Re: [Roll] AD Review of draft-ietf-roll-useofrplinfo-23
Ines Robles <mariainesrobles@googlemail.com> Sun, 19 August 2018 18:52 UTC
Return-Path: <mariainesrobles@googlemail.com>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABF60130E96; Sun, 19 Aug 2018 11:52:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=googlemail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9OiAvg4ZJwF8; Sun, 19 Aug 2018 11:52:23 -0700 (PDT)
Received: from mail-it0-x232.google.com (mail-it0-x232.google.com [IPv6:2607:f8b0:4001:c0b::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82B45130E93; Sun, 19 Aug 2018 11:52:23 -0700 (PDT)
Received: by mail-it0-x232.google.com with SMTP id d10-v6so17738219itj.5; Sun, 19 Aug 2018 11:52:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=bhcDj8atYzyIIPdv3TSCbr7sNVczEvSDAHUKYT+v7L0=; b=Ij2/KIKb1spErf5imkgXaHxLX2VI3Wqcma1O1qrQlE5XdVTU6JsdQscEodtLjuKxRr v9lliT5V7INuEU+0qXUEeS8TNQnb3errbrxfjY43FRh6LrEXXuSYI12SwxwAt0uZ6/Xl 1sMfU4y1bRwXuvstJYWm3eRavhddl6ehLQLk7aOyagiCyCTcW/pnwWRMATlSxHmNNLZC uxOkfAdDvdcukMvwc4P8wBiJu1w0FWLV3aeOUAMG2ET1XCvtu3XHr2kO0s4F/BIqFbYM w4LjfGhh0OkNWNi5iuNsf2aL/YG9bCZXvSkEttxBFMcokOtAaAmzjPoUcMY2lvJBxxz8 DSyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=bhcDj8atYzyIIPdv3TSCbr7sNVczEvSDAHUKYT+v7L0=; b=DICgXlz3daI7//J3eQ31lBvqZXOlH+Ggf57VQt+UvWWQU7ijDd9RDMBR0O9aOHIzbh t/sAfR5GWiM4mV3h3v83r78qRVI+qIJkTIacBVEcO1y4T24lTO0aJ6zHATYuHSeluqKe WX6Kj6zUWlpWyUYO5VSOUQXav13jOFAgDm5BlWaYl0UX8Mn+0UBwy/nrigtJTBG5Q9Yj eJvmHK7zz4BlIlqpkXXbvzceda0ZR2vj/POK82IIWa2d0bkejU8ye0MOV2Y32knJaCDc 3AbOER6saiXg4gDFUvYVVBausKGhH02x5KT8QzcvP5EhAnfDu1CieP0eEDVMvh6A7TTZ oT+A==
X-Gm-Message-State: AOUpUlEssPZ4LVLY582cQZ4BTt6sKXPH5TY0aUezRhsXaI3r76DH3PM6 DTFVQoBosplxJoPfvgDLq0dA9W5+Q8sh/d66B+lJbQHG
X-Google-Smtp-Source: AA+uWPwx8oIgucJxXdtU0fMYMzr41c2UJjLmto5TiAvPWLgLEmsyeXuO0iAkti5c/9aDW4tukGIlK9ANFmMwQ2HUC2s=
X-Received: by 2002:a24:dd88:: with SMTP id t130-v6mr30882676itf.129.1534704742584; Sun, 19 Aug 2018 11:52:22 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:a752:0:0:0:0:0 with HTTP; Sun, 19 Aug 2018 11:52:22 -0700 (PDT)
In-Reply-To: <CAMMESszeTZSZTTcLPG_zbFOyiwR_tPKw4Zfw=xT3yVayKT6WWA@mail.gmail.com>
References: <CAMMESszeTZSZTTcLPG_zbFOyiwR_tPKw4Zfw=xT3yVayKT6WWA@mail.gmail.com>
From: Ines Robles <mariainesrobles@googlemail.com>
Date: Sun, 19 Aug 2018 21:52:22 +0300
Message-ID: <CAP+sJUeNGdm6LaodHruHeErRsZC1+7bY=XzEfooPbFaXCrjgdQ@mail.gmail.com>
To: Alvaro Retana <aretana.ietf@gmail.com>
Cc: draft-ietf-roll-useofrplinfo@ietf.org, roll <roll@ietf.org>, roll-chairs <roll-chairs@ietf.org>, Peter van der Stok <consultancy@vanderstok.org>
Content-Type: multipart/alternative; boundary="0000000000000457f50573ce4ba7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/roll/8hIJzNC3kzVYc8ZVA9vMUHYfvAE>
Subject: Re: [Roll] AD Review of draft-ietf-roll-useofrplinfo-23
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Aug 2018 18:52:28 -0000
Hi Alvaro, Thank you very much for the review. We have created this ticket: https://trac.ietf.org/trac/roll/ticket/186#ticket to address your comments. We are going to analyze them and we will get back to you. Thanks, The authors. 2018-08-14 22:04 GMT+03:00 Alvaro Retana <aretana.ietf@gmail.com>: > Dear authors: > > I have (finally!) finished reading this document. Thanks for all the work > and time put into working out all the details. > > I have several concerns. I'm listing some of the Major (and document-wide) > ones up front. I also put more comments and questions inline below. > > (1) [major] Where is the specification of the data-plane behavior? > > This document does a couple of things: it Updates several other RFCs, and > presents a list of *example* flows where the expected behavior is > illustrated. The Updates are mostly about the new RPI value (0x23), but > not about the behavior of the nodes. > > Most of the examples are worded such that they describe actions > (encapsulate, remove, etc.)