Re: [Apn] 回复:GoalsofneartermAPNwork
Joel Halpern <jmh@joelhalpern.com> Sat, 21 January 2023 22:24 UTC
Return-Path: <jmh@joelhalpern.com>
X-Original-To: apn@ietfa.amsl.com
Delivered-To: apn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9BEBC14F6EC for <apn@ietfa.amsl.com>; Sat, 21 Jan 2023 14:24:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17pbDYmjFf5h for <apn@ietfa.amsl.com>; Sat, 21 Jan 2023 14:24:35 -0800 (PST)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3241BC14EB19 for <apn@ietf.org>; Sat, 21 Jan 2023 14:24:34 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 4NzrWk5Xdcz1p7Fg; Sat, 21 Jan 2023 14:24:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1674339874; bh=FOb0nnn7n1uqDVL7qIXN75jULt/+w8yNhmm9mg4/elg=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=N0gKt0wkZ6q9b5msUdBKjNHf/mMtgebR0+5cj33Sx33JeqrEejCnF7SJWmDZO4gDe LrHG1qD+ULcm+jBYMnR7w2zv7GsE6RTZ6yRtpqYQjjntJJVhD/jTyWXCixbeev1DSt HJALa5vOELjJwlIVGqfOW627AeJLSBZUbKHnFLp0=
X-Quarantine-ID: <WlodyrmM3rpZ>
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from [192.168.21.74] (unknown [50.233.136.230]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 4NzrWk0fFSz1p5nS; Sat, 21 Jan 2023 14:24:32 -0800 (PST)
Content-Type: multipart/alternative; boundary="------------x5FUTabCePuziibMGYLIrNsN"
Message-ID: <53373d6a-69ac-becc-752a-e6a5aa7b2141@joelhalpern.com>
Date: Sat, 21 Jan 2023 17:24:31 -0500
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1
Content-Language: en-US
To: adrian@olddog.co.uk
Cc: 'apn' <apn@ietf.org>
References: <2b0663cb49fe788-0003c.Richmail.00003060187323787379@chinamobile.com> <AM7PR03MB64517363825DAEB3E343EF1DEECA9@AM7PR03MB6451.eurprd03.prod.outlook.com> <000501d92dc4$a9f620e0$fde262a0$@olddog.co.uk>
From: Joel Halpern <jmh@joelhalpern.com>
In-Reply-To: <000501d92dc4$a9f620e0$fde262a0$@olddog.co.uk>
Archived-At: <https://mailarchive.ietf.org/arch/msg/apn/JngOhp6Wao7_STHlxLPUYihdTho>
Subject: Re: [Apn] 回复:GoalsofneartermAPNwork
X-BeenThere: apn@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Application-aware Networking <apn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apn>, <mailto:apn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/apn/>
List-Post: <mailto:apn@ietf.org>
List-Help: <mailto:apn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apn>, <mailto:apn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Jan 2023 22:24:39 -0000
Adrian, I am trying to figure out what to make of your message. I think I must be misreading it. The message seems to say that there are a range of use cases being discussed, and a range of packet behavior adjustment that is desired. That does not seem to add up to a coherent BoF much less a clear working group charter. Having a BoF without clear focus ha been demonstrated repeatedly to be ineffective for the IETF. Yours, Joel On 1/21/2023 1:17 PM, Adrian Farrel wrote: > > I think you’ve caught a valid point here, Andrew. > > There seem to me to be a number of use cases that are similar, > relatively simple to express, and with abstract solutions that are > “add a few more bits to the packet header.” > > “More DSCP bits” is certainly one use case. If this was the only > example, and if we were certain that we needed mode DSCP bits and that > we couldn’t overload any existing fields, we’d be talking about how to > shim a few extra bits into the packet header. > > Another use case is “provide an abstract flow identifier”. This is > useful in the case that the 5-tuple is lost (for example, because of > tunnelling – including, but not limited to, IP-in-IP and IPsec > tunnels), but differentiated treatment of flows is desired. Here we > might need a few bits/bytes into which to “hash” the 5-tuple and > possibly some more packet information. The resulting hash can also be > programmed southbound into the routers to tell them what specific > actions to take. The result is not unlike the MPLS entropy label, and > one could argue that the IPv6 Flowlabel could be used except that that > field already has an established use. Again, if this use case is > believable, then we’d be looking for a way to shim a few extra bits > into the packet header. (Note that, as discussed in another thread, > care is needed because statistical analysis of packets might give some > indication of the meaning of the flows and the hash values.) > > A further use case is “identify where packets entered the network”. > The case here is about detecting hostile flows within the network and > installing ACLs or similar filters at the network edges without having > to install such rules at every edge. While the use of IP-in-IP across > the network can achieve this, an alternative would be to “hash” the > entry node + interface and shim that information into the packet. Yet > again, we’d be talking about only a couple of bytes. > > These previous cases are similar to the “problem” of performing decent > network management in the presence of encrypted flows. > > I think there are other similar use cases being discussed. > > The common thread here is that a few extra bits of bytes need to be > attached to the IP packet as it enters a network so that the network > can apply behavioral and management rules to the traffic. The > questions become: > > * Are the use cases valid (regardless of whether they can be solved > by existing techniques)? > * What information needs to be carried to address the requirements? > * Are there existing fields or techniques that address the requirements? > * If there are not existing fields or techniques, how can the > additional information be carried? > * Is it possible that further use cases might arise? > * If there are multiple problems need to be solved, would it be wise > to provide a generic (potentially extensible) mechanism? > * What are the security, privacy, manageability, > backward-compatibility issues that need to be addresses? > > The challenges, I fear, are multiple: > > * The original discussion of this space lacked some clarity, and > many people may need to flush their caches to get the latest picture. > * The collection of smallish use cases are sufficiently diverse that > each person will naturally not consider all use cases to be urgent. > * As engineers, we jump toward solutions and so we keep falling into > the “How will you encode this? How will you carry it in the > packet?” discussion. > * The proponents must not assert that privacy/security is not a > problem, but must open the door for a proper threat analysis by > the community. Conversely, those who have legitimate fears for > privacy/security must not shut down the discussion, but must offer > the threat analysis. > > I thought that the discussion in RTGWG had led to the conclusion that > it was important to establish the use cases and a “framework” that > discussed the concepts that needed to be provided (along with the > security and manageability discussions). That is, RTGWG recommended > doing the initial work, but leaving the > protocol/encoding/encapsulation work on one side until the early > pieces had been cleaned up. But the IESG response to the proposed > charter seemed (I am not an expert in this) to say that the IESG > wanted more details of the proposed solution before they could > understand whether a working group was appropriate. > > It would help, I think, if the proponents could get a clue which way > to jump. Put some solution details on the table so that they can > demonstrate how this would be done, or focus only on the use cases, > requirements, and framework? Maybe, of course, the answer is “complete > all of the Internet-Drafts and then be accused of asking for a rubber > stamp” :-) > > Cheers, > > Adrian > > *From:*Apn <apn-bounces@ietf.org> *On Behalf Of *Andrew Alston - IETF > *Sent:* 21 January 2023 10:48 > *To:* yangfeng <yangfeng@chinamobile.com>; jmh <jmh@joelhalpern.com>; > apn <apn@ietf.org> > *Subject:* Re: [Apn] 回复:GoalsofneartermAPNwork > > Feng, again – asking with no hats on, > > How exactly does this differ from DSCP – (or extended dscp with more > bits.) > > When I read what you wrote below – to me – this reads exactly like > more in depth dscp, and maybe I’m reading this wrong so I’m open to > hearing otherwise. > > But (putting hat back on) – I see this as much of the problem with > getting broad based support and adequately defining a charter. There > seems to be a lot of confusion about what exactly is being attempted > here. A simplistic reading of what is below, points to something like > more dscp bits, yet, at the same time, we here talk of the need for > something else for reasons that don’t seem to be clearly defined. To > built a broad based community support for this work, I think there > needs to be more clarity around what is actually being attempted – > because that forms the basis of creating a framework, which in turn > leads to solutions. > > There were very large fears raised about the privacy and security > aspects at the original BOF, and assurances were given at RTGWG that > things like the ability to identify an application direct etc wouldn’t > be there. That got us some movement, but its lead to another > question, if you remove that, is what you are left with nothing more > than more DSCP bits (or something along those lines), and its lead to > a question of, remove the application identification parts (which > create significant security and privacy issues which the last BOF and > what I believe was indicated in RTGWG clearly show are not tenable) – > what’s left? > > If indeed we are saying – this is purely an expanded form of DSCP or > something similar – then – that needs to be crystal clear and spelled > out as such, but there seems to be different messages about this. > > Andrew > > *From:*Apn <apn-bounces@ietf.org> *On Behalf Of *yangfeng > *Sent:* Saturday, January 21, 2023 5:36 AM > *To:* jmh <jmh@joelhalpern.com>; apn <apn@ietf.org> > *Subject:* [Apn] 回复:GoalsofneartermAPNwork > > Hi Joel, > > Chasing good QoE is quite nature. As described in my previous email, > we are currently distinguishing services by source IP address at our > network edge devices. However, the source addresses are discrete, we > hope there is a way to transform the address from discrete space into > a linear space , which will make it be easier for classification, so > that the services and policies along the tunnel can be combined in a > simple way. Eventually that can improve our efficiency and reduce > costs. The tagged information is not associated with any user or > application. It is a group of users that have the same requirements on > the network, and they will have the matched treatments on the various > nodes along the tunnel. > > Br > > Feng > > -------原始邮件------- > > *发件人:*Joel Halpern <jmh@joelhalpern.com> > > *发送时间:*2023-01-21 03:25:56 > > *收件人:*apn <apn@ietf.org> > > *主**题:*[Apn] Goals of near term APN work > > > I have re-read the email discussions and the most recent draft of the > > charter. > > I am quite confused by the charter. Aw far as I can tell, it assumes > > that we need a new IP header field, that the field will carry a range of > > information that will help a range of network behaviors, and that we do > > not have the ability to address these needs currently. It then says > > that the WG will develop a framework for such a field. > > Is developing and defining a new (variable length?) header field to > > address some ill-defined broad range of needs really the goal? > > Yours, > > Joel > > -- > > Apn mailing list > > Apn@ietf.org > > https://www.ietf.org/mailman/listinfo/apn > > Internal All Employees > >
- [Apn] 回复:GoalsofneartermAPNwork yangfeng
- Re: [Apn] 回复:GoalsofneartermAPNwork Andrew Alston - IETF
- Re: [Apn] 回复:GoalsofneartermAPNwork Adrian Farrel
- Re: [Apn] 回复:GoalsofneartermAPNwork Joel Halpern
- Re: [Apn] 回复:GoalsofneartermAPNwork Adrian Farrel