Re: [ippm] WG Last Call for draft-ietf-ippm-ioam-ipv6-options

Justin Iurman <justin.iurman@uliege.be> Mon, 07 February 2022 13:07 UTC

Return-Path: <justin.iurman@uliege.be>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20B733A0E1A; Mon, 7 Feb 2022 05:07:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=uliege.be
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1fL3CeN_nuKI; Mon, 7 Feb 2022 05:07:13 -0800 (PST)
Received: from serv108.segi.ulg.ac.be (serv108.segi.ulg.ac.be [139.165.32.111]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE81B3A0E1D; Mon, 7 Feb 2022 05:07:11 -0800 (PST)
Received: from mbx12-zne.ulg.ac.be (serv470.segi.ulg.ac.be [139.165.32.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by serv108.segi.ulg.ac.be (Postfix) with ESMTPS id 4FBA4200F807; Mon, 7 Feb 2022 14:07:09 +0100 (CET)
DKIM-Filter: OpenDKIM Filter v2.11.0 serv108.segi.ulg.ac.be 4FBA4200F807
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uliege.be; s=ulg20190529; t=1644239229; bh=0dE17OjbTmsVrKWvITmMc26+P8ZjrtqTba6SUpigrc4=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From; b=xTCnJONq+MEdo3Qx1JrAWZ3WUyJJxX4TMWqj2urERSoW8oRFfqB0VgVsIhGDO3U5V 5oouyuPHzEsQ1UmR2J0ud+Oui6FAk3YNfuQlWldk8xrxmAyy07gBl5/Tdm76cdKmz0 XYGhzcYYRGbrkt00j5un5lR8BE+Bd0WoT1//B/9+RHdWGB3sJrkzzJ2IWdeyfvIj6U AMYgx9LURg3FQWEim/1zXEKzh4+QjK87zBI9NKKbGk2yvPbkYHtWyl30MGRnK9ovAm QTTQhSs3uC+gZNvKAd9N5Vyd2+aIELUnL5517R+CX6iWu85jBb3Ellp+qE95vKHSeP K7BShCXB1ly4Q==
Received: from localhost (localhost [127.0.0.1]) by mbx12-zne.ulg.ac.be (Postfix) with ESMTP id 4251660415BA2; Mon, 7 Feb 2022 14:07:09 +0100 (CET)
Received: from mbx12-zne.ulg.ac.be ([127.0.0.1]) by localhost (mbx12-zne.ulg.ac.be [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 2WWp_VJYXM6U; Mon, 7 Feb 2022 14:07:09 +0100 (CET)
Received: from mbx12-zne.ulg.ac.be (mbx12-zne.ulg.ac.be [139.165.32.199]) by mbx12-zne.ulg.ac.be (Postfix) with ESMTP id DFC8A602244DF; Mon, 7 Feb 2022 14:07:08 +0100 (CET)
Date: Mon, 07 Feb 2022 14:07:08 +0100
From: Justin Iurman <justin.iurman@uliege.be>
Reply-To: Justin Iurman <justin.iurman@uliege.be>
To: "Frank Brockners (fbrockne)" <fbrockne@cisco.com>
Cc: Erik Kline <ek.ietf@gmail.com>, Marcus Ihlar <marcus.ihlar=40ericsson.com@dmarc.ietf.org>, IPv6 List <ipv6@ietf.org>, ippm@ietf.org
Message-ID: <2093190259.19857239.1644239228672.JavaMail.zimbra@uliege.be>
In-Reply-To: <CY4PR11MB167247C5F9335D3682523A19DA2B9@CY4PR11MB1672.namprd11.prod.outlook.com>
References: <AM0PR07MB41315DF88FF077CC72F474A6E2789@AM0PR07MB4131.eurprd07.prod.outlook.com> <CAMGpriWq4RKUDiM05afM0FQNMC8uCRV2HtQjZ-Yiiq8UP-+1JQ@mail.gmail.com> <1698496306.248840871.1640786935077.JavaMail.zimbra@uliege.be> <CY4PR11MB167247C5F9335D3682523A19DA2B9@CY4PR11MB1672.namprd11.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [139.165.223.37]
X-Mailer: Zimbra 8.8.15_GA_4018 (ZimbraWebClient - FF96 (Linux)/8.8.15_GA_4026)
Thread-Topic: WG Last Call for draft-ietf-ippm-ioam-ipv6-options
Thread-Index: AQHX/L29LTdhs/e+lki/fjsSOsrNhayG+7Fw1AtOaA4=
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/nUMvLrmvycezQs4-R00RW5PaT9A>
Subject: Re: [ippm] WG Last Call for draft-ietf-ippm-ioam-ipv6-options
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Feb 2022 13:07:20 -0000

Hi Frank,

LGTM, thanks for this. I think this document is ready to progress.

