IETF Logo Mail Archive

Re: [savi] Potential issue for all SAVI mechanisms?

Erik Nordmark <nordmark@sonic.net> Wed, 22 June 2011 13:39 UTC

Return-Path: <nordmark@sonic.net>
X-Original-To: savi@ietfa.amsl.com
Delivered-To: savi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BAD821F849F for <savi@ietfa.amsl.com>; Wed, 22 Jun 2011 06:39:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YEd+X4HuxPJd for <savi@ietfa.amsl.com>; Wed, 22 Jun 2011 06:39:36 -0700 (PDT)
Received: from a.mail.sonic.net (a.mail.sonic.net [64.142.16.245]) by ietfa.amsl.com (Postfix) with ESMTP id 7E82321F849E for <savi@ietf.org>; Wed, 22 Jun 2011 06:39:27 -0700 (PDT)
Received: from [192.168.1.103] (64-103-25-233.cisco.com [64.103.25.233]) (authenticated bits=0) by a.mail.sonic.net (8.13.8.Beta0-Sonic/8.13.7) with ESMTP id p5MDdK0W010848 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Wed, 22 Jun 2011 06:39:23 -0700
Message-ID: <4E01F083.5030801@sonic.net>
Date: Wed, 22 Jun 2011 06:39:15 -0700
From: Erik Nordmark <nordmark@sonic.net>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: marcelo bagnulo braun <marcelo@it.uc3m.es>
References: <BANLkTi=Te8AS+sdhOGtCvgFqa48dHc80WQ@mail.gmail.com> <F29187458BA64F46BE7069B37C4CF19D@junbiVAIOz138> <4E013482.3080405@joelhalpern.com> <70DEE8BFA1794CA9B6694032363C3460@junbiVAIOz138> <4E017D0B.8090301@it.uc3m.es>
In-Reply-To: <4E017D0B.8090301@it.uc3m.es>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailman-Approved-At: Wed, 22 Jun 2011 08:18:01 -0700
Cc: savi@ietf.org
Subject: Re: [savi] Potential issue for all SAVI mechanisms?
X-BeenThere: savi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mailing list for the SAVI working group at IETF <savi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/savi>, <mailto:savi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/savi>
List-Post: <mailto:savi@ietf.org>
List-Help: <mailto:savi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jun 2011 13:39:37 -0000

On 6/21/11 10:26 PM, marcelo bagnulo braun wrote:
> Right, the question is how comon is for legitimate users to send
> NDP/DHCP/SEND fragmented packets? IS there any concrete real useful
> situacion where this happens?

The way I read RFC 4861's
    The size of an ND packet including the IP header is limited to the
    link MTU.  When adding options to an ND packet, a node MUST NOT
    exceed the link MTU.
is that ND packets should not be fragmented. But the spec doesn't have 
an explicit MUST NOT fragment.

I haven't looked at the DHCP and SEND RFCs.

> If not, maybe we could simply say that SAVI will ignore the fragmented
> packets.
> If yes, then it seems we may have a problem.

I don't think we can just ignore them, since that would assume that the 
receivers would explicitly drop fragmented ND/DHCP/SEND packets, which 
they are not required to do.

Can we always tell whether a packet, which might in theory have 2K of 
Destination options, is a ND/DHCP/SEND packet? Clearly not unless RFC 
2460 requires that some bytes of the ULP (TCP, UDP, ICMP, etc) header is 
always in the first fragment. In practice it would be reasonable to 
expect that. But it seems to be a protocol change to IPv6 to require 
that senders must put the ULP header in the first fragment.

Then the SAVI devices can assume and require that the known ULP is 
contained in the first fragment, thus they can determine whether a 
packet is ND/DHCP/SEND, and reject any such packets that include a 
fragment header.

