IETF Logo Mail Archive

Re: [v6ops] draft-linkova-v6ops-nd-cache-init to working group draft

Lorenzo Colitti <lorenzo@google.com> Tue, 23 July 2019 13:45 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55422120119 for <v6ops@ietfa.amsl.com>; Tue, 23 Jul 2019 06:45:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.499
X-Spam-Level:
X-Spam-Status: No, score=-17.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 905rksZKdF38 for <v6ops@ietfa.amsl.com>; Tue, 23 Jul 2019 06:45:28 -0700 (PDT)
Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E04CF12024E for <v6ops@ietf.org>; Tue, 23 Jul 2019 06:45:26 -0700 (PDT)
Received: by mail-wr1-x42f.google.com with SMTP id n4so43324977wrs.3 for <v6ops@ietf.org>; Tue, 23 Jul 2019 06:45:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VGommA4P7o2Db+/WHMiXif266h/3U3aXZB+xz+Ev44w=; b=NA9hR8T12DlZUrf+F8BOPhk+cTwJisus9dvXFsK2MnHiHgylVm/Sx2gdHL8uUA98rl 0059AYNCrR1mN37GxDjW/lmo3Q12cnsNSjJzGLJxDHRhzLu/PBaGVPbxcoFqsw3C7HU0 k+aj+3EgMiL+WdhFlQbxSKsNcNf/EHg5CVhP+JlqeYy+IeqsXj1xGeaOVaEjR1hA5xSp cwMWVIs5tRO75Ey7tBfNthWxG/QqDviaFWuB4S7+5wCwFiSmxdP4dzJUJ8bacIVPXfO2 QmLLPt+b+29gdbk73GLtvJz/KsIbhWjMzs8vGJCEtf/PWceA3h3Bmj8NMQGHoxZq+qZa Heuw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VGommA4P7o2Db+/WHMiXif266h/3U3aXZB+xz+Ev44w=; b=gksBY93PHVl20JQLOt8E2Z1V/8msS0hvDICOk1rRtr8xHp3mOsRGk8/BtxXFSgF5/8 QnreVoLVLt1G42rqcRaqTggKLi8gqODqocslc32jWEmdKWbjw/AZtrUP5HNlQiI17xSL mYDEuRIyWNAFK3kj4MiRIBp+b8mbKDexj+LJd8RhuVSqE7UTxqytCM1DckPn9RC+VvNQ qLkX94QIhlK9/4gFZMH6slgWNq8O/JUtUMw7gX8kBDpLAHx7ix70frIe1pfrJkF5tIEj ADZcU4NUE8XcvzhbHP5shpkOiEBPmauAHZWUAQEcf9Bevnv5N66k1ff+COiBBdvs7IjS G08w==
X-Gm-Message-State: APjAAAVzjk5mVBNlG3ZaN+82TWtxlhuwPxQz6B2byAF76LmEqK3DVt6D KjL1FW0VqibyczQVvH3SAZd0LMvvmg1x152jqbw62w==
X-Google-Smtp-Source: APXvYqxMVa5OQ4wSDMrdJq4zy8NUja5QdHh3uRShhoRayMtGgb6v6qYV6wpVssOS74qj+/fQWGOIRXegD+DPz/Oy+WM=
X-Received: by 2002:adf:e50c:: with SMTP id j12mr11179909wrm.117.1563889525128; Tue, 23 Jul 2019 06:45:25 -0700 (PDT)
MIME-Version: 1.0
References: <351E8A83-734C-448D-B0C6-212C09D564F4@gmail.com> <ea7438f2-b917-60eb-88bc-a375246a0cf9@gmail.com> <CAOSSMjUrtjxuA+fSmidP+CYVyPxbMhB88oXCZfwvORZi1_w19g@mail.gmail.com> <20190723130323.GK34551@eidolon.nox.tf> <4F9991E5-AB39-464E-BBF8-87D3B6A6B677@cisco.com>
In-Reply-To: <4F9991E5-AB39-464E-BBF8-87D3B6A6B677@cisco.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Tue, 23 Jul 2019 09:45:13 -0400
Message-ID: <CAKD1Yr3=e8w6SDZP5CB9NRTQxvpU6VZ7_OQNFOP59RAOjjRfiQ@mail.gmail.com>
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
Cc: David Lamparter <equinox@diac24.net>, IPv6 Operations <v6ops@ietf.org>, 6man Chairs <6man-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009d552a058e5967d4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/5gfUvvVL_BWEfTvwu8OW2b476F8>
Subject: Re: [v6ops] draft-linkova-v6ops-nd-cache-init to working group draft
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 13:45:32 -0000

On Tue, Jul 23, 2019 at 9:16 AM Pascal Thubert (pthubert) <
pthubert@cisco.com> wrote:

> I support the idea to adopt the draft and document the general problem
> that’s behind it.
> The attack vectors on the router are part of that general problem.
>
> As I understand Lorenzo ‘s point, the full solution probably belongs to
> 6man.


For the record, actually no, that is not my position. Protocol changes do
belong in 6man. But as Brian says, we may not need protocol changes. A BCP
seems like a fine place to say "here's a good reason not to implement this
SHOULD in a router".


> We are now finding that we need to reconsider the reactive behavior of ND
> AR. Tricking the current model can improve things but only so far.
>

For the record, I don't agree with this. Changing the reactive behaviour
has far-reaching implications and a number of difficult trade-offs with
regard to scalability, crash recovery, availability of addresses to network
nodes, and so on.

v2.23.0 | Report a Bug | By Email