IETF Logo Mail Archive

Re: [ippm] John Scudder's Discuss on draft-ietf-ippm-stamp-srpm-13: (with DISCUSS and COMMENT)

John Scudder <jgs@juniper.net> Thu, 29 June 2023 20:09 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BDCBC151090; Thu, 29 Jun 2023 13:09:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b="QEWhOq4j"; dkim=pass (1024-bit key) header.d=juniper.net header.b="WwpzJgI4"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KBIL2WsHJkMj; Thu, 29 Jun 2023 13:09:00 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E06AC14CE31; Thu, 29 Jun 2023 13:09:00 -0700 (PDT)
Received: from pps.filterd (m0108158.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 35TF7Ttp015266; Thu, 29 Jun 2023 13:08:58 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=8NhZCOiK67inziAsiwI3alNgu8VSiwy/C4GFQ1tFggI=; b=QEWhOq4j7oNGDs9MzTj77bHfCX5w/gMNMq6GP9bS94+IKltR/KTuXnCN8V0IUruPq5si vBn1n61DPH/cLGJbPUNHFxgN1qIEV2oivUEysdl07FNSldEzKEYHX1kOHybSdXKKhV3w 2f8+psAOrTde3G1dFrGwbwyfRRzzh5Twj7a2j+43fJhbQKlALOndAhfO6GXaJHK6g0Qr drPEku7v0NLr4aW2nklkon2uaQ2OzrwUvBkw7smTJpHTUJRL2KGbj2vH6/e3ovPyeoGS UZqLj5hHoezEE5+ajRNHLHJ3IZ9B/5OUPFPQXP8F8qpzfJpjggJ+Q9JEBhaTjlpJXsBA vg==
Received: from cy4pr02cu007.outbound.protection.outlook.com (mail-westcentralusazlp17011014.outbound.protection.outlook.com [40.93.6.14]) by mx0a-00273201.pphosted.com (PPS) with ESMTPS id 3rgr6tu1gv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 29 Jun 2023 13:08:58 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DXRrZN0l1VsFwCaJ2mhjusGa5P9JsAkn2DRZlt9yxKLzhm/i2Nd1ipNzi8oyJgqJNbRadT/3PSXeGV+dttor4zvnfFjXVZZyn0ps0NnE/TCFPzs5YLH6E7tohHizvcdZpzbxrNGAHcrpjMFFz3SclNSJg/X4+nCoi1i9qTxAjpLIVcwMT8pz00Cfk6rTD9Jwd5G1CWQn6zYqTbe3FFqoxzSXPMDsjQ/ZmylvDbM7Yqzubpwj7xkkULWT0n0Ltm2a9nowfqA9Pbfn+ctJTUp5CSetlIGmAqHKAv3VrD6aR8wyBn6QMK0MQLdfjX8NxT/MRPqWomF+MzKppLrQDF0gmA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8NhZCOiK67inziAsiwI3alNgu8VSiwy/C4GFQ1tFggI=; b=iZzRhXkeT8f/1KzKdNUccAEjYv+2uZtq4zDUEdq80GKjf+SPi3q4vfDMYu8+WrqJjpFSxtfzwuC0FOijhwbFGtwO59f9jd2MrJy2rXZhYH8UL+S1biPV+XheHxXi6i2y5AGMjqAbXr9zOWOCLxcPEwNZTSqRSPp7xcSUfvSzwHFtzQ8a89NOFfjgKg9czJ/vpaFP9WPQK+2NQPWxx64nxKOaVqEEfaf4vAwUfdMVDt22tbX2To9y1qZNEFaZ4B1rLJL13YViqCGDo2QkZx8Gf+jEYsP8IiPnydylpnoEo+6hB72TS99RoTs4u2lARxDcAXrdCTmgQJ8RZGNv/XShjg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8NhZCOiK67inziAsiwI3alNgu8VSiwy/C4GFQ1tFggI=; b=WwpzJgI4AGae9y98JBrpF2ie1JmriDIUJ+PFeXhuXnbWWMP77YkGQyoQaT/3hfiVhxrK5lWl5dya0KTMOa01Mjt0TjgAJBF+x+yIo7Y51oPZ/mSdovrHnLDCGau1Iwwt1xryKsHTYqwwDEvXK2bS8S/dF/y2va7N9OjvxPIoBxI=
Received: from MN2PR05MB6109.namprd05.prod.outlook.com (2603:10b6:208:c4::20) by SJ0PR05MB8757.namprd05.prod.outlook.com (2603:10b6:a03:393::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.24; Thu, 29 Jun 2023 20:08:47 +0000
