[v6ops] AD Review of: draft-ietf-v6ops-conditional-ras
Warren Kumari <warren@kumari.net> Fri, 04 May 2018 18:19 UTC
Return-Path: <warren@kumari.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 936F6129502 for <v6ops@ietfa.amsl.com>; Fri, 4 May 2018 11:19:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 67L6DjmbBKk6 for <v6ops@ietfa.amsl.com>; Fri, 4 May 2018 11:19:21 -0700 (PDT)
Received: from mail-wr0-x231.google.com (mail-wr0-x231.google.com [IPv6:2a00:1450:400c:c0c::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31577124217 for <v6ops@ietf.org>; Fri, 4 May 2018 11:19:21 -0700 (PDT)
Received: by mail-wr0-x231.google.com with SMTP id c14-v6so21967691wrd.4 for <v6ops@ietf.org>; Fri, 04 May 2018 11:19:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=ffXOlS3DWs22kPjRC/zsPfntxA/ENznXCsUfmHAuDQU=; b=EH8LP+EzC0W0WobL7WoVBdnIcg/ZjaVoIXuHNoFaYRQfeRmxL/X48Erm0aPxF2+CJw LoXfOZue5TJpXv6Zv6qtvhLiSQpjpeqk8f5IrEfkND+2YW9/zAzAeQ7uAWPoS3fs1jXS fHLE+5FhzpG3LPgKRSTWcxqZwpkDzxKLW7GnRK81IY3s8O13nONTMqCwV4J5t/d6PFe4 PqTki7KHlwluvPVCXnhZpAyFSXLAN/fWMdWzNLuj5JOua20y6g6Ix6APow0jqM25bRv3 9lHK/evqoUkkjmrlRGi2ZKOXYSZQV+5IIZl5VLh/canDFItK7n9qxiJmJygNCn/YshZK VNHA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=ffXOlS3DWs22kPjRC/zsPfntxA/ENznXCsUfmHAuDQU=; b=TYL2bBKs9s2c5MuOxzC6LUjM+RcP4NRgYQEMzXiuDD8lm8a+t+0uL91tsOLLgcF/6D fnqPtNhm7o/uhzYga1M53fAm+c0JHAyskIcNnYk0/hTfAYLX4mnKOeyr46pyKJVB1jA2 TNbyKQY+2u9HCZMujypJDrye3/huSQ4MrFgPqGOGl8KsWLfOX9ytqWGS82AhXuKw9taR Ntcmx7udPNmOEbg9ND0fkYwstfs8R12UaophgcAds0yjAmg92gxhTLwCXd19rEgYokZE m8zVErP4wtToSLdAjJJSC3PmsXNTF6BQrzBLoe1AsS6ksdaNDwibrV4rm9A0OpzOixI0 daSA==
X-Gm-Message-State: ALQs6tD0+V79jbgLXjm0A/SaGJzfLhmV5jO49IsYJWwSnKXEbdQmQPlx HTsgqJt7Get+qfRiEpAUEZR2tCsa3UEQKWLTTgK1MBM2THw=
X-Google-Smtp-Source: AB8JxZrd7K9thB1V0GFiwQ0RA6RBKmL4E0meiqK8tPdiNBsV0HkG8JvbL34LhEdMCeISH2BXxaxFE2VoDkVPVEh0U3U=
X-Received: by 2002:adf:ad61:: with SMTP id p88-v6mr21355126wrc.24.1525457958970; Fri, 04 May 2018 11:19:18 -0700 (PDT)
MIME-Version: 1.0
From: Warren Kumari <warren@kumari.net>
Date: Fri, 04 May 2018 18:18:43 +0000
Message-ID: <CAHw9_iKM=ORKdCDT+8KkqtjiO9X5waH6AKkgqi0LqSQKg-9mTQ@mail.gmail.com>
To: IPv6 Operations <v6ops@ietf.org>, draft-ietf-v6ops-conditional-ras@ietf.org
Content-Type: multipart/alternative; boundary="000000000000c3eb50056b655bae"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/QYZhCDABVeM6MMeGLIBT-Jhc3Lg>
Subject: [v6ops] AD Review of: draft-ietf-v6ops-conditional-ras
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2018 18:19:25 -0000
Hello, Thank you to the editors and WG for your efforts on this document, it's a well written, useful and easy to understand draft. I do have a few comments that I’d like addressed before I start IETF LC. The majority of these are nits (and 2 substantive comments), but addressing these now will avoid issues later in the process. Please let me know LOUDLY AND EXPLICITLY once you've had a chance to address them and I'll kick off IETF LC. W Section: Abstract This document discusses most common scenarios of connecting an O: discusses most common P: discusses the most common enterprise network to multiple ISPs using an address space assigned by an ISP. The problem of enterprise multihoming without address translation of any form has not been solved yet as it requires both the network to select the correct egress ISP based on the packet source address and hosts to select the correct source address based on the desired egress ISP for that traffic. ... general problem and on covering various complex use cases, this document describes how the solution proposed in [I-D.ietf-rtgwg-enterprise-pa-multihoming] can be adopted for limited O: adopted for limited P: adopted for a limited number of common use cases. In particular, the focus is on scenarios where an enterprise network has two Internet uplinks used either in primary/backup mode or simultaneously and hosts in that network might not yet properly support multihoming as described in [RFC8028]. Section: 1. Introduction Using Provider Independent (PI) address space is not always an option as it requires running BGP between the enterprise network and the ISPs, not mentioning administrative overhead of obtaining and managing PI address space. As IPv6 host can, by O: Using Provider Independent (PI) address space is not always an option as it requires running BGP between the enterprise network and the ISPs, not mentioning administrative overhead of obtaining and managing PI address space. As IPv6 host