IETF Logo Mail Archive

Re: [v6ops] WGLC: draft-ietf-v6ops-nd-considerations

Xipengxiao <xipengxiao@huawei.com> Mon, 19 February 2024 15:01 UTC

Return-Path: <xipengxiao@huawei.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC3A4C14F73E for <v6ops@ietfa.amsl.com>; Mon, 19 Feb 2024 07:01:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.903
X-Spam-Level:
X-Spam-Status: No, score=-6.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id usIQPJ13n3ki for <v6ops@ietfa.amsl.com>; Mon, 19 Feb 2024 07:01:13 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0FF1C14F5EE for <v6ops@ietf.org>; Mon, 19 Feb 2024 07:01:00 -0800 (PST)
Received: from mail.maildlp.com (unknown [172.18.186.216]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4TdlxT127jz6K5lK; Mon, 19 Feb 2024 22:57:01 +0800 (CST)
Received: from frapeml500004.china.huawei.com (unknown [7.182.85.22]) by mail.maildlp.com (Postfix) with ESMTPS id D94EB140682; Mon, 19 Feb 2024 23:00:57 +0800 (CST)
Received: from frapeml500004.china.huawei.com (7.182.85.22) by frapeml500004.china.huawei.com (7.182.85.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 19 Feb 2024 16:00:57 +0100
Received: from frapeml500004.china.huawei.com ([7.182.85.22]) by frapeml500004.china.huawei.com ([7.182.85.22]) with mapi id 15.01.2507.035; Mon, 19 Feb 2024 16:00:57 +0100
From: Xipengxiao <xipengxiao@huawei.com>
To: Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org>, Nick Buraglio <buraglio@forwardingplane.net>
CC: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, "v6ops@ietf.org" <v6ops@ietf.org>
Thread-Topic: [v6ops] WGLC: draft-ietf-v6ops-nd-considerations
Thread-Index: AQHaVf4O7WZsSLXSqECKuw8AgxzcuLD3V0YAgAm6EQCAAEH0gIAQiLdA
Date: Mon, 19 Feb 2024 15:00:57 +0000
Message-ID: <ea15cfd6acf64b8fa230020e9bfae652@huawei.com>
References: <BL0PR05MB53163A0B8316FBDD7B94E690AE422@BL0PR05MB5316.namprd05.prod.outlook.com> <CABNhwV2NwrVZys5DBpHQeWjoOV4fzy5zbMA7hR=BJ5dHQxv5yw@mail.gmail.com> <CACMsEX-bhv6WPjkAPLdw6Ah4c+JdjecUiMjs8pwYD1VJrs=Vnw@mail.gmail.com> <CAKD1Yr0qrpBZicxHPiRbh5-AbkS9Y2RtW0rLn7xAE6QKU_noDg@mail.gmail.com>
In-Reply-To: <CAKD1Yr0qrpBZicxHPiRbh5-AbkS9Y2RtW0rLn7xAE6QKU_noDg@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.221.77.201]
Content-Type: multipart/alternative; boundary="_000_ea15cfd6acf64b8fa230020e9bfae652huaweicom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/tnFZCzb76wJ6xlrJ2v7f6Wtl2jQ>
Subject: Re: [v6ops] WGLC: draft-ietf-v6ops-nd-considerations
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Feb 2024 15:01:15 -0000

Hi Lorenzo,

Thank you very much for your review and comments.  This draft will definitely benefit from your ND knowledge and experience. We will issue a new version, and when it’s out, we will provide a detailed response to each one of your comments.

Best regards and thanks again to your help.

XiPeng

From: v6ops <v6ops-bounces@ietf.org> On Behalf Of Lorenzo Colitti
Sent: Friday, February 9, 2024 4:28 AM
To: Nick Buraglio <buraglio@forwardingplane.net>
Cc: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>; v6ops@ietf.org
Subject: Re: [v6ops] WGLC: draft-ietf-v6ops-nd-considerations

I have reviewed this document. I find it useful and well-written and I support publication. Thanks to the authors for aggregating so much ND knowledge and protocols into one operational document.

Comments/suggestions below. I don't think any of them are particularly difficult to address.

Cheers,
Lorenzo


     7. Hosts may use multicast NSs to announce link layer address
        changes.

Should be "multicast NAs".


   In wireless networks, to ensure that the multicast messages reach
   even the remotest hosts, multicast messages are sent at the lowest
   modulation rate.

