Re: [ippm] Erik Kline's Discuss on draft-ietf-ippm-ioam-ipv6-options-09: (with DISCUSS and COMMENT)
Martin Duke <martin.h.duke@gmail.com> Fri, 24 March 2023 01:26 UTC
Return-Path: <martin.h.duke@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21730C14CE30; Thu, 23 Mar 2023 18:26:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7DlUgo54-G7e; Thu, 23 Mar 2023 18:26:43 -0700 (PDT)
Received: from mail-ua1-x932.google.com (mail-ua1-x932.google.com [IPv6:2607:f8b0:4864:20::932]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AEA7C15C296; Thu, 23 Mar 2023 18:25:17 -0700 (PDT)
Received: by mail-ua1-x932.google.com with SMTP id i22so415249uat.8; Thu, 23 Mar 2023 18:25:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1679621116; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=eyMOQpS3rORfKX0YVSqz29872g9Eau9RUt0O2Tnwfn0=; b=RHtHHZUJt2jDq5FAA229UYQ5wQCwTSt2k3k1Z5gezu33JSubIpAzt4xD1oIDpXxEOf oai/FYTyeijNR1+N+s+X1xa9K+z4gUvfx1dGP9JBQTtP6VJq4fytx0mHxQ287A+ITAFX WgcAKvXR6vdfRWdG4LPYokq+jLemfIM380uOt5CBQEzBdjvSSXmyy3Bysi08RixGXKD9 FSXhRGPsn29EvDaGHY3KNEM+K1WEKOEQLuQkFTOG8gUVb+NtI9A6dXK6uZMmh91mWTPw pNf3ewDfPFeWXZS2BYns8kmYNC9/7C+xlSwA3/uZ+vnDvQ1pNGfGbwl2SUnpBKX7jyIt 9p6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679621116; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=eyMOQpS3rORfKX0YVSqz29872g9Eau9RUt0O2Tnwfn0=; b=vtvbSqwLxkxi+5eiSNYaABBvI60W3qDaccHanZ43KS1ia698LgQKAaCPaeDRMKCeVv /v5D46wuc47KmP4ii3D29CE10s5jC7IBQXXFg/RyVEVZjRW3N94m3/eMTr5gmZpMbd42 CAmNRhuVoU1a3DpPfmfUypCIfSQfJXhOK0PzvdFhLKJ9wZs5hgMGDA5kRKvIZzxQJppq 7XZcBfsx5BSuMVKtDRaDNcXklnU8dlqjvF7GaQlJfIKAYxEkDgbJ4OtyhNZDgZhCePCz 6Pa9UU43cK80iXG0+r9b/TaPqRDLymS1gXNQhT8sKMgngPkOGWtzq3/WX1TmUjUBPyci jFOw==
X-Gm-Message-State: AAQBX9fLTQqn8ggTslTOeV+mR6ZNwHghDDauqCtlg/B0Ran4Ic5DwJYc csjQCow8iARL1nPA6l7xhTW8+75jPiasTJbJwDU=
X-Google-Smtp-Source: AKy350bMO4P6ylZ9UBFKTRVPmndRlRe9nZXyowvvjVljly2LihQiIPX0+fqkaDi+6j7r4odbrPXYgxTrIi4Dry5Ga9c=
X-Received: by 2002:a9f:350d:0:b0:764:64c1:9142 with SMTP id o13-20020a9f350d000000b0076464c19142mr3911996uao.0.1679621115666; Thu, 23 Mar 2023 18:25:15 -0700 (PDT)
MIME-Version: 1.0
References: <166987457506.51565.101426441168688104@ietfa.amsl.com> <CAMGpriX5pKoxfx+gDWdwmESY8tpiQdUV21eU5qG8f4+2x_fvFw@mail.gmail.com> <MWHPR11MB131132B6A76EC85A65930993DAF09@MWHPR11MB1311.namprd11.prod.outlook.com> <CAM4esxSSf6gT4Nsa9-jLJ7Atza2e7R_D09Rir_i_0rji8Giqjg@mail.gmail.com>
In-Reply-To: <CAM4esxSSf6gT4Nsa9-jLJ7Atza2e7R_D09Rir_i_0rji8Giqjg@mail.gmail.com>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Thu, 23 Mar 2023 18:25:05 -0700
Message-ID: <CAM4esxSvL6EGX9MMeQdBq2cDiq_Gu0fAMvwC9yJ2Rs8E4Nm6yA@mail.gmail.com>
To: "Frank Brockners (fbrockne)" <fbrockne=40cisco.com@dmarc.ietf.org>
Cc: Erik Kline <ek.ietf@gmail.com>, The IESG <iesg@ietf.org>, draft-ietf-ippm-ioam-ipv6-options@ietf.org, IPPM Chairs <ippm-chairs@ietf.org>, IETF IPPM WG <ippm@ietf.org>, Marcus Ihlar <marcus.ihlar@ericsson.com>
Content-Type: multipart/alternative; boundary="000000000000f4e7d305f79b43da"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/Gipci_H91kd8wpTBlup--1JcP10>
Subject: Re: [ippm] Erik Kline's Discuss on draft-ietf-ippm-ioam-ipv6-options-09: (with DISCUSS and COMMENT)
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Mar 2023 01:26:44 -0000
