Re: [Roll] Add ROVR in DAO?

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Fri, 23 August 2019 14:56 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A29D1120840 for <roll@ietfa.amsl.com>; Fri, 23 Aug 2019 07:56:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Level:
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=U3+5y/Mq; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=HuEIT3HD
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aPCDps-haq1w for <roll@ietfa.amsl.com>; Fri, 23 Aug 2019 07:56:05 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A43341200E9 for <roll@ietf.org>; Fri, 23 Aug 2019 07:56:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=20713; q=dns/txt; s=iport; t=1566572165; x=1567781765; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=81nbcIjgamw85GqFO21tt8n57PGOf2M7m5421LkAXqo=; b=U3+5y/MqLEYEjCJzq36/8h4L/JsMux8EC+Aen/TadgHLU4hs0nveRhvb YfR4/SW4JWWdZGi7ckzr4Or31kQJwtRofH7Y50KLZAMkZiMouYDxgxH0w 9Fz1S+rceAOvsyBosS16g8OBXtJ5KorNIQCHtFjPdTzNIsAy5oFMg0C3l U=;
IronPort-PHdr: 9a23:wjBa9BwNdXyFR3rXCy+N+z0EezQntrPoPwUc9psgjfdUf7+++4j5YhWN/u1j2VnOW4iTq+lJjebbqejBYSQB+t7A1RJKa5lQT1kAgMQSkRYnBZudFU3mJvPwcwQxHd9JUxlu+HToeUU=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ArAABq/V9d/5RdJa1lGgEBAQEBAgEBAQEHAgEBAQGBVQMBAQEBCwGBFS8kLANtViAECyqHZwOKbU2CD5AHhV+CAYEuFIEQA1QJAQEBDAEBJQgCAQGEPwKCZyM2Bw4CCgEBBAEBAQIBBgRthS0MhUoBAQEEEgsQEwEBOA8CAQgRBAEBIQcHMhQJCAEBBBMIGoMBgR1NAx0BAgygVQKBOIhhgiWCewEBBYUjGIIWAwaBNAGEeYZ1GIFAP4ERRlF9fj6CYQEBAgGBJhgBAQIeKwmDB4ImlC2JCI42CQKCHYZqhxOGYYIyhzCKTYQflVCMYINZAgQCBAUCDgEBBYFXAy6BWHAVgyeCQoNyhRSFP3IBgSiLP4JDAQE
X-IronPort-AV: E=Sophos;i="5.64,421,1559520000"; d="scan'208,217";a="313277757"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 23 Aug 2019 14:56:04 +0000
Received: from XCH-ALN-006.cisco.com (xch-aln-006.cisco.com [173.36.7.16]) by rcdn-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id x7NEu4kh013382 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for <roll@ietf.org>; Fri, 23 Aug 2019 14:56:04 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-ALN-006.cisco.com (173.36.7.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 23 Aug 2019 09:56:03 -0500
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 23 Aug 2019 10:55:55 -0400
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Fri, 23 Aug 2019 09:55:54 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NcWfQGhlWFG1IG1nBifzr/7hVLA3ydNvoUNWfc/720tfkzyUYWs+lDJK5GytpWu15HTtaGcNfstE/fyhUHJUdGQdl5QUZt3CEXhjAZsk6+pccjS6XHNOVhucueXI3maUsr8kH61RFVKGq4tUCeqq8QHnVgi+8OzkVQ4ckvZxQnWddvlnOie1lnIwof+CuSsafy+iY22MortN/1QFQ/HIcwU1rfnJjZHZlE/VB8BenwJ+99llVFafruomxcH+CRqF2iTCGqc0VegpIk6+CYHQqcLzdl5e2A1UN0j67doVq/iASWxzKieNkx8jyiooz+X7XB/DjR5Ci4xJp+QLQXk6rg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p5l/E9rc4+A7CKPXNopKx7hMTBOVtdu6CT+Z15jwukE=; b=FLVHMdjr+6e1C0CHdKd7v5OEwOm+znvGN7Jo6NqUUStRoWv++m+XPYNhuGt0FeQEW5SunOgr1yTeF5Or9qKSmOhVBxCrlUjMbcoXqq5XD24C3iUQjgZjBVdIj9Z066hkYPOijhZ6THJk9Jxnq1+NzXC0bjq8XqX8gAzlwA56bBnc02zfyC21GyVXhysRTGRcm/qia9ukJbgc2+W1BiwMi3/AZEqnQ2Uojh4WNuiWP8GZA+lYTxRh1Z2kemjIk0mYPjB2xYHoI+JM1VQTMU2Q1VUBq23loHLCGtQ9OELyj4BAYaRzfzVZ3k0l+AfCcfZlDv+86U9vgaIlqQmDaerHhw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p5l/E9rc4+A7CKPXNopKx7hMTBOVtdu6CT+Z15jwukE=; b=HuEIT3HDwX0iCdozLOj/NC8p3XZOfmzC7tSbS8JqYLuP9a2p73dBkmBXzztO29/MjhWduDZ9ACB6HhhSprjXZmm7UYrN1IqaCBkpvHu+f0X9TRg1dXiJnsDf70INNYhpWBoi3WanPKE1LrhBYF2wN730XEzewfB8Jk96El13qEY=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB4095.namprd11.prod.outlook.com (20.179.150.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.16; Fri, 23 Aug 2019 14:55:53 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::89cf:9d:8a75:266e]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::89cf:9d:8a75:266e%3]) with mapi id 15.20.2178.020; Fri, 23 Aug 2019 14:55:53 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Routing Over Low power and Lossy networks <roll@ietf.org>
