Re: [Roll] Last call to draft-ietf-roll-efficient-npdao-16

Rahul Jadhav <nyrahul@outlook.com> Wed, 04 September 2019 16:12 UTC

Return-Path: <nyrahul@outlook.com>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DADB61208DB for <roll@ietfa.amsl.com>; Wed, 4 Sep 2019 09:12:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=outlook.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id glL0dlgXrRVs for <roll@ietfa.amsl.com>; Wed, 4 Sep 2019 09:12:10 -0700 (PDT)
Received: from APC01-HK2-obe.outbound.protection.outlook.com (mail-oln040092255027.outbound.protection.outlook.com [40.92.255.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52B5B1200FD for <roll@ietf.org>; Wed, 4 Sep 2019 09:12:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ERl8+ShW7BvEhPWI1AiPd0aUw5d9sQpqOfzsR85rtku2E7E0ceGOV4z1RZa/C9PGuQ/AsYr+TRmT9HaVo5Jwey8+wWbUknyMPkLPIq/y2kBX/CPlRW0OM/feS8d69lDVW/W32fBrvtS7Rb1Q9pklRgfw2qJUigHeb8YdiQfut6jDqLoT3IdCxDuqOQMZDnMcbewxFrUxQVa0QvBv3E8L6T4npUEPmi4tDep2rXKbKTruzBx8CZB8rElUC4DluaQPvWtZBWBKXCLHaVbzjrXDaICxxTL7mKqwqL4vZCqVMG1L7U5Pr3w2oTbYaVZE9ocfYRDNyLUaKLvIFbLBb4vfJA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=U0wwAPxsNIrAUQr4Q01Fvi8iIxvOyusQTX4rxB3W9BY=; b=VUszJz8/L1mOrBoNRUR4jU1MjNt4XTk/f9WzzEqNiAqpPJxw4IAsxDeDF0Gth8/aVleLafTW5VwNKpTLAUzbMtZZebG4SpUvo2j5SY5bOElUJ6kQGub2WdQwJIJGGyGkZ+6cuy2DaUtpxt0A37QpArUMk9HwGR88Du8G7dZXJ5UaMrTvm+WFOUr8n2N2RwaCMbQvfX7yrF+diyTn2lLxcVjGW7KGWJX8pu9G+4V24PRP1SdPzEX63N+AwaFKTybieufgYLxBUmTsT63LbibF8cYQc9mYsdGwPkfBQfIA3Ig7EUaUztC3EtSmNUKct0/AmY3INXrGlwKnNLe66dTlxw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=U0wwAPxsNIrAUQr4Q01Fvi8iIxvOyusQTX4rxB3W9BY=; b=k5oVnQhil6jTk30AX1DJdOgvrWNPbAz7wE5RbJNB9PuxAwBPI2LK0aN9ZVSTPOo/hHi9SmB9pTpK3PBD/2arrNXTQYnnZpr+HaHKWUv4kN7z260SgttyZ1OyrPVXF0rCJ1XJnTTqq7hkafGv3LYidfq05Xxr3jR38M/sRUDfp035qhx660iFOpTOODmctkz7zxSFmNS9AG8g200loERHlZXE2OZsKGsd/4heEyGpritKWlcvF6vfYNkqOaIdxpVIAY06RS4FaqjC/gY/vGCVxjMHqckFWtXKlygNEmWxc0hFm7914dyqdrBEgS93/HSLsmL3xhUikn/jOMrBVdb0qg==
Received: from HK2APC01FT061.eop-APC01.prod.protection.outlook.com (10.152.248.52) by HK2APC01HT093.eop-APC01.prod.protection.outlook.com (10.152.249.226) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2241.14; Wed, 4 Sep 2019 16:12:06 +0000
Received: from BM1PR01MB2612.INDPRD01.PROD.OUTLOOK.COM (10.152.248.55) by HK2APC01FT061.mail.protection.outlook.com (10.152.249.105) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2241.14 via Frontend Transport; Wed, 4 Sep 2019 16:12:05 +0000
