[ippm] Benjamin Kaduk's No Objection on draft-ietf-ippm-route-09: (with COMMENT)

Benjamin Kaduk via Datatracker <noreply@ietf.org> Sat, 08 August 2020 00:21 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: ippm@ietf.org
Delivered-To: ippm@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5849D3A0CDF; Fri, 7 Aug 2020 17:21:15 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benjamin Kaduk via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-ippm-route@ietf.org, ippm-chairs@ietf.org, ippm@ietf.org, Brian Trammell <ietf@trammell.ch>, ietf@trammell.ch
X-Test-IDTracker: no
X-IETF-IDTracker: 7.13.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Benjamin Kaduk <kaduk@mit.edu>
Message-ID: <159684607533.31002.15812261886117245073@ietfa.amsl.com>
Date: Fri, 07 Aug 2020 17:21:15 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/4UmoB5_yJ8q946tRzckbPfsvKRI>
Subject: [ippm] Benjamin Kaduk's No Objection on draft-ietf-ippm-route-09: (with COMMENT)
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Aug 2020 00:21:15 -0000

Benjamin Kaduk has entered the following ballot position for
draft-ietf-ippm-route-09: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-ippm-route/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Section 1

   test.  However, metrics for assessment of path components and related
   performance aspects had not been attempted in IPPM when the [RFC2330]
   framework was written.

nit(?): this seems to be the only place in the document that uses the
phrase "path component", and it was a bit confusing to me.  That is, I'm
used to seeing "path component" being (e.g.) one hop or link in a
multi-link path from source to destination, but the context here
suggests that it might be referring to something more like a single
route within a route ensemble.  I don't have a specific proposed change;
I just wanted to mention that I puzzled over this wording for a bit.

Section 2

   Also, to specify a framework for active methods of measurement which
   use the techniques described in [PT] at a minimum, and a framework
   for hybrid active-passive methods of measurement, such as the Hybrid
   Type I method [RFC7799] described in
   [I-D.ietf-ippm-ioam-data](intended only for single administrative
   domains), which do not rely on ICMP and provide a protocol for
   explicit interrogation of nodes on a path.  [...]

nit: could you remind us that the "Also" refers to the scope of this
work (the previous paragraph started with "The scope is" but there was a
fair bit of intervening stuff between there and here).

   Hop  A Hop MUST contain a Node Identity, and MAY contain arrival and/
      or departure interface identification, round trip delay, and an
      arrival timestamp.

In my head a "hop" is the operation of going from node A to node B,
i.e., the journey and not the destination.  So if we're associating a
node identity with the hop, would we need to say if that's the source or
destination node of the "hop" (or am I just misunderstanding things)?

Section 3.3

   Nmax, the largest value of i needed for a packet to be received at
   Dst (sent between T0 and Tf).  Nmax may be equal to N.

I'm not really sure I understand how Nmax works.  That is, for any given
packet, it has a value for 'i', and that packet may or may not be
delivered.  But with 'i' defined as the limit on the number of hops for
"a specific packet may visit", I don't see how we get to do multiple
tries for the same packet with different 'i', as we would need to do in
order to determine the "largest value of i *needed*" (emphasis mine).
That is, we can set 'i' unreasonably large and that would result in
delivery, but that does not (as I understand it) meet the definition for
Nmax -- Nmax is supposed to be a boundary value for some condition.  I'm
just not entirely clear on exactly what that boundary is, since we're
talking about a specific packet, and my understanding is that we only
get one crack at a specific packet.

   o  t(i,j) Arrival Timestamp (where t(i,j) is ideally supplied by the
      Hop, or approximated from the sending time of the packet that
      revealed the Hop)

I'm getting a bit of deja vu as I write this, but it seems risky to
propose using the term "arrival timestamp" both for something generated
at the Hop and something generated by the sender of the packet, since
that loses information about the accuracy of the value for a given use
case.  Perhaps it's best to reserve the term for the ideal quantity and
leave approximations for the processing pipeline (as opposed to the
measurement pipeline).

Section 3.4

   RTL(i,j,T) is defined as a singleton of the [RFC6673] Round-trip Loss
   between the Node with address = Src and the Node at Hop h(i,j) at
   time T.

Just to check my understanding: does the "singleton" and "at time T"
force us into a logical (boolean) loss metric for this case, as opposed
to a sample-ratio-type loss metric?

