IETF Logo Mail Archive

Re: [ippm] Working Group Last Call: draft-ietf-ippm-ioam-data

Greg Mirsky <gregimirsky@gmail.com> Wed, 22 January 2020 06:52 UTC

Return-Path: <gregimirsky@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D5CE12006B for <ippm@ietfa.amsl.com>; Tue, 21 Jan 2020 22:52:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1G3kV8rXwejF for <ippm@ietfa.amsl.com>; Tue, 21 Jan 2020 22:52:05 -0800 (PST)
Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93EE5120013 for <ippm@ietf.org>; Tue, 21 Jan 2020 22:52:04 -0800 (PST)
Received: by mail-lf1-x129.google.com with SMTP id i23so4433780lfo.7 for <ippm@ietf.org>; Tue, 21 Jan 2020 22:52:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=rkNFCsXkqaN/B85VfxepJ8xkDKMmoVOFs+XZNvUMjgo=; b=e3h+Y8/btxioMM5Q7l9AG09z6PhxUB0HnC491JlDIRcQ1GEh9ETkqrHwu+ybc14LsZ Vb+Fc/Y8AHhgsOkZ+XMr3ONCuKQLxCXfWu9W91pcaIrBQ0iYK0O8LNkrP1peujhRK+lj LhjPa4Lft53qZzllmoLspgk+O0x0D4BDFW7l5MSQk0JU6TcI2HhkfkM2XEZXcvg5pLHX D5bPbNPfmv/g3OKNReGHxY7wGVW/AeMIppiO3sKMYRyNyyzunQbd/n3XG5mETdy0g/Sx ZXWi6orVSvBsg8HKD/ZE0ME/eflZ1mI6WYKQt67deM+rg9q43Adj6WtVbNb5UeefejdR XyjA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rkNFCsXkqaN/B85VfxepJ8xkDKMmoVOFs+XZNvUMjgo=; b=C6fRNLLwVlpCrTHA6ErN6iAjVB8RmqQq2QPdpOvRkCeGEDPpkyyFIqkgCXaLmOKW9W RO2hFINtxfSCAtYaFXdnpibObR9pb3kMM4gP4QgwcBuCSTd9HFoLMB7wEJwk7g1uo+GD q2pkkNUVRjzGtTwzuOnYoxb68wPIPyr2n1nhy3d9DWcQ21ieot6By1go/xjtt5XW9Yzq rufQiz193+NzFjlZaUjKULVM9kGfJkYAN7IbGytdjmVHYtEhc5v8bVO7b1hNuUcRxVgt jylYQZXIUCnEMAu8ny9HsgtC0PCYLmQ0VPnNs0OWjvPDsazi4iVxZYoGYw0uUBdRhyen P6ig==
X-Gm-Message-State: APjAAAVK+bNBqDLJJmFIfz4dkE7q4PTTZ/BoglVxXK9K7ly6hHFFc+d5 lbqYSrkb57K0qhpZKpjtd3JPFF95O1WUV82HF9CFyQ==
X-Google-Smtp-Source: APXvYqzjx5sN1l2GSsTqvCot24qadyDWXRHm5OQtwrQJV05+JCmYvrLC6cF2u2Kvz22SAOLT5Mk9Umc0cOZcyaQo49w=
X-Received: by 2002:ac2:4945:: with SMTP id o5mr867020lfi.93.1579675922746; Tue, 21 Jan 2020 22:52:02 -0800 (PST)
MIME-Version: 1.0
References: <E5725DE6-0637-4D52-BD61-2437D29D3C3B@apple.com> <CA+RyBmU8zgJzqA6USXY5jyQeGpV+6JZUntX5e0hkcjNEnvg3qA@mail.gmail.com>
In-Reply-To: <CA+RyBmU8zgJzqA6USXY5jyQeGpV+6JZUntX5e0hkcjNEnvg3qA@mail.gmail.com>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Tue, 21 Jan 2020 22:51:49 -0800
Message-ID: <CA+RyBmXf32P8cmCop0Mbqds5N7nUfQcP+czfD8cd-ZoSBgS7jQ@mail.gmail.com>
To: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
Cc: IETF IPPM WG <ippm@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003c4fc1059cb4f65b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/re0ZbQcpUjTICQ_fbs619ol3Gzg>
Subject: Re: [ippm] Working Group Last Call: draft-ietf-ippm-ioam-data
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jan 2020 06:52:07 -0000

Dear All,
I'd like to add a note on the scope of the Security Considerations section.
While it discusses the potential use of iOAM as the new DDOS attack vector,
I didn't find a discussion of the protection of integrity and
confidentiality of collected data. As I understand, please correct me if
I've missed that in other sections of the document, all data is collected
and transported in the clear text, no provisions for authentication or
encryption except for Proof-of-Transit. I think that in addition to
stressing the importance of protecting the integrity of clock
synchronization and of the management plane, possible ways of protecting
integrity and, possibly, the confidentiality of collected data must be
discussed in the document.

