Re: [Apn] 回复:GoalsofneartermAPNwork
Adrian Farrel <adrian@olddog.co.uk> Sat, 21 January 2023 18:17 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: apn@ietfa.amsl.com
Delivered-To: apn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54C2CC14CF13; Sat, 21 Jan 2023 10:17:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.091
X-Spam-Level:
X-Spam-Status: No, score=-2.091 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=olddog.co.uk
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EHxCtySDu6AH; Sat, 21 Jan 2023 10:17:52 -0800 (PST)
Received: from mta6.iomartmail.com (mta6.iomartmail.com [62.128.193.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E0CEC14CEED; Sat, 21 Jan 2023 10:17:50 -0800 (PST)
Received: from vs3.iomartmail.com (vs3.iomartmail.com [10.12.10.124]) by mta6.iomartmail.com (8.14.7/8.14.7) with ESMTP id 30LIHlSx022063; Sat, 21 Jan 2023 18:17:47 GMT
Received: from vs3.iomartmail.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8E7614604B; Sat, 21 Jan 2023 18:17:47 +0000 (GMT)
Received: from vs3.iomartmail.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6E97D4604A; Sat, 21 Jan 2023 18:17:47 +0000 (GMT)
Received: from asmtp2.iomartmail.com (unknown [10.12.10.249]) by vs3.iomartmail.com (Postfix) with ESMTPS; Sat, 21 Jan 2023 18:17:47 +0000 (GMT)
Received: from LAPTOPK7AS653V ([148.252.132.196]) (authenticated bits=0) by asmtp2.iomartmail.com (8.14.7/8.14.7) with ESMTP id 30LIHjkO000378 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 21 Jan 2023 18:17:46 GMT
Reply-To: adrian@olddog.co.uk
From: Adrian Farrel <adrian@olddog.co.uk>
To: 'Andrew Alston - IETF' <andrew-ietf=40liquid.tech@dmarc.ietf.org>
Cc: 'apn' <apn@ietf.org>
References: <2b0663cb49fe788-0003c.Richmail.00003060187323787379@chinamobile.com> <AM7PR03MB64517363825DAEB3E343EF1DEECA9@AM7PR03MB6451.eurprd03.prod.outlook.com>
In-Reply-To: <AM7PR03MB64517363825DAEB3E343EF1DEECA9@AM7PR03MB6451.eurprd03.prod.outlook.com>
Date: Sat, 21 Jan 2023 18:17:45 -0000
Organization: Old Dog Consulting
Message-ID: <000501d92dc4$a9f620e0$fde262a0$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0006_01D92DC4.A9F86AD0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQGWCf86hW0j7UfVGU9GjAtzMgdChAIvIK2nrx30DqA=
Content-Language: en-gb
X-Originating-IP: 148.252.132.196
X-Thinkmail-Auth: adrian@olddog.co.uk
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=olddog.co.uk; h=reply-to :from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-type; s=20221128; bh=0dyl+ZCRrzdFYgx19XgEF V+L2vyZO5Ytg18SA66kMAk=; b=GMNoLimhft7chlKriddR9fEK0NsvoPSKRRCvk 56qGIS+86jqsacZ0RqZ0kqwBWQ5Fznp26tAR6QL+cK2IMyy8n58QzTJ3e6oYXky8 6TjO4V7yMAlBv6Bs8Ze52om9mi2MknYeekspQgNdKTnOzc8txxxTkER6RvEtEWFL GVLqq4ULpv39vAFSTHCcVJTCA1Igd8YO4DZVwGBvVlOzcWkTy6oynqeSmuWz4Hjz RfNg6enz6EvXkoLMS12RFS0tCxd/mzWvXyLiiFGhYXyNJh8aHHW8U/2Z+5MDpyp2 DV3NYGihx2sPBPV0JulypxR0a65a6hagWMYlAatd734mv57qw==
X-TM-AS-GCONF: 00
X-TM-AS-Product-Ver: IMSVA-9.1.0.2090-9.0.0.1002-27400.002
X-TM-AS-Result: No--25.894-10.0-31-10
X-imss-scan-details: No--25.894-10.0-31-10
X-TMASE-Version: IMSVA-9.1.0.2090-9.0.1002-27400.002
X-TMASE-Result: 10--25.893600-10.000000
X-TMASE-MatchedRID: yebcs53SkkDxIbpQ8BhdbN+pUF0HsjxRovzuwAG3GnShSG4odLP+NnVX Q3/qdw5ykkeJvDajrT8BBF1yo9FFrxSHrTqtvqVQfUkgDiuGxn/5UnqVnIHSz7DGRtqVMwHzjdx 5FdhImgObGkJG5YZr9kv4BTL5wm+e7lF2b+LegzHjKGx9YdNc4jVEnbrqmBw7lLnHozqMpu+ugP X8NoeWWjNq24e5fHmEazcLohpnWYOZNTPSr+kRKWMugLQMu2GXE84OITRIYTPZVBbzd3EwMoUE/ /lwpCnJqjeS6xomORzVGk64c676ZmwYJ6a6zhumIUU0X2LylxgBmf/gD11vZJTFYAEf108B85TH IufyBe3eD4gJtRXuAfvx2fEgDtnXYnvMsW1nFlkob1Y5EXLioRxCcOlDoVfTbPfGfHxv+pG6gZv Pj/4fTfACsOOlbC5DOSvPmxeanlQpad+4XnT6Wtkmt92Rl1nWW9DGjPU7rM+ynk7TnYzMuguvxV BYgUGLAgbxNXiHGCqLuuqpdmKFy1yhbIB6mAHMbMGKOuLn5FXB0/7xhd4ByTGQt2RbsLmqSz6QH u7WC0svlpQrzljwQi1c42WZ9VRC7K35r0y1/578gbYz/NOkedhQO8CvZj/Xd3XtjqAaoMKOWppa jl8FmnsDbTFoPmjmNG1WHykGDUFaSb0pBpxm6Maw71DJbaIEg8vk+C7vzx62duf1KYOL/B3P2o+ GBG3xUpZjWVDoRE7hIO0zf0j0ZjwiMjvl5y9v70a2q2D7J4Cgg5fb1w0y13//qPE9y48/rDb+n3 N8uV2xM04bHigtQdRTtLZ4G9KNexJm75dx4PqeAiCmPx4NwGmRqNBHmBveGtkvK5L7RXGw7M6dy uYKgwKmARN5PTKc
X-TMASE-SNAP-Result: 1.821001.0001-0-1-22:0,33:0,34:0-0
Archived-At: <https://mailarchive.ietf.org/arch/msg/apn/yYfA6dIh533_QQztSz3vFBah8ek>
Subject: Re: [Apn] 回复:GoalsofneartermAPNwork
X-BeenThere: apn@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Application-aware Networking <apn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apn>, <mailto:apn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/apn/>