...and some even include rfc2119 Normative > Keywords. But they are called examples! So...my questions are: is the > behavior illustrated in §6 and §7 intended to be Normative? IOW, do these > sections include both examples and specify the behavior expected in the > LLN? Is the behavior already specified somewhere else (and this document > is just illustrating)? [I am asking that last question just-in-case, > because the Introduction says that "this document clarifies what is the > correct and the incorrect behaviour."] > > §8 seems to attempt to summarize "observations about the cases", but (if it > is intended to be *the* Normative text about the behavior) it is general > and short. > > [Some of my comments below ask about Normative language... Please take > those in context with the answers here.] > > > (2) [major] Operational Considerations > > Non-storing mode networks don't need the change to 0x23 (§8.2)...but making > the change creates a flag day, and even then, implementations should still > process both values (§3.1). I would really like to see text about the > operational considerations of introducing 0x23. It concerns me that a > significant change that most[*] networks don't need is being introduced. > Please take a look at rfc5706 (Guidelines for Considering Operations and > Management of New Protocols and Protocol Extensions), specially §2. > > [*] Most deployed networks work in non-storing mode, right? > > > (3) [minor] >= ?? > > There are several (25!) instances of text like this: > > 6LR_i are the intermediate routers from source to destination. In > this case, "1 <= i >= n", n is the number of routers (6LR) that the > packet go through from source (6LN) to destination (6LBR). > > Maybe it's just me, but I don't understand why (or how!) i could ever be >= > n. The text says that i are the "intermediate routers from source to > destination", while n is "the number of routers...from source (6LN) to > destination (6LBR)". Isn't that the same thing? What am I missing? > > > (4) Style nit: the document uses "we"...a third person style would be > preferable. For example: s/In this section we are going to > describe.../This section describes... > > > I will wait for the major points to be addressed before starting the IETF > LC. > > Thanks!! > > Alvaro. > > > > [Note: the numbers came from the idnits output.] > > ... > 10 When to use RFC 6553, 6554 and IPv6-in-IPv6 > 11 draft-ietf-roll-useofrplinfo-23 > > [minor] Can we come up with a more descriptive tittle? Also, the > "shorthand" version ("Useof6553") could be improved. > > > ... > 130 1. Introduction > ... > 156 The related document A Routing Header Dispatch for 6LoWPAN (6LoRH) > 157 [RFC8138] defines a method to compress RPL Option information and > 158 Routing Header type 3 [RFC6554], an efficient IP-in-IP technique, and > 159 use cases proposed for the [Second6TischPlugtest] involving 6loRH. > > [nit] I'm having trouble parsing this last paragraph. It sounds like > rfc8138 (also) defines the use cases, but I don't remember seeing anything > like that in there. Is that what you meant? > > [nit] I think the Introduction would benefit from an overview of the > document; something like "section X talks about abc, section Y presents > examples, etc.". > > 161 2. Terminology and Requirements Language > > 163 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", > 164 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this > 165 document are to be interpreted as described in RFC 2119 [RFC2119]. > > [major] Please use the RFC8174 template. > > ... > 170 RPL-node: A device which implements RPL, thus we can say that the > 171 device is RPL-capable or RPL-aware. Please note that the device can > 172 be found inside the LLN or outside LLN. In this document a RPL-node > 173 which is a leaf of a DODAG is called RPL-aware-leaf. > > [nit] RPL-capable is not used anywhere else. > > ... > 180 pledge: a new device which seeks admission to a network. (from > 181 [I-D.ietf-anima-bootstrapping-keyinfra]) > > 183 Join Registrar and Coordinator (JRC): a device which brings new nodes > 184 (pledges) into a network. (from > 185 [I-D.ietf-anima-bootstrapping-keyinfra]) > > [minor] Do these two terms need to be defined in this document? They are > only used once, and with a reference to > I-D.ietf-anima-bootstrapping-keyinfra next to them. Also, and more > important, the definition here doesn't match the one in that other draft. > Please take out the definitions and just make reference later on... > > 187 Flag day: A "flag day" is a