Re: [savi] RFC6620 Page 15 - Data Trigger
"Leaf Yeh" <leaf.yeh.sdo@gmail.com> Wed, 07 May 2014 03:22 UTC
Return-Path: <leaf.yeh.sdo@gmail.com>
X-Original-To: savi@ietfa.amsl.com
Delivered-To: savi@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id AA9211A03DA
for <savi@ietfa.amsl.com>; Tue, 6 May 2014 20:22:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,
DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id sQ98et6qZlP0 for <savi@ietfa.amsl.com>;
Tue, 6 May 2014 20:22:06 -0700 (PDT)
Received: from mail-pa0-x233.google.com (mail-pa0-x233.google.com
[IPv6:2607:f8b0:400e:c03::233])
by ietfa.amsl.com (Postfix) with ESMTP id C87E01A0215
for <savi@ietf.org>; Tue, 6 May 2014 20:22:06 -0700 (PDT)
Received: by mail-pa0-f51.google.com with SMTP id kq14so460485pab.38
for <savi@ietf.org>; Tue, 06 May 2014 20:22:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=from:to:references:in-reply-to:subject:date:message-id:mime-version
:content-type:content-transfer-encoding:thread-index
:content-language;
bh=RI8pIK+nuHzMncTNfMAnaJLbBBzpUerrIWLl0QGdgoI=;
b=MLxbARitKv6V4SBhjJkpKUDIBEipKnRsfIesll9grESMGSKQvPsTQGYNvb282zS+Ek
B2rXSVSSK9Bukk+S8qfyktxvs5rTwaOaC2bqkKbDoE2ORuC2DCHiWYAXofyXnreFp0Bx
K2krhzGY0JKpHjWJBbJlrNrTVrdyLlL6AE9TROHfPhILvZBjEwLJiTV0qgxJ84a3onQq
VbJMp7AcW6MwUH3nJrYQPwYRMq+xWMVFFT4G+k/jtlGwggehnDxeZsgqdS8ddCJhHiRQ
l6Qn/Ty7cIH0Tr9kbu8HlUpOVk0yLxWNMTV9DjEqPdlsLMJ00s327bLHPWcLvHJkFpJi
JBRA==
X-Received: by 10.66.171.76 with SMTP id as12mr13645446pac.52.1399432922757;
Tue, 06 May 2014 20:22:02 -0700 (PDT)
Received: from PC ([218.241.103.232])
by mx.google.com with ESMTPSA id se3sm364090pbb.80.2014.05.06.20.22.00
for <multiple recipients>
(version=TLSv1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Tue, 06 May 2014 20:22:01 -0700 (PDT)
X-Google-Original-Message-ID: <006701cf69a3$81f05230$85d0f690$@yeh.sdo@gmail.com>
From: "Leaf Yeh" <leaf.yeh.sdo@gmail.com>
To: "'Joel M. Halpern'" <jmh@joelhalpern.com>,
"'SAVI Mailing List'" <savi@ietf.org>,
"'marcelo bagnulo braun'" <marcelo@it.uc3m.es>,
"'Eric Levy- Abegnoli \(elevyabe\)'" <elevyabe@cisco.com>
References: <536846e7.637a420a.27dc.02df@mx.google.com>
<5368508C.9060205@joelhalpern.com>
<53685d07.8564420a.3494.3c0a@mx.google.com>
<5368EB4D.7000704@joelhalpern.com>
In-Reply-To: <5368EB4D.7000704@joelhalpern.com>
Date: Wed, 7 May 2014 11:21:55 +0800
Message-ID: <5369a6d9.838f440a.7e55.1450@mx.google.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Ac9pM89ZEQeKOBz9QH+C3vt5kYWv3wAX7v/g
Content-Language: zh-cn
Archived-At: http://mailarchive.ietf.org/arch/msg/savi/8Vq050Jwgu1ftq48eBJWpXjQcZA
Subject: Re: [savi] RFC6620 Page 15 - Data Trigger
X-BeenThere: savi@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Mailing list for the SAVI working group at IETF <savi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/savi>,
<mailto:savi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/savi/>
List-Post: <mailto:savi@ietf.org>
List-Help: <mailto:savi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savi>,
<mailto:savi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 May 2014 03:22:08 -0000
Joel - The goal of SAVI is very specific. it is to prevent one node from claiming an address that is belongs to (by assignment or proper claiming) another node. Can you please restate your concern with the data trigger in terms of how it fails to meet that goal?.... Sending solicitations back onto that LAN (which seems to be what you are asking for) does not actually help with that problem. I guess your logic sounds right. DAD_NS should sent through the TP, which may connect to other SAVI device (and more hosts) within the same scope, i.e. the same link, or the same broadcast domain. But the above logic sounds not cover my concern on the host to abuse the source address within the on-link prefix. Sending DAD_NS back to the VP receiving the data trigger, sounds useful for a check. Wrong or harmful? Best Regards, Leaf -----Original Message----- From: Joel M. Halpern [mailto:jmh@joelhalpern.com] Sent: Tuesday, May 06, 2014 10:02 PM To: Leaf Yeh; 'SAVI Mailing List'; 'marcelo bagnulo braun'; 'Eric Levy- Abegnoli (elevyabe)' Subject: Re: [savi] RFC6620 Page 15 - Data Trigger I suspect I am misunderstanding you. The goal of SAVI is very specific. it is to prevent one node from claiming an address that is belongs to (by assignment or proper claiming) another node. Can you please restate your concern with the