IETF Logo Mail Archive

Re: [v6ops] [dhcwg] Considering AD sponsoring draft-bi-savi-wlan-15

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Fri, 19 October 2018 14:44 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E495B130EEA; Fri, 19 Oct 2018 07:44:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.563
X-Spam-Level:
X-Spam-Status: No, score=-14.563 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.064, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X75IZhWgfhRK; Fri, 19 Oct 2018 07:44:40 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31E60130EB7; Fri, 19 Oct 2018 07:44:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=15542; q=dns/txt; s=iport; t=1539960279; x=1541169879; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=17ycnTk4Koiv0aheB1e4vRC+gINEFwhbpUOXT4axNUg=; b=EsByzlUoHwm5kNlj2JNy2Vl51CTZuojdwipAZhRiy/zbFqmvn2rXZXsy dvch1B+3Xk0XienqjG1xcbAqJy58ST1I36pzBKtCyJPzW4sULgcCKqFIY zhYQ5e2BiKcuEfQsIWxbmzpBk9yBgB3rzt0CnrHqzpT+3xhhx6kr+ShuO Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ADAACP7Mlb/4YNJK1kGQEBAQEBAQEBAQEBAQcBAQEBAQGBUQQBAQEBAQsBgQ13Zn8oCoNriBiMG4INkUeFSBSBZgsBASOESQIXhG8hNA0NAQMBAQIBAQJtHAyFOQEBAQEDIwpBCxACAQgRBAEBKAMCAgIwFAkIAgQBDQUIE4MHgR1kD6ZrgS6EMAKFYQWLTxeBQT+EI4MbAQEDgSZGKIJNglcCiQsOhRmQDwkChlyKBh+BT4RziWeMVIlXAhEUgSYdOIFVcBU7gmyLGYU+b4h6K4EBgR8BAQ
X-IronPort-AV: E=Sophos;i="5.54,400,1534809600"; d="scan'208,217";a="458436405"
Received: from alln-core-12.cisco.com ([173.36.13.134]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Oct 2018 14:44:37 +0000
Received: from XCH-ALN-003.cisco.com (xch-aln-003.cisco.com [173.36.7.13]) by alln-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id w9JEibPx019637 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 19 Oct 2018 14:44:38 GMT
Received: from xch-rcd-001.cisco.com (173.37.102.11) by XCH-ALN-003.cisco.com (173.36.7.13) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 19 Oct 2018 09:44:37 -0500
Received: from xch-rcd-001.cisco.com ([173.37.102.11]) by XCH-RCD-001.cisco.com ([173.37.102.11]) with mapi id 15.00.1395.000; Fri, 19 Oct 2018 09:44:37 -0500
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org>, Suresh Krishnan <Suresh@kaloom.com>
CC: "v6ops@ietf.org WG" <v6ops@ietf.org>, IETF IPv6 Mailing List <ipv6@ietf.org>, "opsec@ietf.org" <opsec@ietf.org>, "dhcwg@ietf.org" <dhcwg@ietf.org>, "int-area@ietf.org" <int-area@ietf.org>, "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: [dhcwg] Considering AD sponsoring draft-bi-savi-wlan-15
Thread-Index: AQHUZzM4rr8N7CUdy0qcarmhx6SfhaUmBK8AgACTkfA=
Date: Fri, 19 Oct 2018 14:44:11 +0000
Deferred-Delivery: Fri, 19 Oct 2018 14:43:54 +0000
Message-ID: <da54096864fc4b508931eea7203ae8ac@XCH-RCD-001.cisco.com>
References: <9E0D2E7C-FC28-49AC-A165-241C0BC3487E@kaloom.com> <CAKD1Yr1GoCe0uBegEoe0xj+=yK=1K8ibkndQyLb1nWZa=6i-_A@mail.gmail.com>
In-Reply-To: <CAKD1Yr1GoCe0uBegEoe0xj+=yK=1K8ibkndQyLb1nWZa=6i-_A@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.228.216.26]
Content-Type: multipart/alternative; boundary="_000_da54096864fc4b508931eea7203ae8acXCHRCD001ciscocom_"
MIME-Version: 1.0
X-Outbound-SMTP-Client: 173.36.7.13, xch-aln-003.cisco.com
X-Outbound-Node: alln-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/S4VaG9aUaCz3IfRA3I9idImmVJ8>
Subject: Re: [v6ops] [dhcwg] Considering AD sponsoring draft-bi-savi-wlan-15
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Oct 2018 14:44:43 -0000

Dear all :

I agree with Lorenzo, this scheme is at a high level what we can find in commercial products, and I have first-hand experience on that.

As an informational document, this RFC could be a useful reference to consider if we were to change the protocols in a way that would impact those existing and non-standard snooping behaviors.
Snooping has proven to be very useful, but as one may guess, it is not reliable; it may miss packets, may fail to create bindings, may point on an incorrect location as well.

So I’d say that if we publish as RFC,  we should also indicate that with draft-ietf-6lo-ap-nd, we (will) have a more robust solution for devices that are willing to announce themselves.

Cheers,

Pascal
From: ipv6 <ipv6-bounces@ietf.org> On Behalf Of Lorenzo Colitti
Sent: vendredi 19 octobre 2018 02:07
To: Suresh Krishnan <Suresh@kaloom.com>
Cc: v6ops@ietf.org WG <v6ops@ietf.org>; IETF IPv6 Mailing List <ipv6@ietf.org>; opsec@ietf.org; dhcwg@ietf.org; int-area@ietf.org; opsawg@ietf.org
Subject: Re: [dhcwg] Considering AD sponsoring draft-bi-savi-wlan-15

On Fri, Oct 19, 2018 at 7:38 AM Suresh Krishnan <Suresh@kaloom.com<mailto:Suresh@kaloom.com>> wrote:
   I am considering AD sponsoring the following draft

https://tools.ietf.org/html/draft-bi-savi-wlan-15

that describes a source address validation solution for WLAN. If you have any concerns
either with the content of the draft, or about me AD sponsoring it please let me know before 2018/11/18.

I skimmed the draft. It looks well-written, and it addresses an important problem which I think is probably solved in (different?) proprietary ways on various implementations in the field today. I'm not very familiar with the AD sponsorship process, so not sure what the has to happen from a process perspective. But I think the document requires further review, especially given that it's making statements about very widely-deployed scenarios (IPv6 over wifi). Should the document be adopted by a WG such as 6man or v6ops? If not, it should definitely be reviewed by those WGs.

As a concrete example, here are some things that need to be resolved before the document advances:

  1.  The proposed scheme relies on DAD packets to create mapping entries. That means that if a DAD packet is lost (which can happen even though 802.11 employs retransmissions at L2), a station could have an IPv6 address that doesn't work with no indication that it's not working. This is basically a non-recoverable outage. Perhaps the document should specify another solution instead, e.g., it could say that mapping entries could be created when a wired station receives a solicited NA response from a wireless station.
  2.  The document says that the lifetime of SLAAC addresses is the address lifetime, but the network has no way of knowing what the address lifetime is because it depends on which RA(s) the host has received.

Cheers,
Lorenzo

v2.23.0 | Report a Bug | By Email