Hi Jari,
Thanks for the review. As you did below, I too need to apologize for
the delay in responding. See my responses below:
On Jun 10, 2011, at 3:46 PM, Jari Arkko wrote:
I have reviewed this draft.
I have a number of comments, most of which are at this point
questions and discussion items. The comments are included below in
three categories: technical comments, editorial comments, and
comments relating to feedback from other people that may not been
fully handled yet. In general, the draft is well written and
largely ready to move to a Proposed Standard RFC. However, there
are a couple of issues that we need to discuss: MTU requirements,
recommendations to consider alternative designs that exist only as
Internet Drafts, and the feasibility of the loop check.
I also need to apologize that it has taken far too long for me to
do this review. There's no good excuse, but I've had some number of
other documents in the queue this spring, day job requirements, and
I knew I needed to review this document carefully. The rpl-option
draft is next on my reading queue, probably reviewed by Monday.
Technical: =======
links within a RPL domain SHOULD have a MTU of at least 1280 + 40
(outer IP header) + SRH_MAX_SIZE (+ additional extension headers
or options needed within RPL domain) octets.
I thought that 6LOWPAN was an important link layer for the
application of RPL. Yet, RFC 4944 specifies a MTU of 1280 octets.
The above requirement seems to be in contradiction with what is
available on 6LOWPAN. Am I missing some extension of 6LOWPAN that
changes the MTU, or some other link layer that is expected to be
used with RPL? If I'm not missing anything, wouldn't this cause a
problem? It would seem that either you cannot run RPL on 6LOWPAN,
run 6LOWPAN on non standard MTU values (and we know MTU negotiation
is difficult), or you have to change the expectations of other
nodes in the IPv6 Internet about the minimum assured MTU.
Please clarify/resolve/tell me what I am missing.
Yes, 6LoWPAN is one of the target link layers. I agree that this
statement is problematic with strict adherence to RFC 4944. Note,
however, that there are IEEE 802.15.4 variants (i.e. 802.15.4g) that
support frame lengths up to 2KB. I'm not sure it would be wise to
limit the capabilities of alternative IEEE 802.15.4 link
technologies.
I would propose to remove the cited statement. It is unnecessary
given that the next revision of this draft will require tunneling.
A common network configuration for a RPL domain is that all
nodes within a LLN share a common prefix. The SRH introduces the
CmprI, CmprE, and Pad fields to allow compaction of the
Address[1..n] vector when all entries share the same prefix as
the IPv6 Destination Address field of the packet carrying the
SRH.
So all segments are treated based on how many bytes they have in
common with the destination address. But the destination address
keeps changing as we go through the intermediate hops. Is it
necessary to clarify that the comparison/shared prefix is with the
final destination address, NOT the address that happens to be in
the destination address field currently?
The intent really was to utilize the current IPv6 Destination value
since all entries except the last will carry the same CmprI prefix
bytes. Now, I can see there is an issue when we consider the final
entry controlled by CmprE. The intent was that CmprE would only
differ when operating in "transport mode" and the SRH would thus be
removed according to Section 5 of the draft.
In very specific cases, IPv6-in-IPv6 tunneling may be undesirable
due to the added cost and complexity required to process and
carry a datagram with two IPv6 headers.
[I-D.hui-6man-rpl-headers
<http://tools.ietf.org/html/draft-ietf-6man-rpl-routing-header-03#ref-I-D.hui-6man-rpl-headers>]
describes how to avoid using IPv6-in-IPv6 tunneling in such
specific cases and the risks involved.
This sounds like a recommendation to do something in a draft that
has not been through the working group and approved as the
something that is a sound practice. Unless the reference is
normative, I think it is inappropriate to refer to an Internet
draft in this manner.
What I would recommend is to (1) change the "... SHOULD use
IPv6-in-IPv6 tunneling ..." statement to a MUST in this draft, (2)
remove the above text, and (3) make the corresponding changes to
Section 5. Then we can take hui-6man-rpl-headers through the
working group and provide a second, more light-weight approach that
extends what we have RFC-to-be-draft-ietf-6man-rpl-routing-header.
(FWIW, I think the problem begins when one adds the first byte to a
packet somewhere along the route. It does not not matter so much
how many bytes one adds, just the SRH or also the IP header. Most
of the complications on MTUs and so one start at that point. In any
case, SRHs may not be trivially small either. Assuming 64-bit
prefix compression an SRH for 4 hops would be 40 bytes.)
