Re: [VRRP] DISCUSS and COMMENT: draft-ietf-vrrp-unified-spec
"Stephen Nadas" <stephen.nadas@ericsson.com> Mon, 13 July 2009 14:50 UTC
Return-Path: <stephen.nadas@ericsson.com>
X-Original-To: vrrp@core3.amsl.com
Delivered-To: vrrp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 441A33A6D7E; Mon, 13 Jul 2009 07:50:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.484
X-Spam-Level:
X-Spam-Status: No, score=-5.484 tagged_above=-999 required=5 tests=[AWL=1.115, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jNyJKxK54+jU; Mon, 13 Jul 2009 07:50:44 -0700 (PDT)
Received: from imr2.ericy.com (imr2.ericy.com [198.24.6.3]) by core3.amsl.com (Postfix) with ESMTP id 9111E3A67AC; Mon, 13 Jul 2009 07:50:43 -0700 (PDT)
Received: from eusrcmw751.eamcs.ericsson.se (eusrcmw751.exu.ericsson.se [138.85.77.51]) by imr2.ericy.com (8.13.1/8.13.1) with ESMTP id n6DEp7kJ016354; Mon, 13 Jul 2009 09:51:09 -0500
Received: from eusrcmw720.eamcs.ericsson.se ([138.85.77.20]) by eusrcmw751.eamcs.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Mon, 13 Jul 2009 09:50:33 -0500
X-MIMEOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01CA03C9.4610E4CD"
Date: Mon, 13 Jul 2009 09:50:29 -0500
Message-ID: <DF78BDF6956FDD4780D5DAD88A073CF4026B4BCC@eusrcmw720.eamcs.ericsson.se>
In-Reply-To: <20090710100642.CF6BE3A6E3A@core3.amsl.com>
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Thread-Topic: DISCUSS and COMMENT: draft-ietf-vrrp-unified-spec
Thread-Index: AcoBRjcl6XUnEy5lTEaoyxOWB1e1WwCfZnbA
References: <20090710100642.CF6BE3A6E3A@core3.amsl.com>
From: Stephen Nadas <stephen.nadas@ericsson.com>
To: Jari Arkko <jari.arkko@piuha.net>, iesg@ietf.org
X-OriginalArrivalTime: 13 Jul 2009 14:50:33.0358 (UTC) FILETIME=[462462E0:01CA03C9]
X-Mailman-Approved-At: Tue, 14 Jul 2009 00:35:34 -0700
Cc: vrrp-chairs@tools.ietf.org, draft-ietf-vrrp-unified-spec@tools.ietf.org, vrrp@ietf.org
Subject: Re: [VRRP] DISCUSS and COMMENT: draft-ietf-vrrp-unified-spec
X-BeenThere: vrrp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Router Redundancy Protocol <vrrp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/vrrp>, <mailto:vrrp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vrrp>
List-Post: <mailto:vrrp@ietf.org>
List-Help: <mailto:vrrp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vrrp>, <mailto:vrrp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jul 2009 14:50:45 -0000
Hi Jari, 1) As to VRRP and SEND, is this text agreeable to you? In the context of IPv6 operation, if SEcure Neighbor Discovery (SEND) is deployed, VRRP is s compatible with the "trust anchor" and "trust anchor or cga" modes of SEND [RFC3971]. The (SEND) configuration needs to give the master and backup routers the same prefix delegation in the certificates so that master and backup routers advertize the same set of subnet prefixes. However, the master and backup routers should have their own key pairs to avoid private key sharing. 2) As to "Requirement to send router advertisements is in 6.4.2 but not in 6.4.3, why?" (I realized it's not so easy to discuss this and be sure we are discussing the same things, so please see attached where I added line #s to identify (it's just 6.4.1 thri 6.4.3). I'm not sure I love this approach, but it it at least clrifying...) I think you are talking about in section 6.4.2 (395) (?) which occurs on backup -> master transition. But in 6.4.3 (630) says to send RA. I don't yet understand your comment, can you clarify? 3) as to "In Section 6.4.3, the Accept_Mode flag is only checked in the IPv6 branch of the code, is this correct?" This looks like a good catch. Looks like I should add an analogue of (635) after (610). 4) as to "In Section 6.4.3, I don't understand how there's first a MUST statement on responding to Neighbor Solicitations, and then two steps later a conditional statement based on the value of Accept_Mode, again on the the same thing, responding to NSes." I think this is in connection with (625) and (635). (635) was to cover this case: http://www.ietf.org/mail-archive/web/vrrp/current/msg00806.html Thanks, Steve -----Original Message----- From: Jari Arkko [mailto:jari.arkko@piuha.net] Sent: Friday, July 10, 2009 6:07 AM To: iesg@ietf.org Cc: vrrp-chairs@tools.ietf.org; draft-ietf-vrrp-unified-spec@tools.ietf.org Subject: DISCUSS and COMMENT: draft-ietf-vrrp-unified-spec Discuss: This is a well written specification, and I'm prepared to ballot Yes on it. However, there were three issues (1 left) that deserve some discussion and probably small modifications are needed before this can happen. Two of the issues relate to apparently missing information, and one may be either a simple mistake or I misunderstood something. >In the context of IPv6 operation, if SEcure Neighbor Discovery (SEND) >[RFC3791] is deployed, VRRP authentication could be usefully added, >because misconfiguration of secrets will not be an issue. Routers with >different secrets will have different IPv6 addresses, and therefore >there will be no issue with multiple masters with the same >IPv6 (and MAC) addresses. Also, SEND will prevent malicious routers >from sending misleading ND messages. Hmm. As an author of RFC 3971 it is not quite clear to me what you mean above. First of all, no "secrets" are involved in RFC 3971, only key pairs for CGA addresses. Secondly, it is not required for routers to employ the CGA part of SEND; in most cases I would expect the configuration of certificates for prefix::1 or something like that. Thirdly, I do not understand why there is no issue, because the backup taking over, because then the backup has to authoratively sign the NAs and RAs it is sending, for the primary's address. If the "trust anchor and cga" mode from RFC 3971 is used, the private key would have to be shared, or this would not work at all. And private key sharing is not necessarily a good idea. I would recommend saying this: - VRRP is compatible with "trust anchor" and "trust anchor or cga" modes of SEND - The configuration needs to give the two routers the same prefix delegation in the certificates - But still, the routers should have their own key pairs (Further modes are possible when the CSI WG gets some work done.) Comment: I think the new version is a significant improvement, and I have decided to clear the ND and virtual MAC related parts of my Discuss. However, I still think there's something wrong with some of the text, e.g., Requirement to send router advertisements is in 6.4.2 but not in 6.4.3, why? In Section 6.4.3, the Accept_Mode flag is only checked in the IPv6 branch of the code, is this correct? In Section 6.4.3, I don't understand how there's first a MUST statement on responding to Neighbor Solicitations, and then two steps later a conditional statement based on the value of Accept_Mode, again on the the same thing, responding to NSes.
- Re: [VRRP] DISCUSS and COMMENT: draft-ietf-vrrp-u… Stephen Nadas
- Re: [VRRP] DISCUSS and COMMENT: draft-ietf-vrrp-u… Stephen Nadas