procedure in which the network, or a part > 188 of it, is changed during a planned outage, or suddenly, causing an > 189 outage while the network recovers [RFC4192] > > [nit] rfc4192 seems like an odd place to pull a reference to "flag day" -- > specially as it is being defined as "a procedure" and not the effect it > causes, which seems to be how it is used in the text: "creates a flag day", > "will experience a flag day", "avoid a flag day". This is not a big issue > -- if it was up to me, I would either make my own definition, or just not > define it at all: I think it is a well known term... > > 191 2.1. hop-by-hop IPv6-in-IPv6 headers > > 193 The term "hop-by-hop IPv6-in-IPv6" header refers to: adding a header > 194 that originates from a node to an adjacent node, using the addresses > 195 (usually the GUA or ULA, but could use the link-local addresses) of > 196 each node. If the packet must traverse multiple hops, then it must > 197 be decapsulated at each hop, and then re-encapsulated again in a > 198 similar fashion. > > [minor] That term is not used anywhere...but "hop-by-hop IP-in-IP" is. > > IPv6-in-IPv6 and IP-in-IP are used interchangeably throughout the > document. This use is not wrong, but it is inconsistent. Adding a note > about it (even though it may be obvious to many readers that the terms > refer to the same thing) would be nice...being consistent even nicer. > > Later on, "IPIP" is also used... > > > [nit] Why is this definition in its own sub-section? > > 200 3. Updates to RFC6553, RFC6550 and RFC 8138 > > 202 3.1. Updates to RFC 6553 > > ... > 209 [RFC6553] states as showed below, that in the Option Type field of > 210 the RPL Option header, the two high order bits MUST be set to '01' > 211 and the third bit is equal to '1'. The first two bits indicate that > 212 the IPv6 node MUST discard the packet if it doesn't recognize the > 213 option type, and the third bit indicates that the Option Data may > 214 change en route. The remaining bits serve as the option type. > > s/showed/shown > > [major] The 2 MUSTs used above are used paraphrasing rfc6553, and don't > define Normative behavior in this document. Please either use a direct > quote, or use non-normative language. > > ... > 223 Recent changes in [RFC8200] (section 4, page 8), states: "it is now > 224 expected that nodes along a packet's delivery path only examine and > 225 process the Hop-by-Hop Options header if explicitly configured to do > 226 so". Processing of the Hop-by-Hop Options header (by IPv6 > 227 intermediate nodes) is now optional, but if they are configured to > 228 process the header, and if such nodes encounter an option with the > 229 first two bits set to 01, they will drop the packet (if they conform > 230 to [RFC8200]). Host systems should do the same, irrespective of the > 231 configuration. > > [minor] The description above seems to be missing "...if the option is not > recognized". > > 233 Based on That, if an IPv6 (intermediate) node (RPL-not-capable) > 234 receives a packet with an RPL Option, it should ignore the HBH RPL > 235 option (skip over this option and continue processing the header). > > s/That/that > > ... > 266 When forwarding packets, implementations SHOULD use the same value as > 267 it was received (This is required because, RPI type code can not be > 268 changed by [RFC8200]). It allows to the network to be incrementally > 269 upgraded, and for the DODAG root to know which parts of the network > 270 are upgraded. > > [major] There seems to be a contradiction above: "SHOULD use the same > value...this is required..." If required by rfc8200, why not use MUST? > > 272 When originating new packets, implementations SHOULD have an option > 273 to determine which value to originate with, this option is controlled > 274 by the DIO option described below. > > [minor] §3.3 defines the option...but it doesn't explicitly say what the > receivers should do with it. It may be obvious, but it should be explicit > for completeness. > > [major] It seems to me that the paragraph above may be out of place, > doesn't say much, may be wrong...or maybe all 3. The text says that the > originating value is controlled by the option in §3.3 (again, but that > section doesn't