IETF Logo Mail Archive

Re: [v6ops] privacy point re. unsolicited NA / router neighbor cache

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Wed, 24 July 2019 13:03 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54895120125 for <v6ops@ietfa.amsl.com>; Wed, 24 Jul 2019 06:03:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=ObUCxEXq; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=oBGCbPC0
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OY8P6Y318PSJ for <v6ops@ietfa.amsl.com>; Wed, 24 Jul 2019 06:03:07 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2C141200EC for <v6ops@ietf.org>; Wed, 24 Jul 2019 06:03:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2969; q=dns/txt; s=iport; t=1563973387; x=1565182987; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=7L4znVOfcLR5EL7Rr4RNjkmBCzOFXFQPsjzV3JA/mOk=; b=ObUCxEXqiwu8lCxMN3d8P0h6c+uGXxvkqEjl1IIsRLPnO6YV1N91R4kY x4iUaFyXrAxxuvCQoWRSHnAYrQsakSm8PrgMUfDQoe9uLKmQwb2IabA27 lLTcgB0pVUQ7bj38IbFzgafKkGbKgGuiq+KqBR/wrRnXBxq8/Ir3irBqw o=;
IronPort-PHdr: 9a23:p1khMx3phFq68pHismDT+zVfbzU7u7jyIg8e44YmjLQLaKm44pD+JxKGt+51ggrPWoPWo7JfhuzavrqoeFRI4I3J8RVgOIdJSwdDjMwXmwI6B8vQEVH7MfTndTASF8VZX1gj9Ha+YgBY
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ANAAAjVjhd/5ldJa1mGgEBAQEBAgEBAQEHAgEBAQGBVAQBAQEBCwGBQyQsA21VIAQLKodkA40RgluXUIEugSQDVAkBAQEMAQEYCwoCAQGEQAKCWCM1CA4BAwEBBAEBAgEGbYUeDIVKAQEBBAEBECgGAQEsCwELBAIBCA4DBAEBAR4QJwsdCAIEAQ0FCBqDAYFqAx0BAgyhUgKBOIhggiOCeQEBBYEyAYNaGIITAwaBNAGEcYZtF4FAP4FXgU5+PoJhAQEDgWCDO4ImjFieEgkCghmGWI1Sgi2VXY03gTGGGJAJAgQCBAUCDgEBBYFSAjSBWHAVO4JsgkIMF4NOhRSFP3KBKYxyAQE
X-IronPort-AV: E=Sophos;i="5.64,303,1559520000"; d="scan'208";a="601695508"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 24 Jul 2019 13:03:03 +0000
Received: from XCH-ALN-014.cisco.com (xch-aln-014.cisco.com [173.36.7.24]) by rcdn-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id x6OD32CK020580 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 24 Jul 2019 13:03:02 GMT
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-ALN-014.cisco.com (173.36.7.24) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 24 Jul 2019 08:03:01 -0500
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 24 Jul 2019 08:03:01 -0500
Received: from NAM05-BY2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 24 Jul 2019 09:03:01 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FmOasxokIJR6bBTvjMqVvAy70PuQHB/jn0VSJgrGfKWXMP3HfuptTKfwtB2eU66WThEz+U/Hsd2GTPQHSu4+BDAuT1U6MpEGmkRHTkpcxVuWxMQSx6GCbcUZ4BxzvLm/MXzNKuY3VmjavaAB6AVYbQKMnbFzSkrYECet4YenyIKdiZpTWJOSVKSMSxj4uAD0Tl8iSIXnIJlcIxbLwl5KxV1ygACqj24YEwi9QJOW35ZpzsS2PBgANBuk3xLoOKXAtAjIiCCHLcuuO+hzh9JNRpZRfsld/V6oygixZJZV5KBD6j6uCJ9J+XwaQ0IrauUwXgA5wTBJw0FXBZolQ1fQBg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7L4znVOfcLR5EL7Rr4RNjkmBCzOFXFQPsjzV3JA/mOk=; b=Am+6bQUAFkxqBPbEQbdhcuDY/7LabX4dT/QGgblUVwRmIBGvFkNDr0U9JaGPrmhxGPJSwROSHNFF9qoPSJ2DqHTr0FA3DlEfAwiX7FpxvDIq8/QBKISVeJfiMbZa6II/5lv9VuBJ95nSpk7ClXNFClNqLbQy52A6Jen2X3f7mrvKpb0WIL9sp/3ErDS5p2m6GVHxcTmMHA+y+1Rm5X5vNdUlFW/LbdW0i5fPrQhL6i/NReJIBE68G85cfiqxLBekbMaVGGPO8AhKqkEU0XsQtoC6krEyvQ1B3cI6qDQBKLrzkpo1gZJiVXR7dYP/PbK4zpCAlmb3FGOv/BXQyUUCHw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=cisco.com;dmarc=pass action=none header.from=cisco.com;dkim=pass header.d=cisco.