List-Post: <mailto:apn@ietf.org>
List-Help: <mailto:apn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apn>, <mailto:apn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Jan 2023 18:17:57 -0000
I think you’ve caught a valid point here, Andrew. There seem to me to be a number of use cases that are similar, relatively simple to express, and with abstract solutions that are “add a few more bits to the packet header.” “More DSCP bits” is certainly one use case. If this was the only example, and if we were certain that we needed mode DSCP bits and that we couldn’t overload any existing fields, we’d be talking about how to shim a few extra bits into the packet header. Another use case is “provide an abstract flow identifier”. This is useful in the case that the 5-tuple is lost (for example, because of tunnelling – including, but not limited to, IP-in-IP and IPsec tunnels), but differentiated treatment of flows is desired. Here we might need a few bits/bytes into which to “hash” the 5-tuple and possibly some more packet information. The resulting hash can also be programmed southbound into the routers to tell them what specific actions to take. The result is not unlike the MPLS entropy label, and one could argue that the IPv6 Flowlabel could be used except that that field already has an established use. Again, if this use case is believable, then we’d be looking for a way to shim a few extra bits into the packet header. (Note that, as discussed in another thread, care is needed because statistical analysis of packets might give some indication of the meaning of the flows and the hash values.) A further use case is “identify where packets entered the network”. The case here is about detecting hostile flows within the network and installing ACLs or similar filters at the network edges without having to install such rules at every edge. While the use of IP-in-IP across the network can achieve this, an alternative would be to “hash” the entry node + interface and shim that information into the packet. Yet again, we’d be talking about only a couple of bytes. These previous cases are similar to the “problem” of performing decent network management in the presence of encrypted flows. I think there are other similar use cases being discussed. The common thread here is that a few extra bits of bytes need to be attached to the IP packet as it enters a network so that the network can apply behavioral and management rules to the traffic. The questions become: * Are the use cases valid (regardless of whether they can be solved by existing techniques)? * What information needs to be carried to address the requirements? * Are there existing fields or techniques that address the requirements? * If there are not existing fields or techniques, how can the additional information be carried? * Is it possible that further use cases might arise? * If there are multiple problems need to be solved, would it be wise to provide a generic (potentially extensible) mechanism? * What are the security, privacy, manageability, backward-compatibility issues that need to be addresses? The challenges, I fear, are multiple: * The original discussion of this space lacked some clarity, and many people may need to flush their caches to get the latest picture. * The collection of smallish use cases are sufficiently diverse that each person will naturally not consider all use cases to be urgent. * As engineers, we jump toward solutions and so we keep falling into the “How will you encode this? How will you carry it in the packet?” discussion. * The proponents must not assert that privacy/security is not a problem, but must open the door for a proper threat analysis by the community. Conversely, those who have legitimate fears for privacy/security must not shut down the discussion, but must offer the threat analysis. I thought that the discussion in RTGWG had led to the conclusion that it was important to establish the use cases and a “framework” that discussed the concepts that needed to be provided (along with the security and manageability discussions). That is, RTGWG recommended doing the initial work, but leaving the protocol/encoding/encapsulation work on one side until the early pieces had been cleaned up. But the IESG response to the proposed charter seemed (I am not an expert in this) to say that the IESG wanted more details of the proposed solution