Re: [Roll] AD Review of draft-ietf-roll-turnon-rfc8138-07
"Pascal Thubert (pthubert)" <pthubert@cisco.com> Fri, 03 July 2020 13:17 UTC
Return-Path: <pthubert@cisco.com>
X-Original-To: roll@ietfa.amsl.com
Delivered-To: roll@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BCCC3A0AFD; Fri, 3 Jul 2020 06:17:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=jY7OWX9W; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Tf6ZITP2
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JQqHreRv90OQ; Fri, 3 Jul 2020 06:17:04 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C13F3A0B02; Fri, 3 Jul 2020 06:17:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=44190; q=dns/txt; s=iport; t=1593782224; x=1594991824; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=SytHDu8nRwd8t7LoC4o7m5LnK6ZxoOPhARtL4Q1JyoA=; b=jY7OWX9WIoSijhB4Xq3gEMlqLglJINvxaGIrNbYXXoGDAA/b2WV1ndEL PXq256moIdiE/TQPVnbK9A/GXyPRzdGi1KT6smDqHjhtfDLKGEXDn/TkO xOzeRZZsl0Mm2Y5+0YglOYaAUp+2EMkDT3Y7kH9aRmhf11XiPSQG1Mv/8 w=;
IronPort-PHdr: 9a23:RCnFwBYUK65P/xc0B6GOW+D/LSx94ef9IxIV55w7irlHbqWk+dH4MVfC4el21QaVD4re4vNAzeHRtvOoVW8B5MOHt3YPONxJWgQegMob1wonHIaeCEL9IfKrCk5yHMlLWFJ/uX3uN09TFZXxYlTTpju56jtBUhn6PBB+c+LyHIOahs+r1ue0rpvUZQgAhDe0bb5oahusqgCEvcgNiowkIaE0mRY=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CvCABML/9e/4YNJK1gHAEBAQEBAQcBARIBAQQEAQFAgUqBUlEHb1gvLIQxg0YDjUqBAZdZgUKBEANVCwEBAQwBASUIAgQBAYFTgnQCF4IJAiQ4EwIDAQELAQEFAQEBAgEGBG2FWwyFbgEBAQECARIIAQgEDQwBASoNAQQLAgEGAg4MAiYCAgIwFRACBAENDRMHgwWCSwMOIAEOjgOQaAKBOYhhdn8zgwEBAQWBRkGDNRiCDgMGgQ4qgmmCTUZ/gXGBM4JLGoFBP4ERQ1F+STU+glwBAQIBAYEyBwEBAgUKEYMUM4ItjwQRDgEDMYJikX6PUgh8CoJciEuGLopxgnOJMI1YhSKRWYFliDeQJIQgAgQCBAUCDgEBBYFqIoFWcBWDJFAXAg2OHgcFF4NOhRSFQnQCNQIGAQcBAQMJfI0PAiaCHgEB
X-IronPort-AV: E=Sophos;i="5.75,308,1589241600"; d="scan'208";a="702856323"
Received: from alln-core-12.cisco.com ([173.36.13.134]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 03 Jul 2020 13:17:02 +0000
Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by alln-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id 063DH2Dc004867 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 3 Jul 2020 13:17:02 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 3 Jul 2020 08:17:02 -0500
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 3 Jul 2020 08:17:01 -0500
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Fri, 3 Jul 2020 09:17:01 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kvGDzHu9QPAyWpANxu3Wv6BnJmza+S6i9Le+TXAq4WTnDR1DJzINV8IRjL96xym5ycKTNvHTL8c7iJkZSFSAfaABJ+5ikdIuaPRvcbDgE3TnvSeqiwUEkag3oMw0E0Ue93MQIjlj1ZazNymcjfPhiTP8Ubu76T1OxOxoikgeeRmgv1CmpGqEa2hGk4uLzoBp6nZRjEnXVWNvHMP4iEANCfuPNU/kOAmUGMxNjYHrlWPbWnSa34Dx9Z+lUqkUbIz1Bm9L8aymn4bK/tOEBX7xdZiaubOAH1yWt/Sm+CsXlqniUZ8vnCmrMIzZgMNfeXs5wZqbrjse+L4o3WlFZAdDsg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SytHDu8nRwd8t7LoC4o7m5LnK6ZxoOPhARtL4Q1JyoA=; b=NZvxp9TUfnp0604kvw2OjRaYy/+v6UfJcQ/64A8wrbOV7i3EqLxpTmwvr7mCfEPzS6iKFg0zzA86PbhFSXfgWWkVevrvyPiHQmOMzcaVQprSHX1hThcedjKX6eqSMnT+HDhtG0yQNjhQEA3udDfBOm1HmF4vVOF9309e8FKVBw9jFzhpgalJ0Djoku1uspD6Uuwv3ZRpYeGuz6ioaVqOj96v6uGOqsT8aZW09WAs+IeA4ZSISRpjDFKVSYLiCeOQ8f8bU11J1XvGnB+ATVGWQu/thjzCYsRSzSpclssitIuBBhqpy6LpNksUN/QO4krt6hXsNzXXq2dd7PiM0ztUPQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SytHDu8nRwd8t7LoC4o7m5LnK6ZxoOPhARtL4Q1JyoA=; b=Tf6ZITP2MZhYqCc3zaBpcXiZCt1GvTKaERlH/diEmMXSNAig25Hi37ubhuEYef/STSBCSnppeMGBAD7tXMFVuQL3SL5FgQ78Ybc3GufZpZU5+XCUQ/+0QhZjoUDQMMlqjjXfexWq8IE+Q7QcWquE3RALo+uLPVwT0hjbV1P7Q1A=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (2603:10b6:208:ea::31) by MN2PR11MB3983.namprd11.prod.outlook.com (2603:10b6:208:137::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3153.28; Fri, 3 Jul 2020 13:16:59 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::55bb:b065:86c1:1108]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::55bb:b065:86c1:1108%6]) with mapi id 15.20.3153.027; Fri, 3 Jul 2020 13:16:59 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Alvaro Retana <aretana.ietf@gmail.com>, "draft-ietf-roll-turnon-rfc8138@ietf.org" <draft-ietf-roll-turnon-rfc8138@ietf.org>
CC: Ines Robles <mariainesrobles@googlemail.com>, "roll-chairs@ietf.org" <roll-chairs@ietf.org>, Routing Over Low power and Lossy networks <roll@ietf.org>
Thread-Topic: AD Review of draft-ietf-roll-turnon-rfc8138-07
Thread-Index: AQHWT8b0QxUNUEXackSCLKcR/yegy6j0BigQ
Date: Fri, 03 Jul 2020 13:16:31 +0000
Deferred-Delivery: Fri, 3 Jul 2020 13:15:26 +0000
Message-ID: <MN2PR11MB35657D6C87BDF06AC0D1B41AD86A0@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <CAMMESsxN+9G7xCR8RVeVE3krv2mRnwF9EVTTG=m=wQyY3QDZVA@mail.gmail.com>
In-Reply-To: <CAMMESsxN+9G7xCR8RVeVE3krv2mRnwF9EVTTG=m=wQyY3QDZVA@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2a01:cb1d:4ec:2200:480b:9e2a:611e:66a0]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 13cd4e62-44cb-4bff-3ce7-08d81f535e59