Justin

On Feb 6, 2022, at 5:58 PM, Frank Brockners (fbrockne) fbrockne@cisco.com wrote:
> Hi Justin,
> 
> Sorry for the late response. I've just posted a revision
> (https://datatracker.ietf.org/doc/draft-ietf-ippm-ioam-ipv6-options/07/) which
> includes the two suggested changes below.
> 
> Cheers, Frank
> 
>> -----Original Message-----
>> From: ippm <ippm-bounces@ietf.org> On Behalf Of Justin Iurman
>> Sent: Wednesday, 29 December 2021 15:09
>> To: Erik Kline <ek.ietf@gmail.com>
>> Cc: Marcus Ihlar <marcus.ihlar=40ericsson.com@dmarc.ietf.org>; IPv6 List
>> <ipv6@ietf.org>; ippm@ietf.org
>> Subject: Re: [ippm] WG Last Call for draft-ietf-ippm-ioam-ipv6-options
>> 
>> Hi ippm, 6man,
>> 
>> I do believe this document is almost ready, though it probably needs a new
>> version to address the following review comments.
>> 
>> 1) In section 4 ("In-situ OAM Metadata Transport in IPv6"), third paragraph, it
>> says:
>> 
>>   "In order for IOAM to work in IPv6 networks, IOAM MUST be explicitly
>>    enabled per interface on every node within the IOAM domain.  Unless a
>>    particular interface is explicitly enabled (i.e., explicitly
>>    configured) for IOAM, a router MUST drop packets that contain
>>    extension headers carrying IOAM data-fields.  This is the default
>>    behavior and is independent of whether the Hop-by-Hop options or
>>    Destination options are used to encode the IOAM data.  This ensures
>>    that IOAM data does not unintentionally get forwarded outside the
>>    IOAM domain."
>> 
>> I don't think "a router MUST drop packets" is correct. IOAM options are defined
>> with type "00", i.e., skip over this option and continue processing the header.
>> Instead, I would rather have something like "a router MUST ignore IOAM
>> options". Indeed, you don't want a node to drop packets with IOAM options,
>> when not configured, to keep consistency with the behavior of type "00". This is
>> the role of a firewall to drop packets if it detects IOAM injections or IOAM
>> leaks.
>> 
>> New text suggestion:
>> 
>>   "In order for IOAM to work in IPv6 networks, IOAM MUST be explicitly
>>    enabled per interface on every node within the IOAM domain.  Unless a
>>    particular interface is explicitly enabled (i.e., explicitly
>>    configured) for IOAM, a router MUST ignore IOAM Options.  As
>>    additional security, IOAM domains SHOULD provide a mechanism to
>>    prevent injections at ingress or leaks at egress."
>> 
>> Note that the last sentence could be omitted, as consideration #4 (see section
>> 5.1) already talks about it.
>> 
>> 2) Section 5.4.1 ("IPv6-in-IPv6 encapsulation") describes a hacky way to
>> encapsulate packets. Instead of using the egress as the outer destination
>> address, it uses the same destination address as the inner one. I understand the
>> pros of such a technique (i.e., same forwarding path), but it goes against
>> RFC2473 and, as a consequence, also against RFC8200. So, I don't think it should
>> be part of a standard. Since the "normal" IPv6-in-IPv6 use case is implicitly
>> included in the next section (5.4.2, "IP-in-IPv6 encapsulation with ULA"), I
>> think
>> section
>> 5.4.1 could/should be dropped.
>> 
>> Thanks,
>> Justin
>> 
>> On Dec 17, 2021, at 10:37 PM, Erik Kline ek.ietf@gmail.com wrote:
>> > +6MAN WG, just as an FYI
>> >
>> > On Fri, Dec 17, 2021 at 7:39 AM Marcus Ihlar
>> > <marcus.ihlar=40ericsson.com@dmarc.ietf.org> wrote:
>> >>
>> >> Hello IPPM,
>> >>
>> >> This email starts a Working Group Last Call on
>> >> draft-ietf-ippm-ioam-ipv6-options.
>> >>
>> >>
>> >>
>> >> https://datatracker.ietf.org/doc/draft-ietf-ippm-ioam-ipv6-options/
>> >>
>> >> https://datatracker.ietf.org/doc/html/draft-ietf-ippm-ioam-ipv6-optio
>> >> ns-06
>> >>
>> >>
>> >>
>> >> Please provide feedback by replying to this email with your reviews
>> >> and if you think this document is ready to progress, by Friday, January 14.
>> >>
>> >>
>> >>
>> >> Best Regards,
>> >>
>> >> Marcus & Tommy
>> >>
>> >> _______________________________________________
>> >> ippm mailing list
>> >> ippm@ietf.org
>> >> https://www.ietf.org/mailman/listinfo/ippm
>> >
>> > --------------------------------------------------------------------
>> > IETF IPv6 working group mailing list
>> > ipv6@ietf.org
>> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> > --------------------------------------------------------------------
>> 
>> _______________________________________________
>> ippm mailing list
>> ippm@ietf.org
> > https://www.ietf.org/mailman/listinfo/ippm