Re: [v6ops] WGLC: draft-ietf-v6ops-nd-considerations
Lorenzo Colitti <lorenzo@google.com> Fri, 09 February 2024 03:28 UTC
Return-Path: <lorenzo@google.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 876CDC14F71F for <v6ops@ietfa.amsl.com>; Thu, 8 Feb 2024 19:28:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.606
X-Spam-Level:
X-Spam-Status: No, score=-17.606 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Go0Bv05gqW2 for <v6ops@ietfa.amsl.com>; Thu, 8 Feb 2024 19:28:33 -0800 (PST)
Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1914CC14F6B8 for <v6ops@ietf.org>; Thu, 8 Feb 2024 19:28:33 -0800 (PST)
Received: by mail-ej1-x632.google.com with SMTP id a640c23a62f3a-a38271c0bd5so60123566b.0 for <v6ops@ietf.org>; Thu, 08 Feb 2024 19:28:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1707449311; x=1708054111; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=JF3RlX4Ab5EYsB1rNZIoAlbb8DqvHn7j5AjZ4Nd86q8=; b=w+ALsImLJAKXysbxFmwmkxkNeEtJcypoLm8AUlFU7dmh6ZiaaAyzL3DED/BbiivjDj pUA4EdbbL05kt+aNzR2S75WjVVHY9P+0NC65GONSwj6Sm27FDOv0ymLYuFFBSkY7od/m pG8Bfv3dGhdrKTODbWD+24tX0JM5kuS6K38S+dIjQ3Z18QbToLPlUC2LTW5+Oog1Rzmg KyxkyQr4JGsRE3pTo3Db6kv2zGOyx+nJ1QPw3jY4Mq1i3iuph69lgjSZ0cnM3BBm8Qpq R8jmAOmW/VtEAM+2hBlKnNhL5Wq8M4gnsF81APU5ODq6bZaWBqfmhC9u4tRkbM+VGf23 bMFg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707449311; x=1708054111; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=JF3RlX4Ab5EYsB1rNZIoAlbb8DqvHn7j5AjZ4Nd86q8=; b=VQdtO5zPn+sq42mZHZG6JX7rRekXtzdIKmDVj3I0UlkoLj7no01M6FDIKA2ZG7e423 YqpFMXr9prp/Zf6cPquPjzEKqSUUCgkSJ+XLmvAE/287/OQl0HyNiq5geqA9Zecqi0eE EKOh7neGLEMV79/xG21oGEj+fdI8PkWi1YuUIV6j4NSe/oiw/eS5ZKeoio/yKnqrUfRF U4ReymyLxZBeoPOb9mMSer6DDtOhATrqolLslpoLIPqb+svEuRSxDWYehVFEusfIm3rm cSytfpfUylbVTq+QbbuKwnukTcQ6wkeAEoDCw+p62TrsoSDioIkDKObKUkfcDsbOzXmw 7V0Q==
X-Gm-Message-State: AOJu0Yzi7FhoiSDNqT7kHKEYMAhneDsEckGlN3otm8rbicUlLIdFtOKb kC/AOkgvahuA1WbmuiKBGlA878RSsDn98eKdSZfGjZ0ERr+g4B43hTXIox/isBEPjQIVlwvE0hz Oti34nW4ugi4aa8uMKpSphVYgAAYWRntCz4Ky
X-Google-Smtp-Source: AGHT+IFpHY1xfBex3BBfFFq7xiPaIKsjr1cyZkkmfQp6nVxsKA0UhaN312eqnIJwUf9OwtK6yBtO5m1X10zkrA/kdq0=
X-Received: by 2002:a17:906:37d4:b0:a37:b8fb:50e0 with SMTP id o20-20020a17090637d400b00a37b8fb50e0mr173783ejc.52.1707449310708; Thu, 08 Feb 2024 19:28:30 -0800 (PST)
MIME-Version: 1.0
References: <BL0PR05MB53163A0B8316FBDD7B94E690AE422@BL0PR05MB5316.namprd05.prod.outlook.com> <CABNhwV2NwrVZys5DBpHQeWjoOV4fzy5zbMA7hR=BJ5dHQxv5yw@mail.gmail.com> <CACMsEX-bhv6WPjkAPLdw6Ah4c+JdjecUiMjs8pwYD1VJrs=Vnw@mail.gmail.com>
In-Reply-To: <CACMsEX-bhv6WPjkAPLdw6Ah4c+JdjecUiMjs8pwYD1VJrs=Vnw@mail.gmail.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Fri, 09 Feb 2024 12:28:17 +0900
Message-ID: <CAKD1Yr0qrpBZicxHPiRbh5-AbkS9Y2RtW0rLn7xAE6QKU_noDg@mail.gmail.com>
To: Nick Buraglio <buraglio@forwardingplane.net>
Cc: Gyan Mishra <hayabusagsm@gmail.com>, Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, "v6ops@ietf.org" <v6ops@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a3cf990610ea85e6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/xocIJ7VbhjPOFVcQtxTAVfvM-7w>
Subject: Re: [v6ops] WGLC: draft-ietf-v6ops-nd-considerations
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Feb 2024 03:28:35 -0000
I have reviewed this document. I find it useful and well-written and I
support publication. Thanks to the authors for aggregating so much ND
knowledge and protocols into one operational document.
Comments/suggestions below. I don't think any of them are particularly
difficult to address.
