IETF Logo Mail Archive

Re: [Sidrops] version negotiation

Claudio Jeker <cjeker@diehard.n-r-g.com> Wed, 03 January 2024 11:21 UTC

Return-Path: <cjeker@diehard.n-r-g.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0EF6C151069 for <sidrops@ietfa.amsl.com>; Wed, 3 Jan 2024 03:21:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.905
X-Spam-Level:
X-Spam-Status: No, score=-6.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EoF_n_Q1GXce for <sidrops@ietfa.amsl.com>; Wed, 3 Jan 2024 03:21:48 -0800 (PST)
Received: from diehard.n-r-g.com (diehard.n-r-g.com [62.48.3.9]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA512) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D774FC14F69C for <sidrops@ietf.org>; Wed, 3 Jan 2024 03:21:46 -0800 (PST)
Received: (qmail 91636 invoked by uid 1000); 3 Jan 2024 11:21:44 -0000
Date: Wed, 03 Jan 2024 12:21:44 +0100
From: Claudio Jeker <cjeker@diehard.n-r-g.com>
To: Randy Bush <randy@psg.com>
Cc: sidrops <sidrops@ietf.org>
Message-ID: <ZZVDSK/Hg7VBBmAl@diehard.n-r-g.com>
References: <m2il4zbecl.wl-randy@psg.com> <5DCA686A-8BA9-43FF-9675-4C6804C8208D@nlnetlabs.nl> <8F3E272D-9358-4A63-B156-8C768D46CC7D@nlnetlabs.nl> <C6809556-2957-4E50-93FF-E392B69EE19C@vigilsec.com> <43e9a8461d05470190ee7d3a7bb46cf4@huawei.com> <ZYFq8we3BMBji6jb@diehard.n-r-g.com> <ZYM9bEdeZOdidSU1@dwc-desktop.local> <CAMFGGcD-hAprxBBoz2dL7wzoq1j187B6XNHQURtRN85GgpgjqA@mail.gmail.com> <ZYQNxzeMl2uhweBu@diehard.n-r-g.com> <m2ttnv5kbh.wl-randy@psg.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <m2ttnv5kbh.wl-randy@psg.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/TlbN3p0dU_YJSbhXLfmstMsD3_Y>
Subject: Re: [Sidrops] version negotiation
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jan 2024 11:21:49 -0000

On Tue, Jan 02, 2024 at 04:31:30PM -0800, Randy Bush wrote:
> ( subject changed to protect the innocent :)
> 
> claudio:
> 
> point taken
> 
> i think much of the problem here is unintended lack of clarity between
> session and transport connection.  but the negotiation can be improved
> as well.
> 
> how about this as a first cut?
> 
>    7.  Protocol Version Negotiation
> 
>    Once a router has established a transport connection to a cache, it
>    MUST attempt to open a RPKI-Router 'session' by issuing either a
>    Reset Query Section 5.4) or a Serial Query (Section 5.3) with the
>    highest version of this protocol the router implements in the
>    Protocol Version field.  If the cache supports that version, it
>    responds with a Cache Response (Section 5.5) of that version and the
>    session is considered open.
> 
>    If a cache which supports version N receives a query with Protocol
>    Version Q < N, and the cache does not support versions <= Q, the
>    cache MUST send an Error Report (Section 5.11) with Protocol Version
>    N and Error Code 4 ("Unsupported Protocol Version") and disconnect
>    the transport session.
> 
>    If a cache which supports version N receives a query with Protocol
>    Version Q < N, the cache MUST downgrade to protocol version Q,
>    [RFC6810] or [RFC8210], and respond with a Cache Response
>    (Section 5.5) of that Protocol Version and the session is considered
>    open.
> 
>    If the router query has version Q > N, the cache MUST send an Error
>    Report (Section 5.11) with Protocol Version N and Error Code 4
>    ("Unsupported Protocol Version"), and the router SHOULD send another
>    query with a Protocol Version Q of the version N in the Error Report,
>    unless it has already failed at that version.  This MAY repeat with
>    the router attempting to negotiate lower and lower versions until
>    they agree.
> 
>    If the router requests Q == 0 and it still fails with the cache
>    sending an Error Report (Section 5.11) with Error Code 4
>    ("Unsupported Protocol Version"), then the router MUST abort the
>    transport connection.
> 
>    ...
> 
> i suspect it can be improved further, and of course i would like it
> smaller/simpler.  but first is this addressing your issue(s)?

Yes, this is much better.

I think paragraph 2 and 3 (both about Q < N) should be merged.
Current paragraph 4 makes the negotiation much clearer (but 'with a
Protocol Version Q of the version N in the Error Report' is a mouth full).
What is unclear what should happen when "unless it has already failed at
that version" comes into play? Should it abort like in the last paragraph?

Now this changes the sematics of Error Code 4. So Section 13 needs to be
adjusted. Error code 4 should not be fatal but have special handling as
described in Section 7. This is required because:
   Errors which are considered fatal MUST cause the session to be dropped,
   and the router MUST flush all data learned from that cache.

-- 
:wq Claudio

v2.46.0 | Report a Bug | By Email | System Status