date:20111019

Re: [homenet] Thoughts about ipv6 routing (babel AHCP)

2011-10-19 Thread Pascal Thubert (pthubert)

Hello David

[David] Now, in reviewing this thread, I was disappointed to see that my ipv6 
routing protocol of choice (babel) has not been discussed so far to any extent. 
While this protocol is somewhat new, an rfc and working code both exist, and 
working code has existed for several years.

[Pascal ] I can only confirm from almost 10 years of implementing and 
experimenting the principles used in Babel that they are very sound (I started 
using them with nested networks of mobile routers, see 
http://tools.ietf.org/html/draft-thubert-tree-discovery )

And if you look at it, you'll find that BABEL builds its routing tree towards a 
destination using the same base principles as RPL builds its DODAG towards its 
root, DV operations with the same feasibility conditions and sequenced updates.

After that RPL provides a number of optimizations:

- RPL recognizes that most traffic goes through a limited number of gateways 
and only builds DODAGs off these gateways. This fits the classical wiring in a 
house, which is mostly hub/spoke and in any case a tree, simply because that's 
what electricians learn at school. From there, the default route can be heavily 
used, which saves states and more importantly states updates. 

- RPL has triggered updates dampening for large / dense configs (based on 
trickle); you'll note that there is no global triggered update (RPL looks more 
like DSDV than BABEL for that matter), only local. These local updates allow 
quick local repairs that avoid impacting the whole network when the use plays 
with the wireless settings in its stereo gear.

- RPL has tunable elasticity on the feasibility conditions, which, when used, 
may create loops. This is compensated by an in-band packet validation. This 
adaptation is specialized for operations such as WSN where there are very few 
packets and battery conservation is critical, which is true for home 
automation, and can be turned off for more classical operations.

- RPL has another inheritance from DUAL which allows poisoning a sub-DODAG by 
detaching it and then later reattaching it to the main DODAG. The shape of the 
sub DODAG can be retained and routing is maintained within, a feature that 
users might appreciate should a home gateway reboot, which in my experience 
happens quite often.

- With RPL, all routing inside the DODAG that is built for a given root 
(gateway, backbone router) exploits the DODAG topology so there is only one 
topology to maintain for all nodes in the DODAG as opposed to one topology per 
destination. Routing might be stretched as packets have to go up to the common 
parent and then down, but this allows a heavy utilization of the default route 
which in turn saves states maintenance and improves mobility. Users actually 
wear devices, move through the house, and expect that we maintain enough 
connectivity to stream media. 

- Instead of having different topologies per destination, RPL allows multiple 
instances that build their own topologies for their goals and constraints, and 
enables routing along those topologies. This solves in particular the walled 
garden problem we already discussed in this list, for instance for routing 
Utility packets from/to the Utility gateway which happens naturally if the 
utility packets are placed onto the RPL topology that is associated to the 
Utility. 

- RPL is partially autonomic, in that it distributes its own configuration as 
the DODAG builds off the root. If configuration is required to indicate a 
certain optimization, then that configuration can be pushed by the service 
provider onto the gateway, and it will be passed on by the protocol. But I'd 
think that being autonomic is quite critical. Interestingly, there's also 
intense research around that subject in Europe, see for instance AFI at ETSI.

- RPL is designed for multilink subnets, and in particular it distributes the 
information that routers will need of they need to form RAs, though the exact 
operation for doing it was taken off the spec. MLSN is quite useful to avoid 
renumbering devices that move inside the house, and it is seen as a MUST in 
industrial environments.

- RPL is designed to be complemented by a task-specific plug-in called 
objective function, which understands and adapts the operations to the metrics 
and constraints. Built-in OFs are quite abstract because they are very generic, 
but this group and others are free to define their own OF to map their needs. 

I have yet to understand which of the points above are required as opposed to 
nice-to-have for the HOMENET as the groups sees it.

[David]  The future inside the home is mostly wireless, not wired... and as 
many of the assumptions built into ipv6, dhcp, dhcpv6, ra announcements, etc 
completely predate the rise of wireless everywhere, they tend to be, well... 
wrong.

[Pascal ]  I agree, with a twist that IPv6 is provenly quite capable to adapt 
and survive. The work at 6LoWPAN on ND is ample demonstration of that, isn't

Re: [homenet] Thoughts about ipv6 routing (babel AHCP)

2011-10-19 Thread Jim Gettys

On 10/19/2011 03:43 AM, Ole Troan wrote:
 you aren't helping things work better by doing 6to4.
 please disabled by default, if you absolutely want to support it at all, hide 
 it somewhere under the Wizard menus.