Received: from BM1PR01MB2612.INDPRD01.PROD.OUTLOOK.COM ([fe80::4cdc:d4ce:1df5:c441]) by BM1PR01MB2612.INDPRD01.PROD.OUTLOOK.COM ([fe80::4cdc:d4ce:1df5:c441%3]) with mapi id 15.20.2241.014; Wed, 4 Sep 2019 16:12:05 +0000
From: Rahul Jadhav <nyrahul@outlook.com>
To: Routing Over Low power and Lossy networks <roll@ietf.org>
Thread-Topic: [Roll] Last call to draft-ietf-roll-efficient-npdao-16
Thread-Index: AQHVYyl5fLQ25s2A9UCduj19y+/ofacbq8Xy
Date: Wed, 4 Sep 2019 16:12:05 +0000
Message-ID: <BM1PR01MB2612F1D77693AC23B903C420A9B80@BM1PR01MB2612.INDPRD01.PROD.OUTLOOK.COM>
References: <MN2PR11MB3565DAEEF4DD78D732EDE17DD8B80@MN2PR11MB3565.namprd11.prod.outlook.com>, <CAP+sJUeEWC-bhw2U0t82-45ha3vOEcuqiD9U4Hmc-xR=y6PM6w@mail.gmail.com>
In-Reply-To: <CAP+sJUeEWC-bhw2U0t82-45ha3vOEcuqiD9U4Hmc-xR=y6PM6w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-incomingtopheadermarker: OriginalChecksum:5D38645BC80FE67D47148A8CD1BF2FC8D6EC8CDE17973FF822F85B1EC2B7EFC0; UpperCasedChecksum:F5A80BB9D2E2029542D54E65E82AF8D7F00FFA26CCB411A9C81C28A063587441; SizeAsReceived:6950; Count:42
x-tmn: [mExop64GTDndNjCko9LWbXGHJqJ5Ptq+m3pm6aJsLEZQUO0CXSQodezZ4TRkzoMGI50oC6f9TSM=]
x-ms-publictraffictype: Email
x-incomingheadercount: 42
x-eopattributedmessage: 0
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(5050001)(7020095)(20181119110)(201702061078)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031322404)(2017031323274)(2017031324274)(1601125500)(1603101475)(1701031045); SRVR:HK2APC01HT093;
x-ms-traffictypediagnostic: HK2APC01HT093:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-message-info: ihXyeiI0je0+2otl/NL2jLUnCMgQERn8o0lGWrZhMqYSENcc0GFKcLzuFide7cEx7OuEHAweY8/KLLwhz016wbELN/68dnFB9UfZXTc8wrOXjnnEdF6t7lZ+GFlMs+pqhwDXNuYV9v/TQ00JU1Q8XtNGjsQqHvItFIw1jW7kndslc1G47DggLNsg9JD+i4cC
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BM1PR01MB2612F1D77693AC23B903C420A9B80BM1PR01MB2612INDP_"
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 5517e25f-f3b8-4234-e9d9-08d73152a13f
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Sep 2019 16:12:05.8074 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK2APC01HT093
Archived-At: <https://mailarchive.ietf.org/arch/msg/roll/on2ANu2mAEFsOIsZ7vOPzhaSDCg>
Subject: Re: [Roll] Last call to draft-ietf-roll-efficient-npdao-16
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Sep 2019 16:12:14 -0000

