Re: [Int-area] Fwd: I-D Action: draft-carpenter-limited-domains-02.txt

Tom Herbert <tom@herbertland.com> Wed, 15 August 2018 16:31 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8364130E40 for <int-area@ietfa.amsl.com>; Wed, 15 Aug 2018 09:31:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qItcRelZ5KaO for <int-area@ietfa.amsl.com>; Wed, 15 Aug 2018 09:31:17 -0700 (PDT)
Received: from mail-qk0-x232.google.com (mail-qk0-x232.google.com [IPv6:2607:f8b0:400d:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85566130E00 for <int-area@ietf.org>; Wed, 15 Aug 2018 09:31:17 -0700 (PDT)
Received: by mail-qk0-x232.google.com with SMTP id v17-v6so1166350qkb.11 for <int-area@ietf.org>; Wed, 15 Aug 2018 09:31:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=L8agSNCpBAnBixFXa++30zSXyC4JkCWaTPTPOfzPkaQ=; b=0UPXso3P4UzihSTSfPsyq7xaA4ZLtCg56o+G2uKBrpnWvXv9af6S7uNlupcoQ94XCg 8zJBEKJvKmtgYCPYsa2HEf20+DoKJuK/NQq7WCy9BLetwXd3YmvEGzJ3Dk2oau5jmDP/ K3XEknmdCyQ5dPs/otW7ZleLdaT6yFKwrKGsZQXCYzPjyVnaPJg3v25nHM3CckmO6T/F /HXSppsk1BrASnMzfR4TyikvoU4llvBRxJ8gE1M/56uzJOAgaQqK1KChRKd3HoUqk4vi 8fTB+zr+hcyg0gE0sAOfchqT9fBKmctkR56NjuokTQMpdChsF1KOQTaCe4oYh2LSDDkw bUpA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=L8agSNCpBAnBixFXa++30zSXyC4JkCWaTPTPOfzPkaQ=; b=ie+QGydVBTibmMlG78yG/NvxsFmFn0lIOEZqCKobTIfRZC6Y57GGg5tIKS6pwiAl4T fHwhcY87fxfiuyvHgwWxoZwcPQV7ZkptB4eUqktnJgj8VAM5XT+WhI8yDvQ8kbJSYjSq te2pPrtrdtGpG1wUR062jrIFRAlezoOtLEqRao4+clOcbQ8sui2b8gvA5SGKWlS4hVs8 jC4x9TEglJO53CS613kOio9ttbvj7tkt47S28TLtyPGaqBWOApE/8JlPtPgQlxw0fkBO hkG9N83kuges6qcOumoXWuKIl7bX7iUcmP7FY6FTEbm02Wk3F2tPt2ZDWSCEKYPgKOQn jhOA==
X-Gm-Message-State: AOUpUlE9tRgBNGdbK544efGHkRzHbD0jDXe3hGUfrnxhdJtvwLZqoyFG +9yLKyIWaQsGeP/1LfRoMINyAwmTzJapoR5GUfTuvEDGg9g=
X-Google-Smtp-Source: AA+uWPxLv50kbCDfTn4fjm8gtj0eN74D/x1aiLOILpIzg8Ge7WhbyFAgUNkMUgwlnRbMTb16GajCfQB+RSU0E/Bf6GI=
X-Received: by 2002:a37:2c84:: with SMTP id s126-v6mr23869569qkh.311.1534350676382; Wed, 15 Aug 2018 09:31:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:ac8:3304:0:0:0:0:0 with HTTP; Wed, 15 Aug 2018 09:31:15 -0700 (PDT)
In-Reply-To: <a126054d-7400-b16c-158d-bc2e6d05f303@gmail.com>
References: <153421094737.25008.8682280615922133385@ietfa.amsl.com> <fbdf3a6a-9513-3bbc-dcfb-bbd72a5a12f6@gmail.com> <CALx6S34khUjnLXgHH=kRLcFzGyDNp4Bm5a1wqJcMyhGUexTk4A@mail.gmail.com> <a126054d-7400-b16c-158d-bc2e6d05f303@gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Wed, 15 Aug 2018 09:31:15 -0700
Message-ID: <CALx6S35jpR8aOz5e5PhYfL4GZVhnZqW_s6H-UEYbyhetj1mCDw@mail.gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: int-area <int-area@ietf.org>, "Liubing (Leo)" <leo.liubing@huawei.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/e_u8PrNinfJjPLaDLxtCriA2YmA>
Subject: Re: [Int-area] Fwd: I-D Action: draft-carpenter-limited-domains-02.txt
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Aug 2018 16:31:21 -0000

