Re: [Int-area] AD review of draft-ietf-intarea-gue

"Templin (US), Fred L" <Fred.L.Templin@boeing.com> Mon, 05 October 2020 14:08 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A17273A0AFD for <int-area@ietfa.amsl.com>; Mon, 5 Oct 2020 07:08:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=boeing.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d_iRgtf-eHF7 for <int-area@ietfa.amsl.com>; Mon, 5 Oct 2020 07:08:27 -0700 (PDT)
Received: from clt-mbsout-01.mbs.boeing.net (clt-mbsout-01.mbs.boeing.net [130.76.144.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E6A63A0AF6 for <int-area@ietf.org>; Mon, 5 Oct 2020 07:08:26 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by clt-mbsout-01.mbs.boeing.net (8.15.2/8.15.2/DOWNSTREAM_MBSOUT) with SMTP id 095E8NDt007119; Mon, 5 Oct 2020 10:08:24 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=boeing.com; s=boeing-s1912; t=1601906904; bh=ZOcy0sGYyTBs+JYleWQryd/6kCZ5Zw9S3lLVzZMyAWk=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=hK5EKjOHQHoRjMKWjFrMhLr+kWtew+tZXdIhjgYGfdY45boveMAYTPZvlqErGOCUr YWPkP1ts+N5CPpznMeJFQJFcyaV9R5CTOSFaKDBCS7pd6cItpkNt4mJac81McWBc88 mBSuNJhMj/zrk1w8K4KXWjjXW53wEUg3c2hqQ8ZPzXDUYTHtYzGzydtwfTo+4nMeJn bMct75cHXOddWYrtJcIW9K9Hc8B83WNJBVkZMCznkWGvdYmwlqjIZcD8tYfB44pn0/ KHYZSuhyDVvD3y16z5VdPbzLiASC0oawB09/KUlM+bunCNXZIY/1eaAMVwsoyWv/8U NvU4KvdfkkgHQ==
Received: from XCH16-07-10.nos.boeing.com (xch16-07-10.nos.boeing.com [144.115.66.112]) by clt-mbsout-01.mbs.boeing.net (8.15.2/8.15.2/8.15.2/UPSTREAM_MBSOUT) with ESMTPS id 095E8DYp005933 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=OK); Mon, 5 Oct 2020 10:08:13 -0400
Received: from XCH16-07-10.nos.boeing.com (144.115.66.112) by XCH16-07-10.nos.boeing.com (144.115.66.112) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.2044.4; Mon, 5 Oct 2020 07:08:12 -0700
Received: from XCH16-07-10.nos.boeing.com ([fe80::e065:4e77:ac47:d9a8]) by XCH16-07-10.nos.boeing.com ([fe80::e065:4e77:ac47:d9a8%2]) with mapi id 15.01.2044.004; Mon, 5 Oct 2020 07:08:12 -0700
From: "Templin (US), Fred L" <Fred.L.Templin@boeing.com>
To: "Eric Vyncke (evyncke)" <evyncke@cisco.com>, "tom@herbertland.com" <tom@herbertland.com>, "lucy_yong@yahoo.com" <lucy_yong@yahoo.com>, "osamaz@microsoft.com" <osamaz@microsoft.com>
CC: Suresh Krishnan <suresh.krishnan@gmail.com>, Erik Kline <ek.ietf@gmail.com>, Wassim Haddad <wassim.haddad@ericsson.com>, "Juan Carlos Zuniga" <juancarlos.zuniga@sigfox.com>, int-area <int-area@ietf.org>, "Black, David" <David.Black@dell.com>, Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Thread-Topic: AD review of draft-ietf-intarea-gue
Thread-Index: AQHWmxzLdBAQRDM7CU+5rZjxVZ2zlqmJCkMA
Date: Mon, 5 Oct 2020 14:08:12 +0000
Message-ID: <9544d6d59952444bb5d1cbceec64fe91@boeing.com>
References: <6D36704E-EF85-41F4-B9C2-A7158B86842A@cisco.com>
In-Reply-To: <6D36704E-EF85-41F4-B9C2-A7158B86842A@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [137.137.12.6]
x-tm-snts-smtp: F33D7702FFAF618887E6BA3B6FFE6FDEEB31E6DBD4266157D12F9EC8AB2952822000:8
Content-Type: multipart/alternative; boundary="_000_9544d6d59952444bb5d1cbceec64fe91boeingcom_"
MIME-Version: 1.0
X-TM-AS-GCONF: 00
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/ZcdnmxScNHkXOInBDClDCiF-Swk>
X-Mailman-Approved-At: Mon, 05 Oct 2020 07:46:35 -0700
Subject: Re: [Int-area] AD review of draft-ietf-intarea-gue
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2020 14:08:31 -0000

Eric, I have lost track of GUE a bit since I realized that the work I am doing can leverage
RFC4380 where UDP/IP encapsulation is already defined to the level at which I need.
RFC4380 also supports the point-to-multipoint (NBMA) interface abstraction, which I
do not see in either the GUE spec or code. I am not saying we should give up work on
GUE; only, that I do not currently see it as the best fit for my spec. Thoughts?

