IETF Logo Mail Archive

Re: [v6ops] draft-linkova-v6ops-nd-cache-init to working group draft

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Tue, 23 July 2019 20:45 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D81B7120192; Tue, 23 Jul 2019 13:45:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=e6WNdSH8; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Xm3vP3D0
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NETFGmyDRUiw; Tue, 23 Jul 2019 13:45:53 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66187120159; Tue, 23 Jul 2019 13:45:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=24406; q=dns/txt; s=iport; t=1563914753; x=1565124353; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=sH+YRD2gTbENKxhB+p3VXvqvoTJsP4/s5KMCE8iB0gw=; b=e6WNdSH8pbUVeVF7SwATEHTkO1cXL53XeDl/sBqU9/VUMTVpuBwK7MGH Y71ZBOweKO3jRmACME5MCRyL9+jSkJZmczq6f/obK206+qdI6oRKYDnQ9 8cPJxIxW4OSX73TluMhQ3KTDi80h/sZBBbK44/z2u61+Uudk5yUn1sEJB c=;
IronPort-PHdr: 9a23:yeL0EhSV89uK/683U/lrvwdsLNpsv++ubAcI9poqja5Pea2//pPkeVbS/uhpkESXBNfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH15g640NmhA4RsuMCEn1NvnvOjQmHNlIWUV513q6KkNSXs35Yg6arw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CEDAAscTdd/5hdJa1mHQEBBQEHBQGBZ4EVL1ADbVUgBAsqhB2DRwOOAINZllKCUgNUCQEBAQwBAS0CAQGBS4J1AheCNyM4EwEDAQEEAQECAQZthR4MhUsCAQMSEQoTAQEuCQEPAgEIQgICAjAlAgQODRqDAYEdTQMdAQKgCgKBOIhgcYEygnkBAQWFCBiCEwmBNIRyhm0XgUA/gRFGghc1PoRGDIJ9MoImjFWCI4R+lnEJAoIZlCeCLYsxiiylBQIEAgQFAg4BAQWBZyGBWHAVgyeCQoNxilNygSmOPQEB
X-IronPort-AV: E=Sophos;i="5.64,300,1559520000"; d="scan'208,217";a="601223021"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 23 Jul 2019 20:45:52 +0000
Received: from XCH-RCD-007.cisco.com (xch-rcd-007.cisco.com [173.37.102.17]) by rcdn-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id x6NKjqsf018387 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 23 Jul 2019 20:45:52 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-RCD-007.cisco.com (173.37.102.17) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 23 Jul 2019 15:45:51 -0500
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 23 Jul 2019 15:45:50 -0500
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 23 Jul 2019 15:45:50 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=W2rbnpIDqqOdNfe2ykptkMs6qqEWFxVYriCCseE4gRjCrD5x7ixhe0/HOB5nOC5Kvr07zcZNhL9RMwWpHjvlcS91diNaaA/hSii/WIvahf+vByrbqJ1008u+Vo0EdxdbOEy+al6xWJf/yhyw+ypFLbIYZfo8IOszhhF4hqEMDWZAKFI8lvn4kLBh3phiKuBjUHIMDisP1N9Z86sdQe+PfJqHfDMDPzi/3HmFVO3CQ4lfNCkmawIOvmZgg+HwHlFpcJOYj+Z+H4m4MJHY3N67ELLs8OprlAIbxoA4t+r//WxSQw6sqt2X+lVYgC3YMLW23Ra1HkFCXPOucU/of0i1jw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sH+YRD2gTbENKxhB+p3VXvqvoTJsP4/s5KMCE8iB0gw=; b=MPXfG4Vb/36AcmiemVqW52zz4VF+XSsd8PlqgMl3ygvGihrtDvWuRx9EHB180ptTi6pMtCoVPJ5V2iLrOis43ysbEVM61vhpFuLjtUs35m1bjpjwhNZLIBXdLDL+kWc0hSXxFUGk3yaFFZJRCjj1P13BDyhGStMwJ4nHiYHOQazVpRYnfD2iSERI7RZB1kI35BY/aTsHo5JAu3/6PjOxN1RTpfduiPxbHv7Q7RF+Jvw/rLVpBdyFkBbBradl/MV6zhtmIlJB5seByZizsx3cy0Z6rn+hUhwt4+skwUtWWnPjyKVYZzGeZ+O6WPRVgsT98L1pME1aTQ4SPnebKgiKZw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=cisco.com;dmarc=pass action=none header.from=cisco.com;dkim=pass header.d=cisco.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sH+YRD2gTbENKxhB+p3VXvqvoTJsP4/s5KMCE8iB0gw=; b=Xm3vP3D0MhyQOieZ29UAEmvrLp4X+jpXm+QvQ3mTwvLftDrvQXVXrXhKYZeVtHgiAzcdXGRWPZeUtYbL14+644mgIACctQctJooOLmSpTxvsgHc44Z9VXGVVFEyQt6Z1JlKUDWzWAORRFDI2iuzikrz8TL7R9KimhNNZta4VVV0=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB3711.namprd11.prod.outlook.com (20.178.254.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2115.10; Tue, 23 Jul 2019 20:45:50 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::1ce9:1582:146c:c50a]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::1ce9:1582:146c:c50a%6]) with mapi id 15.20.2094.013; Tue, 23 Jul 2019 20:45:49 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Lorenzo Colitti <lorenzo@google.com>
