Re: [conex] Gen-art LC review: draft-ietf-conex-destopt-09
Robert Sparks <rjsparks@nostrum.com> Fri, 02 October 2015 15:21 UTC
Return-Path: <rjsparks@nostrum.com>
X-Original-To: conex@ietfa.amsl.com
Delivered-To: conex@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 669B61A6FD4 for <conex@ietfa.amsl.com>; Fri, 2 Oct 2015 08:21:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.609
X-Spam-Level:
X-Spam-Status: No, score=-1.609 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z5WGwdFe-0ih for <conex@ietfa.amsl.com>; Fri, 2 Oct 2015 08:21:24 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5AAD1A6FE2 for <conex@ietf.org>; Fri, 2 Oct 2015 08:21:23 -0700 (PDT)
Received: from unnumerable.local (pool-71-170-237-80.dllstx.fios.verizon.net [71.170.237.80]) (authenticated bits=0) by nostrum.com (8.15.2/8.14.9) with ESMTPSA id t92FLGlH046280 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=OK); Fri, 2 Oct 2015 10:21:19 -0500 (CDT) (envelope-from rjsparks@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host pool-71-170-237-80.dllstx.fios.verizon.net [71.170.237.80] claimed to be unnumerable.local
To: Bob Briscoe <ietf@bobbriscoe.net>, Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
References: <55DE1F65.5070106@nostrum.com> <56014D94.9070002@tik.ee.ethz.ch> <56099700.6050004@nostrum.com> <560D6CF6.4050700@bobbriscoe.net>
From: Robert Sparks <rjsparks@nostrum.com>
Message-ID: <560EA0E7.90503@nostrum.com>
Date: Fri, 02 Oct 2015 10:21:11 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <560D6CF6.4050700@bobbriscoe.net>
Content-Type: multipart/alternative; boundary="------------050107080207010108080202"
Archived-At: <http://mailarchive.ietf.org/arch/msg/conex/5c9R6kZoc4i6OM844VE9SLY2xck>
Cc: General Area Review Team <gen-art@ietf.org>, conex@ietf.org, draft-ietf-conex-destopt@ietf.org
Subject: Re: [conex] Gen-art LC review: draft-ietf-conex-destopt-09
X-BeenThere: conex@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Congestion Exposure working group discussion list <conex.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/conex>, <mailto:conex-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/conex/>
List-Post: <mailto:conex@ietf.org>
List-Help: <mailto:conex-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/conex>, <mailto:conex-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Oct 2015 15:21:28 -0000
On 10/1/15 12:27 PM, Bob Briscoe wrote: > Robert, Mirja, > > Responding (eventually) as one of the authors of conex-abstract-mech > > First one point I picked up that might be a misconception from Robert: > > On 26.08.2015 22:19, Robert Sparks wrote: >> Should >> there be a statement that this option must not be used unless by a >> transport extension that's discussed how to use it? If not, then >> shouldn't this document talk about what happens if there's no >> transport header below to inform audit function behavior? > ConEx is designed so that audit is agnostic to the particular > transport behaviour. One would not expect the audit function to look > for a transport header and change its audit behaviour accordingly > (ConEx is designed on the assumption the transport header is or at > least could be encrypted). conex-abstract-mech says: > > Transport Oblivious: Audit SHOULD NOT be designed around one > particular rate response, such as any particular TCP congestion > control algorithm or one particular resource sharing regime such > as TCP-friendliness [RFC5348 <https://tools.ietf.org/html/rfc5348>]. An important goal is to give > ingress networks the freedom to unilaterally allow different rate > responses to congestion and different resource sharing regimes > [Evol_cc > <https://tools.ietf.org/html/draft-ietf-conex-abstract-mech-13#ref-Evol_cc>], without having to coordinate with other networks over > details of individual flow behaviour; > I'd be interested to know where in the docs you got a different > impression, because we ought to try to fix that. I didn't actually think the audit function code would change per transport. But as you point out, my suggested fix to the disconnect I think I see implies that, so it is off the mark. Your suggestions below will address the concern. > > Now, responding to the conversation... > > > On 28/09/15 20:37, Robert Sparks wrote: >> >> >> On 9/22/15 7:46 AM, Mirja Kühlewind wrote: >>> Hi, >>> >>> regarding M1: >>> >>> I don't think we can say much more in this doc than what is already >>> said in the abstract mechanism doc as we simply don't know which >>> protocol will be used on top of it. >> So should this document restrict the use of the extension to those >> protocols that are used on top of it where the discussion can be >> concrete? (That's what I was suggesting when I asked " Should there >> be a statement that this option must not be used unless by a >> transport extension that's discussed how to use it?") > That /seems/ reasonable. But let's consider a test-case before > adopting this last sentence: e.g. DNS > > I could implement ConEx for a sender of DNS datagrams (that receives > no congestion feedback). conex-abstract-mech says: > Alternatively, without sufficiently precise > congestion feedback from the receiver, the source may have to > conservatively send extra ConEx markings in order to avoid > understating congestion. > So, I could modify my DNS sender to add a CDO header