Re: [RTG-DIR] draft-ietf-lisp-06.txt
Vince Fuller <vaf@cisco.com> Tue, 23 March 2010 05:16 UTC
Return-Path: <vaf@cisco.com>
X-Original-To: rtg-dir@core3.amsl.com
Delivered-To: rtg-dir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 787863A67F4 for <rtg-dir@core3.amsl.com>; Mon, 22 Mar 2010 22:16:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.669
X-Spam-Level:
X-Spam-Status: No, score=-2.669 tagged_above=-999 required=5 tests=[DNS_FROM_OPENWHOIS=2.431, J_CHICKENPOX_43=0.6, MANGLED_TOOL=2.3, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id haZmxuwzAJqz for <rtg-dir@core3.amsl.com>; Mon, 22 Mar 2010 22:16:47 -0700 (PDT)
Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by core3.amsl.com (Postfix) with ESMTP id 76BFE3A698F for <rtg-dir@ietf.org>; Mon, 22 Mar 2010 22:16:38 -0700 (PDT)
Authentication-Results: sj-iport-4.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEAPbqp0urR7H+/2dsb2JhbACbKHOiZph+hH0Egx4
X-IronPort-AV: E=Sophos;i="4.51,292,1267401600"; d="scan'208";a="104185928"
Received: from sj-core-2.cisco.com ([171.71.177.254]) by sj-iport-4.cisco.com with ESMTP; 23 Mar 2010 05:16:57 +0000
Received: from vaf-mac1.cisco.com (vaf-mac1.cisco.com [128.107.165.254]) by sj-core-2.cisco.com (8.13.8/8.14.3) with ESMTP id o2N5GviF028992; Tue, 23 Mar 2010 05:16:57 GMT
Received: by vaf-mac1.cisco.com (Postfix, from userid 113818) id EB73A123C1C; Mon, 22 Mar 2010 22:17:06 -0700 (PDT)
Date: Mon, 22 Mar 2010 22:17:06 -0700
From: Vince Fuller <vaf@cisco.com>
To: Ron Bonica <ron@bonica.org>
Message-ID: <20100323051706.GA6331@vaf-mac1.cisco.com>
References: <4B9E9A98.5060809@bonica.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <4B9E9A98.5060809@bonica.org>
User-Agent: Mutt/1.4.2.3i
X-Mailman-Approved-At: Tue, 23 Mar 2010 08:02:05 -0700
Cc: rtg-dir@ietf.org, draft-ietf-lisp@tools.ietf.org, lisp@tools.ietf.org, rtg-ads@tools.ietf.org
Subject: Re: [RTG-DIR] draft-ietf-lisp-06.txt
X-BeenThere: rtg-dir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Routing Area Directorate <rtg-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtg-dir>
List-Post: <mailto:rtg-dir@ietf.org>
List-Help: <mailto:rtg-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Mar 2010 05:16:53 -0000
Hello Ron- Thanks for the feedback. The LISP authors appreciate the opportunity to improve the qualify of our documents. I'll respond to each of the comments in turn. > Major Issues: > > o Architectural Issues > > - Tunnel Liveness - The document says little about what happens when a > tunnel connecting iTR to eTR fails? Does temporary black-holing result? > What is the restoration mechanism? Please re-read section 6.3, titled titled "Routing Locator Reachability" which covers maintenance of ITR to ETR state. While LISP does perform encapsulation and is thus conceptually a tunneling protocol (hence the terms "Ingress Tunnel Router" and "Egress Tunnel Router", there is no explicit tunnel state so your question should perhaps be re- phrased as "what happens when an ITR loses connectivity to an ETR RLOC?". > - UDP Checksum - When an iTR formats the LISP UDP header, it sets the > UDP checksum to zero. This is in violation of RFC 768. RFC 768 does not prohibit zero IP UDP checksums, which are in common use by a number of protocols (NFS comes to mind), so this comment would seem to be in error. There are open issues with zero UDP checksums for ipv6, but not only are those issues beyond the scope of RFC 768 (which predates ipv6 by many years) but they also affect a number of other protocols other than LISP (AMT et al) and are being discussed in a larger context (MBONED, et al. Please see Joel Halpern's recent message on this topic fo the lisp@ietf.org mailing list. > - The document should say something about cases in which NATs and middle > boxes are deployed between iTR and ETR. Will those boxes continue to work? This is an implementation and configuration issue and is beyond the scope of this protocol description. Testing on our pilot network has verified that LISP works through NAT boxes, though how that is configured is implementation- specific. This topic will also be the topic of a forthcoming LISP Deployment document that has been discussed on the lisp@ietf.org. The Interworking draft also has some descriptive text regarding NAT and LISP. > o Caching Issues > > - The caching policy is not well specified. Therefore, I am worried that > the cache might become an easy target for DoS attacks. Consider the > following scenario: > > An opponent discovers the EIDs of 100 hosts behind an ITR. The opponent > then sends a steady stream of 50 pps to each of those 100 hosts. Each of > those packets has a unique, valid and spoofed source address. Each > packet also causes its recipient to send an ICMP port unreachable > message to the spoofed source. The ITR cache may be overrun. This is an implementation issue that is beyond the scope of this protocol specification. Other common protocols, including ARP and DNS, have similar vulnerabilities and Well-known rate-limiting and other mechanisms exist for ameliorating the damage caused by such cache-pollution attacks. LISP implementations would be advised to incorporate such mechanisms. > o Migration issues Considerations > > - During the migration period, when an ITR receives a packet, it must > determine whether that packet's destination address is an EID or an > RLOC. The document isn't clear about how the ITR does this. One > possibility is to encode that information in the IP address. Another is > to query the network to find out. While