[ssm] what to say about scoping for v6 [was ...last call...]
Hugh Holbrook <holbrook@cisco.com> Tue, 11 March 2003 07:34 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA11765 for <ssm-archive@odin.ietf.org>; Tue, 11 Mar 2003 02:34:17 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h2B7lbP06539 for ssm-archive@odin.ietf.org; Tue, 11 Mar 2003 02:47:37 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2B7laO06536 for <ssm-web-archive@optimus.ietf.org>; Tue, 11 Mar 2003 02:47:36 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA11752 for <ssm-web-archive@ietf.org>; Tue, 11 Mar 2003 02:33:44 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2B7lDO06502; Tue, 11 Mar 2003 02:47:13 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2B7kIO06451 for <ssm@optimus.ietf.org>; Tue, 11 Mar 2003 02:46:18 -0500
Received: from sj-core-5.cisco.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA11721 for <ssm@ietf.org>; Tue, 11 Mar 2003 02:32:25 -0500 (EST)
Received: from holbrook-laptop.cisco.com (sjc-vpn2-31.cisco.com [10.21.112.31]) by sj-core-5.cisco.com (8.12.6/8.12.6) with ESMTP id h2B7YUhs007190; Mon, 10 Mar 2003 23:34:31 -0800 (PST)
Received: by holbrook-laptop.cisco.com (Postfix, from userid 500) id 5ECC310B7A7; Mon, 10 Mar 2003 23:30:08 -0800 (PST)
From: Hugh Holbrook <holbrook@cisco.com>
To: Brian Haberman <bkhabs@nc.rr.com>, Pekka Savola <pekkas@netcore.fi>
Cc: ssm@ietf.org
In-reply-to: <3E6C8CBD.1090508@nc.rr.com>
Reply-To: holbrook@cisco.com
Message-Id: <20030311073008.5ECC310B7A7@holbrook-laptop.cisco.com>
Date: Mon, 10 Mar 2003 23:30:08 -0800
Subject: [ssm] what to say about scoping for v6 [was ...last call...]
Sender: ssm-admin@ietf.org
Errors-To: ssm-admin@ietf.org
X-BeenThere: ssm@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ssm>, <mailto:ssm-request@ietf.org?subject=unsubscribe>
List-Id: Source-Specific Multicast <ssm.ietf.org>
List-Post: <mailto:ssm@ietf.org>
List-Help: <mailto:ssm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ssm>, <mailto:ssm-request@ietf.org?subject=subscribe>
[ ... Snipping just the thread on scoping for ssm ] My comments inline... > Date: Mon, 10 Mar 2003 08:01:49 -0500 > From: Brian Haberman <bkhabs@nc.rr.com> > Cc: Hugh Holbrook <holbrook@cisco.com>, ssm@ietf.org > > Pekka Savola wrote: > > On Sun, 9 Mar 2003, Brian Haberman wrote: > > > >>> The scope of the unicast-prefix based multicast address MUST NOT > >>> exceed the scope of the unicast prefix embedded in the multicast > >>> address. > >>> > >>>note: "embedded in the multicast address". But as you should note here, > >>>an address (particularly _SSM_, which is really not derived from the > >>>unicast prefix) does not. > >> > >>The intent was that the scope of the SSM group address would > >>not exceed the scope of the SSM source address. The scoped addr > >>arch forwarding rules *WILL* prevent a scoped address from leaking > >>out of the administrative zone. > >> > >>The overall issue though is not SSM-specific. > > > > > > Yes and no: in ASM, the DR only checks that G is ok; not it must check > > that both S and G are ok. > > > > Actually, the DR has to check both S and G to ensure that it does > not send a PIM Join across a scope zone boundary regardless of it > being ASM or SSM. There was some text in the original PIM for v6 > draft a long time ago. > > > > >>That is, the > >>scoped addr arch is responsible for determining the forwarding > >>issues around scoped addresses. I don't see a need for putting > >>any type of scoped address issues in the SSM doc. > > > > ... > > > >>As stated above, I don't see a reason to deal with scoped addresses > >>in the SSM arch doc. > > > > > > I understand this argument and I agree with it, mostly: at this point, we > > may end up doing some nasty things (in ipv6 w.g.) with scoped address > > architecture anyway, so trying to specify everything in detail in the > > specs before we know we have to do it seems premature. > > Agreed. :) > > > > > So, I can support putting considerations like these in the scoped address > > architecture document, but IMO, there *must* be a brief mention of the > > issues and a pointer in e.g. Security Considerations section. > > A pointer to what? draft-ietf-ipngwg-scoping-arch-04.txt? > I don't see a problem with doing that. The security section can mention > the issue and say that it is out of scope for this doc and is being > addressed elsewhere. So I'm trying to convert this discussion about scoping to concrete text. Here's what the doc currently says about v6 scoped addresses. For IPv6, administratively scoped SSM addresses are created by choosing an appropriate scope identifier for the SSM destination address. Normal IPv6 multicast scope boundaries are applied to traffic sent to an SSM destination address. I note that this paragraph is confusing because