IETF Logo Mail Archive

Re: [v6ops] draft-jaeggli-v6ops-indefensible-nd

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Tue, 11 September 2018 07:32 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AE7C130E65 for <v6ops@ietfa.amsl.com>; Tue, 11 Sep 2018 00:32:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nTche8_b51mt for <v6ops@ietfa.amsl.com>; Tue, 11 Sep 2018 00:32:05 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97B461294D7 for <v6ops@ietf.org>; Tue, 11 Sep 2018 00:32:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4456; q=dns/txt; s=iport; t=1536651125; x=1537860725; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=/Nyd04DqIzFuQaU38b72Ct/Mvc8RKHF4COmz3qHiZRg=; b=GuSQxXjzLzDC0OQmz2tC6IuZ03JVSfH/lEozdwW7URd1EJ4/QLKo5PIx 0l6I2XS3kKr2rQfULuuwikqGfa/t5V939piIWDvXHNdjF57S6pfukMjp0 BcTP/fO+FwRs7UDOu+YbP8YoyDqwxdHZ5cu3jDRb+LbhmVIaIdk7TxCXE U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0C3BgC/bpdb/49dJa1bGQEBAQEBAQEBAQEBAQcBAQEBAYMkKmV/KINylDKCDYM9lBsDUwsYC4RJAheDaCE4FAECAQECAQECbRwMhTgBAQEBAgEBASEROgsFCwIBCBgCAiYCAgIlCxUQAQEEDgWDIQGBeQgPpGmBLoQuAT2FGQWBC4gYgUIXgUE/gRInH4JMgxsBAQIBhF8xgiYCnAgJAoY3iUkXgUCEP4hxizqILAIRFIElNCE0gSFwFTsqAYJBgiUXegEEh1qFPm8Bi04HgkQBAQ
X-IronPort-AV: E=Sophos;i="5.53,359,1531785600"; d="scan'208";a="170004032"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Sep 2018 07:32:04 +0000
Received: from XCH-RCD-003.cisco.com (xch-rcd-003.cisco.com [173.37.102.13]) by rcdn-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id w8B7W4AJ017569 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 11 Sep 2018 07:32:04 GMT
Received: from xch-rcd-001.cisco.com (173.37.102.11) by XCH-RCD-003.cisco.com (173.37.102.13) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 11 Sep 2018 02:32:03 -0500
Received: from xch-rcd-001.cisco.com ([173.37.102.11]) by XCH-RCD-001.cisco.com ([173.37.102.11]) with mapi id 15.00.1395.000; Tue, 11 Sep 2018 02:32:03 -0500
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Erik Kline <ek=40google.com@dmarc.ietf.org>
CC: Ole Troan <otroan@employees.org>, "v6ops@ietf.org WG" <v6ops@ietf.org>
Thread-Topic: [v6ops] draft-jaeggli-v6ops-indefensible-nd
Thread-Index: AdRJEhJUITkGHPnURMm4CycU7Aa+VQArqikAAAA8DYAAAG06AAAAgTGA//+4SEE=
Date: Tue, 11 Sep 2018 07:32:03 +0000
Message-ID: <069A1C98-208A-44C4-941B-E9B0BCE26796@cisco.com>
References: <CO1PR05MB4439DAC0BE86DF0503CEB41AE050@CO1PR05MB443.namprd05.prod.outlook.com> <AA63368D-923E-4890-B518-CA8B119BCD7E@employees.org> <CAAedzxrtOrQrqZw-os45sRA2QT2gT7sE8CiuGxFFEssKx26iyw@mail.gmail.com> <FD8E7FA1-86F3-4193-ABBF-97AF25CEE565@employees.org>, <CAAedzxpdWEOn21ci0P5zuU8AgFe99kr_kYkAtFwNE90hREqL-g@mail.gmail.com>
In-Reply-To: <CAAedzxpdWEOn21ci0P5zuU8AgFe99kr_kYkAtFwNE90hREqL-g@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Outbound-SMTP-Client: 173.37.102.13, xch-rcd-003.cisco.com
X-Outbound-Node: rcdn-core-7.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/4YqjTnIAjYItJjgSgAPph3h2_hg>
Subject: Re: [v6ops] draft-jaeggli-v6ops-indefensible-nd
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Sep 2018 07:32:09 -0000

We have greatly improved the ARO at 6lo and tried in the process to alleviate Lorenzo ‘s concerns about it being an undesirable way to remove freedom of address formation. We also discussed Bob’s concerns on IPv6 stability at length so hopefully we are passed that as well.

The new ARO (EARO) is clearly intended to protect the address ownership. The NP AD draft associates a crypto token to the registration but does not constrain the IID like SEND did. 

The EARO is already referenced by a number of drafts (at ROLL 6lo and RIFT) as the abstract way for a host to announce its addresses to selected routers and get services back, eg routing or ND proxy.

Regards,

Pascal

> Le 11 sept. 2018 à 08:49, Erik Kline <ek=40google.com@dmarc.ietf.org> a écrit :
> 
>> On Tue, 11 Sep 2018 at 15:34, Ole Troan <otroan@employees.org> wrote:
>> 
>> Erik,
>> 
>>>> On 11 Sep 2018, at 08:22, Erik Kline <ek@google.com> wrote:
>>>> 
>>>> On Tue, 11 Sep 2018 at 15:15, Ole Troan <otroan@employees.org> wrote:
>>>> 
>>>> You might want to include that this problem has been solved with a stateful address assignment mechanism like DHCP, possibly combined with SAVI.
>>>> 
>>>> The ND ARO option would also have solved this.
>>>> 
>>>> Or you could deploy P2P Ethernet, where there is no address resolution..
>>>> 
>>>> Depending on DAD for this lie Lorenzo proposed seems ill-advised. It’s even less robust in wired networks (blocked ports).
>>> 
>>> But...in such a network NS/NA works?  (alternatively: what does
>>> "blocked" mean here)
>> 
>> NS/NA has retransmission.
>> Blocked as in 802.1D. Default 30s from link-up until port will switch user traffic.
> 
> Do hosts receive RAs during this 30s window?  If not, then the
> blocking affects DAD for link-local addresses, but not necessarily for
> GUAs.
> 
> NOTE: I am most definitely /not/ attempting to argue that DAD is reliable.  ;-)
> 
> I had a notion about matching forwarding addresses not in cache
> against the MLD info associated with the /104 for a given forwarding
> destination address.  Seems like routers gathering MLD data might use
> that list to prioritize forwarding for destinations not yet in the
> neighbor cache.
> 
>> DAD is unreliable for lots of reasons . Didn’t we write a draft on that?
> 
> https://tools.ietf.org/html/draft-yourtchenko-6man-dad-issues ?
> 
>> Ole
>> 
>> 
>>>> 
>>>>> On 10 Sep 2018, at 16:25, Ron Bonica <rbonica@juniper.net> wrote:
>>>>> 
>>>>> Folks,
>>>>> 
>>>>> Each week between now and IETF 103, we will review and discuss one draft with an eye towards progressing it.
>>>>> 
>>>>> This week, please review and comment on draft-jaeggli-v6ops-indefensible-nd.
>>>>> 
>>>>>                                    Fred and Ron
>>>>> 
>>>>> _______________________________________________
>>>>> v6ops mailing list
>>>>> v6ops@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/v6ops
>>>> 
>>>> _______________________________________________
>>>> v6ops mailing list
>>>> v6ops@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/v6ops
>> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email