Georges Chung | 2 Jun 15:33 2008
Picon

RE: comment for draft-ietf-vrrp-unified-spec-00

I think Tomohiko has a point.

Sending a Router Advertisement with the interface's MAC as the source link-layer address would refresh the hosts' Neighbor Cache entry with the router's physical MAC address.  We want the hosts to use the virtual MAC address of the router instead.

Can the draft be updated with this?

Thanks,
Georges


----------------------------------------------------------------------------------------

Hello Tomohiko,

Thank you for your comment. I am copying to the vrrp list as well for
any comments WG may have.

Regards,
Steve

> -----Original Message-----
> From: kura at iij.ad.jp [mailto:kura at iij.ad.jp]
> Sent: Wednesday, January 23, 2008 12:54 AM
> To: Stephen Nadas
> Subject: comment for draft-ietf-vrrp-unified-spec-00
>
> Hello,
>
> This is Tomohiko Kurahashi from IIJ which is an ISP in Japan.
> I have a comment for draft-ietf-vrrp-unified-spec-00, with
> regard to the interaction with IPv6 Router Advertisements (RAs).
>
> According to the draft, Master router (only) sends RA packets
> for a virtual router, whose source address is the IPv6
> link-local address associated with the virtual router (e.g.
> link-local address of address owner), and source link-layer
> address option is the virtual router MAC address.
>
> In other hand, according to RFC 2461, both Master and Backup
> routers are also able to send RA packets for themselves,
> whose source address is their interface IPv6 link-local
> address, and source link-layer address option is their
> interface MAC address.
>
> Under such situation that both kinds of RAs mentioned above
> are being advertised, some hosts receiving former (first) may
> set their default route to the virtual router, and others
> receiving latter (first) may set to one of real routers. This
> must be an unwilling result for network managers/administrators.
>
> I think it should be mentioned explicitly in the draft that
> VRRP routers MUST stop advertising the latter kind of RAs
> automatically (or by configuration).
>
> FYI, the following is Cisco manual of HSRP for IPv6.
> http://www.cisco.com/en/US/products/ps6350/products_configurat
> ion_guide_chapter09186a008078f345.html#wp1066077
>
> I'm glad if you take my comment into consideration.
>
> Best regards,
> --
> Tomohiko Kurahashi <kura at iij.ad.jp>
> Internet Initiative Japan Inc.


_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www.ietf.org/mailman/listinfo/vrrp
Stephen Nadas | 2 Jun 17:40 2008
Picon

Re: comment for draft-ietf-vrrp-unified-spec-00

Hi Georges,
 
I am a bit confused here - draft is at -02 and went thru wg last call.  Is the current text in -02 satisfactory or not?
 
Thanks,
Steve

From: vrrp-bounces <at> ietf.org [mailto:vrrp-bounces <at> ietf.org] On Behalf Of Georges Chung
Sent: Monday, June 02, 2008 9:33 AM
To: vrrp <at> ietf.org
Subject: [VRRP] RE: comment for draft-ietf-vrrp-unified-spec-00

I think Tomohiko has a point.

Sending a Router Advertisement with the interface's MAC as the source link-layer address would refresh the hosts' Neighbor Cache entry with the router's physical MAC address.  We want the hosts to use the virtual MAC address of the router instead.

Can the draft be updated with this?

Thanks,
Georges


----------------------------------------------------------------------------------------
Hello Tomohiko,

Thank you for your comment. I am copying to the vrrp list as well for
any comments WG may have.