Received: from MN2PR05MB6109.namprd05.prod.outlook.com ([fe80::9ab0:387b:409:ee41]) by MN2PR05MB6109.namprd05.prod.outlook.com ([fe80::9ab0:387b:409:ee41%7]) with mapi id 15.20.6521.026; Thu, 29 Jun 2023 20:08:46 +0000
From: John Scudder <jgs@juniper.net>
To: Rakesh Gandhi <rgandhi.ietf@gmail.com>
CC: The IESG <iesg@ietf.org>, "ippm-chairs@ietf.org" <ippm-chairs@ietf.org>, "draft-ietf-ippm-stamp-srpm@ietf.org" <draft-ietf-ippm-stamp-srpm@ietf.org>, "ippm@ietf.org" <ippm@ietf.org>
Thread-Topic: [ippm] John Scudder's Discuss on draft-ietf-ippm-stamp-srpm-13: (with DISCUSS and COMMENT)
Thread-Index: AQHZo9/eD/LnJ28n8kG6Glb2TF9quq+V9mIAgAEg5gCAABMigIAAIFaAgAAasYCACt3UAA==
Date: Thu, 29 Jun 2023 20:08:46 +0000
Message-ID: <A2945F15-C0AF-4E2A-BACA-E8C8A7EE86BC@juniper.net>
References: <168731098270.37773.17145318293014669303@ietfa.amsl.com> <CAMZsk6f5Vzt-z5R3yEJm33QbusS56J+LWPf-SHLVCUheqpPGxA@mail.gmail.com> <B8F8ADD5-5EE2-4EE0-8199-E33E545CB350@juniper.net> <CAMZsk6dKAsKDRSwbbMsA9AYQ8YZ7APCkd_du4s38+5MgzVMD_A@mail.gmail.com> <D9A6A862-61BF-431C-B88E-CA754B681CDE@juniper.net> <CAMZsk6eFSYnWXxaK0YtcPFU8LgE8GAtps=_1dsx+bEyHSPZzJg@mail.gmail.com>
In-Reply-To: <CAMZsk6eFSYnWXxaK0YtcPFU8LgE8GAtps=_1dsx+bEyHSPZzJg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3696.120.41.1.3)
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN2PR05MB6109:EE_|SJ0PR05MB8757:EE_
x-ms-office365-filtering-correlation-id: 2a92fdf0-8356-4728-8075-08db78dca569
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: gKM2KIQ0BZCEqDKmz+7mAkpdKXRR1jLMj6FqyKuYzW7Xvv/PdKjxsHQ7nDkoQqLCqSXWEEKE0AvipxGw52z0rvhw2BVgLk5jp6xP0liZbGq9hlSaFAZZz+a5Gafohqw1c6bGjKXcmQW2cROcM3+pzH0xGJp2uUK5sFjTYd1Fl3KhW69B7XPlAqGI3MuEIhmpYD1bMeeOFTrNSxjw71kMtBo1gUYMempyuaH9P+b7pm7Leoh7a5Pz3W3Q3Y/DUN76NKK8LgjihP18Ldl0Dr2Dm/ah85oZazJI+sINY5RHFNH87DYHsJPPX9nwyZNMfKV9pl//hpylOUUE/CSdcVnchpSSkAGwou0unSrKNpHDjBRuQLnIHoBw24qqe7mCsThG/O40zpnaUbtc8VCEgkPoDxc7cs488MVb66Fb6IKb9Lx5bCQ2p8lyR1v4+TnZNe1igdCmRlrvzE7IgwGB8WorQ8RWyRp3FUZfx2qkL1L2MoKqPZqi93b7d4ZA17xpgQeaxKfK6u4+65/PHOMYRGsTpaHooPAlXHu8/8e+RVyidl/+/g65n17FdJul0WyTFwg9+iadgCoSTTNylTXX9tIFRseM9jAqdnoweKR+5V38QrE2cUYRu0QlLEbI8+XcmKquWgTrgO7KQOpJhyJrXHcbKtPIyQ8XvwEfqwW6vInBYZpqdBKqqClvsx74cm1OVwtR
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR05MB6109.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(366004)(396003)(376002)(136003)(346002)(39860400002)(451199021)(6512007)(26005)(36756003)(66946007)(33656002)(41300700001)(86362001)(38070700005)(6916009)(66556008)(8676002)(64756008)(4326008)(91956017)(76116006)(8936002)(66476007)(38100700002)(66446008)(316002)(122000001)(966005)(6506007)(5660300002)(6486002)(186003)(2906002)(83380400001)(71200400001)(53546011)(2616005)(478600001)(54906003)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: PPGm5ps+G5XtdZloGATLxWSTh0E542UZZJSpVrFIxHB06xBrgBSHblj9npbzTE8D1P+va2dUgW2PDrAPRaww5P6iUc36aFSTEVEF0dMPYz1MxLFmHgYTyyJbie1HRYH6TSKn4qRtCcCTQhGhh8IIazwK0yNdTHi3jNYI9dCNPNnjJR7ulZLlsScNJm9dTd2Ag8V03Ly1HNS939ww2F7lM5hMctOiNUvP0oSuVGVdtAUQmIiO86sqTtLkfVCSOmstPcC3FY7QeGVaWctWxcOPCarGdC7kCdXHtG6v7pDmofhDQBK3ZU2uPn2CVjwCHwEWNXJ8JChoWRSP/0ZLrmUMO+bCF4K/6TBDP/VO5pgjdNkECsJRXiPyzDnA+cOtmcGAQfLuRqIHu2nEr6QnLBqxjUgK9+l1EafkPmMdqjmoB80dLt63qUNTkL7qor4pKvm4wPGIVsnMEcYXZZykbEMAOdO3x3Pxmp5/ZumDCr1z1nlJ9A2A5q4fV+uM3EPz2gsUuA22E2xY7AlC1O+LNWym1bQ/mbXfRWeJu8sxKuOzw+v9bLA1i2mXd564h6PQy2/z5o5EaHpplqYp4JeusvuA6sN+BtU0bw8+dMXgQbMXBb9Fw9rCjpSJtHpV1gsA72FLiTFYQWHDtxaMVgGvBoGpy4LUAsbmteGSQ5dxyPobjs/EqVPRcqz3gR4mpp9w0aB++QtKXtitFf/axbwxmYwWFkiBetfY6ZJmqb9M0ud4RHyWcCnMOAcvGRkzfa3Qeinivh0QEksVv/UEvWOx6s2hgu9q0UOKov+vAHBa0WCEUl53c+lhJFp2vBwdJMa9thipWUnwQdBDicoWbsRnwu1QyVXcs7oowFV6iJXSQG4JOzv1SRHZZ/ZrMBeN569iWmnZ/Vu7U4cudHf90fkYoI76E9tCzlBgz+VvYOd48L431UN9VY4ClIu12g2ZrWW+Lgwb6m/AMMPZ1FyXKTzvoPnYWWfofHda99zaKNCqvcI0i+yWUvEiE77z3taJKcC6YlECAEZU5dbSSAmWleQqHD/xk/9vtURUTAdIBTwq9qVzukpm10dds9PWNejyTSR2Nz/ju6ElxEjz5e0ESSwQ4XG/HC/qqRn5kQBUDVhUb9PY3F7SimJhGlqWTAsa+RV4g87QCVb6QDMHNt/p0ua3CQ7GSRJTfh/DjYB4pE/P7CgH/qdjH4ctAziRg/LcENuSPXqBvTFNgpmUGG2H61VrXeu8f9a3/lUfBC7OkR3Sx9AP1GWyMWB2ldqF4/g//IxrR9doHlf+/RBYok/oml+n29JLZaNdme3D52iJ/nkbO9h2Lxt7Ow6l46uNN9xWbNYwHp8fB6iRvAK/JkXBuyUlNcV4Z+ijZEHhU4tigIgeAcNRTe3gunMghV4O2lJ1r7/FAOsiFLr96bd/5ql8DpkM8dtHk+3f+1Jt27u7lV69VV2Dll/lHJdVVc9xspZ4HD+KmWBXEYoQud9azeO6BXu/3j28Ud0hjpW9fALoglqj9jQn7i4WY56tpQUiLTc+tTo7JOmjFH7GFXEkGMVKA138BoyHwFydjhVKZ/laydL4yveTV2ZOuR3shbPmwfXSxPyp+nKi
Content-Type: text/plain; charset="utf-8"
Content-ID: <0312930A316BFF418406BE0B4BA38B88@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR05MB6109.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2a92fdf0-8356-4728-8075-08db78dca569
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Jun 2023 20:08:46.5803 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IR6+qntM9Zr5CTS9R+Ox0BuTVJbZbWuUXICSgzOpp2q59RofcFq2SEDDkUQgZhKu
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR05MB8757
X-Proofpoint-GUID: d6gofzYYd7ShRVrZ-3ag8wCH9E49eTYD
X-Proofpoint-ORIG-GUID: d6gofzYYd7ShRVrZ-3ag8wCH9E49eTYD
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.591,FMLib:17.11.176.26 definitions=2023-06-29_07,2023-06-27_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 lowpriorityscore=0 priorityscore=1501 suspectscore=0 adultscore=0 bulkscore=0 clxscore=1015 spamscore=0 mlxscore=0 impostorscore=0 malwarescore=0 mlxlogscore=999 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2305260000 definitions=main-2306290182
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/Xm_CkjPmn9fOt2mHeUTb9FR9JuQ>
Subject: Re: [ippm] John Scudder's Discuss on draft-ietf-ippm-stamp-srpm-13: (with DISCUSS and COMMENT)
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jun 2023 20:09:05 -0000

