IETF Logo Mail Archive

Re: [Int-area] comment on draft-ietf-intarea-gre-ipv6

Tom Herbert <tom@herbertland.com> Mon, 09 March 2015 18:50 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 831DC1A8AE5 for <int-area@ietfa.amsl.com>; Mon, 9 Mar 2015 11:50:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3A1F5WoOYuM7 for <int-area@ietfa.amsl.com>; Mon, 9 Mar 2015 11:50:56 -0700 (PDT)
Received: from mail-ig0-f174.google.com (mail-ig0-f174.google.com [209.85.213.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D4EB1A9235 for <int-area@ietf.org>; Mon, 9 Mar 2015 11:50:56 -0700 (PDT)
Received: by igal13 with SMTP id l13so24136700iga.0 for <int-area@ietf.org>; Mon, 09 Mar 2015 11:50:55 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=/oHZ6tL6TLRFzrBBCUpX4pccxplK+p1it9MAEvS5nPQ=; b=cNyPVkxkOA5//Vz+YokoCx3bpKeYzJXXOu++kZWHZF5VWrUESp6SQntUDPOhinb0Fo BNYxocjx1MwO6O1mGQ+u57YLlGbcfEamTU3wZXm3klOobxOZ/2gJ5jQKflaLjW09ZA6b /PodSIPx1XDSWJhxuvtBKJ4up0CmzPI2YfMGodEU/aScZ0vK6CUdTjtQSfuPfazpY2QB axhlyz2FnHCxWR8wDSC/YHUzbc3w0Is+/dQ708W/a+6tTXN2b5lySzxmh7qGdlto4+vu G6Dwtv6KO0OLrvydSyVHoNDTIYHUpOaGFhB5Y3n7bqWtzcx4jzVbLik5fxkq+T5TUBCL jpfw==
X-Gm-Message-State: ALoCoQmmx5yn3WrMnCA30W1Zh4AqSFC56FrnGQzxGk2WPfuoZQfmIL7fqZ8QQIgXS2PvIoXll52+
MIME-Version: 1.0
X-Received: by 10.43.155.8 with SMTP id lg8mr20144559icc.43.1425927055738; Mon, 09 Mar 2015 11:50:55 -0700 (PDT)
Received: by 10.107.159.134 with HTTP; Mon, 9 Mar 2015 11:50:55 -0700 (PDT)
In-Reply-To: <2691CE0099834E4A9C5044EEC662BB9D4545D805@dfweml701-chm>
References: <CO1PR05MB442AAF3B29AE72283B8B5C0AE1F0@CO1PR05MB442.namprd05.prod.outlook.com> <2691CE0099834E4A9C5044EEC662BB9D4545C68A@dfweml701-chm> <2134F8430051B64F815C691A62D9831832E13D92@XCH-BLV-504.nw.nos.boeing.com> <2691CE0099834E4A9C5044EEC662BB9D4545D18D@dfweml701-chm> <2134F8430051B64F815C691A62D9831832E15252@XCH-BLV-504.nw.nos.boeing.com> <2134F8430051B64F815C691A62D9831832E176E4@XCH-BLV-504.nw.nos.boeing.com> <2691CE0099834E4A9C5044EEC662BB9D4545D805@dfweml701-chm>
Date: Mon, 09 Mar 2015 11:50:55 -0700
Message-ID: <CALx6S34K7EHZijCOvGTh=TDqudEHLphV-iZ=RXkfN1poi0f1bQ@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
To: Lucy yong <lucy.yong@huawei.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/int-area/eAsNVVErNlh300jLfCImRs52Wg8>
Cc: Ronald Bonica <rbonica@juniper.net>, "int-area@ietf.org" <int-area@ietf.org>
Subject: Re: [Int-area] comment on draft-ietf-intarea-gre-ipv6
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2015 18:50:58 -0000

On Mon, Mar 9, 2015 at 10:55 AM, Lucy yong <lucy.yong@huawei.com> wrote:
> Hi Templin,
>
> -----Original Message-----
> From: Templin, Fred L [mailto:Fred.L.Templin@boeing.com]
> Sent: Monday, March 09, 2015 12:15 PM
> To: Lucy yong; Ronald Bonica; int-area@ietf.org
> Subject: RE: [Int-area] comment on draft-ietf-intarea-gre-ipv6
>
> Hi Lucy,
>
> Also, you say:
>
>>  [Lucy] RFC2473 is about IPv6 in IPv6, i.e., IPv6 as a delivery network for IPv6 traffic.
>
> but that is not correct. RFC2473 is about "Generic Packet Tunneling in IPv6", which could include encapsulation of IPv4, IPv6, or other network protocols - and not just
> IPv6 within IPv6 encapsulation.
> [Lucy] You are right. It has that generalization although very focusing on IPv6. The misdelivery and corruption issues are concern there too. The draft is very old (1998). IPv6 was barely deployed then. We should address or document these issues if we are working on it now.
>

We added this paragraph to the GRE-in_UDP draft to describe how the
keyid might be used as a weak authentication. This might be applicable
to gre-ipv6 also:

An implementation MAY use the GRE keyid to authenticate the
   encapsulator. In this model, a shared value is either configured or
   negotiated between an encapsulator and decapsulator. When a GRE-in-
   UDP packet is received with the keyid present, it is checked to see
   if it is valid for the source to have set for the tunnel packet was
   sent on. An implementation MAY enforce that a keyid be used for
   source authentication on selected tunnels. When a decapsulator
   determines a presented keyid is not valid for the source to send or
   the keyid is absent and is considered required for authenticating
   the encapsulator for a tunnel, the packet MUST be dropped.

