Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

[802SEC] P802c PAR [was Re: [802SEC] FW: [STDS-802-11] Fwd: [802SEC] IEEE 802 Nov 14 Plenary - "PARs under Consideration" Posted]



I share many of Dan's concerns about partitioning the local space.

I take Bob's point that RAC policy does not oppose the use of the CID in addresses. In fact, I read RAC's EUI tutorial as specifically suggesting such use:

*"A CID has the X bit equal to one and consequently that places any address with the CID as its first three octets in the local address space (U/L = 1)."
*"a CID can be extended to create a locally administered MAC address"
*"If a CID is used to create MAC addresses, the X bit becomes the U/L bit. Any such addresses are by definition locally administered and consequentially may not be globally unique."

So I think that it's difficult to justify opposition to the P802c PAR based on RAC policy for the CID. But the fundamental concerns remain. I'd like to get a better understanding of what the RAC was thinking. I can't understand the explanation in the EUI tutorial
["CID though can be a useful tool in management of the local address space to help a network administrator keep local addresses unique to a network (rather than being globally unique."]. I also don't see an explanation in the draft 802c CSD.

I'd like to understand the perceived role of the "Company" owning the CID used in a MAC address. Is it:

(a) The device manufacturer? This seems to be like saying that every locally-assigned DHCP address in my house should have some bits that are assigned based on the manufacturer. What use is that? [OK, diagnosis may be a little more convenient if an OUI happens to correspond to the name brand on the device, but that's a trivial advantage, and it's a disadvantage for privacy.]
(b) The local network administrator?
This seems to be like saying that every locally-assigned DHCP address in my house should have some bits that are unique to my house. What use is that? Local is local; what good is making it partially global?
(c) An operator? For example, a gas meter has a gas company CID and an electrical meter has a power company CID on the same LAN. Seems like a problem better solved by VLAN,.
(d) Something else?
 

If I were a network administrator, I might see value in partitioning the local space following the IP model; in other words, on the basis on topology, so I could make forwarding decisions on the basis of a subset of the address and not need to store every MAC address in a switching table. But, if I were going to implement such a system, I'd want to locally administer 46 bits, not 24.

I think that the PAR and CSD need to provide a clear indication of the expected usage model, articulating its advantages and disadvantages.

I agree with Adrian that a forum at the Plenary would be very helpful.

Roger Marks

EthAirNet Associates


ROBERT GROW wrote:
I'd like to clarify/correct a couple points in Dan's email.  (Personal comments, not comments from the RAC.)

1.  Talking about what the CID has been historically is a bit misleading.  The CID has very little history, only having been introduced this year.  The RAC has never stated what it would not be used for, contrary to a possible inference from the assertion that the CID was ONLY for non-address applications.  I'm not aware of any RAC statement or document that says a CID shouldn't be used for local address assignment.

2.  The possibility of using a three-octet value with the U/L bit set as the base for local address assignment has a very long history independent of any RAC policy supporting the practice (nor RAC policy to prevent such practice).  (Some have assumed and standards have even specified local addresses based on setting the U/L bit of an assigned OUI.)

3.  The possibility for recommended practices or standards specifying use of a CID in assigning a local address was a RAC consideration in recommending to the BOG that a CID product be introduced.  So, the idea underlying p802c is consistent with RAC considerations in development and introduction of CIDs.

4.  I would expect RAC members (me for one) and perhaps even RAC mandatory coordination  comments would object to anything in p802c that declares legacy uses "illegal".  I find nothing in the p802c PAR that indicates the specifications would do this.  On the contrary, all presentations I have seen for "automated" assignment of local addresses (rather than assignment by a local address administrator), except for pure randomization, recognize and deal with duplicate local address assignment  These proposals recognize legacy use of the local space, and minimize the impacts of duplicate addresses on network operation. 

Bob Grow
bob.grow@ieee.org
M: 858 705 1829


On Oct 6, 2014, at 11:09 PM, "Stephens, Adrian P" <Adrian.P.Stephens@INTEL.COM> wrote:

Dear EC,

Feedback from Dan Harkins.  His argument makes sense to me.
I'd like to see a forum at the Plenary where this discussion can take place.

Best Regards,
 
Adrian P STEPHENS
 
Tel: +44 (1793) 404825 (office)
Tel: +44 (7920) 084 900 (mobile,  UK)
Tel: +1 (408) 2397485 (mobile, USA)
 
----------------------------------------------
Intel Corporation (UK) Limited
Registered No. 1134945 (England)
Registered Office: Pipers Way, Swindon SN3 1RJ
VAT No: 860 2173 47

-----Original Message-----
From: *** IEEE stds-802-11 List *** [mailto:STDS-802-11@ieee.org] On Behalf Of Dan Harkins
Sent: 06 October 2014 18:27
To: STDS-802-11@LISTSERV.IEEE.ORG
Subject: Re: [STDS-802-11] Fwd: [802SEC] IEEE 802 Nov 14 Plenary - "PARs under Consideration" Posted

--- This message came from the IEEE 802.11 Working Group Reflector ---

 Hi Jon,

 Thank you for the opportunity to comment on one of these PARs.

