Re: [Cbor] changes in draft-ietf-cbor-network-addresses-05.txt

Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 03 August 2021 21:04 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BC263A32C9; Tue, 3 Aug 2021 14:04:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H4CmfShs80t8; Tue, 3 Aug 2021 14:04:18 -0700 (PDT)
Received: from mail-pl1-x62c.google.com (mail-pl1-x62c.google.com [IPv6:2607:f8b0:4864:20::62c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B6DC3A32C5; Tue, 3 Aug 2021 14:04:18 -0700 (PDT)
Received: by mail-pl1-x62c.google.com with SMTP id j3so600967plx.4; Tue, 03 Aug 2021 14:04:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=i02H1WCl/Px5U88vfVqbUlC7R0+REtC5QxnuZG6NIgo=; b=DeKmeDJ6E1fwFSvhnTIboLEBueR3ankoo996yhlMi9gkU6WRK0i8rydBM45fEKp20h /1jutcLyE1xh2rLwqA96wZYWMavpuwao3/+6RlXqWYmYDGe57sc/mm4IPWBxRVtwDex3 pvIl9MxKvBNKhY09OftCkrmpHv4cNu7pqcof/2luf6x/QSrCIXs0jT+wsT5iwjdnad7m 87ai8BewxTWtVMjx3jeY3I9L4Ww1fmikuFBmtFm58fnQ2ny4fImJHA2m3Cgi9bcobqE+ lV9CCBPJG/R8B0MX2GeCmlGAMpVW8zpr3Ftoea3OusP1sgFhgTrpQMzA5foSZx/u7hlK oXcg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=i02H1WCl/Px5U88vfVqbUlC7R0+REtC5QxnuZG6NIgo=; b=n7B37oC63wQ4kYQMhx6/eFQAryFFcAYWkUaBEi6m9wbRVXQMotaJ/T/deY76RD2w9R rgpVnIm5/53hD7pYSZh+3a7KVYvs3ALdtWwuSmCJzJG//Rn2aECpD4/wPccXuby4Wivu DQQgyznBKX9Z7TvNSBxZacRW1j9LWpI+Lms41JxoyUB6ZQ5dBat+xCddyMLFlOVwV3AO 9du/nOmWln2BRgHDvzCLLoygBB+LRBZ3A4Drq3IokDWfn9h9hAgS2EOMBvCJzkhp7hh/ djC+LPre5PIA6zVeGgq2ShH5gnQ6RDMHhRp7cxOP0toE2GJAd8H5iiDddF0stVT4+GzG CLcw==
X-Gm-Message-State: AOAM533GYktXwfjqX2REwersXOjG999f7Due+262I5EVbJGs9sjOaz9r x3U2gETQsmCmhLEYzC3PwejVmh8c0GTmfA==
X-Google-Smtp-Source: ABdhPJwih18VW6AUV2KtpcNEy59A/EK8u+U/zoqjUGQ+a8RVjF7xkaW5NtKpZ89ihmrW20kVAIdfOw==
X-Received: by 2002:a62:4e0f:0:b029:329:20be:287a with SMTP id c15-20020a624e0f0000b029032920be287amr24006684pfb.55.1628024657182; Tue, 03 Aug 2021 14:04:17 -0700 (PDT)
Received: from ?IPv6:2406:e003:1188:5b01:db7:d041:a2d:ce65? ([2406:e003:1188:5b01:db7:d041:a2d:ce65]) by smtp.gmail.com with ESMTPSA id t2sm110024pfb.76.2021.08.03.14.04.14 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 03 Aug 2021 14:04:16 -0700 (PDT)
To: tom petch <ietfc@btconnect.com>, Erik Kline <ek.ietf@gmail.com>, "cbor@ietf.org" <cbor@ietf.org>, 6MAN <6man@ietf.org>
References: <CAMGpriUnfMjhk7teAN-A0j5SCK=BpyJEDC+NOCJtHzmF1BFeow@mail.gmail.com> <aa9884b5-fd58-60cb-fa1d-b2d76f5a09a1@gmail.com> <VI1PR07MB6256E2C9CC9565FF2F080B5DA0E89@VI1PR07MB6256.eurprd07.prod.outlook.com> <c2c7a576-e138-1364-5ed0-a2987c1c1974@gmail.com> <20210727210706.buavt5nwairrjblf@anna.jacobs.jacobs-university.de> <e889a219-26b2-2a2e-6d05-bb6c7db1f89d@gmail.com> <20210801113001.yksklfouoz6v4hvz@anna.jacobs.jacobs-university.de> <b5f1c62e-4aa4-a397-8777-b3ec0eeafccc@gmail.com> <20210802070839.g2tjn3pqu5lpbd54@anna.jacobs.jacobs-university.de> <541ec837-d5ad-2c3f-aa98-6d9af4e11c53@gmail.com> <20210803055327.ma3pvyr7flrcd3b5@anna.jacobs.jacobs-university.de>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <863babe9-6d3e-fb25-7c7d-826171f48d57@gmail.com>
Date: Wed, 4 Aug 2021 09:04:11 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.0
MIME-Version: 1.0
In-Reply-To: <20210803055327.ma3pvyr7flrcd3b5@anna.jacobs.jacobs-university.de>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/-5RyWqzYci0CWAhCN8Hv936g8hI>
Subject: Re: [Cbor] changes in draft-ietf-cbor-network-addresses-05.txt
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Aug 2021 21:04:24 -0000

