Re: [v6ops] draft-linkova-v6ops-nd-cache-init to working group draft
"Pascal Thubert (pthubert)" <pthubert@cisco.com> Tue, 23 July 2019 20:45 UTC
Return-Path: <pthubert@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D81B7120192; Tue, 23 Jul 2019 13:45:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=e6WNdSH8; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Xm3vP3D0
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NETFGmyDRUiw; Tue, 23 Jul 2019 13:45:53 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66187120159; Tue, 23 Jul 2019 13:45:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=24406; q=dns/txt; s=iport; t=1563914753; x=1565124353; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=sH+YRD2gTbENKxhB+p3VXvqvoTJsP4/s5KMCE8iB0gw=; b=e6WNdSH8pbUVeVF7SwATEHTkO1cXL53XeDl/sBqU9/VUMTVpuBwK7MGH Y71ZBOweKO3jRmACME5MCRyL9+jSkJZmczq6f/obK206+qdI6oRKYDnQ9 8cPJxIxW4OSX73TluMhQ3KTDi80h/sZBBbK44/z2u61+Uudk5yUn1sEJB c=;
IronPort-PHdr: 9a23:yeL0EhSV89uK/683U/lrvwdsLNpsv++ubAcI9poqja5Pea2//pPkeVbS/uhpkESXBNfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH15g640NmhA4RsuMCEn1NvnvOjQmHNlIWUV513q6KkNSXs35Yg6arw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CEDAAscTdd/5hdJa1mHQEBBQEHBQGBZ4EVL1ADbVUgBAsqhB2DRwOOAINZllKCUgNUCQEBAQwBAS0CAQGBS4J1AheCNyM4EwEDAQEEAQECAQZthR4MhUsCAQMSEQoTAQEuCQEPAgEIQgICAjAlAgQODRqDAYEdTQMdAQKgCgKBOIhgcYEygnkBAQWFCBiCEwmBNIRyhm0XgUA/gRFGghc1PoRGDIJ9MoImjFWCI4R+lnEJAoIZlCeCLYsxiiylBQIEAgQFAg4BAQWBZyGBWHAVgyeCQoNxilNygSmOPQEB
X-IronPort-AV: E=Sophos;i="5.64,300,1559520000"; d="scan'208,217";a="601223021"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 23 Jul 2019 20:45:52 +0000
Received: from XCH-RCD-007.cisco.com (xch-rcd-007.cisco.com [173.37.102.17]) by rcdn-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id x6NKjqsf018387 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 23 Jul 2019 20:45:52 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-RCD-007.cisco.com (173.37.102.17) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 23 Jul 2019 15:45:51 -0500
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 23 Jul 2019 15:45:50 -0500
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 23 Jul 2019 15:45:50 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=W2rbnpIDqqOdNfe2ykptkMs6qqEWFxVYriCCseE4gRjCrD5x7ixhe0/HOB5nOC5Kvr07zcZNhL9RMwWpHjvlcS91diNaaA/hSii/WIvahf+vByrbqJ1008u+Vo0EdxdbOEy+al6xWJf/yhyw+ypFLbIYZfo8IOszhhF4hqEMDWZAKFI8lvn4kLBh3phiKuBjUHIMDisP1N9Z86sdQe+PfJqHfDMDPzi/3HmFVO3CQ4lfNCkmawIOvmZgg+HwHlFpcJOYj+Z+H4m4MJHY3N67ELLs8OprlAIbxoA4t+r//WxSQw6sqt2X+lVYgC3YMLW23Ra1HkFCXPOucU/of0i1jw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sH+YRD2gTbENKxhB+p3VXvqvoTJsP4/s5KMCE8iB0gw=; b=MPXfG4Vb/36AcmiemVqW52zz4VF+XSsd8PlqgMl3ygvGihrtDvWuRx9EHB180ptTi6pMtCoVPJ5V2iLrOis43ysbEVM61vhpFuLjtUs35m1bjpjwhNZLIBXdLDL+kWc0hSXxFUGk3yaFFZJRCjj1P13BDyhGStMwJ4nHiYHOQazVpRYnfD2iSERI7RZB1kI35BY/aTsHo5JAu3/6PjOxN1RTpfduiPxbHv7Q7RF+Jvw/rLVpBdyFkBbBradl/MV6zhtmIlJB5seByZizsx3cy0Z6rn+hUhwt4+skwUtWWnPjyKVYZzGeZ+O6WPRVgsT98L1pME1aTQ4SPnebKgiKZw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=cisco.com;dmarc=pass action=none header.from=cisco.com;dkim=pass header.d=cisco.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sH+YRD2gTbENKxhB+p3VXvqvoTJsP4/s5KMCE8iB0gw=; b=Xm3vP3D0MhyQOieZ29UAEmvrLp4X+jpXm+QvQ3mTwvLftDrvQXVXrXhKYZeVtHgiAzcdXGRWPZeUtYbL14+644mgIACctQctJooOLmSpTxvsgHc44Z9VXGVVFEyQt6Z1JlKUDWzWAORRFDI2iuzikrz8TL7R9KimhNNZta4VVV0=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB3711.namprd11.prod.outlook.com (20.178.254.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2115.10; Tue, 23 Jul 2019 20:45:50 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::1ce9:1582:146c:c50a]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::1ce9:1582:146c:c50a%6]) with mapi id 15.20.2094.013; Tue, 23 Jul 2019 20:45:49 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Lorenzo Colitti <lorenzo@google.com>
CC: David Lamparter <equinox@diac24.net>, IPv6 Operations <v6ops@ietf.org>, 6man Chairs <6man-chairs@ietf.org>
Thread-Topic: [v6ops] draft-linkova-v6ops-nd-cache-init to working group draft