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7L4znVOfcLR5EL7Rr4RNjkmBCzOFXFQPsjzV3JA/mOk=; b=oBGCbPC0Wn/9VzrL8Yj8dkdXMLoBXEAi9ZPgPOi2/Oz2EJMciecMTDUEeebX5FOdKVr/aD+ny4qauWvKPI4ysaj21BKW0nMdV7pumuJl7ez5qOed4Vfw6lpdK+FVkqAXdS1+Sy2i31QEvKgYyVMeHltnr+PqxBVEUe5OlJ+iECQ=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (20.178.250.159) by MN2PR11MB4464.namprd11.prod.outlook.com (52.135.36.224) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2073.14; Wed, 24 Jul 2019 13:02:59 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::1ce9:1582:146c:c50a]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::1ce9:1582:146c:c50a%6]) with mapi id 15.20.2094.013; Wed, 24 Jul 2019 13:02:59 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: Jen Linkova <furry13@gmail.com>, Gert Doering <gert@space.net>
CC: v6ops list <v6ops@ietf.org>
Thread-Topic: [v6ops] privacy point re. unsolicited NA / router neighbor cache
Thread-Index: AQHVQNXCsb8+ynbCQEKDQaXsO0WHxabXRG2AgAANRoCAAHWWgIAB7OWAgAABheA=
Date: Wed, 24 Jul 2019 13:02:32 +0000
Deferred-Delivery: Wed, 24 Jul 2019 13:02:27 +0000
Message-ID: <MN2PR11MB3565C1CE7CF3838B7FA6303AD8C60@MN2PR11MB3565.namprd11.prod.outlook.com>
References: <20190722213727.GI34551@eidolon.nox.tf> <CAO42Z2zn-V9HrKGDC_api7BE4Sy6jmcrfKR7nbnSrHA5NpxYjQ@mail.gmail.com> <20190723000049.GJ34551@eidolon.nox.tf> <20190723070141.GG60824@Space.Net> <CAFU7BAR+TBu=OCPN4y47oUxcz27VyR3SSpDZ4ERJLiRzAjmZtw@mail.gmail.com>
In-Reply-To: <CAFU7BAR+TBu=OCPN4y47oUxcz27VyR3SSpDZ4ERJLiRzAjmZtw@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pthubert@cisco.com;
x-originating-ip: [2001:420:c0c0:1002::2c3]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 75284ec4-d09d-468b-4e50-08d7103740ed
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MN2PR11MB4464;
x-ms-traffictypediagnostic: MN2PR11MB4464:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <MN2PR11MB44646554BB030A91A6D106E6D8C60@MN2PR11MB4464.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:4502;
x-forefront-prvs: 0108A997B2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(39860400002)(376002)(366004)(136003)(346002)(199004)(189003)(13464003)(14454004)(99286004)(33656002)(6116002)(6436002)(110136005)(55016002)(6306002)(4326008)(86362001)(53936002)(81156014)(478600001)(81166006)(486006)(6246003)(966005)(8676002)(9686003)(11346002)(68736007)(2906002)(66556008)(66574012)(64756008)(256004)(76176011)(8936002)(476003)(46003)(229853002)(446003)(52536014)(76116006)(5660300002)(7696005)(66476007)(14444005)(66946007)(66446008)(71190400001)(186003)(71200400001)(102836004)(6506007)(6666004)(7736002)(305945005)(74316002)(316002)(25786009)(53546011); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4464; H:MN2PR11MB3565.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: HUnfxe1vJiYtKrAinJb8MvtyGSC2WjSDfl0764uvXzbS7vSVuIrV8wy+bHIlNAUVfciDkLNiFwATsd2S2l4qkDqaPS4OdzAMQo9nrYVDWp+68bnk2nym4D4/6Tw+qV31Qe+lQzhaLi0GbdXubnMPZyEwub3fW/Eos3a316roUCm0aq1so78F0hnSCk5x3pQwvpf9EeBe3V2Ojo4Zl9ktSuQODuDwr6dFJ2Ma3DCpS9iK7+f7cEkKFTHnSOAqXnyqnmxtjYB1UZ3Ac7MIifWc9vzaTp/RNADmZihz/Zbb/3x8h6zwMGgefd5mCS19y3gwarUr6NtL51GDs338buExGm9P+UlHWt+AJ4Y4Kt6gUjQkXR1d4DmFrgP4AKQCIKw130iwT6BjL0UmAaCmM0j8Kvw73SXT5BVuYUnHernUqGk=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 75284ec4-d09d-468b-4e50-08d7103740ed
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jul 2019 13:02:59.2205 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pthubert@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4464
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.24, xch-aln-014.cisco.com
X-Outbound-Node: rcdn-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/S8uozuNyZxhWn4zX5vjMYg63yPg>
Subject: Re: [v6ops] privacy point re. unsolicited NA / router neighbor cache
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 13:03:10 -0000

