IETF Logo Mail Archive

Re: [ippm] Vote at IPPM session

"Carlos Pignataro (cpignata)" <cpignata@cisco.com> Fri, 28 April 2017 22:23 UTC

Return-Path: <cpignata@cisco.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE0D6129548; Fri, 28 Apr 2017 15:23:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.503
X-Spam-Level:
X-Spam-Status: No, score=-14.503 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y5IH76kBruiJ; Fri, 28 Apr 2017 15:23:56 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D355E129AE0; Fri, 28 Apr 2017 15:21:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8676; q=dns/txt; s=iport; t=1493418067; x=1494627667; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=7tF9TsyfQCaf/mAHEnrbcR1jppckr5hq2QTF0ffuXiY=; b=ZJerPMPD2bHZYCbn5W1K0t0YW/tsDqsgnB/WUNbEreZu3S94akJYN508 FlaiSs23IIKfx5gbw+KQY078Dp+qE8m0wmg/wRdzKwvbfeEBwdMK7Wntb axg19kqSn0qqsW2CYol049whgxxEm1bx5io7229MAeNIwGnkYXFCoQKZB k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AoAQDcvwNZ/5pdJa1dGQEBAQEBAQEBAQEBBwEBAQEBg1VhgQwHg2GKGJFNlW2CDyELhXgCGoQdPxgBAgEBAQEBAQFrKIUVAQEBAQIBAQEhETMHCwUHBAIBCBEEAQEBAgIjAwICAiULFAEICAIEDgUbiXwIDq9wgiaLGwEBAQEBAQEBAQEBAQEBAQEBAQEBARgFgQuDLoImgV4rgm+EPIMpLoIxBZZThn4Bkw2RXpQoAR84gQpvFUQSAYReHIFjdYUwgS+BDQEBAQ
X-IronPort-AV: E=Sophos;i="5.37,389,1488844800"; d="scan'208";a="242731511"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 28 Apr 2017 22:21:06 +0000
Received: from XCH-RTP-016.cisco.com (xch-rtp-016.cisco.com [64.101.220.156]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id v3SML6ul019258 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 28 Apr 2017 22:21:06 GMT
Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-016.cisco.com (64.101.220.156) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Fri, 28 Apr 2017 18:21:05 -0400
Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1210.000; Fri, 28 Apr 2017 18:21:05 -0400
From: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
To: Adrian Farrel <adrian@olddog.co.uk>
CC: "Ruediger.Geib@telekom.de" <Ruediger.Geib@telekom.de>, IPPM Chairs <ippm-chairs@ietf.org>, Al Morton <acmorton@att.com>, "ippm@ietf.org" <ippm@ietf.org>
Thread-Topic: [ippm] Vote at IPPM session
Thread-Index: AQHSqBXsR2UglBUivky7lwWMt8jJvaGsFiIAgABoVYCAABw3AIAAG56AgAKShYCAC3l4gIAEX90AgAMRcwCABFD7gIAFNvIAgAAqgICAAArNAIAAu02AgADWd4CABb4lAIAGbjAAgAAeGgCAAgFOAA==
Date: Fri, 28 Apr 2017 22:21:05 +0000
Message-ID: <3C354A6A-7E00-4B27-9BA2-8965F9E0E877@cisco.com>
References: <CA+RyBmXAyOVZy2DncvC9Bdkmt2P+OXhV49sFgCqXf=1Of3EWkw@mail.gmail.com> <830D269B-62A1-4782-8AFE-C2910F908BFF@trammell.ch> <CA+RyBmUtVv6fJVLrUxwLiHg9ktvDCkuV0s+KWyv4ygEb50rMOw@mail.gmail.com> <01fa01d2a7e9$1c65d520$55317f60$@olddog.co.uk> <8168bd84-88f4-c40b-7150-844b463f6612@trammell.ch> <CAKKJt-ca7VgePkstLE=RLTh506o44m3hiZ_ay88hOS1egz20KA@mail.gmail.com> <7e592d5c42d44db594dfdfbc76233e29@XCH-RCD-008.cisco.com> <3E70CF9A-5A09-419B-B330-F9B854E01539@trammell.ch> <01c801d2a8d3$eb6d2450$c2476cf0$@olddog.co.uk> <4D7F4AD313D3FC43A053B309F97543CF25F3D4C0@njmtexg5.research.att.com> <e60a1ae521054eb3b9e1352d5918c6b2@XCH-RCD-008.cisco.com> <2BCD950B-DEBF-4FCD-92DD-89BE50270006@encrypted.net> <aa0dea09d3e44260a2ed306836c68ccb@XCH-RCD-008.cisco.com> <45679B2A-EE96-4980-BAED-B39994C73CFE@encrypted.net> <070501d2b5c8$dc264d30$9472e790$@olddog.co.uk> <58b68d6d47614281846807b6353b46f3@XCH-RCD-008.cisco.com> <38C60635-D7B8-4AA9-843D-ABBA65AC3D62@trammell.ch> <4D7F4AD313D3FC43A053B! 309F97543CF25F71AE7@njm texg5.research.att.com> <17864478fa3b4b58894f8b3c701505f4@HE101653.emea1.cds.t-internal.com> <4D7F4AD313D3FC43A053B309F97543CF25F72473@njmtexg5.research.att.com> <9C575ED7-E248-4D6D-855A-2F20926709DF@cisco.com> <39f70adc5ad34581bf83b0e9c48dd50a@HE101653.emea1.cds.t-internal.com> <00b001d2bf6d$18351c40$489f54c0$@olddog.co.uk>
In-Reply-To: <00b001d2bf6d$18351c40$489f54c0$@olddog.co.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.82.214.201]
Content-Type: text/plain; charset="utf-8"
Content-ID: <A47CA39A1A9C1841919875D36DBD4909@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/WiFYBuhCXUeAxWHHadhLPdVJ1Z0>
Subject: Re: [ippm] Vote at IPPM session
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Apr 2017 22:23:59 -0000

