Re: [Roll] WGLC on draft-ietf-roll-unaware-leaves-13

Rahul Jadhav <rahul.ietf@gmail.com> Fri, 10 April 2020 08:11 UTC

Return-Path: <rahul.ietf@gmail.com>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23CD63A1996 for <roll@ietfa.amsl.com>; Fri, 10 Apr 2020 01:11:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M6h19NOrUdZ8 for <roll@ietfa.amsl.com>; Fri, 10 Apr 2020 01:11:34 -0700 (PDT)
Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E26ED3A196E for <roll@ietf.org>; Fri, 10 Apr 2020 01:11:10 -0700 (PDT)
Received: by mail-ed1-x52a.google.com with SMTP id de14so1515354edb.4 for <roll@ietf.org>; Fri, 10 Apr 2020 01:11:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :content-transfer-encoding; bh=E2ixUqAJCr87Xs3w1NUoDSotIyWpfpvS7cOZ15XDnQ0=; b=iVVIpmBp7MHqqFwjhSjPsaNoUXmReWYSbZmMGzx3Oa5MXJXE/QMa7P1lngFJfQ0cJu 9l46iIdpXpEKHC9OX5tWioJenKwxBIJ//yOINz51av1taS7JS4Rq3DUwSiQ3/A+Sx8pj Z8HW7G7IY2QULvLvBKxLqnQnpTYQIpcGYcDIwRAa1xwxplyotymBmmqYUidG0l67hBcE /S7SwQdUtKTrnJb6zkWUh+MOVg/ja/oBr2KUWj+u5X8Rt30OiQenXTS/+PNXZQqzC7BW 8uopfMw+P4kFBEt4IbRvWKIkn6lJyDOsRWkYmB503TjtXXsblNMF9vEaJm1ryglRau8S QEUg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:content-transfer-encoding; bh=E2ixUqAJCr87Xs3w1NUoDSotIyWpfpvS7cOZ15XDnQ0=; b=kfse38xor3VxyjTx0g8kai/n4HsTtmaeXNNga2gzEP+3rJOl1CUMxoy1XgwEzMl9bO 2uNYz+JJAth1dzjw/CXOq/MmZrZagP4fzUZu8Eb17s5r4zbEnawAUfMMdlHJ3Cq7Mr5o naskpRh9PVi+b65hzGZLLU0ksyf0g67dU3KWpYFPJzS4JW+CY9pjLPqVIG6tpPgCr7s5 ubj4sZrIWYTvtCcXz2LYdmOJKMm+2uNXTH1U8JH0Okik007AnEdvwd+k4uBzKIygrbIw Wv8VvOfBZgni+ypuXUu0ZrIRUQVXa+vq6S0lx+X3mEmYo+961FSCbL72Wl278ElPkU8g 3xDA==
X-Gm-Message-State: AGi0PuZYtSlXXzOMLMjbYZ/6ZYN1LKlPGpYmQa3ZEM4eY1POz1BfvOCL FtjHBdKfCdcuGsPjyI32A4zT7dB+CLb/xMfS17BKBHtF
X-Google-Smtp-Source: APiQypKH1MBWoV58F87ifPoqfbwOkdtXUpBE0ih5OlAgeGojetbp9LD8082Mc5M3Rqu3fW6XRRit+MKIJbBIFUmfHx8=
X-Received: by 2002:aa7:c812:: with SMTP id a18mr3698767edt.213.1586506268969; Fri, 10 Apr 2020 01:11:08 -0700 (PDT)
MIME-Version: 1.0
References: <CAP+sJUe7oF74F96zi5RuE985CD9LzNfwad=Zzstc8uat2wc3aQ@mail.gmail.com> <25495_1585151124_5E7B7C94_25495_267_1_DAA13A41.7291B%dominique.barthel@orange.com> <CAP+sJUchX+q_cX4_fOytz+q5RfjN+L51VM-+Auz4jVxK-6wpOA@mail.gmail.com> <CAO0Djp1QGASEu4fasZD6K6CSD0q-7F+CD0_JOOppWnnABdbo5w@mail.gmail.com> <MN2PR11MB35650537494AB9FB8E0849D1D8C10@MN2PR11MB3565.namprd11.prod.outlook.com>
In-Reply-To: <MN2PR11MB35650537494AB9FB8E0849D1D8C10@MN2PR11MB3565.namprd11.prod.outlook.com>
From: Rahul Jadhav <rahul.ietf@gmail.com>
Date: Fri, 10 Apr 2020 16:10:57 +0800
Message-ID: <CAO0Djp1-SYaYGwpdBsUbK07_HPN=Had_MqJidXfPg1fBM4wHPg@mail.gmail.com>
To: Routing Over Low power and Lossy networks <roll@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/roll/3Lo4wcsY2MggCTiMR5N5tM-GU88>
Subject: Re: [Roll] WGLC on draft-ietf-roll-unaware-leaves-13
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Apr 2020 08:11:36 -0000

Please find my rsps inline.

