Re: [conex] Act bits and Positioning (Was Re: Fwd: Review: draft-ietf-conex-destopt-06)
Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch> Mon, 15 September 2014 07:51 UTC
Return-Path: <mirja.kuehlewind@tik.ee.ethz.ch>
X-Original-To: conex@ietfa.amsl.com
Delivered-To: conex@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03A481A0052 for <conex@ietfa.amsl.com>; Mon, 15 Sep 2014 00:51:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.852
X-Spam-Level:
X-Spam-Status: No, score=-2.852 tagged_above=-999 required=5 tests=[BAYES_50=0.8, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.652] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dKMnxYQWj1lB for <conex@ietfa.amsl.com>; Mon, 15 Sep 2014 00:51:09 -0700 (PDT)
Received: from smtp.ee.ethz.ch (smtp.ee.ethz.ch [129.132.2.219]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 849D11A008D for <conex@ietf.org>; Mon, 15 Sep 2014 00:51:07 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp.ee.ethz.ch (Postfix) with ESMTP id 94748D9310; Mon, 15 Sep 2014 09:51:05 +0200 (MEST)
X-Virus-Scanned: by amavisd-new on smtp.ee.ethz.ch
Received: from smtp.ee.ethz.ch ([127.0.0.1]) by localhost (.ee.ethz.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id fFvm7bORRixF; Mon, 15 Sep 2014 09:51:05 +0200 (MEST)
Received: from [192.168.178.32] (stgt-5f71746d.pool.mediaWays.net [95.113.116.109]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: mirjak) by smtp.ee.ethz.ch (Postfix) with ESMTPSA id B7384D930D; Mon, 15 Sep 2014 09:51:04 +0200 (MEST)
Message-ID: <54169A68.30000@tik.ee.ethz.ch>
Date: Mon, 15 Sep 2014 09:51:04 +0200
From: Mirja Kühlewind <mirja.kuehlewind@tik.ee.ethz.ch>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.1
MIME-Version: 1.0
To: Suresh Krishnan <suresh.krishnan@ericsson.com>, "bob.briscoe@bt.com" <bob.briscoe@bt.com>
References: <201408121058.09210.mirja.kuehlewind@ikr.uni-stuttgart.de> <53EA6068.6090100@tik.ee.ethz.ch> <201408131906.s7DJ6V2s029587@bagheera.jungle.bt.co.uk> <53ECE6C9.40300@tik.ee.ethz.ch> <53ECE917.6000803@tik.ee.ethz.ch> <201408141915.s7EJFVI8000808@bagheera.jungle.bt.co.uk> <53FB741A.9010500@tik.ee.ethz.ch> <201408261727.s7QHRlxB026767@bagheera.jungle.bt.co.uk> <53FF4E3F.4060502@tik.ee.ethz.ch> <201408282005.s7SK5ke4004064@bagheera.jungle.bt.co.uk> <54073A5B.20207@tik.ee.ethz.ch> <201409082217.s88MHFDj018480@bagheera.jungle.bt.co.uk> <E87B771635882B4BA20096B589152EF62882B883@eusaamb107.ericsson.se> <201409090759.s897xriV019964@bagheera.jungle.bt.co.uk> <540F0C78.7050309@tik.ee.ethz.ch>, <201409091743.s89HheQJ021974@bagheera.jungle.bt.co.uk> <E87B771635882B4BA20096B589152EF6288300FD@eusaamb107.ericsson.se>
In-Reply-To: <E87B771635882B4BA20096B589152EF6288300FD@eusaamb107.ericsson.se>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/conex/f6AEJbJFxobtnC-h7NlAHLUw0AA
Cc: "ralli@tid.es" <ralli@tid.es>, "conex@ietf.org" <conex@ietf.org>
Subject: Re: [conex] Act bits and Positioning (Was Re: Fwd: Review: draft-ietf-conex-destopt-06)
X-BeenThere: conex@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Congestion Exposure working group discussion list <conex.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/conex>, <mailto:conex-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/conex/>
List-Post: <mailto:conex@ietf.org>
List-Help: <mailto:conex-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/conex>, <mailto:conex-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Sep 2014 07:51:15 -0000
I also would prefer to say that the CDO MUST be first and give it a try and see what the IESG says. If there are concerns, we can still change it to MUST be among the first 3... Mirja On 12.09.2014 05:33, Suresh Krishnan wrote: > Hi Bob/Mirja, > Sounds fine to me as well. I can live with any value of X but the only > one that really makes sense is 1 :-) > > Thanks > Suresh > > -----Original Message----- > *From:* Bob Briscoe [bob.briscoe@bt.com] > *Received:* Tuesday, 09 Sep 2014, 1:44PM > *To:* Mirja Kühlewind [mirja.kuehlewind@tik.ee.ethz.ch] > *CC:* Suresh Krishnan [suresh.krishnan@ericsson.com]; Carlos Ucendo > [ralli@tid.es]; ConEx IETF list [conex@ietf.org] > *Subject:* Re: Act bits and Positioning (Was Re: [conex] Fwd: Review: > draft-ietf-conex-destopt-06) > > Mirja, > > Agree with you on all 3 new responses: > * act bits = 00 > * CDO SHOULD be first destopt, and MUST be among > the first X destopts: that works for me. > X=3? > * CDO is always in the destopt position before > any IPsec, and ConEx doesn't work within an ESP tunnel. > > > Bob > > At 15:19 09/09/2014, Mirja Kühlewind wrote: >>Hi, >> >>see inline >> >>On 09.09.2014 09:59, Bob Briscoe wrote: >>>Suresh, >>> >>>At 05:36 09/09/2014, Suresh Krishnan wrote: >>>>Hi Bob, >>>> Thanks a lot for your comments. I will respond to two specific issues >>>>that you brought up >>>> >>>>act bits being 01: Please note that the Conex option is a *destination* >>>>option. Non conex-aware nodes on path will not even process the option. >>>>So we do not need to be worried about the packet being dropped by >>>>intermediate nodes, and we need to know if the destination does not >>>>understand it. Hence I think this should stay as 01. >>> >>>I was aware that the act bits are only processed by the destination. >>> >>>My point was that ConEx only requires sender support (ie. you can have >>>ConEx on one half-connection but not the other - there is no need to >>>negotiate ConEx for a connection). So it would be very bad for a >>>destination to drop a packet just before delivering it to the >>>destination process just because it doesn't recognise a ConEx header >>>that it doesn't need to understand anyway. >>> >>>Note to Mirja: Given this misunderstanding, perhaps the draft should >>>give a reason: >>> "The act bits MUST be 00, because a ConEx packet needs to be >>>passed to the destination process even if the destination does not >>>understand ConEx." >>I agree with Bob, as the receiver does not need >>to proceed the option in our case at all and it >>does even know if it has to be there. Suresh? >> >>> >>> >>>>CDO as