[Nfd-dev] problem with prefix propagation

Junxiao Shi shijunxiao at email.arizona.edu
Wed Jan 13 07:43:48 PST 2021 

Hi Nikos

I was wondering why "Let the World Reach Your NFD"
https://yoursunny.com/t/2016/nfd-prefix/ is getting a lot of views from
Greece in the past few days. Now I know.
Since I wrote that article, the testbed gained a few new bugs. As a
consequence of these bugs, your end host must run a producer to publish its
own certificate.
See https://talks.ndn.today PersonalCA_20200529.pptx page 32-37 and page 19
for explanation.

As you can see from the logs, the testbed router (face 261) is sending
Interests to the end host to retrieve the certificate, but the end host is
not answering those Interests. Consequently, the router is unable to
validate the prefix registration command, and therefore the prefix
propagation fails.
You can use ndn6-serve-certs service from
https://github.com/yoursunny/ndn6-tools repository to publish your
certificates on the end host. You should be publishing the whole
certificate chain including intermediate and root CA certificates, because
the validator may need to retrieve them from your end host if it's not
already in their cache.

An easier workaround is to send an Interest to each certificate to the
testbed router, before sending the prefix registration command. This would
cause the router to retrieve the certificate from elsewhere and insert it
in their Content Store.
However, this method is less reliable because it requires the CA that
issued your certificate to be online, which may not be the case at all
times.

See also: NFD nightly packages https://nfd-nightly.ndn.today/ , for when
you want the latest software but don't want to compile yourself.

Yours, Junxiao

On Wed, Jan 13, 2021 at 3:16 AM Nikos Fotiou via Nfd-dev <
nfd-dev at lists.cs.ucla.edu> wrote:

> Hi all and happy new year.
>
> I am having trouble implementing prefix propagation. I have a machine (M)
> which can connect to the testbed node mmlab-aueb-1.mmlab.edu.gr.
> Furthermore, using https://ndncert.named-data.net I have received and
> installed in (M) a certificate for the name /ndn/gr/aueb/fotiou. In (M), I
> am running NFD 0.7.1-3-g9ab43e67, installed from source, using the sample
> configuration.
>
> So in (M) ndnsec list -c outputs:
>
> * /ndn/gr/aueb/fotiou
>   +->* /ndn/gr/aueb/fotiou/KEY/%EDA%B0%0E%FF%19%C9%AD
>        +->*
> /ndn/gr/aueb/fotiou/KEY/%EDA%B0%0E%FF%19%C9%AD/NA/%FD%00%00%01v%FA%9E%3F%9F
>        +->
> /ndn/gr/aueb/fotiou/KEY/%EDA%B0%0E%FF%19%C9%AD/self/%FD%00%00%01v%FA%9C6%DD
>
> Then, in (M) I run the following commands:
>
> > nfdc face create udp://mmlab-aueb-1.mmlab.edu.gr
> > nfdc route add /localhop/nfd udp://mmlab-aueb-1.mmlab.edu.gr
>
> Finally in (M), I execute
>
> > ndnpingserver /ndn/gr/aueb/fotiou/test
>
> NFD in (M) outputs the following:
>
> 1610523599.169459 DEBUG: [nfd.Readvertise] add-route
> /ndn/gr/aueb/fotiou/test/ping(265,app) readvertising-as /ndn/gr/aueb/fotiou
> signer id:/ndn/gr/aueb/fotiou
> 1610523599.169540 DEBUG: [nfd.NfdRibReadvertiseDestination] advertise
> /ndn/gr/aueb/fotiou on /localhop/nfd
> 1610523599.169936 DEBUG: [nfd.RibManager] RIB update succeeded for
> RibUpdate {
>   Name: /ndn/gr/aueb/fotiou/test/ping
>   Action: REGISTER
>   Route(faceid: 265, origin: app, cost: 0, flags: 0x1, never expires)
> }
> ...
> 1610523607.174591 DEBUG: [nfd.Forwarder] onIncomingInterest in=(261,0)
> interest=/ndn/gr/aueb/fotiou/KEY/%EDA%B0%0E%FF%19%C9%AD
> 1610523607.174734 DEBUG: [nfd.ContentStore] find
> /ndn/gr/aueb/fotiou/KEY/%EDA%B0%0E%FF%19%C9%AD no-match
> 1610523607.174767 DEBUG: [nfd.Forwarder] onContentStoreMiss
> interest=/ndn/gr/aueb/fotiou/KEY/%EDA%B0%0E%FF%19%C9%AD
> 1610523607.174808 DEBUG: [nfd.BestRouteStrategy2]
> /ndn/gr/aueb/fotiou/KEY/%EDA%B0%0E%FF%19%C9%AD?CanBePrefix&Nonce=8ce296cc
> from=(261,0) noNextHop
> 1610523607.174855 DEBUG: [nfd.Forwarder] onOutgoingNack out=261
> nack=/ndn/gr/aueb/fotiou/KEY/%EDA%B0%0E%FF%19%C9%AD~NoRoute OK
> 1610523607.175210 DEBUG: [nfd.Forwarder] onInterestFinalize
> interest=/ndn/gr/aueb/fotiou/KEY/%EDA%B0%0E%FF%19%C9%AD unsatisfied
> 1610523609.170316 DEBUG: [nfd.Readvertise] advertise /ndn/gr/aueb/fotiou
> failure request timed out
>
> What am I missing?
>
> Best,
> Nikos
> --
> Nikos Fotiou - http://pages.cs.aueb.gr/~fotiou
> Researcher - Mobile Multimedia Laboratory
> Athens University of Economics and Business
> https://mm.aueb.gr
>
> _______________________________________________
> Nfd-dev mailing list
> Nfd-dev at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20210113/5d21e643/attachment.html>

More information about the Nfd-dev mailing list