Hi Rakesh,

Version 15 addresses many of my concerns, thank you. I think this point was dropped though:

> On Jun 22, 2023, at 1:09 PM, John Scudder <jgs@juniper.net> wrote:
> 
> In looking over the new version, it occurred to me that although the document is called “... for Segment Routing Networks” and although that was the use case that motivated it, the only elements whose applicability actually is limited to SR are the Return Path SR-MPLS Segment-List Sub-TLV and the Return Path SRv6 Segment-List Sub-TLV. All the rest are generically applicable. This is basically a good thing IMO — one likes to see specs whose applicability is greater than just the use case that led to their development — but it does mean that "The usage of STAMP protocol is intended for deployment in SR domains [RFC8402]” isn't sufficient, I’m afraid — whether the use case that led to the development was restricted to SR or not, one can easily see how (for example) a Return Address Sub-TLV could be used outside of an SR deployment. That use might be by design, or it might be by an attacker.

That’s understandable, we were focused on the other aspect of the DISCUSS for some time and it’s easy to lose track of the threads.

To repeat the concern in different words: You’ve rewritten the first paragraph of the Security Considerations as

   The usage of STAMP extensions defined in this document is intended
   for deployment in SR domains [RFC8402].  It is assumed that a node
   involved in STAMP protocol operation has previously verified the
   integrity of the path and the identity of the far-end Session-
   Reflector.

This eliminates the reliance on the Limited Domains RFC (good) but you’re improperly (I think) assuming that you can rely on the SR domain definition instead. This is still true even though you changed “STAMP protocol” (the version I commented on in the quote above) to “STAMP extensions”. Again, to repeat: I don’t think it’s either reasonable or desirable to restrict the extensions you’ve defined to be only for use in an SR domain, and therefore, I think the SecCons can’t rest on the foundation of the SR document set. If you did want to rest on that foundation, I think you would have to be much more prescriptive about saying the extensions MUST NOT be processed other than in an SR context (that’s probably not the right wording) — but I think that would be undesirable, and I think if you did want to make that change, it would be a pretty fundamental change requiring a new WGLC.

I’ll re-review your other text and reply again if there are any other lingering issues. Then I’ll update my DISCUSS to clarify that the above is the outstanding point.