Thread-Index: AQHVQTDJQIJu4w3G6EWWHtrdc581RKbYFBSAgAAGiwCAABEDgIAAA6lRgAAIB4CAAFPv0A==
Date: Tue, 23 Jul 2019 20:45:38 +0000
Deferred-Delivery: Tue, 23 Jul 2019 19:52:20 +0000
Message-ID: <MN2PR11MB3565F18D397423F11C54CD2CD8C70@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <351E8A83-734C-448D-B0C6-212C09D564F4@gmail.com> <ea7438f2-b917-60eb-88bc-a375246a0cf9@gmail.com> <CAOSSMjUrtjxuA+fSmidP+CYVyPxbMhB88oXCZfwvORZi1_w19g@mail.gmail.com> <20190723130323.GK34551@eidolon.nox.tf> <4F9991E5-AB39-464E-BBF8-87D3B6A6B677@cisco.com> <CAKD1Yr3=e8w6SDZP5CB9NRTQxvpU6VZ7_OQNFOP59RAOjjRfiQ@mail.gmail.com>
In-Reply-To: <CAKD1Yr3=e8w6SDZP5CB9NRTQxvpU6VZ7_OQNFOP59RAOjjRfiQ@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2001:420:c0c0:1008::e3]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6a59c862-2963-43be-42cc-08d70faebf06
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MN2PR11MB3711;
x-ms-traffictypediagnostic: MN2PR11MB3711:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <MN2PR11MB3711CBFA17B496AE3A0170EAD8C70@MN2PR11MB3711.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0107098B6C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(136003)(366004)(39860400002)(376002)(396003)(199004)(189003)(14444005)(64756008)(66476007)(66446008)(6506007)(53936002)(6436002)(66556008)(71190400001)(71200400001)(66574012)(8936002)(6306002)(54896002)(102836004)(66946007)(76116006)(9686003)(86362001)(5660300002)(99286004)(76176011)(229853002)(6916009)(55016002)(25786009)(14454004)(2906002)(6246003)(68736007)(7736002)(6116002)(316002)(74316002)(256004)(476003)(7696005)(446003)(478600001)(52536014)(790700001)(6666004)(8676002)(46003)(11346002)(81156014)(81166006)(54906003)(4326008)(33656002)(186003)(486006); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3711; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 3DXqwwRAK3ZLAmNt6BLTFJJX9uN23o2MjkOspILT9IBu9QANYCzBE6yMvfeNtCFvSpxvdVy9Z1mHZlCaHkKWa90HbB5LbD2DYBUEjAaQxMSUPqycu2XuQMu6a1afuY2UIC8MRGEJQIgbw9IdEvXy5q1qlYF7G8LGjz+w3fITdE4W4DGgjjuPTEHnRV9KmsjTFi0tPo6Ylec9l0flWVxKsRmmn4c12mdn2u2+OU7WcsrZKsmcOeokfDNMX2C4UBwii4zFZI5OwRezAoNSgGVU46iZqqOU9wL5XTMUbJckyd5R8ZCRMg64b6fL4ZXw6gm/QaYRwtXb0RqnL6OenhpKUMWuHXVrZbliP3lZ1YRHBetQxj7BMpC7WT64HTeb1ZaBmDduzotCbU+heXUUdqJ3v+UFsWgE1hhMh8EKm/Y9K1U=
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB3565F18D397423F11C54CD2CD8C70MN2PR11MB3565namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 6a59c862-2963-43be-42cc-08d70faebf06
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jul 2019 20:45:49.7710 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pthubert@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3711
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.17, xch-rcd-007.cisco.com
X-Outbound-Node: rcdn-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/8wjjWRvheYEvQ9JSPfNqYuzi3s0>
Subject: Re: [v6ops] draft-linkova-v6ops-nd-cache-init to working group draft
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 20:45:56 -0000
Hello Lorenzo For the record, actually no, that is not my position. Protocol changes do belong in 6man. But as Brian says, we may not need protocol changes. A BCP seems like a fine place to say "here's a good reason not to implement this SHOULD in a router". <Pascal> * Sorry for placing words in your mouth, that was my understanding of your last sentence. I hope v6ops finds tricks with the current methods that help the situation. Jen’s draft is useful and uncovers one of more than a half dozen of issues that are related to the reactive nature of ND. * And I read that the proposed approach to solve that is to populate the ND cache in advance. Which is what in my book is called proactive, regardless of the method used to get there. The question is whether we do it well or just scratch the surface. * I’d like the draft to include other problems that relate to the same cause. This includes: * PUNTing packets to software for resolution, an archaic operation. Kills the benefits of 802.11ai. Makes IPv6 looks even worse than IPv4 because of more addresses. * Scanning