the first solution may work for > IPv6, it won't work well for IPv4. The second solution presents > performance problems regardless of IP version. This is an interworking issue and is beyond the scope of this protocol implementation. Please refer to the LISP Map Server specification for discussion of how an ITR determines whether a destination IP address is an EID or a legacy, non-LISP address. The LISP+ALT specification also documents how the EID-to- RLOC database is used to make this determination and the LISP Interworking covers, in detail, the mechanisms for LISP and non-LISP sites to communicate. > - LISP's goals are best achieved when the entire Internet is surrounded > by xTRs (i.e., at the end of migration). However, it is impossible to > know when that state has been achieved. The document should say > something about when an operator has completed its migration effort and > what benefit it can expect to reap at that time. This comment would seem to be beyond the scope of this protocol specification. Not only does LISP offer a long-term strategy for reducing the growth of global Internet routing state but it also offers short-term benefits for early adopters, including simplar site multihoming that also offers new traffic engineering capabilities. Migration would also seem to be a central topic of a future LISP Deployment document. > Minor Issues > > - Terminology section defines many terms that are already commonly > understood. Given how much confusion has persisted on the RRG and lisp@ietf.org mailing lists about such "commonly understood" terms as "Endpoint ID" and "Locator", the LISP authors decided to err on the side of redundancy in defining terms. > Nits: > > > == You're using the IETF Trust Provisions' Section 6.b License Notice from > 12 Sep 2009 rather than the newer Notice from 28 Dec 2009. (See > http://trustee.ietf.org/license-info/) This should be automatically fixed when the xml2rfc template is updated. > ** The document seems to lack an IANA Considerations section. I don't believe this document is asking for any new IANA assignments since LISP already has the protocol identifiers (UDP port numbers) that it needs. > ** There are 5 instances of lines with non-RFC2606-compliant FQDNs in > the document. Can you please list the specific errors so that we can fix them? > > == There are 10 instances of lines with private range IPv4 addresses > in the document. If these are generic example addresses, they should be > changed to use any of the ranges defined in RFC3330 (or successor): > 192.0.2.x, 198.51.100.x or 203.0.113.x. Unfortunately, RFC3330 space is too small to use for some of the examples contained in the LISP documents (LISP+ALT suffers from this nit as well). For this reason, we have chosen to use RFC1918 space in our examples. > Miscellaneous warnings: > > ---------------------------------------------------------------------------- > > == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', > or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please > use uppercase 'NOT' together with RFC 2119 keywords (if that is what you > mean). Can you please list the specific errors so that we can fix them? > > Found 'MUST not' in this paragraph: > > LCM: The format is one of the control message formats described > in this section. At this time, only Map-Request messages and PIM > Join-Prune messages [MLISP] are allowed to be encapsulated. > Encapsulating > other types of LISP control messages are for further study. When > Map-Requests are sent for RLOC-probing purposes (i.e the P-bit is set), > they MUST not be sent inside Encapsulated Control Messages. We will fix this, thanks. > Checking references for intended status: Experimental > > ---------------------------------------------------------------------------- > > ** Obsolete normative reference: RFC 2434 (Obsoleted by RFC 5226) > > == Outdated reference: A later version (-02) exists of draft-jen-apt-01 > > == Outdated reference: A later version (-05) exists of > draft-meyer-lisp-cons-03 > > -- Unexpected draft version: The latest known version of > draft-ietf-lisp-interworking is -00, but you're referring to -01. > > == Outdated reference: A later version (-02) exists of > draft-farinacci-lisp-lig-01 > > == Outdated reference: A later version (-01) exists of > draft-meyer-lisp-mn-00 > > == Outdated reference: A later version (-04) exists of > draft-ietf-lisp-ms-03 > > -- No information found for draft-mathy-lisp-dht - is the name correct? > > == Outdated reference: A later version (-08) exists of > draft-lear-lisp-nerd-04 > > == Outdated reference: A later version (-02) exists of > draft-iannone-openlisp-implementation-01 > > == Outdated reference: A later version (-05) exists of > draft-narten-radir-problem-statement-00 > > == Outdated reference: A later version (-09) exists of > draft-ietf-mip4-rfc3344bis-05 > > == Outdated reference: draft-ietf-pim-rpf-vector has been published as RFC > 5496 > > -- No information found for draft-handley-p2ppush-unpublished-2007726 - is > the name correct? > > == Outdated reference: draft-ietf-shim6-proto has been published as > RFC 5533 We will fix the outdated references, thanks. --Vince
- [RTG-DIR] draft-ietf-lisp-06.txt Ron Bonica
- Re: [RTG-DIR] draft-ietf-lisp-06.txt Joel M. Halpern
- Re: [RTG-DIR] draft-ietf-lisp-06.txt Ron Bonica
- Re: [RTG-DIR] draft-ietf-lisp-06.txt thomas.morin
- Re: [RTG-DIR] draft-ietf-lisp-06.txt Joel M. Halpern
- Re: [RTG-DIR] draft-ietf-lisp-06.txt Vince Fuller
- Re: [RTG-DIR] draft-ietf-lisp-06.txt Ron Bonica