can, by P: Using Provider Independent (PI) address space is not always an option, since it requires running BGP between the enterprise network and the ISPs. Administrative overhead of obtaining and managing PI address space can also be a concern. As IPv6 hosts can, by R: Readability design, have multiple addresses of the global scope, multihoming using provider address looks even easier for IPv6: each ISP assigns an IPv6 block (usually /48) and hosts in the enterprise network have addresses assigned from each ISP block. However using IPv6 PA blocks in multihoming scenario introduces some challenges, including but not limited to: ... The document [I-D.ietf-rtgwg-enterprise-pa-multihoming] discusses these and other related challenges in details in relation to the O: in details P: in detail general multihoming scenario for enterprise networks. Unfortunately the proposed solution heavily relies on the rule 5.5 of the default O: heavily relies P: relies heavily O: on the rule 5.5 [... P: maybe reference the rule more specifically, provide more detail, etc. This is an introductory section, it it unlikely that people will remember what rule 5.5 says. address selection algorithm ([RFC6724]) which has not been widely implemented at the moment this document was written. Therefore O: at the moment P: when network administrators in enterprise networks can't yet assume that all devices in their network support the rule 5.5, especially in the quite common BYOD ("Bring Your Own Device") scenario. However, while it does not seem feasible to solve all the possible multihoming scenarios without reliying on rule 5.5, it is possible to provide O: reliying P: relying IPv6 multihoming using provider-assigned (PA) address space for the most common use cases. This document discusses how the general solution described in [I-D.ietf-rtgwg-enterprise-pa-multihoming] can be applied to scenarios when: o An enterprise network has two or more ISP uplinks; o Those uplinks are used for Internet access in active/backup or load sharing mode w/o any soficticated traffic engineering O: soficticated P: sophisticated requirements; Section: 2.2. Two ISP Uplinks, Used for Load Balancing This scenario has the following key characteristics: o The enterprise network is using uplinks to two (or more) ISPs for Internet access; o Each ISP assigns an IPv6 PA address space; o All the uplinks may be used simultaneously, with the traffic flows being randomly (not nessesary equally) distributed between them; O: nessesary P: necessarily o Hosts in the enterprise network are not expected to support the Rule 5.5 of the default address selection algorithm ([RFC6724]). ... Section: 3.1.1. Uplink Selection While some work is being done in the Source Address Dependent Routing (SADR) area, the simplest way to implement the desired functionality currently is to apply a policy which selects a next-hop or an egress interface based on the packet source address. Most of the SMB/ O: Most of the P: Most Enterprise grade routers have such functionality available currently. 3.1.2. Source Address Selection and Conditional RAs Sending a router advertisement to change the preferred lifetime for a given prefix provides the following functionality: o deprecating addresses (by sending an RA with the preferred_lifetime set to 0 in the corresponding POI) to indicate O: POI R: POI? or PIO? -- also, need a POI reference. to hosts that that addresses from that prefix should not be used; ... The trigger is not only forcing the router to send an unsolicited RA to propagate the topology changes to all hosts. Obviously the RA fields values (like PIO Preferred Lifetime or DNS Server Lifetime) changed by the particular trigger MUST stay the same until another event happens causing the value to be updated. E.g. if the ISP_A uplink failure causes the prefix to be deprecated all solicited and O: to be deprecated all P: to be deprecated, all unsolicited RAs sent by the router MUST have the Preferred Lifetime for that POI set to 0 until the uplink comes back up. It should be noted that the proposed solution is quite similar to the existing requirement L-13 for IPv6 CPE routers ([RFC7084]) and the documented behaviour of homenet devices. It is using the same O: behaviour P: behavior mechanism of deprecating a prefix when the corresponding uplink is not operational, applying it to enterprise network scenario. Section: 3.2.1. Single Router, Primary/Backup Uplinks To ensure that packets with source addresses from ISP_A and