Hello Jen

Though I made a good living of a 'smart' infrastructure, I just hate the concept of playing with the expectations of the protocols by dropping or changing packets in intermediate boxes. 
In a fashion doing that we're no better than NAT. We are 'obliged' to do it because the way the archaic protocols uses the modern media would kill us. 
But one cannot be 'smart' enough. Things 'mostly' work, and there's a word too many in that sentence.

Like NAT, the consequence is that we are making it much harder for the next generation to update the protocols because now they are afraid of all the possible variations for vendor secret sauce. 
Note: I tried to document some of that secret sauce in the past, e.g., https://tools.ietf.org/html/draft-thubert-savi-ra-throttler but did not raise much interest/echo. Most of it is vendor specific and undocumented. In that regards it is actually worse than NAT. Some 'smart' APs just drop RS on wireless interface. What if in the future I want to have a router there?

And by hiding most of the problem under the snooping carpet, we are removing the incentive to update the archaic protocol. Doing so we are impairing the evolution of that protocol and condemning it to deprecation. 
I want the upper layer protocols to get what they expect from the lower layers end-to-end and to do that I want the upper layers to use the lower layer services wisely. This way we can make the infrastructure stupid again.

All the best,

Pascal

> -----Original Message-----
> From: v6ops <v6ops-bounces@ietf.org> On Behalf Of Jen Linkova
> Sent: mercredi 24 juillet 2019 05:26
> To: Gert Doering <gert@space.net>
> Cc: v6ops list <v6ops@ietf.org>
> Subject: Re: [v6ops] privacy point re. unsolicited NA / router neighbor cache
> 
> On Tue, Jul 23, 2019 at 5:02 PM Gert Doering <gert@space.net> wrote:
> > > 2. is whoever configured multicast competent?
> >
> > The general assumption for on-link multicast should be "it's broadcast
> > or it is getting lost".
> 
> I'd disagree with that statement but your experience may vary indeed.
> I'll add more text describing different scenarios but off top of my head using
> NA has one advantage over DAD:
> it reduces probability of disruption in case of address conflicts (again, for the
> rare scenario when the rightful owner does not have a cache entry for some
> reason).
> 
> Ah, as I've said, my experience is that DAD packets have less chances to get
> through 'smart' WiFi infrastructure.
> 
> > The general idea that on-link multicast is a positive aspect of IPv6
> > is nice, but wrong.
> 
> I see a subtle difference between 'wrong' and 'not true for every network'.
> 
> --
> SY, Jen Linkova aka Furry
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email