Re: NHS Address
David Horton <horton@citr.com.au> Fri, 03 May 1996 03:17 UTC
Received: from ietf.cnri.reston.va.us by IETF.CNRI.Reston.VA.US id aa00609; 2 May 96 23:17 EDT
Received: from guelah.nexen.com by IETF.CNRI.Reston.VA.US id aa00593; 2 May 96 23:17 EDT
Received: from maelstrom.nexen.com (maelstrom.nexen.com [204.249.97.5]) by guelah.nexen.com (8.7.3/8.7.3) with ESMTP id XAA15683; Thu, 2 May 1996 23:08:41 -0400 (EDT)
Received: (from root@localhost) by maelstrom.nexen.com (8.7.3/8.7.3) id XAA11521 for rolc-out; Thu, 2 May 1996 23:07:54 -0400 (EDT)
Received: from guelah.nexen.com (guelah.nexen.com [204.249.96.19]) by maelstrom.nexen.com (8.7.3/8.7.3) with ESMTP id XAA11512 for <rolc@nexen.com>; Thu, 2 May 1996 23:07:51 -0400 (EDT)
Received: from bunyip.cc.uq.oz.au (bunyip.cc.uq.oz.au [130.102.2.1]) by guelah.nexen.com (8.7.3/8.7.3) with SMTP id XAA15677 for <rolc@nexen.com>; Thu, 2 May 1996 23:07:45 -0400 (EDT)
Received: from citrus.citr.uq.oz.au by bunyip.cc.uq.oz.au with SMTP (PP); Fri, 3 May 1996 13:07:04 +1000
Received: from citron.citr.uq.oz.au by citrus.citr.uq.oz.au (8.7.3/CiTR-External-Gateway) ; id <NAA12379@citrus.citr.uq.oz.au>; Fri, 3 May 1996 13:06:23 +1000 (EST)
Received: from joppa.citr.uq.oz.au by citron.citr.uq.oz.au (8.7.3/CiTR-Main) ; id <NAA09969@citron.citr.uq.oz.au>; Fri, 3 May 1996 13:07:00 +1000 (EST)
Received: from cumquat by joppa.citr.uq.oz.au (8.6.11/CiTR-Client) ; id <NAA10370@joppa.citr.uq.oz.au>; Fri, 3 May 1996 13:06:59 +1000
Received: from localhost by cumquat (5.65c/CiTR-Client) ; id <AA05145@cumquat>; Fri, 3 May 1996 13:06:03 -0500
Message-Id: <5145.199605031806@cumquat>
To: jhalpern@us.newbridge.com
Cc: rolc@nexen.com
Subject: Re: NHS Address
Date: Fri, 03 May 1996 13:06:02 -0500
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: David Horton <horton@citr.com.au>
X-Mts: smtp
X-Orig-Sender: owner-rolc@nexen.com
Precedence: bulk
X-Info: [Un]Subscribe to rolc-request@nexen.com, submissions to rolc@nexen.com
X-Info: Email archive at ftp://ietf.cnri.reston.va.us/ietf-mail-archive/rolc/
X-Info: Hypermail archive at http://cell-relay.indiana.edu/mail/archives/rolc/
X-Info: FTP archive at ftp://ftp.nexen.com/pub/rolc/
|Someone asked on the list why the NHS IP address appeared in the NHRP
|registration packet.
|
|I may be missing something obvious, but I think that we reduce configuration
|(and therefore misconfiguration) if we allow a station to insert its own
|address in that field in a registration request. (The reply should still
|have the correct NHS address, as should any registration confirmation later.)
|If the request is being delivered to an NHS serving the clients LAG directly,
|it will recognize this and accept the request. If the request is handed to
|an NHS serving some other LAG< routing will still send it towards the correct
|LAG, causing the correct handling.
|
The way I read NHRP-7, the destination prefix address is intended to
be the address of the NHS that the station is trying to register with.