ISP_B are only routed to ISP_A and ISP_B uplinks respectively, the network administrator needs to configure a policy on R1: if { packet_destination_address is not in 2001:db8:1::/48 or 2001:db8:2::/48 packet_source_address is in 2001:db8:1::/48 } then { default next-hop is ISP_A_uplink } if { packet_destination_address is not in 2001:db8:1::/48 or 2001:db8:2::/48 packet_source_address is in 2001:db8:2::/48 } then { default next-hop is ISP_B_uplink } C: Pseudocode is always tricky; it is hard to get the level of abstraction right. I think that this needs a bit more work / words / parenthesis... Is this: A: packet_destination_address is not in 2001:db8:1::/48 AND IS NOT IN 2001:db8:2::/48 or B: packet_destination_address is not in 2001:db8:1::/48 OR IS IN 2001:db8:2::/48 ? (The first is implied, but not really explicit) Also, is the "packet_source_address is in 2001:db8:1::/48" AND or OR with the first condition? I think: (packet_destination_address is not in (2001:db8:1::/48 or 2001:db8:2::/48)) and (packet_source_address is in 2001:db8:1::/48) is clearer, but not sure (same for other pseudocode too) .... ... 3.2.5. Topologies with Dedicated Border Routers For simplicity reasons all topologies below show the ISP uplinks O: For simplicity reasons P: For simplicity, terminated on the first-hop routers. Obviously, the proposed approach can be used in more complex topologies when dedicated devices are used for terminating ISP uplinks. In that case VRRP mastership or inteface status can not be used as a trigger for O: inteface P: interface conditional RAs and route presence as described above should be used instead. ... R1 and R2 policy: prefix 2001:db8:1:1::/64 { if ISP_A_uplink_route is present then preferred_lifetime = 604800 else preferred_lifetime = 0 } prefix 2001:db8:2:1::/64 { if ISP_A_uplink_route is present then preferred_lifetime = 0 else preferred_lifetime = 604800 } For load-balancing case the policy would look slightly different: O: For load-balancing case P: For the load balancing case ? each prefix has non-zero preferred_lifetime only if the correspoding ISP uplink route is present: Section: 3.2.6. Intra-Site Communication during Simultaneous Uplinks Outage Prefix deprecation as a result of an uplink status change might lead to a situation when all global prefixes are deprecated (all ISP uplinks are not operational for some reason). Even when there is no Internet connectivity it might be still desirable to have intra-site IPv6 connectivity (especially when the network in question is an IPv6-only one). However while an address is in a deprecated state, its use is discouraged, but not strictly forbidden ([RFC4862]). In such scenario all IPv6 source addresses in the candidate set O: such scenario P: such a scenario, ([RFC6724]) are deprecated which means that they still can be used O: deprecated which means P: deprecated, which means (as there is no preferred addresses available) and the source address selection algorith can pick up one of them, allowing the intra-site communication. However some OSes might just fall back to IPv4 if the network interface has no preferred IPv6 global addresses. Therefore if intra-site connectivity is vital during simultanious outages of multiple uplinks, administrators might consider using ULAs or provisioning additional backup uplinks to protect the network from double-failure cases. 3.2.7. Uplink Damping If an actively used uplink (primary one or one used in load balaning scenario) starts flapping, it might lead to undesirable situation of O: to undesirable situation P: to the undesirable situation flapping addresses on hosts (every time the uplink goes up hosts receive an RA with non-zerop preferred PIO lifetime, and every time O: non-zerop P: non-zero the uplink goes down all address in the affected prefix become O: all address P: all addresses deprecated). Undoubtedly it would negatively impact user experience, not mentioning spikes of DAD traffic every time an uplink comes back O: Undoubtedly it would negatively impact user experience, not mentioning spikes P: This would, undoubtedly, negatively impact the user experience, not to mention the impact of spikes up. Therefore it's recommended that router vendors implement some form of damping policy for conditional RAs and either postpone sending an RA with non-zero lifetime for a POI when the uplink comes up for a number of seconds or even introduce accumulated penalties/ exponential backoff algorithm for such delays. (In the case of multiple