IETF Logo Mail Archive

Re: [ippm] WGLC for STAMP Extensions

Greg Mirsky <gregimirsky@gmail.com> Thu, 11 June 2020 14:20 UTC

Return-Path: <gregimirsky@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBE483A08AA for <ippm@ietfa.amsl.com>; Thu, 11 Jun 2020 07:20:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WwHuwyTnYV12 for <ippm@ietfa.amsl.com>; Thu, 11 Jun 2020 07:20:33 -0700 (PDT)
Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF2BB3A08D1 for <ippm@ietf.org>; Thu, 11 Jun 2020 07:20:32 -0700 (PDT)
Received: by mail-lj1-x22f.google.com with SMTP id q19so7135712lji.2 for <ippm@ietf.org>; Thu, 11 Jun 2020 07:20:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=FMsB4aHeZVcy8G+0Vtjn9QOsSqBCotKE5szmGZBkgI0=; b=FpI1FXb8u5xnjpcBpQT9VgDcFdQlG0ant0rZH/IZ9ht1Vm9pXHJSGn8JCcg25nPYXn j9NL54qP6k0N+Y6uEcQkgswtsqQoFigRGPYdOvdN1p7NuRojL5jWgAlktZh7WrdUFVLG Bryci1HXqY61XM45eDaxd0emxEPsx1P3OFA5tcaEdTeTYl3B6IC+je9mbdBuefVVgEVh DXcd/njYjLA+6I9fj3F9DrlPGC525DQdysBwdWO0clAc1vrYE5x3ABAbiyHhLw5Rumh/ thIJZdIEtONos2/R8kEjoQnp6823I44vrAYHYc66h454kWmvaXlp4a2seswx04vTFyfv 4pQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=FMsB4aHeZVcy8G+0Vtjn9QOsSqBCotKE5szmGZBkgI0=; b=tpW+U0hl+3e0YLiiBFTGQrfab+amtKQ2JWVaVB6J6T1E/XiAZGsX4CYxS9nEP5Nqao 9eq/1C47eeFffkIcrkqDeLt2W+XMbkV2SzLaVUom65U3RgUBmVT4JvoicZGiFoay60un h1cmIk2yx5mgwReU0DywEk+rsuH3T+KPMwaBxFUu98kJC+qm3Nc3HNXEXglb3cZ+h5J9 tpUDRNmkA4tJgOUvJc3ljYHkIXIs2gvZv18ZFnWo1PYa1LNRE5qgNzBknLxQcmiTd8yA wla6Osf1DydenBrEUeOXT+wkx+WIkvf9y60JsEaaQtkq1oqAxO9V0T8UjAu68jcnvomB 74jQ==
X-Gm-Message-State: AOAM532zdhjM8l+ql/+qFWeH0x/xMRqGDnMmolFoTjUVH0DIX9mORdtF EfR/suj/zUze5dm0s5fZJInAzJeUzGeyIxZxav8=
X-Google-Smtp-Source: ABdhPJx0yohKZGSKW1ibQn8sInAxN9WflvtzZRArQioa/Kuij2BgTFLIEdJj/smJ8PJAleXEKv6kZEVtuqv/M/kMrVg=
X-Received: by 2002:a2e:3010:: with SMTP id w16mr4535634ljw.8.1591885230668; Thu, 11 Jun 2020 07:20:30 -0700 (PDT)
MIME-Version: 1.0
References: <CAKcm_gMVc88xpkOMmV7L-ybVCBzw+LhNS6Jw3=iB2gutR0ZhxA@mail.gmail.com> <4D7F4AD313D3FC43A053B309F97543CF0108A608DC@njmtexg5.research.att.com> <CA+RyBmW8hHqidEu_Br6zKpsjfQFVcK14ELhebzcCETMO4WQhMA@mail.gmail.com> <4D7F4AD313D3FC43A053B309F97543CF0108A6311B@njmtexg5.research.att.com> <CA+RyBmUsMGTHGyNbDecHjE5M39rfXz5t2VzC8mMjYBM75WQbXw@mail.gmail.com> <CAMZsk6crUg+GWYu8APgdrW6s_+FD8dgJ8+gM+0oB19jSBPgkxA@mail.gmail.com> <CA+RyBmUrpBMGZx=G_s6sAboXi3_QthAMGoL8Ou_YUzJTS78e_Q@mail.gmail.com> <CAMZsk6cp9DUDwuRnd-fY=q2tz8SjeRj64gtKSgvebS8WdzdvOA@mail.gmail.com>
In-Reply-To: <CAMZsk6cp9DUDwuRnd-fY=q2tz8SjeRj64gtKSgvebS8WdzdvOA@mail.gmail.com>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Thu, 11 Jun 2020 07:20:18 -0700
Message-ID: <CA+RyBmX=3AZkimwVK4mL8VeYMaVTyEmUkT-xRzxz7hXN3ee36g@mail.gmail.com>
To: Rakesh Gandhi <rgandhi.ietf@gmail.com>
Cc: "MORTON, ALFRED C (AL)" <acm@research.att.com>, "IETF IPPM WG (ippm@ietf.org)" <ippm@ietf.org>, Ian Swett <ianswett=40google.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b27e3605a7cfa929"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/PM85UQvaaUi-S87xEX2JoLVq-h0>
Subject: Re: [ippm] WGLC for STAMP Extensions
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jun 2020 14:20:37 -0000