the first option: As you rightly note, this is just a performance >>>>optimization. I do believe that the performance penalty for conex-aware >>>>nodes will be pretty severe if they need to process all destination >>>>options before deciding if the CDO is present or not. >>> >>>Surely a ConEx node can stop when it gets to the CDO option (which will >>>usually be first). It doesn't need to continue and process all the other >>>options within the destopt header. >>> >>>>Please note that >>>>this needs to be done on *all* packets passing through the conex aware >>>>node. >>> >>>On packets without a destopt that is quick. >>> >>>The really bad case is for packets from senders that don't support ConEx >>>but are using many other destopts. Then the on-path ConEx node would >>>walk along every destopt until the end. >>> >>>>I do think it is OK to change the MUST to a SHOULD but with a >>>>severe warning. >>> >>>OK, thanks. >>> >>>Would it be OK to say "As an optimization, a ConEx implementation MAY >>>limit the depth of its search for CDO to two or three destination options"? >>My assumption was that search for the CDO if >>multiple options are present is not feasible in fast path. >> >>So if the CDO is not first, there are two options: >>1) forward the packet to slow path >>2) ignore the CDO >> >>Actually case 1) is probably no option because >>this would forward all present traffic to slow >>path because none of the traffic has a CDO at all. >> >>2) is at least not feasible for something like a >>policer that really needs to look at all ConEx-enable packets. >> >>Limiting the search depth, would translate into >>"the CDO SHOULD be the first option and MUST be >>among the first X options"... is that a solution? >> >> >>Bob, see further below... >> >>> >>> >>>I have also added to my response to Mirja below, with an extra thought >>>about ESP tunnels (inline - search for 'ESP tunnel' - it's a long way >>>down!)... >>> >>> >>>>Cheers >>>>Suresh >>>> >>>>On 09/08/2014 06:17 PM, Bob Briscoe wrote: >>>> > Mirja, >>>> > >>>> > At 16:57 03/09/2014, Mirja Kühlewind wrote: >>>> >> Hi again, >>>> >> >>>> >> >>>> >> On 28.08.2014 22:05, Bob Briscoe wrote: >>>> >>>>>>>>>>>> * Suggested deleting example of Not-ConEx-capable packets >>>>(see >>>> >>>>>>>>>>>> separate thread to conex-tcp-modifications authors about >>>>TCP pure >>>> >>>>>>>>>>>> ACKs). >>>> >>>>>>>>>>> I can remove the example but not sure why you are suggesting >>>> >>>>>>>>>>> this. If >>>> >>>>>>>>>>> you actually imply that the X bit should never be zero >>>>that we >>>> >>>>>>>>>>> have to >>>> >>>>>>>>>>> discuss if the X bit is needed at all. >>>> >>>>>>>>>> I have never thought the X flag was needed. There's >>>>probably some >>>> >>>>>>>>>> email >>>> >>>>>>>>>> on the list somewhere in the past from me that says that. >>>> >>>>>>>>>> >>>> >>>>>>>>>> As I put in one of the comment bubbles: >>>> >>>>>>>>>> "The only need I can see for the X-flag is if >>>> >>>>>>>>>> the Reserved field gets used in future for >>>> >>>>>>>>>> something in addition to ConEx. Then there >>>> >>>>>>>>>> would be a need to identify packets that >>>> >>>>>>>>>> are not ConEx-capable but still carry the >>>> >>>>>>>>>> CDO option (for the new reason)." >>>> >>>>>>>>>> >>>> >>>>>>>>>> Can anyone think of a use for the X flag? >>>> >>>>>>>>> I thought the X bit unset means: I'm a ConEx aware sender and i >>>> >>>>>>>>> want to >>>> >>>>>>>>> follow the rules but I don't have any feedback for this >>>>(control) >>>> >>>>>>>>> data >>>> >>>>>>>>> so I'm unable to give you useful ConEx information and if >>>>you use >>>> >>>>>>>>> this >>>> >>>>>>>>> packet for your estimation of the current congestion level, you >>>> >>>>>>>>> might >>>> >>>>>>>>> underestimate it. >>>> >>>>>>>>> >>>> >>>>>>>>> Doesn't that make sense...? >>>> >>>>>>> Not to me. What does "feedback for this (control) data" mean? >>>>Feedback >>>> >>>>>>> is about a path used by a 5-tuple. This control data is about >>>>to be >>>> >>>>>>> sent >>>> >>>>>>> over such a path. If the sender has feedback about that path, the >>>> >>>>>>> feedback applies to everything sent over the path, at the IP >>>>layer, >>>> >>>>>>> whatever categorisation the next packet has at L4. >>>> >>>>>> If you do not get any feedback on a path, e.g. a receiver only >>>>sending >>>> >>>>>> ACKs, you will never be able to send any ConEx markings. So >>>>what's the >>>> >>>>>> point about marking a packet as ConEx-enabled? >>>> >>>>> OK, this is a good example for when a ConEx-enabled flag might be >>>> >>>>> useful. However,... >>>> >>>>> >>>> >>>>> ...This doesn't justify marking pure ACKs as not-ConEx-enabled. >>>>If a >>>> >>>>> sender sends a pure ACK now, all it knows is that it might not have >>>> >>>>> enough feedback to be able to set ConEx markings on a whole >>>>sequence of >>>> >>>>> packets later in the flow,... but only if it keeps sending >>>>solely pure >>>> >>>>> ACKs from now on. However, a sender can't be sure that it won't >>>>have >>>> >>>>> enough feedback in future, because usually an app (let alone the >>>> >>>>> transport layer) cannot predict whether there will be more data >>>>to send >>>> >>>>> later, even if it's not sending any now. >>>> >>>>> >>>> >>>>> Once a sender has had no feedback for at least a round trip, it >>>>has 2 >>>> >>>>> options for subsequent packets: >>>> >>>>> a) turn off ConEx-enabled; >>>> >>>>> b) keep sending packets with ConEx-enabled set, but >>>>conservatively add >>>> >>>>> some credit. >>>> >>>>> >>>> >>>>> Even if it subsequently sends some data, it will still have to >>>>do (a) or >>>> >>>>> (b) on these data packets, at least for one further round trip, >>>>until it >>>> >>>>> gets the feedback. So this is nothing to do with whether the packet >>>> >>>>> being sent is a pure ACK. It is to do with whether feedback has >>>>recently >>>> >>>>> been received. >>>> >>>> Okay, rewrote the paragraph slightly: >>>> >>>> >>>> >>>> "If the X bit is zero all other three bits are undefined and thus >>>> >>>> should be ignored and forwarded