IETF Logo Mail Archive

Re: [Ioam] Internal WG Review: In-situ OAM (ioam)

"Carlos Pignataro (cpignata)" <cpignata@cisco.com> Fri, 10 February 2017 15:20 UTC

Return-Path: <cpignata@cisco.com>
X-Original-To: ioam@ietfa.amsl.com
Delivered-To: ioam@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 362D712998A; Fri, 10 Feb 2017 07:20:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.523
X-Spam-Level:
X-Spam-Status: No, score=-14.523 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2b1F1rXX-WkU; Fri, 10 Feb 2017 07:20:00 -0800 (PST)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98F131299A3; Fri, 10 Feb 2017 07:19:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3860; q=dns/txt; s=iport; t=1486739999; x=1487949599; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=u1qhT78fiDX14jnYZJ1LSgs63jmQdc+SAYcIEBQ6qnI=; b=dWf8OPGrNzBRImv5zrKEn6E8EJBQ6MGTg7VvVWWQvXI4c66vFlvJfeXz crDCzhsqon9rlSpdUIJ48PDezzDM5BB2tEo67Z2ljzFpHZ6vr4vBedb0y RY5O2SciMGCt6l3PJQ9J1QzYecApdoqrzMvntbCLo1xhuAPfozDAXQN7l g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0B4AwDR2J1Y/49dJa1eGQEBAQEBAQEBAQEBBwEBAQEBg1KBageDUpwUlTaCDYYiAhqCX0EWAQIBAQEBAQEBYiiEaQEBAQMBIxEzEgULAgEIGAICJgICAjAVEAIEDgWJcAiwA4Ili1ABAQEBAQEBAQEBAQEBAQEBAQEBAQEdgQuFQYIFgmqHWi6CMQWVVIYeAYoOiAWRBZMUASYHKn5PFU0BhjB1iRKBDAEBAQ
X-IronPort-AV: E=Sophos;i="5.35,142,1484006400"; d="scan'208";a="384042641"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Feb 2017 15:19:58 +0000
Received: from XCH-RTP-004.cisco.com (xch-rtp-004.cisco.com [64.101.220.144]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id v1AFJw9A009340 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 10 Feb 2017 15:19:58 GMT
Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-004.cisco.com (64.101.220.144) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Fri, 10 Feb 2017 10:19:57 -0500
Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1210.000; Fri, 10 Feb 2017 10:19:56 -0500
From: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
To: Adrian Farrel <adrian@olddog.co.uk>
Thread-Topic: [Ioam] Internal WG Review: In-situ OAM (ioam)
Thread-Index: AQHSgjmziLYbR6WLQk6B61NU2m1JJqFhgq0A///ULoCAAVKhgIAAAhIAgAAGFoA=
Date: Fri, 10 Feb 2017 15:19:56 +0000
Message-ID: <245E4E88-DBE4-49E5-A05E-EB46C0BF2928@cisco.com>
References: <148657872835.4362.4208222446069276322.idtracker@ietfa.amsl.com> <87206d4b-9b2c-f44c-754c-628e8c8e8887@cs.tcd.ie> <E23424A5-D78F-4680-B542-34CD6BC59862@cisco.com> <30D731F6-7073-486B-9395-BF1FC31F004C@cisco.com> <0be201d283ae$1b120680$51361380$@olddog.co.uk>
In-Reply-To: <0be201d283ae$1b120680$51361380$@olddog.co.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.150.48.110]
Content-Type: text/plain; charset="utf-8"
Content-ID: <136163A5E5D6304DACC2E146CFBA0D6D@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ioam/7AfWrB8pSSsRZcDfqKx7CQyzjM4>
Cc: "Alvaro Retana (aretana)" <aretana@cisco.com>, "ioam@ietf.org" <ioam@ietf.org>, The IESG <iesg@ietf.org>, The IAB <iab@iab.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [Ioam] Internal WG Review: In-situ OAM (ioam)
X-BeenThere: ioam@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion on In-Situ OAM <ioam.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ioam>, <mailto:ioam-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ioam/>
List-Post: <mailto:ioam@ietf.org>
List-Help: <mailto:ioam-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ioam>, <mailto:ioam-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Feb 2017 15:20:02 -0000

> On Feb 10, 2017, at 9:58 AM, Adrian Farrel <adrian@olddog.co.uk> wrote:
> 
>>>> 1) I'm sure there are good things one can do with such
>>>> marking, but it is very unclear to me how this proposal
>>>> doesn't also fall afoul of all the privacy downsides of
>>>> the SPUD/PLUS proposal. My understanding of those privacy
>>>> downsides was that any generic/extensible marking scheme
>>>> (whether of packets or transport connections/flows) could
>>>> easily be abused in many privacy unfriendly ways. Note
>>>> that I'm not claiming there is IETF consensus on that
>>>> but I do claim it was a significant issue for SPUD/PLUS
>>>> and would like to know why (and hope) it is not an issue
>>>> here. Can someone help me understand what's different here
>>>> so we avoid that same kind of mega-debate?
>> 
>> Note that this proposal concerns itself with OAM information, and not as a
>> generic container for all-things. It is not for application information.
> 
> Hmmm.
> Once you define a channel to carry other stuff along with data packets it will be used for purposes as yet undreamed of.

I understand that — which is true pretty much for any new protocol field.

I was curious to see if there were more specifics on the PLUS discussion beyond this that particularly apply to IOAM.

> 
> To give you a hint...
> 
> The SFC's NSH can carry metadata along with data packets in order that service functions can coordinate their actions and receive hints from packet classifiers.
> 
> A recent question was...
> Suppose an application that s sourcing packets wishes to communicate with an application receiving those packets in order to explain how the packets should be treated. Could it use the NSH and put information in the metadata even though there is no service function chain involved and no service functions on the path?

Right. This example depicts a use beyond the original goal. Could any IP option be used to carry other data? 

In the NSH example, the question is about using an SFC metadata channel as an inter-SF signaling (configuration?) channel, and application-to-application communication channel. I have thoughts about this, starting from the fact that if there is no SFP there is no data, and if there’s no data there’s no metadata, and the metadata field carries, well, metadata. But posing the question does not render the NSH as not useful for carrying SFP contextual data.

For IOAM, the data to be carried is well specified OAM data. 

> 
> So, if you open a channel, it will be used.
> Will it also provide a covert channel? Who can say?
> 

A protocol specification would need to address these security and privacy considerations. Which part of this ought to be codified in the charter?

Thanks!

— Carlos.

> Adrian
> 
>

v2.23.0 | Report a Bug | By Email