IETF Logo Mail Archive

Re: [Ioam] [EXT] Stephen Farrell's Block on charter-ietf-ioam-00-02: (with BLOCK and COMMENT)

Haoyu song <haoyu.song@huawei.com> Wed, 15 February 2017 19:41 UTC

Return-Path: <haoyu.song@huawei.com>
X-Original-To: ioam@ietfa.amsl.com
Delivered-To: ioam@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 866C2129531; Wed, 15 Feb 2017 11:41:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YpY2PTy5ZtbF; Wed, 15 Feb 2017 11:41:18 -0800 (PST)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7229D1294F4; Wed, 15 Feb 2017 11:41:17 -0800 (PST)
Received: from 172.18.7.190 (EHLO lhreml706-cah.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DAR58649; Wed, 15 Feb 2017 19:41:15 +0000 (GMT)
Received: from LHREML709-CAH.china.huawei.com (10.201.108.32) by lhreml706-cah.china.huawei.com (10.201.5.182) with Microsoft SMTP Server (TLS) id 14.3.301.0; Wed, 15 Feb 2017 19:41:14 +0000
Received: from SJCEML701-CHM.china.huawei.com (10.208.112.40) by lhreml709-cah.china.huawei.com (10.201.108.32) with Microsoft SMTP Server (TLS) id 14.3.301.0; Wed, 15 Feb 2017 19:41:14 +0000
Received: from SJCEML703-CHM.china.huawei.com ([169.254.5.69]) by SJCEML701-CHM.china.huawei.com ([169.254.3.132]) with mapi id 14.03.0235.001; Wed, 15 Feb 2017 11:41:08 -0800
From: Haoyu song <haoyu.song@huawei.com>
To: "afarrel@juniper.net" <afarrel@juniper.net>, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>, "'Frank Brockners (fbrockne)'" <fbrockne@cisco.com>, 'Tal Mizrahi' <talmi@marvell.com>, 'The IESG' <iesg@ietf.org>
Thread-Topic: [Ioam] [EXT] Stephen Farrell's Block on charter-ietf-ioam-00-02: (with BLOCK and COMMENT)
Thread-Index: AQHSh5SgPVK/B0EoME2vUXXLJTfM+6FqoVeAgAADzACAAAKgAIAAHkOA//+vO9A=
Date: Wed, 15 Feb 2017 19:41:08 +0000
Message-ID: <78A2745BE9B57D4F9D27F86655EB87F9257EC4A0@SJCEML703-CHM.china.huawei.com>
References: <148716051224.17360.14931066801393091893.idtracker@ietfa.amsl.com> <c10463c6506f44c482402ed74a4cbebc@IL-EXCH01.marvell.com> <56e90519-5982-c9fe-9059-6f9e6497ca90@cs.tcd.ie> <6358cd5fa666448bac92fd0770ee45d8@XCH-RCD-008.cisco.com> <e6357ddd-3db0-e6bc-1358-b13c6a47589d@cs.tcd.ie> <072401d287a7$9717c010$c5474030$@juniper.net>
In-Reply-To: <072401d287a7$9717c010$c5474030$@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.193.217.81]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020204.58A4AEDB.027E, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.5.69, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 64e60d8e3bfc18b936b2c0f32abe26d0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ioam/muYzrXLDgkX4MhUhszl8i8AP_gI>
Cc: "ioam@ietf.org" <ioam@ietf.org>, "ioam-chairs@ietf.org" <ioam-chairs@ietf.org>
Subject: Re: [Ioam] [EXT] Stephen Farrell's Block on charter-ietf-ioam-00-02: (with BLOCK and COMMENT)
X-BeenThere: ioam@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion on In-Situ OAM <ioam.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ioam>, <mailto:ioam-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ioam/>
List-Post: <mailto:ioam@ietf.org>
List-Help: <mailto:ioam-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ioam>, <mailto:ioam-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Feb 2017 19:41:20 -0000

I agree that the active management possibility can't be totally excluded. Also, the node doesn't only collect data, but also possibly process the data in order to generate new OAM data. 

I think it's fine to explicitly confine the IOAM into a single domain so the privacy is no longer a concern. This also eliminates many other issues.

Haoyu 

-----Original Message-----
From: Ioam [mailto:ioam-bounces@ietf.org] On Behalf Of Adrian Farrel
Sent: Wednesday, February 15, 2017 8:21 AM
To: 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>; 'Frank Brockners (fbrockne)' <fbrockne@cisco.com>; 'Tal Mizrahi' <talmi@marvell.com>; 'The IESG' <iesg@ietf.org>
Cc: ioam@ietf.org; ioam-chairs@ietf.org
Subject: Re: [Ioam] [EXT] Stephen Farrell's Block on charter-ietf-ioam-00-02: (with BLOCK and COMMENT)

> > my reading of the draft charter is that IOAM would be focused on 
> > gathering data, not interpreting data on network nodes.
> 
> I'm not clear what distinction you're making there sorry.
> (That's likely my ignorance, so sorry again:-)

Or possibly not your ignorance.
"Focused on" may be the catch.
I think it unlikely that a network node is not going to have to examine some fields of the IOAM data in order to discover what it is supposed to do (add an address, add a time stamp, send a response), and also I should expect it has to parse a bit to work out where to place any information that it adds to the data.

Furthermore, I suspect that it is only a matter of time before it is recognised that IOAM provides a cannel that can be used to configure and enable/disable OAM (noting that such a mechanism was found to be useful in MPLS and that it is improbable that a second channel - in addition to the IOAM channel - would be opened for OAM control mechanisms).

> > I.e. IOAM is
> > for operations support *not* for active management of nodes.
> 
> That sounds good, but I think needs to be clearer.

Like I say, I wouldn't put money on that remaining the case. So even if the charter explicitly forbids active management of (OAM on) the nodes, at some point there will need to be a recharter. Given that, you might do well to recognise the fact up front.

> > This is
> > also why SPUD/PLUS are probably orthogonal/complementary, because I 
> > understand those approaches as targeting the communication between 
> > end-system and middle-boxes for control/management purposes.
> 
> The similarity to SPUD/PLUS mainly affects privacy and not the 
> ping-of-death question. Once one can add any label with enough bits in 
> it to a packet then the privacy issues arise.

It may help to give an example or two of where the privacy issue arises.
For example, knowing the path of packets in a network is (possibly) a privacy issue for the owner of the network, but more likely it is a security issue. Is knowledge of the path of the packets a privacy issue for the end-user? I don't think so, but maybe it would open up information about src/dst pairs and so disclose something?
But the IOAM proponents are likely to answer that IOAM is "strictly confined within a domain" and so the information is not visible outside the network *except* as reported by subverted nodes or by network sniffers. It seems to me that there is remarkably little protection available against subverted nodes (maybe every node has to have its own SA with every OAM MEP?), but that sniffers could be thwarted.

Adrian

_______________________________________________
Ioam mailing list
Ioam@ietf.org
https://www.ietf.org/mailman/listinfo/ioam

v2.23.0 | Report a Bug | By Email