IETF Logo Mail Archive

[v6ops] Iotdir last call review of draft-ietf-v6ops-nd-cache-init-05

"Pascal Thubert (pthubert)" <pthubert@cisco.com> Thu, 10 September 2020 14:02 UTC

Return-Path: <pthubert@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A60EC3A0AD6; Thu, 10 Sep 2020 07:02:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=MXBs/K+d; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=o84NCaHz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xJg2VBQgAbyj; Thu, 10 Sep 2020 07:02:23 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FC893A0ACD; Thu, 10 Sep 2020 07:02:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7770; q=dns/txt; s=iport; t=1599746542; x=1600956142; h=from:to:cc:subject:date:message-id: content-transfer-encoding:mime-version; bh=+BiQEydkZKXNVyoZk92X8RoEh95NJXZ0IxxRC6PjL0o=; b=MXBs/K+dVsfLqqKnFThvz5GcC7GeXz5kWTFERdScZA+BMtIFKiYNNZRz RDOrobBIkwJOyWXKuaf/DLjpybSKXfgg507lNJzLXuqz9Z4mG6GVZjwGm lLNMju9MGjQZKrINKAmK4DgIhP1QZdJUoPcKCqrQpR9gMOjDVPoDllrM9 s=;
IronPort-PHdr: 9a23:B/QmJhVXiJjF2n4APFIkwFjqDdXV8LGuZFwc94YnhrRSc6+q45XlOgnF6O5wiEPSBNyBufNJl+SQtLrvCiQM4peE5XYFdpEEFxoIkt4fkAFoBsmZQVb6I/jnY21ffoxCWVZp8mv9PR1TH8DzNFzfvnP06iQdSV3zMANvLbHzHYjfx828y+G1/cjVZANFzDqwaL9/NlO4twLU48IXmoBlbK02z0jE
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CCAgBHMVpf/5NdJa1fHAEBAQEBAQcBARIBAQQEAQFAgT4EAQELAYFRUQdwWS8sCod0A45zl2+BQoERA1ULAQEBDQEBIwoCBAEBgVaCdQKCHQIkNwYOAgMBAQsBAQUBAQECAQYEbYVcDIV1FhUTBgEBNwERARwiQiYBBAENDRMHgwWCSwMuAQMLqHECgTmIYXSBATODAQEBBYUJGIIQAwaBOAGCcIo7G4FBP4ERQ4FPSYNPAoElDwIrg0iCLZACMZVIjwaBeAqCZQSIZ4YAhEqHI4MJiXCRLYI1klSKTpULAgQCBAUCDgEBBYFqJIFXcBU7gmlQFwINjh+DcYUUhUEBdDcCBgoBAQMJfIwNgTUBgRABAQ
X-IronPort-AV: E=Sophos;i="5.76,413,1592870400"; d="scan'208";a="539708875"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 10 Sep 2020 14:02:21 +0000
Received: from XCH-ALN-005.cisco.com (xch-aln-005.cisco.com [173.36.7.15]) by rcdn-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id 08AE2LSi007805 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 10 Sep 2020 14:02:21 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-ALN-005.cisco.com (173.36.7.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 10 Sep 2020 09:02:21 -0500
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 10 Sep 2020 09:02:20 -0500
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 10 Sep 2020 09:02:20 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MzyIImGn/tSfecz4uJlFZyhgSE3scCfKGf+xCA//mCBRircDhnI0jW6UP1Gkpc6KLxqBpiSftOmpUUp7LlFa7nqqEGsvEdInujmMT4oflb9Rahl9NwsjlwHMDB14rez/q+aM+oVPQxoeR3D/Zim2IMb7K4OWxLRQJ7HES1NtX/wD5ZB0ktlWtnt9IlbfsbzYVLVmFvkhRqBtwPYMZrPJfrp3utItFCINcNN83pySj6/c1i1VJ5jxWqVxwwfNmXukUKJEN39DObyLacsaRXlPtX/vohfH0oqajiEzYV9YHHoWZDQnp0eh9bGGrWHL4EjyrZFkr4q5Sp8F8LhmQFuaOA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zho6L9rdQoTxxTfyb3wJe884MqF1vsg01F4I/vb/mJI=; b=OnVVaFbOKky23k5aNqniKmcSiU8rQmiqQMpngN1TzkK801jSoAMGDiDr42wljZn1m16tDTtKg5wmDsGdEoL8PgYfR32O9gGt183ZQKRCn0wWe6kt8MMtcd1+vtaVapPrfVEtPKKh1+2JUCUNq9S/YeELIU38UZWHwYlBiMkz6FhZo8+zn9EtXC0hIQ4BO3OMCwcQI/KDtCnhgzgP6sK3V8IbhE/sv0/76vY6tkwSKygmhBK2w/rOGL9tORXTFajI4enMohsdnelD6HJOSGJ1kMy2cvlF983qmxX2BHQTAlXWRzsXePZZ8T8hTHSppZ69g3VYz1+422i5Q24AMSkSlw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zho6L9rdQoTxxTfyb3wJe884MqF1vsg01F4I/vb/mJI=; b=o84NCaHzw9tCIqu01k/rbeMrzmHiFBEU9vIibIuJL3uQNaN8vUXVdUTr6oYbqUFK7dmb3Sn2oxn5SvE+JarnQVzYiHd/w0tRBjmHOaXosGO73YVZyGHYQsLX2XtKrEz+Mnbcgido045F7yr/bfIJXFy6kg74WZcyrUN+/0AcR5U=
Received: from MN2PR11MB3565.namprd11.prod.outlook.com (2603:10b6:208:ea::31) by MN2PR11MB3600.namprd11.prod.outlook.com (2603:10b6:208:fa::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3348.15; Thu, 10 Sep 2020 14:02:18 +0000
Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::119:f851:5860:da95]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::119:f851:5860:da95%4]) with mapi id 15.20.3348.019; Thu, 10 Sep 2020 14:02:18 +0000
From: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
To: "draft-ietf-v6ops-nd-cache-init@ietf.org" <draft-ietf-v6ops-nd-cache-init@ietf.org>, "iot-directorate@ietf.org" <iot-directorate@ietf.org>
CC: "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-v6ops-nd-cache-init.all@ietf.org" <draft-ietf-v6ops-nd-cache-init.all@ietf.org>, "v6ops@ietf.org" <v6ops@ietf.org>, The IESG <iesg@ietf.org>
Thread-Topic: Iotdir last call review of draft-ietf-v6ops-nd-cache-init-05
Thread-Index: AdaHbxCohDKITaNaTAWPiTe2+ECScA==
Date: Thu, 10 Sep 2020 14:01:49 +0000
Deferred-Delivery: Thu, 10 Sep 2020 14:01:37 +0000
Message-ID: <MN2PR11MB35651BFF4671D89D12E7703DD8270@MN2PR11MB3565.namprd11.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [90.118.154.54]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7572cc34-3a90-4af9-0149-08d85592213e
x-ms-traffictypediagnostic: MN2PR11MB3600:
x-microsoft-antispam-prvs: <MN2PR11MB36002BE936DCF181710ED078D8270@MN2PR11MB3600.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Gkz+ifV66v4gTdVrpg3xtrGWRPYgmhSLsJsnjAFAqiZBEc+j2Hvt62Y/2yj5OCscX8v0FSYqYVvQOvhRwHqacfDaNNcp8LrouDDDm8cZfSosQkyBtN8EUvXeF4skQNXGfF0qYHqCDbyLriEAbK7lUE0inHNUqeigqh2r2+Bby0kVMLw0nrznVYZr9KAJ1Dn+f0kJQuos7SBP/W8jXlFkNy22lE+BEkBYzJINWa7d/njDmYiAeJ9VIcDo5InOCxq0BU4gNRbTwd24V+j1awJeHp6kg+1g7FO9NvUqH2esthtIX3LNAcCQzm8+YJF7tTqvYM/mRUOIzE63f22iJY2BNwitFMryBJk9Ik/yMkVgp7uonsXxuo8nDdPDAi66UZ4Ijs3BgaXJB0arTMlksy5Agg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB3565.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(39860400002)(376002)(366004)(346002)(396003)(136003)(4326008)(66574015)(52536014)(186003)(83380400001)(5660300002)(478600001)(9686003)(86362001)(316002)(6666004)(71200400001)(6506007)(26005)(66556008)(64756008)(54906003)(66476007)(8676002)(55016002)(450100002)(33656002)(2906002)(7696005)(110136005)(8936002)(66946007)(76116006)(66446008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 91GGCZg5czsb+4pxVCEiBgfEhuv9X3OgmF7kVG0xnyQ5U2bDmxrM0mXCSXvkvJ6zX5K4EnNjAe3xjZkKLH0DFqAODWeKxo5i+PtDgkQjtNdBY7cmkmFpLvMDfwXRAa4mU6UQ7T+siFRwuT/5kF+jkswvb7DyQ5nUc6IkkRrdJbnwJGjZShpSh9Ys7BCfL/ZLzIe5bgaeWVRFSaNrug/ms65oKXok8BCtgWlnObrOaClE1LEZ+YKL5+xZ96ignFggW4r9JUEwTWISXyR7vfWeqz7jYo4fzY6NdxCptqOOqsz1awAECFkWZ3BtoSj/gNB582GZmvWttC1YQhE8PyWIpbq7trX9H7Rnf/9geH59a54yP0wGGtos7onr30mjlxE+E/3aBQst1PmOp1gxLDG496pSTKdl9R8YwsRioloPxXoMWC3cM6nqXpp0MZGmij/i+d8CbbFC7zBX8oHOVPWyYIJYNwZONG5DqlG5vCI+UfATdEhKS2tYpStGPBCC3TE0ED1439oFeIlslEd+vAfG1cdGCXHABxCdxFf0qDu1+EImeei4pxEO+svK6Y2Um5GHxYiZohScIyNJReib88U8FXqeRQjDhKqm+Yhh7UO6R47sPOQSx8mIbys/c8ZHB51LwoUJSKEzCcRz5DeA4oFkmQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR11MB3565.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7572cc34-3a90-4af9-0149-08d85592213e
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Sep 2020 14:02:18.3603 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: sovj9izSFPhwVKwVKiLRhO1I6KyGufVFTrXT89NsimXvraDZrZkTiv4PorxMvasC+0zVCfZaoYlIiuPugLYmYg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3600
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.15, xch-aln-005.cisco.com
X-Outbound-Node: rcdn-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/jjTejDFD8YaWg97nna6tLkykoiQ>
Subject: [v6ops] Iotdir last call review of draft-ietf-v6ops-nd-cache-init-05
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Sep 2020 14:02:25 -0000