Thanks, Rüdiger — I like it too, and since this is targeting a wide range of developments (i.e., “Designers of carrier protocols for IOAM” includes disparate encaps), we might want to allow for some room and not be to prescriptive since there’s different capabilities available.

That said, as we are talking about edge-to-edge path constructs, there ought to think beyond “config knob” and also include operator collaboration in the solution.

I fully agree with you on roles.

Thanks,

Carlos.

> On Apr 27, 2017, at 11:43 AM, Adrian Farrel <adrian@olddog.co.uk> wrote:
> 
> That's nice Rüdiger,
> 
> Although too many "designers" in the text.
> 
> Adrian
> 
>> -----Original Message-----
>> From: ippm [mailto:ippm-bounces@ietf.org] On Behalf Of
>> Ruediger.Geib@telekom.de
>> Sent: 27 April 2017 14:56
>> To: cpignata@cisco.com
>> Cc: ippm-chairs@ietf.org; acmorton@att.com; ippm@ietf.org
>> Subject: Re: [ippm] Vote at IPPM session
>> 
>> Hi Carlos,
>> 
>> Let me pick up Frank's proposal:
>> 
>> OLD
>> "Designers of carrier protocols for IOAM designers must consider to put
>> mechanisms in place to ensure that in-situ OAM data stays within an IOAM
>> domain.."
>> 
>> NEW
>> "Designers of carrier protocols for IOAM designers must specify mechanisms to
>> ensure that in-situ OAM data stays within an IOAM domain.."
>> 
>> I don't object that the operator is involved. But the operators task to me should
>> be to turn an "in-situ OAM configuration knob" to solve the problem. This knob
>> must be delivered by the protocol developers. "Consider" to me as a non-native
>> speaker sounds like "think about and if it's getting complex, doing nothing is a
>> valid option".
>> 
>> As mentioned earlier, relying on a firewall to me is an option I'd like to avoid.
>> 
>> Regards,
>> 
>> Ruediger
>> 
>> -----Ursprüngliche Nachricht-----
>> Von: Carlos Pignataro (cpignata) [mailto:cpignata@cisco.com]
>> Gesendet: Sonntag, 23. April 2017 13:44
>> An: Al Morton
>> Cc: Geib, Rüdiger; ippm-chairs@ietf.org; ippm@ietf.org
>> Betreff: Re: [ippm] Vote at IPPM session
>> 
>> Hi,
>> 
>> This is a very useful discussion — although on the tail-end seems to be diverging
>> from the original goal. I suggest that we should probably not take this discussion
>> into all inter-domain permutations.
>> 
>> In other words, is there some case that the original text does not cover? The text
>> includes “mechanisms in place to ensure that in-situ OAM data stays within an
>> IOAM domain” and “provisions in place to ensure that IOAM data does not leak
>> beyond the edge of an IOAM domain”.
>> 
>> The idea is that an IOAM Domain should take care of considerations because of
>> e.g., increased packet sizes within its domain, and prevent leakage.
>> 
>> In many deployments, the latter (i.e., "ensuring that iOAM data stays within the
>> domain, and does not leak beyond the exit edge”) would be a natural
>> characteristic of the encapsulation. For example, when using IOAM with NSH, an
>> IOAM domain would be an SFC domain, and thus removing NSH encap will also
>> ensure IOAM does not leak. Same with VxLAN-GPE, etc.
