IETF Logo Mail Archive

Re: [ippm] WGLC for STAMP Extensions

Rakesh Gandhi <rgandhi.ietf@gmail.com> Thu, 11 June 2020 14:13 UTC

Return-Path: <rgandhi.ietf@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB63F3A0A01 for <ippm@ietfa.amsl.com>; Thu, 11 Jun 2020 07:13:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jaYyO1z3u0Oz for <ippm@ietfa.amsl.com>; Thu, 11 Jun 2020 07:13:25 -0700 (PDT)
Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77C3E3A09BC for <ippm@ietf.org>; Thu, 11 Jun 2020 07:13:23 -0700 (PDT)
Received: by mail-lj1-x235.google.com with SMTP id i27so7048487ljb.12 for <ippm@ietf.org>; Thu, 11 Jun 2020 07:13:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=PXI0iK5lXcOk6l/j2iMTcE0m2ydI7D6J4mi2vnMTlLU=; b=LE3qe5kpX4VQFhsCbDwLEgPwCb/JqYJjHyGYf0qx1drXXQfE6zjUiTVpNZOteWqk0q 3qx3OUTrRPe6CYezzKk7X8/oobqNxXZnDtjqSGD6b/PRGou8UaQqBMrj4K5EA5cNFL1X E/mW+xlcwTr3DQLw3KY39je3bRv1r5u0qq7iUxA7/YtDQhw18p5kGH8pKoXJAsnpDJOy HV0gUOw1ma24noMrIIh+LCPOfNIFO2Z8q2rsndqvJC4ZM7YQoLvoi9QspQ+Mz/FMibit 2S1QeuLcRP4rHWs6RUEmVGCrrqXhFcGG2q66NG4kimG6ceEqbyinDQdgXS9BMY2oYHsv HxSA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PXI0iK5lXcOk6l/j2iMTcE0m2ydI7D6J4mi2vnMTlLU=; b=fBAG/PBQh7dXH1C0mAx+qyOegfacEEAKaxb2n/Gt47vibb6Fb4d8w4BMwfDGfhQhHF kfdNLED17v2Dp2/AqvCBZKz8v5uwLaqIRhyixuG5zzbO4cSMdVF+a7NxmkL9+PKkmZU9 K851bG68nd4q751NTCJTBtZbewKin/ylH1BrAaqu5zXQzxgTtfPFc41O9vsY0pZW6U/I zdd6zOBSCco+/arMz7hLRRQ+Obq1QM5w+3QInyLyc8s2nI9f0m1+jjgqX9ch5lfBTiBp kSS0rxlxJZJa0jC4O6omlotPJoYWHcaBtDY+315YPjNXoZItUUX3YmBdaFe9Z3v/OYGY ufng==
X-Gm-Message-State: AOAM531qH1uJvu3XA+P+l9OyYjO0PCQkF4zZXojx0lNR2aM5McbaN8Q1 I4T51IvWOtT8EGo5eVGfwnwLnmCe0Yr1gTLzeA==
X-Google-Smtp-Source: ABdhPJyqVEQg6AIx69qoGQrA5z9eZoESZG+zOZ3ttA47N3DL96QPkeFxiaN7Z/WhxPYbxLbixhV3EFweaszwFz+Syhw=
X-Received: by 2002:a2e:a54f:: with SMTP id e15mr5048289ljn.263.1591884801445; Thu, 11 Jun 2020 07:13:21 -0700 (PDT)
MIME-Version: 1.0
References: <CAKcm_gMVc88xpkOMmV7L-ybVCBzw+LhNS6Jw3=iB2gutR0ZhxA@mail.gmail.com> <4D7F4AD313D3FC43A053B309F97543CF0108A608DC@njmtexg5.research.att.com> <CA+RyBmW8hHqidEu_Br6zKpsjfQFVcK14ELhebzcCETMO4WQhMA@mail.gmail.com> <4D7F4AD313D3FC43A053B309F97543CF0108A6311B@njmtexg5.research.att.com> <CA+RyBmUsMGTHGyNbDecHjE5M39rfXz5t2VzC8mMjYBM75WQbXw@mail.gmail.com> <CAMZsk6crUg+GWYu8APgdrW6s_+FD8dgJ8+gM+0oB19jSBPgkxA@mail.gmail.com> <CA+RyBmUrpBMGZx=G_s6sAboXi3_QthAMGoL8Ou_YUzJTS78e_Q@mail.gmail.com>
In-Reply-To: <CA+RyBmUrpBMGZx=G_s6sAboXi3_QthAMGoL8Ou_YUzJTS78e_Q@mail.gmail.com>
From: Rakesh Gandhi <rgandhi.ietf@gmail.com>
Date: Thu, 11 Jun 2020 10:13:09 -0400
Message-ID: <CAMZsk6cp9DUDwuRnd-fY=q2tz8SjeRj64gtKSgvebS8WdzdvOA@mail.gmail.com>
To: Greg Mirsky <gregimirsky@gmail.com>
Cc: "MORTON, ALFRED C (AL)" <acm@research.att.com>, "IETF IPPM WG (ippm@ietf.org)" <ippm@ietf.org>, Ian Swett <ianswett=40google.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001d164a05a7cf908f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/ePnmw0PakMoqlDubq4ACu264oko>
Subject: Re: [ippm] WGLC for STAMP Extensions
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jun 2020 14:13:36 -0000