unchanged by network nodes. The X >>>>bit >>>> >>>> set to zero means that the connection is ConEx-capable but this >>>>packet >>>> >>>> MUST NOT be accounted when determining ConEx information in an audit >>>> >>>> function. This can be the case if no feedback on the congestion >>>>status >>>> >>>> is (currently) available for e.g. for control packets (not carrying >>>> >>>> any user data). As an example a TCP receiver that only sends pure >>>>ACKs >>>> >>>> will usually send them as ACK are usually not ECN-capable as ACK >>>> >>>> usually are not ECN-capable and TCP does not have a mechanism to >>>> >>>> announce ACK lost. Thus congestion information about ACKs are not >>>> >>>> available." >>>> >>>> >>>> >>>> Is this okay? >>>> >>> The main problem is saying 'not available *for* control packets'. But >>>> >>> just changing 'for' to 'from' would still make this too unclear to be >>>> >>> understood. >>>> >>> >>>> >>> Also need to: >>>> >>> * Make it clear the example is TCP-specific. >>>> >>> * Focus on loss first, then ECN. >>>> >>> * 'mechanism to announce ACK loss' is not really understandable. >>>> >>> * Avoid 'control packets', which is too general, given this is an >>>> >>> example, so it can be specific. >>>> >>> * Nit: duplicated word (for e.g. for) and duplicated phrase (as >>>>ACK are >>>> >>> usually not ECN-capable as ACK usually are not ECN-capable). >>>> >>> >>>> >>> How about: >>>> >>> >>>> >>> First 2 sentences unchanged, then... >>>> >>> "This can be the case if no congestion feedback is (currently) >>>>available >>>> >>> e.g. in TCP if one endpoint has been receiving data but sending >>>>nothing >>>> >>> but pure ACKs (no user data) for some time. This is because pure >>>>ACKs do >>>> >>> not advance the sequence number, so the TCP endpoint receiving them >>>> >>> cannot reliably tell whether any have been lost due to congestion. >>>>Pure >>>> >>> TCP ACKs cannot be ECN-marked either [RFC3168]." >>>> >> Fine for me. Done. >>>> >> >>>> >> >>>> >>>>>> Further note, in the TCP mods we only look at the payload >>>>because we >>>> >>>>>> assume, for simplification, all packets have the same size. >>>>Therefore >>>> >>>>>> a packet that carries no data would not decrease the CEG/LEG. >>>>If ACKs >>>> >>>>>> should get marked, we need to rewrite all this stuff in the tcp >>>>mods >>>> >>>>>> doc... >>>> >>>>> I don't think we should avoid changing tcp-mods if its 'not right'. >>>> >>>>> >>>> >>>>> I hope you see the problem from my explanation above - whether >>>>there is >>>> >>>>> enough feedback /now/ to ConEx-mark a packet has nothing to do with >>>> >>>>> whether the packet being sent /now/ is capable of generating >>>>feedback >>>> >>>>> /in the next round/. >>>> >>>>> >>>> >>>>> If you want to make a simplifying assumption, it is on the safe >>>>side for >>>> >>>>> a sender to assume that all incoming feedback is about packets >>>>of the >>>> >>>>> same size. It's not safe for a sender to assume that all packets >>>>it is >>>> >>>>> sending are the same size. Anyway, it knows what size it is >>>>sending, so >>>> >>>>> it doesn't need this simplification. >>>> >>>> Okay, the assumption is (only) that feedback is based on packets >>>>that >>>> >>>> are the same size. If we send you a packet we of course decrease the >>>> >>>> LEG/CEG by the actually payload bytes. But taking this assumption be >>>> >>>> simply do not account for headers at all (nor incoming neither >>>> >>>> outcoming) because we can anyway just estimated the header bits and >>>> >>>> there simply assume it will equal out. Which mean if we send a pure >>>> >>>> ACK we will not decrease the LEG/CEG because there are no payload >>>> >>>> bytes. I believe that this simplification makes thing much >>>>simpler and >>>> >>>> is therefore useful but will not allow for marking pure ACKs... >>>> >>> I thought the earlier definition said that ConEx accounts for the >>>>size >>>> >>> of the IP header that contains the CDO and everything within it. >>>>Also, >>>> >>> there's the TCP header size on a pure ACK. >>>> >> Yes, especially when a network node accounts >>>> >> ConEx marks. But in the (TCP) sender we just >>>> >> don't care about the header bits for >>>> >> simplification. We are aware that all bits will >>>> >> be accounted but as we assume equal size packets that should be fine. >>>> >> >>>> >> >>>> >>> That's the basis on which I am assuming that pure ACKs are worth >>>> >>> counting. A pure ACK will count as at least 86B (and more if there >>>>are >>>> >>> additional TCP options or IP extensions). >>>> >>> >>>> >>> IPv6 header: 40B >>>> >>> CDO dest opt: 6B >>>> >>> TCP header: 40B >>>> >>> Total: 86B >>>> >>> >>>> >>> If there are more IP extensions, I guess it will be hard for TCP >>>>to know >>>> >>> though. >>>> >> Yes, so how should I implement that? >>>> > I guess just assume that any IP extensions will >>>> > be constant on every packet in a flow, therefore >>>> > assuming none will be similar to assuming some. >>>> > >>>> >>>> You didn't convince me (yet) that this should be changed but this >>>> >>>> would need to be changed in the tcp mods doc and not this one >>>>anyway. >>>> >>> Agreed (that this would affect tcp-mods, not destopt). >>>> >>> >>>> >>> What is 'this' that you aren't yet convinced by? >>>> >> 'this' is the fact that I need to changed >>>> >> something in the tcp mods document. I might >>>> >> remove the statement (if existent) that control >>>> >> packets should be not-ConEx capable but I would >>>> >> still like to recommend it because I believe it >>>> >> makes things overly complicated otherwise. The >>>> >> point is I believe that at the location in the >>>> >> (Linux) code where you implement the counting, >>>> >> you don't even have the information how large >>>> >> the pure ACK will be in the end... >>>> > See next comment. >>>> > >>>> >>>>> The simplification I propose (that feedback is all about the >>>>same size >>>> >>>>> packets, rather than all the sent packets are the same size) is >>>>likely >>>> >>>>> to be pretty good, given the receiver