Re: [v6ops] WGLC: draft-ietf-v6ops-nd-considerations
Lorenzo Colitti <lorenzo@google.com> Fri, 09 February 2024 03:28 UTC
Return-Path: <lorenzo@google.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 876CDC14F71F for <v6ops@ietfa.amsl.com>; Thu, 8 Feb 2024 19:28:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.606
X-Spam-Level:
X-Spam-Status: No, score=-17.606 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Go0Bv05gqW2 for <v6ops@ietfa.amsl.com>; Thu, 8 Feb 2024 19:28:33 -0800 (PST)
Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1914CC14F6B8 for <v6ops@ietf.org>; Thu, 8 Feb 2024 19:28:33 -0800 (PST)
Received: by mail-ej1-x632.google.com with SMTP id a640c23a62f3a-a38271c0bd5so60123566b.0 for <v6ops@ietf.org>; Thu, 08 Feb 2024 19:28:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1707449311; x=1708054111; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=JF3RlX4Ab5EYsB1rNZIoAlbb8DqvHn7j5AjZ4Nd86q8=; b=w+ALsImLJAKXysbxFmwmkxkNeEtJcypoLm8AUlFU7dmh6ZiaaAyzL3DED/BbiivjDj pUA4EdbbL05kt+aNzR2S75WjVVHY9P+0NC65GONSwj6Sm27FDOv0ymLYuFFBSkY7od/m pG8Bfv3dGhdrKTODbWD+24tX0JM5kuS6K38S+dIjQ3Z18QbToLPlUC2LTW5+Oog1Rzmg KyxkyQr4JGsRE3pTo3Db6kv2zGOyx+nJ1QPw3jY4Mq1i3iuph69lgjSZ0cnM3BBm8Qpq R8jmAOmW/VtEAM+2hBlKnNhL5Wq8M4gnsF81APU5ODq6bZaWBqfmhC9u4tRkbM+VGf23 bMFg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707449311; x=1708054111; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=JF3RlX4Ab5EYsB1rNZIoAlbb8DqvHn7j5AjZ4Nd86q8=; b=VQdtO5zPn+sq42mZHZG6JX7rRekXtzdIKmDVj3I0UlkoLj7no01M6FDIKA2ZG7e423 YqpFMXr9prp/Zf6cPquPjzEKqSUUCgkSJ+XLmvAE/287/OQl0HyNiq5geqA9Zecqi0eE EKOh7neGLEMV79/xG21oGEj+fdI8PkWi1YuUIV6j4NSe/oiw/eS5ZKeoio/yKnqrUfRF U4ReymyLxZBeoPOb9mMSer6DDtOhATrqolLslpoLIPqb+svEuRSxDWYehVFEusfIm3rm cSytfpfUylbVTq+QbbuKwnukTcQ6wkeAEoDCw+p62TrsoSDioIkDKObKUkfcDsbOzXmw 7V0Q==
X-Gm-Message-State: AOJu0Yzi7FhoiSDNqT7kHKEYMAhneDsEckGlN3otm8rbicUlLIdFtOKb kC/AOkgvahuA1WbmuiKBGlA878RSsDn98eKdSZfGjZ0ERr+g4B43hTXIox/isBEPjQIVlwvE0hz Oti34nW4ugi4aa8uMKpSphVYgAAYWRntCz4Ky
X-Google-Smtp-Source: AGHT+IFpHY1xfBex3BBfFFq7xiPaIKsjr1cyZkkmfQp6nVxsKA0UhaN312eqnIJwUf9OwtK6yBtO5m1X10zkrA/kdq0=
X-Received: by 2002:a17:906:37d4:b0:a37:b8fb:50e0 with SMTP id o20-20020a17090637d400b00a37b8fb50e0mr173783ejc.52.1707449310708; Thu, 08 Feb 2024 19:28:30 -0800 (PST)
MIME-Version: 1.0
References: <BL0PR05MB53163A0B8316FBDD7B94E690AE422@BL0PR05MB5316.namprd05.prod.outlook.com> <CABNhwV2NwrVZys5DBpHQeWjoOV4fzy5zbMA7hR=BJ5dHQxv5yw@mail.gmail.com> <CACMsEX-bhv6WPjkAPLdw6Ah4c+JdjecUiMjs8pwYD1VJrs=Vnw@mail.gmail.com>
In-Reply-To: <CACMsEX-bhv6WPjkAPLdw6Ah4c+JdjecUiMjs8pwYD1VJrs=Vnw@mail.gmail.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Fri, 09 Feb 2024 12:28:17 +0900
Message-ID: <CAKD1Yr0qrpBZicxHPiRbh5-AbkS9Y2RtW0rLn7xAE6QKU_noDg@mail.gmail.com>
To: Nick Buraglio <buraglio@forwardingplane.net>
Cc: Gyan Mishra <hayabusagsm@gmail.com>, Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, "v6ops@ietf.org" <v6ops@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a3cf990610ea85e6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/xocIJ7VbhjPOFVcQtxTAVfvM-7w>
Subject: Re: [v6ops] WGLC: draft-ietf-v6ops-nd-considerations
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Feb 2024 03:28:35 -0000
I have reviewed this document. I find it useful and well-written and I support publication. Thanks to the authors for aggregating so much ND knowledge and protocols into one operational document. Comments/suggestions below. I don't think any of them are particularly difficult to address. Cheers, Lorenzo 7. Hosts may use multicast NSs to announce link layer address changes. Should be "multicast NAs". In wireless networks, to ensure that the multicast messages reach even the remotest hosts, multicast messages are sent at the lowest modulation rate. Should mention that some Wi-Fi networks, particularly enterprise networks, do multicast-to-unicast conversion, where each multicast packet is converted into unicast packets. In principle there could be one unicast packet for each station on the link, or one unicast packet for each member of the multicast group. Might also mention that many mobile devices drop substantial percentages of multicast traffic on Wi-Fi by listening to only one out of N DTIM beacons. . Router's periodic unsolicited RAs: may cause performance issue if it is sent