before they could understand whether a working group was appropriate. It would help, I think, if the proponents could get a clue which way to jump. Put some solution details on the table so that they can demonstrate how this would be done, or focus only on the use cases, requirements, and framework? Maybe, of course, the answer is “complete all of the Internet-Drafts and then be accused of asking for a rubber stamp” :-) Cheers, Adrian From: Apn <apn-bounces@ietf.org> On Behalf Of Andrew Alston - IETF Sent: 21 January 2023 10:48 To: yangfeng <yangfeng@chinamobile.com>; jmh <jmh@joelhalpern.com>; apn <apn@ietf.org> Subject: Re: [Apn] 回复:GoalsofneartermAPNwork Feng, again – asking with no hats on, How exactly does this differ from DSCP – (or extended dscp with more bits.) When I read what you wrote below – to me – this reads exactly like more in depth dscp, and maybe I’m reading this wrong so I’m open to hearing otherwise. But (putting hat back on) – I see this as much of the problem with getting broad based support and adequately defining a charter. There seems to be a lot of confusion about what exactly is being attempted here. A simplistic reading of what is below, points to something like more dscp bits, yet, at the same time, we here talk of the need for something else for reasons that don’t seem to be clearly defined. To built a broad based community support for this work, I think there needs to be more clarity around what is actually being attempted – because that forms the basis of creating a framework, which in turn leads to solutions. There were very large fears raised about the privacy and security aspects at the original BOF, and assurances were given at RTGWG that things like the ability to identify an application direct etc wouldn’t be there. That got us some movement, but its lead to another question, if you remove that, is what you are left with nothing more than more DSCP bits (or something along those lines), and its lead to a question of, remove the application identification parts (which create significant security and privacy issues which the last BOF and what I believe was indicated in RTGWG clearly show are not tenable) – what’s left? If indeed we are saying – this is purely an expanded form of DSCP or something similar – then – that needs to be crystal clear and spelled out as such, but there seems to be different messages about this. Andrew From: Apn <apn-bounces@ietf.org> On Behalf Of yangfeng Sent: Saturday, January 21, 2023 5:36 AM To: jmh <jmh@joelhalpern.com>; apn <apn@ietf.org> Subject: [Apn] 回复:GoalsofneartermAPNwork Hi Joel, Chasing good QoE is quite nature. As described in my previous email, we are currently distinguishing services by source IP address at our network edge devices. However, the source addresses are discrete, we hope there is a way to transform the address from discrete space into a linear space , which will make it be easier for classification, so that the services and policies along the tunnel can be combined in a simple way. Eventually that can improve our efficiency and reduce costs. The tagged information is not associated with any user or application. It is a group of users that have the same requirements on the network, and they will have the matched treatments on the various nodes along the tunnel. Br Feng -------原始邮件------- 发件人:Joel Halpern <jmh@joelhalpern.com <mailto:jmh@joelhalpern.com> > 发送时间:2023-01-21 03:25:56 收件人:apn <apn@ietf.org <mailto:apn@ietf.org> > 主题:[Apn] Goals of near term APN work I have re-read the email discussions and the most recent draft of the charter. I am quite confused by the charter. Aw far as I can tell, it assumes that we need a new IP header field, that the field will carry a range of information that will help a range of network behaviors, and that we do not have the ability to address these needs currently. It then says that the WG will develop a framework for such a field. Is developing and defining a new (variable length?) header field to address some ill-defined broad range of needs really the goal? Yours, Joel -- Apn mailing list Apn@ietf.org <mailto:Apn@ietf.org> https://www.ietf.org/mailman/listinfo/apn Internal All Employees
- [Apn] 回复:GoalsofneartermAPNwork yangfeng
- Re: [Apn] 回复:GoalsofneartermAPNwork Andrew Alston - IETF
- Re: [Apn] 回复:GoalsofneartermAPNwork Adrian Farrel
- Re: [Apn] 回复:GoalsofneartermAPNwork Joel Halpern
- Re: [Apn] 回复:GoalsofneartermAPNwork Adrian Farrel