IETF Logo Mail Archive

Re: [Roll] draft-ietf-6man-rpl-routing-header-07

Jonathan Hui <jonhui@cisco.com> Wed, 21 December 2011 18:07 UTC

Return-Path: <jonhui@cisco.com>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5F6121F8491; Wed, 21 Dec 2011 10:07:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nzhRcYRawQ7d; Wed, 21 Dec 2011 10:07:11 -0800 (PST)
Received: from mtv-iport-4.cisco.com (mtv-iport-4.cisco.com [173.36.130.15]) by ietfa.amsl.com (Postfix) with ESMTP id 505C121F841B; Wed, 21 Dec 2011 10:07:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=jonhui@cisco.com; l=3021; q=dns/txt; s=iport; t=1324490831; x=1325700431; h=subject:mime-version:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=BFwNogzvgSia6ijRzKNdlZ4L861D9pBqfbOgkGOCahA=; b=KgFNH7BYtMKmJQPpwqxB2rbk/1MBwx+wNdZUgX4J3OY7GSegSF1cyT3k CM0EYhqg5eTtbAYr51Il3DTEnqzXUmr9VzZBT37C0MMzCnCuxJDXJSbrj K3mUeojyNUGmj4m8OUPRUjyGvCFtj0nNOCywJLH+HanT0nuzM9BQxPFoS E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av0EALof8k6rRDoI/2dsb2JhbABDDqwPgQWBcgEBAQMBEgEnPwULC0ZXBjWHWJkzAZ5MiyxjBIg3jEiRe1g
X-IronPort-AV: E=Sophos;i="4.71,389,1320624000"; d="scan'208";a="21936825"
Received: from mtv-core-3.cisco.com ([171.68.58.8]) by mtv-iport-4.cisco.com with ESMTP; 21 Dec 2011 18:07:09 +0000
Received: from dhcp-128-107-155-213.cisco.com (dhcp-128-107-155-213.cisco.com [128.107.155.213]) by mtv-core-3.cisco.com (8.14.3/8.14.3) with ESMTP id pBLI79gQ021997; Wed, 21 Dec 2011 18:07:09 GMT
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Jonathan Hui <jonhui@cisco.com>
In-Reply-To: <2121048960.723525.1324488267237.JavaMail.root@mail17.pantherlink.uwm.edu>
Date: Wed, 21 Dec 2011 10:07:09 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <55AAC580-DC07-4DAC-BAB0-A3DF27A11565@cisco.com>
References: <2121048960.723525.1324488267237.JavaMail.root@mail17.pantherlink.uwm.edu>
To: Mukul Goyal <mukul@uwm.edu>
X-Mailer: Apple Mail (2.1084)
Cc: roll <roll@ietf.org>, ipv6@ietf.org
Subject: Re: [Roll] draft-ietf-6man-rpl-routing-header-07
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/roll>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Dec 2011 18:07:12 -0000

On Dec 21, 2011, at 9:24 AM, Mukul Goyal wrote:

>>> [R Cragie]
>>> p7: RPL Instance ID - why is this needed for source routing? RPL is not even used for source routing. This flavors the SRH unnecessarily and the processing does not use it. If the reason is for checking entering and exiting a RPL domain, this processing needs to be stated.
> 
>> [J Hui]
>> Page 12 describes processing rules intended to keep the SRH within a RPL Instance.

Oops, typo.  s/12/13/

> Page 12 has no mention of RPL Instance. Page 13 does mention RPL Instance in the following rules:
> 
>   2.  Datagrams destined elsewhere within the same RPL Instance are
>       forwarded to the correct interface.
> 
>   3.  Datagrams destined to nodes outside the RPL Instance are dropped
>       if the outer-most IPv6 header contains a SRH not generated by the
>       RPL router forwarding the datagram.
> 
> My question is how does a router know whether the next hop is within the same RPL Instance or not? A router has no idea what RPL Instances its neighbors belong to. 
> 
> It seems that a router, that receives a packet with a SRH, does not need to check if it belongs to the RPL Instance mentioned in the SRH. It just needs to check if the next hop belongs to that RPL Instance or not. And as I said in the prev para, I am not sure how would the router make that check.

It knows whether or not RPL is running on an interface.  It could at least check that.  By the same argument, how do you propose we limit packets to a RPL routing domain?  If we have no good way of limiting packets, then the stated security considerations do not apply.

> It would be a problem if the router were required to check its own membership in the RPL Instance in order to accept a packet with SRH. Routers part of a source route should not need to maintain any state about it. 

Note that in draft-ietf-roll-rpl, RPL routers do maintain such state already.  I agree the issue comes up with P2P.

Remember that the original purpose of the RPL Instance is to support MTR.  The RPL Instance identifies what routing topology to use.  This is important especially if the SRH does not specify the entire path to the destination.  How does the tunnel exit-point know what routing topology to use to reach the destination?

The lack of and need for the RPL Instance identifier was raised during IESG review.  The options are (1) to require inclusion a RPL Option in addition to the RPL routing header or (2) add a RPL Instance field in the RPL routing header itself.  I doubt that you would prefer option 1.

If the RPL router has no idea of the RPL Instance when forwarding, it can choose to forward the packet along anyway.  At the very least, the tunnel exit-point should enforce the use of the RPL Instance.  Surely the end-points of a source route should at least know what RPL Instance they are in...

--
Jonathan Hui

v2.23.0 | Report a Bug | By Email