IETF Logo Mail Archive

Re: [v6ops] seek comments and contributions to: draft-xiao-v6ops-nd-deployment-guidelines

Xipengxiao <xipengxiao@huawei.com> Thu, 07 October 2021 20:18 UTC

Return-Path: <xipengxiao@huawei.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2889F3A0E30 for <v6ops@ietfa.amsl.com>; Thu, 7 Oct 2021 13:18:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fH4YbmeDB8VA for <v6ops@ietfa.amsl.com>; Thu, 7 Oct 2021 13:18:29 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 218FC3A0E2A for <v6ops@ietf.org>; Thu, 7 Oct 2021 13:18:29 -0700 (PDT)
Received: from fraeml708-chm.china.huawei.com (unknown [172.18.147.226]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4HQMyM0X6Dz67NvB; Fri, 8 Oct 2021 04:15:39 +0800 (CST)
Received: from fraeml712-chm.china.huawei.com (10.206.15.61) by fraeml708-chm.china.huawei.com (10.206.15.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.8; Thu, 7 Oct 2021 22:18:25 +0200
Received: from fraeml712-chm.china.huawei.com ([10.206.15.61]) by fraeml712-chm.china.huawei.com ([10.206.15.61]) with mapi id 15.01.2308.008; Thu, 7 Oct 2021 22:18:25 +0200
From: Xipengxiao <xipengxiao@huawei.com>
To: "mellon@fugue.com" <mellon@fugue.com>, "v6ops@ietf.org" <v6ops@ietf.org>
CC: "Mishra, Gyan S" <gyan.s.mishra@verizon.com>, "eduard.metz@kpn.com" <eduard.metz@kpn.com>
Thread-Topic: [v6ops] seek comments and contributions to: draft-xiao-v6ops-nd-deployment-guidelines
Thread-Index: Ade6j5zZ4TjwstmzQlCpZGK/gXzA8AATicuAACrOt0A=
Date: Thu, 07 Oct 2021 20:18:25 +0000
Message-ID: <a6ff4d7d7d83408195064902f3b3658a@huawei.com>
References: <7358b7e45bae4a6fb8b5f471dc356cfb@huawei.com> <CAPt1N1n44LPZzx9J8YEU13uadXfSn6uipFj-qfmd5zfy3pXnAA@mail.gmail.com>
In-Reply-To: <CAPt1N1n44LPZzx9J8YEU13uadXfSn6uipFj-qfmd5zfy3pXnAA@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.48.217.196]
Content-Type: multipart/alternative; boundary="_000_a6ff4d7d7d83408195064902f3b3658ahuaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/VSMb-NumEaB9r8zXuyW5W1UOCUM>
Subject: Re: [v6ops] seek comments and contributions to: draft-xiao-v6ops-nd-deployment-guidelines
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Oct 2021 20:18:35 -0000

Hi Ted,

Thank you for providing feedback.  From your objection, I realize that the draft title may lead people to think that we universally recommend “host isolation”.  That is not the case.  The draft clearly states the pros and cons of L2 & L3 host isolation (Section 3.1), and how to decide whether to apply host isolation (Section 3.2).  Now please see my response to your comments below.

From: mellon@fugue.com [mailto:mellon@fugue.com]

Isolating hosts would cause a lot of damage in home networks where there is no operator to control what hosts can do what. At a minimum you need something like MUD to make this work. E.g., this would completely break existing Thread (a 6lowpan mesh netwoek) Border routers which rely on multicast working. It would also break multicast DNS service discovery for the same reason.

[XX] You are right, but the draft doesn’t recommend isolating hosts for home networks. In Section 5, the draft says “[HomeNet] will end at Step 4: using normal ND with no special host isolation.”

This is not a new insight, and unfortunately the belief that this will work causes a lot of problems that are hard for end users to diagnose. Please do not publish this advice.
[XX] By “this is not a new insight”, I think you were referring to past works like RFC8273 “Unique Prefix Per Host (UPPH)”. I would like to point out that our recommendations are not identical to RFC8273. To the best of my knowledge, this draft has the following uniqueness:

1.     It’s the 1st draft to clearly distinguish L2 isolation and L3 isolation.  UPPH is just L3 isolation.  We also analyzed the pros and cons of both L2 isolation and L3 isolation.

2.     We are fully aware of the debate before UPPH became RFC8273. We carefully analyzed it.  A good amount of insights were expressed in that lengthy debate from both sides, but such valuable insights were scattered in 100+ messages and were kind of lost. We summarized the key points from both sides in Sections 3.1 & 4 so that these insights were preserved.

3.     We provided the most comprehensive summary of known ND issues and solutions (e.g. more comprehensive than RFC6583 or RFC9099). We also provided guidelines on how to select different solutions.
In case I am mistaken and any of the above is not unique, please kindly point me to the existing literature.
This draft came from the co-authors’ desire to answer our own ND questions.  It took many months of effort and reading of large number of RFCs. We believe our summary and recommendations will benefit the community.  Therefore, I would like to plead to the community to give it a chance:  please read and comment.  Thank you very much.
XiPeng

v2.23.0 | Report a Bug | By Email