Re: [v6ops] ND cache entries creation on first-hop routers

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Fri, 05 July 2019 06:52 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 170CB12023F for <v6ops@ietfa.amsl.com>; Thu, 4 Jul 2019 23:52:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=EJ0iJgBe; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=eFH+gj8s
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YQAq-eSWQaVs for <v6ops@ietfa.amsl.com>; Thu, 4 Jul 2019 23:52:14 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCD0A120234 for <v6ops@ietf.org>; Thu, 4 Jul 2019 23:52:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4140; q=dns/txt; s=iport; t=1562309533; x=1563519133; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=iRgvmqeJJgwAhnzQI6a6TjY/16GEPDRxi8ladTLmLVM=; b=EJ0iJgBed2n/0TTVQ9mU/UODl3fQjuQki8/ez1qh5LtF/95l34UJp/DJ Nw60AnoQFVx5TYykMs7T9SIw/bGNs2a6AsOOVPmZEYyoJ/ZOEwCW6htYn z6+VNqlWgYhBYJrV8gVeorL3VACv310uqpnpqjlFu/VmYSSjWuA6wC5lo E=;
IronPort-PHdr: 9a23:uq3vOxxLWDp7x6TXCy+N+z0EezQntrPoPwUc9psgjfdUf7+++4j5YhSN/u1j2VnOW4iTq+lJjebbqejBYSQB+t7A1RJKa5lQT1kAgMQSkRYnBZuIF1z9J/3nRyc7B89FElRi+iLzPA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ClAABW8h5d/5FdJa1cCh0BAQUBBwUBgVQHAQsBgUNQA2pVIAQLKIQcg0cDjkmCW4lNjXmBLhSBEANUCQEBAQwBARgLCgIBAYRAAheCFSM1CA4BAwEBBAEBAgEFbYo3DIVKAQEBAQIBAQEQEQQNDAEBKwELAQ8CAQgOCgICJgICAh8GCxUQAgQOBRsHgwABgWoDDg8BDpp9AoE4iGBxfzOCeQEBBYEyAYEUgkcNC4ISAwaBDCgBhHGGbReBQD+BOB+CTD6CGkcBAYEuAQcFBgE2gnMygiaMIoJImx9ACQKCF4V4ihiDcxQHgiyHHop/gy+WYo4JAgQCBAUCDgEBBYFSATVncXAVOyoBgkGCQYNxhRSFP3KBKYsJAQQKF4IsAQE
X-IronPort-AV: E=Sophos;i="5.63,454,1557187200"; d="scan'208";a="291574327"
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 05 Jul 2019 06:52:12 +0000
Received: from XCH-ALN-004.cisco.com (xch-aln-004.cisco.com [173.36.7.14]) by rcdn-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id x656qCLC019988 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 5 Jul 2019 06:52:12 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 5 Jul 2019 01:52:11 -0500
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 5 Jul 2019 02:52:10 -0400
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Fri, 5 Jul 2019 02:52:10 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iRgvmqeJJgwAhnzQI6a6TjY/16GEPDRxi8ladTLmLVM=; b=eFH+gj8sUAoRpsq3xIFvwTJ8Qf1mQ4KsdxhCxKB1ub+Vm1t5l2pDcwJgftaZli3B3Aw5i7nww5f1Tw83l0Fxs7k9CEHYpKQyXEt+AKvIpTssbUCp4gIqchZKd4mxVKgyxom1cCr6h4fgQ5LPm/KD3B6N0YYFBdgYUI/fZGGtNTA=
Received: from BY5PR11MB4136.namprd11.prod.outlook.com (10.255.163.158) by BY5PR11MB4086.namprd11.prod.outlook.com (10.255.160.218) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.19; Fri, 5 Jul 2019 06:36:29 +0000
Received: from BY5PR11MB4136.namprd11.prod.outlook.com ([fe80::6559:d6f6:f9f1:ed5]) by BY5PR11MB4136.namprd11.prod.outlook.com ([fe80::6559:d6f6:f9f1:ed5%5]) with mapi id 15.20.2052.010; Fri, 5 Jul 2019 06:36:29 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Jen Linkova <furry13@gmail.com>
CC: V6 Ops List <v6ops@ietf.org>
Thread-Topic: [v6ops] ND cache entries creation on first-hop routers
Thread-Index: AQHVMOfiGUon9XU27EmyGEMXjU6GfKa7aBe3gABPkwA=
Date: Fri, 05 Jul 2019 06:36:28 +0000
Message-ID: <E75E690D-96D9-4B2E-BE13-7CB1D207E9D0@cisco.com>
References: <CAFU7BAQ4xrjNn9-EUyRhyHKDDT=f381Z4T6x6qJ=ftm2D2K4cw@mail.gmail.com> <162e470d-a1da-c100-3806-e4ab7640f5e2@gmail.com> <CAFU7BARdFSPX4S29_xVJnNBfdkocan89oSaROnOw9vctCu9m-w@mail.gmail.com>
In-Reply-To: <CAFU7BARdFSPX4S29_xVJnNBfdkocan89oSaROnOw9vctCu9m-w@mail.gmail.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1a.0.190609
authentication-results: spf=none (sender IP is ) smtp.mailfrom=evyncke@cisco.com;
x-originating-ip: [2001:420:c0c1:36:b140:b5db:3aad:865b]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e20eff75-f1e3-45a3-a2c5-08d701131c9a
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:BY5PR11MB4086;
x-ms-traffictypediagnostic: BY5PR11MB4086:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <BY5PR11MB40868606C8FF13D8BC877F92A9F50@BY5PR11MB4086.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 008960E8EC
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(136003)(376002)(346002)(366004)(39860400002)(189003)(199004)(5660300002)(71190400001)(71200400001)(7736002)(2906002)(102836004)(4326008)(1411001)(33656002)(46003)(186003)(58126008)(316002)(66446008)(64756008)(66556008)(66476007)(8936002)(6916009)(86362001)(73956011)(81166006)(14454004)(66946007)(81156014)(256004)(486006)(8676002)(66574012)(305945005)(11346002)(446003)(476003)(2616005)(91956017)(76116006)(14444005)(6116002)(478600001)(76176011)(99286004)(68736007)(6306002)(6436002)(53936002)(6512007)(6486002)(966005)(25786009)(6506007)(229853002)(53546011)(6246003)(36756003); DIR:OUT; SFP:1101; SCL:1; SRVR:BY5PR11MB4086; H:BY5PR11MB4136.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: JDMAWzpvHDcN6X2+Twj+O4qgMa7RUp4y4kYjOHXInpd5cjsupw3VlCbCW/rKQdWZ8rfiwZR5joYVI25x2A3Uom9Kh+qgdnVOimS+R7V7LxOa0+eYMjQgHa4cSSx+BlhFkJLU/+AWMER5iH17mJtmdNqWEqcO/1VgbEAnRC0lETMnEM2AQ6nfp0cocqcdk3rJ3avsb/6eNDTddX2wc2lOcXklrDVl05x6yJBpmQLOWUwumQ5TK4qituPvHt7HnJmxy54Iaotw+dsSlBI8F5TZpyWcN5mXDhdHYZMnfNeSy7BDX1kAd4POFYH00Nkkdx4ePm2weDZbMnTgqeAr7uo5EFxUxYPBJ0N/WrsRYbTa+zU+7rKDUms8fWmhLyzAojEi/PbxR2aM3Srml80ANSTbosVDz0dlwePKXd4ZtUsRsI4=
Content-Type: text/plain; charset="utf-8"
Content-ID: <6B5EE471FFF08541A4283DC7CAD363C3@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: e20eff75-f1e3-45a3-a2c5-08d701131c9a
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jul 2019 06:36:29.0218 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: evyncke@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR11MB4086
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.14, xch-aln-004.cisco.com
X-Outbound-Node: rcdn-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/7fiH30ywX7jUHfy9MeJoasnKAT0>
Subject: Re: [v6ops] ND cache entries creation on first-hop routers
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jul 2019 06:52:16 -0000