On Tue, Aug 14, 2018 at 10:26 PM, Brian E Carpenter
<brian.e.carpenter@gmail.com> wrote:
> Tom,
>
> Thanks for the comments. See in-line:
>
> On 15/08/2018 12:00, Tom Herbert wrote:
>> On Mon, Aug 13, 2018 at 7:07 PM, Brian E Carpenter
> ...
>>>
>> Hi Brian, thanks for the draft.
>>
>> A couple general points:
>>
>> * It's unclear to me what it means for a protocol to only work in a
>> limited domain. I think there is a big difference between describing
>> how a standard protocol _could_ be deployed in a limited domain for
>> good effect, versus defining a standard protocol that can _only_
>> operate correctly in a limited domain.
>
> Agreed. This is exactly why our next step is planned to be
> a taxonomy of the various aspects, to try and separate
> these issues.
>
>> Most of the examples in section
>> 4 are describing deployment of protocols seem to fall in the first
>> category where protocol deployment might only be feasible in limited
>> domain, but the definition of the protocol does not require a limited
>> domain. For instance, the fact that extension headers is not
>> deployable by the Internet, but may work in a limited domain, is
>> happenstance on how things evolved. It was never the intent of
>> extension headers to only be used in limited domains,
>
> Correct.
>
>> neither do I
>> believe there is value in respecifying extension headers as such (I
>
> I'd be very unlikely to do that, personally. But there might be
> *semantics* that only apply within a domain. (That is how we
> designed diffserv, whereas the original IPv4 TOS design was
> supposed to be universal, I believe.)
>
>> still believe problems that prevent use on the Internet should be
>> fixed).
>
> I wish that I had confidence that this could be achieved, but
> there is an ongoing tension between innovation and firewall rules.
>
I am hopeful that mapping the capabilities of the Internet (like maybe
work from MAPRG?) will resolve that. Applications can use "advanced"
protocol features like extension headers in a type of happy eyeballs
approach. Also, applications should give feedback to users when their
in a degraded service mode because of non conforming devices in the
path.

>> On the other hand, something like extension header insertion
>> would require a protocol to be specified to only work in a limited
>> domain since that would otherwise break some fundamental requirements
>> of IPv6.
>
> Exactly.
>
>> * If we accept that protocols can be defined for use only limited
>> domains, what becomes of the priniciple of interoperability? Does this
>> open up the possibility that "limited domain" could mean that any
>> possible variant of a protocol is allowed per the "local policy" of
>> the domain?
>
> That's a central question. I think the other way of looking at
> it is: is it better to recognise that local semantics exist, and
> figure out how to contain them, or is it better to simply
> say "don't do that"?
>
>> A limited domain would make anything possible in
>> protocols. For instance, someone could decide to switch the soure and
>> destination addresses in IP headers in a limited domain as a local
>> policy. As long as the requirements of a limited domain is enforced
>> this is completely feasible (note a limited domain could be defined by
>> an island in the network having only one vendor solution). So then
>> does a limited domain become a vehicle for vendors to define and
>> deploy their own value-add protocol extensions without regard to
>> interoperability? The open endedness of "local policy" alluded to in
>> the SR protocol draft as well as some statement concerning the use of
>> network slices by mobile operators that are run by a single hardware
>> vendor are noteworthy.,
>
> Absent protocol police, we can't actually stop people doing such
> things, can we? So the question is how can we best deal with the
> reality of local semantics without (further) damaging global
> interop?
>
Right, such things happen already and it's probably much more common
than we'd like to admit. I've seen this deployed first hand (you
should see how we overloaded the GRE sequence number and checksum
fields to hold our own stuff at Google!). There is no interoperability
problem here either, for a large datacenter operator it's just a phone
call to a vendor to get what they want. But in the end, relying on
"local semantics", especially when that means proprietary protocols or
non-interoperability, is self defeating. It's better to use open
standard protocols or at least have a path to that. In the case of
GRE, the fields we could overload are limited and hence that was the
motivation to create GUE.

I don't think it's within the purview of IETF to prevent people from
hacking IETF protocols, but neither do I think that IETF should go out
of its way to facilitate, codify, or sanction such practises. Grant
it, there is subtly here. For instance, there are experimental
protocol numbers and experimental option values define in IP; Geneve,
on the other hand, explicitly allows vendor specific options to "allow
for differentiation of products by encouraging independent development
in each vendor's core specialty". In both instances the protocol has
hooks that could leveraged to implement a proprietary protocol per
local policy, but, on paper at least, the former is only for
experimentation and the latter explicitly facilitates proprietary
protocols.

So maybe Internet protocols should (continue to) be specified assuming
it runs in a network where everyone conforms to the protocols, has
minimal dependencies on other protocol layers or deployment
conditions, and doesn't acknowledgement proprietary protocols. This is
consistent with the fundamental goal of defining standard, open,
interoperable protocols for the Internet. Related documents (like
BCPs) describe how protocols can be deployed in the real world
circumstances. So it a limited domain can be specified in normative
language (I'm not yet convinced it can be) then we should see a number
of drafts on how to deploy standard protocols in limited domains.

Tom

> Again, thanks, this is very helpful.
>
>    Brian
>
>>
>> Tom