Should mention that some Wi-Fi networks, particularly enterprise networks, do multicast-to-unicast conversion, where each multicast packet is converted into unicast packets. In principle there could be one unicast packet for each station on the link, or one unicast packet for each member of the multicast group.

Might also mention that many mobile devices drop substantial percentages of multicast traffic on Wi-Fi by listening to only one out of N DTIM beacons.

     . Router's periodic unsolicited RAs: may cause performance issue
        if it is sent frequently [RFC7772].

This seems unlikely to create a performance issue. I think multicast RAs are limited to one packet every 3s, and there are usually only one or two routers. So that's less than one packet per second on average. It might create battery life issues on hosts.


     . Hosts address resolution for hosts: in a large L2 network of N
        hosts, there can be N-square such multicast messages. This may
        cause the largest performance issue.

In theory yes, but in most cases Wi-Fi networks are intended to access off-link resources (e.g., the Internet). In these networks, cross-talk is usually quite rare.


     . Forged RAs: an attacker can send RAs to other hosts to claim to
        be a router and preempt the real router, resulting in a
        Redirect attack.

This should probably mention RA guard (RFC 6105).


     . Without an NCE, a router does not know the IP address of a host
        when SLAAC is used rather than [DHCPv6].

In general I don't think routers will snoop DHCPv6 replies to create ND cache entries. Some networks might do this, but I think most networks probably rely on ND, possibly with ND proxies.

3.8. Gratuitous Neighbor Discovery

Might want to note that hosts can (and do) do this even if the router does not implement GRAND. They send NS for the router's link-local address from their global address, and  This causes the router to create an ND cache entry for the host's global address.


   Therefore, GRAND provides an improvement but does not
   solve the Router-NCE-on-Demand issues. For example, NCE exhaustion
   can still happen.

It can, but if the router prioritizes GRAND-learned entries over general INCOMPLETE entries, NCE exhaustion is effectively mitigated and very unlikely to cause disruption.


   RFC 7772 alleviates the multicast RA issue.

As I said above, this isn't really a performance issue. It definitely can be a battery life issue though.


   RFC 6583 partially
   addresses the Router NCE Exhaustion issue.

I think "partially" is a bit pessimistic. I think RFC 6583 + GRAND effectively mitigates this, no?


   Optimistic DAD
   has not been widely deployed.

I'm not sure that's true. Android deploys it, for example. The main problem with it is that routers aren't allowed to use optimistic DAD, so if the device is doing forwarding (which happens pretty often for many reasons), then it won't be enabled. I think this is a bug in the optimistic DAD RFC. It shouldn't look at whether the device is a host or a router, it should instead look at whether the device is acting as a router for the interface that is sending the DAD packet.

4.3. Applicability of Subnet Isolation with Shared Medium
[...]
   o  All host communication with GUA will go through the router, and
      the router may become a bottleneck.

Should say "all host-to-host communication".


On Fri, Feb 9, 2024 at 8:32 AM Nick Buraglio <buraglio@forwardingplane.net<mailto:buraglio@forwardingplane.net>> wrote:
I also support furthering this draft.

On Fri, Feb 2, 2024 at 1:00 PM Gyan Mishra <hayabusagsm@gmail.com<mailto:hayabusagsm@gmail.com>> wrote:
>
> This draft is well written and highly valuable for operators deploying IPv6.
>
> I support publication.
>
> Thank you
>
> Gyan
>
> On Fri, Feb 2, 2024 at 12:37 PM Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org<mailto:40juniper.net@dmarc.ietf.org>> wrote:
>>
>> Folks,
>>
>> This message initiates a WGLC for draft-ietf-v6ops-nd-considerations. Please submit comments by 2/16/2024.
>>
>>                                                                Ron
>>
>>
>> Juniper Business Use Only
>>
>> _______________________________________________
>> v6ops mailing list
>> v6ops@ietf.org<mailto:v6ops@ietf.org>
>> https://www.ietf.org/mailman/listinfo/v6ops
>
>
>
> --
>
>
> Gyan Mishra
>
> Network Solutions Architect
>
> Email gyan.s.mishra@verizon.com<mailto:gyan.s.mishra@verizon.com>
>
> M 301 502-1347
>
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org<mailto:v6ops@ietf.org>
> https://www.ietf.org/mailman/listinfo/v6ops

_______________________________________________
v6ops mailing list
v6ops@ietf.org<mailto:v6ops@ietf.org>
https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email