Thanks Greg.
SSID can be internally generated by the sender node. Expecting sender node
to communicate this to the controller and then to the reflector node for
*each* session may be overkill.

The destination UDP port to use on the reflector node is already
provisioned value and not any arbitrary port can be used anyways. So that
should help with such issues.

My 2c.

Thanks,
Rakesh



On Wed, Jun 10, 2020 at 9:32 PM Greg Mirsky <gregimirsky@gmail.com> wrote:

> Hi Rakesh,
> as Al clarified, and I agree with this scenario, a Session-Reflector must
> be provisioned with a session identifier (some elements, I think, might be
> specified as a wild card) before the session is commenced. All test packets
> that do not match the provisioned identifier must be discarded without
> processing. I've tried to capture that in the latest update sent earlier.
> What do you think of this scenario?
>
> Regards,
> Greg
>
> On Wed, Jun 10, 2020 at 4:36 PM Rakesh Gandhi <rgandhi.ietf@gmail.com>
> wrote:
>
>> Hi Greg, Al,
>> I am not sure if I follow the scenario.
>> Between nodes A and B, there can be more than one STAMP sessions, e.g.
>> {Node-A, Node-B, Src-Port-1, Dst-Port-1, SSID1} and {Node-A, Node-B,
>> Src-Port-1, Dst-Port-1, SSID2}. I assume this is allowed? If yes, how do we
>> know when there is now a third session between them with SSID3 (with same 4
>> tuple), it is a change (from SSID1 or SSID2?) or a new third session?
>> Thanks,
>> Rakesh
>>
>>
>>
>>
>> On Wed, Jun 10, 2020 at 7:21 PM Greg Mirsky <gregimirsky@gmail.com>
>> wrote:
>>
>>> Hi Al,
>>> many thanks for your quick response, much appreciated. We'll need some
>>> more time to discuss your suggestion related to the Access Report TLV. I've
>>> front-copied the other open issue and added my notes under the tag GIM2>>
>>> below.
>>>
>>>
>>>
>>>    An implementation of STAMP Session-Reflector that supports this
>>>
>>>    specification SHOULD identify a STAMP Session using the SSID in
>>>
>>>    combination with elements of the usual 4-tuple
>>>
>>> [acm] <insert> for the session. If the Session-Reflector finds that
>>>
>>> the SSID and 4-tuple combination changes during a test session, then
>>>
>>> the Session-Reflector MUST discard the non-matching packet(s) and take
>>>
>>> no further action on them.
>>>
>>>    .  A conforming...
>>>
>>> GIM>> We've discussed the scenario and couldn't define how a
>>> Session-Reflector can distinguish between a new STAMP test session and the
>>> event of a change in identifiers, i.e., SSID and 4-tuple of the ongoing
>>> test session. Could you kindly help us here?
>>>
>>>
>>>
>>> *[acm] Thanks, I’m surprised that a new test session (with new SSID) can
>>> begin without any Session-Reflector agreement or communication from the
>>> Session-Reflector’s management interface. Since the Sending address and
>>> port could be spoofed, Session-Reflectors could receive lots of unexpected
>>> traffic, if you know what I mean....*
>>>
>>> GIM2>> Thank you for the clarification. I was not thinking out of a box.
>>> Please review the proposed new text below. I hope it captures the scenario
>>> you've pointed out.
>>> OLD TEXT:
>>>    An implementation of STAMP Session-Reflector that supports this
>>>    specification SHOULD identify a STAMP Session using the SSID in
>>>    combination with elements of the usual 4-tuple for the session.  A
>>>    conforming implementation of STAMP Session-Reflector MUST copy the
>>>    SSID value from the received test packet and put it into the
>>>    reflected packet, as displayed in Figure 2.
>>> NEW TEXT:
>>>    An implementation of STAMP Session-Reflector that supports this