x-ms-traffictypediagnostic: MN2PR11MB3983:
x-microsoft-antispam-prvs: <MN2PR11MB398393563CFBC094F99E26F6D86A0@MN2PR11MB3983.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6108;
x-forefront-prvs: 045315E1EE
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: c428cC13UXgkwtROBXIBeE88Gg8G3WfCBxkoNA/PxaBYIs+Xg8XuP98z36o3essxhiVc5r6DDe5/JQ7x8HxBYWrnFjvk95u8YmOPHXaa1Bhsltp5h0axNAFFM8UHTPwh3hRqgGvm1SqfR3zhsJrgjVWpkcV8redsCiTafUOgXhIaLkpOskUGjC71dq+o0v3XLV4lFnU3ybiUE9coTY6bscrF0P8ppS2aBsRQkjqwPkRZd1xqbNpqwSeNGrbuJOqafnaVLGZms9LVrX8t9JRk8FHlIodq5yX6pvgSp70GQgOgDdIe8wXOPgelHQXg6F7Htgg3fuLYlU0GORAz7shvCHCd1n9ZClfqXpxr3OSKC7+Zv/22gM3l4egxFgjWFA96iSbZSlkI4A3QvmkpEA52vw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB3565.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(396003)(366004)(376002)(136003)(346002)(2906002)(64756008)(66556008)(7696005)(478600001)(66946007)(66476007)(186003)(110136005)(54906003)(316002)(8676002)(8936002)(66574015)(4326008)(76116006)(83380400001)(86362001)(33656002)(66446008)(6506007)(6666004)(30864003)(5660300002)(52536014)(966005)(9686003)(71200400001)(55016002)(579004)(559001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: WfEsYZnTSift3Yb1RffF3I5NIwnOE9ICS6K2OsdyaA1UPOJvBrBOHMYboqQ7N1ZSLUlotcCMCBoR3c8GFsJ6IMjh92mgweFSZ/ueOqt8lK4mqQkCPOoQ47u55ghA7nwgS0xfuv0lDdwaLVTFFJmMNRtKj7l09TI8kjtwUsn2q0D5j2LgS5cun1hJMD9mOKa7WYln40iYjyxhCQT/KIP1HPTCDbhtv/wvLMTH7qASwOIcPOCIxHtuWFM6xsmsqvu1TQz6LVytabDWyL4bvn26p8f3GljZ5ctCKIo91eYkima2ARGVivpb219UXRybhpS2rF+Cw6aW1YPxZs2JhJH+f3dAQP1Q2GHp4DaGx6sb8jiDU15fk6SmUlHA4BeyjcV01rDfIFlHwUBb0iMhHMv1sbI/WLDyN/Gv5HnpwozkQH0NkCmYtOK4hIsylPeeUUGMYXFUiwXeN9TX9cPJqrjh8t3mLvimWDlFRNrWU7xLArT79twM03Iu/h/Ye0rDm+oMx/2mDVoi6CcneyOlU1Lt3j/aEMx+7udtyA9sZsrHd2RHS7wGJxi3zvfUTasuotGh
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR11MB3565.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 13cd4e62-44cb-4bff-3ce7-08d81f535e59
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jul 2020 13:16:59.6749 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ldEV20sK2N3QMdltsdEW4WsM1qz5BQkwjS58BGDFBw7YGbw6lFDOIRTI8qkljdSauc9Ze5+/9Pjf4ki1/jBWaQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3983
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.15, xch-rcd-005.cisco.com
X-Outbound-Node: alln-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/roll/ryIfn6Ccx8VjUs-2y0E8wVbEZ7s>
Subject: Re: [Roll] AD Review of draft-ietf-roll-turnon-rfc8138-07
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/roll/>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jul 2020 13:17:09 -0000
Hello Alvaro Many thanks for your review! Indeed we have this problem with the capabilities draft. On the one hand, the missing flag blocks the use of RFC 8138 in brown field networks and 3rd party standards that would build on RPL, so we want turnon, like yesterday. Note that those are RPLv1. OTOH, the complete scenario would be with the capabilities, but then the capabilities draft is not stable, so it would push the feature to an undefined future (till RPLv2 in fact). Existing RPLv1 networks will never benefit from the capability draft, you'll need a flag day to make them RPLv2. So we went for the unpleasant (b) which means that for now we live without the capability and it takes an external management system to know if all nodes are ready; in the future the capability draft will improve the game as a second step for RPLv2 networks. Now this is in the open for the group to reconsider; I still stand for (b) though you're completely right that a piece is missing. Also, I'd like to have a round of Q/A with you before I propose text, so make sure we agree on the direction, if that's OK? Please see below: > In short, I believe that the specification in this draft is incomplete. Specifically: > > (1) §5.2 talks about the use of a single RPL instance, where an extra OCP is > needed. However, that OCP is not defined/assigned anywhere. It then > seems to me that this scenario cannot be implemented. Am I missing > something? Is the intent of this section to specify the scenario, or > simply as an example of something that was considered but not > recommended > (in favor of §5,3)? Both, actually. A deployment is free to use its own OCPs with its own OFs, the whole game being to allow new environments (metrics and logic) that the IETF could not predict. I did not expect OF0 to be generally used, all the contrary I just wanted to provide a strawman on how to specify an OF in another std body; it is very possible for the upgraded node to be configured with OCP =5 with the meaning that it is the same as OCP=4, or a smallish variation of it that favors parents that expose the DODAG that has the new flag