simultaneous uplink failure scenario, when all but one uplinks are down and the last remaining is flapping it might result in all addresses being deprecated for a while after the flapping uplink recovers.) O: (In the case of multiple simultaneous uplink failure scenario, when all but one uplinks are down and the last remaining is flapping it might result in all addresses being deprecated for a while after the flapping uplink recovers.) P: (In the case of a multiple simultaneous uplink failure scenario, when all but one uplink is down and the last remaining one is flapping, this might result in all addresses being deprecated for a while after the flapping uplink recovers.) 3.3. Solution Limitations It should be noted that the proposed approach is not a silver bullet for all possible multihoming scenarios. The main goal is to solve some common use cases so it would suit very well relatively simple topologies with straightforward policies. The more complex the O: so it would suit very well relatively simple topologies with straightforward policies. P: -- I don't know, but I am having trouble parsing the above. network topology and the corresponding routing policies more O: policies more P: policies, the more configuration would be required to implement the solution. Another limitation is related to the load balancing between the uplinks. In that scenario when both uplinks are active hosts would O: In that scenario when both uplinks are active hosts P: In the scenario in which both uplinks are active, hosts select the source prefix using the Default Address Selection algorithm ([RFC6724]) and therefore the load between two uplinks most O: algorithm ([RFC6724]) and therefore the load P: algorithm ([RFC6724]), and therefore the load likely would not be evenly distributed. (However the proposed O: However P: However, mechanism does allow a creative way of controlling uplinks load in SDN networks where controllers might selectively deprecate prefixes on some hosts but not others to move egress traffic between uplinks). Also the prefix selection does not take into account any other uplinks properties (such as RTT etc) so egress traffic might not be O: (such as RTT etc) so P: (such as RTT etc), so sent to the nearest uplink if the corresponding prefix is selected as a source. In general if not all uplinks are equal and some uplinks are expected to be preferred over others then the network O: In general if not all uplinks are equal and some uplinks are expected to be preferred over others then P: In general, if not all uplinks are equal and some uplinks are expected to be preferred over others, then adminitrator should ensure that prefixes from non-preferred ISP(s) O: adminitrator P: administrator are kept deprecated (so primary/backup setup is used). 3.3.1. Connections Preservation The proposed solution is not designed to preserve connections state O: connections P: connection after an uplink failure. If all uplinks to an ISP go down all O: If all uplinks to an ISP go down P: If all uplinks to an ISP go down, sessions to/from addresses from that ISP address space are interrupted as there is no egress path for those packets and there is not return path from Internet to the correspodning prefix. In this O: not return path from Internet to the correspodning prefix. P: no return path from the Internet to the corresponding prefix. regard it is similar to IPv4 multihoming using NAT, where an uplink failure and failover to another uplink means that a public IPv4 address changes and all existing connections are interrupted. An uplink recovery, however, does not nessesary leads to connections O: nessesary leads P: necessarily lead interruption. In the load sharing/balancing scenario an uplink recovery does not affect any existing connections at all. In the active/backup topology when the primary uplink recovers from the failure and the backup prefix is deprectaed, the existing sessions O: deprectaed P: deprecated (established to/from the backup ISP addresses) can be preserved if the routers are configured as described in Section 3.2.1 and send packets with the backup ISP source addresses to the backup uplink even when the primary one is operational. As a result, the primary uplink recovery makes the usage of the backup ISP addresses discouraged but still possible. -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
- [v6ops] AD Review of: draft-ietf-v6ops-conditiona… Warren Kumari
- Re: [v6ops] AD Review of: draft-ietf-v6ops-condit… Jen Linkova