Thanks - Fred

From: Eric Vyncke (evyncke) [mailto:evyncke@cisco.com]
Sent: Monday, October 05, 2020 6:38 AM
To: tom@herbertland.com; lucy_yong@yahoo.com; osamaz@microsoft.com
Cc: Suresh Krishnan <suresh.krishnan@gmail.com>om>; Erik Kline <ek.ietf@gmail.com>om>; Templin (US), Fred L <Fred.L.Templin@boeing.com>om>; Wassim Haddad <wassim.haddad@ericsson.com>om>; Juan Carlos Zuniga <juancarlos.zuniga@sigfox.com>om>; int-area <int-area@ietf.org>rg>; Black, David <David.Black@dell.com>om>; Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Subject: [EXTERNAL] AD review of draft-ietf-intarea-gue


This message was sent from outside of Boeing. Please do not click links or open attachments unless you recognize the sender and know that the content is safe.




Tom, Lucy, Osama,

As you probably know by now, I have become the responsible AD for this document for a couple of months (since I replaced Suresh who is in cc).

As usual, I do an AD review before launching the IETF Last Call step. So, here are my comments.

The first one is really about what is the added value of GUE wrt to so many already specified encapsulations. Of course, UDP-encapsulation guarantees a better middle-box traversal (being NAT or firewall or ...) but L2TPv2, Geneve/NVO3, IPsec, VxLAN, GRE over UDP, ... already apply the same UDP envelope (albeit for very specific tunneling techniques and to encapsulate a layer-2 frame). As the intarea WG has adopted this document and the WGLC was positive, I will go forward with the publication process anyway; but, I fear that the IETF Last Call and IESG evaluation will bring this discussion again. Section 6 should perhaps be moved forward as well.

I failed to see any reply to David Blake's early review for tsvart: https://mailarchive.ietf.org/arch/msg/int-area/Z67X78mJyzijDmt4GlCktndInzI/

In Tom's reply to Gory's review in https://mailarchive.ietf.org/arch/msg/int-area/66jAlVmJ-JqO_yy9utivM6bGhHg/ there is "I will reply to comments in time", and I have not seen a reply (possibly a bad search of mine).

In one email from Tom, it seems that GUE is implemented in Linux for years. This could become part of an implementation status section that is always useful for an intended PS status.

Where is described the process of receiving an ICMP by the encapsulator about a GUE packet?

Abstract: I wonder what is "specialized capabilities in networking hardware for efficient handling of UDP packets" except perhaps for ECMP ? Probably worth being specific even in the abstract.

Introduction: the text is about 'optional data' and 'extensions' and is not really clear whether they are identical, especially when the text is split in two paragraphs. Suggest to merge the last 2 paragraphs.

Section 1.2: why is this 'implicitly' for 'control' rather than 'explicitly' and nothing is said for 'data'. C-bit is an 'explicit' way of declaring this packet as 'control', or did I miss something?

Section 1.2: "control the state or behavior of a tunnel", humm I had in mind that GUE is not only for tunnels

Section 1.2: suggest to also define primary and extension fields (even if those terms can be inferred/guessed)

Section 1.2: "Proto/ctype" there is no protocol number in IPv6

Section 1.3: please use BCP 14 and RFC 8174

Section 3.1: about the UDP source port, is a 'RECOMMENDED' recommended in the choice of source port ?

Section 3.1: please add "and ignored at reception" when describing the 'Flags' field.

Section 3.2.1 in the last paragraph: 'nodes' is rather vague... is it the decapsulating node ? And beside 'MUST NOT parse', should the packet be dropped silently ? or dropped and ICMP generated ? or ?

Section 3.2.2: "Control messages will be defined in an IANA" should rather be "Control messages are defined in an IANA". Also, "and may be defined in standards" is not the usual wording for extensions.

Section 3.3: draft-ietf-intarea-gue-extensions seems to be expired... and MUST be normative, IMHO, as " [GUEEXTEN] defines an initial set of GUE extensions." indicates it.