Ping On Fri, Mar 17, 2023, 09:54 Martin Duke <martin.h.duke@gmail.com> wrote: > Erik, does the latest version of this draft address your DISCUSS? > > On Fri, Dec 30, 2022 at 6:42 AM Frank Brockners (fbrockne) <fbrockne= > 40cisco.com@dmarc.ietf.org> wrote: > >> Hi Erik, >> >> Thanks a lot for your review. Please see inline. >> >> > -----Original Message----- >> > From: Erik Kline <ek.ietf@gmail.com> >> > Sent: Thursday, 1 December 2022 07:36 >> > To: Erik Kline <ek.ietf@gmail.com> >> > Cc: The IESG <iesg@ietf.org>; >> draft-ietf-ippm-ioam-ipv6-options@ietf.org; >> > ippm-chairs@ietf.org; ippm@ietf.org; marcus.ihlar@ericsson.com >> > Subject: Re: Erik Kline's Discuss on >> draft-ietf-ippm-ioam-ipv6-options-09: (with >> > DISCUSS and COMMENT) >> > >> > I reviewed what approach SRH took w.r.t. AH. It might suffice if this >> document >> > added a section like RFC 8754 S7.5, but I'm not sure yet. >> > Something to think about, though... >> >> ...FB: SRv6 and IOAM are indeed similar in their deployment focus. The >> both operate in limited domains (per RFC8799). And much like you, IMHO the >> approach would solve the issue with AH. >> >> Following your suggestion, we could add a section to >> draft-ietf-ippm-ioam-ipv6-options similar to RFC 8754 S7.5 that explains >> that due to IOAM's focus on limited domains only, IOAM only applies to >> deployments which do not use the Authentication Header. Operators who >> desire to protect the integrity of IOAM data, could leverage >> draft-ietf-ippm-ioam-data-integrity. >> Is this approach generally agreeable? If so we'll add it to the next >> revision. >> >> In addition, I fully agree to your note about clarifying that the IOAM >> encapsulating node MUST add the entire IPv6 option data - including fields >> that are supposed to be updated by other nodes. >> >> And a side note: Dropping support for the "incremental trace option" for >> IPv6 could be done of course, but would be really unfortunate, because we >> limit the applicability of IOAM. The option was created to help with >> efficient hardware implementations of IOAM. For hardware it is much easier >> to write to a fixed location in the packet (along with splitting and >> re-joining the parts) rather than do a pointer lookup of where to insert >> the data and then fill in the data. BTW - Below you state that >> "Specifically, only the Option Data (not Option Length) is allowed to >> change": Could you point me to the paragraph in RFC 8200 that forbids the >> change in length? I did not find any text to that regard. >> >> Thanks, Frank >> >> >> > >> > On Wed, Nov 30, 2022 at 10:02 PM Erik Kline via Datatracker >> > <noreply@ietf.org> wrote: >> > > >> > > Erik Kline has entered the following ballot position for >> > > draft-ietf-ippm-ioam-ipv6-options-09: Discuss >> > > >> > > When responding, please keep the subject line intact and reply to all >> > > email addresses included in the To and CC lines. (Feel free to cut >> > > this introductory paragraph, however.) >> > > >> > > >> > > Please refer to >> > > >> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-posi >> > > tions/ for more information about how to handle DISCUSS and COMMENT >> > > positions. >> > > >> > > >> > > The document, along with other ballot positions, can be found here: >> > > https://datatracker.ietf.org/doc/draft-ietf-ippm-ioam-ipv6-options/ >> > > >> > > >> > > >> > > ---------------------------------------------------------------------- >> > > DISCUSS: >> > > ---------------------------------------------------------------------- >> > > >> > > # Internet AD comments for draft-ietf-ippm-ioam-ipv6-options-09 >> > > CC @ekline >> > > >> > > * Thanks to 6MAN chairs Bob, Ole, and Jen for their last-minute >> > > "IPv6 Directorate" reviews. Some of their comments are reflected >> below. >> > > >> > > * There was kind of leaning toward concluding that the rewriting of a >> > > Hop-by-Hop option's size was both against the spirit of RFC 8200 and >> > > not actually against the letter. I'm not sure that's actually the >> case >> > > and so my biggest DISCUSS is this point (more below). >> > > >> > > ## Discuss >> > > >> > > ### S4 >> > > >> > > * I don't think the Incremental Trace Option