Best,
Rahul

On Fri, 10 Apr 2020 at 00:46, Pascal Thubert (pthubert)
<pthubert=40cisco.com@dmarc.ietf.org> wrote:
>
> Many thanks Rahul!
>
> I hope all is going right for you and your family;

[RJ] All is well, many thanks. And hope the same for you and all.

>
> Let's see below, I need more precisions from you:
>
> > 1. The draft requires that the first registration (EDAR/EDAC) is directly
> > handshaked with the 6LBR but all the subsequent refreshes using DAO/DAO-
> > ACK goes through the Root which in turn generates anonymous EDAR/EDAC
> > handshaked with the 6LBR.
> > **Can't we have the 6LR simply use DAO always to Root which generates the
> > EDAR(with ROVR)/EDAC to 6LBR?** This would simplify the handling of 6LR.
>
> Here is why: The 6LR does the traditional DAD and ensures that the address is not a duplicate before it injects it in RPL.
>
> On paper DAD is really a special operation that allows the address in the network. Using the address before DAD is against IPv6 and prone to attacks.
>
>
> E.g., if we skip that step, and RPL is not aware of the new ROVR field, then in storing mode the duplicate will take over the path as the DAO progresses upwards, and that's not desirable security-wise. When the Root comes back with a NPDAO, it's too late. At the moment, we do not change RPL to process the ROVR. Hopefully in the future we'll do more.
>
> Arguably in non-storing we could do it because the flow is nested and the root can check with the 6LBR before it updates its state. That would be an even deeper integration of RPL and ND. Is that more useful than dangerous?

[RJ] I get the proposition now. I guess, it's better to leave the
initial EDAR/EDAC flow separate in all cases as specified in the
draft.
Another thing is the retry policy. EDAR/EDAC is sent multi hops away
and the loss probability is too high in our networks. It would be
great if implementers have some idea on what basis and how many times
to retry if the EDAC is not received. Wondering if this is covered in
other drafts, and I skimmed through 8505 without finding anything.
Ideally, a 6LR should make itself available for RULs only once it has
itself joined the network. In case of storing mode, we know from our
experience, this is not easy to ascertain (i.e., DAO-ACK does not mean
that end to end path is estd). But I guess, the worst case is that
EDAC will be lost and will be retried. But not sure who does the
retry, the RUL or the 6LR itself?

Also, the draft should make it clear that the 6LR should attempt the
DAO for the RUL only when the initial registration is successful. Not
doing this would possibly result in DAO for RUL reaching before
initial EDAR to the root causing problems (DAO reaching before would
mean the generation of anonymous EDAR and since 6LBR will not have an
entry it would answer "Removed" which in turn would be used as Status
in DAO-ACK)

>
> > With the updated target option it is now possible to send ROVR in target
> > option in a backward-compatible fashion. The root is anyways handling the
> > anonymous EDAR/EDAC and thus has all the required handling needed to
> > proxy non-anonymous EDAR/EDAC. Also, the de-registration is also handled
> > through Root which means Root also has to proxy non-anonymous
> > EDAR/EDAC in that case? The de-registration case is not clarified in the Figures
> > 7,8,9.
>
> You're right we should add text on the deactivation of the state.
>
> If the root cannot do non-anonymous then the state will stay as is in the 6LBR if an anonymous EDAR comes in with lifetime 0. The idea is really to add the ROVR to the DAO.
>
> I will:
> 1) add figures for flows with lifetime=0
[RJ] Thanks
> 2) add text in the 6LBR section that indicates that a lifetime 0 is ignored in an anonymous EDAR. This is implicit already
> "
>   an anonymous message can only increase the lifetime and/or increment the TID of an existing state at the 6LBR.
> "
[RJ] Making it explicit will help.

