Re: [ippm] Erik Kline's Discuss on draft-ietf-ippm-ioam-ipv6-options-09: (with DISCUSS and COMMENT)
Martin Duke <martin.h.duke@gmail.com> Fri, 17 March 2023 16:54 UTC
Return-Path: <martin.h.duke@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A61BCC1522C8; Fri, 17 Mar 2023 09:54:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.094
X-Spam-Level:
X-Spam-Status: No, score=-7.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LZ8SwfbzpYE3; Fri, 17 Mar 2023 09:54:36 -0700 (PDT)
Received: from mail-vs1-xe36.google.com (mail-vs1-xe36.google.com [IPv6:2607:f8b0:4864:20::e36]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2C0EC1522D9; Fri, 17 Mar 2023 09:54:36 -0700 (PDT)
Received: by mail-vs1-xe36.google.com with SMTP id w20so1340499vsa.8; Fri, 17 Mar 2023 09:54:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1679072075; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=2Atuhsd1EkTIfxIiDxObw2oYfYA0iVvtx/u/drW6ax0=; b=O7Bb+/6vok1iTW2DQDPhdAHlzIZZPL8vHap3zZB+nBmreQFxq1ceAqr7prI/diDcy+ fzyFaddSVbXDOT5y/yJY0/BN6Yfjxt8OK9WU3XsaZl5W7zEdeqTIGA7d+tTs2PiEsU9d lqdJkvpa3FQGW/uPCcW1yZI26RhHPLWM4xZH3ik3FiaNvLoClyKaE1AHFi85pwtdWitM VoS6gsgn8yoXetAgtTJZClXFZXbOO2DCUSJV/DNI1qNBS4/8HYtwm/zMpt4bRm81a0ZD TLGFiCYiAqxM35gAugeqNMcNfa2BCCFJrs+yY/IKom1VpM6QQFKSmWp7w+ZIC2JyjzuG WUXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679072075; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=2Atuhsd1EkTIfxIiDxObw2oYfYA0iVvtx/u/drW6ax0=; b=pnjbdgGL23uf170Wzp0tHsWgb4KJx/paG0az+8uaQhdac3GmRNIY6lvENmSL3bT67U rhYU+D/dtABk9pfnYAOmkL2wNieP2fflOe8cetRSczuYjXfRsGe/YNbCObVm357lgzRa oCdeXV1kZtoLQcAZY5RwRvcnWR3K2Glu2I61Q3hm5KkHXaDDQCXL//iHYW/RDjsL8o2m CMcBsyZYebnrfUwRLbKB+HPuivY3tE2HlVMEKL3kuReXbvzGgnqN2pCgedMIbGjiwQB/ Xe+ZctxEjC/B2hjU6awYcwCzUAq7OP9iPfxg437LpQH3277GthJ3uSucb7JpHr/VVGUA ownA==
X-Gm-Message-State: AO0yUKUoFctonImA645/QBXBskr79Qrf2xa3OC06/fybOnD/BC0RtrzS Gx3hndo9H53dBTsUpl0vakHu+zO0BnJ8/6fpMuQ=
X-Google-Smtp-Source: AK7set+kPEGYr1EMcZrM7JXtsK6k5nKifBbNQAUv0DHAukoLXwKw/FKdMNQdI3+dSZwYQegJZ6ttM38yw8ztVHnqUX0=
X-Received: by 2002:a67:c21b:0:b0:411:a740:c3ea with SMTP id i27-20020a67c21b000000b00411a740c3eamr352835vsj.0.1679072075304; Fri, 17 Mar 2023 09:54:35 -0700 (PDT)
MIME-Version: 1.0
References: <166987457506.51565.101426441168688104@ietfa.amsl.com> <CAMGpriX5pKoxfx+gDWdwmESY8tpiQdUV21eU5qG8f4+2x_fvFw@mail.gmail.com> <MWHPR11MB131132B6A76EC85A65930993DAF09@MWHPR11MB1311.namprd11.prod.outlook.com>
In-Reply-To: <MWHPR11MB131132B6A76EC85A65930993DAF09@MWHPR11MB1311.namprd11.prod.outlook.com>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Fri, 17 Mar 2023 09:54:24 -0700
Message-ID: <CAM4esxSSf6gT4Nsa9-jLJ7Atza2e7R_D09Rir_i_0rji8Giqjg@mail.gmail.com>
To: "Frank Brockners (fbrockne)" <fbrockne=40cisco.com@dmarc.ietf.org>
Cc: Erik Kline <ek.ietf@gmail.com>, The IESG <iesg@ietf.org>, "draft-ietf-ippm-ioam-ipv6-options@ietf.org" <draft-ietf-ippm-ioam-ipv6-options@ietf.org>, "ippm-chairs@ietf.org" <ippm-chairs@ietf.org>, "ippm@ietf.org" <ippm@ietf.org>, "marcus.ihlar@ericsson.com" <marcus.ihlar@ericsson.com>
Content-Type: multipart/alternative; boundary="00000000000099d48105f71b6e9f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/xWJ3ZKfA1QLpiZtoQ-L_cu7xTZE>
Subject: Re: [ippm] Erik Kline's Discuss on draft-ietf-ippm-ioam-ipv6-options-09: (with DISCUSS and COMMENT)
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Mar 2023 16:54:40 -0000
