IETF Logo Mail Archive

Re: [ippm] Call for adoption: draft-xiao-ippm-ioam-conf-state

Greg Mirsky <gregimirsky@gmail.com> Wed, 18 November 2020 08:36 UTC

Return-Path: <gregimirsky@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 270F03A168D; Wed, 18 Nov 2020 00:36:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ErOIB1kKTMvk; Wed, 18 Nov 2020 00:36:13 -0800 (PST)
Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCC143A167E; Wed, 18 Nov 2020 00:36:12 -0800 (PST)
Received: by mail-lf1-x12e.google.com with SMTP id u18so1736010lfd.9; Wed, 18 Nov 2020 00:36:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=7PuCKVgd4nu04duubG5n4bjExsjdrn5G8q2wlJpOUbs=; b=pIR6yewnmzzqfmRABF38PsvXVZMNNJWiHxzqDprs1lYk4lsgBIvFVrWUpEVtSWeHVZ A1mOgTu8UgM2amhQ26Pi0Lm2dlrY7OIVOae8R1uM8ibFmNrwIVcmZiZDw02ybl6HpYBb mypoOnar793X5czr9SiGB6KwTGTDQzlCXI+wVobgoLxKuyoTiEoKe87//ATGo0pSAVjl C3sDy+0tFEfy9PD6Ce3Cue3irIGoehANhRmMFsxQau1s+fJ5hpcAOwl8CeQj03Asxxlg I5DgNwXTCj2VL17RRShkBDBpZScg6fc84mVSb+JKGzg0Je8A2zTmtHzl4xOmZwaDYJlY spRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=7PuCKVgd4nu04duubG5n4bjExsjdrn5G8q2wlJpOUbs=; b=MuaxRXdnEZLrTBBdp8j5r6x5jsGpifWZMPpS7X93D34IvPKB5fiPwwGtQNq+uL6l1S PrdUYBiOJAeSlsoLRStOrXC5GXu1rMbj5WcH1bJ6zS6O+bfD0hnFZNPfhQoU41QPZSBF HYL+WWVwspg9I7sOOZYhZt+cv71CHC6HbnK1SaG5+DKehOn4tBIKNkdriyv1Jh35RGBQ GoyDSZKPT6MaS+T68Awr9xJeuAqSd+fZ4Gdmv86Z5Ycy8HH7eNn/LTvd6FJp3FdMyI2P eV5GGaHgRykvyEacecpwps5pJPUE/c0Un7t28mndlY7/jdNKzsSmFqqVxJ2VgPvGsSBp ydGw==
X-Gm-Message-State: AOAM531lanT+vLgKt0DwpCtQUVvF5+MfPBEQH0786qUx3QU71h+MZDoW hVhFAt2w5CX0rT8UPTJyD4imeylB5kb65u2eWl0=
X-Google-Smtp-Source: ABdhPJy4lb1ERTdY1dR12zLEdckK+KgbOlxKlDVptCWt37ql5cejWIrtIsX/H1n091hcDeLCMxUqLBlUjqpHMcqkhEw=
X-Received: by 2002:ac2:46cc:: with SMTP id p12mr3074721lfo.56.1605688570876; Wed, 18 Nov 2020 00:36:10 -0800 (PST)
MIME-Version: 1.0
References: <C7C2E1C43D652C4E9E49FE7517C236CB02CBEA49@dggeml529-mbx.china.huawei.com> <202011181557167521943@zte.com.cn>
In-Reply-To: <202011181557167521943@zte.com.cn>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Wed, 18 Nov 2020 00:35:59 -0800
Message-ID: <CA+RyBmWOJxcaO=Oqnw8+_jo3HZC7d7iC7S9EuUtzGyYCSp=SSA@mail.gmail.com>
To: Xiao Min <xiao.min2@zte.com.cn>
Cc: "Chengli (Cheng Li)" <c.l@huawei.com>, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>, IPPM Chairs <ippm-chairs@ietf.org>, "Frank Brockners (fbrockne)" <fbrockne=40cisco.com@dmarc.ietf.org>, IETF IPPM WG <ippm@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e3190d05b45d80fe"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/stsSXeqNS3nVxvpUBRxsqeASjoI>
Subject: Re: [ippm] Call for adoption: draft-xiao-ippm-ioam-conf-state
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2020 08:36:15 -0000

Dear All,
I agree with Xiao Min's suggestion that IGP may be not the most effective
mechanism to collect information about a node's IAOM capability. Consider
the case when IOAM capability is controlled by a local policy that controls
the type of information available to different sources within an IOAM
domain. I think that it would be much more challenging to reflect that
through IGP than to discover that using ICMP.

