[v6ops] Re: AD Review of: draft-ietf-v6ops-nd-considerations
Warren Kumari <warren@kumari.net> Mon, 12 August 2024 17:19 UTC
Return-Path: <warren@kumari.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6186FC18DB98 for <v6ops@ietfa.amsl.com>; Mon, 12 Aug 2024 10:19:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vk4sPxFIi1Xp for <v6ops@ietfa.amsl.com>; Mon, 12 Aug 2024 10:19:46 -0700 (PDT)
Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9125BC19330B for <v6ops@ietf.org>; Mon, 12 Aug 2024 10:19:41 -0700 (PDT)
Received: by mail-ed1-x52d.google.com with SMTP id 4fb4d7f45d1cf-5b391c8abd7so5384235a12.2 for <v6ops@ietf.org>; Mon, 12 Aug 2024 10:19:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari.net; s=google; t=1723483179; x=1724087979; darn=ietf.org; h=cc:to:subject:message-id:date:references:from:in-reply-to :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=SUAF+ZqJN/+QeFS0JI0SrFm6Ud2lkh7KVgVI8EE+Tx0=; b=G6JjuFOB12U4HOTv1ulr6HMQ0FCp9jscED8nV8Xeds2c8MxlGSkEVFBreGTT8cX4KB WmhPdm4pfGCcMoW4GzPfMjz5k9OWmZ9eXaXAMUwku8PB/r5Y5WbnuroXZ82qz/c2Pc0z WXrRUux/R9SdHxzm5UgmsSBw3D6KHI7aVQujew2d/IL8zd2uxjDRbbkzdRaLwFL2MlrL 9zidreGw1+i85Xk7Dll9Enkwb7xqJIu0PidKyKZwPL8wnoK6zlDmAB//WNiOTLnjgukc uZpFmi9sSD9FBVkSPBqlaMP0vFhtxmq/S44681yoIqGn+YTmAZup7rrIOOctrrBjmRcB bKRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723483179; x=1724087979; h=cc:to:subject:message-id:date:references:from:in-reply-to :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=SUAF+ZqJN/+QeFS0JI0SrFm6Ud2lkh7KVgVI8EE+Tx0=; b=j4ITRXfBWBhz6OvxKh7Wo3DwPAsJIbAtK0uK5mOYUv2+dCB4KUXdNCiaJ2Wx1ZT7pQ Y5oi76TO5p6BIfEs61suaCaQ0Vg/JidEJt2O7iC7QPEIqmOFNXqznyosloC6DAMHvLI8 +kdDcG+aYfdWTAuQmLxLfUzKeUnzuPvESMBj/sV+pqaPc6ddoFUHn8VY/2rtRY+fM4Dh qVVmxhoK+AFIf7Dc1fah08KdxsMw1lRYJG71YcAYZS6cUybczTBZX6lKJgnT4gdECgz2 IuRFmXfZhLZbB0rFJUytNf30uzQU4zDv7LozFyWekUnS13uMZVH5tKnVYTC41ysbveRD ltGg==
X-Forwarded-Encrypted: i=1; AJvYcCWjddAOUKoxYbxQN508em061uWTuLl2B/YtEEJfc6IYYeq0c6BARdHilCP0e09SGECYd7m2/Dez5LCS1p6kMg==
X-Gm-Message-State: AOJu0YzffGqiX/nu1ca7TJfOy69UDpsnAezuO52J/nruOzlbrpulaOvP h6R8ueHIVknx7LwFK/0NbX8ByLmDP2Zws4zXN7780MtZhxVgRk1wr3+b+T/6UDP/D0gPp796Oen fUN4xkfD8ay5FcTBGHRWaKskPUvOztcf6HcUMDQ==
X-Google-Smtp-Source: AGHT+IFxdP3e0f1zbLdNAwaYKq56zPy5VtvNtxtgsyP+6TuCaXvVQL1kY1b96+RcBmnzlbctCN1xawItnDbrcYzHzBE=
X-Received: by 2002:a05:6402:34ce:b0:5a3:af31:9ae4 with SMTP id 4fb4d7f45d1cf-5bd44c0e198mr730569a12.5.1723483178886; Mon, 12 Aug 2024 10:19:38 -0700 (PDT)
Received: from 649336022844 named unknown by gmailapi.google.com with HTTPREST; Mon, 12 Aug 2024 13:19:38 -0400
Mime-Version: 1.0
X-Mailer: Superhuman Desktop (2024-08-08T19:05:41Z)
X-Superhuman-ID: lzr9df4q.37299f81-1f99-45e1-917e-41d32d8f9724
In-Reply-To: <1d8d196938fd4988b2272788339373c3@huawei.com>
From: Warren Kumari <warren@kumari.net>
X-Superhuman-Draft-ID: draft002fb214ec372c6f
References: <CAHw9_iJ2CjaOccdJdsM7oCY=K0zASvLU7qcDiH-pMv39TiW2xA@mail.gmail.com> <1d8d196938fd4988b2272788339373c3@huawei.com>
Date: Mon, 12 Aug 2024 13:19:38 -0400
Message-ID: <CAHw9_iKrT6p2czg8ZScYXcdswo-6KBjj+fAVsjS7Eb4nMpYfSg@mail.gmail.com>
To: Xipengxiao <xipengxiao@huawei.com>
Content-Type: multipart/alternative; boundary="000000000000a787ca061f7fb2f5"
Message-ID-Hash: CDK2UV3LBGVWHCIRN6HEMNFYTFQESBQ6
X-Message-ID-Hash: CDK2UV3LBGVWHCIRN6HEMNFYTFQESBQ6
X-MailFrom: warren@kumari.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-v6ops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-v6ops-nd-considerations@ietf.org, IPv6 Operations <v6ops@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [v6ops] Re: AD Review of: draft-ietf-v6ops-nd-considerations
List-Id: v6ops discussion list <v6ops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/YcfLsY6OloV8ij1BTsyKLJKTUYM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Owner: <mailto:v6ops-owner@ietf.org>
List-Post: <mailto:v6ops@ietf.org>
List-Subscribe: <mailto:v6ops-join@ietf.org>
List-Unsubscribe: <mailto:v6ops-leave@ietf.org>