CC: David Lamparter <equinox@diac24.net>, IPv6 Operations <v6ops@ietf.org>, 6man Chairs <6man-chairs@ietf.org>
Thread-Topic: [v6ops] draft-linkova-v6ops-nd-cache-init to working group draft
Thread-Index: AQHVQTDJQIJu4w3G6EWWHtrdc581RKbYFBSAgAAGiwCAABEDgIAAA6lRgAAIB4CAAFPv0A==
Date: Tue, 23 Jul 2019 20:45:38 +0000
Deferred-Delivery: Tue, 23 Jul 2019 19:52:20 +0000
Message-ID: <MN2PR11MB3565F18D397423F11C54CD2CD8C70@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <351E8A83-734C-448D-B0C6-212C09D564F4@gmail.com> <ea7438f2-b917-60eb-88bc-a375246a0cf9@gmail.com> <CAOSSMjUrtjxuA+fSmidP+CYVyPxbMhB88oXCZfwvORZi1_w19g@mail.gmail.com> <20190723130323.GK34551@eidolon.nox.tf> <4F9991E5-AB39-464E-BBF8-87D3B6A6B677@cisco.com> <CAKD1Yr3=e8w6SDZP5CB9NRTQxvpU6VZ7_OQNFOP59RAOjjRfiQ@mail.gmail.com>
In-Reply-To: <CAKD1Yr3=e8w6SDZP5CB9NRTQxvpU6VZ7_OQNFOP59RAOjjRfiQ@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2001:420:c0c0:1008::e3]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6a59c862-2963-43be-42cc-08d70faebf06
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MN2PR11MB3711;
x-ms-traffictypediagnostic: MN2PR11MB3711:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <MN2PR11MB3711CBFA17B496AE3A0170EAD8C70@MN2PR11MB3711.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0107098B6C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(136003)(366004)(39860400002)(376002)(396003)(199004)(189003)(14444005)(64756008)(66476007)(66446008)(6506007)(53936002)(6436002)(66556008)(71190400001)(71200400001)(66574012)(8936002)(6306002)(54896002)(102836004)(66946007)(76116006)(9686003)(86362001)(5660300002)(99286004)(76176011)(229853002)(6916009)(55016002)(25786009)(14454004)(2906002)(6246003)(68736007)(7736002)(6116002)(316002)(74316002)(256004)(476003)(7696005)(446003)(478600001)(52536014)(790700001)(6666004)(8676002)(46003)(11346002)(81156014)(81166006)(54906003)(4326008)(33656002)(186003)(486006); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB3711; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 3DXqwwRAK3ZLAmNt6BLTFJJX9uN23o2MjkOspILT9IBu9QANYCzBE6yMvfeNtCFvSpxvdVy9Z1mHZlCaHkKWa90HbB5LbD2DYBUEjAaQxMSUPqycu2XuQMu6a1afuY2UIC8MRGEJQIgbw9IdEvXy5q1qlYF7G8LGjz+w3fITdE4W4DGgjjuPTEHnRV9KmsjTFi0tPo6Ylec9l0flWVxKsRmmn4c12mdn2u2+OU7WcsrZKsmcOeokfDNMX2C4UBwii4zFZI5OwRezAoNSgGVU46iZqqOU9wL5XTMUbJckyd5R8ZCRMg64b6fL4ZXw6gm/QaYRwtXb0RqnL6OenhpKUMWuHXVrZbliP3lZ1YRHBetQxj7BMpC7WT64HTeb1ZaBmDduzotCbU+heXUUdqJ3v+UFsWgE1hhMh8EKm/Y9K1U=
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB3565F18D397423F11C54CD2CD8C70MN2PR11MB3565namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 6a59c862-2963-43be-42cc-08d70faebf06
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jul 2019 20:45:49.7710 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pthubert@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3711
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.17, xch-rcd-007.cisco.com
X-Outbound-Node: rcdn-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/8wjjWRvheYEvQ9JSPfNqYuzi3s0>
Subject: Re: [v6ops] draft-linkova-v6ops-nd-cache-init to working group draft
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 20:45:56 -0000