Regards,
Greg

On Tue, Jan 21, 2020 at 3:56 PM Greg Mirsky <gregimirsky@gmail.com> wrote:

> Dear All,
> please consider my comments to draft-ietf-ippm-ioam-data as part of IPPM
> WG Last Call:
>
>    - In Abstract and Section 3, Segment Routing is characterized, among
>    other networking technologies, as a transport. RFC 8402 defines Segment
>    Routing as a method to leverage the source routing paradigm. Where else
>    could the Segment Routing be defined as transport?
>    - Also, "native IPv6" is mentioned in the Abstract as transport. Could
>    it be just a reference to IPv6? What is the significance of singling out
>    "native IPv6"?
>    - Introduction section explains the "in-situ" term as
>
>    The term "in-situ" refers to the fact that the OAM
>    data is added to the data packets rather than is being sent within
>    packets specifically dedicated to OAM.
>
> But with the introduction of Loopback and Direct Export as iOAM behaviors,
> iOAM data are not added to the data packet. And how these new iOAM
> functions affect the definition of IOAM control points in Section 3?
>
>
>    - I-D.lapukhov-dataplane-probe referenced as describing "recent active
>    probing mechanisms". That could have been the case in 2016 when the draft
>    was last time updated. But has expired and has not been discussed or worked
>    for 3.5 years.
>    - In regard to the control over iOAM, text in Section 3 states "It
>    SHOULD be possible to enable IOAM on a selected set of traffic ..." Does
>    that mean that not providing the selective enabling of iOAM is an
>    acceptable option?
>    - Further in Section 3, the requirement for encapsulation independence
>    is using SHOULD "Data formats for IOAM SHOULD be defined in a
>    transport-independent manner." What are the examples of exceptions?
>    - section 4.4 introduces the notion of an "iOAM capable node". Which
>    of iOAM objects are expected to be supported by the iOAM capable node? If a
>    node doesn't support a sub-set of iOAM data types, would it still be
>    considered as iOAM capable?
>    - Section 4.4.1 I'm having a hard time figuring how the presence
>    of Opaque State Snapshot space can be deduced. The explanation in NodeLen
>    is not clear to me.
>    - The definitions of Bit 0 and Bit 8 of IOAM-Trace-Type differ only in
>    part of the latter specifying that the format is wide. What is the length
>    on data identified by Bit 0?
>    - Hop_limit in Section 4.4.2 is defined as
>
>         This is copied from the lower
>          layer, e.g., TTL value in IPv4 header or hop limit field from
>          IPv6 header of the packet when the packet is ready for
>          transmission.
> What is the value of Hop_Limit field if the lower level does not include
> TTL/Hop Limit field?
>
>
>    - Four octets are allocated for timestamp subseconds in Section 4.4.2.
>    Both PTP and NTP have formats that can provide a higher resolution of a
>    timestamp. That likely to be useful where a higher resolution of time
>    measurement, e.g. delay variation is needed (for example, URLLC
>    applications of 5G, TSN or DetNet). Can iOAM data be extended in the future
>    to support a different length of the subsecond field?
>    - What was the rationale to choose nanoseconds as the unit for transit
>    delay?
>    - How future proof is allocating four octets to express the length of
>    an egress queue (queue depth)? What should be the value if an iOAM node
>    cannot write the local value in four octets?
>    - Similar to the questions above but in regard to the buffer occupancy
>    field.
>    - Checksum Complement may be practical but it raises serious security
>    issues. I couldn't find these being identified and discussed in the
>    document.
>    - Section 5 defers the specification of the particular timestamp
>    format used in the given iOAM Namespace to the management plane. Does that
>    mean that all nodes in the given iOAM Domain must support the same format?
>    In other words, timestamps collected in the domain required to be in the
>    homogeneous format - either all in NTP, all in PTP, or all in POSIX. That
>    looks like unnecessary complexity and limitation and may cause lower
>    accuracy of time measurement as an iOAM node may be required to transform
>    from its native time format into the format chosen by the management plane.
>
> Regards,
> Greg
>
> On Tue, Jan 7, 2020 at 8:47 AM Tommy Pauly <tpauly=
> 40apple.com@dmarc.ietf.org> wrote:
>
>> Hello IPPM,
>>
>> Happy New Year! This email starts a working group last call for "Data
>> Fields for In-situ OAM" (
>> https://datatracker.ietf.org/doc/draft-ietf-ippm-ioam-data/).
>>
>> The last call will end on *Tuesday, January 21*. Please reply to
>> ippm@ietf.org with your reviews and comments. Please indicate whether
>> you think this document is ready for publication.
>>
>> Best,
>> Tommy (as co-chair)
>> _______________________________________________
>> ippm mailing list
>> ippm@ietf.org
>> https://www.ietf.org/mailman/listinfo/ippm
>>
>

v2.23.0 | Report a Bug | By Email