[Ideas] IDEAS @IETF98 Minutes

Padma Pillay-Esnault <padma.ietf@gmail.com> Thu, 13 April 2017 07:01 UTC

Return-Path: <padma.ietf@gmail.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFE46127B73; Thu, 13 Apr 2017 00:01:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QRhvcAHdGUCB; Thu, 13 Apr 2017 00:01:25 -0700 (PDT)
Received: from mail-wr0-x233.google.com (mail-wr0-x233.google.com [IPv6:2a00:1450:400c:c0c::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45CDE128768; Thu, 13 Apr 2017 00:01:25 -0700 (PDT)
Received: by mail-wr0-x233.google.com with SMTP id o21so29778064wrb.2; Thu, 13 Apr 2017 00:01:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=jgpvPMcxukrxb1L3i/n2q8i1FwoDtUpL3g7t6hm2CVY=; b=hnr/7p4n8j1Q7sr8hQzwTuq3lcIDEEv0+sLC1h/9kFW0UBp9rcxYl/rFM/aigRAySB bf1IhkZUdfz/HKj9O3b08+2R/PgqWDC4pWxcyvD+QvH8voyligZDg8GZr3okDSGJVkQG MhSKPIPP0nUvhJevpToTI3gnogAooBrzXC9yQP6XN0f4UTm9lHmYiedJtBfwRzc++nS4 6dV+K56P0iKfJ0phZgzyqvghLrkJjgWVzRiTCwJQPMeyNiVD9jmJZ7YCvKEX1+7DVcpP 6jAiquEV620wgE7FKp/Toz/yA/JEL0GYzsJankqU/HUlvDU48zzQ4UYa2EyNx8x2zZsy GnCQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=jgpvPMcxukrxb1L3i/n2q8i1FwoDtUpL3g7t6hm2CVY=; b=lU7G8KB9UDUCfo7/JIQMU5yMa9Gjunwc+djD5bO04YRmoWuGe7sgRBBFfq8VlXTsDO 7wI6C7a/T4I+bjTAy7aKqmdAqp5bYdJN+io4ZYc3ug7aY5u/6Y2+KxRRBP7Cb8P6gxe6 k7OL2SpXTfqGzVE7md/5BXGuzVKRDGFFcXIofiWU0FjFT0xJuBnUQpWfCWrGEpZ1qiaG KIxfN1AQb/dDWuXkw8scWseTc3LF8wLHu/SmlXDFM/1FRkkG+I7ZBq8kAcHgjbzSurJC BsznDB9X2VKMu+8OtCfzCfLOswwkDzliGx2MPfi6W4NZb8/QeZ91rCO1puCtTrzJL+HU c5Uw==
X-Gm-Message-State: AN3rC/4z/HyM0Uy88SJDfVFECvXw1sobkTfhqu5D+u5v29wVDfDOQ9P4 QxFhigxbeYkBsAq6iLJYg8UjVulQdg==
X-Received: by 10.223.164.141 with SMTP id g13mr1328695wrb.82.1492066883436; Thu, 13 Apr 2017 00:01:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.170.76 with HTTP; Thu, 13 Apr 2017 00:01:23 -0700 (PDT)
From: Padma Pillay-Esnault <padma.ietf@gmail.com>
Date: Thu, 13 Apr 2017 00:01:23 -0700
Message-ID: <CAG-CQxogviqXizpwsdZpvjLQ9yw+Vx04HBEaq6+AuMr8TyjxdQ@mail.gmail.com>
To: ideas@ietf.org, LISP mailing list list <lisp@ietf.org>, NVO3 <nvo3@ietf.org>, routing-discussion@ietf.org
Content-Type: multipart/alternative; boundary=f403045f1638918848054d06e45a
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/OAuopLKONpRrFHozwDOzVqdnT6Q>
Subject: [Ideas] IDEAS @IETF98 Minutes
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Apr 2017 07:01:29 -0000

Please find below the minutes of the meeting.

Many thanks to our two scribes: Toerless Eckert and Uma Chunduri.

If you have any comments/corrections please let us know.

Thanks

Padma


IDEAS Side Meeting Minutes



1. Slides

Please find below a pointer to the slides

https://drive.google.com/drive/folders/0BwYx7u1T_20RODdLaWpIdk9feHc?usp=sharing





2. Agenda

2.1. Introduction and Problem Statement for IDEAS  - Padma Pillay-Esnault



https://www.ietf.org/internet-drafts/draft-padma-ideas-problem-statement-01.txt
<https://www.ietf.org/internet-drafts/draft-padma-ideas-problem-statement-01.txt>




IDEAS Introduction



IDEAS aims to be the forum where common issues across all ID Enabled
Networks can be discussed.

 Goals:

-       to create awareness

-       to present the work proposed in IDEAS

-       A generic architecture that is scalable, extensible, robust,
secure, and flexible for future ID enabled networks

-        to sollicit comments and feedback from the community on the drafts

-       to call for new contributions



Problem Statement

Motivation: Why Now?