Actually, 6to4 works really well on Comcast since they installed
production 6to4 relays that are geographically dispersed.

Whether 6to4 should be on by default, given the lack of decent relays in
many parts of the world is a different question we can discuss.  I don't
think hiding it entirely is a good idea, given that this is the largest
ISP in the U.S. (world?).

This is, of course soluble by ISP's; not having much IPv6 traffic is a
self fulfilling prophesy if it doesn't get tested, and it won't get
tested unless there is traffic, etc  And without relays, 6to4 sucks,
and so on...

- Jim

___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] security question for zeroconf stuff inside the homenet...

2011-10-19 Thread Joe Touch




On 10/19/2011 12:30 PM, Curtis Villamizar wrote:


In message28269.1318994...@marajade.sandelman.ca
Michael Richardson writes:




Curtis == Curtis Villamizarcur...@occnc.com  writes:

 Curtis  A WiFi AP will not connect to another AP and wireless
 Curtis  routers are typically AP by default.  So if two wireless
 Curtis  routers autoconfig to being AP and using open routing, then

OUT OF THE BOX:  not every device plugged into a home network have
 no prior configuration.  For instance, someone bringing a newsed
 device to grandma's house.


He who configures it needs to fix it.  Or press the factory default
button (if there is one).  The example is two AP.  Most AP can be
restored to factory default with a button press.


What happens if you have two of them and they're BOTH configured to boot 
as the master home access point?


...

 Curtis  there is only a risk if something that is an WiFi client is
 Curtis  also a configured to be a router.


Yes, but we want to assume that at least one of these will be configured 
as a router as a default, which means we KNOW someone will turn on two 
of them



On BSD and I suspect Linux as well, the default for:

   net.inet.ip.forwarding
   net.inet6.ip6.forwarding

are both zero.


Right, but that cannot be the default for a homenet box.

Joe
___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] is this what homenet are trying to achieve? (was Re: Thoughts about routing

2011-10-19 Thread Curtis Villamizar


In message 4e9eb8fd.2060...@riw.us
Russ White writes:
 
  
  1. No built in assumptions about whether a router has an uplink port
 and if so, which port it is.
  
 d.  assumptions about uplinks may be learned (zero config) or
 configured.
  
 The biggest problem with determining what's an uplink and what's not
 is simply what the word uplink actually means. One of the things we've
 been thinking about here is walled gardens, networks which serve a
 special purpose, and hence don't have connectivity to the world at
 large. There are probably only two solutions here:
  
 1. The provider's device needs to tell you this information.
 2. You need a set of magic destinations, that the internal devices can
 use to orient themselves to the network topology around them.

Its easy to detect a walled garden if you are expecting a default
route from a full uplink.

Use the route to the whole Internet if one is available.  Otherwise,
use the walled garden connection if that is all you have.

Walled gardens really suck.  They suck even worse when they are sold
as having access to the Internet when they don't.

  We have to get rid of long lease times.  If a connection goes up, its
  
 The problem here is that you're working against the rest of the world,
 which assumes an IP address is pretty much a permanent feature of a
 device, like a MAC address. I don't know how to change that mentality.

Yes.  If plugging things arbitrarily and rearranging them without
powering any of it down is going to work, handing out long leases to
legacy devices can't be done.  If a device supports taking back a
lease, then that is better.

Note that I had a perfectly fine workaround, which was to NAT for any
device that wouldn't give up on using an old address if that address
became stale.

  #4.  security
  
a.  No filtering should be done on a link that is not identified as
an uplink.
  
 As long as you're okay with multiple layered devices each filtering on
 their uplinks (not necessarily a bad thing, by the way). I tend to think
 more in terms of domains, which included possible vertical divides as
 well as horizontal ones.

An uplink is a connection to the provider.  It is discovered, not
identified as the port with the yellow connector.

Reread the very first sentence you quoted:

  No built in assumptions about whether a router has an uplink port
  and if so, which port it is.

b.  By default strong filtering should be enabled on any uplink.
  
c.  Filtering can be weakenned, holes punched through, or disabled
by configuration.
  
 Agreed.

OK

a.  DV and LS routing can mixed within a domain.  DV routes can be
  
 In fact, OSPF already does this... What I hate is this entire idea of
 redistribution. A single protocol that does both DV and LS in the
 right places would be ideal --but I also think the existing DV protocols
 can be modified to provide this sort of thing.