> 3) There is no mandate for using the ROVR in the target option. It is a SHOULD, should it be a MUST?

[RJ] The ROVR will be a MUST only when a DAO for RUL is sent with a
lifetime of zero by the 6LR. If this is what you mean then yes, I
think it should be a MUST.

>
>
> >
> > 2. The document introduces the term RAN for any RPL aware node which can
> > act as a parent node for the RUL. But in the document, subsequently, the term

> > 6LR is used to depict the parent node with which the RUL attaches. Wondering
> > why? Isn't RAN the appropriate term to be used?
> >
>
> This is by reference to RFC 8505, to echo what happens there. Wouldn't the use of RAN blur things?

[RJ] Yep it would blur when you read it in context to 8505. The only
reason why I brought this up is that without been routing-aware the
6LR cant handle things on behalf of RUL. We will just let this be as
it is.

>
>
> > 3. Section 9.2.2: "If a 6LR receives a valid NS(EARO) message with the "R" flag
> > reset and a Registration Lifetime that is not 0, and the 6LR was redistributing
> > the Registered Address due to previous NS(EARO) messages with the flag set,
> > then it MUST stop injecting the address."
> > In this case, should the 6LR also evict the corresponding NCE?
>
> The NCE does not depend on the "R" flag. The flag controls the redistribution into RPL only.

[RJ] ok. Is there any scenario where RUL will reset 'R' flag
subsequently after setting it? I am wondering if 6LR should invalidate
the path when it gets 'R' flag is reset.

>
> >
> > 4. Section 9.2.3: "the Registration Lifetime is adapted from the Path Lifetime
> > in the TIO by converting the Lifetime Units used in RPL into units of 60
> > seconds used in the 6LoWPAN ND messages;"
> > The unit of lifetime for RPL is not a multiple of 60sec like that of 6lo ND. Thus
> > it is possible that absolute conversion is not possible in some cases. I guess
> > the implementation should round-up in this case?
>
> Yes, I can add "rounded up to the upper value". Is that OK?

[RJ] Yep

>
>
> >
> > 5. Section 5 ... "anonymous message can only increase the lifetime"
> > ... It should be "anonymous message can only update the lifetime"
>
> I really meant that in terms of configuration, it can only increase the duration of the lifetime parameter but not reduce it, e.g., to 0. A lifetime value of less than the current value will trigger a restart of the current value.
>
> That behavior on an anonymous can really be discussed. Think that anyone could send it, what change can we allow it to cause?

[RJ]  thought it is possible for intermediate 6LRs to generate DAO on
behalf of RUL without any direct trigger from the RUL. In this case,
the lifetime will be a lower non-zero value.

>
> >
> > 6. Section 9.1 ... "On the first Address Registration, illustrated in Figure 5 and
> > Figure 8" ... Figure 8 currently does not show first address registration.
> >
>
> Oups fig 8 it was repurposed, because it was too obvious. Fixed in github. The paragraph becomes
>
> "
>    On the first Address Registration, illustrated in Figure 5 for RPL
>    Non-Storing Mode, the Extended Duplicate Address exchange takes place
>    as prescribed by [RFC8505].  Any combination of the logical functions
>    of 6LR, Root and 6LBR might be collapsed in a single node.
> "
> > 7. Nits:
> > Sec 9.2.2 "that is sends in response" -> "that is sent in response"
> Actually I meant "it sends" : )
>
> > Sec 10: "unicast to each if the interested children" -> "unicast to each of the
> > interested children"
>
>
> > Sec 10: "Layer-2 acknoledgement" -> "Layer-2 acknowledgement"
>
> > Sec 11: " whereby the it is possible to validate" ->  "whereby it is possible to
> > validate"
> > Sec 12.4: "DAO-ACK and RCO" -> "DAO-ACK and DCO"
>
> > Appendix A: " Follows the RPI-6LoRH and then the IP-in-IP 6LoRH." -> Need to
> > be rephrased
>
> Wasn't that high poetry?
[RJ] Indeed it was and like any other high poetry, I couldn't
understand a thing! :-)

Changed to
>
>    The SRH-6LoRHs are followed by RPI-6LoRH and then the IP-in-IP 6LoRH.
>    When the IP-in-IP 6LoRH is removed, all the 6LoRH Headers that
>    precede it are also removed.
>
[RJ] Great, Thanks.