Regards,
Steve

> -----Original Message-----
> From: kura at iij.ad.jp [mailto:kura at iij.ad.jp]
> Sent: Wednesday, January 23, 2008 12:54 AM
> To: Stephen Nadas
> Subject: comment for draft-ietf-vrrp-unified-spec-00
>
> Hello,
>
> This is Tomohiko Kurahashi from IIJ which is an ISP in Japan.
> I have a comment for draft-ietf-vrrp-unified-spec-00, with
> regard to the interaction with IPv6 Router Advertisements (RAs).
>
> According to the draft, Master router (only) sends RA packets
> for a virtual router, whose source address is the IPv6
> link-local address associated with the virtual router (e.g.
> link-local address of address owner), and source link-layer
> address option is the virtual router MAC address.
>
> In other hand, according to RFC 2461, both Master and Backup
> routers are also able to send RA packets for themselves,
> whose source address is their interface IPv6 link-local
> address, and source link-layer address option is their
> interface MAC address.
>
> Under such situation that both kinds of RAs mentioned above
> are being advertised, some hosts receiving former (first) may
> set their default route to the virtual router, and others
> receiving latter (first) may set to one of real routers. This
> must be an unwilling result for network managers/administrators.
>
> I think it should be mentioned explicitly in the draft that
> VRRP routers MUST stop advertising the latter kind of RAs
> automatically (or by configuration).
>
> FYI, the following is Cisco manual of HSRP for IPv6.
> http://www.cisco.com/en/US/products/ps6350/products_configurat
> ion_guide_chapter09186a008078f345.html#wp1066077
>
> I'm glad if you take my comment into consideration.
>
> Best regards,
> --
> Tomohiko Kurahashi <kura at iij.ad.jp>
> Internet Initiative Japan Inc.


_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www.ietf.org/mailman/listinfo/vrrp
Stephen Nadas | 3 Jun 16:01 2008
Picon

Re: comment for draft-ietf-vrrp-unified-spec-00

Georges, Tomohiko,
 
I do not see in 2461 the words "master" or "backup" so it is not clear to me what exactly is meant by Tomohiko's when he says (from below):
 
> In other hand, according to RFC 2461, both Master and Backup
> routers are also able to send RA packets for themselves,
> whose source address is their interface IPv6 link-local
> address, and source link-layer address option is their
> interface MAC address.
 
master and backup routers are VRRP terms - so I think I do not agree with the above as I would expect VRRP routers to use VRRP Virtual MACs. 
 
Thanks,
Steve
 
From: Georges Chung [mailto:georgesa <at> gmail.com]
Sent: Monday, June 02, 2008 5:25 PM
To: Stephen Nadas
Subject: Re: [VRRP] RE: comment for draft-ietf-vrrp-unified-spec-00

Hi Steve,

I now realize that I may have missed the boat on this one.

My email's subject line reflected Tomohiko's original email subject line.  I'm afraid draft -02 still does not specify what to do in the situation described by Tomohiko.

Regards,
Georges


On Mon, Jun 2, 2008 at 11:40 AM, Stephen Nadas <stephen.nadas <at> ericsson.com> wrote:
Hi Georges,
 
I am a bit confused here - draft is at -02 and went thru wg last call.  Is the current text in -02 satisfactory or not?
 
Thanks,
Steve

From: vrrp-bounces <at> ietf.org [mailto:vrrp-bounces <at> ietf.org] On Behalf Of Georges Chung
Sent: Monday, June 02, 2008 9:33 AM
To: vrrp <at> ietf.org
Subject: [VRRP] RE: comment for draft-ietf-vrrp-unified-spec-00

I think Tomohiko has a point.

Sending a Router Advertisement with the interface's MAC as the source link-layer address would refresh the hosts' Neighbor Cache entry with the router's physical MAC address.  We want the hosts to use the virtual MAC address of the router instead.

Can the draft be updated with this?

Thanks,
Georges


----------------------------------------------------------------------------------------
Hello Tomohiko,

Thank you for your comment. I am copying to the vrrp list as well for
any comments WG may have.

Regards,
Steve

> -----Original Message-----
> From: kura at iij.ad.jp [mailto:kura at iij.ad.jp]
> Sent: Wednesday, January 23, 2008 12:54 AM
> To: Stephen Nadas
> Subject: comment for draft-ietf-vrrp-unified-spec-00
>
> Hello,
>
> This is Tomohiko Kurahashi from IIJ which is an ISP in Japan.
> I have a comment for draft-ietf-vrrp-unified-spec-00, with
> regard to the interaction with IPv6 Router Advertisements (RAs).
>
> According to the draft, Master router (only) sends RA packets
> for a virtual router, whose source address is the IPv6
> link-local address associated with the virtual router (e.g.
> link-local address of address owner), and source link-layer
> address option is the virtual router MAC address.
>
> In other hand, according to RFC 2461, both Master and Backup
> routers are also able to send RA packets for themselves,
> whose source address is their interface IPv6 link-local
> address, and source link-layer address option is their
> interface MAC address.
>
> Under such situation that both kinds of RAs mentioned above
> are being advertised, some hosts receiving former (first) may
> set their default route to the virtual router, and others
> receiving latter (first) may set to one of real routers. This
> must be an unwilling result for network managers/administrators.
>
> I think it should be mentioned explicitly in the draft that
> VRRP routers MUST stop advertising the latter kind of RAs
> automatically (or by configuration).
>
> FYI, the following is Cisco manual of HSRP for IPv6.
> http://www.cisco.com/en/US/products/ps6350/products_configurat
> ion_guide_chapter09186a008078f345.html#wp1066077
>
> I'm glad if you take my comment into consideration.
>
> Best regards,
> --
> Tomohiko Kurahashi <kura at iij.ad.jp>
> Internet Initiative Japan Inc.