>>>    specification SHOULD identify a STAMP Session using the SSID in
>>>    combination with elements of the usual 4-tuple for the session.
>>>    Before a test session commenced, a Session-Reflector MUST be
>>>    provisioned with all the elements that identify the STAMP Session.  A
>>>    STAMP Session-Reflector MUST discard the non-matching STAMP test
>>>    packet(s).  The means of provisioning the STAMP Session
>>>    identification is outside the scope of this specification.  A
>>>    conforming implementation of STAMP Session-Reflector MUST copy the
>>>    SSID value from the received test packet and put it into the
>>>    reflected packet, as displayed in Figure 2.
>>>
>>> Would the new text address your concern?
>>>
>>> Regards,
>>> Greg
>>>
>>>
>>> On Wed, Jun 10, 2020 at 8:01 AM MORTON, ALFRED C (AL) <
>>> acm@research.att.com> wrote:
>>>
>>>> Hi Greg, Thanks for all replies.
>>>>
>>>> Let’s concentrate on those needing some additional thought...
>>>>
>>>> Al
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>    An implementation of STAMP Session-Reflector that supports this
>>>>
>>>>    specification SHOULD identify a STAMP Session using the SSID in
>>>>
>>>>    combination with elements of the usual 4-tuple
>>>>
>>>> [acm] <insert> for the session. If the Session-Reflector finds that
>>>>
>>>> the SSID and 4-tuple combination changes during a test session, then
>>>>
>>>> the Session-Reflector MUST discard the non-matching packet(s) and take
>>>>
>>>> no further action on them.
>>>>
>>>>    .  A conforming...
>>>>
>>>> GIM>> We've discussed the scenario and couldn't define how a
>>>> Session-Reflector can distinguish between a new STAMP test session and the
>>>> event of a change in identifiers, i.e., SSID and 4-tuple of the ongoing
>>>> test session. Could you kindly help us here?
>>>>
>>>>
>>>>
>>>> *[acm] Thanks, I’m surprised that a new test session (with new SSID)
>>>> can begin without any Session-Reflector agreement or communication from the
>>>> Session-Reflector’s management interface. Since the Sending address and
>>>> port could be spoofed, Session-Reflectors could receive lots of unexpected
>>>> traffic, if you know what I mean.... *
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ...
>>>>
>>>>  …                 | 2     |   Non-3GPP  | This document |
>>>>
>>>>                   +-------+-------------+---------------+
>>>>
>>>> [acm] these seem overly broad, and unlikely to be extended because they
>>>> *cover everything*!!
>>>>
>>>> GIM>> Here we've turned to our 3GPP expert.. The current (Rel-16)
>>>> specification of ATSSS defines only two access types - 3GPP and Non-3GPP.
>>>> Creating a sub-registry and leaving a space for new types might help to
>>>> accommodate potential changes in 5G specification and the development of
>>>> new specifications, e.g., 6G, in the future.
>>>>
>>>> *[acm] *
>>>>
>>>> *Yes, but your examples of 5G and 6G would fall under the general
>>>> category of “3GPP” (which I accidentally delated above).*
>>>>
>>>> *Maybe some additional detail would help, like “3GPP-LTE”, “3GPP-5G”,
>>>> and make “Non-3GPP” the first entry so that expansion with new technologies
>>>> starts at 2, 3, …*
>>>>
>>>>                             Table 8: Access IDs
>>>>
>>>>
>>>>
>>>> ...
>>>>
>>>>
>>>>
>>>>               +-------+---------------------+---------------+
>>>>
>>>>               | Value |     Description     | Reference     |
>>>>
>>>>               +-------+---------------------+---------------+
>>>>
>>>>               | 1     |  Network available  | This document |
>>>>