Regards,
Greg

On Tue, Nov 17, 2020 at 11:57 PM <xiao.min2@zte.com.cn> wrote:

> Hi Cheng,
>
>
> I don't really understand your concern.
>
> ICMPv6 is a mature protocol mechanism, and IOAM function is limited in a
> trusted domain, then using ICMPv6 to discover IOAM capabilities wouldn't
> introduce any big challenge on security and privacy.
>
> I don't think IGP is better than ICMPv6 in this case. Firstly, flooding
> IOAM capabilities throughout the IGP domain is too heavy and unnecessary in
> my view. Secondly, IGP domain and IOAM domain don't always have the same
> coverage, one example is that when the IOAM encapsulating node is a host
> IGP flooding doesn't work for it.
>
>
> Best Regards,
>
> Xiao Min
> 原始邮件
> *发件人:*Chengli(ChengLi)
> *收件人:*Chengli (Cheng Li);肖敏10093570;
> *抄送人:*ippm-chairs@ietf.org;ippm@ietf.org;fbrockne=
> 40cisco.com@dmarc.ietf.org;tpauly=40apple.com@dmarc.ietf.org;
> *日 期 :*2020年11月17日 17:53
> *主 题 :**RE: [ippm] Call for adoption: draft-xiao-ippm-ioam-conf-state*
>
> I meantI don’t think we can detect the (Non Routing ) capabilities of a
> node in another domain. Sorry for the typo.
>
>
>
> *From:* ippm [mailto:ippm-bounces@ietf.org]*On Behalf Of *Chengli (Cheng
> Li)
> *Sent:* Tuesday, November 17, 2020 4:09 PM
> *To:* xiao.min2@zte.com.cn
> *Cc:* ippm-chairs@ietf.org; ippm@ietf.org; fbrockne=
> 40cisco.com@dmarc.ietf.org; tpauly=40apple.com@dmarc.ietf.org
> *Subject:* Re: [ippm] Call for adoption: draft-xiao-ippm-ioam-conf-state
>
>
>
> Hi Min,
>
>
>
> That is also my understanding. IOAM is limited in a trusted domain.
>
>
>
> But ICMP can be used in the global Internet? I don’t think we can detect
> the capabilities of a node in another node. Privacy and security will be a
> big challenge.
>
>
>
> So personally I prefer IGP/BGP/BGP-LS or NETCONF/YANG way.
>
>
>
> Thanks,
>
> Cheng
>
>
>
>
>
>
>
> *From:*xiao.min2@zte.com.cn [mailto:xiao.min2@zte.com.cn
> <xiao.min2@zte.com.cn>]
> *Sent:* Tuesday, November 17, 2020 3:52 PM
> *To:* Chengli (Cheng Li) <c.l@huawei.com>
> *Cc:* fbrockne=40cisco.com@dmarc.ietf.org;
> tpauly=40apple.com@dmarc.ietf.org;ippm@ietf.org; ippm-chairs@ietf.org
> *Subject:* Re:[ippm] Call for adoption: draft-xiao-ippm-ioam-conf-state
>
>
>
> Hello Cheng,
>
>
>
> I noticed that Frank has submitted an In-situ OAM deployment draft within
> OPSAWG, in section 3 of that draft it says:
>
> "
>
> IOAM is a network domain specific feature, with "network domain"
>
>    being a set of network devices or entities within a single
>
>    administration.  IOAM is not targeted for a deployment on the global
>
>    Internet.  The part of the network which employs IOAM is referred to
>
>    as the "IOAM-Domain".
>
> "
>
> To my understanding, the IOAM data is collected only within a trusted
> domain, of course, Frank can correct me if I'm wrong.
>
> For your convenience, the link for this quoted draft is provided as below.
>
> https://tools.ietf.org/html/draft-brockners-opsawg-ioam-deployment
>
>
>
> Best Regards,
>
> Xiao Min
>
> 原始邮件
>
> *发件人:*Chengli(ChengLi)
>
> *收件人:*Frank Brockners (fbrockne);Tommy Pauly;IETF IPPM WG (ippm@ietf.org);
>
> *抄送人:*IPPM Chairs;
>
> *日**期**:*2020年11月16日 17:28
>
> *主**题**:Re: [ippm] Call for adoption: draft-xiao-ippm-ioam-conf-state*
>
> _______________________________________________
> ippm mailing list
> ippm@ietf.org
> https://www.ietf.org/mailman/listinfo/ippm
>
> I have one simple question like I mentioned in the meeting: Is it secure
> to discover the non-routing capabilities info from the data plane?