_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www.ietf.org/mailman/listinfo/vrrp
G. C. | 3 Jun 19:24 2008
Picon

Re: comment for draft-ietf-vrrp-unified-spec-00

Hi Steve,

Here's my understanding of the problem...

RFC 4861 describes the concept of Advertising Interface (Section 6.2.2).  As such an an advertising interface that belongs to a router would send out RAs with the interface's link-local address (LLA) as the source, and the interface MAC address as the source link-layer option.

Consider the case where the interface owns addresses that would be advertised in a VRRP Advertisement.  This interface would then send out one RA as indicated in the previous paragraph and, based on draft 02, another one using the interface's LLA as the source address (since it's the address owner) and the virtual MAC address as the source link-layer option.

Now, from the point of view of the host that receives these RAs:  RFC 4861 Section 6.3.4 indicates that the host may update its Neighbor Cache with the link-layer address included in the RA.  Since the 2 RAs described above would indicate different link-layer addresses for the same IP address, the host's ND cache would be constantly be updated back and forth with these addresses.

Regards,
Georges


On Tue, Jun 3, 2008 at 10:01 AM, Stephen Nadas <stephen.nadas <at> ericsson.com> wrote:
Georges, Tomohiko,
 
I do not see in 2461 the words "master" or "backup" so it is not clear to me what exactly is meant by Tomohiko's when he says (from below):
 
> In other hand, according to RFC 2461, both Master and Backup
> routers are also able to send RA packets for themselves,
> whose source address is their interface IPv6 link-local
> address, and source link-layer address option is their
> interface MAC address.
 
master and backup routers are VRRP terms - so I think I do not agree with the above as I would expect VRRP routers to use VRRP Virtual MACs. 
 
Thanks,
Steve
 
From: Georges Chung [mailto:georgesa <at> gmail.com]
Sent: Monday, June 02, 2008 5:25 PM
To: Stephen Nadas
Subject: Re: [VRRP] RE: comment for draft-ietf-vrrp-unified-spec-00

Hi Steve,

I now realize that I may have missed the boat on this one.

My email's subject line reflected Tomohiko's original email subject line.  I'm afraid draft -02 still does not specify what to do in the situation described by Tomohiko.

Regards,
Georges


On Mon, Jun 2, 2008 at 11:40 AM, Stephen Nadas <stephen.nadas <at> ericsson.com> wrote:
Hi Georges,
 
I am a bit confused here - draft is at -02 and went thru wg last call.  Is the current text in -02 satisfactory or not?
 
Thanks,
Steve

From: vrrp-bounces <at> ietf.org [mailto:vrrp-bounces <at> ietf.org] On Behalf Of Georges Chung
Sent: Monday, June 02, 2008 9:33 AM
To: vrrp <at> ietf.org
Subject: [VRRP] RE: comment for draft-ietf-vrrp-unified-spec-00

I think Tomohiko has a point.

Sending a Router Advertisement with the interface's MAC as the source link-layer address would refresh the hosts' Neighbor Cache entry with the router's physical MAC address.  We want the hosts to use the virtual MAC address of the router instead.

Can the draft be updated with this?

Thanks,
Georges


----------------------------------------------------------------------------------------
Hello Tomohiko,

Thank you for your comment. I am copying to the vrrp list as well for
any comments WG may have.

