IETF Logo Mail Archive

Re: [Int-area] Fwd: New Version Notification for draft-herbert-ipv4-udpencap-eh-00.txt

Tom Herbert <tom@herbertland.com> Wed, 06 March 2019 22:38 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44035131277 for <int-area@ietfa.amsl.com>; Wed, 6 Mar 2019 14:38:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VbA_Kn93lzMH for <int-area@ietfa.amsl.com>; Wed, 6 Mar 2019 14:38:32 -0800 (PST)
Received: from mail-qt1-x844.google.com (mail-qt1-x844.google.com [IPv6:2607:f8b0:4864:20::844]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 020D21310A8 for <int-area@ietf.org>; Wed, 6 Mar 2019 14:38:31 -0800 (PST)
Received: by mail-qt1-x844.google.com with SMTP id d18so14888163qtg.12 for <int-area@ietf.org>; Wed, 06 Mar 2019 14:38:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hT28qmx3tcYMK4RA9aYDmyOVjHyNHRA6IDtiEizd8ok=; b=HcoQ6a/QZml0FjMUC6gER8vCDXndXEVYrPZ1oWtK9sh4nfvxzsanx2EOZ/+aaG4PFk fluVbvjt5Vf3PyltvaRD4a29XRDX7GxzZpOWPB942znz9+22DDJD1lXjqkFONCzmQHqC Bgaz4pg/lgIbGhf2VyAnBub2wJDxhfAqrGFBbVGc0oEOoC6DeJ0TFAzaMiUYAP4l5hay 85/TSKdK2o0CrMSJY++fRBwwZBzLXQyD1gzIWsrOy8ZZZN2n5wUXvnMDVq0tvzqTpQKd cURaHuohk1f9jdI+w+UAAcNj9UL3sTPtMr43r/OHGVl4mpVvH2MmcXzOA9TR7AzXXXw5 CBXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hT28qmx3tcYMK4RA9aYDmyOVjHyNHRA6IDtiEizd8ok=; b=C1iCtEcK30MsFbE5MCB07wvGCrxx1VwGbb653hDO4YvQm0tXbiZd5guQ/Y0uJmOL8d 7AN6MODrgg0aSav292zrJ9dAq/RM+4TYVwpLRK2sktf0AKviu9Agxy2sodEbDEaIY3XR vjYJJVu4ln03MMrzDW0UP/gzbwX3JSHfaYppPNesnDepa0kaT4vXqPIL2x+aHjbiwZ/p Mkmn4nx96oF8uGu1gGvTvf4myaqSldpa3w79a9QOKnmPBPjZ5P4Fjm6ZSYiW6rmwCHI9 CoeGFhr4Py62TEz2sqvoLhpDa+R3SkuGdVcgnWljjrrOupIXZwaf3cBypTq9byd2gVmj OJTQ==
X-Gm-Message-State: APjAAAXy6jfFqVMq6vPN9egSwF6VVlIkcLp4x/IpeQWpmGvvkkm9PJ6G wSxO4/G+zSAwz4j9vJI/5ZD2HiXsb8SpU1S+h9poXg==
X-Google-Smtp-Source: APXvYqzfVVwcN2sm3OLymlOkYt/8Zaz9Ttb7uivsXWaeitPxaRzPZEVSUmGjJRYi23OMNoIRcW8NXG+3AX1QOVvOm4s=
X-Received: by 2002:a0c:9681:: with SMTP id a1mr8438876qvd.72.1551911910921; Wed, 06 Mar 2019 14:38:30 -0800 (PST)
MIME-Version: 1.0
References: <155129875579.13940.18077034152695268824.idtracker@ietfa.amsl.com> <CAPDqMeofwtqye_+55Yc_3rAkQqNLQ9Dw9TohJ7gcYCgUJrs-Jg@mail.gmail.com> <dbcef0c979f24aecb638babded309117@boeing.com> <CAPDqMeryKrE2t47kY1YXcpf80bJ8W3cx9m3UX+vfiYTy_kE6yA@mail.gmail.com> <7e858ddb-5372-b77b-1ebb-e9b0e297b479@strayalpha.com> <CALx6S34sRo1bzYZs3bEE4cWkhZb_vmomYE4F=vrpesNqG8SuXw@mail.gmail.com> <0f185c50-0450-aba7-c2cb-6f047fe08a28@strayalpha.com> <CAPDqMeqGt7-mdpnnr70Jjg3Zd_fyvva=5qkS1+zAD=XYVF214w@mail.gmail.com> <b06f8cc1ba0a931221bd1d76fe1961ff@strayalpha.com>
In-Reply-To: <b06f8cc1ba0a931221bd1d76fe1961ff@strayalpha.com>
From: Tom Herbert <tom@herbertland.com>
Date: Wed, 06 Mar 2019 14:38:20 -0800
Message-ID: <CALx6S34NDRCC0NeWJLxtzs=p+Q1m9EyidkkyPqqDurMoPgmxYQ@mail.gmail.com>
To: Joe Touch <touch@strayalpha.com>
Cc: Tom Herbert <tom@quantonium.net>, "Templin (US), Fred L" <Fred.L.Templin@boeing.com>, int-area <int-area@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/Vlr_cxGrRp0_iONybIRObn5wy_M>
Subject: Re: [Int-area] Fwd: New Version Notification for draft-herbert-ipv4-udpencap-eh-00.txt
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Mar 2019 22:38:38 -0000

On Wed, Mar 6, 2019 at 10:59 AM Joe Touch <touch@strayalpha.com> wrote:
>
>
>
>
>
> On 2019-03-06 09:12, Tom Herbert wrote:
>
> On Wed, Mar 6, 2019 at 9:03 AM Joe Touch <touch@strayalpha.com> wrote:
>
> ...
>
> And yes, we can build an Internet on the Internet - again, as I've noted
> repeatedly throughout the IETF. Or we can use UDP fragmentation - which
> ought to solve all these issues in one shot.
>
> So what's the gain here?
>
>
> Joe,
>
> Please view the proposal in its entirety.
>
>
> Here are the problems, which I already stated, but seem to need restating in the exact context of the proposal:
>
> - IP options already cause routers to drop traffic
>   this is true for both IPv4 and IPv6; making those options look like IPv6 just gives routers a different WAY to drop them
>
Some routers drop extension headers, but not all of them. If all of
them drop extension headers, then a whole bunch of effort in 6man is
pointless.

> - DPI looks for transport port numbers that are expected, either for service gating or even deeper DPI
>   and GUE isn't one of them
>
There's no requirement to support DPI into the transport layer. In
fact, encryption of the transport layer, like in QUIC, effectively
renders DPI into the transport layer useless. That's a good thing! We
know encryption is one of the best tools in the battle against
protocol ossification. Encryption of the transport header does leave a
void in host signaling to the network, but that can be filled with
proper use of extension headers.

> - pushing the actual UDP port numbers used inside a GUE header creates an "internet in an internet"
>   as noted above, that's a losing battle we've repeatedly tried

I'm not sure what you mean by "actual UDP port numbers". A GUE packet
encapsulates using actual  UDP  port numbers. GUE even allows
connection oriented semantics to get through stateful devices. GUE can
carry any IP protocol which may or may not even have port numbers. And
even if it carries something like TCP with port numbers, we're under
no obligation to not encrypt the packet just because some random node
in the path might want to parse it.

>
> Yes, this may be *intended* for uses other than fragmentation, but will any of them succeed? Will even the fragmentation one succeed?
>
> That's the point I was trying to make. I hope it's clear enough now.
>
> Joe
>

v2.23.0 | Report a Bug | By Email