IETF Logo Mail Archive

Re: [Int-area] New Version Notification for draft-herbert-ipv4-udpencap-eh-00.txt

Joe Touch <touch@strayalpha.com> Thu, 07 March 2019 16:27 UTC

Return-Path: <touch@strayalpha.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 202941277E7 for <int-area@ietfa.amsl.com>; Thu, 7 Mar 2019 08:27:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.919
X-Spam-Level:
X-Spam-Status: No, score=-0.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (body has been altered)" header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gWWQhOkg08LR for <int-area@ietfa.amsl.com>; Thu, 7 Mar 2019 08:27:40 -0800 (PST)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E06B4124184 for <int-area@ietf.org>; Thu, 7 Mar 2019 08:27:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id:Cc:Date:In-Reply-To: From:Subject:Mime-Version:Content-Type:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=ADkSEvTLqssl/khi6+RbiG6GadXunJJb3mApOb/PNrA=; b=fL7aNYoaHWSCZIL5yOEIy0sNA FcZ47hSLPlvlQDozwCGHJtIx87eJYNcq3Pq2MyyPa2rwm1kBpcZiVC7YknNUUhYntTLlZU94w6cE2 62p9N2LjTCN856hEL8/hmiQUrxu0qfr/250qYwKD03HNRizm87RBW3dROlZ1eEa+tBitDyBlhp6GH cFCnRVPf48E7chZle5Bch8ARuwpviPw5DUUGBTw+GuiXHkt4v9kDIbClWuevv6814ZEvSrsKX+yM3 eF0Zv7AeHgqcpv7eCFxYvcp3WgB6D5E0He9+MRLM6yN2vhArAfLxHKnCzkXuyL5h7Lp4aQMnCvwf1 dttG1XhvA==;
Received: from cpe-172-250-240-132.socal.res.rr.com ([172.250.240.132]:55713 helo=[192.168.1.77]) by server217.web-hosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from <touch@strayalpha.com>) id 1h1vrr-0006PK-Ae; Thu, 07 Mar 2019 11:27:37 -0500
Content-Type: multipart/alternative; boundary="Apple-Mail=_3FE48FC8-8D82-435B-82D8-83022BDBBFD2"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Joe Touch <touch@strayalpha.com>
In-Reply-To: <CAPDqMeoEz34J67jzgfSx=Sofre6y0iM1bDAYOHi+pKimC2x0cg@mail.gmail.com>
Date: Thu, 07 Mar 2019 08:27:34 -0800
Cc: Tom Herbert <tom@herbertland.com>, "Templin (US), Fred L" <Fred.L.Templin@boeing.com>, int-area <int-area@ietf.org>
Message-Id: <7F438248-9543-4ED5-9BC0-5FCB278CD0C7@strayalpha.com>
References: <155129875579.13940.18077034152695268824.idtracker@ietfa.amsl.com> <CAPDqMeofwtqye_+55Yc_3rAkQqNLQ9Dw9TohJ7gcYCgUJrs-Jg@mail.gmail.com> <dbcef0c979f24aecb638babded309117@boeing.com> <CAPDqMeryKrE2t47kY1YXcpf80bJ8W3cx9m3UX+vfiYTy_kE6yA@mail.gmail.com> <7e858ddb-5372-b77b-1ebb-e9b0e297b479@strayalpha.com> <CALx6S34sRo1bzYZs3bEE4cWkhZb_vmomYE4F=vrpesNqG8SuXw@mail.gmail.com> <0f185c50-0450-aba7-c2cb-6f047fe08a28@strayalpha.com> <CAPDqMeqGt7-mdpnnr70Jjg3Zd_fyvva=5qkS1+zAD=XYVF214w@mail.gmail.com> <b06f8cc1ba0a931221bd1d76fe1961ff@strayalpha.com> <CALx6S34NDRCC0NeWJLxtzs=p+Q1m9EyidkkyPqqDurMoPgmxYQ@mail.gmail.com> <F59C4EDD-15A9-4052-B210-70A4196D0014@strayalpha.com> <CAPDqMeoEz34J67jzgfSx=Sofre6y0iM1bDAYOHi+pKimC2x0cg@mail.gmail.com>
To: Tom Herbert <tom@quantonium.net>
X-Mailer: Apple Mail (2.3445.9.1)
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/LVhhNdP7rNRObSybKsMmH3Nc6K4>
Subject: Re: [Int-area] New Version Notification for draft-herbert-ipv4-udpencap-eh-00.txt
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Mar 2019 16:27:42 -0000

Tom,

> On Mar 7, 2019, at 7:53 AM, Tom Herbert <tom@quantonium.net> wrote:
...
> Yes, some intermediate nodes will arbitrarily drop packets. Some will
> only allow certain UDP ports, some will drop all IPv6, some will drop
> every transport protocol but TCP, some will drop packets with
> extension headers, some will drop fragments, some will drop packets
> with IP options, some will drop ICMP, some will drop UDP packets with
> surplus space, some will parse into HTTP and drop packets with URLs
> they don't like, some will drop anything else they please. That's
> reality. But, DPI in the network => ossification => Internet doesn't
> evolve. IMO, we need to address this instead of just accepting it as
> status quo,

Firewalls are critical network security devices - even when they’re located within the client hosts’ control (e.g., enterprise edge) and thus more E2E-‘compliant’, they currently filter by server port number (i.e., TCP SYN dest port) - which your solution buries in a chain.

Your proposal provides port numbers for demuxing (substantially fewer per endpoint, because it would fix the server port as GUE), but buries the transport type far enough that intermediate devices would more likely “give up” and drop packets than go diving for it.

> lest plain TCP/IPv4 is the only thing left that works on
> the Internet. Transport layer encryption, extending happy eyeballs
> approach to other features, limited domains, showing value in forward
> looking features, using the architecturally correct methods of host to
> network signalling-- are ways to start undoing the harmful effects of
> ossification.

If you’re on a quest to avoid ossification, you’re digging in the wrong place and you might not want the result you get.

Ossification is never fixed by providing “yet another” way to do something we already can do.

And, importantly, one person’s ossification is another’s “stable foundation” that ensures interoperability (i.e., one layer up). So a solution needs to address a real need in a way that we actually expect will be deployed and used.

The solution proposed here intends to increase work by intermediate devices that have made it very clear they barely want to do forwarding (high speed routers), obscures information needed by intermediate devices for security (by burying the transport port at an unpredictable offset), and offers a network solution to a problem we already understand is better solved at the transport layer (fragmentation and reassembly).

So, even after this detailed discussion, we're back where I started - asking “where’s the need”?

Joe

v2.23.0 | Report a Bug | By Email