IETF Logo Mail Archive

Re: [Roll] on the use of RPL without RPI (was Re: [6lo] Adaption of ROLL for mesh-under)

Michael Richardson <mcr+ietf@sandelman.ca> Thu, 13 April 2017 16:36 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68ED912951D; Thu, 13 Apr 2017 09:36:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EWDgMkQrd8zx; Thu, 13 Apr 2017 09:36:37 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 504761294C8; Thu, 13 Apr 2017 09:36:36 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 683EB2055F; Thu, 13 Apr 2017 13:01:22 -0400 (EDT)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 823FD636BB; Thu, 13 Apr 2017 12:36:35 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
cc: "anima@ietf.org" <anima@ietf.org>, "roll@ietf.org" <roll@ietf.org>
In-Reply-To: <6ce1718ab83342bcad9c19d6d9e96935@XCH-RCD-001.cisco.com>
References: <1491971619970.42705@ssni.com>, <CD3480AD-3934-4C9E-B6F3-E399A32BACC8@tzi.org> <1491974218584.69073@ssni.com> <ae35261f3dac4a9fa123f33610bb9805@XCH-RCD-001.cisco.com> <15236.1492095258@obiwan.sandelman.ca> <6ce1718ab83342bcad9c19d6d9e96935@XCH-RCD-001.cisco.com>
X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Thu, 13 Apr 2017 12:36:35 -0400
Message-ID: <6577.1492101395@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/roll/h1pe1gqEspfuPxfzFxCObOMNRZk>
Subject: Re: [Roll] on the use of RPL without RPI (was Re: [6lo] Adaption of ROLL for mesh-under)
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Apr 2017 16:36:39 -0000

Pascal Thubert (pthubert) <pthubert@cisco.com> wrote:
    > The RPI is mostly aimed at IOT links (LLNs), where the control overhead
    > must be kept below that of actual traffic in all cases. So we fix
    > routes reactively to traffic. For use on wires such as Ethernet, it is
    > acceptable to react proactively to a breakage and fix the routes before
    > they are used.

yes, I agree that this is doable.

I will note two other things about the ACP that matter:
  1) it runs over IPsec, which includes IKEv2, which has a Dead Peer
     Detection.  As such, we can get good ETX values out of the IKE
     daemon.

  2) we can also detect when links go bad pretty quickly, and can feed
     updated (0) ETX values into RPL quickly.

I'm still concerned that we might want the RPI rank value to do loop
detection.  It seems that the ACP should be extra reliable, and that
repairing loops needs to be done very reliably.
Yeah, we could just let TTL kill the packet, but I feel that

    > In that sense, and as long as we can live with a single topology, we
    > can afford to be pure control plane, leaving the RPI and the data plane
    > out of the story, which is good for the separations of planes, and high
    > speed hardware forwarding / software fast path.

There are perhaps some confusing words here.

I think that you mean, the ACP data plane, vs the production data plane.

I think that the high speed hardware will mostly deal with production data
plane forwarding only, and that ACP data plane forwarding will occur in the
"production" control plane: i.e. in software.  This is why I don't think that
having RPI is a problem.

While there are likely platforms that could do IPsec decapsulation, VRF
forwarding, and IPsec encapsulation inside the fast path,  I think that the
amount of state required to do so is just enough that some SDN or other
offloaded control plane, will screw that state up.  The ACP exists exactly to
work around that kind of shooting oneself in the food.  I think that the
much simpler L2-macvlan mechanism on each port (which is entirely stateless)
will be easier to guarantee.

I also think we could in light of rfc2460bis renegotiation, argue for
insertion of RPI header by the ACP without IPIP encapsulation :-)

    > So all in all, considering the hassle of updating silicon along the
    > forwarding plane, I'd think that living without RPI is fine. Now if you
    > tell me that it is always going through software that is easy to
    > update, then why not?

I think that this is the case.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email