>
>
>
> For instance, a packet may travel several network domains, and the trusted
> scope is only within each domain. When we use ICMP Ping, we can get the
> non-routing info from other domains. Is it OK to do it?  I think we should
> consider more about security and privacy.
>
>
>
> Furthermore, can we collect the IOAM data in multiple domain scenarios? Or
> only within a trusted domain?
>
>
>
> Thanks,
>
> Cheng
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *From:* ippm [mailto:ippm-bounces@ietf.org <ippm-bounces@ietf.org>]*On
> Behalf Of*Frank Brockners (fbrockne)
> *Sent:* Monday, November 16, 2020 3:13 PM
> *To:* Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>; IETF IPPM WG (
> ippm@ietf.org) <ippm@ietf.org>
> *Cc:* IPPM Chairs <ippm-chairs@ietf.org>
> *Subject:* Re: [ippm] Call for adoption: draft-xiao-ippm-ioam-conf-state
>
>
>
> Hello IPPM,
>
>
>
> per what I mentioned during the IPPM WG meeting today, I don’t think we
> should adopt the document before we have a couple of key questions resolved:
>
>
>
> * Why can’t we use Netconf/YANG (with the existing capabilities discovery
> process – a la RFC 6241) to retrieve the IOAM capabilities of IOAM nodes?
> E.g. the encapsulating node (as a NC client) could retrieve the IOAM
> capabilities from other IOAM nodes  (acting as a NC server). Plus there is
> already a YANG model in flight for IOAM (draft-zhou-ippm-ioam-yang-08). At
> a minimum I would have expected that the draft discusses why NC/YANG is not
> suitable for the scenario that the authors have in mind. The slides (
> https://datatracker.ietf.org/meeting/109/materials/slides-109-ippm-echo-requestreply-for-enabled-ioam-capabilities-00)
> that were presented in the IPPM WG meeting today, mention “Changed from
> “IOAM Configuration Data” to “Enabled IOAM Capabilities” since the former
> is too associated with NETCONF/YANG.” IMHO we need a bit more than just
> wordsmithing.
>
>
>
> * While the draft uses IOAM capabilities discovery as the use-case, in
> more general terms, it proposes to add management/ops capabilities to
> echo-request/reply protocols like ICMP, which is a much broader topic. The
> TLV structures which are proposed to be added to echo-requests and
> echo-replies could obviously be leveraged for other use-cases. Does the
> work really fit the scope of the IPPM WG?
>
>
>
> Thanks, Frank
>
>
>
> *From:* ippm <ippm-bounces@ietf.org>*On Behalf Of*Tommy Pauly
> *Sent:* Freitag, 30. Oktober 2020 19:46
> *To:* IETF IPPM WG (ippm@ietf.org) <ippm@ietf.org>
> *Cc:* IPPM Chairs <ippm-chairs@ietf.org>
> *Subject:* [ippm] Call for adoption: draft-xiao-ippm-ioam-conf-state
>
>
>
> Hello IPPM,
>
>
> This email starts a Working Group call for adoption
> for draft-xiao-ippm-ioam-conf-state. This document has been presented
> several times and discussed within the working group in the context of our
> overall IOAM work.
>
> The document can be found here:
>
> https://tools.ietf.org/html/draft-xiao-ippm-ioam-conf-state-07
> <https://tools.ietf.org/html/draft-zhou-ippm-ioam-yang-08>
>
> Please provide your feedback on these document, and state whether or not
> you believe the IPPM WG should adopt this work by replying to this email.
> Please provide your feedback by the start of the IETF 109 meeting week, on *Monday,
> November 16*.
>
> Best,
> Tommy & Ian
>
>
>
>
> _______________________________________________
> ippm mailing list
> ippm@ietf.org
> https://www.ietf.org/mailman/listinfo/ippm
>

v2.23.0 | Report a Bug | By Email