Re: I-D Action: draft-baker-ipv6-ospf-dst-flowlabel-routing-03.txt
Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 03 September 2013 04:57 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45B3121F9C76 for <ipv6@ietfa.amsl.com>; Mon, 2 Sep 2013 21:57:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.556
X-Spam-Level:
X-Spam-Status: No, score=-102.556 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oSqWOEVNbIST for <ipv6@ietfa.amsl.com>; Mon, 2 Sep 2013 21:57:02 -0700 (PDT)
Received: from mail-pa0-x22d.google.com (mail-pa0-x22d.google.com [IPv6:2607:f8b0:400e:c03::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 9A76E21F9CAF for <ipv6@ietf.org>; Mon, 2 Sep 2013 21:56:45 -0700 (PDT)
Received: by mail-pa0-f45.google.com with SMTP id bg4so5937006pad.32 for <ipv6@ietf.org>; Mon, 02 Sep 2013 21:56:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=DbkQi81TE1A8uRe/JO+/hij812O4vOEUqL1nJn3YXVY=; b=ZeDVsln1kSlut/iSeWCmees1bg96dr8AsmGjgF4G2ZWCUgNKM0gZWw1bNOoEdcADVv Kz2WUfK6P9dJbUMwklmv7Q6EwJ9wOmIRol+sdn4JfNaiMr/ZcaI8ghf14i3URPyqI3jk vKiy2wVufk2gfSqy0fI1WFGJByLu0S7UezSyOBz4zaA7sPj9NotnW6XleLBWu9C4q1CF c56uaxbxFsZ4BbAWuXpjjFn6ji/E0s/cjkl4Sv/OrxcSaN/1031l0AtreYxzOwAYyRDi /oSfWkwD9UmwvIiqDKE2oZZAby1Jg8sP32ITfwma9AL6mxSlix4XddBvv9PjDt14KVY6 Mb4g==
X-Received: by 10.66.179.143 with SMTP id dg15mr29909808pac.52.1378184201055; Mon, 02 Sep 2013 21:56:41 -0700 (PDT)
Received: from [192.168.178.20] (27.200.69.111.dynamic.snap.net.nz. [111.69.200.27]) by mx.google.com with ESMTPSA id qa9sm19730010pbc.7.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 02 Sep 2013 21:56:40 -0700 (PDT)
Message-ID: <52256C08.20204@gmail.com>
Date: Tue, 03 Sep 2013 16:56:40 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: "Fred Baker (fred)" <fred@cisco.com>
Subject: Re: I-D Action: draft-baker-ipv6-ospf-dst-flowlabel-routing-03.txt
References: <20130828154148.2174.50810.idtracker@ietfa.amsl.com> <52252A6D.8090608@gmail.com> <8C48B86A895913448548E6D15DA7553B9D2766@xmb-rcd-x09.cisco.com>
In-Reply-To: <8C48B86A895913448548E6D15DA7553B9D2766@xmb-rcd-x09.cisco.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: 6man <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Sep 2013 04:57:03 -0000
On 03/09/2013 14:49, Fred Baker (fred) wrote:
> I thought we had been over this ground and come up with text you found acceptable? Did I inadvertently change it, or are you just bringing up the topic again?
I looked at the new drafts, and concluded that a little explanation
would be useful - it seems to me that if the point is made explicit,
there is much less likelihood of confusing the implementors. Really
what it says is "RFC6437 is flexible enough to allow this".
Note, I'm quite happy with your proposals.
Brian
> On Sep 2, 2013, at 5:16 PM, Brian E Carpenter <brian.e.carpenter@gmail.com>
> wrote:
>
>> Hi,
>>
>> The IPv6 flow label is defined by RFC 6437. This isn't just an editorial
>> correction - the rules about how to set the flow label are in 6437,
>> not in 2460.
>>
>> I believe that this draft (and draft-baker-ipv6-isis-dst-flowlabel-routing)
>> needs some extra text explaining how it's compatible with the flow label
>> specification. I don't think there's any problem, it just needs a little
>> explanation.
>>
>> We're talking about a 20-bit authorization token, which I assume would
>> be an unpredictable value, such that there is only a one-per-million
>> chance of an off-path attacker guessing it. So a pesudo-random value is
>> needed, and from the RFC 6437 point of view that is just fine.
>>
>> That means we can say something like the following:
>>
>> According to [RFC6437], a flow is "a sequence of packets sent from a
>> particular source to a particular unicast, anycast, or multicast destination
>> that a node desires to label as a flow." It is not necessarily in 1:1
>> correspondence with a single transport connection. Using a given label
>> (in this case an authorization token) for all traffic to a given destination
>> is compatible with this definition. In fact [RFC6437] allows for, but does
>> not define, uses of the flow label that rely on pre-established flow-specific
>> state, and route authorization is an example of such stateful usage.
>> Assuming the authorization token will have a pseudo-random value, it will
>> also serve well for the load balancing scenarios described in [RFC6437].
>>
>> Also one warning: there are rumours of firewalls that will change or clear
>> flow labels. This would break the authorization token.
>>
>> Regards
>> Brian
>
- Re: I-D Action: draft-baker-ipv6-ospf-dst-flowlab… Brian E Carpenter
- Re: I-D Action: draft-baker-ipv6-ospf-dst-flowlab… Fred Baker (fred)
- Re: I-D Action: draft-baker-ipv6-ospf-dst-flowlab… Brian E Carpenter
- RE: I-D Action: draft-baker-ipv6-ospf-dst-flowlab… Duncan, Richard (Jeremy)