doesn't get loss or ECN >>>>info about >>>> >>>>> pure ACKs, so they are automatically removed from the set of >>>>packets >>>> >>>>> that the sender assumes to be the same size. And, and if some of >>>>the >>>> >>>>> feedback is about smaller data packets, at least this >>>>simplification >>>> >>>>> will always be on the safe side. >>>> >>>>> >>>> >>>>> If I correctly understand the simplification you propose, a >>>>ConEx sender >>>> >>>>> will more often under-declare congestion than over-declaring, >>>>which is >>>> >>>>> not safe. >>>> >>>> I don't believe so. Was this just of a different understanding of >>>>what >>>> >>>> we proposed or can you explain further...? >>>> >>> I thought you were proposing that a TCP sender assumes all the >>>>packets >>>> >>> it sends are full-sized, even if they aren't. But I believe you have >>>> >>> said that is not what you proposed. >>>> >> No, when reducing the congestion counter(s) we >>>> >> use the actual number of payload bytes. We also >>>> >> use the real number of acknowledged bytes to >>>> >> increase the counter(s). We simply do not care >>>> >> about the header bytes at all assuming that on >>>> >> average all packets have the same size and >>>> >> therefor the number of (marked) header bytes >>>> >> (either ECN or ConEx) in total will be about right. >>>> > OK. I understand now. >>>> > >>>> > Ultimately TCP has to put a number in the Data >>>> > Offset field, so it has to know the size of its >>>> > own header. However, for an initial >>>> > (experimental) implementation, if you need your >>>> > proposal to assume all TCP options within one >>>> > flow are the same size, it would be reasonable >>>> > (it's not actually true, e.g. SACK, but there >>>> > should at least be no bias, so you will overstate as much as >>>>understate). >>>> > >>>> > You say earlier that it is too complicated to >>>> > implement code within TCP that knows the size of >>>> > a pure ACK. If TCP code doesn't know the size of >>>> > a TCP header, then Linux must be using magic >>>> > instead of code. Because, surely, the whole point >>>> > of the TCP code is to write a TCP header. >>>> > >>>> >>>>>>>>>>>> ==Fast-path== >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> * CDO as first destination option: changed from MUST to >>>>SHOULD >>>> >>>>>>>>>>>> (with >>>> >>>>>>>>>>>> an example of when not to). >>>> >>>>>>>>>>> I believe this really needs to be a MUST. I know that might >>>> >>>>>>>>>>> restrict >>>> >>>>>>>>>>> the use of ConEx with potential other options that might >>>>have the >>>> >>>>>>>>>>> same >>>> >>>>>>>>>>> requirement (for different reasons). But if you don't put >>>>a MUST >>>> >>>>>>>>>>> here, >>>> >>>>>>>>>>> you cannot implemented the suggested way in the fast path. >>>> >>>>>>>>>> A SHOULD still means it will be the first option in all >>>>current >>>> >>>>>>>>>> implementations. However, I suggest a SHOULD, precisely >>>>because >>>> >>>>>>>>>> performance reasons are not absolute, so they don't require a >>>> >>>>>>>>>> MUST. If >>>> >>>>>>>>>> another dest opt cannot work at all unless it is first, >>>>that would >>>> >>>>>>>>>> be a >>>> >>>>>>>>>> valid reason for CDO coming second, because it still works, >>>>it's >>>> >>>>>>>>>> /just/ >>>> >>>>>>>>>> slower. >>>> >>>>>>>>>> >>>> >>>>>>>>>> The IESG will (rightly) be very wary of any draft that says an >>>> >>>>>>>>>> option >>>> >>>>>>>>>> MUST be the first option. >>>> >>>>>>>>>> >>>> >>>>>>>>>> I suggested the following text after this: "(This is not >>>> >>>>>>>>>> stated as a 'MUST', because some future destination option >>>>might >>>> >>>>>>>>>> need to >>>> >>>>>>>>>> be placed first for functional rather than just performance >>>> >>>>>>>>>> reasons.)" >>>> >>>>>>>>> So our fast path implementation must simply assume that >>>>there is no >>>> >>>>>>>>> CDO >>>> >>>>>>>>> in case it cannot find it as the first option. Otherwise all >>>> >>>>>>>>> non-ConEx >>>> >>>>>>>>> packets would need to go to the slow path to make sure there >>>>is no >>>> >>>>>>>>> ConEx >>>> >>>>>>>>> option. That means to me that this must be a MUST...? >>>> >>>>>>> OK, I see the problem, but how much of a performance problem >>>>would it >>>> >>>>>>> really be for the fast path of a ConEx function to step along >>>>dest >>>> >>>>>>> opts >>>> >>>>>>> until it gets to CDO then stops (rather than stop if CDO is not >>>> >>>>>>> first)? >>>> >>>>>> So that's the different between you looking at one bit at a >>>>defined >>>> >>>>>> position or having a chain of conditional look-ups where the >>>>length is >>>> >>>>>> unknown. I believe that is something you would avoid to >>>>implement in >>>> >>>>>> fast path as the processing time is not fixed anymore... that >>>>would be >>>> >>>>>> my guess but I'm not an expert in this area. >>>> >>>>> AFAICT, fast path implementations generally work along sequences of >>>> >>>>> extensions. So I don't think this is a problem. Bear in mind >>>>that we are >>>> >>>>> not asking general fast path forwarding implementations to do >>>>this. Only >>>> >>>>> ConEx functions specifically written to find the ConEx >>>>header.{Note 1} >>>> >>>>> >>>> >>>>> {Note 1} OK, we do suggest that general forwarding functions >>>>could do >>>> >>>>> DoS protection using the ConEx header. But that's stated as >>>>optional and >>>> >>>>> 'aspirational'. If such an experiment proves useful, you never >>>>know, >>>> >>>>> there could be demand for ConEx to migrate into the hop-by-hop >>>>options >>>> >>>>> (according to the v6 spec, hop-by-hop and dest options share the >>>>same >>>> >>>>> option number space, so this would be a straightforward >>>>migration, just >>>> >>>>> moving where the CDO is placed, but using the same option number >>>>and >>>> >>>>> format). >>>> >>>> There might be also further use cases for e.g. traffic management or >>>> >>>> multipath routing where general forwarding nodes need to access this >>>> >>>> information. >>>> >>>> >>>> >>>> So what's the solution here? >>>> >>> I think this will get thrown back by the IESG if