>> 
>> But net-net, I’d recommend we define the IOAM domain behavior and not all
>> other possible views.
>> 
>> Thanks!
>> 
>> — Carlos.
>> 
>>> On Apr 19, 2017, at 4:02 PM, MORTON, ALFRED C (AL) <acmorton@att.com>
>> wrote:
>>> 
>>> Hi Rüdiger,
>>> short reply in-line,
>>> Al
>>> 
>>>> -----Original Message-----
>>>> From: Ruediger.Geib@telekom.de [mailto:Ruediger.Geib@telekom.de]
>>>> Sent: Wednesday, April 19, 2017 3:15 AM
>>>> To: MORTON, ALFRED C (AL)
>>>> Cc: ippm-chairs@ietf.org; ippm@ietf.org; ietf@trammell.ch;
>>>> fbrockne@cisco.com
>>>> Subject: AW: [ippm] Vote at IPPM session
>>>> 
>>>> Hi Al,
>>>> 
>>>> is a non-iOAM network operator able to detect standard ipv6 packets
>>>> with iOAM extensions, if the receiving operators equipment is
>>>> configured to support standard ipv6 protocol only? The pre-condition
>>>> here is "non-iOAM domain" at the receiving side. My point is, if a
>>>> domain isn't interested in supporting the iOAM extensions, is it
>>>> obliged to operate iOAM aware equipment to detect undesired traffic at
>> network boundaries?
>>> [ACM]
>>> No, an operator can let the traffic flow if they want.
>>> However, if operators find that their network is affected by traffic
>>> with iOAM data from another domain, they would be justified to discard
>>> that traffic (as long as there is a clear domain limit expressed to
>>> iOAM protocol designers of the future, as Frank has suggested).
>>> 
>>> This is the same ability afforded operators by declaring BMWG address
>>> space for isolated testing-only, or the various private network
>>> address spaces. Plenty of Net10 traffic escapes, and operators are not
>>> obliged to drop it, but they certainly can.
>>> 
>>>> 
>>>> I'm not sure, whether this is an IPPM discussion. Is there any other
>>>> IPPM protocol or packet content requiring a discard of traffic at a
>>>> domain boundary?
>>>> 
>>>> Regards,
>>>> 
>>>> Ruediger
>>>> 
>>>> 
>>>> [ACM]
>>>> 
>>>> IOM, there is a general message to convey for all future protocol
>>>> development. Something like "sufficient provisions should be made to
>>>> restrict the iOAM traffic to the intended domain."
>>>> 
>>>> We could provide guidance to interconnecting network operators, as
>>>> well, effectively allowing them to discard traffic containing
>>>> unexpected iOAM data. This would be applicable to non-iOAM network
>>>> operators, but might be more important for interconnecting operators
>>>> who have established their own iOAM domain.
>>>> 
>>>> This is similar to the approach we used for BMWG test traffic:
>>>> there are v4 and v6 address spaces dedicated for isolated test
>>>> environments, and any packet with testing addresses observed on the
>>>> Internet may be discarded.
>>>> 
>>> 
>>> _______________________________________________
>>> ippm mailing list
>>> ippm@ietf.org
>>> https://www.ietf.org/mailman/listinfo/ippm
>> 
>> _______________________________________________
>> ippm mailing list
>> ippm@ietf.org
>> https://www.ietf.org/mailman/listinfo/ippm
>

v2.23.0 | Report a Bug | By Email