IETF Logo Mail Archive

Re: [rbridge] a stronger RPF check for TRILL

Radia Perlman <radiaperlman@gmail.com> Fri, 09 March 2012 16:20 UTC

Return-Path: <rbridge-bounces@postel.org>
X-Original-To: ietfarch-trill-archive-Osh9cae4@ietfa.amsl.com
Delivered-To: ietfarch-trill-archive-Osh9cae4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D00E21F86C5 for <ietfarch-trill-archive-Osh9cae4@ietfa.amsl.com>; Fri, 9 Mar 2012 08:20:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.999
X-Spam-Level:
X-Spam-Status: No, score=-4.999 tagged_above=-999 required=5 tests=[AWL=1.000, BAYES_00=-2.599, J_CHICKENPOX_55=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wYcd9Hb1UegO for <ietfarch-trill-archive-Osh9cae4@ietfa.amsl.com>; Fri, 9 Mar 2012 08:20:44 -0800 (PST)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by ietfa.amsl.com (Postfix) with ESMTP id 2AC7A21F8697 for <trill-archive-Osh9cae4@lists.ietf.org>; Fri, 9 Mar 2012 08:20:44 -0800 (PST)
Received: from boreas.isi.edu (localhost [127.0.0.1]) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id q29Fw26N018904; Fri, 9 Mar 2012 07:58:04 -0800 (PST)
Received: from mail-ey0-f180.google.com (mail-ey0-f180.google.com [209.85.215.180]) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id q29FvUDf018855 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <rbridge@postel.org>; Fri, 9 Mar 2012 07:57:39 -0800 (PST)
Received: by eaal12 with SMTP id l12so614285eaa.39 for <rbridge@postel.org>; Fri, 09 Mar 2012 07:57:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=SU6bT6Q32PJpVaI/dwxEoeeHOaIqrEyeTYWEbKM7cJE=; b=tDnrOonRHkaxTixNBPSHXQOuBy/CNYW6AgwYk8d3PyC4YHgS5KVCHkVm2UjaPahU8p i05aFj39QbpHIlgVO9r1GRy57e/AS8Xi/BJIPZUc/cze8RGlIc5KhU7wGwE23Q68pc5E DkdFNxIegHoA1SJWAr/ZpctJ85Dixe9062vzNd80NPjNFKT5J5/SOYowwOth5C5/OnjT CGnB9beoWmMIoroVVCyR3bgz/fvlOLTYglR1PelENjPNdNKrujb1s/I6XmqD6LWL9wRe v9nutRMChDnqKDwbXB6SFGwP8GgqSlimJsMdY8gWbLHRAZvM4WKXtM14nTgYezFxwRXR 0BqA==
MIME-Version: 1.0
Received: by 10.14.136.10 with SMTP id v10mr510219eei.76.1331308649120; Fri, 09 Mar 2012 07:57:29 -0800 (PST)
Received: by 10.213.98.77 with HTTP; Fri, 9 Mar 2012 07:57:29 -0800 (PST)
In-Reply-To: <CAF4+nEGHy=EJYFx3Vg+zDv_aKorNAk7N32r4nqUCS=Y3Xmj56g@mail.gmail.com>
References: <OF717BEAAE.B04DF3B2-ON872579BB.00608789-882579BB.00615D1A@us.ibm.com> <CA+-tSzwj5KRZnBAnPQYsN=hvm-tV1MsefXN8NqKvoh3RbHHOEQ@mail.gmail.com> <CAF4+nEGHy=EJYFx3Vg+zDv_aKorNAk7N32r4nqUCS=Y3Xmj56g@mail.gmail.com>
Date: Fri, 09 Mar 2012 07:57:29 -0800
Message-ID: <CAFOuuo4QEC8npinO0OxVWhwutsb+fD1Gh0KCKru29-Xrnsf=Nw@mail.gmail.com>
From: Radia Perlman <radiaperlman@gmail.com>
To: Donald Eastlake <d3e3e3@gmail.com>
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: radiaperlman@gmail.com
X-MIME-Autoconverted: from quoted-printable to 8bit by boreas.isi.edu id q29FvUDf018855
Cc: rbridge@postel.org, Anoop Ghanwani <anoop@alumni.duke.edu>, Santosh Rajagopalan <sunny.rajagopalan@us.ibm.com>
Subject: Re: [rbridge] a stronger RPF check for TRILL
X-BeenThere: rbridge@postel.org
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: "Developing a hybrid router/bridge." <rbridge.postel.org>
List-Unsubscribe: <http://mailman.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=unsubscribe>
List-Archive: <http://mailman.postel.org/pipermail/rbridge>
List-Post: <mailto:rbridge@postel.org>
List-Help: <mailto:rbridge-request@postel.org?subject=help>
List-Subscribe: <http://mailman.postel.org/mailman/listinfo/rbridge>, <mailto:rbridge-request@postel.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: rbridge-bounces@postel.org
Errors-To: rbridge-bounces@postel.org

Ah.  Yes, thank you for that explanation, Donald.  Santosh is indeed
correct, and it also makes the spec easier to read, which is an
additional plus.