set. Now, this is a bit scary and weird, and as you point out, not favored. Is it enough to indicate the latter (not recommended) or should I also indicate how that's possible with the explanation above? > (2) The text talks in several places about how a "parent router must > know...when a leaf does not support the compression defined in > [RFC8138]." There is no specification related to *how* the parent would > know. The only hint is in the Introduction: "by configuration, or > leveraging "RPL Capabilities" [CAPABILITIES]". Note that the rest of the > text doesn't even mention configuration as an option. Maybe we should stick to network management / configuration for this draft? Note that when the parent does not know, it decompresses, so the text should probably say that if the parent knows for sure that the leaf supports the compression then it can leave the packet compressed, else it MUST uncompress. Will that be better > I know that there's some resistance to normatively depend on > draft-ietf-roll-capabilities. However, the specification does use > Normative language when describing the expected action based on the > knowledge of support (or not); for example "delivering to a leaf that is > not known to support [RFC8138], in which cases it MUST uncompress the > packet." (§4) Knowing that a capability is not yet explicitly defined > for this use, I think there are a couple of ways forward: > > (a) Define, in this document or draft-ietf-roll-capabilities, the > capability to indicate support for rfc8138. Make > draft-ietf-roll-capabilities a Normative reference. > > (b) Specify that the current method to know if the leaf supports rfc8138 > is (only) configuration. Take all references to > draft-ietf-roll-capabilities out. > > > [Personal opinion: (a) is the complete solution.] I placed the discussion at the top of the mail because it is core. I believe we need to support the RPLv1 brown field and that RPL v2 will come with this and other capabilities, later. > (3) §3 says that ""T" flag is defined only for MOP value between 0 to 6". > The current registry is not set up for this type of assignment, so it > needs to be updated (see more specifics below). Yes there is something there. One thing is that MOP value between 0 to 6 designate RPLv1. https://tools.ietf.org/html/draft-ietf-roll-useofrplinfo-40#section-4.3 has similar language and the same concern. A proposal would be for now to rename the registry to indicate MOP values 0..1 and the specs of RPL v2 will have to create another registry per MOP. An alternate is a new column and we tried that with RFC 8025 https://www.iana.org/assignments/_6lowpan-parameters/_6lowpan-parameters.xhtml#_6lowpan-parameters-1 . But that has become a nightmare to manage for IANA and now we are talking about splitting. What's you inclination? Which draft should resquest it? > > I will wait for these points to be addressed before moving the document > forward. I also have more comments inline below. > > > Thanks!! > > Alvaro. > > > [Line numbers from idnits.] > > ... > 11 Abstract > > 13 This document updates RFC 8138 and RFC 6550 by defining a bit in > the > 14 RPL configuration option to indicate whether RFC 8138 compression > is > 15 used within the RPL Instance, and specify the behavior of RFC > 16 8138-capable nodes when the bit is set and reset. > > [major] rfc6550 talks about the "DODAG Configuration option", and not about > a "RPL configuration option". Please be consistent! Will do > > ... > 70 1. Introduction > > 72 The transition of a RPL [RFC6550] network to activate the > compression > 73 defined in [RFC8138] can only be done when all routers in the > network > 74 support it. Otherwise, a non-capable node acting as a router would > 75 drop the compressed packets and black-hole its subDAG. In a mixed > 76 case with both RFC8138-capable and non-capable nodes, the > compression > 77 may be turned on only if all the non-capable nodes act as Hosts and > 78 their RPL parents handle the compression/decompression for them. > > [nit] Expand/explain subDAG. Will do > > > ... > 128 2.2. Glossary > > 130 This document often uses the following acronyms: > > [nit] Some of the acronyms were already defined in the previous section. > Will do > ... > 147 2.3. BCP 14 > > [minor] s/BCP 14/Requirements Language > > Will do > ... > 155 3. Updating RFC 6550 > > [major] I don't think that a formal Update to rfc6550 is necessary. > In general, a formal Update indicates (at least to me) that an rfc6550 > implementation has to also support this specification. IOW, all RPL routers will > have to support the new flag to be compliant with rfc6550. Also, rfc8138 did > not formally Update rfc6550. > > [minor] I think that this section could be reorganized a little: start by telling the > reader what the Configuration Option is and that it is distributed > everywhere...this should provide background to understand the availability of > the T bit in the network. > Will do > > 157 This specification defines a new flag "Enable RFC8138 Compression" > 158 (T). The "T" flag is set to turn on the use of the compression of > 159 RPL artifacts with [RFC8138] within a RPL Instance. If a RPL > 160 Instance has multiple Roots then they must be coordinated to use the > 161 same setting. > > [major] Do we need a Normative MUST in the last sentence? What is the > effect of the roots not coordinating? There are possible side effects like a node that is a router in a "T" off dodag would become a leaf as it jumps to the "T" on, leaving its children potentially orphan. Also trouble if using projected routes that traverse DODAGs. So it seemed simpler to request a coordinated setting in the RPL domain than to go through those cases. I do not see things that we could not address with enough effort but this "must" is a way to keep things simple. Happy to make it a MUST. Note that this is also a problem to be handled for any configuration item. All the DODAGs must have the same configuration else roaming becomes complex with a situation that depends on the configuration item. Now you make me wonder what we can really do with the capabilities in the case of multiple roots. Each can only learn the capabilities within its own DODAG. Like I said the capabilities work is not complete. > > > 163 RPL defines a Configuration Option that is registered to IANA in > 164 section 20.14. of [RFC6550]. The "T" flag is encoded in one of the > 165 reserved control bits in the RPL Configuration Option. The bit > 166 position of the "T" flag is indicated in Section 6. > > [minor] "RPL defines a Configuration Option that is registered to IANA in > section 20.14. of [RFC6550]." The Configuration Option (the whole > thing) is not registered to IANA, the Flags have a registry managed by IANA. True, will correct that > > [minor] It would be very nice if the packet format was shown here with the > new flag. Yes, I thought of doing that but it is in flux with other drafts also setting bits. A lot easier not to do it but if you insist... > > > 168 Section 6.3.1. of [RFC6550] defines a 3-bit Mode of Operation (MOP) > 169 in the DIO Base Object. The new "T" flag is defined only for MOP > 170 value between 0 to 6. For a MOP value of 7 or above, the flag MAY > 171 indicate something different and MUST NOT be interpreted as > "Enable > 172 RFC8138 Compression" unless the specification of the MOP indicates > to > 173 do so. > > [major] The last sentence is not needed: the second one already says that the > flag is only valid for 0-6. > > Also, I think there's a Normative conflict with "MAY indicate something > different and MUST NOT be interpreted as...unless the specification of the > MOP indicates to do so." Perhaps, if you really want to keep some text, you > can include something like this: > > A document defining a MOP with value 7 or above MUST specify the behavior > of the T flag. > It may also not use it at all : ) what about A document defining a MOP with value 7 or above MUST specify the behavior of the T flag or keep it reserved > > [major] Regardless of the text, this document is specifying a split in the registry > (at last for this flag): it applies to some MOPs, but not all. The registry needs to > be updated in the IANA Considerations section to show that difference. Is this > update being done somewhere else? We can do it here; useofrplinfo is shipping earlier and has the same concern. > > I thought that draft-ietf-roll-mopex would be a good place, but the update > doesn't seem to be there. The intent of not applying to all the MOPs can't be > finalized until the registry can reflect it. Happy to indicate in MOPex that the MOPs over 7 create the new IANA registries. Since the MOPs above 7 do not exist at this time, there does not seem to be a consequence in delaying the IANA update. > > > 175 4. Updating RFC 8138 > > 177 A node that supports this specification MUST source packets in the > 178 compressed form using [RFC8138] if and only if the "T" flag is set. > 179 This behaviour can be overridden by the configuration of the node in > 180 order to cope with intermediate implementations of the Root that > 181 support [RFC8138] but not this specification and cannot set the "T" > 182 flag. > > [nit] s/A node that supports this specification/A node > > [major] "MUST...if and only if...behaviour can be > overridden" s/MUST/SHOULD Will do both > > 184 The decision of using [RFC8138] is made by the originator of the > 185 packet depending on its capabilities and its knowledge of the state > 186 of the "T" flag. A router that encapsulates