Re: [IPFIX] FW: CALL FOR ADOPTION: An Update to the tcpControlBits IP Flow Information Export (IPFIX) Information Element
Benoit Claise <benoit.claise@huawei.com> Mon, 23 January 2023 09:15 UTC
Return-Path: <benoit.claise@huawei.com>
X-Original-To: ipfix@ietfa.amsl.com
Delivered-To: ipfix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16EDFC151553; Mon, 23 Jan 2023 01:15:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.087
X-Spam-Level:
X-Spam-Status: No, score=-4.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ynRMaZEGsXbU; Mon, 23 Jan 2023 01:15:49 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6DCFC15154E; Mon, 23 Jan 2023 01:15:48 -0800 (PST)
Received: from frapeml500001.china.huawei.com (unknown [172.18.147.226]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4P0krx42Pfz6J673; Mon, 23 Jan 2023 17:12:33 +0800 (CST)
Received: from [10.206.138.26] (10.206.138.26) by frapeml500001.china.huawei.com (7.182.85.94) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Mon, 23 Jan 2023 10:15:43 +0100
Content-Type: multipart/alternative; boundary="------------J7A9fWEKWOnEEqb4KU4tQOp9"
Message-ID: <a8fe2071-007a-03be-d774-6a0ead8bcc22@huawei.com>
Date: Mon, 23 Jan 2023 10:15:38 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1
Content-Language: en-GB
To: mohamed.boucadair@orange.com, "Aitken, Paul" <paitken=40ciena.com@dmarc.ietf.org>, "Joe Clarke (jclarke)" <jclarke=40cisco.com@dmarc.ietf.org>, "ipfix@ietf.org" <ipfix@ietf.org>, opsawg <opsawg@ietf.org>
References: <BN9PR11MB5371AE16F09AC97CD2581D57B8C69@BN9PR11MB5371.namprd11.prod.outlook.com> <BN9PR11MB5371003F0C6355A092C1F7F3B8C49@BN9PR11MB5371.namprd11.prod.outlook.com> <0b3be31a-9f71-3e4d-44e6-c51439558401@ciena.com> <17168_1674458193_63CE3451_17168_145_4_b9185d07c7894481a4194820c4e57ce4@orange.com>
From: Benoit Claise <benoit.claise@huawei.com>
In-Reply-To: <17168_1674458193_63CE3451_17168_145_4_b9185d07c7894481a4194820c4e57ce4@orange.com>
X-Originating-IP: [10.206.138.26]
X-ClientProxiedBy: dggems703-chm.china.huawei.com (10.3.19.180) To frapeml500001.china.huawei.com (7.182.85.94)
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipfix/FcDyH0AOlWDL0qSlbhgNiNSe_O4>
Subject: Re: [IPFIX] FW: CALL FOR ADOPTION: An Update to the tcpControlBits IP Flow Information Export (IPFIX) Information Element
X-BeenThere: ipfix@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IPFIX WG discussion list <ipfix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipfix>, <mailto:ipfix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipfix/>
List-Post: <mailto:ipfix@ietf.org>
List-Help: <mailto:ipfix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipfix>, <mailto:ipfix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Jan 2023 09:15:53 -0000
Hi Paul,
Thanks for engaging.
On top of what Med mentioned... When you mention "non-interoperable
IPFIX devices", I would like to understand which interoperability risk
do we speak about
1. the IPFIX protocol. Not really
2. the Exporter. It should export what it observes.
3. the Collector. You mean the correlation of tcpControlBits IPFIX IE
coming from different Exporters with different TCP capabilities, right?
Unless you know the TCP capabilities of each Exporter, you won't know.
Is IPFIX the right protocol to solve that interop issues, by using
different IPFIX IEs for different capabilities for each new bit
allocaiton? I tend to believe it's not. See point 2 above. IIRC, you
tend to believe it's not:
"If we want to put IPFIX's tcpControlBits under IANA's control with
an IPFIX Information Element which follows IANA's TCP Header Flags
specification, then a new Information Element should be allocated.
However this seems dangerous since the same could happen again: an
in-use bit could be marked as "Reserved" then re-allocated for a
different purpose, and we'd have non-interoperable IPFIX devices."
Regards, Benoit
On 1/23/2023 8:16 AM, mohamed.boucadair@orange.com wrote:
>
> Hi Paul, all,
>
> Thank you for sharing your thoughts.
>
> If we follow the reasoning below, the IETF should never publish
> RFC7125 to fix the misalignment issue that was in RFC5102! It is
> unfortunate that the fix in 7125 is broken (which is fair because
> there was no complete (*) TCP flag registry at that time).
>
> RFC7125 is broken not only because it reflects a stale interpretation
> of the flags and also because it leaves the room for an exporter to
> decide to not export some flags as observed, which is suboptimal
> (e.g., DDoS detection/mitigation).
>
> The proposal does not require an exporter to associate a meaning with
> the flags. So, no implementation change will be needed in the future
> when a new flag is associated with a meaning or deprecated. The
> behavior of the exporter is thus simplified and will always reflect
> what was observed.
>
> (*): There was actually the registry create by rfc3540, but that
> registry is incomplete. We fixed that in TCPM as you can see here:
> https://mailarchive.ietf.org/arch/msg/tcpm/RK1ixEOA6HaP7TGmtNLXGI2RBdM/.
