IETF Logo Mail Archive

Re: [ippm] WG Last Call for draft-ietf-ippm-ioam-ipv6-options

Justin Iurman <justin.iurman@uliege.be> Wed, 29 December 2021 14:09 UTC

Return-Path: <justin.iurman@uliege.be>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DE533A1695; Wed, 29 Dec 2021 06:09:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=uliege.be
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MnIBT9P7Byhn; Wed, 29 Dec 2021 06:08:59 -0800 (PST)
Received: from serv108.segi.ulg.ac.be (serv108.segi.ulg.ac.be [139.165.32.111]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 049DA3A1692; Wed, 29 Dec 2021 06:08:57 -0800 (PST)
Received: from mbx12-zne.ulg.ac.be (serv470.segi.ulg.ac.be [139.165.32.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by serv108.segi.ulg.ac.be (Postfix) with ESMTPS id 442352016A76; Wed, 29 Dec 2021 15:08:55 +0100 (CET)
DKIM-Filter: OpenDKIM Filter v2.11.0 serv108.segi.ulg.ac.be 442352016A76
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uliege.be; s=ulg20190529; t=1640786935; bh=ufhR/doYySdnmA4vK9YZhhrvanzlizSzCZvITUnSa4w=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From; b=n3bvt7jxQlMGa2PhRKiNoqwafVMa2Une4aa5HKejeopHMFXVMwp8MZ22XRaeJGwdv sHmfA2yW3fCEhh3oFT8XdlOLxVieve9riah2TsQ/CDZiV/DJk6Se7+4Wjf85SzhY5i 3cJRLc28t1iHARhdEsEePrKIbnD/yxrTscIz+230mQNAOJsNxFvo8kZQ88MRk/URrq etBNsRqg98KmeGM3ps2kG1JVsgeYa/xHw7eWpnhN+dNXfHSlm+tmUmV8p/9Y/VcIXf CJEGwCadrVxEGmjHquHNrpgp0IxFim9wm2MxVCNatLBT6sOyQCt6AJa3s3spfvjnpv z/1IGwJIn4kmw==
Received: from localhost (localhost [127.0.0.1]) by mbx12-zne.ulg.ac.be (Postfix) with ESMTP id 3D61E602254FB; Wed, 29 Dec 2021 15:08:55 +0100 (CET)
Received: from mbx12-zne.ulg.ac.be ([127.0.0.1]) by localhost (mbx12-zne.ulg.ac.be [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 57Wz2DFr7sgR; Wed, 29 Dec 2021 15:08:55 +0100 (CET)
Received: from mbx12-zne.ulg.ac.be (mbx12-zne.ulg.ac.be [139.165.32.199]) by mbx12-zne.ulg.ac.be (Postfix) with ESMTP id 27DCD6016F43D; Wed, 29 Dec 2021 15:08:55 +0100 (CET)
Date: Wed, 29 Dec 2021 15:08:55 +0100
From: Justin Iurman <justin.iurman@uliege.be>
Reply-To: Justin Iurman <justin.iurman@uliege.be>
To: Erik Kline <ek.ietf@gmail.com>
Cc: IPv6 List <ipv6@ietf.org>, Marcus Ihlar <marcus.ihlar=40ericsson.com@dmarc.ietf.org>, ippm@ietf.org
Message-ID: <1698496306.248840871.1640786935077.JavaMail.zimbra@uliege.be>
In-Reply-To: <CAMGpriWq4RKUDiM05afM0FQNMC8uCRV2HtQjZ-Yiiq8UP-+1JQ@mail.gmail.com>
References: <AM0PR07MB41315DF88FF077CC72F474A6E2789@AM0PR07MB4131.eurprd07.prod.outlook.com> <CAMGpriWq4RKUDiM05afM0FQNMC8uCRV2HtQjZ-Yiiq8UP-+1JQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [81.240.24.148]
X-Mailer: Zimbra 8.8.15_GA_4018 (ZimbraWebClient - FF95 (Linux)/8.8.15_GA_4026)
Thread-Topic: WG Last Call for draft-ietf-ippm-ioam-ipv6-options
Thread-Index: CyQ3rKorCvUKdRer9WlQAfEvSABpwA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/Sk4MCWTWJoe8zVvSbpS0nNh0L88>
Subject: Re: [ippm] WG Last Call for draft-ietf-ippm-ioam-ipv6-options
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Dec 2021 14:09:05 -0000