 I have serious problems with the 802c PAR. This proposes forming a group to partition and allocate portions of the local address space (those ethernet addresses with the "local" bit set to 1). Currently the local address space has 2^46 entries in it (48 bits with local bit = 1 and broadcast/multicast = 0).
There are a number of issues with this plan.

 First of all, the IEEE RAC has been assigning OUIs for years.
Historically, with an OUI an assignee also got 2^24 unique addresses assigned (an MA-L). Now the IEEE RAC is requiring first-time applicants to apply for a MA-M or MA-S first, providing 2^20 or 2^12 addresses, respectively. In any event, purchasing of an OUI gets an assignment of globally-unique addresses. Also, the IEEE RAC will sell a "company ID", or CID.
CIDs are intended for "non-address applications" such as protocol identifiers or context-dependent identifiers and assignees get a total of zero addresses, which makes sense (non-address application gets no addresses). These CIDs look just like OUIs, they are 24 bits, except if you were to construct an address out of a CID it would be in the local address space because the difference between an OUI and CID is a bit which maps to the "local" bit. This has not been a problem historically because CIDs are for "non-address applications" and you should not be forming addresses out of CIDs so there could be no conflict.

 This PAR wants to allocate a portion of the local address space using IEEE RAC assigned CIDs. It actually wants to form addresses out of things that have been assigned for non-address applications. That does not seem to be consistent with the past or current practice of the IEEE RAC. And it creates new problems that IEEE RAC assignment of CIDs did not used to have, namely devices that use the local address space today may now become "illegal" as they will infringe on addresses this 802c group may allocate if the PAR is approved.

 Another problems is that applications that want to randomize MAC addresses, for example following the recommendations from 11-14/0367r2, the probability of a collision of randomly-chosen MAC addresses must be kept as remote as possible. Partitioning the local address space will vastly increase the probability of collision and when there's a collision of MAC addresses on a network there are networking problems. Randomly-chosen MAC addresses do not need to be globally unique, they just need to be unique on the locally-switched network. As soon as a router is reached the addresses don't matter-- i.e. a device on the other side of the router could choose the same MAC address as my device does and that's not a problem.

 Using the birthday paradox we can tell the probability of a collision p(N:C) with C being the number of MAC addresses available to choose from and N being the number of STAs on a locally-switched network. How many STAs can we expect? Well for a small IEEE/verilan kind of network it's going to be less than 5000. The record for the largest 802.11 deployment is 30,000+ simultaneous STAs seen (Levi's Stadium in Santa Clara, CA at a 49ers game).

If the entire local address space is available we get:

 p(500, 2^46) = 0.0000000018
 p(1000, 2^46) = 0.0000000071
 p(5000, 2^46) = 0.0000001776
 p(10000, 2^46) = 0.0000007105
 p(30000, 2^46) = 0.00000639 (about 1:156,000)
 p(64000, 2^46) = 0.0000291 (about 1:34000)

Keep in mind that modern switches don't really function too well when the forwarding table gets too big (which is why vendors recommend it not get bigger than 32k even though the theoretical max is 64k). If the 802c PAR requires randomly choosing based on a CID we end up with:

 p(500, 2^24) = 0.0074
 p(1000, 2^24) = 0.029
 p(5000, 2^24) = 0.525

and that's already worse than a coin flip, for just 5000 STAs.

 Actually, the probability of collision for an average home network with the 802c partitioning, p(15, 2^24), is about the same as it is for the largest 802.11 network ever without the 802c partitioning, p(30000, 2^46).


 So this PAR will guarantee that collisions will happen constantly on even the smallest 802.11 network. This PAR will guarantee chaos on a network of any reasonable size.

 To sum, this PAR will create problems with the way the IEEE RAC has historically allocated CIDs (they are for non-address purposes and you get no addresses) and it will guarantee chaos on switched networks. Well what problem does this PAR solve if it's producing all these problems you ask? It doesn't look like it solves a problem.

 It says that "[i]ncreasing use of virtual machines and Internet of Things (IoT) devices could exhaust the global address space if global addresses are assigned. This project will enable protocols that automatically configure addresses from a portion of the local address space. Such protocols will allow virtual machines and IoT devices to obtain a local address without local administration."

 But these devices can already automatically configure addresses from the local address space by just choosing randomly and the probability of collision is very remote. This PAR is actually describing a non-problem-- IoT devices cannot obtain local addresses without local administration-- and then proposing to create huge problems because of it-- partitioning of the local address space.


 I am strongly opposed to this PAR. IEEE 802 should not be approving groups that will cause huge problems on networks, especially when they do not appear to provide any tangible benefit.

 Thank you for giving me this opportunity to express my opinion on the 802c PAR. Regards,

 Dan.

---------- This email is sent from the 802 Executive Committee email reflector. This list is maintained by Listserv.