Hi Rakesh,
I agree with your scenario. Do you feel that the document, including the
updated text, precludes it? Would you suggest text clarifications?

Regards,
Greg

On Thu, Jun 11, 2020 at 7:13 AM Rakesh Gandhi <rgandhi.ietf@gmail.com>
wrote:

> Thanks Greg.
> SSID can be internally generated by the sender node. Expecting sender node
> to communicate this to the controller and then to the reflector node for
> *each* session may be overkill.
>
> The destination UDP port to use on the reflector node is already
> provisioned value and not any arbitrary port can be used anyways. So that
> should help with such issues.
>
> My 2c.
>
> Thanks,
> Rakesh
>
>
>
> On Wed, Jun 10, 2020 at 9:32 PM Greg Mirsky <gregimirsky@gmail.com> wrote:
>
>> Hi Rakesh,
>> as Al clarified, and I agree with this scenario, a Session-Reflector must
>> be provisioned with a session identifier (some elements, I think, might be
>> specified as a wild card) before the session is commenced. All test packets
>> that do not match the provisioned identifier must be discarded without
>> processing. I've tried to capture that in the latest update sent earlier.
>> What do you think of this scenario?
>>
>> Regards,
>> Greg
>>
>> On Wed, Jun 10, 2020 at 4:36 PM Rakesh Gandhi <rgandhi.ietf@gmail.com>
>> wrote:
>>
>>> Hi Greg, Al,
>>> I am not sure if I follow the scenario.
>>> Between nodes A and B, there can be more than one STAMP sessions, e.g.
>>> {Node-A, Node-B, Src-Port-1, Dst-Port-1, SSID1} and {Node-A, Node-B,
>>> Src-Port-1, Dst-Port-1, SSID2}. I assume this is allowed? If yes, how do we
>>> know when there is now a third session between them with SSID3 (with same 4
>>> tuple), it is a change (from SSID1 or SSID2?) or a new third session?
>>> Thanks,
>>> Rakesh
>>>
>>>
>>>
>>>
>>> On Wed, Jun 10, 2020 at 7:21 PM Greg Mirsky <gregimirsky@gmail.com>
>>> wrote:
>>>
>>>> Hi Al,
>>>> many thanks for your quick response, much appreciated. We'll need some
>>>> more time to discuss your suggestion related to the Access Report TLV. I've
>>>> front-copied the other open issue and added my notes under the tag GIM2>>
>>>> below.
>>>>
>>>>
>>>>
>>>>    An implementation of STAMP Session-Reflector that supports this
>>>>
>>>>    specification SHOULD identify a STAMP Session using the SSID in
>>>>
>>>>    combination with elements of the usual 4-tuple
>>>>
>>>> [acm] <insert> for the session. If the Session-Reflector finds that
>>>>
>>>> the SSID and 4-tuple combination changes during a test session, then
>>>>
>>>> the Session-Reflector MUST discard the non-matching packet(s) and take
>>>>
>>>> no further action on them.
>>>>
>>>>    .  A conforming...
>>>>
>>>> GIM>> We've discussed the scenario and couldn't define how a
>>>> Session-Reflector can distinguish between a new STAMP test session and the
>>>> event of a change in identifiers, i.e., SSID and 4-tuple of the ongoing
>>>> test session. Could you kindly help us here?
>>>>
>>>>
>>>>
>>>> *[acm] Thanks, I’m surprised that a new test session (with new SSID)
>>>> can begin without any Session-Reflector agreement or communication from the
>>>> Session-Reflector’s management interface. Since the Sending address and
>>>> port could be spoofed, Session-Reflectors could receive lots of unexpected
>>>> traffic, if you know what I mean....*
>>>>
>>>> GIM2>> Thank you for the clarification. I was not thinking out of a
>>>> box. Please review the proposed new text below. I hope it captures the
>>>> scenario you've pointed out.
>>>> OLD TEXT:
>>>>    An implementation of STAMP Session-Reflector that supports this
>>>>    specification SHOULD identify a STAMP Session using the SSID in
>>>>    combination with elements of the usual 4-tuple for the session.  A
>>>>    conforming implementation of STAMP Session-Reflector MUST copy the