to all IPv6 > packets and always set the credit flag. Then, if my sender was behind > a ConEx policer, it would consume some degree of congestion allowance, > but it could never be accused of understating congestion by an audit > function. > > Would I need a DNS-specific ConEx document to make this modification? > or could I just implement it based on conex-abstract-mech and > conex-dest-opt? > Actually just these two docs would be sufficient. A DNS-conex document > might be able to suggest a better more efficient mechanism, but it > wouldn't be /necessary/ to write that doc to implement ConEx in DNS. > > The subtle point here is that the top-level requirement that ConEx > places on a transport protocol is merely not to understate the > congestion you cause. Any doc defining how a transport sets ConEx > information is really just guidance on how not to look like you are > being dishonest if you intend to be honest. The DNS example shows how > you can be sufficiently honest without a document. I follow that. It's a minor pedantic point, but I think the above indicates that -destopt- doesn't define a concrete ConEx protocol by itself. > >> >>> What we can do is to add one sentence saying that there must be a >>> way in the higher layer protocol to provide feedback about >>> congestion (loss and/or ECN) and that the specification for the >>> higher layer protocol must discuss how an audit function in the >>> network can access information on congestion on the forward path >>> (e.g. monitoring seq#). >> That makes sense to me. > conex-abstract-mech deliberately does not require transports to use > congestion feedback (as in the DNS example above). > Also, as quoted above, conex-abstract-mech requires audit to be > transport-agnostic, altho optimisations are possible when the > transport is visible. > > So please don't contradict conex-abstract-mech by saying either of > these things. > > The way the ConEx docs are structured, conex-abstract-mech is the > place to state requirements on transport protocols and on audit, and I > haven't yet seen anything in this conversation to say we've missed one > (altho I have noticed below that we failed to act on one requirement). > I certainly agree that a doc giving examples of good audit functions > would be extremely useful. But I think the requirements on audit in > conex-abstract-mech are sufficient. > > I know some people really want the rules to be clearer. But the > requirements for audit in conex-abstract-mech will still carry more > weight than how one particular example audit device works. Right. The "must discuss how" above was what was tempting for me. > > >>> >>> Further regarding the abstract mechanism doc, it says the following: >>> >>> "The general goal of an auditor is to make sure that any ConEx-enabled >>> traffic is sent with sufficient ConEx-Re-Echo and ConEx-Credit >>> signals. A concrete definition of the ConEx protocol MUST define >>> what sufficient means." >>> >>> I'm not sure if this is a correct usage of normative language, but I >>> will double-check with the author of this document. However, I don't >>> think we can say more about what sufficient means that it is already >>> described in the abstract mechanism doc (further down in section 5.5). >>> >>> It might also be the case that the authors actually meant to say >>> here something like >>> >>> "A transport that uses the ConEx protocol MUST define >>> what sufficient means." >>> >>> which would probably me more sensical. I'll check with them. > Bear in mind that abstract-mech is /ultra/ abstract (Matt Mathis > suggested this and we all agreed). abstract-mech envisages that > conex-dest-opt might not be the only concrete ConEx protocol. So this > sentence means that conex-dest-opt has to state the basic audit rules. > I.e. the three penalty criteria in > <https://tools.ietf.org/html/draft-wagner-conex-audit-01#section-2.3> > > If David Wagner is not available to re-write these for conex-destopt > and the draft authors can't, I could have a go, but I have other stuff > I'm meant to be doing this week. > > Sorry, when I reviewed conex-dest-opt for compliance with > abstract-mech, I failed to notice the gap where this important > requirement should have been satisfied - probably because we stuck the > requirement in section "5.5 Audit", whereas we should have added it to > the list in "3.3. Requirements for non-abstract ConEx specifications". > > I suspect fixing this will resolve your concern, Robert. Yes. > I'm grateful you pointed this out - it is a huge omission - we were > all assuming it, but the actual writing has fallen between the cracks > of all the docs. > > One more response in the nits below... > >>> >>> However, while writing these documents, we figured that we actually >>> would need another document on auditing because there are some >>> assumption that must be taken in the protocol design. The main >>> purpose of that doc is/was to give guidance how to design an audit >>> without caring of all the details in the tcp-mods doc. There is an >>> (expired) draft (draft-wagner-conex-audit-01) which we did not >>> follow because there was no energy in the wg and it was not in the >>> original milestone list. We should definitely consider to revisit >>> this draft if we plan further experimentation on ConEx. >>> >>> Does this makes sense to