Excellent, thank you very much! W On Sun, Aug 11, 2024 at 10:09 AM, Xipengxiao <xipengxiao@huawei.com> wrote: > Hi Warren, > > > > Thank you for the detailed review and suggestion. We the authors will > revise and simplify the document and resubmit it. > > > > XiPeng > > > > *From:* Warren Kumari <warren@kumari.net> > *Sent:* Sunday, August 11, 2024 12:07 AM > *To:* draft-ietf-v6ops-nd-considerations@ietf.org; IPv6 Operations <v6ops@ > ietf.org> > *Subject:* AD Review of: draft-ietf-v6ops-nd-considerations > > > > Hi there, authors (and WG), > > > > Thank you for this document, and apologies for the delay in reviewing it. > This is definitely a document that will be very useful — but, in its > current state, it is difficult to read/understand. I have spent some time > reviewing and trying to improve it, and you'll find some examples of > proposed text revisions at the end of this email. > > > > Most importantly, though, I *do* agree that this document will be very > useful once it's ready. Neighbor Discovery is a critical part of the IPv6 > protocol and IPv6 operation, and it is both complicated and sometimes > fragile. As you state, the issues and mitigations are documented in around > 30 RFCs. Therefore, finding, reading, and understanding all of these is > challenging , and having a document which collates and summarizes these > will be very helpful. That said, I don't think that the document is ready > for IETF LC / IESG Eval quite yet. > > > > I went to review the WGLC comments to see how we ended up here, and it > looks like there has not been very much discussion on the document, other > than from the authors, and some in-depth comments from Lorenzo. > > > > General notes: > > Much of the document seems very disorganized and, therefore, hard to > follow. For example, Section 2 is titled "Review of ND Issues", and > discusses issues, and then Section 3 is titled "Review of ND Solutions" and > discusses mitigations / solutions — but both issues and solutions are also > discussed in other sections. > > > > For example Sec 2.3 ("Router-NCE-on-Demand Causes Forwarding Delay, NCE > Exhaustion and Lack of Subscriber Management Issues") discusses the issues > with routers not keeping the neighbor cache entries hot, and mitigations > are discussed in Section 3.8 ("Gratuitous Neighbor Discovery")... but Sec > 2.3 also contains some set of mitigations ("To prevent this NCE Exhaustion > problem, some implementations limit the maximal number of NCEs a router > will maintain for each host."). > > > > I think that the document would be *much* better if it listed each issue, > and then the mitigations that exist to, er, mitigate the issue. That way, > it is more clear to the reader both what the issue is and what the > associated mitigation is. The information and table in "3.15. Observations > on the Solutions" helps significantly with this, but it comes very late in > the document. > > > > As a reader of the document, if I am experiencing issues because my > router doesn't (yet) have an ND entry for the host, seeing the issue > described in Sec 2.3 is useful. It would be even more useful if this > section then discussed solutions for the same, such as RFC 9131, RFC 8273, > etc. > > > > Again, I really *do* think that this is a worthwhile document, and > encourage the WG to review and comment. > > > > For now I'll return the document to the WG; I'll be more than happy to > review it more once issues have been addressed. > > > > > > > > More specific notes (most of these are only suggestions, feel free to edit > or push back): > > Throughout: > > s/link layer/link-layer/ > > s/in link/on link/ (I think) > > s/MAC/MAC address/ (in places like "to find the MAC of the host") > > > > > > Section: Abstract > > 1: "Neighbor Discovery (ND) is a key protocol of IPv6 first-hop." — I > don't really understand this sentence / think it is incomplete. Perhaps > "Neighbor Discovery (ND) is a critical part of the IPv6 protocol", or "is > critical for resolving the IPv6 link-layer address" or something? It's not > only used