a packet is the > 187 originator of the resulting packet and decides whether to compress > 188 the outer headers as indicated above. An external target > 189 [USEofRPLinfo] is not expected to support [RFC8138]. An intermediate > 190 router MUST forward the packet in the form that the source used, > 191 either compressed or uncompressed, unless it is forwarding to an > 192 external target or delivering to a leaf that is not known to support > 193 [RFC8138], in which cases it MUST uncompress the packet. > > [minor] "as indicated above" Where? > > [major] "MUST forward...unless...MUST" That's a strange construct with the > exception in the middle. > > NEW> > An intermediate router MUST uncompress a packet that is to be forwarded > to an external target or delivered to a leaf that is not known to support > [RFC8138]. Otherwise, the router MUST forward the packet in the form that > the source used, either compressed or uncompressed. Great! > [major] "not known" How would the router know? §1 mentions capabilities as > an example), but that is not part of the specification...the MUSTs above make > it so. > Will add that this is the config / management information as discusses at the beginning of this mail > > 195 5. Transition Scenarios > ... > 207 A node that does not support [RFC8138] can interoperate with nodes > 208 that do in a network with [RFC8138] compression turned off. If the > 209 compression is turned on, the node cannot forward compressed > packets > 210 and therefore it cannot act as a router. It may remain connected to > 211 that network as a leaf, generates uncompressed packets, and can > 212 receive packets if they are delivered by the parent router in the > 213 uncompressed form. Unless this is known by other means, the node > 214 SHOULD join as a RUL as an indication that its parent router needs to > 215 uncompress the packets before delivering. > > [nit] s/generates/generate Will do > > [minor] "this is known" This, what? Assuming that "this" refers to the lack of > support for rfc8138, we're then to the question of *how* would it be known. > Maybe we can have a small section on that, and refer to it in the few places where the knowledge is useful? > [major] "the node SHOULD join as a RUL" To be clear, we're talking about a > node that doesn't support rfc8138, right? I'm assuming that if it doesn't > support rfc8138 then it won't support this specification either -- then we can't > normatively define anything that this type of node would do! The RUL draft https://datatracker.ietf.org/doc/draft-ietf-roll-unaware-leaves/ is independent of this and if RFC 8138. The RUL operation is arch minimal vs. RPL support. It creates the default assumption of no support for RFC 8138 and provides RPL routing with less hassle. If the node cannot do RUL then it should not attempt to join. Suggestion is to add a reference to remind what the RUL operation i. > > > 217 [RFC6550] states that "Nodes other than the DODAG Root MUST > NOT > 218 modify this information when propagating the DODAG Configuration > 219 option". Therefore, even a legacy parent propagates the "T" flag as > 220 set by the Root whether it supports this specification or not. So > 221 when the "T" flag is set, it is transparently flooded to all the > 222 nodes in the RPL Instance. > > [major] s/[RFC6550] states/[RFC6550] states, when referring to the DODAG > Configuration option, Will do > > > 224 Sections 8.5 and 9.2 of [RFC6550] also suggests that a RAN may only > 225 attach to a DODAG as a leaf when it does not support the Mode of > 226 Operation of a RPL Instance, the Objective Function (OF) as indicated > 227 by the Objective Code Point (OCP) or some other parameters in the > 228 configuration option. > > [minor] s/also suggests that a RAN may only attach/specify that a RAN may > attach > Will do > > 230 This specification reiterates that a RAN that is configured to > 231 operate in a RPL Instance but does not support a value for a known > 232 parameter that is mandatory for routing, such as the OCP, MUST > NOT > 233 operate as a router but MAY still join as a leaf. Note that a legacy > 234 RAN will not recognize when a reserved field is used and will not > 235 turn to a leaf when the "T" flag is set. > > [major] "This specification reiterates..." Saying things again is not a big deal; > but normatively specifying them is. In this case it is not only not necessary, but > also has no effect over nodes that don't support this document...so it is not > needed. > Ack, will remove > > ... > 244 5.1. Inconsistent State While Migrating > > 246 When the "T" flag is turned on in the configuration option by the > 247 Root, the information slowly percolates through the DODAG as the > DIO > 248 gets propagated. > > [?] How slow? Seconds, minutes? Depends