Hi Pascal,

The new text contains "RPL status code of 130 indicating that the address is moved". It has no reference and no IANA consideration. Is it ok to simply state this without explicit IANA consideration? Maybe I am just not aware of such procedural aspects of status code allocation, but how would a future work avoid using this value?

Regards,
Rahul

________________________________
From: Roll <roll-bounces@ietf.org> on behalf of Ines Robles <mariainesrobles=40googlemail.com@dmarc.ietf.org>
Sent: Wednesday, September 4, 2019 2:02 PM
To: Routing Over Low power and Lossy networks <roll@ietf.org>
Subject: [Roll] Last call to draft-ietf-roll-efficient-npdao-16

Dear all,

This is a last call for the modified NPDAO document (version 16) that you can find here

https://github.com/pthubert/efficient-route-invalidation/blob/master/draft-ietf-roll-efficient-npdao.txt

This call is open until 23th September. Please let us know your opinion.

Thank you very much in advance,

Ines and Peter.

On Wed, Sep 4, 2019 at 1:10 PM Pascal Thubert (pthubert) <pthubert@cisco.com<mailto:pthubert@cisco.com>> wrote:

Dear all



We are holding NP DAO for a change that does not impact the behavior of the node but improves traceability.

I would like to confirm consensus on this change rapidly so we can give the doc back to RFC editor.



The proposed change is as follows:



----------------------------------



diff --git "a/C:\\Users\\pthubert\\Dropbox\\IETF\\doc\\rpi\\draft-ietf-roll-efficient-npdao-15.xml" "b/C:\\Users\\pthubert\\Dropbox\\IETF\\doc\\rpi\\draft-ietf-roll-efficient-npdao-16.xml"

index 8a0acca..2ed0920 100644

--- "a/C:\\Users\\pthubert\\Dropbox\\IETF\\doc\\rpi\\draft-ietf-roll-efficient-npdao-15.xml"

+++ "b/C:\\Users\\pthubert\\Dropbox\\IETF\\doc\\rpi\\draft-ietf-roll-efficient-npdao-16.xml"

@@ -35,7 +35,7 @@

<?rfc subcompact="yes" ?>

<!-- keep one blank line between list items -->

<!-- end of list of popular I-D processing instructions -->

-<rfc category="std" docName="draft-ietf-roll-efficient-npdao-15" ipr="trust200902">

+<rfc category="std" docName="draft-ietf-roll-efficient-npdao-16" ipr="trust200902">

   <!-- category values: std, bcp, info, exp, and historic

      ipr values: full3667, noModification3667, noDerivatives3667

      you can add the attributes updates="NNNN" and obsoletes="NNNN"

@@ -582,11 +582,12 @@



             <t>

                 This document specifies a change in the Transit Information Option to

-                contain the "Invalidate previous route" (I) flag. This I-flag signals

+                contain the "Invalidate previous route" (I) flag. This 'I' flag signals

                 the common ancestor node to generate a DCO on behalf of the

-                target node. The I-flag is carried in the Transit Information

+                target node with a RPL Status of 130 indicating that the address

+                has moved. The 'I' flag is carried in the Transit Information

                 Option which augments the reachability information for a given

-                set of RPL Target(s). Transit Information Option with I-flag

+                set of RPL Target(s). Transit Information Option with 'I' flag

                 set should be carried in the DAO message when route

                 invalidation is sought for the corresponding target(s).

             </t>

@@ -615,8 +616,8 @@

             </t>

             <t>

                 The common ancestor node SHOULD generate a DCO message in

-                response to this I-flag when it sees that the routing

-                adjacencies have changed for the target. The I-flag is

+                response to this 'I' flag when it sees that the routing

+                adjacencies have changed for the target. The 'I' flag is

                 intended to give the target node control over its own route

                 invalidation, serving as a signal to request DCO generation.

             </t>

@@ -638,7 +639,7 @@

0                   1                   2                   3

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

-| RPLInstanceID |K|D|   Flags   |   Reserved    | DCOSequence   |

+| RPLInstanceID |K|D|   Flags   |  RPL  Status  | DCOSequence   |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

|                                                               |

+                                                               +

@@ -683,8 +684,15 @@

                 the sender and MUST be ignored by the receiver.

             </t>

             <t>

-                Reserved: 8-bit unused field. The field MUST be initialized to

-                zero by the sender and MUST be ignored by the receiver.

+                RPL Status: The RPL Status as defined in section 6.5.1 of <xref

+                target="RFC6550"/>.

+                Indicative of the reason why the DCO happened, the RPL Status

+                MUST NOT be changed as the DCO is propagated down the route

+                being invalidated.

+                This value is informative and does not affect the behavior of

+                the receiver. In particular, unknown values are ignored by the

+                receiver.

+                Only Rejection Codes (value above 128) are expected in a DCO.