Thread-Topic: Add ROVR in DAO?
Thread-Index: AdVCahRZPRQ6beNIQb+VlVo9l/YWKAXLCFRQAAlc/SAAAVIeIA==
Date: Fri, 23 Aug 2019 14:55:42 +0000
Deferred-Delivery: Fri, 23 Aug 2019 14:55:28 +0000
Message-ID: <MN2PR11MB3565FCB9B09EACB427368E96D8A40@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <MN2PR11MB35652CCE7A961CD581EDE47DD8C60@MN2PR11MB3565.namprd11.prod.outlook.com> <MN2PR11MB35653048AE54B21CCF055031D8A40@MN2PR11MB3565.namprd11.prod.outlook.com> <982B626E107E334DBE601D979F31785C5DFB6CBE@BLREML503-MBX.china.huawei.com>
In-Reply-To: <982B626E107E334DBE601D979F31785C5DFB6CBE@BLREML503-MBX.china.huawei.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2001:420:c0c0:1007::143]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d33bba29-eb79-44cc-a468-08d727d9ff26
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600166)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:MN2PR11MB4095;
x-ms-traffictypediagnostic: MN2PR11MB4095:
x-ms-exchange-purlcount: 4
x-microsoft-antispam-prvs: <MN2PR11MB40951C48922F13FF1D218A1DD8A40@MN2PR11MB4095.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0138CD935C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(376002)(346002)(39860400002)(366004)(396003)(189003)(199004)(966005)(66946007)(7736002)(81156014)(8936002)(8676002)(81166006)(6246003)(486006)(54896002)(561944003)(25786009)(6306002)(7696005)(53936002)(6916009)(52536014)(3480700005)(229853002)(14444005)(14454004)(5660300002)(76176011)(2906002)(6506007)(55016002)(790700001)(6436002)(476003)(53546011)(66446008)(64756008)(66556008)(74316002)(102836004)(9686003)(66476007)(71190400001)(256004)(478600001)(71200400001)(6666004)(33656002)(186003)(236005)(446003)(99286004)(316002)(46003)(76116006)(11346002)(86362001)(6116002)(606006); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4095; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: QOt0ZOH32UqhnrIiJjbjzri4MNdRY/4Teb/m9BEjWvSLV2qDeSjcarFVMTGTgSeEv1iFo1xBmeUaNgN78tEntnSTcQjSDdCA8SE2CqMJrNgc0K6hm1pf99bLK0EpZMYbLDRteb7GbMzpb9ENttLIgGcsyGeWe5V10iTvd4+QSj2pObBSiqmDfgBYa9XfF4dv5et5QaGyBtlIg6EvuWu028YNwOQccoWsVHGugR3zvVNoHcRZivYIGwn4nlmrP4aCsCd+yB3KslWije5WdsF4UTYEj2Vi9NkuXOOj554IbE8MdeWKkPhrnJbq1DJ7H5W14o8TX5JvRi8AG5q0kJqbdGEoeIOQjl2LzTgFyt/QSxKLLNUbErpDolgslgVvIXV6EivaL4BRiTpoqR/PJgJ5PGqqgadsCE0ceDTVtd9Q9rQ=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB3565FCB9B09EACB427368E96D8A40MN2PR11MB3565namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: d33bba29-eb79-44cc-a468-08d727d9ff26
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Aug 2019 14:55:53.7274 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Jso07cckYCWAqodU/jwDw323g44RE+bR9CGhCeE9ye1LuXum0O9pIWVraXYwsTw26WWNm+k3H5k4Nhof/WDUNQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4095
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.16, xch-aln-006.cisco.com
X-Outbound-Node: rcdn-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/roll/GZPOzxeeDZK5DMxQK42B7FtPGks>
Subject: Re: [Roll] Add ROVR in DAO?
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Aug 2019 14:56:09 -0000