Hi ippm, 6man,

I do believe this document is almost ready, though it probably needs a
new version to address the following review comments.

1) In section 4 ("In-situ OAM Metadata Transport in IPv6"), third
paragraph, it says:

  "In order for IOAM to work in IPv6 networks, IOAM MUST be explicitly
   enabled per interface on every node within the IOAM domain.  Unless a
   particular interface is explicitly enabled (i.e., explicitly
   configured) for IOAM, a router MUST drop packets that contain
   extension headers carrying IOAM data-fields.  This is the default
   behavior and is independent of whether the Hop-by-Hop options or
   Destination options are used to encode the IOAM data.  This ensures
   that IOAM data does not unintentionally get forwarded outside the
   IOAM domain."

I don't think "a router MUST drop packets" is correct. IOAM options are
defined with type "00", i.e., skip over this option and continue
processing the header. Instead, I would rather have something like "a
router MUST ignore IOAM options". Indeed, you don't want a node to drop
packets with IOAM options, when not configured, to keep consistency with
the behavior of type "00". This is the role of a firewall to drop
packets if it detects IOAM injections or IOAM leaks.

New text suggestion:

  "In order for IOAM to work in IPv6 networks, IOAM MUST be explicitly
   enabled per interface on every node within the IOAM domain.  Unless a
   particular interface is explicitly enabled (i.e., explicitly
   configured) for IOAM, a router MUST ignore IOAM Options.  As
   additional security, IOAM domains SHOULD provide a mechanism to
   prevent injections at ingress or leaks at egress."

Note that the last sentence could be omitted, as consideration #4 (see
section 5.1) already talks about it.

2) Section 5.4.1 ("IPv6-in-IPv6 encapsulation") describes a hacky way to
encapsulate packets. Instead of using the egress as the outer
destination address, it uses the same destination address as the inner
one. I understand the pros of such a technique (i.e., same forwarding
path), but it goes against RFC2473 and, as a consequence, also against
RFC8200. So, I don't think it should be part of a standard. Since the
"normal" IPv6-in-IPv6 use case is implicitly included in the next
section (5.4.2, "IP-in-IPv6 encapsulation with ULA"), I think section
5.4.1 could/should be dropped.

Thanks,
Justin

On Dec 17, 2021, at 10:37 PM, Erik Kline ek.ietf@gmail.com wrote:
> +6MAN WG, just as an FYI
> 
> On Fri, Dec 17, 2021 at 7:39 AM Marcus Ihlar
> <marcus.ihlar=40ericsson.com@dmarc.ietf.org> wrote:
>>
>> Hello IPPM,
>>
>> This email starts a Working Group Last Call on
>> draft-ietf-ippm-ioam-ipv6-options.
>>
>>
>>
>> https://datatracker.ietf.org/doc/draft-ietf-ippm-ioam-ipv6-options/
>>
>> https://datatracker.ietf.org/doc/html/draft-ietf-ippm-ioam-ipv6-options-06
>>
>>
>>
>> Please provide feedback by replying to this email with your reviews and if you
>> think this document is ready to progress, by Friday, January 14.
>>
>>
>>
>> Best Regards,
>>
>> Marcus & Tommy
>>
>> _______________________________________________
>> ippm mailing list
>> ippm@ietf.org
>> https://www.ietf.org/mailman/listinfo/ippm
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email