote: > ISIS WG > > It seems likely that draft-simpson-isis-ppp-unique-00 will > be submitted as an experimental submission on the > independent stream. > > Please look out for it. > > If you have any views on this document please make them known. > > - Stewart > _______________________________________________ > Isis-wg mailing list > Isis-wg@ietf.org > https://www.ietf.org/mailman/listinfo/isis-wg > _______________________________________________ Isis-wg mailing list Isis-wg@ietf.org https://www.ietf.org/mailman/listinfo/isis-wg--- End Message ---
- [Pppext] Fwd: I-D Action: draft-simpson-isis-ppp-… William Allen Simpson
- Re: [Pppext] [Isis-wg] Fwd: I-D Action: draft-sim… Les Ginsberg (ginsberg)
- Re: [Pppext] [Isis-wg] Fwd: I-D Action: draft-sim… William Allen Simpson
- Re: [Pppext] [Isis-wg] Fwd: I-D Action: draft-sim… Les Ginsberg (ginsberg)
- Re: [Pppext] [Isis-wg] Fwd: I-D Action: draft-sim… William Allen Simpson