Section 3.6

   identities at a minimum.  The models need to be expanded to include
   these features, as well as Arrival Interface ID, Departure Interface
   ID, and Arrival Timestamp, when available.  [...]

Is this expected to occur as future work?  (Is there an I-D worth
referencing?)

Section 4.1

   Internet routing is complex because it depends on the policies of
   thousands of Autonomous Systems (AS).  While most of the routers
   perform load balancing on flows using Equal Cost Multiple Path
   (ECMP), a few still divide the workload through packet-based
   techniques.  The former scenario is defined according to [RFC2991],
   while the latter generates a round-robin scheme to deliver every new
   outgoing packet.  [...]

I was surprised to see "packet-based techniques" refer to a round-robin
scheme for queuing outgoing packets across interfaces, but assume this
just means I need to do more background reading.  Any tips for where to
start?

   Formally, to maintain the same flow in the measurements to a
   particular hop, the Type-P-Route-Ensemble-Method-Variant packets
   should be[PT]:

It's not entirely clear that we need a reference for these attributes;
they seem to be fairly easy to verify independently, IIUC.

   o  TCP case: For IPv4, the fields Src, Dst, port-Src, port_Dst,
      sequence number, and Diffserv Field SHOULD be the same.  For IPv6,
      the field FlowLabel, Src and Dst SHOULD be the same.

Are we happy to pair "to maintain the same flow" (previous paragraph)
with "SHOULD be the same" (here, and subsequent bullet points)?

Section 4.1

   1.  SHOULD occasionally check path portions which have exhibited
       stable results over time, particularly ingress and egress
       portions of the path.

Do we want to give any (e.g., order of magnitude) guidance for
"occasionally"?

Section 4.2

   In addition to node identity, nodes may also identify the ingress and
   egress interfaces utilized by the tracing packet, the time of day
   when the packet was processed, and other generic data (as described

nit: I'd consider "absolute time" over "time of day", since the latter
may have connotations of implying that there is 24-hour-periodic
behavior.  (It may also be subject to local time zone on the node
inserting the value.)

Section 4.3

   1.  Nodes at the ingress to the domain SHOULD be both Discoverable
       and Cooperating, and SHOULD reveal the same Node Identity in
       response to both active and hybrid methods.

The second clause here seems redundant with point (2) that follows.
(Similarly for point (3)'s similar clause.)  That is, the recommendation
to use the same identity for both methods can only ever apply when the
node in question is both Discoverable and Cooperating -- if it's only
one, then there will only be one identity available, and no need for
consistency across methods.

   When Nodes follow these requirements, it becomes a simple matter to

Perhaps a philosophical question, but are "SHOULD"-level directives more
of "requirements" or "guidelines"?

Section 5

   traffic load is not stationary.  Nonetheless, as the first approach,
   a link seems to be congested if, after sending several traceroute
   probes, it is possible to detect congestion observing different
   statistics parameters (e.g., see [IDCong]).  Finally, to recognize

nit: please check the wording of this sentence; I think there may be a
missing word or similar.

Section 6

   every hop.  This procedure could be done for a single Member Route
   flow, with parameter E set as False, or for every detected Route
   Ensemble flow (E=True).

nit: I don't think we define 'E' until the full procedure, a few
paragraphs below.

   made.  Line 8 and 13 set a timer for each cycle of measurements.  A
   cycle comprises the traceroutes packets, considering every possible
   Hop and the alternatives paths in the Alt variable (ensured in lines
   9-12).  [...]

I recognize that this is pseudocode, but "what if the
advanced-traceroute() operation takes longer than the i_t time?"

Section 7

We could consider some bland statement about the measurement
technologies (e.g., ICMP) not providing cryptographic protection for the
requested/returned data, and the risks of processing untrusted data in
general.  This is particularly true for reverse DNS data, used in
determining whether node identities represent the same node or not,
since DNSSEC deployment remains inconsistent (especially for the reverse
zone).

   The security considerations that apply to any active measurement of
   live paths are relevant here as well.  See [RFC4656] and [RFC5357].

(The security considerations of 5357 don't seem to be adding much
discussion, here, though I don't object to referencing it.)

Section 9

Should we intuitively know who the "original 3 authors" are?

Section 11.1

I was surprised to see draft-ietf-ippm-ioam-data in the normative
references section, as all the previous discussion was consistent with
merely an informative reference.

Similarly, RFCs 5388, 5835, 6437, and 7312 do not seem to be referenced
in a fashion that requires a normative reference.