Re: [Gen-art] Gen-ART review of draft-ietf-conex-tcp-modifications
Suresh Krishnan <suresh.krishnan@ericsson.com> Tue, 08 September 2015 18:46 UTC
Return-Path: <suresh.krishnan@ericsson.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8629A1B3DB7 for <gen-art@ietfa.amsl.com>; Tue, 8 Sep 2015 11:46:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rn0lOSglayZc for <gen-art@ietfa.amsl.com>; Tue, 8 Sep 2015 11:46:53 -0700 (PDT)
Received: from usevmg20.ericsson.net (usevmg20.ericsson.net [198.24.6.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE5801B3815 for <gen-art@ietf.org>; Tue, 8 Sep 2015 11:46:53 -0700 (PDT)
X-AuditID: c618062d-f79ef6d000007f54-46-55eeceb8e23d
Received: from EUSAAHC001.ericsson.se (Unknown_Domain [147.117.188.75]) by usevmg20.ericsson.net (Symantec Mail Security) with SMTP id F1.31.32596.8BECEE55; Tue, 8 Sep 2015 14:04:08 +0200 (CEST)
Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC001.ericsson.se ([147.117.188.75]) with mapi id 14.03.0248.002; Tue, 8 Sep 2015 14:46:52 -0400
From: Suresh Krishnan <suresh.krishnan@ericsson.com>
To: Ronald Bonica <rbonica@juniper.net>, "gen-art@ietf.org" <gen-art@ietf.org>
Thread-Topic: [Gen-art] Gen-ART review of draft-ietf-conex-tcp-modifications
Thread-Index: AdDqUbn5IqEEXnEMTUafDby6qLjBlA==
Date: Tue, 08 Sep 2015 18:46:51 +0000
Message-ID: <E87B771635882B4BA20096B589152EF63A91455C@eusaamb107.ericsson.se>
References: <BLUPR05MB19854B6651D13CE6095A3935AE530@BLUPR05MB1985.namprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.11]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrFLMWRmVeSWpSXmKPExsUyuXSPt+6Oc+9CDR436Vts/5RvcfXVZxaL A98dHJg9liz5yeRxvekqu8eXy5/ZApijuGxSUnMyy1KL9O0SuDLWzH7NUvBAvOJ1h2AD4wah LkZODgkBE4mFB48wQthiEhfurWfrYuTiEBI4yijx6lAbM4SzjFHicvcRVpAqNqCODTs/M3Ux cnCICPhJ3DkaDhJmFiiV+HGsEWyQsICPxIQvt8DKRQR8JeY2fWOEsPUkpqxeywxiswioSBy+ 08EIMoYXqObpSxGQsJBAjETv9W9MIDYj0D3fT61hghgvLnHryXwmiDsFJJbsOc8MYYtKvHz8 jxXCVpL4+Hs+O0S9jsSC3Z/YIGxtiWULX4PV8woISpyc+YRlAqPoLCRjZyFpmYWkZRaSlgWM LKsYOUqLU8ty040MNjECI+OYBJvuDsY9Ly0PMQpwMCrx8D7geBcqxJpYVlyZe4hRmoNFSZx3 /5L7oUIC6YklqdmpqQWpRfFFpTmpxYcYmTg4pRoYlzRKPZU8rdS6q/rMuY+R3MdzpExU4y+/ kVzofP3jlP1p1v4R6k3Rob11PTslLk1zWrZPQGxX0c7db5/L57yftGY70z8v5Z9SkzaXBjB6 3N8fGRqwe55KzdSfX0x6rnT9DdW4rrOA54iEqV6mfViCpubU2R6xMdXLkj1bLrXkW9n+urRW Y2W+EktxRqKhFnNRcSIAchF8Vm0CAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/vOk7cg9ffRrz0ATJSwUGy_QlFRM>
Cc: "draft-ietf-conex-tcp-modifications.all@tools.ietf.org" <draft-ietf-conex-tcp-modifications.all@tools.ietf.org>
Subject: Re: [Gen-art] Gen-ART review of draft-ietf-conex-tcp-modifications
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Sep 2015 18:46:55 -0000
Hi Ron, Thanks for your review. Please find comments inline. On 09/08/2015 12:20 PM, Ronald Bonica wrote: > I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq> > > Document: draft-ietf-conex-tcp-modifications-09 > Reviewer: Ron Bonica > Review Date: 2015-09-07 > IETF LC End Date: 2015-08-31 > IETF Telechat Date: 2015-10-01 > > Summary: This document will be ready for publication as soon as the major issue (below) below is addressed. > > Major Issues: > > This document contains a normative reference to draft-ietf-conex-destopt-09. The normative reference is appropriate, because this document doesn't work at all unless the concepts described in draft-ietf-conex-destopt-09 work. > > I am concerned about draft-ietf-conex-destopt-09. It uses an IPv6 Destination Option to signal CONEX state to intermediate routers. However, according to RFC 2460: > > "With one exception, extension headers are not examined or processed > by any node along a packet's delivery path, until the packet reaches > the node (or each of the set of nodes, in the case of multicast) > identified in the Destination Address field of the IPv6 header." > > The exception to which RFC 2460 refers is the Hop-by-hop Extension Header. Intermediate routers don't examine Destination Options. > > Section 5 of draft-ietf-conex-destopt-09 attempts to address this issue, but I am not sure that the argument is acceptable. I think we can discuss this further but in my view there are no good solutions to this problem. There are two probable alternatives here Hop-by-hop options: This is arguably the right way to define information that is inspected on intermediate nodes. But using this implies that there is a huge performance penalty for conex packets that hit conex unaware routers (basically being punted into the slow path in the best case, being dropped at worst). RFC7045 section 2.2 talks about this explicitly but this problem has been known for much longer. This will break requirement R-3. Destination options: Intended for the destination of the packet, but capable of being read at *consenting* conex-aware network nodes. Does not affect nodes that are conex unaware. This is no different than a router that looks at a TCP port for an enforcing an ACL, right? Let me know what you think. (Especially, we would be grateful if you think there is a better solution we ought to be considering that would meet the requirements) Regards Suresh
- [Gen-art] Gen-ART review of draft-ietf-conex-tcp-… Ronald Bonica
- Re: [Gen-art] Gen-ART review of draft-ietf-conex-… Suresh Krishnan
- Re: [Gen-art] Gen-ART review of draft-ietf-conex-… Ronald Bonica
- Re: [Gen-art] Gen-ART review of draft-ietf-conex-… Mirja Kühlewind
- Re: [Gen-art] Gen-ART review of draft-ietf-conex-… Ronald Bonica
- Re: [Gen-art] Gen-ART review of draft-ietf-conex-… Suresh Krishnan
- Re: [Gen-art] Gen-ART review of draft-ietf-conex-… Jari Arkko