Regards,
Steve

> -----Original Message-----
> From: kura at iij.ad.jp [mailto:kura at iij.ad.jp]
> Sent: Wednesday, January 23, 2008 12:54 AM
> To: Stephen Nadas
> Subject: comment for draft-ietf-vrrp-unified-spec-00
>
> Hello,
>
> This is Tomohiko Kurahashi from IIJ which is an ISP in Japan.
> I have a comment for draft-ietf-vrrp-unified-spec-00, with
> regard to the interaction with IPv6 Router Advertisements (RAs).
>
> According to the draft, Master router (only) sends RA packets
> for a virtual router, whose source address is the IPv6
> link-local address associated with the virtual router (e.g.
> link-local address of address owner), and source link-layer
> address option is the virtual router MAC address.
>
> In other hand, according to RFC 2461, both Master and Backup
> routers are also able to send RA packets for themselves,
> whose source address is their interface IPv6 link-local
> address, and source link-layer address option is their
> interface MAC address.
>
> Under such situation that both kinds of RAs mentioned above
> are being advertised, some hosts receiving former (first) may
> set their default route to the virtual router, and others
> receiving latter (first) may set to one of real routers. This
> must be an unwilling result for network managers/administrators.
>
> I think it should be mentioned explicitly in the draft that
> VRRP routers MUST stop advertising the latter kind of RAs
> automatically (or by configuration).
>
> FYI, the following is Cisco manual of HSRP for IPv6.
> http://www.cisco.com/en/US/products/ps6350/products_configurat
> ion_guide_chapter09186a008078f345.html#wp1066077
>
> I'm glad if you take my comment into consideration.
>
> Best regards,
> --
> Tomohiko Kurahashi <kura at iij.ad.jp>
> Internet Initiative Japan Inc.




_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www.ietf.org/mailman/listinfo/vrrp
G. C. | 4 Jun 03:08 2008
Picon

Re: comment for draft-ietf-vrrp-unified-spec-00

Steve,

After reading the text around AdvSendAdvertisements in RFC 4861, the impression I have is that turning this off may be confused by the reader to indicate that *all* Router Advertisements will be suppressed for that interface (including the RA proposed by draft 02).

Should we define a separate per-interface flag to indicate that Router Advertisements using the interface MAC address as the link-layer option would be suppressed or not?  Do we even need a configuration parameter for this, i.e. for a master owner router, is there ever a need for both RAs?

Cheers,
Georges


On Tue, Jun 3, 2008 at 1:36 PM, Stephen Nadas <stephen.nadas <at> ericsson.com> wrote:
Hi Georges,
 
this section says that advertising interface must send an RA if corresponding AdvSendAdvertisements flag is TRUE
 
i agree that if this happens on a vrrp interface there may be confusion on host as to which RA to use. (too bad host cannot be smart enough to use vrrp mac)
 
i think all that VRRP spec could possibly say is to note somewhere that this is possible and that when VRRP is in use, the corresponding AdvSendAdvertisements flag should be FALSE. 
 
i would like to hear other views from list, please  
 
Thanks,
Steve

From: G. C. [mailto:georgesa <at> gmail.com]
Sent: Tuesday, June 03, 2008 1:25 PM
To: Stephen Nadas
Cc: kura <at> iij.ad.jp; vrrp <at> ietf.org

Subject: Re: [VRRP] RE: comment for draft-ietf-vrrp-unified-spec-00

Hi Steve,

Here's my understanding of the problem...

RFC 4861 describes the concept of Advertising Interface (Section 6.2.2).  As such an an advertising interface that belongs to a router would send out RAs with the interface's link-local address (LLA) as the source, and the interface MAC address as the source link-layer option.

Consider the case where the interface owns addresses that would be advertised in a VRRP Advertisement.  This interface would then send out one RA as indicated in the previous paragraph and, based on draft 02, another one using the interface's LLA as the source address (since it's the address owner) and the virtual MAC address as the source link-layer option.

Now, from the point of view of the host that receives these RAs:  RFC 4861 Section 6.3.4 indicates that the host may update its Neighbor Cache with the link-layer address included in the RA.  Since the 2 RAs described above would indicate different link-layer addresses for the same IP address, the host's ND cache would be constantly be updated back and forth with these addresses.

Regards,
Georges


On Tue, Jun 3, 2008 at 10:01 AM, Stephen Nadas <stephen.nadas <at> ericsson.com> wrote:
Georges, Tomohiko,
 
I do not see in 2461 the words "master" or "backup" so it is not clear to me what exactly is meant by Tomohiko's when he says (from below):
 
> In other hand, according to RFC 2461, both Master and Backup
> routers are also able to send RA packets for themselves,
> whose source address is their interface IPv6 link-local
> address, and source link-layer address option is their
> interface MAC address.
 
master and backup routers are VRRP terms - so I think I do not agree with the above as I would expect VRRP routers to use VRRP Virtual MACs. 
 