explicitly say what should be done)...but it also says > (with the SHOULD) that an implementation may have valid reasons to not pay > attention to the option -- what are those?? > > > ... > 281 3.2. Updates to RFC 8138 > > 283 RPI-6LoRH header provides a compressed form for the RPL RPI > 284 [RFC8138]. It should be considered when the Option Type in RPL > 285 Option is decompressed, should take the value of 0x23 instead of > 286 0x63. > > [major] AFAICT, the compression specified in rfc8138 doesn't include the > RPI option type...but the use of the 6LoRH Type 5 implies the RPI. If I > got that right, then how would the decompressing node know which RPI type > was in use when first compressed? Given that both types may be used in a > network (§3.1), how would one know unless the 6LoRH type was also changed? > Or are you suggesting that the decompression should always use 0x23? In > any case, I think that stronger language might be needed. > > > 288 3.3. Updates to RFC 6550: Indicating the new RPI in the DODAG > 289 Configuration Option Flag. > > 291 In order to avoid a flag day caused by lack of interoperation between > 292 new RPI (0x23) and old RPI (0x63) nodes, when there is a mix of new > 293 nodes and old nodes, the new nodes may be put into a compatibility > 294 mode until all of the old nodes are replaced or upgraded. > > 296 This can be done via a DODAG Configuration Option flag which will > 297 propogate through the network. Failure to receive this information > 298 will cause new nodes to remain in compatibility mode, and originate > 299 traffic with the old-RPI (0x63) value. > > s/propogate/propagate > > [major] "compatibility mode" > > What is "compatibility mode"? Initially I thought that it was maybe the > ability of new nodes to use both RPI values...but the end of the second > paragraph suggests using only 0x63. > > The text suggests that "compatibility mode" can be enabled via "via a DODAG > Configuration Option flag" -- that flag is not defined anywhere...but > "failure to receive this information will cause new nodes to remain in > compatibility mode". So...would it be enabled using a flag, or is it the > default? > > Why wouldn't the default be the new RPI? I can see how most of the > networks will support the old RPI, but that will eventually be the > exception... > > 301 As stated in [RFC6550] the DODAG Configuration option is present in > 302 DIO messages. The DODAG Configuration option distributes > 303 configuration information. It is generally static, and does not > 304 change within the DODAG. This information is configured at the DODAG > 305 root and distributed throughout the DODAG with the DODAG > 306 Configuration option. Nodes other than the DODAG root do not modify > 307 this information when propagating the DODAG Configuration option. > > 309 The DODAG Configuration Option has a Flags field which is modified by > 310 this document. Currently, the DODAG Configuration Option in > 311 [RFC6550] is as follows. . > > 313 Flags: The 4-bits remaining unused in the Flags field are reserved > 314 for flags. The field MUST be initialized to zero by the sender and > 315 MUST be ignored by the receiver. > > 317 0 1 2 3 > 318 +-----------------+----------------------------------------- > ----------+ > 319 | Type = 0x04 | Opt Length = 14| Flags | A | PCS| DIOIntDoubl. | > 320 +----------------------------------------------------------- > ----------+ > 321 | DIOIntMin. | DIORedund. | MaxRankIncrease | > 322 +-----------------+----------------------------------------- > ----------+ > 323 | MinHopRankIncrease | OCP | > 324 +-----------------+----------------------------------------- > ----------+ > 325 |Reserved | Def. Lifetime | Lifetime Unit | > 326 +-----------------+-----------------+----------------------- > ----------+ > > 328 Figure 3: DODAG Configuration Option. > > [minor] Suggestion: instead of copying (and not quoting the Normative > language) the text from rfc6550 above, just indicate what the Update is: > "the unused bits MUST...". Also, I think that Figure 3 is not needed. > > > ... > 342 In case of rebooting, the node does not remember the flag. Thus, the > 343 DIO is sent with flag indicating the new RPI value. > > [minor] By "the node", which