Re: [ippm] John Scudder's No Objection on draft-ietf-ippm-ioam-flags-10: (with COMMENT)
Greg Mirsky <gregimirsky@gmail.com> Thu, 18 August 2022 20:01 UTC
Return-Path: <gregimirsky@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B5F9C1522AF; Thu, 18 Aug 2022 13:01:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YLNlON8wOeHE; Thu, 18 Aug 2022 13:01:27 -0700 (PDT)
Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CE0EC14F74A; Thu, 18 Aug 2022 13:01:27 -0700 (PDT)
Received: by mail-lj1-x230.google.com with SMTP id m3so2487495ljp.8; Thu, 18 Aug 2022 13:01:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=TL/YbWcTVFKOOHO+QwGtACDDorgZcDUEIxSaHrleglw=; b=ggBit2kHCe1mhXojitjfJ7d+Uq77bAs4UtMf51XFt2KuR4s9kaj7uayy0AP3J0L+xv /QS7aTuucOoHrCoIkZVNcpsEeBom/jnStpYyt1vhGFxg+GbntBU4N8WigiANKjeNoNeW Cs61xErtrq8SUQvU5bRYzLISTztODrqxWwakwERMaUDOQ8KAEty57PH9cQdq2W0tFj9q Ia65B87mYiyNsWpMi2YXAIhzXq3xkDVSohJ2KnmW6Ydvn5zmhJ4roFYu5JeQZ39H5qiJ UHFvO3Hmly/UT5GP0yRxXm5fU+uOXOrhulqZPTC28ZvviktUudmzQxe3d8eUaOi8vmib /66g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=TL/YbWcTVFKOOHO+QwGtACDDorgZcDUEIxSaHrleglw=; b=hMiM8N3hbHj4rlEcP+dMvLRZatK9dXAq1kBhySp22n4hIkeWgC22x+Qnazz9bgmpco cUTxMYqjSJssvJzFwnGR8N49gz1aTvo6m6vwza6SVxAZ12PVoMDHcqEJsB8ImXJWwRBY VNZSOg5+xTnFSX5zq2c2Qkb47fez8H8JQGrs8BqEzdd7OnjmOQRhNYyyiRb6wRkuM+MQ g5RkntrLANjKeGTkSmtEsposxS6P0Cm0wbYgwKYn+YS6Zr/xsrCgND1ZZEXNBKUkAXWG JoC0/Zn11IjA7cKM06JZNOB5EfGGs4aQss1bdOVpXfv6uwrGvaE/t80u+W3IImKISSbP Hb7g==
X-Gm-Message-State: ACgBeo2umCe4RgFXrweYPjQEx2WB9QkQNUaqQvOZyJqcfK8XgGQEnNXj Xgrq6ukuGtAYnYKNqquV8rpfzhNZrk+v3lG/hjQ=
X-Google-Smtp-Source: AA6agR7cu/JDfswSazaDaD0QvQKMF1drx87JlofSZUh8JwgYZyDfk/7tF/axAvPrntBQ+cG1uMc8F4DWIk+wanhB9fw=
X-Received: by 2002:a05:651c:507:b0:25e:73af:1661 with SMTP id o7-20020a05651c050700b0025e73af1661mr1393872ljp.195.1660852885212; Thu, 18 Aug 2022 13:01:25 -0700 (PDT)
MIME-Version: 1.0
References: <166084969070.24246.8938164804165553221@ietfa.amsl.com>
In-Reply-To: <166084969070.24246.8938164804165553221@ietfa.amsl.com>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Thu, 18 Aug 2022 13:01:14 -0700
Message-ID: <CA+RyBmVt_rh4LJJk1+Q4B6oUSq8y-_aHdKKG-H+A9uBT49gNAQ@mail.gmail.com>
To: John Scudder <jgs@juniper.net>
Cc: draft-ietf-ippm-ioam-flags@ietf.org, IPPM Chairs <ippm-chairs@ietf.org>, IETF IPPM WG <ippm@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003f54e905e68972d2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/SAU5GhALlTbTVaoMz9XIY7bvbTw>
Subject: Re: [ippm] John Scudder's No Objection on draft-ietf-ippm-ioam-flags-10: (with COMMENT)
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2022 20:01:29 -0000
Hi John, Authors, et al., I apologize if using this thread to ask my question is not the most appropriate list of addressees. After our discussion of the Loopback flag, I am still left with uncertainty about how a looped packet is encapsulated. LSP Ping, for example, has default encapsulation of Echo response and, in addition, means to request the use of another path from a list of options. Or, following how IOAM is specified for IPv6, NSH, and MPLS, will this document be complemented by encapsulation-specific documents? Regards, Greg On Thu, Aug 18, 2022 at 12:08 PM John Scudder via Datatracker < noreply@ietf.org> wrote: > John Scudder has entered the following ballot position for > draft-ietf-ippm-ioam-flags-10: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-ippm-ioam-flags/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thanks for addressing my DISCUSS and other comments, LGTM. > > Previous DISCUSS for posterity: > > Thanks for this document. I have one issue I'd like to be sure we clear up. > > 1. In §4.1.1, > > The loopback flag MUST NOT be set if it is not guaranteed that there > is a return path from each of the IOAM transit and IOAM decapsulating > nodes, > > This is heartwarming but I can’t see how you could guarantee this property > at > all times in any network using dynamic routing or even subject to dynamic > conditions (and that would be all networks), and for that