in the Trickle settings, could be second to days. I can remind that in this text. > > > 250 Some nodes will see the flag and start sourcing packets in the > 251 compressed form while other nodes in the same RPL Instance are still > 252 not aware of it. Conversely, in non-storing mode, the Root will > 253 start using [RFC8138] with a Source Routing Header 6LoRH (SRH- > 6LoRH) > 254 that routes all the way to the parent router or to the leaf. > > [minor] I don't understand how the second sentence reverses > ("Conversely") the statement in the first sentence...or how the mode affects > the outcome of nodes (including the Root) sending compressed packets when > others may not still be aware of the flag or able to support receiving the > packets... Wrong term, sorry. I guess we can just remove that word? I cannot find the term that would say "the related thing in the opposite situation" > > [minor] "[RFC8138] with a Source Routing Header 6LoRH (SRH-6LoRH)" > sounds redundant. Also, this is the only place in the document where the use > of rfc8138 is coupled with the SRH-6LoRH. Not wrong, just redundant and > inconsistent. If needed, the sentence can be restructured. RFC 8138 defines the 6LoRH. The SRH-6LoRH is one of the possible 6LoRH. It is used to transport a source routing header. This happens only in non-storing mode. In general the text talks about any and all 6LoRH. This sentence is the place where we talk about the specific case when one of the 6LoRH added to the frame is an SRH. It probably looks redundant but actually the wording was intended. Should I change since it creates confusion? Suggestion? > > 256 To ensure that a packet is forwarded across the RPL Instance in the > 257 form in which it was generated, it is required that all the routers > 258 support [RFC8138] at the time of the switch, and that all nodes that > 259 do not support [RFC8138] only operate as leaves. > > 261 Setting the "T" flag is ultimately the responsibility of the network > 262 administrator. In a case of upgrading a network to turn the > 263 compression on, the network SHOULD be operated with the "T" flag > 264 reset until all targeted nodes are upgraded to support this > 265 specification. Section 5.2 and Section 5.3 provide possible > 266 transition scenarios where this can be enforced. > > [major] This section talks about inconsistencies, and it is "required that all the > routers support [RFC8138]", but then not setting the T flag is only > recommended. Why/when is it ok to set the flag if it is known that not all > nodes support rfc8138? IOW, why not use MUST? Yes, MUST it must be. > > > 268 5.2. Single RPL Instance Scenario > > 270 In a Single RPL Instance Scenario, nodes that support [RFC8138] are > 271 configured with a new OCP, that may use the same OF operation or a > 272 variation of it, while nodes that do not support [RFC8138] are not, > 273 but are configured to join an unknown OCP. > > [major] A new OCP? I only see 2 OCPs in the registry -- unless I'm missing > something, there's no way to configure "a new OCP, that may use the same > OF". > Actually the intent is to use an unregistered OCP. The registry is intended for well-known OCPs but is not seen as limitative. We probably should define a range for private / experimental OCPs to avoid this situation? > > ... > 279 The parent router - which supports [RFC8138] - compresses the > packets > 280 originated from the leaf and uncompresses the packets going to the > 281 leaf. This may be done on the fly by the parent of a non-capable > 282 RAL, or as part of the tunneling operation between the parent and > the > 283 Root, if the leaf behaves as a RUL. This is described in section 7, > 284 8, and 9 of [USEofRPLinfo]. > > [nit] s/This is/This operation is OK > > > 286 Note that though tunneling from the Root to the parent is the generic > 287 case for RULs, on paper it is possible for the Root to avoid it for > 288 the traffic that it originates. The Root SHOULD always use tunneling > 289 to the parent of a RUL, even for its own packets, unless it knows > 290 that the leaf supports [RFC8138]. > > [nit] s/on paper/ Ack > > [major] "RUL...unless it knows that the leaf supports [RFC8138]" > Isn't this a contradiction? [BTW, §1 says that RULs implicitly don't support > rfc8138.] Yes, the RUL is not expected to understand RFC 8138, but on paper it could, there is no law that says it must not. It would just be VERY surprising to support RPL compression but not RPL. I need to revisit both places. For the text above, maybe I should remove the "unless it knows that the leaf supports [RFC8138]" because it creates more questions than it actually helps. > > [major] "unless it knows that the leaf supports [RFC8138]" Assuming you're > not talking about a RUL, how do you know? §1 mentions capabilities as an > example, but that is not part of the specification...the SHOULD above makes it > so. > Same as several times above, I suggest we do (b) and document knowledge through management. > > ... > 294 * The method consumes an extra OCP. It also forces nodes that do > 295 not support [RFC8138] to operate as RULs, unless there is a method > 296 to let the parent router know that it must uncompress the packet > 297 for this RAL. > > [major] What is this "method to let the parent router know..."