Thanks,
Tom

> Thanks,
> Lucy
>
> Thanks - Fred
> fred.l.templin@boeing.com
>
>> -----Original Message-----
>> From: Int-area [mailto:int-area-bounces@ietf.org] On Behalf Of
>> Templin, Fred L
>> Sent: Monday, March 09, 2015 7:52 AM
>> To: Lucy yong; Ronald Bonica; int-area@ietf.org
>> Subject: Re: [Int-area] comment on draft-ietf-intarea-gre-ipv6
>>
>>
>>
>> > -----Original Message-----
>> > From: Lucy yong [mailto:lucy.yong@huawei.com]
>> > Sent: Sunday, March 08, 2015 10:05 AM
>> > To: Templin, Fred L; Ronald Bonica; int-area@ietf.org
>> > Subject: RE: [Int-area] comment on draft-ietf-intarea-gre-ipv6
>> >
>> > Hi Templin,
>> >
>> >
>> > > -----Original Message-----
>> > > From: Int-area [mailto:int-area-bounces@ietf.org] On Behalf Of
>> > > Lucy yong
>> > > Sent: Thursday, March 05, 2015 12:09 PM
>> > > To: Ronald Bonica; int-area@ietf.org
>> > > Subject: Re: [Int-area] comment on draft-ietf-intarea-gre-ipv6
>> > >
>> > > Hi Ron,
>> > >
>> > > RFC2784 has this statement: See [RFC1122] for requirements relating to the
>> > >    delivery of packets over IPv4 networks.
>> > > Does this apply to over IPv6 networks?
>> > >
>> > > Since IPv6 header does not have checksum, if a packet is
>> > > mis-delivered to GRE decapsulator, will that cause a concern? This is not a concern when IPv4 network is the delivery network.
>> >
>> > In terms of header integrity checks, they are very much in the same boat as RFC2473.
>> > But, somehow that got standardized.
>> > [Lucy] RFC2473 is about IPv6 in IPv6, i.e., IPv6 as a delivery
>> > network for IPv6 traffic. Since IPv6 packets and upper layer
>> > applications have to follow RFC2460, i.e., protect the misdelivery
>> > and corruption, so that is OK if there is only such kind of tunnel
>> > in IPv6. GRE-in-
>> > IPv6 is deferent. They can't be in the same boat. If there are
>> > various network protocols that are tunneled over a same IPv6
>> > network,
>> it
>> > will have a problem due to packet misdelivery and corruption. IMO: the draft needs to document these.
>>
>> Oh, I thought you were concerned about lack of an integrity check for
>> the encapsulating
>> IPv6 header. Are you saying that (in the RFC2473 case at least) it is
>> OK to omit an integrity check for the encapsulating IPv6 header as
>> long as there is an integrity check for the encapsulated IP header? But, somehow that is not OK for draft-ietf-intarea-gre-ipv6?
>>
>> Thanks - Fred
>> fred.l.templin@boeing.com
>>
>> > Thanks,
>> > Lucy
>> >
>> > Thanks - Fred
>> > fred.l.templin@boeing.com
>> >
>> > > Thanks,
>> > > Lucy
>> > >
>> > >
>> > > -----Original Message-----
>> > > From: Ronald Bonica [mailto:rbonica@juniper.net]
>> > > Sent: Thursday, March 05, 2015 11:57 AM
>> > > To: int-area@ietf.org; Lucy yong
>> > > Subject: RE: [Int-area] comment on draft-ietf-intarea-gre-ipv6
>> > >
>> > > Hi Lucy,
>> > >
>> > > The goal of this draft is *not* to prove the GRE behaves
>> > > identically with IPv6 as it does with IPv4. In fact, its goal is to point out the differences.
>> > >
>> > > Can you think of any differences between the two GRE environments that we have failed to point out?
>> > >
>> > >
>> > > Ron
>> > >
>> > >
>> > > >
>> > > > Message: 1
>> > > > Date: Wed, 4 Mar 2015 15:25:54 +0000
>> > > > From: Lucy yong <lucy.yong@huawei.com>
>> > > > To: "int-area@ietf.org" <int-area@ietf.org>
>> > > > Subject: [Int-area] comment on draft-ietf-intarea-gre-ipv6
>> > > > Message-ID: <2691CE0099834E4A9C5044EEC662BB9D4545BB21@dfweml701-
>> > > > chm>
>> > > > Content-Type: text/plain; charset="us-ascii"
>> > > >
>> > > > Hi,
>> > > >
>> > > > If this draft is to document the protocol of gre in IPv6 exact
>> > > > same as of gre in
>> > > > IPv4 and update rfc2784, IMHO, it should point out the gre
>> > > > application behavior differences in IPv4 network and IPv6 network.
>> > > > The exact same protocol does not mean the same behavior for an
>> > > > application since IPv4 and
>> > > > IPv6 networks have different behaviors such as header checksum.
>> > > >
>> > > > Thanks,
>> > > > Lucy
>> > > >
>> > > >
>> > > >
>> > > >
>> > >
>> > > _______________________________________________
>> > > Int-area mailing list
>> > > Int-area@ietf.org
>> > > https://www.ietf.org/mailman/listinfo/int-area
>>
>> _______________________________________________
>> Int-area mailing list
>> Int-area@ietf.org
>> https://www.ietf.org/mailman/listinfo/int-area
>
> _______________________________________________
> Int-area mailing list
> Int-area@ietf.org
> https://www.ietf.org/mailman/listinfo/int-area

v2.23.0 | Report a Bug | By Email