In general, I agree with your concern. However, after re-reading the
draft, do is it necessary to mandate a particular solution (i.e. RFC
2473)? Instead, how do you feel about the following modified text:
To deliver a datagram, a router MAY specify a source route to reach
the destination using a SRH. There are two cases that determine how
to include an SRH with a datagram.
1. When the source node inserts an SRH, it may do so directly within
the datagram itself.
2. When an intermediate node inserts an SRH, it should do so in a
way that does not cause path MTU issues and ensures ICMP errors
caused by inserting the SRH return to the source of the SRH rather
than the original datagram. One such method is IPv6-in-IPv6
tunneling [RFC 2473].
If such addresses appear more than once and are separated by at
least one address not assigned to that router, the router MUST
drop the packet and SHOULD send an ICMP Parameter Problem, Code
0, to the Source Address.
...
else if 2 or more entries in Address[1..n] are assigned to local
interface and are separated by at least one address not assigned
to local interface { discard the packet }
The text and the code appear to disagree about whether to send an
ICMP Parameter Problem message. Please align. I assume that an ICMP
message is needed.
Agree.
Because this document specifies that SRH is only for use within a
RPL domain, such attacks cannot be mounted from outside the RPL
domain. As described in Section 5
<http://tools.ietf.org/html/draft-ietf-6man-rpl-routing-header-03#section-5>,
RPL Border Routers MUST drop datagrams entering or exiting the
RPL domain that contain a SRH in the IPv6 Extension headers.
This is good, and I think the security considerations are
sufficient. However, I would be happier if the draft also
recommended that by default, non-RPL routers and firewalls should
drop packets with SRH. This would help ensure that SRH does not
accidentally enter any network and expose some vulnerability. The
practical effect that I'm looking for is, for instance, not having
my Linux kernel process SRH unless I've configured it to use RPL.
Agree.
Editorial: ======
In the above scenario, datagrams traveling from source, S, to
destination, D, have the following packet structure:
+------+------+------+--------//-+ | IPv6 | IPv6 | IPv6 | Packet
| | Src | Dst | SRH | Payload |
+------+------+------+--------//-+
This figure is not as clear as it could be. Are the src and dst
field referring to the IPv6 header fields? Would this picture be
better if you showed the IPv6 header explicitly? Please clarify.
Yes, the src and dst fields are IPv6 header fields. Will update the
figure to be more explicit.
CmprE 4-bit unsigned integer. Number of prefix
octets from the segment that are elided. For example, a SRH
carrying a full IPv6 address in Addresses[n] sets CmprE to 0.
I understood the definition CmprI, but I do not understand this, at
least not at the point of the above text. What is "the segment"
that you are referring to above? SRH carries multiple segments.
Please clarify.
Little further down it becomes clear that CmprE refers to the
compression of the last segment. Please make this clear already in
the above text.
Correct. Will clarify in the next revision.
Comments relating to feedback from others:
============================
The ADs have received a question from Joseph Reddy, who was asking
if the set of addresses in the SRH should also include the source
address of the node inserting the SRH. His justification for this
was the need to be able to send an ICMP error back to this node. Do
we have an answer?
When using tunneling, the ICMP error should go back to the source of
the outer IPv6 header.
In April, Thomas Narten made some comments on the list and I didn't
think that the discussion finished with any conclusion. Are his
concerns (e.g., from his e-mail on April 29th) valid or not valid?
I would like the working group to conclude this issue one way or
the other. I refer to his comments regarding the feasibility of the
loop check in particular. His e-mail is at
http://www.ietf.org/mail-archive/web/ipv6/current/msg13887.html
FWIW I agree with Thomas' editorial comment on Section 2 clarity.
That should be easy to fix.
My personal belief is that LLN devices will generally have more
computation capability relative to communication capability, so I'm
not terribly concerned with the processing overhead. That said, I'm
not a fan of the loop check and would prefer less complexity. We
only required such checks to deal with security concerns that have
been raised in the past with RH0. If others feel that the checks are
unnecessary or have alternative suggestions, I'm more than happy to
make the changes.
Thanks.
-- Jonathan Hui