? > Can add "e.g., through management". The goal of this weird wording is to leave the road open for capabilities when they come. Your suggestions very welcome! > > 299 * If the RPL implementation of a node does not turn it to a leaf > 300 when the OCP is changed to an unknown one, then the node may > be > 301 stalled. > > [minor] Right, but then this implementation wouldn't be compliant with > rfc6550. Correct. Can I remove that sentence? > > > 303 * If the only possible parents of a node are nodes that do not > 304 support [RFC8138], then that node will loose all its parent at the > 305 time of the migration and it will be stalled until a parent is > 306 deployed with the new capability. > > [minor] If the parents don't support rfc3183 then they would have joined as > leaves anyway (because of the new OCP) and wouldn't really be available as > parents, right? What am I missing? Say T is off and those guys are parents. Then we set T on. As you point out they become leaves so they are no more available as parents. This node becomes an orphan though it was not before as a consequence of turning the flag. In the 2 instances method, this node remains attached to the old DODAG and the root can see that it Is not visible on the new instance, so it can figure there's something to do like upgrade or deploy more. > > > 308 5.3. Double RPL Instances Scenario > ... > 319 Nodes that support [RFC8138] participate in both Instances but favor > 320 the new RPL Instance for the traffic that they source. By contrast, > 321 nodes that only support the uncompressed format would either not > be > 322 configured for the new RPL Instance, or would be configured to join > 323 it as leaves only. > > [major] "Nodes that support [RFC8138]...favor the new RPL Instance for the > traffic that they source..." Support for rfc8138 doesn't require > compression. IOW, a node that supports rfc8138 can compress, but it doesn't > have to, right? I think you need to be more specific when talking about > "favor"; does it mean that the routers SHOULD use the new instance? Yes, will reword like that. It MUST join the new instance and SHOULD use it for its traffic to benefit from the compression. It is a SHOULD because the RANK in that more limited DODAG may be bad in which case it is unusable. I can add words that say that too. > > > ... > 330 The 2 instances MUST be operated with the same security > guarantees, > 331 e.g., both "unsecured" with a lower layer security of a same > 332 strength, both "preinstalled" or both "authenticated" security mode > 333 (see section 3.2.3 of [RFC6550] for more details on those modes). > 334 The latter mode could be use to enforce the segregation of updated > 335 and non-updated nodes, by providing the keys for joining as routers > 336 to the updated nodes only. > > [nit] s/could be use/could be used Ack > > [major] "The 2 instances MUST be operated with the same security > guarantees..." Why is that a requirement? Would something break if it is not > the case? > Hmu, the new instance should have at least the same guarantees, otherwise we are trading compression gains with security, hard to do. > > 338 5.4. Rolling Back > > 340 After downgrading a network to turn the [RFC8138] compression off, > 341 the administrator SHOULD make sure that all nodes have converged > to > 342 the "T" flag reset before allowing nodes that do not support the > 343 compression in the network (see caveats in Section 5.2). > > [minor] "downgrading" sounds as if software needs to changed (at least)...but > in this case it is a configuration change. Maybe something like: > > When turning [RFC8138] compression off in the network... > OK, no problem, will change > > [major] s/SHOULD make sure that all nodes have converged/SHOULD wait until > all nodes have converged > OK > [minor] How does the administrator know when the nodes have converged? > Given the potential problems, it sounds like a MUST may be more > appropriate...?? Yes, will MUST > > [minor] "see caveats in Section 5.2" The caveats there don't seem to apply > unless the single instance scenario is specified somehow... > I can remove the "see caveats". The bottom line is that the legacy nodes will not like a compressed packet so we need to ensure the T off is