Hello,

Thank you for your draft, this is indeed a problem in some deployments. (such as instantiating rapidly a huge amount of short-live containers have each their own GUA).

In 2 days, your I-D has created many email messages with pretty good questions, so, the below comments may already been written and replied to...

BTW, please refer to 8174 in addition to RFC 2119.

In section 2.2.1 (learning from unsolicited NA), s/ some routing plaforms have implemented/ some routing  and switching platforms have implemented/

In section 2.2.3.2, I am unsure why the random delay of the RA has an impact here. And AFAIK it the random delay is for the periodic unsolicited RA. Same comment as Jinmei-san.

In section 2.5, you may want to add another 'solution' rather than keeping the first packet, routers could always keep the last one (a small improvement). You probably also know that routers have usually a limit on this buffer per interface and per router, so, this approach will not work in some cases.

About your reply below to Alex, the WiFi in large well-designed deployments are not the typical one as you know: there is a lot of IPv6 mcasted NS which are 'fiddled' into layer-2 unicast ;-) So, you may want to have two or even three deployments in your draft:
- normal Ethernet-like network 
- normal simple WiFi where mcast are lost and no mcast->ucast transformations are done
- advanced WiFi such as IETF network where there are 'ND proxies' of some sort and nearly no mcast

Again, thank you for documenting the problem and I hope that it will be discussed in Montreal

Regards

-éric


On 05/07/2019, 05:51, "v6ops on behalf of Jen Linkova" <v6ops-bounces@ietf.org on behalf of furry13@gmail.com> wrote:

    Hi Alexandre,
    
    On Wed, Jul 3, 2019 at 10:49 PM Alexandre Petrescu
    <alexandre.petrescu@gmail.com> wrote:
    > I am reading through this draft trying to identify whether the indicated
    > ND problem (router lacking ND entry for host's GUA makes drop first
    > incoming packet to GUA) happens on a ptp link like 4G, or on a shared
    > link like WiFi.
    >
    > On what was it tried?
    
    Well, I observed it on WiFi (I guess you should be able to see the
    issue in Montreal).
    
    > > The router ND cache, however, might contain an entry for the device
    > > link-local address (if the device has been performing the ND process
    > > for the roiter LLA) but there are no entries for the device GUA.
    >
    > But has the host DADed (sent NAs) when it formed its GUA?  I guess that
    > would be heard by router, to create that ND cache entry.
    
    1) Those NSes are sent from unspecified address
    2) they are sent to the solicited node mcast address so routers might
    not even receive them..
    
    -- 
    SY, Jen Linkova aka Furry
    
    _______________________________________________
    v6ops mailing list
    v6ops@ietf.org
    https://www.ietf.org/mailman/listinfo/v6ops