On 03-Aug-21 17:53, Jürgen Schönwälder wrote:
> On Tue, Aug 03, 2021 at 08:00:26AM +1200, Brian E Carpenter wrote:
> 
>>> Regarding your statement "Remotely, there is no way to know that on my
>>> Linux machine, %wlp2s0 and %3 are the same thing.", please note that
>>> applications having access to the IF-MIB or the ietf-interfaces YANG
>>> module or a proprietary API exposing interface information will
>>> understand how interface names map to interface indexes.
>>
>> But not if the user has chosen to change some interface names, surely?
> 
> In the IF-MIB, ifName is read-only (so you can't change it via SNMP,
> but this says nothing about other APIs) and ifIndex is used as the key
> of the table. In ietf-interfaces, the config true interface/name is
> used as the key of the list and the interface/if-index is a config
> false property of the list. This change to refer to interfaces by name
> instead of a number was the result of a long discussion and it
> reflects that most routers and bridges use names to refer to
> interfaces (and so does the *nix world).
> 
>> The mapping is not algorithmic in that case, and any names held
>> remotely in the management plane could be out of date. IMHO it remains
>> very inadvisable to export the names. I'd advocate making the use of
>> interface numbers mandatory rather than "canonical".
> 
> The mapping is on many systems never purly algorithmic as software can
> choose how newly created interfaces are named. And some people want
> interface named by the customer networks they connect, others want to
> have semantically meaningful vlan names. And lets not forget that
> there was an interesting time where Linux could end up with different
> interface names for the same physical interfaces on every reboot that
> caused some serious surprises.
> 
> Synchronization of config changes is a general problem in the network
> management world and not specific to changes of interface names. There
> are boxes that disable or discourage access to the CLI so that all
> changes go through a management daemon and then good management
> protocols can take care. Some people moved to streaming approaches to
> reduce the synchonization pains, where boxes are configured to push
> all changes to management systems.
> 
> Given that ietf-interfaces does key interfaces by name (which reflects
> the common practice of network operators to refer to router interfaces
> by name), it seems the ship has sailed.

In some contexts, but not all. In the cbor-network-addresses context,
if we do anything, it would seem wise to support an integer and a string
format, to cover the bases. But I'd be inclined to leave it as a future
extension.