>>>>    SSID value from the received test packet and put it into the
>>>>    reflected packet, as displayed in Figure 2.
>>>> NEW TEXT:
>>>>    An implementation of STAMP Session-Reflector that supports this
>>>>    specification SHOULD identify a STAMP Session using the SSID in
>>>>    combination with elements of the usual 4-tuple for the session.
>>>>    Before a test session commenced, a Session-Reflector MUST be
>>>>    provisioned with all the elements that identify the STAMP Session.  A
>>>>    STAMP Session-Reflector MUST discard the non-matching STAMP test
>>>>    packet(s).  The means of provisioning the STAMP Session
>>>>    identification is outside the scope of this specification.  A
>>>>    conforming implementation of STAMP Session-Reflector MUST copy the
>>>>    SSID value from the received test packet and put it into the
>>>>    reflected packet, as displayed in Figure 2.
>>>>
>>>> Would the new text address your concern?
>>>>
>>>> Regards,
>>>> Greg
>>>>
>>>>
>>>> On Wed, Jun 10, 2020 at 8:01 AM MORTON, ALFRED C (AL) <
>>>> acm@research.att.com> wrote:
>>>>
>>>>> Hi Greg, Thanks for all replies.
>>>>>
>>>>> Let’s concentrate on those needing some additional thought...
>>>>>
>>>>> Al
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>    An implementation of STAMP Session-Reflector that supports this
>>>>>
>>>>>    specification SHOULD identify a STAMP Session using the SSID in
>>>>>
>>>>>    combination with elements of the usual 4-tuple
>>>>>
>>>>> [acm] <insert> for the session. If the Session-Reflector finds that
>>>>>
>>>>> the SSID and 4-tuple combination changes during a test session, then
>>>>>
>>>>> the Session-Reflector MUST discard the non-matching packet(s) and take
>>>>>
>>>>> no further action on them.
>>>>>
>>>>>    .  A conforming...
>>>>>
>>>>> GIM>> We've discussed the scenario and couldn't define how a
>>>>> Session-Reflector can distinguish between a new STAMP test session and the
>>>>> event of a change in identifiers, i.e., SSID and 4-tuple of the ongoing
>>>>> test session. Could you kindly help us here?
>>>>>
>>>>>
>>>>>
>>>>> *[acm] Thanks, I’m surprised that a new test session (with new SSID)
>>>>> can begin without any Session-Reflector agreement or communication from the
>>>>> Session-Reflector’s management interface. Since the Sending address and
>>>>> port could be spoofed, Session-Reflectors could receive lots of unexpected
>>>>> traffic, if you know what I mean.... *
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ...
>>>>>
>>>>>  …                 | 2     |   Non-3GPP  | This document |
>>>>>
>>>>>                   +-------+-------------+---------------+
>>>>>
>>>>> [acm] these seem overly broad, and unlikely to be extended because
>>>>> they *cover everything*!!
>>>>>
>>>>> GIM>> Here we've turned to our 3GPP expert.. The current (Rel-16)
>>>>> specification of ATSSS defines only two access types - 3GPP and Non-3GPP.
>>>>> Creating a sub-registry and leaving a space for new types might help to
>>>>> accommodate potential changes in 5G specification and the development of
>>>>> new specifications, e.g., 6G, in the future.
>>>>>
>>>>> *[acm] *
>>>>>
>>>>> *Yes, but your examples of 5G and 6G would fall under the general
>>>>> category of “3GPP” (which I accidentally delated above).*
>>>>>
>>>>> *Maybe some additional detail would help, like “3GPP-LTE”, “3GPP-5G”,
>>>>> and make “Non-3GPP” the first entry so that expansion with new technologies
>>>>> starts at 2, 3, …*
>>>>>
>>>>>                             Table 8: Access IDs
>>>>>
>>>>>
>>>>>
>>>>> ...
>>>>>
>>>>>
>>>>>
>>>>>               +-------+---------------------+---------------+
>>>>>
>>>>>               | Value |     Description     | Reference     |
>>>>>
>>>>>               +-------+---------------------+---------------+
>>>>>