node are you referring to? The root? If it > doesn't remember, it means that it needs to be configured -- how does that > happen? Why isn't the configuration persistent at the root? > > 345 4. Sample/reference topology > > 347 A RPL network in general is composed of a 6LBR (6LoWPAN Border > 348 Router), Backbone Router (6BBR), 6LR (6LoWPAN Router) and 6LN > 349 (6LoWPAN Node) as leaf logically organized in a DODAG structure. > 350 (Destination Oriented Directed Acyclic Graph). > > [minor] The 6BBR doesn't appear in the Figure. > > [nit] BTW, it might be better to put the topology diagram right after this > first paragraph. > > [nit] The DODAG expansion should be on first use. > > 352 RPL defines the RPL Control messages (control plane), a new ICMPv6 > 353 [RFC4443] message with Type 155. DIS (DODAG Information > 354 Solicitation), DIO (DODAG Information Object) and DAO (Destination > 355 Advertisement Object) messages are all RPL Control messages but with > 356 different Code values. A RPL Stack is showed in Figure 5. > > [minor] Not exactly sure what this paragraph has to do with the reference > topology (yet), but (same comment as above) it might be good to put the > figure right after the text. > > s/showed/shown > > > ... > 428 Figure 6: A reference RPL Topology. > > 430 Figure 2 shows the reference RPL Topology for this document. The > 431 letters above the nodes are there so that they may be referenced in > 432 subsequent sections. In the figure, 6LR represents a full router > 433 node. The 6LN is a RPL aware router, or host. > > s/Figure 2/Figure 6 > > [minor] The 6LN is defined in the first paragraph as a node (not a > router). BTW, what is the difference between a "full router" and (just) a > "router" (6LR vs 6LN)? > > [minor] 6LN is characterized above as "RPL aware", but (below) the "Raf" > mark is also used for that -- so it seems that "~Raf 6LN" would be a > "not-RPL aware leaf...RPL aware router, or host". > > Some terminology clean up is needed. > > 435 But, the 6LN leaves (Raf - "RPL aware leaf"-) marked as (F, H and I) > 436 are RPL nodes with no children hosts. > > [minor] Is there a relevance to the "children hosts" existing? Can it be > concluded that ~Raf nodes have children hosts? > > > ... > 446 5. Use cases > ... > 507 This means that when the no-drop RPI option code 0x23 is used, a > 508 packet that leaves the RPL domain of an LLN (or that leaves the LLN > 509 entirely) will not be discarded when it contains the [RFC6553] RPL > 510 Hop-by-Hop option known as RPI. Thus, the RPI Hop-by-Hop option MAY > 511 be left in place even if the end host does not understand it. > > [minor] If the last RPL-aware node knows that the host doesn't understand > the RPI, why would it not remove it (if it can)? IOW, I understand how it > causes no harm (leading to the optional behavior above), but just because > it can be done doesn't mean that it should. Are there cases where it can > be used for something? > > If the RPI can't be removed because the border is not the destination, then > the MAY above is insignificant: no one can strip it, so there's no real > option. > > 513 NOTE: There is some possible security risk when the RPI information > 514 is released to the Internet. At this point this is a theoretical > 515 situation; no clear attack has been described. At worst, it is clear > 516 that the RPI option would waste some network bandwidth when it > 517 escapes. This is traded off against the savings in the LLN by not > 518 having to encapsulate the packet in order to remove the artifact. > > [major] AFAICT, leaking the RPI means leaking the RPLInstanceID and the > SenderRank. The Security Considerations already mentions what an attacker > could do if it knows the RPLInstanceID...but it doesn't say anything about > the SenderRank. > > I'm thinking that the SenderRank may help an attacker to have an idea of > the topology of the LLN, right? I don't know what an attacker can do with > that information, but the fact that could be used for that (and it could be > a privacy issue) should be mentioned in the Security Considerations section
- [Roll] AD Review of draft-ietf-roll-useofrplinfo-… Alvaro Retana
- Re: [Roll] AD Review of draft-ietf-roll-useofrpli… Ines Robles