>
> Cheers,
>
> Med
>
> *De :*OPSAWG <opsawg-bounces@ietf.org> *De la part de* Aitken, Paul
> *Envoyé :* vendredi 20 janvier 2023 23:03
> *À :* Joe Clarke (jclarke) <jclarke=40cisco.com@dmarc.ietf.org>;
> ipfix@ietf.org; opsawg <opsawg@ietf.org>
> *Objet :* Re: [OPSAWG] [IPFIX] FW: CALL FOR ADOPTION: An Update to the
> tcpControlBits IP Flow Information Export (IPFIX) Information Element
>
> As a co-author of many of the IPFIX RFCs, expert reviewer for IANA,
> and author of IPFIX code, I disagree with the premise that the current
> tcpControlBits definition is problematic for interoperability because
> some values have since been deprecated.
>
> Rather, the interoperability risk is in making non backwards
> compatible changes to the existing definition.
>
> Since IANA has changed bit 7 from Nonce Sum to "Reserved for future
> use" rather than deprecating it, a time will come when it's allocated
> for a future purpose. This will guarantee non-interoperability since
> new IPFIX devices will export the bit with a different meaning than
> existing / old devices.
>
> There may be many devices in the field which cannot be found or
> updated which will continue to export the existing tcpControlBits
> definition. It's impossible to guarantee that all such devices have
> been updated or removed. And all existing IPFIX code libraries must be
> updated.
>
> If we want to put IPFIX's tcpControlBits under IANA's control with an
> IPFIX Information Element which follows IANA's TCP Header Flags
> specification, then a new Information Element should be allocated.
> However this seems dangerous since the same could happen again: an
> in-use bit could be marked as "Reserved" then re-allocated for a
> different purpose, and we'd have non-interoperable IPFIX devices.
>
> TLDR: this document should not be adopted.
>
> P.
>
>
>
> On 19/01/2023 16:53, Joe Clarke (jclarke) wrote:
>
> Forwarding to ipfix@ for more eyes on this. Please reply to
> opsawg@ with any comments or questions.
>
> Joe
>
> *From: *OPSAWG <opsawg-bounces@ietf.org>
> <mailto:opsawg-bounces@ietf.org> on behalf of Joe Clarke (jclarke)
> <jclarke=40cisco.com@dmarc.ietf.org>
> <mailto:jclarke=40cisco.com@dmarc.ietf.org>
> *Date: *Tuesday, January 17, 2023 at 11:24
> *To: *opsawg@ietf.org <opsawg@ietf.org> <mailto:opsawg@ietf.org>
> *Subject: *[OPSAWG] CALL FOR ADOPTION: An Update to the
> tcpControlBits IP Flow Information Export (IPFIX) Information Element
>
> Happy new year, all. One of the AIs that slipped through the
> cracks coming out of 115 was a call for adoption for
> draft-boucadair-opsawg-rfc7125-update. One of the asks of Med at
> 115 was to look at what else might need to be done from an IE
> registry standpoint. He replied on-list to that a while ago:
>
> “Yes, I had a discussion with Benoît during the IETF meeting to
> see how to handle this. We agreed to proceed with at least two
> documents:
>
> 1.draft-boucadair-opsawg-rfc7125-update to update the TCP IPFIX RFC.
>
> 2.Edit a second draft to “clean” other entries in registry. This
> document is intended to include only simple fixes and which do not
> require updating existing RFCs. The candidate list of these
> proposed fixes can be seen
> athttps://boucadair.github.io/simple-ipfix-fixes/draft-boucla-opsawg-ipfix-fixes.html
> [boucadair.github.io]
> <https://urldefense.com/v3/__https:/boucadair.github.io/simple-ipfix-fixes/draft-boucla-opsawg-ipfix-fixes.html__;!!OSsGDw!LkWh3arGpjhY0BhtBQQEOpjN2jc6-afzgtS4ayYuPzwMArRuEkQ2oQm0fbyN9Ahsfr7VDwsr4wHSm8sseJONI6J3rDFp$>.
> New IEs, if needed, will be moved to a separate document.
> simple-ipfix-fixes may or may not be published as an RFC.”
>
> So, let this serve as a two-week call for adoption for the
> existing draft-boucadair-opsawg-rfc7125-update document. Please
> reply on-list with your comments, support, or dissent by January
> 31, 2023.
>
> Thanks.
>
> Joe
>
>
>
> _______________________________________________
>
> IPFIX mailing list
>
> IPFIX@ietf.org
>
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/ipfix__;!!OSsGDw!LkWh3arGpjhY0BhtBQQEOpjN2jc6-afzgtS4ayYuPzwMArRuEkQ2oQm0fbyN9Ahsfr7VDwsr4wHSm8sseJONI1lLXvEo$ <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/ipfix__;!!OSsGDw!LkWh3arGpjhY0BhtBQQEOpjN2jc6-afzgtS4ayYuPzwMArRuEkQ2oQm0fbyN9Ahsfr7VDwsr4wHSm8sseJONI1lLXvEo$> [ietf[.]org]
>
> _________________________________________________________________________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
>
> _______________________________________________
> IPFIX mailing list
> IPFIX@ietf.org
> https://www.ietf.org/mailman/listinfo/ipfix
- [IPFIX] FW: CALL FOR ADOPTION: An Update to the t… Joe Clarke (jclarke)
- Re: [IPFIX] FW: CALL FOR ADOPTION: An Update to t… Aitken, Paul
- [IPFIX] Review of draft-boucla-opsawg-ipfix-fixes Aitken, Paul
- Re: [IPFIX] FW: CALL FOR ADOPTION: An Update to t… mohamed.boucadair
- Re: [IPFIX] FW: CALL FOR ADOPTION: An Update to t… Benoit Claise
- Re: [IPFIX] Review of draft-boucla-opsawg-ipfix-f… mohamed.boucadair
- Re: [IPFIX] Review of draft-boucla-opsawg-ipfix-f… Aitken, Paul
- Re: [IPFIX] Review of draft-boucla-opsawg-ipfix-f… mohamed.boucadair