             </t>

             <t>

                 DCOSequence: 8-bit field incremented at each unique DCO message

@@ -759,7 +767,7 @@

0                   1                   2                   3

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

-| RPLInstanceID |D|   Flags     |  DCOSequence  |    Status     |

+| RPLInstanceID |D|   Flags     |  DCOSequence  | DCO-ACK Status|

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

|                                                               |

+                                                               +

@@ -788,8 +796,10 @@

                     copied from the DCOSequence received in the DCO message.

                 </t>

                 <t>

-                    Status: Indicates the completion. Status 0 is defined as

-                    unqualified acceptance in this specification. Status 1 is

+                    DCO-ACK Status: Indicates the completion. A value of 0 is

+                    defined as

+                    unqualified acceptance in this specification. A value of 1

+                    is

                     defined as "No routing-entry for the Target found". The

                     remaining status values are reserved as rejection codes.

                 </t>

@@ -910,7 +920,7 @@

                     nodes will generate their respective DAOs to update their

                     paths, and the previous route invalidation for those nodes

                     should work in the similar manner described for switching

-                    node. The dependent node may set the I-flag in the Transit

+                    node. The dependent node may set the 'I' flag in the Transit

                     Information Option as part of regular DAO so as to

                     request invalidation of previous route from the common

                     ancestor node.

@@ -920,7 +930,7 @@

                     of their parents in turn have decided to switch their

                     parent. Thus for route invalidation the dependent nodes may

                     choose to always set the 'I' flag in all its DAO message's

-                    Transit Information Option. Note that setting the I-flag is

+                    Transit Information Option. Note that setting the 'I' flag is

                     not counterproductive even if there is no previous

                     route to be invalidated.

                 </t>

@@ -1103,7 +1113,7 @@



         <t>

             IANA is requested to allocate bit 1 from the Transit Information

-            Option Flags registry for the I-flag (<xref target="transit_opt_changes"/>)

+            Option Flags registry for the 'I' flag (<xref target="transit_opt_changes"/>)

         </t>

         <section title="New Registry for the Destination Cleanup Object (DCO) Flags">

             <t>

@@ -1210,22 +1220,29 @@

             This document introduces the ability for a common ancestor node to

             invalidate a route on behalf of the target node. The common

             ancestor node could be directed to do so by the target node using

-            the I-flag in DCO's Transit Information Option. However, the common

+            the 'I' flag in DCO's Transit Information Option. However, the common

             ancestor node is in a position to unilaterally initiate the route

             invalidation since it possesses all the required state information,

             namely, the Target address and the corresponding Path Sequence..

             Thus a rogue common ancestor node could initiate such an

            invalidation and impact the traffic to the target node.

         </t>

+        <t> The DCO carries a RPL Status value, which is informative. New Status

+            values may be created over time and a node will ignore an unknown

+            Status value. Which makes it so that the RPL Status field may be

+            used as a cover channel. But the channel only works once since the

+            message destroys its own medium, that is the existing route that it

+            is removing.

+        </t>

         <t>

-            This document also introduces an I-flag which is set by the target

+            This document also introduces an 'I' flag which is set by the target

             node and used by the ancestor node to initiate a DCO if the

             ancestor sees an update in the route adjacency. However,

             this flag could be spoofed by a malicious 6LR in the path and can

             cause invalidation of an existing active path. Note that invalidation

             will happen only if the other conditions such as Path Sequence

             condition is also met. Having said that, such a malicious 6LR may

-            spoof a DAO on behalf of the (sub) child with the I-flag set and

+            spoof a DAO on behalf of the (sub) child with the 'I' flag set and

             can cause route invalidation on behalf of the (sub) child node..

             Note that, using existing mechanisms offered by <xref

                 target="RFC6550"/>, a malicious 6LR might also spoof a DAO with





Chairs, could we please last call or whatever so we can move on?



Many thanks!



Pascal

_______________________________________________
Roll mailing list
Roll@ietf.org<mailto:Roll@ietf.org>
https://www.ietf.org/mailman/listinfo/roll