IETF Logo Mail Archive

Re: I-D Action: draft-han-6man-in-band-signaling-for-transport-qos-00.txt

Toerless Eckert <tte@cs.fau.de> Thu, 19 October 2017 21:16 UTC

Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AE7F132CE7 for <ipv6@ietfa.amsl.com>; Thu, 19 Oct 2017 14:16:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QAzCF62Vo6tZ for <ipv6@ietfa.amsl.com>; Thu, 19 Oct 2017 14:16:42 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E946F1321B6 for <ipv6@ietf.org>; Thu, 19 Oct 2017 14:16:41 -0700 (PDT)
Received: from faui40p.informatik.uni-erlangen.de (faui40p.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:77]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id F221A58C4B6; Thu, 19 Oct 2017 23:16:37 +0200 (CEST)
Received: by faui40p.informatik.uni-erlangen.de (Postfix, from userid 10463) id DA797B0CF16; Thu, 19 Oct 2017 23:16:37 +0200 (CEST)
Date: Thu, 19 Oct 2017 23:16:37 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: Tom Herbert <tom@herbertland.com>
Cc: 6man WG <ipv6@ietf.org>
Subject: Re: I-D Action: draft-han-6man-in-band-signaling-for-transport-qos-00.txt
Message-ID: <20171019211637.GB878@faui40p.informatik.uni-erlangen.de>
References: <150774513036.24791.2138264254901122467@ietfa.amsl.com> <cc11634a-b5a2-88b9-f36f-82b3fd9d8d70@gmail.com> <1D30AF33624CDD4A99E8C395069A2A162CD734B2@sjceml521-mbx.china.huawei.com> <a4da4b26-6402-ad0d-a5f5-5bddc192b8f7@gmail.com> <4E40E3EF-B0E5-490E-BFF2-0511D97E9E80@employees.org> <CALx6S341v1zd2Q9bts8-zrKxU59kieJTJJ=nHQ5w4oQZg=t_cA@mail.gmail.com> <17525287-DDA8-4930-B90B-F9228DF69A90@employees.org> <CALx6S37wLvuJ9tUGjYmzm63eq_bxq0jXSEgfCtH_2i74SvrbLA@mail.gmail.com> <20171017181646.GD31973@faui40p.informatik.uni-erlangen.de> <CALx6S34VRS4GumsFSqN8uDkv4TOLC8q+rOvyN=evUk83KPeHHg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CALx6S34VRS4GumsFSqN8uDkv4TOLC8q+rOvyN=evUk83KPeHHg@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/-88m8iTzWSNEsr4ii4aHinb0TjE>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Oct 2017 21:16:44 -0000

On Tue, Oct 17, 2017 at 12:38:52PM -0700, Tom Herbert wrote:
> The API does exist. OSes like Linux have implemented APIs described in
> RFC2292 and other common APIs.

>From limited experience in the past, support is fragmented and frustrating.
But we only tried to get a few of these things work across various OSs 
(including android, iOS) and ran into variety of issues. ANd that was all
from C. Once you try to go into python, Java or (yikes) javascript, the
likelyhood of getting access to any API not needed by 99% of stupid apps
becomes lower and lower.

> > that are not yet defined (allow apps to fully defined the whole header bit by bit).
> > Lets say from a javascript app in a browser. And i am more interested in ease of
> > adoption than in architectural cleanlyness. But of course its perfectly valid to
> > do the architectural clean appraoch and then prove me wrong and get that option
> > adopted more ;-))
> 
> It's not just about architectural cleanliness, it's about correctness.
> In the case that an intermediate node parses a UDP payload it is
> likely doing this based on the some common destination port number.
> Port numbers don't have global and persistent meaning (e.g. TCP port
> 80 does not always have to be HTTP) so this leads to the possibility
> of misinterpretation as described in RFC7605. If the node improperly
> writes data into the UDP payload and updates the checksum, then this
> becomes silent data corruption.

Preaching to the choir. Reminds me when i got from IANA one of those sparse < 512 port
number for router interception with the explicit intent to minimize use by
random other applications - only to run into some obnoxious folks a few years
later who said they had used (but of course never registered) that port forever
in their app and do not intend to change that.

> Extension headers do not have this
> possibility of misinterpretation in the network.

> This potential misinterpretation of UDP ports and many other issues
> with trying to turn UDP into a network layer protocol were brought up
> in the SPUD/PLUS discussions.

So....

I wish we would have ever gotten to the point where we could really discuss
how to best do inband signaling. Alas, SPUD/PLUS was killed way in before
by what i would characterize as a perpass crowd attack.

IMHO, any inband solution needs to well define an efficient way to do per-flow
signaling, aka: not only per-packet. We're talking about per-flow behavior
in many cases anyhow, and we well understand what can and can-not be done with
per-flow state in middleboxes.

Check out 2013 MALICE/DISCUSS which proposed to use STUN packets to
signal inband (not every data packet like SPUD but just some STUN packets), and rely on
STUN cookie as signature to recognize those inband signaling packets. 

If we agreed that we wanted per-flow inband signaling, then the STUN signature
would be great option to get going. And a redefined router-alert-NG IP extension
header might be the architectural correct "look-at-me" option long term.

Finally wrt. architectural cleanlyness: Per-flow service negotition IMHO is
clearly a transport layer function, there is no concept of 5-tuple flows
at IP layer. So there should be no reason to constrain it only to the network layer.
We just need to revisit over transport-layer is end-to-end-only dogma.

Cheers
    Toerless

> Tom
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

-- 
---
tte@cs.fau.de

v2.23.0 | Report a Bug | By Email