ID solutions can address diverse areas

            IOT, M2M communication, Discovery, privacy, Latency,
Virtualization

Beneficial to have standardized common infra across ID protocols



Key Issues Identified

Lack of common Infrastructure cause harder to deploy a common solution E2E

  -       No Common Management due to disjoint nature

  -       No Common/consistent policy framework

  -       Risk of fragmented communication

 Identifier Lifecycle

  -       No guidance or allocation scheme for public IDs

  -       Agreed upon ID format and scope in cross-domain communication

  -       Recycling IDs

  -       Better address merging of networks

 Security of Mapping Systems

  -       Secured access to the MS

  -       data integrity, Confidentiality, Anonymity, Access control

  -       DDOS attack prone



Proposal

-       To investigate the opportunity of a new specification effort to
address some specific problems from an ID Enabled Networks perspective.

-       To find a common solution and infrastructure that can be shared by
current protocols and facilitate the introduction of new ID-based services
while avoiding rehashing the same problems again each time a new service
pops up

-       Generic Resilient ID Services (GRIDS) infrastructure with
standardized access and multiple services.  The services include

      -       secured registration

      -       discovery

      -       updates with data integrity,

      -       mapping and resolution capabilities,

      -       define relationships between IDs or group of IDs

      -       access control policy and security

- Other Related Work/ Groups

       - LISP (ALT, DDT)

       - HIP uses DNS

       - NVO3 WG



Questions:

Eric Nordmark: What’s unclear is what is out of scope re. Identifier. Are
you considering "what is an identifier", clearly this is not about URI, how
about IP in IP with IPsec ? Is one of them an identifier the other one a
locator. Even LISP was not clear cut between locator/identifier as one
could be routed locally.



Padma Pillay-Esnault: Regarding scope, the way we thinking about this,
there can be multiple scopes with multiple allocation systems. The range of
solutions is so vast that it may not be appropriate to only have one
solution. Plenty options of where to put it and how to put. GRIDS can be
used as local, proximity, global instance just as possible to have Private
ID.



Bob Moskovitz: Concept of Identity and Identifier is important and  I have
been involved and saw some form of this for the last 20 years may be more.
It really does to be discussed in the list. Definitely it needs to be
fleshed out a lot more about

what identifiers are, should be part of the work, tough problem with lots
of opinions.





2.2. Requirements for Generic Resilient Identity Services (GRIDS)
in IDEAS  - Alex Clemm



https://www.ietf.org/internet-drafts/draft-padma-ideas-req-grids-00.txt



- This is the core infrastructure document which captures all requirements

     - Talked on Core components of GRIDS

     - GRIDS-MS, GRIDS-IS are covered

     - Grouping and Meta data are not described yet

     - Identity and Identifier definitions elaborated

     - Talked in details about mapping services

     - Identity related services are detailed

          - Structured and unstructured identifiers

          - Grouping related services

     - Requirement (Distribution, Redundancy, Performance and Scale..)

     - Key performance requirements

     - Security requirements

     - GRIDS should be able to be deployed in private space as well as in
public domain



- The naming evolved from mapping system, which was too functionally
constrained.



Questions:

Ravi Ravindran: Trying to understand scope: trying to expand LISP ?

What is the scope ?



Alex Clemm: No, not planning to just "expand lisp", that should be done in
LISP WG. Some of those questions are better answered in the use cases,
clear which ones are not resolved by LISP.



Benjamin Damm: How is this different from Multicast DNS ?



Bob Moskovitz: I can totally implement everything in GRIDS in DNS but that
would not be a great idea but there would be a lot of

problems, DDoS, etc.. Think that metadata is not optional but must be
called mandatory. Determined by use case.



Alex Clemm: Note taken



Dino Farinacci:  rfc8060 defines multiple RLOC types, eg: LISP can support
those. Does this look like multicast DNS ? No, this is network layer
mapping information mapping addresses to addresses.



Eric Nordmark: Multicast DNS is a local service, this is meant to be global.





2.3. A Blockchain-based Mapping System - Jordi Paillisse

- Blockchain is decentralized and secured

     - Add blocks of data one after other

     - Blockchain work flow

     - Transaction with a data, Senders Signature and Senders Public Key to
a P2P network

     - Properties

        - Decentralized, No prior trust is required

           Data can be added but not modifiable

     - Basic Idea

        - Store mappings in blockchain

        - EID prefixes are distributed to all participants

     - Pros and Cons

        - Infrastructure less, Decentralized, fast lookup, secure, no prior
trust, simple rekeying

        - Cons

            - Slow updates, costly boot strapping

     - Comparison with LISP DDT

        - No Infra, easy management

     - Issues with RPKI

         - Anonymity (prefix linked to owner name)

         - Revocation issues (block chain doesn’t use certificates)

     - Scalability

         - Growth similar to BGP Churn

         - Prefix delegation + Mappings

     - Design considerations

           - Bitcoin is too restrictive

           - New technologies - More scalable and more contracts

     - Dedicated chains..