>>>>               | 2     | Network unavailable | This document |
>>>>
>>>>               +-------+---------------------+---------------+
>>>>
>>>> [acm] these seem overly broad, and imply knowledge where the STAMP
>>>> end-point has limited insights!!
>>>>
>>>> GIM>>  These are defined in ATSSS specification of Performance
>>>> Measurement Function. The value for the Return Code field is passed to
>>>> STAMP system and it only transports it. Would a new text clarify the role
>>>> of a STAMP system:
>>>>
>>>> OLD TEXT:
>>>>
>>>>    o  Return Code - one octet long field that identifies the report
>>>>       signal, e.g., available, unavailable.  The value is one of those
>>>>       listed in Section 5.5.
>>>>
>>>> NEW TEXT:
>>>>
>>>>    o  Return Code - one octet long field that identifies the report
>>>>       signal, e.g., available, unavailable.  The value is passed,
>>>>       supplied to the STAMP end-point through some mechanism that is
>>>>       outside the scope of this document.  The value is one of those
>>>>       listed in Section 5.5.
>>>>
>>>> *[acm] *
>>>>
>>>> *OK*
>>>>
>>>>                           Table 10: Return Codes
>>>>
>>>>
>>>>
>>>> ...
>>>>
>>>>
>>>>
>>>> 6.  Security Considerations
>>>>
>>>>
>>>>
>>>>    Use of HMAC in authenticated mode may be used to simultaneously
>>>>
>>>>    verify both the data integrity and the authentication of the STAMP
>>>>
>>>>    test packets.
>>>>
>>>> [acm] That's it? At least add reference to STAMP 8762 Security Section?
>>>>
>>>> GIM>> Thank you for your suggestion. The new text is below:
>>>>
>>>> NEW TEXT:
>>>>
>>>>    This document defines extensions to STAMP [RFC8762] and inherits all
>>>>
>>>>    the security considerations applicable to the base protocol.
>>>>    Additionally, the HMAC TLV is defined in this document to protect the
>>>>    integrity of optional STAMP extensions.  The use of HMAC TLV is
>>>>    discussed in detail in Section 4.8.
>>>>
>>>>
>>>>
>>>> *[acm] OK*
>>>>
>>>> [acm] I suspect there will be some challenges for "Location" in future
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *From:* ippm [mailto:ippm-bounces@ietf.org] *On Behalf Of *Ian Swett
>>>> *Sent:* Friday, May 22, 2020 5:26 PM
>>>> *To:* IETF IPPM WG (ippm@ietf.org) <ippm@ietf.org>
>>>> *Subject:* [ippm] WGLC for STAMP Extensions
>>>>
>>>>
>>>>
>>>> Hi IPPM,
>>>>
>>>> At our virtual interim meeting, we decided
>>>> draft-ietf-ippm-stamp-option-tlv was ready for last call. This email starts
>>>> a two-week WGLC for this draft.
>>>>
>>>> The latest version can be found here:
>>>> https://tools.ietf.org/html/draft-ietf-ippm-stamp-option-tlv-04
>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dietf-2Dippm-2Dstamp-2Doption-2Dtlv-2D04&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=OfsSu8kTIltVyD1oL72cBw&m=-FQ_7VkardtUOemNdXjWGCdxDzw_8jcaV16Ots-GfRo&s=zadhVvE6IwVbJd0BcDUJdpX4xXqA4i60susVdbT5Pvg&e=>
>>>>
>>>> This last call will end on *Monday, June 8th*. Please reply to
>>>> ippm@ietf.org with your reviews and comments.
>>>>
>>>> Thanks,
>>>> Ian & Tommy
>>>>
>>>> _______________________________________________
>>>> ippm mailing list
>>>> ippm@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/ippm
>>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_ippm&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=_6cen3Hn-e_hOm0BhY7aIpA58dd19Z9qGQsr8-6zYMI&m=AJPt25JReJLCcKTac6bW207kN8j0F2v7N7paNXkrS0Y&s=9RnqOZ8tzteJbGK2PJMpE2Y8RqKl-bvq-QfiStX4ywc&e=>
>>>>
>>>> _______________________________________________
>>> ippm mailing list
>>> ippm@ietf.org
>>> https://www.ietf.org/mailman/listinfo/ippm
>>>
>>

v2.23.0 | Report a Bug | By Email