generalized first. > ... > 349 6. IANA Considerations > > 351 This specification updates the Registry for the "DODAG Configuration > 352 Option Flags" that was created for [RFC6550] as follows: > > [major] s/This specification updates/IANA is requested to assign a new option > flag from OK > > 354 +------------+---------------------------------+-----------+ > 355 | Bit Number | Capability Description | Reference | > 356 > +============+=================================+======== > ===+ > 357 | 2 | Turn on RFC8138 Compression (T) | THIS RFC | > 358 +------------+---------------------------------+-----------+ > > [major] This value (even though is free in the registry) should be marked as a > suggestion for IANA. OK will do > > > ... > 362 7. Security Considerations > > 364 First of all, it is worth noting that with [RFC6550], every node in > 365 the LLN that is RPL-aware can inject any RPL-based attack in the > 366 network. A trust model MUST be put in place so that rogue nodes > are > 367 excluded from participating to the RPL and the 6LowpAN signaling, > and > 368 from the data packet exchange. This trust model could be at a > 369 minimum based on a Layer-2 Secure joining and the Link-Layer > 370 security. This is a generic RPL and 6LoWPAN requirement, see > Req5.1 > 371 in Appendix of [RFC8505]. > > [major] Is this paragraph talks about an "generic RPL and 6LoWPAN > requirement", then please don't use Normative language. Also, pointing at the > appropriate RFCs and their Security Considerations is enough. OK > > [] As a side note, secure joining doesn't really prevent a rogue node from being > in the network. Consider the case where the node is subverted after > joining...or simply where the administrator can set the T flag (as below). > Very true; we are starting zero trust work in IOT, like https://datatracker.ietf.org/doc/draft-ietf-6lo-ap-nd/ and ROV is RPL by transporting the ROVR in DaDAO messages see https://datatracker.ietf.org/doc/draft-ietf-roll-unaware-leaves/ . Maybe "so that rogue nodes are excluded from participating to the RPL" -> "in an effort to exclude rogue nodes from participating to the RPL" > are > 367 excluded from participating to the RPL > > 373 Setting the "T" flag before some routers are upgraded may cause a > 374 loss of packets. The new bit is protected as the rest of the > 375 configuration so this is just one of the many attacks that can happen > 376 if an attacker manages to inject a corrupted configuration. > > [nit] s/before some routers/before all routers Ack, will change > > > ... > 392 9. Normative References > ... > 414 [RFC7228] Bormann, C., Ersue, M., and A. Keranen, "Terminology for > 415 Constrained-Node Networks", RFC 7228, > 416 DOI 10.17487/RFC7228, May 2014, > 417 <https://www.rfc-editor.org/info/rfc7228>. > > [major] This reference should be Informative. I'm getting that recommendation in both ways but OK, will do. > > > ... > 427 [UNAWARE-LEAVES] > 428 Thubert, P. and M. Richardson, "Routing for RPL Leaves", > 429 Work in Progress, Internet-Draft, draft-ietf-roll-unaware- > 430 leaves-14, 11 April 2020, <https://tools.ietf.org/html/ > 431 draft-ietf-roll-unaware-leaves-14>. > > [minor] This reference can be Informative. > OK > > 433 10. Informative References > ... > 441 [RFC8138] Thubert, P., Ed., Bormann, C., Toutain, L., and R. Cragie, > 442 "IPv6 over Low-Power Wireless Personal Area Network > 443 (6LoWPAN) Routing Header", RFC 8138, DOI > 10.17487/RFC8138, > 444 April 2017, <https://www.rfc-editor.org/info/rfc8138>. > > [major] This reference must be Normative. OK also : ) So many thanks Alvaro, this was really deep and constructive. Please let me know when the proposals are in the right direction and when not. Based on that I'll publish a revision to track the proposed changes and present it to you. Take care, Pascal
- [Roll] AD Review of draft-ietf-roll-turnon-rfc813… Alvaro Retana
- Re: [Roll] AD Review of draft-ietf-roll-turnon-rf… Pascal Thubert (pthubert)
- Re: [Roll] AD Review of draft-ietf-roll-turnon-rf… Pascal Thubert (pthubert)
- Re: [Roll] AD Review of draft-ietf-roll-turnon-rf… Alvaro Retana
- Re: [Roll] AD Review of draft-ietf-roll-turnon-rf… Pascal Thubert (pthubert)
- Re: [Roll] AD Review of draft-ietf-roll-turnon-rf… Michael Richardson
- Re: [Roll] AD Review of draft-ietf-roll-turnon-rf… Pascal Thubert (pthubert)
- Re: [Roll] AD Review of draft-ietf-roll-turnon-rf… Alvaro Retana
- Re: [Roll] AD Review of draft-ietf-roll-turnon-rf… Pascal Thubert (pthubert)
- Re: [Roll] AD Review of draft-ietf-roll-turnon-rf… Alvaro Retana
- Re: [Roll] AD Review of draft-ietf-roll-turnon-rf… Pascal Thubert (pthubert)
- Re: [Roll] AD Review of draft-ietf-roll-turnon-rf… Alvaro Retana
- Re: [Roll] AD Review of draft-ietf-roll-turnon-rf… Pascal Thubert (pthubert)