Erik, does the latest version of this draft address your DISCUSS? On Fri, Dec 30, 2022 at 6:42 AM Frank Brockners (fbrockne) <fbrockne= 40cisco.com@dmarc.ietf.org> wrote: > Hi Erik, > > Thanks a lot for your review. Please see inline. > > > -----Original Message----- > > From: Erik Kline <ek.ietf@gmail.com> > > Sent: Thursday, 1 December 2022 07:36 > > To: Erik Kline <ek.ietf@gmail.com> > > Cc: The IESG <iesg@ietf.org>; draft-ietf-ippm-ioam-ipv6-options@ietf.org > ; > > ippm-chairs@ietf.org; ippm@ietf.org; marcus.ihlar@ericsson.com > > Subject: Re: Erik Kline's Discuss on > draft-ietf-ippm-ioam-ipv6-options-09: (with > > DISCUSS and COMMENT) > > > > I reviewed what approach SRH took w.r.t. AH. It might suffice if this > document > > added a section like RFC 8754 S7.5, but I'm not sure yet. > > Something to think about, though... > > ...FB: SRv6 and IOAM are indeed similar in their deployment focus. The > both operate in limited domains (per RFC8799). And much like you, IMHO the > approach would solve the issue with AH. > > Following your suggestion, we could add a section to > draft-ietf-ippm-ioam-ipv6-options similar to RFC 8754 S7.5 that explains > that due to IOAM's focus on limited domains only, IOAM only applies to > deployments which do not use the Authentication Header. Operators who > desire to protect the integrity of IOAM data, could leverage > draft-ietf-ippm-ioam-data-integrity. > Is this approach generally agreeable? If so we'll add it to the next > revision. > > In addition, I fully agree to your note about clarifying that the IOAM > encapsulating node MUST add the entire IPv6 option data - including fields > that are supposed to be updated by other nodes. > > And a side note: Dropping support for the "incremental trace option" for > IPv6 could be done of course, but would be really unfortunate, because we > limit the applicability of IOAM. The option was created to help with > efficient hardware implementations of IOAM. For hardware it is much easier > to write to a fixed location in the packet (along with splitting and > re-joining the parts) rather than do a pointer lookup of where to insert > the data and then fill in the data. BTW - Below you state that > "Specifically, only the Option Data (not Option Length) is allowed to > change": Could you point me to the paragraph in RFC 8200 that forbids the > change in length? I did not find any text to that regard. > > Thanks, Frank > > > > > > On Wed, Nov 30, 2022 at 10:02 PM Erik Kline via Datatracker > > <noreply@ietf.org> wrote: > > > > > > Erik Kline has entered the following ballot position for > > > draft-ietf-ippm-ioam-ipv6-options-09: Discuss > > > > > > When responding, please keep the subject line intact and reply to all > > > email addresses included in the To and CC lines. (Feel free to cut > > > this introductory paragraph, however.) > > > > > > > > > Please refer to > > > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-posi > > > tions/ for more information about how to handle DISCUSS and COMMENT > > > positions. > > > > > > > > > The document, along with other ballot positions, can be found here: > > > https://datatracker.ietf.org/doc/draft-ietf-ippm-ioam-ipv6-options/ > > > > > > > > > > > > ---------------------------------------------------------------------- > > > DISCUSS: > > > ---------------------------------------------------------------------- > > > > > > # Internet AD comments for draft-ietf-ippm-ioam-ipv6-options-09 > > > CC @ekline > > > > > > * Thanks to 6MAN chairs Bob, Ole, and Jen for their last-minute > > > "IPv6 Directorate" reviews. Some of their comments are reflected > below. > > > > > > * There was kind of leaning toward concluding that the rewriting of a > > > Hop-by-Hop option's size was both against the spirit of RFC 8200 and > > > not actually against the letter. I'm not sure that's actually the > case > > > and so my biggest DISCUSS is this point (more below). > > > > > > ## Discuss > > > > > > ### S4 > > > > > > * I don't think the Incremental Trace Option is something that can be > > > supported by current text in RFC 8200. While is makes sense to have > this > > > behavior described in RFC 9197, I don't think IPv6 HbH can support > it. > > > > > > My rationale for seeing this as a protocol violation is as follows. > > > > > > - RFC 8200 S4.2 says this about the on-path mutability bit and the > > > expectations that result: > > > > > > """ > > > The third-highest-order bit of the Option Type specifies whether > or > > > not the Option Data of that option can change en route to the > > > packet's final destination. When an Authentication header is > present > > > in the packet, for any option whose data may change en route, its > > > entire Option Data field must be treated as zero-valued octets > when > > > computing or verifying the packet's authenticating value. > > > """ > > > > > > - Specifically, only the Option Data (not Option Length) is > allowed to > > > change. Any AH header, for example, would still have processed > the > > > entire option with only the Data being zeroed -- the existence > of the > > > option and the length of it would still have been part of the AH > > > computation. > > > > > > Unless there's some misunderstanding here I think this option would > need > > > removing from the document. > > > > > > * I think text needs to be added to make it clear that whatever > options are > > > used they MUST be added, though not necessarily "filled in", by the > > > originator of the packet (the node bearing the interface assigned the > > > outermost Source Address). > > > > > > The reasoning here again is the defined behavior of AH processing. > Any > > > options, even on-path mutable ones, MUST be present in the Hop-by-Hop > > > option when an AH is computed. > > > > > > > > > ---------------------------------------------------------------------- > > > COMMENT: > > > ---------------------------------------------------------------------- > > > > > > > > > ## Comments > > > > > > ### S5.1 > > > > > > * In C2: "domain SHOULD ensure that the addition of OAM information > does > > not > > > lead to fragmentation of the packet" > > > > > > This should probably be rephrased to be more IPv6-compatible (as > there is > > > no on-path fragmentation). Perhaps: > > > > > > "does not lead to an ICMP Packet To Big error message being sent to > the > > > originator and the packet being dropped" > > > > > > or something to that effect. > > > > > > * Also in C2: "exceeds the packet size beyond PTMU" in the domain, etc. > > > > > > It may be worth noting that any single node can only know the > configured > > > MTU of its outgoing links, and that this is why it MUST be a > domain-managed > > > parameter. > > > > > > * C3 appears to create a requirement for some very deep packet > inspection on > > > IOAM domain egress. > > > > > > Also, if there's going to be talk of ICMPv6 you probably need to add > a > > > reference to RFC 4443. > > > > > > * With respect to C4, I'd defer to the other IESG comments. > > > > > > * C5: this seems like it might be important for a Standards Track > feature? > > > > > > If it were Experimental, perhaps, then there could be text saying > that > > > learning how this might best be done was an expected outcome of the > > > experiment? > > > > > > > > > >
- [ippm] Erik Kline's Discuss on draft-ietf-ippm-io… Erik Kline via Datatracker
- Re: [ippm] Erik Kline's Discuss on draft-ietf-ipp… Erik Kline
- Re: [ippm] Erik Kline's Discuss on draft-ietf-ipp… Frank Brockners (fbrockne)
- Re: [ippm] Erik Kline's Discuss on draft-ietf-ipp… Martin Duke
- Re: [ippm] Erik Kline's Discuss on draft-ietf-ipp… Martin Duke