Re: [ippm] Erik Kline's Discuss on draft-ietf-ippm-ioam-ipv6-options-09: (with DISCUSS and COMMENT)
Erik Kline <ek.ietf@gmail.com> Thu, 01 December 2022 06:36 UTC
Return-Path: <ek.ietf@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EC37C14CF15; Wed, 30 Nov 2022 22:36:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eKEs6cY6W_6U; Wed, 30 Nov 2022 22:36:32 -0800 (PST)
Received: from mail-vk1-xa34.google.com (mail-vk1-xa34.google.com [IPv6:2607:f8b0:4864:20::a34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95318C14CF0E; Wed, 30 Nov 2022 22:36:29 -0800 (PST)
Received: by mail-vk1-xa34.google.com with SMTP id j9so378787vkk.13; Wed, 30 Nov 2022 22:36:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=tEFoEMB2RIMlFOdiLHbY6do9GbagdTdCj1BWNzc5aLs=; b=O2qSsWK1ncCQ8Vtsx5vUguSvo9PSrvQEu26oZo90HuP0t4yRfcbSfjwDLBgj6MgIXf yNB12TiFaI9Fb8YUcAKD1Pn7GhZeTkmN/pjZNyQm3XI6yDBdSxOrDD/XTdU9iw8r9Faw MwdlDwXX7ND0iaEGsfIyaiQmsncmQ8AkMmUBITZk2r5OmjgXG7AJa9Ab4Fr0n3vFH7kL xQIXqytvlUXrdgViAlF+76Docw9v9EbBIe2ys+lKlbqQAI4+1tJN67OfdVLzGd+dgIcQ /VqpDQkDlQRmKF/ZnIh9i1BbDKyJUAfQ/VaXmmpW6tY7ZK3CLonC99p6cM4f2TPDvyK6 uekA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=tEFoEMB2RIMlFOdiLHbY6do9GbagdTdCj1BWNzc5aLs=; b=atYFZ+nHRwkDFglRreT9ksIMrjQHpMu4FmMj+xzNaYsv8uMXu+6/brKKqEJ9seeCy9 kF41Asllqe/QauC7EwBZOZvehxIhl/UqvQRCKIHwHeL5FdV2Tzag7cfde0SroWe1KOVr sXT7hgYOKqI3mjLHzJvVKr/Qs9ryuJtpKpUqtF36K9UfVlLVzP5PPysa1dboFwBcdFzD 7u3/pM+7ClLf2cfz3/0bHsInt+twGG/YgWcvuE0FQaVOvE/bS8YYFa2cldtyl5g0FOpM leBD4adqPYrX0ZX1j8tlujZvJ6yiAoO+VM9MRReswoB+8oSmIQe5QN41zxgUERGz8am8 KwTA==
X-Gm-Message-State: ANoB5plyYfCkB53YzkC+hbdBiY51JCfbjrRxmdT3ocaAYBgPMnYxJY0U ytQrWf/aaCncB2VmlNwUSUHvaYk5ScAAJJxI/DY=
X-Google-Smtp-Source: AA0mqf5Sg3RhR+qdvyZjTv6uBLLAD+MrU/HvofFqjig78pr85xbj2oZzr4l2aw7G78DF2aIMCLNR4heJ35v79/6lwNc=
X-Received: by 2002:a1f:1914:0:b0:3bc:c2b1:b5b2 with SMTP id 20-20020a1f1914000000b003bcc2b1b5b2mr15112731vkz.20.1669876588270; Wed, 30 Nov 2022 22:36:28 -0800 (PST)
MIME-Version: 1.0
References: <166987457506.51565.101426441168688104@ietfa.amsl.com>
In-Reply-To: <166987457506.51565.101426441168688104@ietfa.amsl.com>
From: Erik Kline <ek.ietf@gmail.com>
Date: Wed, 30 Nov 2022 22:36:17 -0800
Message-ID: <CAMGpriX5pKoxfx+gDWdwmESY8tpiQdUV21eU5qG8f4+2x_fvFw@mail.gmail.com>
To: Erik Kline <ek.ietf@gmail.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-ippm-ioam-ipv6-options@ietf.org, ippm-chairs@ietf.org, ippm@ietf.org, marcus.ihlar@ericsson.com
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/T_nnfIBXkBj0wnBRkVrAgFg8Zng>
Subject: Re: [ippm] Erik Kline's Discuss on draft-ietf-ippm-ioam-ipv6-options-09: (with DISCUSS and COMMENT)
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Dec 2022 06:36:36 -0000
I reviewed what approach SRH took w.r.t. AH. It might suffice if this document added a section like RFC 8754 S7.5, but I'm not sure yet. Something to think about, though... On Wed, Nov 30, 2022 at 10:02 PM Erik Kline via Datatracker <noreply@ietf.org> wrote: > > Erik Kline has entered the following ballot position for > draft-ietf-ippm-ioam-ipv6-options-09: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-ippm-ioam-ipv6-options/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > # Internet AD comments for draft-ietf-ippm-ioam-ipv6-options-09 > CC @ekline > > * Thanks to 6MAN chairs Bob, Ole, and Jen for their last-minute > "IPv6 Directorate" reviews. Some of their comments are reflected below. > > * There was kind of leaning toward