you? >> Yes. >>> >>> Mirja >>> >>> >>> >>> On 26.08.2015 22:19, Robert Sparks wrote: >>>> I am the assigned Gen-ART reviewer for this draft. The General Area >>>> Review Team (Gen-ART) reviews all IETF documents being processed >>>> by the IESG for the IETF Chair. Please treat these comments just >>>> like any other last call comments. >>>> >>>> For more information, please see the FAQ at >>>> >>>> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. >>>> >>>> Document: draft-ietf-conex-destopt-09 >>>> Reviewer: Robert Sparks >>>> Review Date: 26 Aug 2015 >>>> IETF LC End Date: 31 Aug 2015 >>>> IESG Telechat date: 1 Oct 2015 >>>> >>>> Summary: On the right track with open issues >>>> >>>> Major issues: >>>> >>>> M1) This document claims to specify "the ConEx wire protocol in IPv6". >>>> But it reads more like "this document just defines an option, other >>>> documents will talk about how and when the option is used". The >>>> abstract-mech document requires that concrete ConEx specifications >>>> discuss the audit function explicitly, with several requirements for >>>> detail scattered through that document. In particular, it asks for a >>>> discussion of how the concrete protocol defends against a set of >>>> likely attacks against the audit function. This document is silent, >>>> and I think a side-effect of being processed in parallel with >>>> tcp-modifications, and suspect most of the thinking on meeting the >>>> requirements for discussing the audit function has concentrated there. >>>> However, nothing in _this_ document restricts its use to other >>>> transport extensions that have talked about these things. Should >>>> there be a statement that this option must not be used unless by a >>>> transport extension that's discussed how to use it? If not, then >>>> shouldn't this document talk about what happens if there's no >>>> transport header below to inform audit function behavior? >>>> >>>> >>>> Minor issues: >>>> >>>> m1) Figure 1 isn't right. I think what you want is: >>>> >>>> 0 1 2 >>>> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 >>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >>>> | Option Type | Option Length |X|L|E|C| res | >>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >>>> >>>> m2) There is confusion in two places in the document where you discuss >>>> where to put the CDO (at the end of page 5 and the end of page 7). The >>>> current text says the option MUST be the first option in whatever >>>> destination options block it appears in. That seems problematic. What >>>> if some other option also declares it MUST be the first option? I >>>> wonder if instead of trying to say "must be the first option in the >>>> block" you are trying only to say "If you use a CDO, use it in the >>>> destination options block that comes before an AH block, not the one >>>> that might come after". >>>> >>>> m3) Third paragraph of section 6: Should the last sentence end with >>>> "in a given stream." ? >>>> >>>> Nits/editorial comments: >>>> >>>> Introduction: Should "Due to space limitation" be "Due to space >>>> limitations in the IPV4 header"? >>>> >>>> Section 4: Right after the definition of Reserved, there is a line >>>> that says "foo". What should it say instead? > I noticed just after "foo" it says: > > All packets sent over a ConEx-capable TCP connection or belonging to > the same ConEx-capable flow MUST carry the CDO. > I think this was meant to say: > > All packets belonging to the same ConEx-capable flow (e.g. sent over > the same ConEx-capable TCP connection) MUST carry the CDO. > > > Thanks again, particularly for revealing the huge gap we had missed. > > Regards > > > Bob >>>> >>>> The last sentence on page 6: I don't think it's the network node that >>>> you are saying must be aware. Perhaps you mean designers of network >>>> nodes? >>>> >>>> At the top of page 7, you have "They MAY log". You shouldn't use a >>>> 2119 MAY here - it's not part of the protocol. Similarly, in section >>>> 6, "MAY compare the two, and MAY log" should not use 2119. >>>> >>>> First paragraph of section 6: "natively" is not clear. Perhaps >>>> replacing "will not natively copy" with "will not normally copy"? >>>> >>>> Second paragraph of section 6: I suggest replacing "ignore any >>>> CDO" with "ignore any CDO in the outer header". >>>> >>>> Consider moving the description of the bits in the option type field, >>>> particularly the chg bit, earlier in the document. Right now, the >>>> first mention is in the security consideration section, and most >>>> of the definition doesn't happen until the IANA considerations. >>>> It would help if it were clear what that bit was going to be before >>>> you ever mention AH. >>>> >>> >> >> _______________________________________________ >> conex mailing list >> conex@ietf.org >> https://www.ietf.org/mailman/listinfo/conex >> >> -- >> ________________________________________________________________ >> Bob Briscoehttp://bobbriscoe.net/
- [conex] Gen-art LC review: draft-ietf-conex-desto… Robert Sparks
- Re: [conex] Gen-art LC review: draft-ietf-conex-d… Suresh Krishnan
- Re: [conex] Gen-art LC review: draft-ietf-conex-d… Mirja Kühlewind
- Re: [conex] Gen-art LC review: draft-ietf-conex-d… Robert Sparks
- Re: [conex] Gen-art LC review: draft-ietf-conex-d… Bob Briscoe
- Re: [conex] Gen-art LC review: draft-ietf-conex-d… Robert Sparks