data trigger in terms of how it fails to meet that goal? You should also note that in the case of a multi-access LAN where SAVI is not being run on the individual ports which point to individual machines, and where there is not authentication, then there are significant limitations on the ability of SAVI to protect one claimant from another within that scope. This is spelled out in the SAVI documents. Sending solicitations back onto that LAN (which seems to be what you are asking for) does not actually help with that problem. Yours, Joel On 5/5/14, 11:54 PM, Leaf Yeh wrote: > Joel - The limits on the number of addresses a host can claim are > related to keeping the bookkeeping state bounded. If a hsot causes > his own claims to be lost, that is his problem, not SAVI's. > > I guess you mean the host can claim any number of addresses if SAVI > device's memory permits. > > > Joel - I am not sure what threat you are trying to prevent in your > description. > Leaf - > How about send DAD_NS to the VP received data packet for the >> double-check in the above process? > > I intend to prevent the host abuse the source address within the > on-link prefix. If SAVI device sent the DAD_NS directly back to the VP > received the data, it expected the host do have initiated that source > address under test as the target address, and response the DAD_NA. > > > Best Regards, > Leaf > > > > -----Original Message----- > From: Joel M. Halpern [mailto:jmh@joelhalpern.com] > Sent: Tuesday, May 06, 2014 11:02 AM > To: Leaf Yeh; 'SAVI Mailing List'; 'marcelo bagnulo braun'; 'Eric > Levy- Abegnoli (elevyabe)' > Subject: Re: [savi] RFC6620 Page 15 - Data Trigger > > I am not sure what threat you are trying to prevent in your description. > The goal of the SAVI work was to prevent one host from claiming the > address another host is using. The limits on the number of addresses > a host can claim are related to keeping the bookkeeping state bounded. > If a hsot causes his own claims to be lost, that is his problem, not SAVI's. > > Yours, > Joel > > On 5/5/14, 10:20 PM, Leaf Yeh wrote: >> I read RFC6620 again, still have some questions on it. >> >> Section 3.2.3 Page 15 @ the state of NO_BIND >> >> <quote> >> >> Upon the reception through a Validating Port (VP) of a DATA packet >> >> containing IPAddr as the source address, the SAVI device >> SHOULD >> >> execute the process of sending Neighbor Solicitation messages >> of >> >> the Duplicate Address Detection process ... The DAD_NS >> messages are not >> >> sent through any of the ports configured as Validating Ports. >> The >> >> DAD_NSOL messages are sent through Trusted Ports (but, of >> course, >> >> subject to usual switch behavior and possible MLD snooping >> >> optimizations)... The state >> >> is moved to TENTATIVE. The LIFETIME is set to TENT_LT (i.e., LT: >> >> =TENT_LT), the BINDING ANCHOR is set to VP (i.e., P:=VP), and >> the >> >> Creation time is set to the current value of the local clock. >> >> </quote> >> >> It seems the DAD_NS are not sent to 'any of VP', but sent to TP, >> after the VP received a data packet, whose source address are not in >> binding table of the SAVI device. >> >> If this data packet use the prefix assigned on this link, we don't >> expect the DAD_NA from the TP. >> >> If the data packet use any IID-interface ID, i.e. the 64 bits of the >> source address, the SAVI switch will set up a binding entry for each >> source address. >> >> Then I guess we lost the finer-grained SAV here, and only can rely on >> the SAVI (on-link) prefix list to filtering the 'transit traffic'. Right? >> >> I mean the malicious host can create a huge number of **valid** >> source address within the on-link prefix. What was the design philosophy here? >> >> How about send DAD_NS to the VP received data packet for the >> double-check in the above process? >> >> Best Regards, >> >> Leaf >> >> >> >> _______________________________________________ >> savi mailing list >> savi@ietf.org >> https://www.ietf.org/mailman/listinfo/savi >> > >
- [savi] RFC6620 Page 15 - Data Trigger Leaf Yeh
- Re: [savi] RFC6620 Page 15 - Data Trigger Joel M. Halpern
- Re: [savi] RFC6620 Page 15 - Data Trigger Leaf Yeh
- Re: [savi] RFC6620 Page 15 - Data Trigger Joel M. Halpern
- Re: [savi] RFC6620 Page 15 - Data Trigger Leaf Yeh
- Re: [savi] RFC6620 Page 15 - Data Trigger Leaf Yeh
- Re: [savi] RFC6620 Page 15 - Data Trigger Joel Halpern Direct