Cheers,
Lorenzo
7. Hosts may use multicast NSs to announce link layer address
changes.
Should be "multicast NAs".
In wireless networks, to ensure that the multicast messages reach
even the remotest hosts, multicast messages are sent at the lowest
modulation rate.
Should mention that some Wi-Fi networks, particularly enterprise networks,
do multicast-to-unicast conversion, where each multicast packet is
converted into unicast packets. In principle there could be one unicast
packet for each station on the link, or one unicast packet for each member
of the multicast group.
Might also mention that many mobile devices drop substantial percentages of
multicast traffic on Wi-Fi by listening to only one out of N DTIM beacons.
. Router's periodic unsolicited RAs: may cause performance issue
if it is sent frequently [RFC7772].
This seems unlikely to create a performance issue. I think multicast RAs
are limited to one packet every 3s, and there are usually only one or two
routers. So that's less than one packet per second on average. It might
create battery life issues on hosts.
. Hosts address resolution for hosts: in a large L2 network of N
hosts, there can be N-square such multicast messages. This may
cause the largest performance issue.
In theory yes, but in most cases Wi-Fi networks are intended to access
off-link resources (e.g., the Internet). In these networks, cross-talk is
usually quite rare.
. Forged RAs: an attacker can send RAs to other hosts to claim to
be a router and preempt the real router, resulting in a
Redirect attack.
This should probably mention RA guard (RFC 6105).
. Without an NCE, a router does not know the IP address of a host
when SLAAC is used rather than [DHCPv6].
In general I don't think routers will snoop DHCPv6 replies to create ND
cache entries. Some networks might do this, but I think most networks
probably rely on ND, possibly with ND proxies.
3.8. Gratuitous Neighbor Discovery
Might want to note that hosts can (and do) do this even if the router does
not implement GRAND. They send NS for the router's link-local address from
their global address, and This causes the router to create an ND cache
entry for the host's global address.
Therefore, GRAND provides an improvement but does not
solve the Router-NCE-on-Demand issues. For example, NCE exhaustion
can still happen.
It can, but if the router prioritizes GRAND-learned entries over general
INCOMPLETE entries, NCE exhaustion is effectively mitigated and very
unlikely to cause disruption.
RFC 7772 alleviates the multicast RA issue.
As I said above, this isn't really a performance issue. It definitely can
be a battery life issue though.
RFC 6583 partially
addresses the Router NCE Exhaustion issue.
I think "partially" is a bit pessimistic. I think RFC 6583 + GRAND
effectively mitigates this, no?
Optimistic DAD
has not been widely deployed.
I'm not sure that's true. Android deploys it, for example. The main problem
with it is that routers aren't allowed to use optimistic DAD, so if the
device is doing forwarding (which happens pretty often for many reasons),
then it won't be enabled. I think this is a bug in the optimistic DAD RFC.
It shouldn't look at whether the device is a host or a router, it should
instead look at whether the device is acting as a router for the interface
that is sending the DAD packet.
4.3. Applicability of Subnet Isolation with Shared Medium
[...]
o All host communication with GUA will go through the router, and
the router may become a bottleneck.
Should say "all host-to-host communication".
On Fri, Feb 9, 2024 at 8:32 AM Nick Buraglio <buraglio@forwardingplane.net>
wrote:
> I also support furthering this draft.
>
> On Fri, Feb 2, 2024 at 1:00 PM Gyan Mishra <hayabusagsm@gmail.com> wrote:
> >
> > This draft is well written and highly valuable for operators deploying
> IPv6.
> >
> > I support publication.
> >
> > Thank you
> >
> > Gyan
> >
> > On Fri, Feb 2, 2024 at 12:37 PM Ron Bonica <rbonica=
> 40juniper.net@dmarc.ietf.org> wrote:
> >>
> >> Folks,
> >>
> >> This message initiates a WGLC for draft-ietf-v6ops-nd-considerations.
> Please submit comments by 2/16/2024.
> >>
> >> Ron
> >>
> >>
> >> Juniper Business Use Only
> >>
> >> _______________________________________________
> >> v6ops mailing list
> >> v6ops@ietf.org
> >> https://www.ietf.org/mailman/listinfo/v6ops
> >
> >
> >
> > --
> >
> >
> > Gyan Mishra
> >
> > Network Solutions Architect
> >
> > Email gyan.s.mishra@verizon.com
> >
> > M 301 502-1347
> >
> >
> > _______________________________________________
> > v6ops mailing list
> > v6ops@ietf.org
> > https://www.ietf.org/mailman/listinfo/v6ops
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>
- [v6ops] WGLC: draft-ietf-v6ops-nd-considerations Ron Bonica
- Re: [v6ops] WGLC: draft-ietf-v6ops-nd-considerati… Gyan Mishra
- Re: [v6ops] WGLC: draft-ietf-v6ops-nd-considerati… Nick Buraglio
- Re: [v6ops] WGLC: draft-ietf-v6ops-nd-considerati… Lorenzo Colitti
- Re: [v6ops] WGLC: draft-ietf-v6ops-nd-considerati… Xipengxiao
- Re: [v6ops] WGLC: draft-ietf-v6ops-nd-considerati… Xipengxiao
- Re: [v6ops] WGLC: draft-ietf-v6ops-nd-considerati… Ron Bonica