it says you can make a "scoped SSM addresses" when what it should say is "scoped SSM channel addresses". Here is proposed text to incorporate what I think Pekka is suggesting. For IPv6, administratively scoped SSM channel addresses are created by choosing an appropriate scope identifier for the SSM destination address. Normal IPv6 multicast scope boundaries are applied to traffic sent to an SSM destination address, including any relevant boundaries applied to both the source and destination address. Question 1: Do you accept the above text? I'm not sure I captured the issue, so I'd appreciate a better alternative if you see one. Question 2: If not, is there an appropriate reference for "Normal IPv6 multicast scope boundaries," or is it preferable to intentionally leave the document without a reference? Question 3: Should we add text to clarify the "embedded address" text in RFC3306. I can think of three options: Either prohibit it: For IPv6, senders MUST ensure that the scope of a channel destination address does not exceed the scope of the channel source address. Or allow it: For IPv6, the scope of a channel destination address MAY exceed the scope of the channel source address. Normal forwarding rules for scoped traffic apply to a packet sent to such a channel. Normal multicast scoping rules apply for any routing protocol messages (e.g., "joins") referring to such a channel. Or say nothing: I am inclined to do the latter, and I think this is what both of you are saying. Am I right? > >>>>As stated above RFC 3306 does have restrictions on what the scope > >>>>of the group address can be. > >>> > >>> > >>>As above, I'm not sure how this applies to RFC3306 addresses which do not > >>>depend on the prefix, ie. SSM. > >> > >>I consider the source address of an SSM group to be equivalent to > >>the unicast prefix used in an RFC 3306 generated address. > > > > > > One could consider so, but as was noted earlier, I didn't see it that way, > > and many others probably won't either -- unless clarified. > > > > More work for scoped addrarch, I suppose. > > > > Long-term it should be fixed in a revision of 3306. Near-term we > could add text to this doc in section 4.3 clarifying the allocation > issue on scopes. > > > > >>>>Now, RFC 3307 reserves 0x00000001 to 0x3FFFFFFF for use with > >>>>permanently allocated IPv6 multicast addresses. This is for > >>>>consistency with permanent IPv4 multicast addresses. That > >>>>means that T=0 in the flags field. I would expect that SSM > >>>>applications would allocate group IDs out of the 0x80000000 to > >>>>0xFFFFFFFF range for SSM channels. > >>> > >>>But RFC3306 addresses, including SSM, *MUST* have T=1, so one could argue > >>>that the reservation does not hold. > >> > >>Not sure what you mean here. 3307 is very explicit in what IANA > >>is reserving for group IDs. _______________________________________________ ssm mailing list ssm@ietf.org https://www1.ietf.org/mailman/listinfo/ssm
- [ssm] another last call for draft-ietf-ssm-arch -… Hugh Holbrook
- Re: [ssm] another last call for draft-ietf-ssm-ar… Pekka Savola
- Re: Re: [ssm] another last call for draft-ietf-ss… Hugh Holbrook
- Re: Re: [ssm] another last call for draft-ietf-ss… Pekka Savola
- Re: [ssm] another last call for draft-ietf-ssm-ar… Brian Haberman
- Re: [ssm] another last call for draft-ietf-ssm-ar… Pekka Savola
- Re: [ssm] another last call for draft-ietf-ssm-ar… Brian Haberman
- Re: [ssm] another last call for draft-ietf-ssm-ar… Pekka Savola
- Re: [ssm] another last call for draft-ietf-ssm-ar… Brian Haberman
- Re: Re: Re: [ssm] another last call for draft-iet… Hugh Holbrook
- [ssm] what to say about scoping for v6 [was ...la… Hugh Holbrook
- [ssm] permanent ipv6 ssm addresses [was ...last c… Hugh Holbrook
- Re: [ssm] permanent ipv6 ssm addresses [was ...la… Brian Haberman
- Re: [ssm] another last call for draft-ietf-ssm-ar… Brian Haberman
- Re: [ssm] what to say about scoping for v6 [was .… Brian Haberman
- Re: Re: [ssm] permanent ipv6 ssm addresses [was .… Hugh Holbrook
- Re: [ssm] what to say about scoping for v6 [was .… Pekka Savola
- Re: Re: [ssm] what to say about scoping for v6 [w… Hugh Holbrook
- Re: [ssm] what to say about scoping for v6 [was .… Brian Haberman
- Re: Re: [ssm] what to say about scoping for v6 [w… Pekka Savola
- Re: [ssm] what to say about scoping for v6 Hitoshi Asaeda
- Re: Re: Re: [ssm] what to say about scoping for v… Hugh Holbrook
- Re: [ssm] what to say about scoping for v6 Pekka Savola
- Re: [ssm] what to say about scoping for v6 [was .… Brian Haberman
- Re: [ssm] what to say about scoping for v6 [was .… Pekka Savola
- Re: Re: [ssm] what to say about scoping for v6 [w… Hugh Holbrook
- Re: Re: [ssm] what to say about scoping for v6 [w… Pekka Savola
- Re: Re: [ssm] another last call for draft-ietf-ss… Hugh Holbrook