concluding that the rewriting of a > Hop-by-Hop option's size was both against the spirit of RFC 8200 and > not actually against the letter. I'm not sure that's actually the case > and so my biggest DISCUSS is this point (more below). > > ## Discuss > > ### S4 > > * I don't think the Incremental Trace Option is something that can be > supported by current text in RFC 8200. While is makes sense to have this > behavior described in RFC 9197, I don't think IPv6 HbH can support it. > > My rationale for seeing this as a protocol violation is as follows. > > - RFC 8200 S4.2 says this about the on-path mutability bit and the > expectations that result: > > """ > The third-highest-order bit of the Option Type specifies whether or > not the Option Data of that option can change en route to the > packet's final destination. When an Authentication header is present > in the packet, for any option whose data may change en route, its > entire Option Data field must be treated as zero-valued octets when > computing or verifying the packet's authenticating value. > """ > > - Specifically, only the Option Data (not Option Length) is allowed to > change. Any AH header, for example, would still have processed the > entire option with only the Data being zeroed -- the existence of the > option and the length of it would still have been part of the AH > computation. > > Unless there's some misunderstanding here I think this option would need > removing from the document. > > * I think text needs to be added to make it clear that whatever options are > used they MUST be added, though not necessarily "filled in", by the > originator of the packet (the node bearing the interface assigned the > outermost Source Address). > > The reasoning here again is the defined behavior of AH processing. Any > options, even on-path mutable ones, MUST be present in the Hop-by-Hop > option when an AH is computed. > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > ## Comments > > ### S5.1 > > * In C2: "domain SHOULD ensure that the addition of OAM information does not > lead to fragmentation of the packet" > > This should probably be rephrased to be more IPv6-compatible (as there is > no on-path fragmentation). Perhaps: > > "does not lead to an ICMP Packet To Big error message being sent to the > originator and the packet being dropped" > > or something to that effect. > > * Also in C2: "exceeds the packet size beyond PTMU" in the domain, etc. > > It may be worth noting that any single node can only know the configured > MTU of its outgoing links, and that this is why it MUST be a domain-managed > parameter. > > * C3 appears to create a requirement for some very deep packet inspection on > IOAM domain egress. > > Also, if there's going to be talk of ICMPv6 you probably need to add a > reference to RFC 4443. > > * With respect to C4, I'd defer to the other IESG comments. > > * C5: this seems like it might be important for a Standards Track feature? > > If it were Experimental, perhaps, then there could be text saying that > learning how this might best be done was an expected outcome of the > experiment? > > >
- [ippm] Erik Kline's Discuss on draft-ietf-ippm-io… Erik Kline via Datatracker
- Re: [ippm] Erik Kline's Discuss on draft-ietf-ipp… Erik Kline
- Re: [ippm] Erik Kline's Discuss on draft-ietf-ipp… Frank Brockners (fbrockne)
- Re: [ippm] Erik Kline's Discuss on draft-ietf-ipp… Martin Duke
- Re: [ippm] Erik Kline's Discuss on draft-ietf-ipp… Martin Duke