>>>>>               | 1     |  Network available  | This document |
>>>>>
>>>>>               | 2     | Network unavailable | This document |
>>>>>
>>>>>               +-------+---------------------+---------------+
>>>>>
>>>>> [acm] these seem overly broad, and imply knowledge where the STAMP
>>>>> end-point has limited insights!!
>>>>>
>>>>> GIM>>  These are defined in ATSSS specification of Performance
>>>>> Measurement Function. The value for the Return Code field is passed to
>>>>> STAMP system and it only transports it. Would a new text clarify the role
>>>>> of a STAMP system:
>>>>>
>>>>> OLD TEXT:
>>>>>
>>>>>    o  Return Code - one octet long field that identifies the report
>>>>>       signal, e.g., available, unavailable.  The value is one of those
>>>>>       listed in Section 5.5.
>>>>>
>>>>> NEW TEXT:
>>>>>
>>>>>    o  Return Code - one octet long field that identifies the report
>>>>>       signal, e.g., available, unavailable.  The value is passed,
>>>>>       supplied to the STAMP end-point through some mechanism that is
>>>>>       outside the scope of this document.  The value is one of those
>>>>>       listed in Section 5.5.
>>>>>
>>>>> *[acm] *
>>>>>
>>>>> *OK*
>>>>>
>>>>>                           Table 10: Return Codes
>>>>>
>>>>>
>>>>>
>>>>> ...
>>>>>
>>>>>
>>>>>
>>>>> 6.  Security Considerations
>>>>>
>>>>>
>>>>>
>>>>>    Use of HMAC in authenticated mode may be used to simultaneously
>>>>>
>>>>>    verify both the data integrity and the authentication of the STAMP
>>>>>
>>>>>    test packets.
>>>>>
>>>>> [acm] That's it? At least add reference to STAMP 8762 Security Section?
>>>>>
>>>>> GIM>> Thank you for your suggestion. The new text is below:
>>>>>
>>>>> NEW TEXT:
>>>>>
>>>>>    This document defines extensions to STAMP [RFC8762] and inherits all
>>>>>
>>>>>    the security considerations applicable to the base protocol.
>>>>>    Additionally, the HMAC TLV is defined in this document to protect
>>>>> the
>>>>>    integrity of optional STAMP extensions.  The use of HMAC TLV is
>>>>>    discussed in detail in Section 4.8.
>>>>>
>>>>>
>>>>>
>>>>> *[acm] OK*
>>>>>
>>>>> [acm] I suspect there will be some challenges for "Location" in future
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *From:* ippm [mailto:ippm-bounces@ietf.org] *On Behalf Of *Ian Swett
>>>>> *Sent:* Friday, May 22, 2020 5:26 PM
>>>>> *To:* IETF IPPM WG (ippm@ietf.org) <ippm@ietf.org>
>>>>> *Subject:* [ippm] WGLC for STAMP Extensions
>>>>>
>>>>>
>>>>>
>>>>> Hi IPPM,
>>>>>
>>>>> At our virtual interim meeting, we decided
>>>>> draft-ietf-ippm-stamp-option-tlv was ready for last call. This email starts
>>>>> a two-week WGLC for this draft.
>>>>>
>>>>> The latest version can be found here:
>>>>> https://tools.ietf.org/html/draft-ietf-ippm-stamp-option-tlv-04
>>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dietf-2Dippm-2Dstamp-2Doption-2Dtlv-2D04&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=OfsSu8kTIltVyD1oL72cBw&m=-FQ_7VkardtUOemNdXjWGCdxDzw_8jcaV16Ots-GfRo&s=zadhVvE6IwVbJd0BcDUJdpX4xXqA4i60susVdbT5Pvg&e=>
>>>>>
>>>>> This last call will end on *Monday, June 8th*. Please reply to
>>>>> ippm@ietf.org with your reviews and comments.
>>>>>
>>>>> Thanks,
>>>>> Ian & Tommy
>>>>>
>>>>> _______________________________________________
>>>>> ippm mailing list
>>>>> ippm@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/ippm
>>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_ippm&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=_6cen3Hn-e_hOm0BhY7aIpA58dd19Z9qGQsr8-6zYMI&m=AJPt25JReJLCcKTac6bW207kN8j0F2v7N7paNXkrS0Y&s=9RnqOZ8tzteJbGK2PJMpE2Y8RqKl-bvq-QfiStX4ywc&e=>
>>>>>
>>>>> _______________________________________________
>>>> ippm mailing list
>>>> ippm@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/ippm
>>>>
>>>

v2.23.0 | Report a Bug | By Email