Thanks,

—John

> On Jun 22, 2023, at 6:12 PM, Rakesh Gandhi <rgandhi.ietf@gmail.com> wrote:
> 
> 
> Thank you John for the review.
> I have incorporated your suggestions in the following version:
> 
> URL:            https://www.ietf.org/archive/id/draft-ietf-ippm-stamp-srpm-15.txt
> Html:           https://www.ietf.org/archive/id/draft-ietf-ippm-stamp-srpm-15.html
> Diff:           https://author-tools.ietf.org/iddiff?url2=draft-ietf-ippm-stamp-srpm-15
> 
> Thanks for your help.
> 
> Regards,
> Rakesh
> 
> 
> 
> 
> On Thu, Jun 22, 2023 at 4:36 PM John Scudder <jgs@juniper.net> wrote:
> [snipped extraneous stuff]
> 
> > On Jun 22, 2023, at 2:40 PM, Rakesh Gandhi <rgandhi.ietf@gmail.com> wrote:
> > 
> > <RG> In the example, the DA in the STAMP Session-Sender test packet IPv4 header (127.0.0.1) does not match the address of the Session-Reflector which is 1.1.1.2.
> 
> We seem to be talking across each other. I guess maybe I am misunderstanding what you mean by “the Session-Reflector”. Surely, “the Session-Reflector” must mean a node functioning as a Session-Reflector? This is strongly implied by the name of the TLV, “Destination _Node_ Address” (emphasis added). To repeat, any given IP node has many addresses (well, at least two, of which loopback will be one). So it doesn’t make sense to talk about “the” (singular) “address of the Session-Reflector”, and 127.0.0.1 most certainly is one address of the Session-Reflector node. Indeed, if it weren’t an address of every Session-Reflector node, the problem you illustrate wouldn’t exist.
> 
> (In a previous version of this reply I went through a hair-splitting exercise where I tried to entertain the idea that “the Session-Reflector” means “a process on the node, which is bound to one and only one address” but that’s not a readily-supported interpretation, and it led me to a long and tortured chain of reasoning… which ended up at the same conclusion anyway.)
> 
> If this is still unclear, it might be beneficial for us to schedule a short call to discuss further. But perhaps my OLD/NEW text below will help.
> 
> > <RG> In the following example (without Destination Address TLV), if LSP or forwarding path is broken, the STAMP packet may be punted on an unintended Reflector node (let's say 1.1.1.9) and it will send a reply STAMP test packet. Such errors can not be easily detected. 
> > 
> > MPLS Header
> >      Label: 16001
> >      Label: 16002 [EOS]
> > IPv4 Header
> >      SA: 1.1.1.1
> >      DA: 127.0.0.1
> > UDP header
> > STAMP PAYLOAD
> 
> Yes, I understand that. My point, again, is that your words say that 127.0.0.1 is not an address of the node. It ABSOLUTELY IS an address of essentially every IPv4 node in the universe.
> 
> > <RG> Destination Address TLV carrying the intended Session-Reflector address of 1.1.1.2 helps detect this error. Using 1.1.1.2 then as the SA of the reply test packet is also good (instead of 127.0.0.1).
> 
> I get that, too.
> 
> > <RG> Does this use-case help? Will reply to the other comments below once we progress the above comment.
> 
> I guess I will just jump ahead and outline some text that I *think* is right and that would address my concern.
> 
> OLD:
>    The Session-Sender may need to transmit test packets to the Session-
>    Reflector with a destination address that is not matching the address
>    of the Session-Reflector e.g. when the STAMP test packet is
>    encapsulated by a tunneling protocol.  Examples are, STAMP test
>    packets encapsulated with an SR-MPLS Segment List and IPv4 header
>    containing destination IPv4 address from 127/8 range or STAMP test
>    packets encapsulated with outer IPv6 header and Segment Routing
>    Header (SRH) with inner IPv6 header containing IPv6 destination IPv6
>    address ::1/128.
> 
>    In an ECMP environment, the hashing function in forwarding may decide
>    the outgoing path using the source address, destination address, UDP
>    ports, IPv6 flow-label, etc. from the packet.  Hence for IPv4, for
>    example, different values of IPv4 destination address from 127/8
>    range may be used in the IPv4 header of the STAMP test packets to
>    measure different ECMP paths.  For IPv6, for example, different
>    values of flow-label may be used in the IPv6 header of the STAMP test
>    packets to measure different ECMP paths.  In those cases, the STAMP
>    test packets may reach the node that is not the Session-Reflector for
>    this STAMP session in an error condition, and an un-intended node may
>    transmit reply test packet that can result in reporting of invalid
>    measurement metrics.
> 
> NEW:
>    The Session-Sender may need to transmit test packets to the Session-
>    Reflector with a destination address that is not a routable (i.e.,
>    suitable for use as the Source Address of the reply test packet)
>    address of the Session-Reflector. This can be facilitated, for example,
>    by encapsulating the STAMP packet by a tunneling protocol, see <xref>
>    for a worked example.
> 
> Then, if you wish, take the use case text I removed in my NEW version and use it as the basis of a Section 3.1 or Appendix A (the target of the xref I stubbed in above).
> 
> It seems to me the following would be a good change as well:
> 
> OLD:
>    The Destination Node Address TLV indicates an address of the intended
>    Session-Reflector node of the test packet.  The Destination Node
>    Address is also used to uniquely identify the STAMP session on the
>    Session-Reflector when the optional SSID is not sent.  If the
>    received Destination Node Address is one of the addresses of the
>    Session-Reflector, it SHOULD be used as the Source Address in the IP
>    header of the reply test packet.
> 
> NEW:
>    The Destination Node Address TLV indicates an address of the intended
>    Session-Reflector node of the test packet.  If the received
>    Destination Node Address is one of the addresses of the
>    Session-Reflector, it SHOULD be used as the Source Address in the IP
>    header of the reply test packet.
> 
>    If the Destination Node Address TLV is sent, the SSID TLV MUST also
>    be sent. 
> 
> This lets you get rid of the “is also used to” which muddies the water. I don’t insist on this, it’s just a suggestion, the old way isn’t broken, just weird (to me).
> 
> —John

v2.23.0 | Report a Bug | By Email