Re: [Int-area] Fwd: I-D Action: draft-carpenter-limited-domains-02.txt

[Brian E Carpenter <brian.e.carpenter@gmail.com>]

Tom,

Thanks for the comments. See in-line:

On 15/08/2018 12:00, Tom Herbert wrote:
> On Mon, Aug 13, 2018 at 7:07 PM, Brian E Carpenter
...
>>
> Hi Brian, thanks for the draft.
> 
> A couple general points:
> 
> * It's unclear to me what it means for a protocol to only work in a
> limited domain. I think there is a big difference between describing
> how a standard protocol _could_ be deployed in a limited domain for
> good effect, versus defining a standard protocol that can _only_
> operate correctly in a limited domain. 

Agreed. This is exactly why our next step is planned to be
a taxonomy of the various aspects, to try and separate
these issues.

> Most of the examples in section
> 4 are describing deployment of protocols seem to fall in the first
> category where protocol deployment might only be feasible in limited
> domain, but the definition of the protocol does not require a limited
> domain. For instance, the fact that extension headers is not
> deployable by the Internet, but may work in a limited domain, is
> happenstance on how things evolved. It was never the intent of
> extension headers to only be used in limited domains,

Correct.

> neither do I
> believe there is value in respecifying extension headers as such (I

I'd be very unlikely to do that, personally. But there might be
*semantics* that only apply within a domain. (That is how we
designed diffserv, whereas the original IPv4 TOS design was
supposed to be universal, I believe.)

> still believe problems that prevent use on the Internet should be
> fixed).

I wish that I had confidence that this could be achieved, but
there is an ongoing tension between innovation and firewall rules.

> On the other hand, something like extension header insertion
> would require a protocol to be specified to only work in a limited
> domain since that would otherwise break some fundamental requirements
> of IPv6.

Exactly.

> * If we accept that protocols can be defined for use only limited
> domains, what becomes of the priniciple of interoperability? Does this
> open up the possibility that "limited domain" could mean that any
> possible variant of a protocol is allowed per the "local policy" of
> the domain? 

That's a central question. I think the other way of looking at
it is: is it better to recognise that local semantics exist, and
figure out how to contain them, or is it better to simply
say "don't do that"?

> A limited domain would make anything possible in
> protocols. For instance, someone could decide to switch the soure and
> destination addresses in IP headers in a limited domain as a local
> policy. As long as the requirements of a limited domain is enforced
> this is completely feasible (note a limited domain could be defined by
> an island in the network having only one vendor solution). So then
> does a limited domain become a vehicle for vendors to define and
> deploy their own value-add protocol extensions without regard to
> interoperability? The open endedness of "local policy" alluded to in
> the SR protocol draft as well as some statement concerning the use of
> network slices by mobile operators that are run by a single hardware
> vendor are noteworthy.,

Absent protocol police, we can't actually stop people doing such
things, can we? So the question is how can we best deal with the
reality of local semantics without (further) damaging global
interop?

Again, thanks, this is very helpful.

   Brian

> 
> Tom