Re: Joel Jaeggli's Discuss on draft-ietf-6man-ext-transmit-04: (with DISCUSS and COMMENT)
joel jaeggli <joelja@bogus.com> Tue, 08 October 2013 22:39 UTC
Return-Path: <joelja@bogus.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BBD621F93F3; Tue, 8 Oct 2013 15:39:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tKg4tIEI7VVP; Tue, 8 Oct 2013 15:39:53 -0700 (PDT)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by ietfa.amsl.com (Postfix) with ESMTP id 3215F21F90AF; Tue, 8 Oct 2013 15:39:46 -0700 (PDT)
Received: from mb-aye.corp.zynga.com ([199.48.105.4]) (authenticated bits=0) by nagasaki.bogus.com (8.14.4/8.14.4) with ESMTP id r98Mdg4f022734 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 8 Oct 2013 22:39:42 GMT (envelope-from joelja@bogus.com)
Content-Type: multipart/signed; boundary="Apple-Mail=_8F8C117B-F800-4EC6-A768-981DEB6AE39D"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
Subject: Re: Joel Jaeggli's Discuss on draft-ietf-6man-ext-transmit-04: (with DISCUSS and COMMENT)
From: joel jaeggli <joelja@bogus.com>
In-Reply-To: <52548305.4080909@cisco.com>
Date: Tue, 08 Oct 2013 15:39:39 -0700
Message-Id: <03355A6D-EE6A-45BC-8E4C-DDB2F20E8B88@bogus.com>
References: <20131008071948.25649.48005.idtracker@ietfa.amsl.com> <525457C1.5030503@gmail.com> <E93EBFCB-54C3-44D3-8126-8439AD15046E@bogus.com> <525460CF.108@gmail.com> <21DD9C6E-287F-4D18-B3F5-3FE01C5351E5@bogus.com> <52548305.4080909@cisco.com>
To: Benoit Claise <bclaise@cisco.com>
X-Mailer: Apple Mail (2.1510)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (nagasaki.bogus.com [147.28.0.81]); Tue, 08 Oct 2013 22:39:42 +0000 (UTC)
Cc: 6man-chairs@tools.ietf.org, draft-ietf-6man-ext-transmit@tools.ietf.org, ipv6@ietf.org, The IESG <iesg@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Oct 2013 22:39:54 -0000
On Oct 8, 2013, at 3:11 PM, Benoit Claise <bclaise@cisco.com> wrote: > FYI, there is a middlebox definition at http://tools.ietf.org/html/rfc3303#section-2.1 > yes I'm aware of it… As with discussion that dwells on the question of what was an ip router of the future expected to be like in 1994 and although it is temporally nearer, if there are no devices that any longer meets a strictly definition of a router (and the MIDCOM Architecture and Framework does not define router, middlebox taxonomy (3234) did, brian wrote that, 1812 does), then there are no routers anymore. only middleboxes. If you like 1812 (and who doesn't). the transport layer ACLs are already in there. and thusly we're back here having as dicussion about whether a router is a device that needs to be able to find the upper layer header. RFC 1812 5.3.9 … If supported, a router SHOULD be configurable to allow one of an o Include list - specification of a list of message definitions to be forwarded, or an o Exclude list - specification of a list of message definitions NOT to be forwarded. A "message definition", in this context, specifies the source and destination network prefix, and may include other identifying information such as IP Protocol Type or TCP port number. … > Regards, Benoit >> On Oct 8, 2013, at 12:45 PM, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote: >> >>> Joel, >>> >>> Would this help? >>> >>> OLD >>> Today, packets are often forwarded not only by straightforward IP >>> routers, but also by a variety of intermediate nodes, often referred >>> to as middleboxes, such as firewalls, load balancers, or packet >>> classifiers. >>> >>> NEW >>> Today, IPv6 packets are often forwarded not only on the basis of their >>> first 40 bytes by straightforward IP routing. Some routers, and a >>> variety of intermediate nodes often referred to as middleboxes, such >>> as firewalls, load balancers, or packet classifiers, inspect other >>> parts of each packet. >>> >> I find that more palatable yeah. >> >>> (and possibly some changes for consistency later in the document) >>> >>> Brian >>> >>> >>> On 09/10/2013 08:22, joel jaeggli wrote: >>>> On Oct 8, 2013, at 12:06 PM, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote: >>>> >>>>> On 08/10/2013 20:19, Joel Jaeggli wrote: >>>>> ... >>>>>> ---------------------------------------------------------------------- >>>>>> DISCUSS: >>>>>> ---------------------------------------------------------------------- >>>>>> >>>>>> This is a dicuss because I'd like to see if I'm in the rough in this. >>>>>> >>>>>> Devices generally considered to be IP routers in fact are able to or find >>>>>> it necessary to forward on the basis of headers other than the IP header >>>>>> e.g. the transport header. By the definition applied in the problem >>>>>> statement all ipv6 capable routers in the internet that I'm aware are or >>>>>> are capable of being middleboxes. >>>>> IMHO, yes, if a box is taking a forwarding decision on the basis of anything >>>>> other than the first 40 bytes of an IPv6 header, then it's a middlebox >>>>> as far as this draft is concerned. Any such box is not a "straightforward IP >>>>> router". >>>>> >>>>> In the process of working on the draft I have actually corresponded briefly >>>>> with Steve Deering, and I'm pretty sure he would agree with me (with >>>>> added expletives). >>>> Right, so there are no IP routers on the internet today and you should update the document accordingly because as it stands now it seems to presume their existence. >>>> >>>>>> I would welcome the existence proof of an ipv6 capable router which is >>>>>> not capable of being a middlebox by the definition applied in the problem >>>>>> statement. >>>>>> >>>>>> I'm not sure that's a glaring flaw in the document but it certainly is >>>>>> with our vocabulary around taxonomy if true. >>>>>> >>>>>> >>>>>> ---------------------------------------------------------------------- >>>>>> COMMENT: >>>>>> ---------------------------------------------------------------------- >>>>>> >>>>>> If you need to find the transport header due to configured policy and you >>>>>> can't due to being unable to parse the extensions chain your configured >>>>>> action will be to drop. That perhaps weasels it's way through section 2.1 >>>>>> requirements but it's still quite ugly. >>>>> Yes, and it's the reason that the Internet is mainly opaque to IPv6 >>>>> extensions headers today. >>>>> >>>>> Brian >>>>> >
- Re: Joel Jaeggli's Discuss on draft-ietf-6man-ext… Brian E Carpenter
- Joel Jaeggli's Discuss on draft-ietf-6man-ext-tra… Joel Jaeggli
- Re: Joel Jaeggli's Discuss on draft-ietf-6man-ext… joel jaeggli
- Re: Joel Jaeggli's Discuss on draft-ietf-6man-ext… Brian E Carpenter
- Re: Joel Jaeggli's Discuss on draft-ietf-6man-ext… joel jaeggli
- Re: Joel Jaeggli's Discuss on draft-ietf-6man-ext… Roland Bless
- Re: Joel Jaeggli's Discuss on draft-ietf-6man-ext… Benoit Claise
- Re: Joel Jaeggli's Discuss on draft-ietf-6man-ext… joel jaeggli
- Re: Joel Jaeggli's Discuss on draft-ietf-6man-ext… Brian E Carpenter
- Re: Joel Jaeggli's Discuss on draft-ietf-6man-ext… Bless, Roland (TM)