Re: [savi] RFC6620 Page 15 - Data Trigger
"Joel M. Halpern" <jmh@joelhalpern.com> Tue, 06 May 2014 14:02 UTC
Return-Path: <jmh@joelhalpern.com>
X-Original-To: savi@ietfa.amsl.com
Delivered-To: savi@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id A61AF1A01BC
for <savi@ietfa.amsl.com>; Tue, 6 May 2014 07:02:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 1xNabvCFvTmf for <savi@ietfa.amsl.com>;
Tue, 6 May 2014 07:02:28 -0700 (PDT)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154])
by ietfa.amsl.com (Postfix) with ESMTP id 062551A00DF
for <savi@ietf.org>; Tue, 6 May 2014 07:02:28 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
by mailb2.tigertech.net (Postfix) with ESMTP id 844361C0E0D;
Tue, 6 May 2014 07:02:23 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from Joels-MacBook-Pro.local
(pool-70-106-134-103.clppva.east.verizon.net [70.106.134.103])
(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
(No client certificate requested)
by mailb2.tigertech.net (Postfix) with ESMTPSA id 875101C0E0B;
Tue, 6 May 2014 07:02:21 -0700 (PDT)
Message-ID: <5368EB4D.7000704@joelhalpern.com>
Date: Tue, 06 May 2014 10:01:49 -0400
From: "Joel M. Halpern" <jmh@joelhalpern.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9;
rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Leaf Yeh <leaf.yeh.sdo@gmail.com>, 'SAVI Mailing List' <savi@ietf.org>,
'marcelo bagnulo braun' <marcelo@it.uc3m.es>,
"'Eric Levy- Abegnoli (elevyabe)'" <elevyabe@cisco.com>
References: <536846e7.637a420a.27dc.02df@mx.google.com>
<5368508C.9060205@joelhalpern.com>
<53685d07.8564420a.3494.3c0a@mx.google.com>
In-Reply-To: <53685d07.8564420a.3494.3c0a@mx.google.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/savi/x_61VIS3vnc873D3z-UIbuGpEDc
Subject: Re: [savi] RFC6620 Page 15 - Data Trigger
X-BeenThere: savi@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Mailing list for the SAVI working group at IETF <savi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/savi>,
<mailto:savi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/savi/>
List-Post: <mailto:savi@ietf.org>
List-Help: <mailto:savi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savi>,
<mailto:savi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 May 2014 14:02:29 -0000
I suspect I am misunderstanding you. The goal of SAVI is very specific. it is to prevent one node from claiming an address that is belongs to (by assignment or proper claiming) another node. Can you please restate your concern with the data trigger in terms of how it fails to meet that goal? You should also note that in the case of a multi-access LAN where SAVI is not being run on the individual ports which point to individual machines, and where there is not authentication, then there are significant limitations on the ability of SAVI to protect one claimant from another within that scope. This is spelled out in the SAVI documents. Sending solicitations back onto that LAN (which seems to be what you are asking for) does not actually help with that problem. Yours, Joel On 5/5/14, 11:54 PM, Leaf Yeh wrote: > Joel - The limits on the number of addresses a host can claim are related to > keeping the bookkeeping state bounded. If a hsot causes his own claims to > be lost, that is his problem, not SAVI's. > > I guess you mean the host can claim any number of addresses if SAVI device's > memory permits. > > > Joel - I am not sure what threat you are trying to prevent in your > description. > Leaf - > How about send DAD_NS to the VP received data packet for the >> double-check in the above process? > > I intend to prevent the host abuse the source address within the on-link > prefix. If SAVI device sent the DAD_NS directly back to the VP received the > data, it expected the host do have initiated that source address under test > as the target address, and response the DAD_NA. > > > Best Regards, > Leaf > > > > -----Original Message----- > From: Joel M. Halpern [mailto:jmh@joelhalpern.com] > Sent: Tuesday, May 06, 2014 11:02 AM > To: Leaf Yeh; 'SAVI Mailing List'; 'marcelo bagnulo braun'; 'Eric Levy- > Abegnoli (elevyabe)' > Subject: Re: [savi] RFC6620 Page 15 - Data Trigger > > I am not sure what threat you are trying to prevent in your description. > The goal of the SAVI work was to prevent one host from claiming the address > another host is using. The limits on the number of addresses a host can > claim are related to keeping the bookkeeping state bounded. If a hsot > causes his own claims to be lost, that is his problem, not SAVI's. > > Yours, > Joel > > On 5/5/14, 10:20 PM, Leaf Yeh wrote: >> I read RFC6620 again, still have some questions on it. >> >> Section 3.2.3 Page 15 @ the state of NO_BIND >> >> <quote> >> >> Upon the reception through a Validating Port (VP) of a DATA packet >> >> containing IPAddr as the source address, the SAVI device SHOULD >> >> execute the process of sending Neighbor Solicitation messages >> of >> >> the Duplicate Address Detection process ... The DAD_NS messages >> are not >> >> sent through any of the ports configured as Validating Ports. >> The >> >> DAD_NSOL messages are sent through Trusted Ports (but, of >> course, >> >> subject to usual switch behavior and possible MLD snooping >> >> optimizations)... The state >> >> is moved to TENTATIVE. The LIFETIME is set to TENT_LT (i.e., LT: >> >> =TENT_LT), the BINDING ANCHOR is set to VP (i.e., P:=VP), and >> the >> >> Creation time is set to the current value of the local clock. >> >> </quote> >> >> It seems the DAD_NS are not sent to 'any of VP', but sent to TP, after >> the VP received a data packet, whose source address are not in binding >> table of the SAVI device. >> >> If this data packet use the prefix assigned on this link, we don't >> expect the DAD_NA from the TP. >> >> If the data packet use any IID-interface ID, i.e. the 64 bits of the >> source address, the SAVI switch will set up a binding entry for each >> source address. >> >> Then I guess we lost the finer-grained SAV here, and only can rely on >> the SAVI (on-link) prefix list to filtering the 'transit traffic'. Right? >> >> I mean the malicious host can create a huge number of **valid** source >> address within the on-link prefix. What was the design philosophy here? >> >> How about send DAD_NS to the VP received data packet for the >> double-check in the above process? >> >> Best Regards, >> >> Leaf >> >> >> >> _______________________________________________ >> savi mailing list >> savi@ietf.org >> https://www.ietf.org/mailman/listinfo/savi >> > >
- [savi] RFC6620 Page 15 - Data Trigger Leaf Yeh
- Re: [savi] RFC6620 Page 15 - Data Trigger Joel M. Halpern
- Re: [savi] RFC6620 Page 15 - Data Trigger Leaf Yeh
- Re: [savi] RFC6620 Page 15 - Data Trigger Joel M. Halpern
- Re: [savi] RFC6620 Page 15 - Data Trigger Leaf Yeh
- Re: [savi] RFC6620 Page 15 - Data Trigger Leaf Yeh
- Re: [savi] RFC6620 Page 15 - Data Trigger Joel Halpern Direct