Re: [v6ops] ND cache entries creation on first-hop routers
Michael Richardson <mcr+ietf@sandelman.ca> Tue, 02 July 2019 15:38 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B07F512030F; Tue, 2 Jul 2019 08:38:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pOnKICI-HHU3; Tue, 2 Jul 2019 08:37:59 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8318A1202CF; Tue, 2 Jul 2019 08:37:53 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 44BF4380BE; Tue, 2 Jul 2019 11:35:44 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 46D4DBE6; Tue, 2 Jul 2019 11:37:36 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: 6lo@ietf.org, Jen Linkova <furry13@gmail.com>, 6tisch@ietf.org
CC: V6 Ops List <v6ops@ietf.org>, 6man <6man@ietf.org>
In-Reply-To: <CAFU7BAQ4xrjNn9-EUyRhyHKDDT=f381Z4T6x6qJ=ftm2D2K4cw@mail.gmail.com>
References: <CAFU7BAQ4xrjNn9-EUyRhyHKDDT=f381Z4T6x6qJ=ftm2D2K4cw@mail.gmail.com>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Tue, 02 Jul 2019 11:37:36 -0400
Message-ID: <5377.1562081856@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/cE1gVXBkGgVJrkFiPAj0tb4cuxg>
Subject: Re: [v6ops] ND cache entries creation on first-hop routers
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jul 2019 15:38:02 -0000
I think that the discussion here is particularly relevant to constrained
devices/routers on route-over MESH(RPL,etc.) networks.
I also think that for L=0 networks, which RPL creates with RPL DIO messages
rather than (just) RAs, and 6LRs that need to support join operations
(like draft-ietf-6tisch-minimal-security) this may matter.
In particular, in the minimal-security case, we need to partition the ND
cache such that untrusted (unverified) malicious pledge nodes can not
attack the ND cache.
The behaviour 2.2.1. Host Sending Unsolicited NA, should probably
never flush an old entry out of the ND. I think that under attack
(whether from untrusted pledges, or from p0woned devices already on the
network), it is better to prefer communication from existing nodes rather
than new ones. 2.2.1.2 mentions this.
{typo:
-It's recommended that thsi functionality is configurable and
+It's recommended that this functionality is configurable and
}
I didn't really understand 2.2.2: is it exploiting some corner case in the
spec, or maybe just some part I am not well clued in about. So maybe an
extra paragraph to explain things.
I kinda like the ping all routers trick.
Jen Linkova <furry13@gmail.com> wrote:
> I wrote a short draft to discuss and document an operational issue
> related to the ND state machine and packet loss caused by how routers
> create ND cache entries for new host addressed:
> https://datatracker.ietf.org/doc/draft-linkova-v6ops-nd-cache-init/
> (taking into account some vendors have implemented one of the proposed
> solution already, I guess it's a well-known problem but it might still
> worth documenting)
> Comments are appreciated!
> --
> SY, Jen Linkova aka Furry
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
- [v6ops] ND cache entries creation on first-hop ro… Jen Linkova
- Re: [v6ops] ND cache entries creation on first-ho… Michael Richardson
- Re: [v6ops] ND cache entries creation on first-ho… Fred Baker
- Re: [v6ops] ND cache entries creation on first-ho… 神明達哉
- Re: [v6ops] ND cache entries creation on first-ho… Jen Linkova
- Re: [v6ops] ND cache entries creation on first-ho… Jen Linkova
- Re: [v6ops] ND cache entries creation on first-ho… Loganaden Velvindron
- Re: [v6ops] ND cache entries creation on first-ho… Jen Linkova
- Re: [v6ops] [6lo] ND cache entries creation on fi… Pascal Thubert (pthubert)
- Re: [v6ops] [6lo] ND cache entries creation on fi… Pascal Thubert (pthubert)
- Re: [v6ops] ND cache entries creation on first-ho… Lorenzo Colitti
- Re: [v6ops] ND cache entries creation on first-ho… Alexandre Petrescu
- Re: [v6ops] ND cache entries creation on first-ho… Alexandre Petrescu
- Re: [v6ops] [6lo] ND cache entries creation on fi… Lorenzo Colitti
- Re: [v6ops] ND cache entries creation on first-ho… Pascal Thubert (pthubert)
- Re: [v6ops] ND cache entries creation on first-ho… Lorenzo Colitti
- Re: [v6ops] ND cache entries creation on first-ho… Pascal Thubert (pthubert)
- Re: [v6ops] [6lo] ND cache entries creation on fi… Pascal Thubert (pthubert)
- Re: [v6ops] ND cache entries creation on first-ho… Fred Baker
- Re: [v6ops] ND cache entries creation on first-ho… Michael Richardson
- Re: [v6ops] ND cache entries creation on first-ho… Michael Richardson
- Re: [v6ops] [6lo] ND cache entries creation on fi… Michael Richardson
- Re: [v6ops] [6lo] ND cache entries creation on fi… Brian E Carpenter
- Re: [v6ops] [6lo] ND cache entries creation on fi… Pascal Thubert (pthubert)
- Re: [v6ops] [6lo] ND cache entries creation on fi… Pascal Thubert (pthubert)
- Re: [v6ops] ND cache entries creation on first-ho… 神明達哉
- Re: [v6ops] ND cache entries creation on first-ho… Lorenzo Colitti
- Re: [v6ops] [6lo] ND cache entries creation on fi… Brian E Carpenter
- Re: [v6ops] [6lo] ND cache entries creation on fi… Michael Richardson
- Re: [v6ops] ND cache entries creation on first-ho… Jen Linkova
- Re: [v6ops] [6lo] ND cache entries creation on fi… Jen Linkova
- Re: [v6ops] ND cache entries creation on first-ho… Jen Linkova
- Re: [v6ops] ND cache entries creation on first-ho… Jen Linkova
- Re: [v6ops] ND cache entries creation on first-ho… Eric Vyncke (evyncke)
- Re: [v6ops] ND cache entries creation on first-ho… Pascal Thubert (pthubert)
- Re: [v6ops] ND cache entries creation on first-ho… Alexandre Petrescu
- Re: [v6ops] ND cache entries creation on first-ho… Michael Richardson
- Re: [v6ops] ND cache entries creation on first-ho… Mark Smith
- Re: [v6ops] ND cache entries creation on first-ho… Jen Linkova
- Re: [v6ops] ND cache entries creation on first-ho… Michael Richardson