[Ippm-ioam-ix-dt] IOAM Meeting Summary, April 7th, 2021

Tal Mizrahi <tal.mizrahi.phd@gmail.com> Mon, 26 April 2021 07:41 UTC

Return-Path: <tal.mizrahi.phd@gmail.com>
X-Original-To: ippm-ioam-ix-dt@ietfa.amsl.com
Delivered-To: ippm-ioam-ix-dt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FC593A1147 for <ippm-ioam-ix-dt@ietfa.amsl.com>; Mon, 26 Apr 2021 00:41:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9lU5eHI-VHoo for <ippm-ioam-ix-dt@ietfa.amsl.com>; Mon, 26 Apr 2021 00:41:17 -0700 (PDT)
Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 178AC3A1146 for <ippm-ioam-ix-dt@ietf.org>; Mon, 26 Apr 2021 00:41:16 -0700 (PDT)
Received: by mail-wm1-x32f.google.com with SMTP id i21-20020a05600c3555b029012eae2af5d4so4599358wmq.4 for <ippm-ioam-ix-dt@ietf.org>; Mon, 26 Apr 2021 00:41:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=hzxdm5Na070+CEIkNqhtTQ33VOVhaW8C/57quRv/Rl4=; b=gh9IvqXFbD52kD1+lzLuoI4ALyYJ2xqXrhe7128hGnFMdAeLkTprEA3eg0PDSOvAX6 BLQHomoZG9I0Imy0up0oOGeRtQ/DayQQjzGIgYC0HJg7a5fiQ8b5wce9hPRIwbHljR50 23HaVRgLKwh58ve8LMpuwtgeJJMENIA+vehZjXfZkpahj8SaWdECNTInuLKTgtnZAAnd /okIQSIkxs8nl80TdehQ559K4Ouxi2yeotxXaQo8ftUivlB+J5GS018wYrRik2yX6Kj8 FeM5a4Q3arGD+T+M6MonhMvPlEOb9rldE+dhZixRGpegA/6U2CH0LI40g2zDpBe+wzxW Ts1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=hzxdm5Na070+CEIkNqhtTQ33VOVhaW8C/57quRv/Rl4=; b=i6sicVUCFbwqEI4hINs265HOVadbniSZSAPoVrJRuaL/iv5hb8C0ImeHZm38ThF5Oy iziwq3ZBf+dfZWyPTcqaDBsawb/riT+PSEZn2vrITHWw6IMEBUQA40nPS6+AH/dfHfA8 WP9R4jvbnomtdL2r/inIpmBPSSDw5gUaEWyjHHf9wNLv14s4NzMTjiOJg7hhGy9pJf0T rwn7khGJEzxbRjHPGztVKSDqVd+Hf9oEw+8TU9etQQtIfjICuuFNgNIjXW/3QuqhtCVS lDlIKbcKcg4Rs91ekEj7yDf1R6RHuvM6yDYKNXcH9LnzhkhFjkwDLes5EupbKekBN5Ln FGgA==
X-Gm-Message-State: AOAM531WPRtq9k7QDTBPB9lBb3twBVfBs04bu4tcJI701jz4D0Rtyz8N LO35bLGplTOX2VP1wkaxnFReguqivoDdfQDj26NGMLkl89MvSg==
X-Google-Smtp-Source: ABdhPJx6ux/kNAAhIZ20igKiNnPGae5NQG2RT204XMQ7bV1sy/dwmhT0d6GeALO+LEx9x+O3nQyJ6x4d3JoZmwURXRg=
X-Received: by 2002:a1c:f614:: with SMTP id w20mr18180013wmc.70.1619422873616; Mon, 26 Apr 2021 00:41:13 -0700 (PDT)
MIME-Version: 1.0
From: Tal Mizrahi <tal.mizrahi.phd@gmail.com>
Date: Mon, 26 Apr 2021 10:41:01 +0300
Message-ID: <CABUE3X=BCz4J=9+ZACstXP+ttjjbFfMSeX10V7e8X+=9qpDkPw@mail.gmail.com>
To: ippm-ioam-ix-dt@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm-ioam-ix-dt/-33aFiNuTJ-zTztb-qiDNTtY0Dc>
Subject: [Ippm-ioam-ix-dt] IOAM Meeting Summary, April 7th, 2021
X-BeenThere: ippm-ioam-ix-dt@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPPM iOAM Immediate Export \(IX\) design team" <ippm-ioam-ix-dt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm-ioam-ix-dt>, <mailto:ippm-ioam-ix-dt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm-ioam-ix-dt/>
List-Post: <mailto:ippm-ioam-ix-dt@ietf.org>
List-Help: <mailto:ippm-ioam-ix-dt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm-ioam-ix-dt>, <mailto:ippm-ioam-ix-dt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Apr 2021 07:41:19 -0000

...Apologies for not sending this out sooner.


IPPM IOAM Design Team
Virtual meeting
April 7th, 2021, 06:00 UTC
Webex meeting


Attendees:
Frank Brockners, Greg Mirsky, Haoyu Song, Mickey Spiegel, Tal Mizrahi.

Minutes by Tal Mizrahi.


Summary
=======
- Proposed DEX text to address the security issues was discussed. Tal
will update the proposed text.
- Haoyu presented a relatively new individual draft about IOAM E2E RTT
measurement.