    Erik

> Regards, marcelo
>
>
> El 22/06/11 06:35, Jun Bi escribió:
>> In the Ethernet environment, the MTU is 1500, DHCP reply is not a
>> large packet and it won't be fragmented.
>> Maybe the packet size of RA is large and might be fragmented, but it
>> is not processed in SAVI.
>>
>> thanks,
>> Jun Bi
>>
>> -----原始邮件----- From: Joel M. Halpern
>> Sent: Wednesday, June 22, 2011 8:17 AM
>> To: Jun Bi
>> Cc: Jean-Michel Combes ; SAVI Mailing List
>> Subject: Re: [savi] Potential issue for all SAVI mechanisms?
>>
>> I do not think this is a sufficient answer. Whether the device is a
>> switch or a router, reassembling or maintaining packet state across
>> fragements is a non-trivial undertaking.
>>
>> I can imagine some kludges to get around this, but they have broader
>> impact than just SAVI. (For example, rejecting first packets that do
>> not have enough information to determine whether or not they are
>> claiming to be RAs or DHCP replies.)
>>
>> Yours,
>> Joel
>>
>> On 6/21/2011 9:56 AM, Jun Bi wrote:
>>> Hi Jean-Michel,
>>>
>>> What we are talking about "savi switch" is a 2.5 layer switch (layer 2
>>> switch in data plan with layer 3-aware in controll/management plan).
>>> So what I know from switch vendor is that the 2.5 layer switch chip or
>>> the stronger CPU can handel it.
>>> For example, the chip can recongnize the Protocol ID field of IP packets
>>> to recongznie HDCP or NDP packets (even in fragments),
>>> then copy them to switch CPU. The CPU can handle it.
>>>
>>> The SAVI switch has been really implmented and deployed, so I did really
>>> see any problem in real network.
>>> BTW, it seems that SAVI switch doesn't snoop and process RA packets for
>>> binding, so maybe RA packet is different.
>>>
>>> thanks,
>>> Jun Bi
>>>
>>> -----原始邮件----- From: Jean-Michel Combes
>>> Sent: Tuesday, June 21, 2011 9:37 PM
>>> To: SAVI Mailing List
>>> Subject: [savi] Potential issue for all SAVI mechanisms?
>>>
>>> Hi,
>>>
>>> Maybe you already know that there is a discussion on v6ops/6man MLs
>>> about RA Guard evasion (cf.
>>> http://www.ietf.org/mail-archive/web/ipv6/current/msg14204.html).
>>> One of the methods to perform this evasion is fragmentation: it seems
>>> that a L2 device would not be able to re-assemble all the fragments
>>> without an important extra-cost and so would not be able to determine
>>> whether or not the message is a Router Advertisement (cf.
>>> http://www.ietf.org/mail-archive/web/ipv6/current/msg14240.html).
>>>
>>> Knowing that:
>>> (1) In common use-case, SAVI device is a L2 device
>>> (2) SAVI mechanisms are based on NDP/SEND/DHCP messages inspection
>>>
>>> I am wondering whether or not fragmentation would not impact strongly
>>> SAVI specifications too: any fragmented NDP/SEND/DHCP message could
>>> not update correctly the Binding Table and so what would be the
>>> consequences?
>>>
>>> I would appreciate comments from WG members, especially
>>> implementors/manufacturers, about this.
>>>
>>> Thanks in advance for your replies.
>>>
>>> Best regards.
>>>
>>> JMC.
>>> _______________________________________________
>>> savi mailing list
>>> savi@ietf.org
>>> https://www.ietf.org/mailman/listinfo/savi
>>> _______________________________________________
>>> savi mailing list
>>> savi@ietf.org
>>> https://www.ietf.org/mailman/listinfo/savi
>>
>> _______________________________________________
>> savi mailing list
>> savi@ietf.org
>> https://www.ietf.org/mailman/listinfo/savi
>
> _______________________________________________
> savi mailing list
> savi@ietf.org
> https://www.ietf.org/mailman/listinfo/savi
>

v2.23.0 | Report a Bug | By Email