IETF Logo Mail Archive

Re: [ippm] Vote at IPPM session

<Ruediger.Geib@telekom.de> Thu, 20 April 2017 07:22 UTC

Return-Path: <prvs=27628a658=Ruediger.Geib@telekom.de>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5D07129440; Thu, 20 Apr 2017 00:22:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.321
X-Spam-Level:
X-Spam-Status: No, score=-4.321 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telekom.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nAU1SvE1LlWQ; Thu, 20 Apr 2017 00:22:51 -0700 (PDT)
Received: from mailout24.telekom.de (MAILOUT24.telekom.de [80.149.113.254]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E1171288B8; Thu, 20 Apr 2017 00:22:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telekom.de; i=@telekom.de; q=dns/txt; s=dtag1; t=1492672970; x=1524208970; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=Mv0XOnAWXLA4WNKW5Ticc6yykjV/0HArAcJvJJF9S0M=; b=8R++7fASgjV40bCfoi/Q0X+wFBZ1iA/8a1vjtHhSzPI5gE8BMK/EWKwg xIFq9rVy4Udq/Pqqe76AoNkCcWBDuUYEIneW3JSK+3zBCsC7Ytl6w096N SBPZ6FcwnHmXA4IC/2cfhKhv9TkKjujCbvCNOSflMqyZVAX2XVFFfSIQq Cg3iB7L4Gq7AZ2YX5nihdT2D1aiaBY/3eGnoBb6TRSiYIZm1GljOzMnsr gLHQqLizC/b/suEtKPAuIQE1mX4htc0VAqajh+Wi7PfMpr1xxNWKYb841 E/MN3ILHooGMf+RsT6qWy70dNKZxDRvafXchUej7UBvRFvUmkaEboICFw A==;
Received: from qdezc2.de.t-internal.com ([10.171.255.37]) by MAILOUT21.telekom.de with ESMTP/TLS/RC4-SHA; 20 Apr 2017 09:22:43 +0200
X-IronPort-AV: E=Sophos;i="5.37,224,1488841200"; d="scan'208";a="591792051"
Received: from he101654.emea1.cds.t-internal.com ([10.134.226.15]) by qde0ps.de.t-internal.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Apr 2017 09:22:43 +0200
Received: from HE101653.emea1.cds.t-internal.com (10.134.226.13) by HE101654.emea1.cds.t-internal.com (10.134.226.15) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 20 Apr 2017 09:22:43 +0200
Received: from HE101653.emea1.cds.t-internal.com ([fe80::8954:80af:2020:572c]) by HE101653.emea1.cds.t-internal.com ([fe80::8954:80af:2020:572c%27]) with mapi id 15.00.1263.000; Thu, 20 Apr 2017 09:22:43 +0200
From: Ruediger.Geib@telekom.de
To: acmorton@att.com
CC: ippm-chairs@ietf.org, ippm@ietf.org, ietf@trammell.ch, fbrockne@cisco.com
Thread-Topic: [ippm] Vote at IPPM session
Thread-Index: AQHSp+ANPZAWv+5YD0yHKUp0Ir+32KGqudOAgAAD3QCAAAfSAIAAIx6AgAA2hgCAAPdoAIAAaFWAgAAcNwD//8lsgIAC5LeAgAt5d4CABF/eAIADEXMAgARQ+4CABTbyAIAAKoCA///CZvCAAQO0gIAAkNsggAC4LCA=
Date: Thu, 20 Apr 2017 07:22:43 +0000
Message-ID: <69831a3f7b4b42989dc85d3f8e920843@HE101653.emea1.cds.t-internal.com>
References: <CA+RyBmXAyOVZy2DncvC9Bdkmt2P+OXhV49sFgCqXf=1Of3EWkw@mail.gmail.com> <830D269B-62A1-4782-8AFE-C2910F908BFF@trammell.ch> <CA+RyBmUtVv6fJVLrUxwLiHg9ktvDCkuV0s+KWyv4ygEb50rMOw@mail.gmail.com> <01fa01d2a7e9$1c65d520$55317f60$@olddog.co.uk> <8168bd84-88f4-c40b-7150-844b463f6612@trammell.ch> <CAKKJt-ca7VgePkstLE=RLTh506o44m3hiZ_ay88hOS1egz20KA@mail.gmail.com> <7e592d5c42d44db594dfdfbc76233e29@XCH-RCD-008.cisco.com> <3E70CF9A-5A09-419B-B330-F9B854E01539@trammell.ch> <01c801d2a8d3$eb6d2450$c2476cf0$@olddog.co.uk> <4D7F4AD313D3FC43A053B309F97543CF25F3D4C0@njmtexg5.research.att.com> <e60a1ae521054eb3b9e1352d5918c6b2@XCH-RCD-008.cisco.com> <2BCD950B-DEBF-4FCD-92DD-89BE50270006@encrypted.net> <aa0dea09d3e44260a2ed306836c68ccb@XCH-RCD-008.cisco.com> <45679B2A-EE96-4980-BAED-B39994C73CFE@encrypted.net> <070501d2b5c8$dc264d30$9472e790$@olddog.co.uk> <58b68d6d47614281846807b6353b46f3@XCH-RCD-008.cisco.com> <38C60635-D7B8-4AA9-843D-ABBA65AC3D62@trammell.ch> <4D7F4AD313D3FC43A053B309F97543CF25F71AE7@njmtexg5.research.att.com> <17864478fa3b4b58894f8b3c701505f4@HE101653.emea1.cds.t-internal.com> <4D7F4AD313D3FC43A053B309F97543CF25F72473@njmtexg5.research.att.com>
In-Reply-To: <4D7F4AD313D3FC43A053B309F97543CF25F72473@njmtexg5.research.att.com>
Accept-Language: en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.157.165.158]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/gA4XjBMzz5-L_Sg4BMzyRScSgAM>
Subject: Re: [ippm] Vote at IPPM session
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2017 07:22:53 -0000

Hi Al,

IOAM parameters are not the same as private address space. Routers operate IP addresses and an access list doesn't require detection of a type of parameter which isn't supported. The access list controls whether values of a known parameter are ok. IOAM requires detection of an unknown type of parameter at a domain boundary. A behavior often requested in that case is transfer, not discard. 
An interconnection router likely operates an access list to protect the own domain, but interconnection routers are no firewalls (be liberal in what you accept....).

There are two scenarios which may worry:

- IOAM-domain passes traffic to non-IOAM domain 
  or IOAM domain respectively and IOAM parameters 
  may still be present.

- IOAM-domain passes traffic to non-IOAM domain 
  which passes packets containing IOAM unmodified 
  to another IOAM domain.

To me, the latter is the less desirable one. 

Regards, RĂ¼diger


> is a non-iOAM network operator able to detect standard ipv6 packets 
> with iOAM extensions, if the receiving operators equipment is 
> configured to support standard ipv6 protocol only? The pre-condition 
> here is "non-iOAM domain" at the receiving side. My point is, if a 
> domain isn't interested in supporting the iOAM extensions, is it 
> obliged to operate iOAM aware equipment to detect undesired traffic at network boundaries?


[ACM]
No, an operator can let the traffic flow if they want.
However, if operators find that their network is affected by traffic with iOAM data from another domain, they would be justified to discard that traffic (as long as there is a clear domain limit expressed to iOAM protocol designers of the future, as Frank has suggested).

[ACM]
This is the same ability afforded operators by declaring BMWG address space for isolated testing-only, or the various private network address spaces. Plenty of Net10 traffic escapes, and operators are not obliged to drop it, but they certainly can.

v2.23.0 | Report a Bug | By Email