I was trying to help come to a compromise on the grand unified
routing protocol problem by stating that we don't need a one size
fits all routing protocol.  We can have one for wired, one for
AP style wireless, one for mesh wireless.

  For (a) we should recommend one.  OSPF is full standard and is cleaner
  but we have v2 for IPv4 and v3 for IPv6.  ISIS has NSAPs as router ID
  (even uglier than IPv6 addresses or MACs and must be unique), sends
  around really big packets even for small changes, but supports both
  IPv4 and IPv6 in one instance and is (strongly) prefered by some.
  
 I would argue that the router ID situation in IS-IS is actually easier
 to deal with than the one in OSPF. With fragmented LSPs, I don't think
 the packet size in IS-IS is any worse than OSPF, either (?).

On packet size: OSPF doesn't have a requirement to round every hello
packet up MTU which ISIS does.  OSPF can send only the LSA that
changed.  ISIS has to send the whole LSPDU fragment which contains the
change and then the receiver has to check every TLV in the packet that
didn't change and find the one that did change.

Perhaps there can be a negociation with the zero config default being
a slight preference for X where each vendor gets to pick X and the
slight preference could be overridden by a configured (strong)
preference.  Perhaps distance to any router with a configured
preference can be a tie breaker to switch over (with *lots* of
hysteresis on the switch over).  If we can't pick one then we have
to make a network interoperate in a zero config situation with vendors
that had different slight preference choices.  It means two routing
protocols with the increase in executable image and memory footprint.

 :-)
  
 Russ

Curtis
___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] security question for zeroconf stuff inside the homenet...

2011-10-19 Thread Curtis Villamizar


In message 4e9f3e69.90...@isi.edu
Joe Touch writes:
 
 On 10/19/2011 12:30 PM, Curtis Villamizar wrote:
 
  In message28269.1318994...@marajade.sandelman.ca
  Michael Richardson writes:
 
 
  Curtis == Curtis Villamizarcur...@occnc.com  writes:
   Curtis  A WiFi AP will not connect to another AP and wireless
   Curtis  routers are typically AP by default.  So if two wireless
   Curtis  routers autoconfig to being AP and using open routing, then
 
  OUT OF THE BOX:  not every device plugged into a home network have
   no prior configuration.  For instance, someone bringing a newsed
   device to grandma's house.
 
  He who configures it needs to fix it.  Or press the factory default
  button (if there is one).  The example is two AP.  Most AP can be
  restored to factory default with a button press.
  
 What happens if you have two of them and they're BOTH configured to boot 
 as the master home access point?


Master home access point?  What is that?  We are not talking about
today's primitive NAT boxes that pretend to be routers.

They either have a default route to the Internet or they don't.  If
they have a defailt route and they are at equal distance to that
default route, then there are some arbitrary tie breakers.

Worst case for AP might be if they are hard configed to the same
channel and are very close to each other so they have about the same
S/N and hosts can't decide which one to associate with, plus the
interference with each other.

In any case a press of the factory settings button should fix it.

 ...
   Curtis  there is only a risk if something that is an WiFi client is
   Curtis  also a configured to be a router.
  
 Yes, but we want to assume that at least one of these will be configured 
 as a router as a default, which means we KNOW someone will turn on two 
 of them

We want to assume that *all* AP are configured as routers except the
legacy ones that want to be a dumb bridge with NAT to one port.

  On BSD and I suspect Linux as well, the default for:
 
 net.inet.ip.forwarding
 net.inet6.ip6.forwarding
 
  are both zero.
  
 Right, but that cannot be the default for a homenet box.

You are mixing the discussion of what we want in routers with what we
don't want enabled by default in every *legacy* PC, toaster and coffee
maker.  If the coffee maker is a competent IPv6 router with extensions
to let it autoconfig, then let it be a router.

I really don't want my dumb old kitchen appliances trying to NAT for
each other.  But that new IPv6 espresso maker that knows how to act as
a router - that would be OK.  :-)

You lost the context.  You snipped out the statement I was replying
to.  A little too much trimming on the response.  It happens.

 Joe

Curtis
___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] Thoughts about ipv6 routing (babel AHCP)

Re: [homenet] Thoughts about ipv6 routing (babel AHCP)

Re: [homenet] security question for zeroconf stuff inside the homenet...

Re: [homenet] is this what homenet are trying to achieve? (was Re: Thoughts about routing

Re: [homenet] security question for zeroconf stuff inside the homenet...

5 matches

Site Navigation

Mail list logo

Footer information