Re: [ippm] [**EXTERNAL**] Re: AD review of draft-ietf-ippm-stamp

Henrik Nydell <hnydell@accedian.com> Mon, 19 August 2019 17:55 UTC

Return-Path: <hnydell@accedian.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9938F12004F for <ippm@ietfa.amsl.com>; Mon, 19 Aug 2019 10:55:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level:
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=accedian-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tTrJ6jJG6RL5 for <ippm@ietfa.amsl.com>; Mon, 19 Aug 2019 10:55:53 -0700 (PDT)
Received: from mail-vs1-xe41.google.com (mail-vs1-xe41.google.com [IPv6:2607:f8b0:4864:20::e41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97DE812001E for <ippm@ietf.org>; Mon, 19 Aug 2019 10:55:53 -0700 (PDT)
Received: by mail-vs1-xe41.google.com with SMTP id q16so1762790vsm.2 for <ippm@ietf.org>; Mon, 19 Aug 2019 10:55:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=accedian-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Rwd20KXv8QOCiCz+V2PR325qgnyRbVCO1Tx0IZ2uTuQ=; b=bwF1FyFL5KDgXaUvYw2s/8ABDkFRV/cyu5zeNchRiI89IeQI7+/ZQLrdG6F5Gx0tur C8UCX3ZjX0ZfIEDIt3yUJ7b+ugfVht+d+yiv7ucXIsslowNaTleV6AlSXgsi9eL5sklD b/ApqERFfrlFsNavH+Xcix0y31PaNXqiosUT4rDl2FhIDSGKcM/sCvv0f7yHnn8kUdQg 5TUCAObehusRupesK0DvEGwokTCeexADUpttkmB4s+/TSre2rLv50w2bkdysB8aSiWwF n6ojqrhdmYDBgIXwnqruIu5eMzTP3BNLWmQITSbHVm/lBmR3Wb0xsMp1mA4nbB19tT0a 6gYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Rwd20KXv8QOCiCz+V2PR325qgnyRbVCO1Tx0IZ2uTuQ=; b=qRleZc9KP0gNEPRHXgTaUf7LYrRDcdJBZoyedPvkaloAa37QEpPckSUB4BbyzNeJy7 idsN5QXlDOg9eLnokVs0Che2m+WiLDup4zw157WO3O2mRqt2yt8lHMPxmMK3/yvKP3lm leaAUfJcm4DesG6ArhKx2ovXhL3QeHrI3eJJ9qpSMCj+1M3+KoIIuAkyv3xRwWIOhDL5 d4UyD0ENZEwQBmmE6WWB9dvhfGztHOJHEtLwpdkHnuhFnRym1AZtQsZU9Qz7f1ddf4cF VisHB+q3rTE/avV2vqNy7IAtPUwIP1RmHdSiBaYrHmUXjdDcQ7/lc3aa2fCdN73u9Mid N+2g==
X-Gm-Message-State: APjAAAUxT5+q2CbwxQrb067c8D0SzKrLVqvVJmOjvC47oF1AE8F5NAIx R7KT/1cFlolGAMcCcUIjjYVo/brld2sM+fKRkih2eyENEGMhn94zImJi1k+vSOlbU2LX3PtxdZ9 0h7U/15e8Gg==
X-Google-Smtp-Source: APXvYqw6hHPuyg6OMbnT2z7V3K4DHeZaFE460b0ZFnvY1QsrLZRveCKQtMPsOdmlBLfJ6NnP0AEe3pVFf17EAchybY8=
X-Received: by 2002:a67:2605:: with SMTP id m5mr14800673vsm.120.1566237352558; Mon, 19 Aug 2019 10:55:52 -0700 (PDT)
MIME-Version: 1.0