for "first-hop". > > > > O: "In some scenarios like wireless networks, multicast can be > inefficient. In other scenarios like public access networks, hosts may not > be trustable." > > P: "In some scenarios, such as wireless networks, multicast can be > inefficient. In other scenarios, like public access networks, hosts may not > be trustable." > > C: Note: 2 changes. > > > > O: "Consequently, ND has potential issues in various scenarios." > > C: This sentence doesn't seem to add anything to the paragraph. > > > > O: "The issues and the solutions for them are documented in more than 30 > RFCs. It is difficult to keep track of all these issues and solutions. > Therefore, an overview is useful." > > P: "The issues and solutions for them are documented in more than 30 RFCs, > making it challenging to track all these issues and solutions. Therefore, > an overview document is helpful." > > C: Rewritten for clarity / flow. > > > > O: "This document firstly summarizes the known ND issues and optimization > solutions into a one-stop reference." > > P: "This document summarizes both the known ND issues and the optimization > solutions into a one-stop reference." > > C: There is no "secondly"... > > > > O: "This simplifies the IPv6 first- hops." > > P: As above - this sentence doesn't make much sense - perhaps "link-layer > resolution"? > > > > > > Section 1: > > O: "For description simplicity, GUA DAD and ULA DAD are not further > distinguished." > > P: "GUA DAD and ULA DAD are not further distinguished for simplicity of > description." > > or "In order to simplify description, GUA DAD and ULA DAD are not further > distinguished within this document". > > > > > > > > Section 1.1: > > O: "MAC - To avoid confusion with Link Local Address (LLA), link layer > address is called MAC in this document." > > P: "MAC - To avoid confusion with Link Local Address (LLA), link-layer > addresses are referred to as MAC addresses in this document." > > > > O: "a bridging proxy either passes the message to the host or directly > answer with the host's MAC." > > P: "a bridging proxy either passes the message to the host or directly > answers with the host's MAC." > > > > O: "This is also applicable to ULA, but to be simple, it is also called > GUA Isolation in this document." > > P:" This is also applicable to ULA, but, for clarity, it is also called > GUA Isolation in this document." (or "for simplicity") > > > > > > O: "For example, ND uses no response as an indication of no duplication in > DAD." > > P: "For example, DAD uses the lack of a response as an indication that the > address is not currently in use." > > > > O: ". Router's address resolution for hosts: in a large L2 network of N > hosts, there can be N such multicast messages. This may cause performance > issues." > > C: In a small network of N hosts, there can also be N such multicast > messages. Please rewrite this (same for the following). > > > > > > Section 2.2: > > O: "In some scenarios like public access networks, some hosts may not be > trustable." > > P: "In some scenarios, such as public access networks, some hosts may not > be trustworthy." > > > > O: "An attacker host in the link can cause the following security issues > [RFC3756][RFC9099]:" > > P: "An attacker on the link can cause the following security issues > [RFC3756][RFC9099]:" - throughout the document I think "on the link" makes > more sense than "in the link". > > > > > > — This is a only a partial review until structural and editing issues > have been addressed —- > > > > Thank you again; I know that making edits to address nits can be annoying, > but we are expecting many people to read and review the document, and so > having it polished is important and polite (also, once people start > commenting on nits, they seem to continue :-) ) > > W >
- [v6ops] AD Review of: draft-ietf-v6ops-nd-conside… Warren Kumari
- [v6ops] Re: AD Review of: draft-ietf-v6ops-nd-con… Xipengxiao
- [v6ops] Re: AD Review of: draft-ietf-v6ops-nd-con… Warren Kumari