is something that can be >> > > supported by current text in RFC 8200. While is makes sense to >> have this >> > > behavior described in RFC 9197, I don't think IPv6 HbH can support >> it. >> > > >> > > My rationale for seeing this as a protocol violation is as follows. >> > > >> > > - RFC 8200 S4.2 says this about the on-path mutability bit and the >> > > expectations that result: >> > > >> > > """ >> > > The third-highest-order bit of the Option Type specifies >> whether or >> > > not the Option Data of that option can change en route to the >> > > packet's final destination. When an Authentication header is >> present >> > > in the packet, for any option whose data may change en route, >> its >> > > entire Option Data field must be treated as zero-valued octets >> when >> > > computing or verifying the packet's authenticating value. >> > > """ >> > > >> > > - Specifically, only the Option Data (not Option Length) is >> allowed to >> > > change. Any AH header, for example, would still have processed >> the >> > > entire option with only the Data being zeroed -- the existence >> of the >> > > option and the length of it would still have been part of the AH >> > > computation. >> > > >> > > Unless there's some misunderstanding here I think this option would >> need >> > > removing from the document. >> > > >> > > * I think text needs to be added to make it clear that whatever >> options are >> > > used they MUST be added, though not necessarily "filled in", by the >> > > originator of the packet (the node bearing the interface assigned >> the >> > > outermost Source Address). >> > > >> > > The reasoning here again is the defined behavior of AH processing. >> Any >> > > options, even on-path mutable ones, MUST be present in the >> Hop-by-Hop >> > > option when an AH is computed. >> > > >> > > >> > > ---------------------------------------------------------------------- >> > > COMMENT: >> > > ---------------------------------------------------------------------- >> > > >> > > >> > > ## Comments >> > > >> > > ### S5.1 >> > > >> > > * In C2: "domain SHOULD ensure that the addition of OAM information >> does >> > not >> > > lead to fragmentation of the packet" >> > > >> > > This should probably be rephrased to be more IPv6-compatible (as >> there is >> > > no on-path fragmentation). Perhaps: >> > > >> > > "does not lead to an ICMP Packet To Big error message being sent to >> the >> > > originator and the packet being dropped" >> > > >> > > or something to that effect. >> > > >> > > * Also in C2: "exceeds the packet size beyond PTMU" in the domain, >> etc. >> > > >> > > It may be worth noting that any single node can only know the >> configured >> > > MTU of its outgoing links, and that this is why it MUST be a >> domain-managed >> > > parameter. >> > > >> > > * C3 appears to create a requirement for some very deep packet >> inspection on >> > > IOAM domain egress. >> > > >> > > Also, if there's going to be talk of ICMPv6 you probably need to >> add a >> > > reference to RFC 4443. >> > > >> > > * With respect to C4, I'd defer to the other IESG comments. >> > > >> > > * C5: this seems like it might be important for a Standards Track >> feature? >> > > >> > > If it were Experimental, perhaps, then there could be text saying >> that >> > > learning how this might best be done was an expected outcome of the >> > > experiment? >> > > >> > > >> > > >> >
- [ippm] Erik Kline's Discuss on draft-ietf-ippm-io… Erik Kline via Datatracker
- Re: [ippm] Erik Kline's Discuss on draft-ietf-ipp… Erik Kline
- Re: [ippm] Erik Kline's Discuss on draft-ietf-ipp… Frank Brockners (fbrockne)
- Re: [ippm] Erik Kline's Discuss on draft-ietf-ipp… Martin Duke
- Re: [ippm] Erik Kline's Discuss on draft-ietf-ipp… Martin Duke