Section 3.3.1: while the exact meaning of "Extension fields are placed in order of the flags" can be guessed, strongly suggest to be clear about this 'order of the flags'.

Section 3.2.2: unsure whether a copy & paste of another not-really-active document is wise. Suggest to remove this section completely.

Section 3.4: is "optional integrity check" defined in this document ? Else, I suggest to remove this text

Section 3.5.1: "implicitly" or "explicitly" because C-flag is set and the dest address is obviously the decapsulator

Section 3.5.2: we are well deep in the document and it is still unclear how the encapsulation can be done with variant 0. Is it a 'virtual' removing of UDP & GUE header ? I.e., leaving the outer IP header intact ?

Section 4: it is really smart to use the IP version field to indicate variant 1 (assuming that Internet Stream Protocol is no more used)

Section 5.2: why "should be co-resident with the hosts" ? Isn't it obvious then, rather than using "should be", let's use "are"

Section 5.2: "and the transport packet." how would ICMP qualify as it is rather layer 3 and not really 'transport' ?

Section 5.2: "Note that the transport layer ports " => "Note that the transport layer ports (if any) "

Section 5.2: I am afraid that some text about IPv6 extension headers is required here (and possibly for IPv4 options)

Section 5.3: "intended target (decapsulator)" why not simply writing "decapsulator" ?

Section 5.3: suggest s/it SHOULD follow standard conventions /it MUST follow standard conventions /

Section 5.3: must include the normative references to 'standard conventions'

Section 5.3: what about MTU considerations as packet size is increased ?

Section 5.4: should an ICMP message be generated when packet is not validated and should it be dropped ? rate limited of course ;-)

Section 5.4: s/GUE packet is received by a decapsulator with unknown flags, the packet MUST be dropped./GUE packet is received by a decapsulator with unknown flags set, the packet MUST be dropped/

Section 5.4: should an ICMP message be generated when dropping GUE packets ?

Section 5.4.1: must be explicit about the processing of any IPv6 extension headers

Section 5.4.1: suggest to also indicate the inner/outer src and dst IPv4 addresses

Section 5.4.2: should/may an ICMP be generated ?
"
Section 5.5: unsure whether a section about middle box is required/useful because those will do whatever they want (typically evil). Also, "A middlebox MUST NOT drop a GUE packet merely because there are flags unknown to it." is wishful thinking as firewalls tend to block what they do not recognize.

Section 5.6.2: would a section on NAT64 be useful ?

Section 5.7: RFC 4459 is informational and will cause a down ref (that is OK) as the reference should be normative. As mentioned by David Blake in his review, RFC 4459 is about to be updated by draft-ietf-intarea-tunnels, the later should probably be mentioned as well.

Section 5.8.2: replace RFC 2460 by RFC 8200 ;-)

Section 5.8.2: while I am unsure whether the considerations about when using no UDP checksum are relevant/useful, it is probably shared by IPv4 and IPv6, so, move this part outside of 5.8.2 ?

Section 5.9.1: up to the authors, but I would use a "SHOULD NOT" in "a GUE tunnel MUST NOT be deployed to carry non-congestion-controlled traffic over the Internet"

Section 5.10: even after reading carefully the document, I am unclear about what are the "GUE parameters and properties" required to decapsulate

Section 5.10: is it useful to specify whether anycast traffic is supported?

Section 5.11.1: is "connection semantics"  already defined? Not the first time it is mentioned but its definition should either occur before or a forward internal reference pointer added

Section 5.11.1: "corresponds to the flow of the inner packet" seems to indicate a 1:1 mapping between outer source port and internal 5-tuple. Suggest to use a different word than "corresponds"

Section 5.11.1: "is set" or "SHOULD be set" ?

Section 5.11.1: please add references to ESP & AH RFC

Section 5.11.2: would it be useful to specify that the "flow entropy" should be constant for the same inner flow (= 5-tuple) ?

Section 6: this is really a useful section, IMHO, it should appear earlier in the document.

Section 6.1: "Standardized optional data ... are defined" ... where ?

Section 6.2: I would try to prioritize the list, i.e., imho flow entropy is important, the multiplexing also exists notably in GRE so is less important.

IANA: please use RFC 8126 rather than RFC 5226 ;-)

Possibly a couple of nits (but please bear in mind that English is not my native language):

  *   s/UDP based protocol/UDP-based protocol/
  *   s/four byte header/four-octet header/ (at least use 'octet' rather than 'byte' as some ADs are very strict on this use)
  *   Section 2: about OAM, typically we use the expanded version and put the acronym later, not the other way round.


Hope this helps

-éric