Thanks,
Steve
 
From: Georges Chung [mailto:georgesa <at> gmail.com]
Sent: Monday, June 02, 2008 5:25 PM
To: Stephen Nadas
Subject: Re: [VRRP] RE: comment for draft-ietf-vrrp-unified-spec-00

Hi Steve,

I now realize that I may have missed the boat on this one.

My email's subject line reflected Tomohiko's original email subject line.  I'm afraid draft -02 still does not specify what to do in the situation described by Tomohiko.

Regards,
Georges


On Mon, Jun 2, 2008 at 11:40 AM, Stephen Nadas <stephen.nadas <at> ericsson.com> wrote:
Hi Georges,
 
I am a bit confused here - draft is at -02 and went thru wg last call.  Is the current text in -02 satisfactory or not?
 
Thanks,
Steve

From: vrrp-bounces <at> ietf.org [mailto:vrrp-bounces <at> ietf.org] On Behalf Of Georges Chung
Sent: Monday, June 02, 2008 9:33 AM
To: vrrp <at> ietf.org
Subject: [VRRP] RE: comment for draft-ietf-vrrp-unified-spec-00

I think Tomohiko has a point.

Sending a Router Advertisement with the interface's MAC as the source link-layer address would refresh the hosts' Neighbor Cache entry with the router's physical MAC address.  We want the hosts to use the virtual MAC address of the router instead.

Can the draft be updated with this?

Thanks,
Georges


----------------------------------------------------------------------------------------
Hello Tomohiko,

Thank you for your comment. I am copying to the vrrp list as well for
any comments WG may have.

Regards,
Steve

> -----Original Message-----
> From: kura at iij.ad.jp [mailto:kura at iij.ad.jp]
> Sent: Wednesday, January 23, 2008 12:54 AM
> To: Stephen Nadas
> Subject: comment for draft-ietf-vrrp-unified-spec-00
>
> Hello,
>
> This is Tomohiko Kurahashi from IIJ which is an ISP in Japan.
> I have a comment for draft-ietf-vrrp-unified-spec-00, with
> regard to the interaction with IPv6 Router Advertisements (RAs).
>
> According to the draft, Master router (only) sends RA packets
> for a virtual router, whose source address is the IPv6
> link-local address associated with the virtual router (e.g.
> link-local address of address owner), and source link-layer
> address option is the virtual router MAC address.
>
> In other hand, according to RFC 2461, both Master and Backup
> routers are also able to send RA packets for themselves,
> whose source address is their interface IPv6 link-local
> address, and source link-layer address option is their
> interface MAC address.
>
> Under such situation that both kinds of RAs mentioned above
> are being advertised, some hosts receiving former (first) may
> set their default route to the virtual router, and others
> receiving latter (first) may set to one of real routers. This
> must be an unwilling result for network managers/administrators.
>
> I think it should be mentioned explicitly in the draft that
> VRRP routers MUST stop advertising the latter kind of RAs
> automatically (or by configuration).
>
> FYI, the following is Cisco manual of HSRP for IPv6.
> http://www.cisco.com/en/US/products/ps6350/products_configurat
> ion_guide_chapter09186a008078f345.html#wp1066077
>
> I'm glad if you take my comment into consideration.
>
> Best regards,
> --
> Tomohiko Kurahashi <kura at iij.ad.jp>
> Internet Initiative Japan Inc.





_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www.ietf.org/mailman/listinfo/vrrp
G. C. | 27 Jun 14:51 2008
Picon

draft-ietf-vrrp-unified-mib-06: Usage of vrrpTrapProtoError

After reading the draft, I am under the impression that the trap vrrpTrapProtoError is expected to be raised every time an error condition happens.  Can someone please confirm whether this is indeed the intention of the draft?

This means that there will be lots of these being raised, one per offending packet that is received.  This will add unnecessary overhead to the CPU.

Can the reason hopLimitError be renamed to IpTllError to be consistent with vrrpStatisticsIpTtlErrors?

Thanks,
Georges Chung

_______________________________________________
vrrp mailing list
vrrp <at> ietf.org
https://www.ietf.org/mailman/listinfo/vrrp

Gmane