Hello Lorenzo

For the record, actually no, that is not my position. Protocol changes do belong in 6man. But as Brian says, we may not need protocol changes. A BCP seems like a fine place to say "here's a good reason not to implement this SHOULD in a router".

<Pascal>

  *   Sorry for placing words in your mouth, that was my understanding of your last sentence. I hope v6ops finds tricks with the current methods that help the situation. Jen’s draft is useful and uncovers one of more than a half dozen of issues that are related to the reactive nature of ND.
  *   And I read that the proposed approach to solve that is to populate the ND cache in advance. Which is what in my book is called proactive, regardless of the method used to get there. The question is whether we do it well or just scratch the surface.
  *   I’d like the draft to include other problems that relate to the same cause. This includes:


  *   PUNTing packets to software for resolution, an archaic operation. Kills the benefits of 802.11ai. Makes IPv6 looks even worse than IPv4 because of more addresses.
  *   Scanning attacks to DoS the router, trying to either fill the ND cache, saturate the CPU, or deny access to legitimate hosts when the router protects itself.
  *   Broadcast inefficiencies, in particular in wireless and distributed L2 domains
  *   Silent host
  *   Need for a global broadcast domain and always on devices (for DAD and AR) = A bad match with pretty much all modern networks including overlays, IOT, vehicular or wireless
  *   ND abuse / SeND too complex

We are now finding that we need to reconsider the reactive behavior of ND AR. Tricking the current model can improve things but only so far.

For the record, I don't agree with this. Changing the reactive behaviour has far-reaching implications and a number of difficult trade-offs with regard to scalability, crash recovery, availability of addresses to network nodes, and so on.


<Pascal>


Ø    Ain’t that FUD? We all have been using Wi-Fi ESS for a long time and the pro-active model has been delivering quite satisfactorily AFAIK. It is actually a lot more scalable than transparent bridging, which is the analogous to AR relie at the MAC-level. It was designed to protect the wireless medium. The EARO model is a plain adaptation of the model at Layer-3. It was doable at L2 for a while, it is probably doable at L3 today. Actually we’ve done it. We have deployed MLSNs on thousands of nodes operating that way.


Cheers,

Pascal

v2.23.0 | Report a Bug | By Email