attacks to DoS the router, trying to either fill the ND cache, saturate the CPU, or deny access to legitimate hosts when the router protects itself. * Broadcast inefficiencies, in particular in wireless and distributed L2 domains * Silent host * Need for a global broadcast domain and always on devices (for DAD and AR) = A bad match with pretty much all modern networks including overlays, IOT, vehicular or wireless * ND abuse / SeND too complex We are now finding that we need to reconsider the reactive behavior of ND AR. Tricking the current model can improve things but only so far. For the record, I don't agree with this. Changing the reactive behaviour has far-reaching implications and a number of difficult trade-offs with regard to scalability, crash recovery, availability of addresses to network nodes, and so on. <Pascal> Ø Ain’t that FUD? We all have been using Wi-Fi ESS for a long time and the pro-active model has been delivering quite satisfactorily AFAIK. It is actually a lot more scalable than transparent bridging, which is the analogous to AR relie at the MAC-level. It was designed to protect the wireless medium. The EARO model is a plain adaptation of the model at Layer-3. It was doable at L2 for a while, it is probably doable at L3 today. Actually we’ve done it. We have deployed MLSNs on thousands of nodes operating that way. Cheers, Pascal
- [v6ops] draft-linkova-v6ops-nd-cache-init to work… Fred Baker
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Fernando Gont
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Lorenzo Colitti
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Brian E Carpenter
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Timothy Winters
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … David Lamparter
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Lorenzo Colitti
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Pascal Thubert (pthubert)
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Lorenzo Colitti
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … JORDI PALET MARTINEZ
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Igor Gashinsky
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Jen Linkova
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Fernando Gont
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Lorenzo Colitti
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Fernando Gont
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Fernando Gont
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Ole Troan
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Lorenzo Colitti
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … David Lamparter
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Fred Baker
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Jen Linkova
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … STARK, BARBARA H
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Pascal Thubert (pthubert)
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … David Lamparter
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Brian E Carpenter
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Pascal Thubert (pthubert)
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Eric Vyncke (evyncke)
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … David Lamparter
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Lorenzo Colitti
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … David Lamparter
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Ole Troan
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Pascal Thubert (pthubert)
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Lorenzo Colitti
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Ole Troan
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Fernando Gont
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Jen Linkova
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Mikael Abrahamsson
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Yannis Nikolopoulos
- Re: [v6ops] draft-linkova-v6ops-nd-cache-init to … Erik Nygren