matter I’m not > sure > how to write code to even determine this in any general way. Is it your > intention that this MUST NOT is directed to the operator and not to the > code > implementor? Or perhaps is it for very small values of “guarantee”? That > is, is > this an aspirational MUST and not a MUST MUST? > > In general it's a little problematic when we use RFC 2119 keywords in a > protocol document, to express desires about how a protocol's operator > should > deploy it. They are at their best when used to express requirements for > how a > coder should implement the protocol. Please consider creating an > operational > considerations section, and grouping operational requirements and advice > there, > at least in that case it becomes clear to whom the RFC 2119 keywords are > speaking. > > Alternately, please qualify the keywords appropriately in-line, e.g. in the > above text you could say something like > > The domain MUST be configured such that there is expected to be a return > path from each of the IOAM transit and IOAM decapsulating nodes; if this > expectation does not apply then configuration MUST NOT enable the > loopback > flag to be set, > > To me it seems as though it might be less painful to group these into an > operational considerations section, but whatever works for you, as long as > it's > clear. > > I did a cursory check over the document with this in mind, the other place > I > identified what looks like operational guidance to me is also in §4.1.1, > the > paragraph about how you "SHOULD NOT exceed 1/N of the interface capacity". > At > first blush that looks like something that could be computed automatically > by > inspection of the router's hardware, but by the time we get to the end of > the > paragraph we see that "prior knowledge about the network topology or size" > is > needed, so it must really be operational guidance. (Possibly this applies > to > the 1/N paragraphs in §4.2 and §5 also, although it's less clearly the > case.) > > COMMENTs: > > 2. The document cites RFCs 7014 and 5475 normatively. They don't seem > normative > to me, they seem informative. > > 3. In §4.2, > > The L-bit MUST be cleared > in the copy of the packet that a node sends back towards the source. > > This makes me wonder, does the looped back packet inherit the IP TTL/hop > limit > of the parent packet? The description of it as a “copy” makes me think it > does. > Should this be explicit? > > NITS: > > 4. In §5, > > This draft focuses on three possible use cases of active measurement > > Should be "this document focuses". > > 5. Again in §5, > > A selected > data packet that is replicated, and its (possibly truncated) copy > is forwarded with one or more IOAM options, while the original > packet is forwarded normally, without IOAM options. > > I think you need to delete the "that" from the first clause? > > 6. And once again in §5, > > o IOAM active measurement using replicated data packets: probe > packets are created by the encapsulating node by selecting some or > all of the en route data packets and replicating them. > > The 1/N requirement calls into question "or all" above, unless N=1, > something > you strongly discourage. Although you don't technically *forbid* N=1, I > think > the inclusion of "or all" creates confusion and you could and should leave > it > out while still not technically forbidding N=1. > > 7. In §8, > > The attacker can > potentially leverage the Loopback flag for a Distributed Denial of > Service (DDoS) attack, as multiple devices send looped-back copies > of a packet to a single source. > > The use of "source" is odd here. By the nature of an attack, the > looped-back > copies wouldn't be targeted at the actual source of the packets. Possibly > "target" or even "victim"? > > > > _______________________________________________ > ippm mailing list > ippm@ietf.org > https://www.ietf.org/mailman/listinfo/ippm >
- [ippm] John Scudder's No Objection on draft-ietf-… John Scudder via Datatracker
- Re: [ippm] John Scudder's No Objection on draft-i… Greg Mirsky