[savi] AD review of draft-ietf-savi-fcfs
Jari Arkko <jari.arkko@piuha.net> Wed, 04 May 2011 18:41 UTC
Return-Path: <jari.arkko@piuha.net>
X-Original-To: savi@ietfa.amsl.com
Delivered-To: savi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCDB0E07AE for <savi@ietfa.amsl.com>; Wed, 4 May 2011 11:41:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.567
X-Spam-Level:
X-Spam-Status: No, score=-102.567 tagged_above=-999 required=5 tests=[AWL=0.032, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aX3YejgX2OvA for <savi@ietfa.amsl.com>; Wed, 4 May 2011 11:41:35 -0700 (PDT)
Received: from p130.piuha.net (p130.piuha.net [IPv6:2001:14b8:400::130]) by ietfa.amsl.com (Postfix) with ESMTP id 7DE49E0795 for <savi@ietf.org>; Wed, 4 May 2011 11:41:34 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 12F2B2D35A; Wed, 4 May 2011 21:41:27 +0300 (EEST)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NoTye0Bwk55z; Wed, 4 May 2011 21:41:25 +0300 (EEST)
Received: from [IPv6:::1] (unknown [IPv6:2001:14b8:400::130]) by p130.piuha.net (Postfix) with ESMTP id 79C742CC49; Wed, 4 May 2011 21:41:25 +0300 (EEST)
Message-ID: <4DC19DD5.4040209@piuha.net>
Date: Wed, 04 May 2011 20:41:25 +0200
From: Jari Arkko <jari.arkko@piuha.net>
User-Agent: Thunderbird 2.0.0.24 (X11/20101027)
MIME-Version: 1.0
To: draft-ietf-savi-fcfs@tools.ietf.org, SAVI Mailing List <savi@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [savi] AD review of draft-ietf-savi-fcfs
X-BeenThere: savi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Mailing list for the SAVI working group at IETF <savi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/savi>, <mailto:savi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/savi>
List-Post: <mailto:savi@ietf.org>
List-Help: <mailto:savi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savi>, <mailto:savi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2011 18:41:35 -0000
I have reviewed this draft. The specification is well written, and while it took an entire day for me to be (relatively) convinced that the state machine is correct, it is easy to read. I have sent the draft forward to an IETF last call. However, I did have a few suggestions and questions that I hope you can treat and if needed, issue a new draft version. > Neighbour Solicitation (NSOL) > and Neighbour Advertisement (NADV) messages Can we use the usual abbreviations, NS and NA? > Router Advertisement: A SAVI device MUST support discovery of on-link > prefixes through Router Advertisement messages. The SAVI device will > learn the on-link prefixes following the procedure defined for a host > to process the Prefix Information options described in section 6.3.4 > of [RFC4861] <http://tools.ietf.org/html/rfc4861#section-6.3.4> with the difference that the prefixes will be configured > in the FCFS SAVI Prefix List rather than in the ND Prefix List. In > addition, when the SAVI device boots, it MUST send a Router > Solicitation message as described in section 6.3.7 of [RFC4861] <http://tools.ietf.org/html/rfc4861#section-6.3.7>, > using the unspecified source address. > Will this process be run on all ports, or just the trusted ones? Please specify. > o If the data packet is received through a Validating port, then the > SAVI function checks whether the received data packet is local > traffic or transit traffic. It does so by verifying if the source > address of the packet belongs to one of the directly connected > prefixes available in the receiving interface. It does so by > searching the FCFS SAVI Prefix List. > * If the IP source address does not belong to one of the local > prefixes of the receiving interface, this means that the data > packet is transit traffic and the packet SHOULD be discarded. > You need to add a special case for supporting the unspecified address. > This may due to an attack or to the fact that the host > may have moved. ... may be due to an ... > and 250 millisconds later Milliseconds. And please put the value to a constant in a separate section. > The DAD_NSOL messages are sent > through the proper Trusted Ports (as defined by the switch > behaviour that will depend on whether it performs MLD snooping or > not). The word "proper" is confusing here. How about this text instead: The DAD_NSOL messages are sent through Trusted Ports (but of course subject to usual switch behavior and possible MLD snooping optimizations). > the SAVI device MUST forward the NSOL and 250 > millisconds later it MUST execute the process of sending Neighbour > Solicitation messages This could be clearer. First, you forward the NSOL completely normally. Then you separately run the NS process *on behalf of the host*, but forward these NSOL messages only to TP ports. Correct? A couple of questions, however. What's the source MAC address in such packets, the host's or the switch's address? And why aren't you simply copying the same message, separated by X ms? Finally, are you forwarding one message and generating two copies, altogether three messages? Additional clarity here would be useful. > o DAD_NSOL packets containing IPAddr as the target address received > through a Trusted port are NOT forwarded through any of the > Validating ports but they are sent through the proper Trusted > Ports (as defined by the switch behaviour that will depend on > whether it performs MLD snooping or not) > I don't understand why these messages are only forwardded to the TPs. > o Neighbor Advertisement packets sent to all nodes as a reply to the > DAD_NSOL (hereafter called DAD_NADV) containing IPAddr as the > target address coming through a Validating port are discarded. > This seems to break the principle of SAVI not changing network behavior except where a delay is necessary while you verify something. Why is it necessary to not forward these messages as they normally are forwarded through the network? > So, when SEND is deployed, it is recommended to use SEND SAVI > [I-D.ietf-savi-send <http://tools.ietf.org/html/draft-ietf-savi-fcfs-09#ref-I-D.ietf-savi-send>] rather than FCFS SAVI." > Is there some reason why proxy SEND cannot be employed here? Jari
- [savi] AD review of draft-ietf-savi-fcfs Jari Arkko
- Re: [savi] AD review of draft-ietf-savi-fcfs Erik Nordmark
- Re: [savi] AD review of draft-ietf-savi-fcfs Jari Arkko
- Re: [savi] AD review of draft-ietf-savi-fcfs Erik Nordmark
- Re: [savi] AD review of draft-ietf-savi-fcfs marcelo bagnulo braun
- Re: [savi] AD review of draft-ietf-savi-fcfs Jean-Michel Combes
- Re: [savi] AD review of draft-ietf-savi-fcfs Jean-Michel Combes
- Re: [savi] AD review of draft-ietf-savi-fcfs Alberto GarcĂa
- Re: [savi] AD review of draft-ietf-savi-fcfs Jean-Michel Combes