Security Discussion
===================
Tal: I sent some proposed text to the mailing list. This text is
intended to be integrated into the DEX draft to address the security
issues that were raised.
https://mailarchive.ietf.org/arch/msg/ippm-ioam-ix-dt/VNTIGmxsRfKVD-OqRVWQ9K483QU/
Mickey: another point that should be added is implementing ACL
filtering in transit nodes.
Tal: so you suggest for transit nodes to check whether they are doing
IOAM processing on exported packets.
Mickey: right, every node between exporter and receiving entity.
Greg: I do not see why this is a problem in the first place.
Mickey: you need to target the exported traffic. ACL is a good start.
Not to include report packets in DEX trigger.
Greg: it depends on what the operator does. The problems we are
dealing with are generic to any exporting. It is true for DEX and for
hybrid two step collection. The operator should control how much
information is collected. Operators can use QoS to indicate whether
exported information is important.
Tal: the problem that was raised was if you export over a tunnel then
intermediate points do not necessarily know which packets are
exported, and their QoS.
Greg: it does not sound like a real scenario. An IOAM transit node
that exports DEX cannot start a new tunnel.
Mickey: I thought the main issue was an exported packet causing
secondary exporting.
Tal: so you agree with the new text about "Exported packets SHOULD not
be exported over a path or a tunnel...".
Mickey: but that is not a valid scenario.
Haoyu: I agree, but it does not hurt to add this sentence.
Micky: it should be generalized and say that we should avoid putting
IOAM on exported packets.
Tal: that makes sense.
Greg: DEX is an exported packet, not an IOAM packet.
Tal: right.
Greg: we need to make it explicit. The DEX exported packet is not an
IOAM packet.
Haoyu: nothing prevents you from adding an IOAM header to exported
packets and collect more data.
Greg: need to require that it does not happen.
Frank: let's put the sentence that exported packets should not be with IOAM.
Tal: right.
Greg: there is no benefit to tagging exported packets with IOAM.
Frank: why does the DEX draft even talk about exporting? You are not
necessarily exporting, but you may be doing internal processing. It is
not necessarily packet replication.
Tal: we may want to say that the exporting format is out of scope, and
specifically we can do aggregation or internal processing.
Frank: we may want to change the name of the document. Change the
state of mind, so that you do not necessarily want to export a packet
for each DEX.
Haoyu: it is more interesting and simpler to export every packet. It
is not clear how you aggregate.
Mickey: there are practical ways you can aggregate, and you do not
have to export everything.
Tal: I agree that we need to add text to clarify this, but this will
not solve the security issue that was raised here.
Frank: right, but still worth clarifying.
Mickey: in some cases you want to correlate across multiple points.
Frank: right, but we need to clarify the text.
Greg: the idea of aggregating data on the node and batch exporting is
interesting. Not specifying how this process is performed may cause
misconfiguration. Either part of the YANG model, or part of the IOAM
header should define this.
Frank: we are sending a DEX option, and there is a separate process
which is how it is exported and processed - this is not specified. We
should focus on the trigger, not on the way you export.
Greg: that is fair. That would be a reasonable scope. There is another
issue which is how to export.
Haoyu: we still need to address Martin's question.
Frank: you can have an informational paragraph about how it is used.
The exporting part would not be a normative part here.
Greg: what would be the normative part?
Frank: the DEX option format.
Greg: hybrid two step is another way of collecting data. If DEX is the
model where IOAM sends data to a collector, then the mechanism of how
to export data can be in another document.
Mickey: hybrid two step has to be in-band, i.e., on the same path as the data.
Greg: not necessarily. Topologically it is in-band, but not
necessarily in-band in QoS.
Mickey: DEX does not mandate a topological path.
Greg: the idea of DEX is that it triggers information from a single
path. Hybrid two-step collects along the path.
Mickey: right, you still need to get the information from the IOAM nodes.
Greg: collection is controlled by the IOAM header.
Mickey: I do not think aggregation should be defined in the spec. If
you just limit the traffic to a percentage of total traffic that
should work well even without aggregation.
Tal: I will add text that says that exporting is out of scope, and
that aggregation and internal processing are also possible.
Mickey: aggregation is a bit misleading. You can combine aggregation
with internal processing. Operator has to decide how to handle this.
Frank: clarify the scope of the document, specifically the abstract.
Greg: I agree.


IOAM E2E RTT Measurement Discussion
===================================
Haoyu presented an individual draft about E2E RTT measurement.
https://datatracker.ietf.org/doc/draft-song-ippm-inband-e2e-rtt-measurement/
Haoyu: we suggest to add a flag to the E2E option that indicates the
destination should reply.
Frank: only for E2E?
Haoyu: yes.
Mickey: but there is only one copy, contrary to the loopback in the flags draft.
Haoyu: the data draft does not specify the flag bits. Either we
allocate flags, or leave the data draft and propose updates to the
format in the current draft.
Greg: why are active OAM protocols not applicable here?
Haoyu: this is a dedicated measurement.
Greg: you are defining a new active protocol. For example sequence number, etc.
Haoyu: a sequence number is already defined there.
Greg: you need to add it. I do not support this. You need fate
sharing. Why do you want to create something that already exists?
Haoyu: are you asking why IOAM is needed?
Greg: you do not want IOAM to add functions that are already done
elsewhere. The use case has already been addressed. It is a test
packet, not a user packet. Why not use TWAMP?
Haoyu: the IOAM E2E is already there, we just want to add a new flag.
Greg: you are building a new protocol.