frequently [RFC7772]. This seems unlikely to create a performance issue. I think multicast RAs are limited to one packet every 3s, and there are usually only one or two routers. So that's less than one packet per second on average. It might create battery life issues on hosts. . Hosts address resolution for hosts: in a large L2 network of N hosts, there can be N-square such multicast messages. This may cause the largest performance issue. In theory yes, but in most cases Wi-Fi networks are intended to access off-link resources (e.g., the Internet). In these networks, cross-talk is usually quite rare. . Forged RAs: an attacker can send RAs to other hosts to claim to be a router and preempt the real router, resulting in a Redirect attack. This should probably mention RA guard (RFC 6105). . Without an NCE, a router does not know the IP address of a host when SLAAC is used rather than [DHCPv6]. In general I don't think routers will snoop DHCPv6 replies to create ND cache entries. Some networks might do this, but I think most networks probably rely on ND, possibly with ND proxies. 3.8. Gratuitous Neighbor Discovery Might want to note that hosts can (and do) do this even if the router does not implement GRAND. They send NS for the router's link-local address from their global address, and This causes the router to create an ND cache entry for the host's global address. Therefore, GRAND provides an improvement but does not solve the Router-NCE-on-Demand issues. For example, NCE exhaustion can still happen. It can, but if the router prioritizes GRAND-learned entries over general INCOMPLETE entries, NCE exhaustion is effectively mitigated and very unlikely to cause disruption. RFC 7772 alleviates the multicast RA issue. As I said above, this isn't really a performance issue. It definitely can be a battery life issue though. RFC 6583 partially addresses the Router NCE Exhaustion issue. I think "partially" is a bit pessimistic. I think RFC 6583 + GRAND effectively mitigates this, no? Optimistic DAD has not been widely deployed. I'm not sure that's true. Android deploys it, for example. The main problem with it is that routers aren't allowed to use optimistic DAD, so if the device is doing forwarding (which happens pretty often for many reasons), then it won't be enabled. I think this is a bug in the optimistic DAD RFC. It shouldn't look at whether the device is a host or a router, it should instead look at whether the device is acting as a router for the interface that is sending the DAD packet. 4.3. Applicability of Subnet Isolation with Shared Medium [...] o All host communication with GUA will go through the router, and the router may become a bottleneck. Should say "all host-to-host communication". On Fri, Feb 9, 2024 at 8:32 AM Nick Buraglio <buraglio@forwardingplane.net> wrote: > I also support furthering this draft. > > On Fri, Feb 2, 2024 at 1:00 PM Gyan Mishra <hayabusagsm@gmail.com> wrote: > > > > This draft is well written and highly valuable for operators deploying > IPv6. > > > > I support publication. > > > > Thank you > > > > Gyan > > > > On Fri, Feb 2, 2024 at 12:37 PM Ron Bonica <rbonica= > 40juniper.net@dmarc.ietf.org> wrote: > >> > >> Folks, > >> > >> This message initiates a WGLC for draft-ietf-v6ops-nd-considerations. > Please submit comments by 2/16/2024. > >> > >> Ron > >> > >> > >> Juniper Business Use Only > >> > >> _______________________________________________ > >> v6ops mailing list > >> v6ops@ietf.org > >> https://www.ietf.org/mailman/listinfo/v6ops > > > > > > > > -- > > > > > > Gyan Mishra > > > > Network Solutions Architect > > > > Email gyan.s.mishra@verizon.com > > > > M 301 502-1347 > > > > > > _______________________________________________ > > v6ops mailing list > > v6ops@ietf.org > > https://www.ietf.org/mailman/listinfo/v6ops > > _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops >
- [v6ops] WGLC: draft-ietf-v6ops-nd-considerations Ron Bonica
- Re: [v6ops] WGLC: draft-ietf-v6ops-nd-considerati… Gyan Mishra
- Re: [v6ops] WGLC: draft-ietf-v6ops-nd-considerati… Nick Buraglio
- Re: [v6ops] WGLC: draft-ietf-v6ops-nd-considerati… Lorenzo Colitti
- Re: [v6ops] WGLC: draft-ietf-v6ops-nd-considerati… Xipengxiao
- Re: [v6ops] WGLC: draft-ietf-v6ops-nd-considerati… Xipengxiao
- Re: [v6ops] WGLC: draft-ietf-v6ops-nd-considerati… Ron Bonica