Questions:

Toerless Eckert: what is the incentive model for participants to deploy the
necessary infrastructure for this system ? In bitcoin, the security is
achieved  through tremendous amount of calculation, the cost for that
hardware is financed by handing out bitcoins for successful calculations.
Do we need to hand out IPv4 addresses to pay for IDEAS bitchain
calculations ?



Jordi Paillisee: Good question, there are some new blockchain methods with
other incentive structures. See references on last slide of the slide deck.

Regarding incentive it is about security.



Dino Farinacci:

When a new registration added (Say Jordi first and then 100000 more records
added. Now the entry moved to the end. This solution will have

complete history of movements. Q1: can the really old stuff be chopped off.
Q2: if RLOCs change etc. is it not really slow when you need to look
through a lot of other newer mappings ?

Jordi Paillisee : Q1 Answer: It can be mitigated through implementation

Q2 answer: implementation detail. Database should have latest data for all
entities, not in sequential order of evens.



Manu Sporny: Blockchain developer. Referring to blockchain group
(w3c-blockain group) met in the morning, sees overlap with that work, how
could we create alignment. Whom to talk to coordinate ?

Padma Pillay-Esnault: Let’s discuss this offline.



2.4. Use Cases for IDEAS - Tom Herbert

https://www.ietf.org/internet-drafts/draft-padma-ideas-use-cases-00.txt



- Mapping essentially a distributed key/value store

       - Key is fixed size per mapping DB

      - Maps "virtual address" to "physical address"

       - Mapping table is assumed to be distributed and possibly shared for
load

       - Rate of entry is important characteristic



       - Use Cases:

              - Common Control plane

              - Mobility

              - Network Virtualization (for network simplification)

              - Heterogeneous Multi-Access (hetnet)

              - Security

              - Device Discovery

       - Mobility

           - Map entity to its current location for forwarding

           - Variants

               - Encap: IP Mobility, IPIP, GTP etc..

               - ID/LOC: LISP, ILA

           - Properties

       - Mobility sub-cases

           - Within a single mobile network

           - Mobility between mobile networks

           - Multi-homed devices

           - Hetnet environments

           - Whole networks are mobile (WIFI in bus)

       - Network Virtualization

           - Variants

              - Encap: Map virtual IP address to Physical address

              - ID/LOC split

           - Properties

              - Mostly in DC

       - Address resolution static tunnels

           - Could be used as alternative means to resolve L2/L3

       - Host Routes

           - A network could implement virtualization simply by creating a
host route



Questions:

Bob Moskovitz: We have been mobile since 1993. We need to start looking at
mobility as baseline. Would almost challenge in discussion the starting
point. Take rate of mobility (how fast it can move) as distinguishing
attribute.



Tom Herbert: Agree. How quickly is my "device" going from one network to
another. With higher rate, updates become a problem. Also get more and more
use cases where latency becomes an issue. Hope we could avoid relying on a
distributed system. Control path is critical system, keeping everything in
sync with low latency and secure, reliable, available. Can we design this
system with applicability across different use cases.



Mike McBride: There are applications like AR/VR that have strict
requirements hopefully, that is also included in use cases.



Tom Herbert: Yes this has been discussed in the draft.



Padma Pillay-Esnault: Yes there different strict requirements depending on
the different use cases. Earlier there was a question regarding IOT use
cases. The requirements may vary for example depending if the type of IOT
device. If it battery  operated (supposed to last 10 years) then it may
have only one way communication (such as a pet tracker or sensor) and may
even be on non-IP. In some cases proximity and context may be important too.



2.5. Mobility First and Global Name Resolution Service - Parishad Karimi

https://www.ietf.org/id/draft-karimi-ideas-gnrs-00.txt



-Name based communications

      - Name based Architectures IP ==> LISP, HIP at IETF MF and NDN (in
academia)

      - MF - Mobility First Background

         - MF started in 2010 under NSF, FIA

      - MF Protocol Layers

          - GUID (global Unique Identifiers)

          - We seek to use global name resolution system for resolution

      - Name Resolution Requirements

          - Low propagation and response Latency

          - Storage and load scalability

          - Security and reliability

          - Extensibility and flexibility

     - Structure of mapping should not be limited

     - Why can’t DNS can be supported (DNS Deficiencies)

          - TTL based caching

          - High Mobility makes caching ineffective

          - Static Placement of AUTH Servers

          - Reliance on hierarchal (relating root)

     - For MF we have looked into DMAP and GMAP and Auspice

     - Comparison of all three systems

     - Conclusion - We need a global mapping system with MF project





2.6 Conclusion & Next steps - Padma Pillay-Esnault

Where do we want to go from here ?

Next Steps Slide:

- We need more collaboration from the community and looking forward for
more participation on topics such as Blockchain and distributed trust, Late
binding, Fast Caching, Security, DDOS protection ....



- Let’s take discussions to the alias

- Discuss the scope of work



3. Other Info

Mailing list: IDEAS

List address: ideas@ietf.org

Archive: https://mailarchive.ietf.org/arch/search/?email_list=ideas

To subscribe: https://www.ietf.org/mailman/listinfo/ideas