Radia

On Fri, Mar 9, 2012 at 6:44 AM, Donald Eastlake <d3e3e3@gmail.com> wrote:
> Hi Anoop,
>
> On Fri, Mar 9, 2012 at 7:51 AM, Anoop Ghanwani <anoop@alumni.duke.edu> wrote:
>> The tree adjacency check already accounts for this.
>> http://tools.ietf.org/html/rfc6325#section-4.6.2.5
>>
>>>>
>>   The Outer.MacSA is checked and the frame discarded if it is not a
>>   tree adjacency for the tree indicated by the egress RBridge nickname
>>   on the port where the frame was received.
>>>>
>>
>> This is done in addition to the port-based RPF check.
>
> Ahhh, but this is not quite a strong as what Santosh is suggesting.
> The subtle weakness is that "adjacency" has no directionality.
>
> RFC 6325 currently specifies this part of the RPFC as two separate checks:
>  1. Is ( tree, Outer.MacSA, arrival port) an allowed triplet according
> to the current topology and tree?
>  2. Is ( tree, ingress, arrival port ) an allowed triplet according to
> the current topology and tree?
>
> What Santosh is suggesting, which would be just a little stronger and
> arguably simpler, is equivalent to replacing this with one test:
>  -- Is ( tree, Outer.MacSA, ingress, arrival port ) an allowed quadruplet?
>
> This is stronger because, on a multi-access link, one Outer.MacSA may
> only be allowed on frames from the ingress and other Outer.MacSA may
> only only be allowed on frames ingressed elsewhere.
>
> I think some existing silicon may already use this combined RPFC test...
>
> Thanks,
> Donald
> =============================
>  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
>  155 Beaver Street, Milford, MA 01757 USA
>  d3e3e3@gmail.com
>
>> Anoop
>>
>> On Thu, Mar 8, 2012 at 9:43 AM, Santosh Rajagopalan
>> <sunny.rajagopalan@us.ibm.com> wrote:
>>> It appears the the multidestination frame checks present in TRILL may not be
>>> strong enough to cover some cases of packet duplicates during network
>>> transition scenarios. In this email, I'm going to suggest a modification of
>>> the TRILL RPF check to cover these cases.
>>>
>>> The root problem is that there's a notion of directionality built into the
>>> RPF concept ("accept packets from X along this vector"). In a p2p link,
>>> specifying the port alone uniquely qualifies that vector. However, in a
>>> multiaccess link, there are many "links/adjacencies" overlaid on the
>>> physical link. To identify one of them, you need to specify both the
>>> outer_smac *and* the port. So the RPF check should actually be "accept
>>> packets from X along (outer_smac, port)".
>>>
>>> Consider this network:
>>>
>>> F--A--B--C--o--D
>>> All the links except the link between C and D are p2p links. C and D are
>>> connected over a classical ethernet network (represented by the pseudonode
>>> "o"). Let's say D gets picked as the root for a multidestination tree (the
>>> choice of root is unimportant here).
>>> The resulting tree looks like:
>>>
>>> F--A--B--C--o--D
>>>
>>> Now lets say that a link comes up from A to the same classical ethernet
>>> network. So the network looks like this:
>>> ________
>>> | |
>>> F--A--B--C--o--D
>>>
>>> Let's say the resulting tree in steady state includes all links except the
>>> B-C link. After the network has converged, a packet that starts out from F
>>> will go F->A, where A will send one copy to the A-B link and another copy
>>> into the CE network, from where it will be received by C and D.
>>>
>>> However, lets consider a transition stage where A and D have acted on their
>>> LSPs and programmed their forwarding plane, while B and C have not yet done
>>> so.
>>> This means that B and C both consider the link between them to still be part
>>> of the tree.
>>>
>>> So a packet that starts out from F and reaches A will be copied by A into
>>> the A-B link and the A-o link. D's RPF check says to accept packets on this
>>> tree coming from F over its link to the CE network, so it gets accepted. D
>>> is also adjacent to A on the tree, so the tree adjacency check also passes.
>>>
>>> However, the packet that gets to B gets sent out by B to C. C's RPF check
>>> still has the old state, and it thinks the packet is ok. C sends the packet
>>> along the old tree, which is towards the CE network. D receives one more
>>> packet, but the tree adjacency check passes because C is adjacent to D in
>>> the new tree as well. The RPF check also passes because D's link to the CE
>>> network is ok for receiving packets from A.
>>>
>>> So now D gets duplicates of every packet until B and C act on their LSPs and
>>> program their hardware tables. The AF state is (I believe) irrelevant here
>>> because we're talking about TRILL encapsulated packets, not native CE
>>> frames.
>>>
>>> In the example above, the adjacency check alone doesn't help, because the
>>> rbridge D has adjacencies to both A & C on the tree. A check on (port, smac)
>>> will pass for packets from both A and C.
>>>
>>> The only check which can stop this from happening, I believe, is if you
>>> replace the current RPF check which looks like this:
>>> {tree_id, source_rbridge}->{allowed_port}
>>>
>>> with a modified check which looks like this:
>>>
>>> {tree_id, rbridge}->{allowed_port, allowed_outer_smac}
>>>
>>> This will make sure that packets will be accepted by D only if they were
>>> sent by A. This combined check can be a replacement for the currently
>>> separate adjacency and RPF checks.
>>>
>>> Thoughts?
>>> --
>>> Sunny Rajagopalan
>>>
>>>
>>> _______________________________________________
>>> rbridge mailing list
>>> rbridge@postel.org
>>> http://mailman.postel.org/mailman/listinfo/rbridge
>>>
>> _______________________________________________
>> rbridge mailing list
>> rbridge@postel.org
>> http://mailman.postel.org/mailman/listinfo/rbridge
>
> _______________________________________________
> rbridge mailing list
> rbridge@postel.org
> http://mailman.postel.org/mailman/listinfo/rbridge

_______________________________________________
rbridge mailing list
rbridge@postel.org
http://mailman.postel.org/mailman/listinfo/rbridge

v2.23.0 | Report a Bug | By Email