we say 'MUST be >>>>first'. >>>> >>> And I think 'SHOULD be first' is a doable implementation for >>>>ConEx-aware >>>> >>> nodes. That is sufficient for experimental. Any experiments where >>>> >>> general forwarding nodes access ConEx will already be reading a >>>>destopt >>>> >>> at every hop, which is not what was intended, but it would be doable >>>> >>> just for an experiment that wanted to prove ConEx has wider uses. >>>> >> I know that this might be a problem with IESG review, but... it's >>>>broken... >>>> >> >>>> >>> Everyone involved in IPv6 knows that the attempt to design >>>>extensibility >>>> >>> into v6 failed. It won't be news to the IESG that we can't add an >>>> >>> extension that can be processed at every hop on the fast path. >>>> >>> >>>> >>> If a destopt is sufficient to prove ConEx useful, then >>>>implementers will >>>> >>> want to satisfy this demand. Then >>>> >>> * either there is even more pressure on the IETF to address this >>>>failing >>>> >>> in v6 (and maybe someone will), >>>> >>> * or ConEx has to continue with this destopt solution, just like >>>> >>> everyone else is finding hacks round this failing in v6. >>>> >>> >>>> >>> But don't ask me. Ask Suresh. >>>> >> Yes! Unfortunately he did not response until >>>> >> now. Maybe he is/was on holidays; will ping him again. >>>> >> >>>> >> >>>> >>>>>>> Then "CDO SHOULD be first" would give no different performance >>>>to "CDO >>>> >>>>>>> MUST be first", if CDO actually was first. If CDO had to be >>>>placed >>>> >>>>>>> second on a certain packet, "CDO SHOULD be first" would take >>>>just one >>>> >>>>>>> more op than "CDO MUST be first". >>>> >>>>>>> >>>> >>>>>>> Note: I've just re-read the spec of the IPv6 header. We need to >>>> >>>>>>> specify >>>> >>>>>>> that CDO goes in the "Destination Options (before routing >>>>header)", >>>> >>>>>>> not >>>> >>>>>>> the "Destination Options (before upper-layer header)". Then it >>>> >>>>>>> won't be >>>> >>>>>>> encrypted by an ESP header. >>>> >>>>>> Thanks. I wasn't fully aware of this. But the difference for my >>>> >>>>>> understanding is if immediate node listed in the routing header >>>>should >>>> >>>>>> proceed this option or not. In our case it is probably not >>>>important >>>> >>>>>> which one we choose as it should be processed by none of the >>>>receivers. >>>> >>>>> You're correct that CDO isn't processed by any of the nodes >>>>listed in >>>> >>>>> the routing header as destinations. The phrase "before routing >>>>header" >>>> >>>>> is just how its placement is described. We should clarify that this >>>> >>>>> isn't anything to do with the processing of the routing header. >>>> >>>>> >>>> >>>>>> Where did you read that the later one is not encrypted though? >>>> >>>>> ESP encrypts everything after the ESP header, and it comes just >>>>before >>>> >>>>> the second dest opts. So it would be no good putting CDO after it. >>>> >>>>> >>>> >>>>> See the ESP spec, on "ESP Header Location": >>>> >>>>> <http://tools.ietf.org/html/rfc2406#section-3.1> >>>> >>>>> " The destination options extension header(s) could appear >>>> >>>>> either before or after the ESP header depending on the >>>>semantics >>>> >>>>> desired. However, since ESP protects only fields after the ESP >>>> >>>>> header, it generally may be desirable to place the destination >>>> >>>>> options header(s) after the ESP header. >>>> >>>>> " >>>> >>>> Thanks. Wasn't able to find this sentence! >>>> >>>> >>>> >>>>> Also see the IPv6 spec on "Extension Header Order": >>>> >>>>> <http://tools.ietf.org/html/rfc2460#section-4.1> >>>> >>>>> >>>> >>>>> I believe one reason there are two places for the dest opt is >>>>because if >>>> >>>>> ESP is encrypting everything for the destination, it will >>>>normally be >>>> >>>>> expected that the dest opts need to be encrypted too. But this >>>>wouldn't >>>> >>>>> work if you have multiple destinations on the path in the >>>>routing header >>>> >>>>> (that probably don't hold the relevant key). Fortunately, this >>>> >>>>> exception is also needed for ConEx. >>>> >>>>> >>>> >>>>>> If so, I can simply add one sentence to the first paragraph of >>>> >>>>>> section 4: >>>> >>>>>> "The CDO MUST be placed in the destination option before routing >>>> >>>>>> header such that it does not get encrypted and can be read by >>>> >>>>>> immediate ConEx-aware nodes." >>>> >>>>>> And then remove the first paragraph of the IPSec section (and >>>>probably >>>> >>>>>> move the other paragraph somewhere else so that the section is >>>>removed >>>> >>>>>> completely)...? >>>> >>>>> I've lost track of all the proposed changes to the IPsec >>>>section. But I >>>> >>>>> think there is value in spelling out exactly how ConEx and IPsec >>>> >>>>> interact, so I wouldn't remove the section completely, even if it >>>> >>>>> repeats info elsewhere. >>>> >>>> Okay I just realized that we recommend to to use TPSec for >>>> >>>> authentication but I believe if the ConEx option should not be >>>> >>>> encrypted by using the respective header, it will also not be >>>> >>>> authenticated...? So you can have either one of the two...? I >>>>believe >>>> >>>> we still need the IPSec section but right now I'm not sure what to >>>> >>>> right in there...? Any proposal? >>>> >>> * How to do ConEx when IPsec is also required (tunnel & transport >>>>modes, >>>> >>> and what to count). This may all be obvious now, but (IMO) it >>>>would still >>>> >>> be worth spelling out obvious things. >>>> >>> * How to use IPsec to protect the integrity of CDO. >>>> >> Okay, this is the text now: >>>> >> >>>> >> "Compatibility with use of IPsec >>>> >> >>>> >> In IPv6 there are two possible position of a >>>> >> Destination Option header, either before the >>>> >> Routing header or after the Encapsulating Security Payload (ESP) >>>>header. >>>> > BETTER?: >>>> > In IPv6 a Destination Option header can be placed >>>> > in two possible position in the order of possible >>>> > headers, either before the Routing header or >>>> > after the Encapsulating Security Payload (ESP) header. >>>> > REASONING: >>>> > We are talking about the positions where these >>>> > headers /would/ be if they were there - they might not actually be >>>>present. >>>> > >>>> >> If the packet is encrypted using IPSec tunnel >>>> >> mode, the CDO MUST be placed in the destination >>>> >> option before the Routing header such that it >>>> >> does not get encrypted and can be read by immediate ConEx-aware nodes. >>>> > BETTER?: >>>> > CDO MUST always be placed in a destination option >>>> > header placed before where the routing header >>>> > would be. Otherwise, if CDO were placed in the >>>> > latter position and an ESP header were used, the CDO would be >>>>encrypt the >>>> > REASONING: >>>> > (There is no need for it to ever be in the later >>>> > position and it's best to always be in the same place.) >>>> > >>>> > >>>> >> Note as the Authentication Header (AH) also only >>>> >> protects fields after the AH header, the CDO is not authenticated >>>>in this case. >>>> > Need to say the encapsulator copies CDO from the >>>> > inner IPv6 CDO before encrypting the inner. >>>> > >>>> > s/read by immediate/read by/ >>>> > >>>> > AH integrity protects the IPv6 header that encapsulates it. ESP does >>>>not. >>>> > >>>> > >>>> >> In IPSec transport mode both destination option >>>> >> headers can be used, as the CDO is in both cases >>>> >> visible to the network. If the transport network >>>> >> can not be trusted, the Destination Option >>>> >> header after the ESP header SHOULD be used to >>>> >> ensure integrity of the ConEx information. If an >>>> >> attacker would be able to remove the ConEx >>>> >> marks, this could cause an audit device >>>> >> to penalize the respective connection, while the >>>> >> sender cannot easily detect that ConEx information is missing." >>>> >> >>>> >> Does this seem to be right now? >>>> > Sorry, this is all wrong. One cannot use ESP to >>>> > authenticate or protect the integrity of CDO by >>>> > putting CDO after ESP, because ESP would then >>>> > encrypt CDO so ConEx-aware nodes would not be >>>> > able to read it. CDO always has to precede ESP, >>>> > which is why I said CDO MUST always be in the first destopt position. >>>> > >>>> > If the CDO header needs to be authenticated, AH >>>> > can be used as in the second example below. AH >>>> > protects the integrity of the whole IPv6 datagram >>>> > it is encapsulated by (except non-predictable >>>> > mutable fields). AH coverage includes the IPv6 >>>> > header and extension headers before the AH >>>> > header, and everything after the AH header too. >>Sorry that's my fault; I thought, (similar to >>ESP) the authentication header would only >>authenticate headers after the AH. (Checked now with rfc4302 that I was wrong.) >> >>>> > >>>> > I think it would be worth listing the two or >>>> > three example header sequences in the draft, as >>>> > below. Headers in [] need not be present. Headers in {} are encrypted. >>>> > >>>> > Transport mode without the integrity of CDO protected: >>>> > IPv6 >>>> > [Hop-by-Hop] >>>> > [Routing] >>>> > Destopt(CDO[,...]) >>>> > [Fragment] >>>> > ESP{ >>>> > [Destopt] >>>> > Upper-Layer >>>> > } >>>> > >>>> > Transport mode with the integrity of CDO protected: >>>> > IPv6 >>>> > [Hop-by-Hop] >>>> > [Routing] >>>> > Destopt(CDO[,...]) >>>> > [Fragment] >>>> > AH >>>> > ESP{ >>>> > [Destopt] >>>> > Upper-Layer >>>> > } >>>> > >>>> > >>>> > Tunnel mode: >>>> > IPv6 >>>> > [Hop-by-Hop] >>>> > [Routing] >>>> > Destopt(CDO-copy[,...]) >>>> > [Fragment] >>>> > ESP{ >>>> > IPv6 >>>> > Destopt(CDO[,...]) >>>> > Transport Payload >>>> > } >>>> > >>>> > For ESP in tunnel mode, as already stated in the >>>> > draft, the tunnel ingress MUST copy the CDO from >>>> > the destopt in the inner, then write a copy of >>>> > the CDO header into a destopt header in the outer. >>>> > >>>> > I think this updates RFC2406. However, it is >>>> > possible that 2406 already requires an ESP >>>> > ingress to copy any extension headers, up to and >>>> > including Fragmentation, to the outer. Because >>>> > all these headers are designed to be visible to >>>> > nodes on the path. Suresh may know this. >>> >>>I checked overnight and copying extension headers is contrary to the >>>IPSec architecture. >>> >>><http://tools.ietf.org/html/rfc2401#section-5.1.2.2> "IPv6 -- Header >>>Construction for Tunnel Mode" says: >>> "Extension headers never copied" >>> >>>On reflection, I don't think we should update RFC2401 for ConEx. If I >>>were on the IESG, I would not approve that. IPsec needs to have simple >>>rules without exceptions. >>> >>>When we chose destopt as the mechanism for ConEx, we knew it wasn't >>>going to interact well with tunnels. I think the best approach is to say, >>> "Currently, the IPv6 protocol architecture does not provide a >>>mechanism for new extension headers to be copied to the outer. Therefore >>>ConEx functions will have to search for the CDO option within inner >>>headers, and ConEx will not work at all over the extent of an ESP tunnel". >> >>So all in all, this simplifies thing to >>basically "CDO MUST be placed in the destination >>option header before the AH and/or EPS (if present)." >> >>(+ our text just above on not interacting with tunnel mode) >> >>Right? >> >>Mirja >> >>> >>> >>>Bob >>> >>> >>>> > >>>> > To protect the integrity of the outer IPv6 >>>> > datagram, including protecting the copy of CDO, >>>> > an AH header (not shown) could be added before ESP. >>>> > >>>> > [A worse alternative (no need to mention this): >>>> > If the integrity of CDO but not other headers >>>> > needed to be protected, ESP with authentication >>>> > enabled could be used, which causes >>>> > authentication data to be added at the end of the >>>> > payload (not shown). Then, before decapsulation, >>>> > the tunnel egress would have to record the value >>>> > of CDO-copy. Having decrypted the inner, it could >>>> > then check that CDO-copy matched the CDO in the >>>> > inner. However, that would require another >>>> > update to RFC2406, so using AH would be >>>> > preferable, given