    Reviewer: Pascal Thubert
    Review result: Ready with comments
    Review Date: Sept 10th, 2020.

Dear Jen, 

I am assigned the IOT-DIR (https://trac.ietf.org/trac/int/wiki/IOTDirWiki) IETF LAST CALL review for draft-ietf-v6ops-nd-cache-init.
The review below is based on draft-ietf-v6ops-nd-cache-init-05. Please treat these comments just like any other last call comments.

I found the draft very readable and informative. In particular, the sections 3.x contain valuable information on why other possible variations of exchanges with the router (sending NS, RS, snooping, etc...) are less appropriate. Clearly I stay convinced that RFC 8505 is a better way for modern networks, but this proposal certainly helps - in the meantime.

Please find my comments below:

===========================================================================================================
Major
===========================================================================================================


Section 3 lists a number of approaches, but that list does not match the sections 3.x coming next.
In particular there is no section that explains why we are not " Making the probing logic on hosts more robust."
It seems that if the host sends just one probe to start with, the problem goes away. There must be a reason why this is not done today.

---------------------------------------------------------------------------------------------------------------------------------------------
"
Implementing such functionality is much more complicated than all
      other solutions as it would involve complex data-control planes
      interaction."

As it goes, reactive ND as it stands involve complex data-control planes interactions, the hardware needs to interrupt its process and tell the software in case of a cache miss.
This process is not only complicated but subject to DoS attacks and all prone to bugs. The solution eliminates that activity for a new address and that is a major plus for the router. Sadly it does not fix the problem permanently as the cache may be flushed. I believe it is important to mention both early in the draft to better position its value (great) and limits (the Neighbor cache is still a cache so the problem is not eliminated).


===========================================================================================================
Minor
==========================================================================================================="
   1.  A host joins the network and receives a Router Advertisement (RA)
       packet from the first-hop router (either a periodic unsolicited
       RA or a response to a Router Solicitation sent by the host).
"
Maybe clarify that this is a multicast RA sent to all hosts

---------------------------------------------------------------------------------------------------------------------------------------------

"
The
       RA contains information the host needs to perform Stateless
       Address Autoconfiguration ([RFC4862]) and to configure its
       network stack.  
"
You could say "SLAAC and/or DHCPv6" for completeness.

---------------------------------------------------------------------------------------------------------------------------------------------

"
                             As in most cases the RA also contains the link-
       layer address of the router, the host can populate its Neighbor
       Cache with the router's link-local and link-layer addresses.
"
Maybe also clarify in before that sentence that the source IPv6 address of the RA is a link local address of the router (section 4.2 of RFC 4861)

---------------------------------------------------------------------------------------------------------------------------------------------

"
                                                                          Most router
       implementations buffer only one data packet while
"
Is that something you know for sure? Else, you may indicate instead that the standard only requires the router to hold one data packet.

For memory, RFC 4861 section 7.2.2.  "Sending Neighbor Solicitations" says:
"
...
   While waiting for address resolution to complete, the sender MUST,
   for each neighbor, retain a small queue of packets waiting for
   address resolution to complete.  The queue MUST hold at least one
   packet, and MAY contain more.  However, the number of queued packets
   per neighbor SHOULD be limited to some small value.  When a queue
   overflows, the new arrival SHOULD replace the oldest entry.  Once
   address resolution completes, the node transmits any queued packets.
...
"

---------------------------------------------------------------------------------------------------------------------------------------------

"If the host sends multiple probes in parallel"

See my Major comment above. With the description above it seems that the host is shooting itself in the foot doing this. 
Could you justify why the host needs to send multiple probes as opposed to wait for one to succeed?

---------------------------------------------------------------------------------------------------------------------------------------------

"connects to the network for the first time or after a timeout long"

Maybe "inactivity time" is more suitable than "timeout"



---------------------------------------------------------------------------------------------------------------------------------------------

" This option
   requires some investigation and discussions and seems to be excessive
   for the problem described in this document. "

The option itself is not "excessive", it is a technical solution. Maybe you could clarify what is excessive, e.g., the complexity to migrate, to implement and deploy, or the time till a solution is available commercially on all devices.


===========================================================================================================
Nits
===========================================================================================================

"if a host A has an neighbor": an -> a
"same sequence of events happen": happen -> happens




Voila!

Take care,

Pascal

v2.23.0 | Report a Bug | By Email