    Brian

> 
> /js
> 
>>
>>    Brian
>>>
>>> /js
>>>
>>> On Mon, Aug 02, 2021 at 09:15:43AM +1200, Brian E Carpenter wrote:
>>>> On 01-Aug-21 23:30, Jürgen Schönwälder wrote:
>>>>> The description statements in RFC 6991 talk about a zone index, i.e.,
>>>>> they assume the zone index is numeric (which kind of follows from my
>>>>> reading of RFC 4007).
>>>>>
>>>>> The pattern is flexible enough to accept a string as well (e.g., an
>>>>> interface name). In other words, a server may accept 'fe80::1%lo0' as
>>>>> valid input on an edit-config put it will return 'fe80::1%0' on a
>>>>> get-config since the numeric zone index is the canonical format
>>>>> (assuming the lo0 interface has the interface index 0).
>>>>
>>>> This still makes me uncomfortable. The zone identifier syntax definition.
>>>> in RFC4007 is pretty vague. If an implementer chooses to ignore the
>>>> SHOULD on page 16, it seems that a valid name for interface index 7
>>>> could be "6". That's why "canonical" is a bit weak. (Neither Windows
>>>> nor Linux allow anything that silly, of course.)
>>>>
>>>> To be precise, consider these statements in RFC4007 page 16:
>>>>
>>>>    An implementation SHOULD support at least numerical indices that are
>>>>    non-negative decimal integers as <zone_id>.
>>>>    ...
>>>>    An implementation MAY support other kinds of non-null strings as
>>>>    <zone_id>.
>>>>    ... the format MUST be used only within a
>>>>    node and MUST NOT be sent on the wire unless every node that
>>>>    interprets the format agrees on the semantics.
>>>>
>>>> Remotely, there is no way to know that on my Linux machine,
>>>> %wlp2s0 and %3 are the same thing.
>>>>
>>>>    Brian
>>>>  
>>>>>
>>>>> /js
>>>>>
>>>>> On Wed, Jul 28, 2021 at 10:00:23AM +1200, Brian E Carpenter wrote:
>>>>>> Jürgen,
>>>>>>
>>>>>> We are not disagreeing. These are exactly the sort of use cases that 
>> also
>>>>>> motivate RFC6874 and RFC6874bis. 
>>>>>>
>>>>>> But I have a question. In the management plane, do you think that the
>>>>>> zone index (an integer) is the item of interest, or a zone identifier
>>>>>> (a string)? The description at
>>>>>> https://datatracker.ietf.org/doc/html/rfc6991#page-20
>>>>>> only says that the numerical format is "canonical".
>>>>>>
>>>>>> Regards
>>>>>>    Brian
>>>>>>
>>>>>> On 28-Jul-21 09:07, Jürgen Schönwälder wrote:
>>>>>>> On Wed, Jul 28, 2021 at 08:04:16AM +1200, Brian E Carpenter wrote:
>>>>>>>> On 26-Jul-21 23:49, tom petch wrote:
>>>>>>>>> From: ipv6 <ipv6-bounces@ietf.org> on behalf of Brian E Carpenter 
>> <brian.e.carpenter@gmail.com>
>>>>>>>>> Sent: 25 July 2021 00:44
>>>>>>>>>
>>>>>>>>> There's an "interesting" issue there, especially for IPv6, which is 
>>>> that the interface ID (or "zone index", per RFC4007) has no meaning outside the host. So it really shouldn't need to be sent on the wire in normal 
>>>> circumstances.
>>>>>>>>>
>>>>>>>>> (The conversation around RFC6874bis is slightly relevant.)
>>>>>>>>>
>>>>>>>>> <tp>
>>>>>>>>> Brian
>>>>>>>>>
>>>>>>>>> As I may have said before, the YANG Types RFC6991 provides types for IPv4 and IPv6 addresses both with a zone index.  It also provides no-zone 
>>>>>> types with a suffix 'no-zone' on the type name.  I see evidence that 
>> most 
>>>>>> authors of YANG modules do not realise that a reference to 'ip-address' per se is a reference to the format that includes the zone and so have specified that format in many if not most cases.  Thus it seems likely that many of the addresses on the wire are in the zone format, even if the zone is rarely present.  With hindsight, it might have been better to 
have specified 'ip-address' and 'ip-address-zone' rather than ip-address' 
and io-address-no-zone'.
>>>>>>>>
>>>>>>>> Makes sense. The reply I just sent to Christian Amsüss probably 
>>>> applies to YANG too. Sending a zone index to another host is rarely meaningful or useful.
>>>>>>>>
>>>>>>>
>>>>>>> YANG was designed for network management purposes and there are quite
>>>>>>> some use cases where communicating the zone index is somewhat essential:
>>>>>>>
>>>>>>> - If you want to debug a problem, you likely need to know to which
>>>>>>>   link a link-local address belongs.
>>>>>>> - If you want to generate statistics for protocols using link-local
>>>>>>>   addresses, you likely need to know to which links the link-local
>>>>>>>   addresses belongs.
>>>>>>> - If you want to configure a service to use a certain link-local
>>>>>>>   address on a certain link, you may have to include the proper zone
>>>>>>>   index.
>>>>>>> - If an IP address is used to index lists, things can fall apart if
>>>>>>>   you end up with duplicate link-local addresses on different links.
>>>>>>>
>>>>>>> Whether we should have picked different names for the types may be
>>>>>>> debatable but at the end it is the YANG module author's responsibility
>>>>>>> to pick the appropriate types.
>>>>>>>
>>>>>>> In other words, network management applications often need to be aware
>>>>>>> of zone indexes in order to do the right thing. This is different 
from
>>>>>>> end user applications (that usually have no topological awareness).
>>>>>>>
>>>>>>> /js
>>>>>>>
>>>>>>
>>>>>> --------------------------------------------------------------------
>>>>>> IETF IPv6 working group mailing list
>>>>>> ipv6@ietf.org
>>>>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>>>>> --------------------------------------------------------------------
>>>>>
>>>>
>>>> --------------------------------------------------------------------
>>>> IETF IPv6 working group mailing list
>>>> ipv6@ietf.org
>>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>>> --------------------------------------------------------------------
>>>
>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>