we don't want to make ConEx >>>> > depend on updating both ends of an ESP tunnel - one end is bad enough.] >>>> > >>>> > HTH >>>> > Sorry for taking so long - I wrote most of this >>>> > on a plane on Thu, but left some fact checking >>>> > for when I got online, and this is the first chance I've had to get >>>>back to it. >>>> > >>>> > Cheers >>>> > >>>> > >>>> > >>>> > Bob >>>> > >>>> >>>>>>>>> Moreover, isn't this here the same case than with tunneling in >>>> >>>>>>>>> general. >>>> >>>>>>>>> Only if the node that does the encapsulation is ConEx-aware >>>>it can >>>> >>>>>>>>> copy >>>> >>>>>>>>> the CDO, otherwise it will be not visible anymore. >>>> >>>>>>>>> >>>> >>>>>>>>> So this should either be a should, or we have to say something >>>> >>>>>>>>> like: if >>>> >>>>>>>>> the node is ConEx-aware is MUST copy the CDO...? >>>> >>>>>>>> And then we can the same thing for tunneling in general...? >>>> >>>>>>> That's surely a circular argument. What would make a tunnel >>>>endpoint >>>> >>>>>>> into a ConEx-aware tunnel endpoint, so that it would have to >>>>copy the >>>> >>>>>>> CDO? It would only become ConEx-aware if it had code added to >>>>look for >>>> >>>>>>> the CDO, and why would it have that code added unless it was >>>>going >>>> >>>>>>> to do >>>> >>>>>>> something with CDO? That's why I think my 'MAY copy as a >>>>performance >>>> >>>>>>> optimisation' formula is the best we can do. >>>> >>>>>> What you say above is the point. If the node does not know >>>>anything >>>> >>>>>> about ConEx, it simple cannot copy the option, which is the >>>>case for >>>> >>>>>> all currently existent nodes. So we cannot say MUST in general. >>>>But if >>>> >>>>>> the node does know that ConEx exists for any reason, it really >>>>must >>>> >>>>>> copy the CDO...? But you right that is a little pathologic. I'm >>>>will >>>> >>>>>> to change if that helps understanding/is less confusing. >>>> >>>>> I think we're talking past each other. Given we cannot copy CDO >>>>to the >>>> >>>>> outer everywhere, for consistency I don't think that copying CDO >>>>to the >>>> >>>>> outer at all is a good idea, UNLESS it's done deliberately as >>>>part of an >>>> >>>>> operator's whole approach to handling ConEx. Ie. tunnel >>>>endpoints SHOULD >>>> >>>>> NOT copy CDO to the outer by default, but they MAY copy CDO to >>>>the outer >>>> >>>>> for a specific purpose (e.g. optimisation for ConEx functions >>>>elsewhere >>>> >>>>> in the same operator's network). >>>> >>>> Now understood. >>>> >>>> >>>> >>>> I've tried to make this point a little more clear, not sure if I >>>> >>>> succeeded: >>>> >>>> "As with any destination option, an ingress tunnel endpoint will not >>>> >>>> natively copy the CDO when adding an encapsulating outer IP >>>>header. In >>>> >>>> general an ingress tunnel SHOULD not copy the CDO to the outer >>>>header >>>> >>>> as this would changed the number of bytes that would be accounted. >>>> >>>> However, it MAY copy the CDO to the outer in order to facilitate >>>> >>>> visibility by subsequent on-path ConEx functions if the tunnel >>>>ingree >>>> >>>> is aware of these nodes and theses nodes are aware of the tunneling. >>>> >>>> This trades off the performance of ConEx functions against that of >>>> >>>> tunnel processing. " >>>> >>> OK. Rather than implying that equipment has evolved conscious >>>>awareness, >>>> >>> a better formulation would be something like: >>>> >>> "..the configuration of the tunnel ingress and the ConEx nodes is >>>> >>> co-ordinated." >>>> >>> >>>> >>> Nits: >>>> >>> s/SHOULD not/SHOULD NOT/ >>>> >>> s/accounted/counted/ >>>> >>> (in English, accounted is not a transitive verb, it has to have >>>>'for' >>>> >>> after it) >>>> >>> s/ingree/ingress/ >>>> >>> s/theses/these/ >>>> >> Done. >>>> >> >>>> >> >>>> >>> We're getting there! >>>> >> Yes...! >>>> >> >>>> >> Mirja >>>> >> >>>> >> >>>> >>> But we really do need Suresh's expert eye on this. >>>> >>> >>>> >>> >>>> >>> Cheers >>>> >>> >>>> >>> >>>> >>> Bob >>>> >>> >>>> >>> >>>> >>>> Mirja >>>> >>>> >>>> >>>>> HTH >>>> >>>>> (Delayed 'cos it was a public holday in the UK yesterday.) >>>> >>>>> >>>> >>>>> >>>> >>>>> Bob >>>> >>>>> >>>> >>>>> >>>> >>>>> >>>> >>>>> >>>> >>>>> >>>> >>>>>>> Bob >>>> >>>>>>> >>>> >>>>>>> >>>> >>>>>>>> Mirja >>>> >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>>>>>> ==Security Considerations== >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> * Added lots, all pointers to where security issues are >>>> >>>>>>>>>>>> discussed in >>>> >>>>>>>>>>>> other places (which is what security directorate >>>>reviewers need). >>>> >>>>>>>>>>> Okay I can add that if you think it's necessary (I would >>>>say it's >>>> >>>>>>>>>>> just >>>> >>>>>>>>>>> redundant, but you be might right that it just helps the >>>>sec dir). >>>> >>>>>>>>>> It's not always obvious which aspects relate to security. >>>> >>>>>>>>>> Especially >>>> >>>>>>>>>> when the security is structural rather than crypto. So I think >>>> >>>>>>>>>> these >>>> >>>>>>>>>> sentences are useful to sec dir. >>>> >>>>>>>>>> >>>> >>>>>>>>>> >>>> >>>>>>>>>>>> ==IANA== >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> * I think the act bits need to be 00 not 10 to avoid ConEx >>>> >>>>>>>>>>>> packets >>>> >>>>>>>>>>>> being dropped by non-ConEx nodes (including by non-ConEx >>>> >>>>>>>>>>>> receivers)? >>>> >>>>>>>>>>>> But I'm willing to be corrected. >>>> >>>>>>>>>>> I agree; Will ask Suresh why he has put a 10 though. >>>> >>>>>>>>>> Yes, he's the right guy to check with. >>>> >>>>>>>>>> >>>> >>>>>>>>>> >>>> >>>>>>>>>> Bob >>>> >>>>>>>>>> >>>> >>>>>>>>>> >>>> >>>>>>>>>>> Thanks, >>>> >>>>>>>>>>> Mirja >>>> >>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> Regards >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> Bob >>>> >>>>>>>>>> {Note 1} >>>> >>>>>>>>>> For anyone watching on the list, the tentative idea that >>>>Mirja has >>>> >>>>>>>>>> reminded me of is documented in 11.3.1 of my PhD thesis >>>>entitled >>>> >>>>>>>>>> "Covert >>>> >>>>>>>>>> Markings as a Policer