References: <B617B303-6EBE-4E3B-AE5C-1438FF1C5D7F@kuehlewind.net> <CA+RyBmVEmKQu=LGp9eVT+x5e01LCSk_A4tQD=RE8Ett-R35BVg@mail.gmail.com> <11938018-8A65-483B-8176-A6E1C2A265A3@kuehlewind.net> <CA+RyBmX=Jx2yXrMXu4Y2VKX36iKphymb1Hkyfy0XhPGFmsUGzQ@mail.gmail.com> <B8047CA0-2F5E-48F8-9BE4-3FA41D742F12@kuehlewind.net> <CA+RyBmXPCe7TZQqPgsKsVnifZDG8O8wGafDn-nzYfGpx2OiaXQ@mail.gmail.com> <F167C330-76F4-48FC-B720-415CA190239C@broadcom.com> <CA+RyBmVtfXcwqu1RH-1JXnhpCZcbGgm30ubKGctUPnLNJCgVZQ@mail.gmail.com> <CAMZsk6f=x1j_fXAoqZ874y0nw7Y1wP0OeS9eFuToSBQfrqkJLQ@mail.gmail.com> <CA+RyBmVWZ3utikyBRm4TDhRDuMd3cZ9-otbuX=Mbg0ioAGjwHg@mail.gmail.com> <CAMZsk6eJf2xjsRJwnBtd5KFHbwO4KX3gEjs_Nv1Dhf39ZWjegA@mail.gmail.com> <CA+RyBmXHTjpbWv4FGpOsfL94Zip3MsVvESyka5M8PrmNKFB=YQ@mail.gmail.com> <CAMZsk6dGneYXFr3Xk_DuQnbwa=-ObV_SNdGOSj1Z203wW-PzTg@mail.gmail.com> <CALhTbppn9jpCLaSLR3QSN=yA0uDyXXMCQ+Rm4qFrR5OrjS31Dw@mail.gmail.com> <CAMZsk6eidFR-doLCvMim6HJZ142q_Q0V7XmiLP6Ki5_jmNvUxw@mail.gmail.com> <CALhTbppD+GSRf2U_eSPfm4RkTC1-vm-+rfuVJUesHmFiPxmnGw@mail.gmail.com> <CAMZsk6e=eDds8fEWgqTs6anYb0m2jciZ7EHBtNtNWp3i6s+0=w@mail.gmail.com> <CH2PR04MB657072ABD626806915BC94F7CBAC0@CH2PR04MB6570.namprd04.prod.outlook.com> <CAMZsk6dSJABREi2RpLi7qg6ocvfr0fouhkDNisjS03D2ygXm_A@mail.gmail.com> <34941CF8-B658-4B15-A6BB-403457CD78CC@kuehlewind.net> <CAMZsk6cXcjLoc_sGbcrkgTM=cdcfA-hdLshqFEwH0zpTVQ=BwQ@mail.gmail.com>
In-Reply-To: <CAMZsk6cXcjLoc_sGbcrkgTM=cdcfA-hdLshqFEwH0zpTVQ=BwQ@mail.gmail.com>
From: Henrik Nydell <hnydell@accedian.com>
Date: Mon, 19 Aug 2019 19:55:40 +0200
Message-ID: <CALhTbpqkuiABchHhcSarbBv6aKYhMqzFY4E7XKxj_ML2jBLEhA@mail.gmail.com>
To: Rakesh Gandhi <rgandhi.ietf@gmail.com>
Cc: Mirja Kuehlewind <ietf@kuehlewind.net>, "Civil, Ruth" <gcivil@ciena.com>, Greg Mirsky <gregimirsky@gmail.com>, "rrahman@cisco.com" <rrahman@cisco.com>, Shahram Davari <shahram.davari@broadcom.com>, "draft-ietf-ippm-stamp@ietf.org" <draft-ietf-ippm-stamp@ietf.org>, IPPM Chairs <ippm-chairs@ietf.org>, IETF IPPM WG <ippm@ietf.org>, "draft-ietf-ippm-twamp-yang@ietf.org" <draft-ietf-ippm-twamp-yang@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000897c905907c0d81"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/qSotdc5Ct_FPRO02SUfy1G8MMyc>
X-Mailman-Approved-At: Mon, 19 Aug 2019 11:10:52 -0700
Subject: Re: [ippm] [**EXTERNAL**] Re: AD review of draft-ietf-ippm-stamp
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Aug 2019 17:55:58 -0000

I think the Yang model should not put too many restrictions in place for
the port used for the TWAMP-test packets, neither source nor destination
ports. Although some ports are indeed assigned to specific services, the
idea of a test function often is to be able to as closely as possible mimic
the patterns of a real service.