I think inserting the station's own address will cause problems with NHRP-7:-
" If an NHS receives an NHRP
Registration Request packet which has the Destination Protocol
Address field set to an address other than the NHS's own protocol
address then the NHS MUST forwards the packet along the routed path
toward the Destination Protocol Address."
Say the designated NHS for the Home LAG receives the packet with the
destination NHS specified as other than itself. So according to the
above, it must forward it, which is undesired behaviour.
I think the problem becomes more evident when there is a LAG containing
several routers. All of these are assumed to be NHRP capable from the
fabric mode assumption. (Without considering SCSP for the moment), all
of these could be capable of being NHRP servers, but at a particular
moment, only one is the designated NHS.
(problem 1) In the first scenario, the registering station could be
one of the routers not acting as the NHS today. So the designated
NHS would be sending both registration reply and a (forwarded)
registration request back to the router.
Consider the situation where there are multiple NHS within a LAG
which have some method outside of NHRP for determining which will
act as the designated NHS. This could be an operator editting files.
This allows some level of fault tolerance.
(problem 2) A station is taken off the net, and during the time it
is off-line, the designated server changes. When reconnecting, the station
registers with the old configuration, i.e. it uses the old NHS address.
This leads to an dilemma, does the router that first receives the register
(a) believe its configuration, and forward it to the designated NHS, or
(b) trust the registering station, and forward to the requested NHS
(and then what does the requested station do, assuming it is up)
(c) both, but who sends the reply?
I think the correct approach is to ignore the destination address
in the packet that was set by the station station, and to
follow the routing and NHS designated based solely on the station's
source protocol address. This is what will be consulted when forwarding
a resolution request. So there is not much point sending
registration data a different way where it can't be retrieved.
A conservative approach in terms of ensuring the data is actually
registered where it is needed would be to send to both (if there is a
difference). This will lead to a loop with designated server
forwarding to the requested destination, and then back again
until the hop count expires. (Unless the NHS keep some additional state).
I am also a bit concerned about the addresses that the station
could put in here, e.g. an address in a LIS other than its own, or
a broadcast address. Could these lead to avalanches?
>From my point of view, this station end configuration of its NHS
can only lead to problems. Can someone provide examples where the
configuration is of assistance and resolution processing will also
still work?
| The reply should still
| have the correct NHS address, as should any registration confirmation later.
I believe the responding NHS should insert its own address in the Request
reply. However I think this is in conflict with NHRP-7, which implies
that the field is the same as what the requesting station set.
There are situations where the requesting station needs to also obtain
the NMBA address of the serving NHS. I realise this can be achieved
through use of the responder address extension, however the end-end
authentication extension can't be used in conjunction with extensions
that modify the packet en-route, specifically forward/reverse transit.
To avoid this problem, we intend to define an experimental vendor specific
end-end authentication extension which creates the signature only
over the fixed and mandatory parts. The problem is that the responder
address extension is not part of the signature, and hence open to
tampering.
Hence I propose putting the NBMA address of the NHS in the mandatory
part of the registration reply. This is analagous to the Next Hop
addresses being in the mandatory part of the resolution reply.
The destination prefix extension is still left hanging in the
unauthenticated part, but I think I can live with that.
|Yours,
|Joel M. Halpern jhalpern@newbridge.com
|Newbridge Networks Inc.
|
In summary, I propose
(1) removing the Destination Protocol Address from the
Registration Request packet.
(2) Adding a Server NBMA address to the Registration Reply packet,
leaving (a possibly renamed) Destination Protocol Address which
is filled in by the responding NHS.
Cheers,
David
David Horton
Centre for Information Technology Research
Level 2 South Tower, 339 Coronation Drive, Milton, Australia 4064
Email: d.horton@citr.uq.oz.au Phone +61 7 32592222 Fax +61 7 32592259
- NHS Address Joel Halpern
- Re: NHS Address David Horton
- Re: NHS Address Joel Halpern