Signal". >>>> >>>>>>>>>> >>>> >>>>>>>>>> The potential problem: A ConEx policer punishes punishment. >>>>If a >>>> >>>>>>>>>> congestion policer starts dropping packets because the user >>>>has >>>> >>>>>>>>>> contributed excessively to congestion, in subsequent rounds >>>>the >>>> >>>>>>>>>> user >>>> >>>>>>>>>> has >>>> >>>>>>>>>> to re-echo 'L' markings for the policer drops as well. This >>>>can >>>> >>>>>>>>>> drive >>>> >>>>>>>>>> the policer further into 'debit'. This might make it >>>>difficult for >>>> >>>>>>>>>> the >>>> >>>>>>>>>> user to get out of trouble once she's started getting into >>>>trouble. >>>> >>>>>>>>>> >>>> >>>>>>>>>> The basic idea was that when a congestion policer drops >>>>packets >>>> >>>>>>>>>> (because >>>> >>>>>>>>>> the user is causing more congestion than her allowance), it >>>>will >>>> >>>>>>>>>> also >>>> >>>>>>>>>> remove ConEx markings. Then (if there is some way for the >>>> >>>>>>>>>> receiver to >>>> >>>>>>>>>> feed this back), the sender knows not to send more ConEx marks >>>> >>>>>>>>>> because >>>> >>>>>>>>>> these aren't congestion drops, they are policer drops. >>>> >>>>>>>>>> >>>> >>>>>>>>>> We didn't that double punishment made it hard to get out of >>>> >>>>>>>>>> trouble in >>>> >>>>>>>>>> any policer experiments so far, so let's not allow for a >>>>possible >>>> >>>>>>>>>> solution to a problem that we probably don't even have. The >>>>current >>>> >>>>>>>>>> crop >>>> >>>>>>>>>> of ConEx drafts are experimental anyway. If this problem does >>>> >>>>>>>>>> surface, >>>> >>>>>>>>>> then we can reconsider. >>>> >>>>>>>>>> >>>>________________________________________________________________ >>>> >>>>>>>>>> Bob >>>>Briscoe, BT >>>> >>>>>>>> -- >>>> >>>>>>>> ------------------------------------------ >>>> >>>>>>>> Dipl.-Ing. Mirja Kühlewind >>>> >>>>>>>> Communication Systems Group >>>> >>>>>>>> Institute TIK, ETH Zürich >>>> >>>>>>>> Gloriastrasse 35, 8092 Zürich, Switzerland >>>> >>>>>>>> >>>> >>>>>>>> Room ETZ G93 >>>> >>>>>>>> phone: +41 44 63 26932 >>>> >>>>>>>> email: mirja.kuehlewind@tik.ee.ethz.ch >>>> >>>>>>>> ------------------------------------------ >>>> >>>>>>> ________________________________________________________________ >>>> >>>>>>> Bob Briscoe, BT >>>> >>>>>> -- >>>> >>>>>> ------------------------------------------ >>>> >>>>>> Dipl.-Ing. Mirja Kühlewind >>>> >>>>>> Communication Systems Group >>>> >>>>>> Institute TIK, ETH Zürich >>>> >>>>>> Gloriastrasse 35, 8092 Zürich, Switzerland >>>> >>>>>> >>>> >>>>>> Room ETZ G93 >>>> >>>>>> phone: +41 44 63 26932 >>>> >>>>>> email: mirja.kuehlewind@tik.ee.ethz.ch >>>> >>>>>> ------------------------------------------ >>>> >>>>> ________________________________________________________________ >>>> >>>>> Bob Briscoe, BT >>>> >>>> -- >>>> >>>> ------------------------------------------ >>>> >>>> Dipl.-Ing. Mirja Kühlewind >>>> >>>> Communication Systems Group >>>> >>>> Institute TIK, ETH Zürich >>>> >>>> Gloriastrasse 35, 8092 Zürich, Switzerland >>>> >>>> >>>> >>>> Room ETZ G93 >>>> >>>> phone: +41 44 63 26932 >>>> >>>> email: mirja.kuehlewind@tik.ee.ethz.ch >>>> >>>> ------------------------------------------ >>>> >>> ________________________________________________________________ >>>> >>> Bob Briscoe, BT >>>> >> -- >>>> >> ------------------------------------------ >>>> >> Dipl.-Ing. Mirja Kühlewind >>>> >> Communication Systems Group >>>> >> Institute TIK, ETH Zürich >>>> >> Gloriastrasse 35, 8092 Zürich, Switzerland >>>> >> >>>> >> Room ETZ G93 >>>> >> phone: +41 44 63 26932 >>>> >> email: mirja.kuehlewind@tik.ee.ethz.ch >>>> >> ------------------------------------------ >>>> > ________________________________________________________________ >>>> > Bob Briscoe, BT >>>> > >>>> > >>> >>>________________________________________________________________ >>>Bob Briscoe, BT >> >>-- >>------------------------------------------ >>Dipl.-Ing. Mirja Kühlewind >>Communication Systems Group >>Institute TIK, ETH Zürich >>Gloriastrasse 35, 8092 Zürich, Switzerland >> >>Room ETZ G93 >>phone: +41 44 63 26932 >>email: mirja.kuehlewind@tik.ee.ethz.ch >>------------------------------------------ > > ________________________________________________________________ > Bob Briscoe, BT > -- ------------------------------------------ Dipl.-Ing. Mirja Kühlewind Communication Systems Group Institute TIK, ETH Zürich Gloriastrasse 35, 8092 Zürich, Switzerland Room ETZ G93 phone: +41 44 63 26932 email: mirja.kuehlewind@tik.ee.ethz.ch ------------------------------------------
- [conex] Review: draft-ietf-conex-destopt-06 Bob Briscoe
- Re: [conex] Fwd: Review: draft-ietf-conex-destopt… Mirja Kühlewind
- Re: [conex] Review: draft-ietf-conex-destopt-06 Mirja Kühlewind
- Re: [conex] Fwd: Review: draft-ietf-conex-destopt… Bob Briscoe
- Re: [conex] Review: draft-ietf-conex-destopt-06 Bob Briscoe
- Re: [conex] Fwd: Review: draft-ietf-conex-destopt… Mirja Kühlewind
- Re: [conex] Fwd: Review: draft-ietf-conex-destopt… Mirja Kühlewind
- Re: [conex] Fwd: Review: draft-ietf-conex-destopt… Bob Briscoe
- Re: [conex] Fwd: Review: draft-ietf-conex-destopt… Mirja Kühlewind
- Re: [conex] Fwd: Review: draft-ietf-conex-destopt… Bob Briscoe
- Re: [conex] Fwd: Review: draft-ietf-conex-destopt… Mirja Kühlewind
- Re: [conex] Fwd: Review: draft-ietf-conex-destopt… Bob Briscoe
- Re: [conex] Fwd: Review: draft-ietf-conex-destopt… Mirja Kühlewind
- Re: [conex] Fwd: Review: draft-ietf-conex-destopt… Bob Briscoe
- [conex] Act bits and Positioning (Was Re: Fwd: Re… Suresh Krishnan
- Re: [conex] Act bits and Positioning (Was Re: Fwd… Bob Briscoe
- Re: [conex] Act bits and Positioning (Was Re: Fwd… Mirja Kühlewind
- Re: [conex] Fwd: Review: draft-ietf-conex-destopt… Mirja Kühlewind
- Re: [conex] Act bits and Positioning (Was Re: Fwd… Bob Briscoe
- Re: [conex] Act bits and Positioning (Was Re: Fwd… Suresh Krishnan
- Re: [conex] Act bits and Positioning (Was Re: Fwd… Mirja Kühlewind
- Re: [conex] Act bits and Positioning (Was Re: Fwd… Bob Briscoe
- Re: [conex] Act bits and Positioning (Was Re: Fwd… Mirja Kühlewind