Limiting the port at the application (TWAMP/STAMP) level would not be the
solution to "securing" an internet service, each application needs to have
enough protection to not become disturbed by unknown packets. As an
example, neither Chrome nor Edge prevents me from entering URLs with
destination TCP ports that are reserved for other protocols. I moved my
private web server to port 88 (which is assigned to Kerberos, although I am
not using Kerberos) and both browsers were fine with letting me point to
SERVER:88





On Mon, Aug 19, 2019 at 6:38 PM Rakesh Gandhi <rgandhi.ietf@gmail.com>
wrote:

> Hi Mirja,
> Thanks for your comments, yes, such appropriate caveat can be added for
> the user port range in the TWAMP Yang mode.
>
> Thanks,
> Rakesh
>
>
> On Mon, Aug 19, 2019 at 11:25 AM Mirja Kuehlewind <ietf@kuehlewind.net>
> wrote:
>
>> Hi Rakesh,
>>
>> Just quickly a comment on this bit:
>>
>> > On 19. Aug 2019, at 17:12, Rakesh Gandhi <rgandhi.ietf@gmail.com>
>> wrote:
>> >
>> > TWAMP Yang model [draft-ietf-ippm-twamp-yang-13] can also support the
>> range to allow user ports. An example caveat is specified in
>> [draft-ietf-tram-turnbis-29]
>> > as "unless the TURN server application knows, through some means not
>> >    specified here, that other applications running on the same host as
>> the TURN server application will not be impacted by allocating ports
>> outside this range. "
>> >
>> I don’t think it is the same thing for turn and stamp/twamp.
>>
>> In turn you aim at actually opening a connection to a remote endpoint and
>> need to make sure that that endpoint is talking the same protocol as you
>> do. That remote endpoint might actually implement different services on
>> different ports.
>>
>> TWAMP is used for testing, therefore it could make sense to set up a
>> testing server that listens on exactly the same port as your application
>> would usually do. Yes, when using twamp on such ports, you have to make
>> sure that your twamp server does not implement another protocol on that
>> port but often these server are decided for testing only and preconfigured
>> in a respective way.
>>
>> Mirja
>>
>>
>>

-- 

*Henrik Nydell*
*Sr Product Manager*
1.866.685.8181
hnydell@accedian.com
<http://accedian.com>
<https://www.facebook.com/accedian/>  <https://twitter.com/Accedian>
<https://www.linkedin.com/company/accedian-networks?originalSubdomain=ca>
<http://www.accedian.com>
*accedian.com <http://accedian.com>*

-- 


Avis de confidentialité

Les
 informations contenues dans le présent 
message et dans toute pièce qui 
lui est jointe sont confidentielles et 
peuvent être protégées par le 
secret professionnel. Ces informations sont 
à l’usage exclusif de son ou
 de ses destinataires. Si vous recevez ce 
message par erreur, veuillez 
s’il vous plait communiquer immédiatement 
avec l’expéditeur et en 
détruire tout exemplaire. De plus, il vous est 
strictement interdit de 
le divulguer, de le distribuer ou de le reproduire 
sans l’autorisation 
de l’expéditeur. Merci.


Confidentiality notice

This

 e-mail message and any attachment hereto contain confidential 
information 
which may be privileged and which is intended for the 
exclusive use of its 
addressee(s). If you receive this message in error,
 please inform sender 
immediately and destroy any copy thereof. 
Furthermore, any disclosure, 
distribution or copying of this message 
and/or any attachment hereto 
without the consent of the sender is 
strictly prohibited. Thank you.