Hello Rahul and all

Please see below

As I understand the proposal is to:

  1.  Remove the ROVR generation on the 6LBR on behalf of the 6LN.


?    Not that. The ROVR is never generated by the 6LBR


  1.  Use the ROVR from NS(EARO) directly in the DAO.
  2.  This would eliminate Keep-Alive EDAR/EDAC during initial/first registration.


?    Actually we keep it in the first because it happens before RPL and provides DAD. But yes for all the subsequent.



  1.  This would eliminate the need for root node to set all ones in the ROVR field of keep-alive EDAR.


?    Exactly

This seems optimal.


?    So far

But there is one downside if the DAO is used for such purpose; Adding a 64-bit ROVR field in DAO would mean that in storing MOP all the parents maintain the ROVR field in their routing table. This is an immense overhead, since it impacts the routing entry size even if the RPL network needs to support just a single RUL.


?    Yes. It is an additional 64 to 512 bits which limits the size of the routing table. Immense is a use case dependent thing. The value will increase if we use it to secure the DAO state.

?    In a network with legacy devices, the flows in draft-ietf-roll-unaware-leaves-02 will have to be supported. I take your mail as a hint that they are here to stay in case we cannot afford to store the ROVR.


Another question I have is,... In the Figure 2, EDAR is sent to 6LBR and DAO is sent to the Root. As I understand the DODAGID in the DIO will be the global IPv6 address of the Root (and not 6LBR) and thus DAO can be addressed to the Root. But how does 6LR get the address of the 6LBR to send the EDAR? (assuming in this case the Root and 6LBR are different network entities). Also it would be better to differentiate Root and 6LBR in the terminology section.


?    That's 6LoWPAN ND. It happens before RPL, and even if there is no ROLL. See https://tools.ietf.org/html/rfc6775#section-4.3

All the best;

Pascal


From: Roll [mailto:roll-bounces@ietf.org] On Behalf Of Pascal Thubert (pthubert)
Sent: 23 August 2019 17:43
To: Routing Over Low power and Lossy networks <roll@ietf.org<mailto:roll@ietf.org>>
Subject: Re: [Roll] Add ROVR in DAO?

Dear all

As noted below, and discussed at the WG meeting at IETF 105, it would be good to convey the ROVR field in the DAO, so if the Root and the 6LBR are different entities then the root can build a full EDAR as opposed to the dummy one.
It will also help make RPL more secure in the future... So I'm calling to confirm the discussion in Montreal and if there is no opposition I'll go ahead and propose a new option that can be placed with the DAO to transport a ROVR.
We'll also need something in the configuration option to trigger its use.

Comments and any hint on how to do that right are welcome.

All the best;

Pascal

From: Roll <roll-bounces@ietf.org<mailto:roll-bounces@ietf.org>> On Behalf Of Pascal Thubert (pthubert)
Sent: mercredi 24 juillet 2019 23:54
To: Routing Over Low power and Lossy networks <roll@ietf.org<mailto:roll@ietf.org>>
Subject: [Roll] Add ROVR in DAO?

Dear all

The only change I foresee in the unaware leaves draft is the addition of the RFC 8505 ROVR from the ND EARO into the DAO. After that I'd feel ready to call for WGLC.

The proposed change enables to build a full EDAR message at the root, and avoids the weird processing of the keep-alive EDAR (see https://tools.ietf.org/html/draft-ietf-roll-unaware-leaves-02#section-7.4)
If we do it now we can forget that weird format (all ones ROVR) and never code for it. This may also be useful when we work on securing the DAO using the AP ND proof of ownership all the way to the root....

Please let me know if there's disagreement to make that change

All the best

Pascal