[DMM] Benjamin Kaduk's Discuss on draft-ietf-dmm-distributed-mobility-anchoring-14: (with DISCUSS and COMMENT)
Benjamin Kaduk via Datatracker <noreply@ietf.org> Thu, 05 March 2020 02:00 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: dmm@ietf.org
Delivered-To: dmm@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 978773A085E; Wed, 4 Mar 2020 18:00:05 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benjamin Kaduk via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-dmm-distributed-mobility-anchoring@ietf.org, dmm-chairs@ietf.org, dmm@ietf.org, Dapeng Liu <maxpassion@gmail.com>, maxpassion@gmail.com
X-Test-IDTracker: no
X-IETF-IDTracker: 6.119.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Benjamin Kaduk <kaduk@mit.edu>
Message-ID: <158337360559.29429.15629947241139453126@ietfa.amsl.com>
Date: Wed, 04 Mar 2020 18:00:05 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmm/QPYLvV9Sl-Y7vrbUvEKZ8SphuJY>
Subject: [DMM] Benjamin Kaduk's Discuss on draft-ietf-dmm-distributed-mobility-anchoring-14: (with DISCUSS and COMMENT)
X-BeenThere: dmm@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Distributed Mobility Management Working Group <dmm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmm>, <mailto:dmm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmm/>
List-Post: <mailto:dmm@ietf.org>
List-Help: <mailto:dmm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmm>, <mailto:dmm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2020 02:00:06 -0000
Benjamin Kaduk has entered the following ballot position for draft-ietf-dmm-distributed-mobility-anchoring-14: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dmm-distributed-mobility-anchoring/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Thanks for discussing the need to secure the various control-plane interactions as part of the Security Considerations. In addition to the integrity and source-authentication properties already mentioned, we need to say that the control-plane functionality will apply authorization checks to any commands or updates that are made by the control-plane protocol. Similarly, I didn't see any discussion of authorization for applying or making changes to the "rules" that are mentioned as needing to be applied by a data-plane node (as mentioned in the COMMENT where I ask for clarification on the nature of such rules). Also, we should reference RFCs 8221 and 8247 for the current guidance on IPsec and IKEv2 usage. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- While I see the value in having this document to crystallize thinking about the various mobility anchoring techniques that are possible, it's not clear to me how much archival value this document would add to the RFC series in the absence of specific protocol mechanisms to implement the functionality described therein. As such, I expect to change my ballot position to Abstain after my Discuss points are resolved. Section 1 When the MN wants to continue using its assigned prefix to complete ongoing data sessions after it has moved to a new network, the network needs to provide support for the MN's IP address -- and The new network, right? Section 2 Anchoring (of an IP prefix/address): An IP prefix, i.e., Home Network Prefix (HNP), or address, i.e., HoA, assigned for use by an MN is topologically anchored to an anchor node when the anchor node is able to advertise a connected route into the routing Is "connected route" a term of art I should be looking up? and manages the network location information of an MN. The location information may be a binding of the advertised IP address/prefix, e.g., HoA or HNP, to the IP routing address of the MN or of a node that can forward packets destined to the MN. I assume this ("may be [...] or") is not intended to be an exhaustive list? In a client-server protocol model, location query and update messages may be exchanged between a Location Management client (LMc) and a Location Management server (LMs), where the location information can be updated to or queried from the LMc. nit: s/updated to/updated from/? Do we want to discuss the authentication/authorization for such location management functions here? (Including both MN/LMc and LMc/LMs interactions.) Section 4 There may be multiple IP prefixes/addresses that an MN can select when initiating a flow. They may be from the same access network or different access networks. The network may advertise these prefixes with cost options [I-D.mccann-dmm-prefixcost] so that the mobile node may choose the one with the least cost. In addition, these IP This draft has not been updated since 2016. Is it still expected to progress, such that a reference to it remains valuable? prefixes/addresses may be of different types regarding whether mobility support is needed [RFC8653]. A MN will need to choose which IP prefix/address to use for each flow according to whether it needs IP mobility support or not, using for example the mechanisms described in [RFC8653]. I'm confused. "these prefixes/addresses" seems to refer to the ones advertised by the network, but the question of whether mobility support is needed seems like a matter local to the MN and not a need of the network. (Perhaps the network might *provide* different mobility services for different prefixes/addresses, but that's not what this text currently says.) Section 4.1 I suggest to expand access router or list it in the terminology section. When IP session continuity is needed, even if a flow is ongoing as the MN moves, it may still be desirable for the flow to change to using the new IP prefix configured in the new network. The flow may then close and then restart using a new IP address configured in the new network. Such a change in the IP address of the flow may be It's perhaps a little confusing, in a rhetorical sense, to talk about "the flow changing to use the new prefix" but doing that by having the flow "close and then restart" -- is it really the same flow after it has closed? Note that in this scenarios, if there is no mobility support provided by L4 or above, an application might be able to stop before changing point of attachement, and therefore the traffic would stop. I'm not sure what "might be able to stop" is intended to mean. Regardless, it's quite clear that the traffic will stop upon the mobility event in this scenario, since the network does not provide continuity services! Section 4.2 prefix. The latter enables optimized routes but requires some data plane node that enforces rules for traffic indirection. Next, we I'm not sure I understand the role this rule-enforcment is meant to play. What sort of rules would it be enforcing? to AR1 per default routing). The LM and FM functions are implemented as shown in Figure 6. Where is FM indicated in Figure 6? I cannot find it. Also, should there be any control-plane anchoring indicated in Figure 6? Section 4.3 We focus next on the case where the mobility anchor (data plane function) is changed but binds the MN's transferred IP address/ prefix. This enables optimized routes but requires some data plane node that enforces rules for traffic indirection. [same question as above about the rules] IP mobility is invoked to enable IP session continuity for an ongoing flow as the MN moves to a new network. Here the anchoring of the IP address of the flow is in the home network of the flow (i.e., different from the current network of attachment). A centralized nit(?): this usage of "here" is surprising, in that it seems to discuss the same case as the previous section, and not the new mechanism that we're describing in this section. The IP prefix/address anchoring may move without changing the IP prefix/address of the flow. Here the LM and FM functions in Figure 1 in Section 3.1 are implemented as shown in Figure 7. Where is the FM function indicated in Figure 7? I cannot find it. [I-D.ietf-rtgwg-atn-bgp]. When a mobile associates with an anchor the anchor injects the mobile's prefix into the global routing system. If the mobile moves to a new anchor, the old anchor nit: "mobile node" or just "MN" (twice)? withdraws the /64 and the new anchor injects it instead. What kind of synchronization and/or serialization is needed between the withdrawl and injection of the /64 in question? Section 5 As stated in [RFC7333], "a DMM solution MUST supportany security nit: s/supportany/support any/
- [DMM] Benjamin Kaduk's Discuss on draft-ietf-dmm-… Benjamin Kaduk via Datatracker
- Re: [DMM] Benjamin Kaduk's Discuss on draft-ietf-… CARLOS JESUS BERNARDOS CANO
- Re: [DMM] Benjamin Kaduk's Discuss on draft-ietf-… Benjamin Kaduk
- Re: [DMM] Benjamin Kaduk's Discuss on draft-ietf-… CARLOS JESUS BERNARDOS CANO