Re: I-D Action: draft-baker-ipv6-ospf-dst-flowlabel-routing-03.txt
"Fred Baker (fred)" <fred@cisco.com> Tue, 03 September 2013 02:49 UTC
Return-Path: <fred@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E392621F9EA2 for <ipv6@ietfa.amsl.com>; Mon, 2 Sep 2013 19:49:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.569
X-Spam-Level:
X-Spam-Status: No, score=-110.569 tagged_above=-999 required=5 tests=[AWL=0.030, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lvCd+HUXazWS for <ipv6@ietfa.amsl.com>; Mon, 2 Sep 2013 19:49:53 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) by ietfa.amsl.com (Postfix) with ESMTP id DB78521F9D96 for <ipv6@ietf.org>; Mon, 2 Sep 2013 19:49:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2697; q=dns/txt; s=iport; t=1378176592; x=1379386192; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=HDo0dEcGNIlAzclr9ugIHnSItYjIAT7F7AaUaYsT6f0=; b=FSglnCjkk8mm2TWUpJWX7y2JgqcpM2kdiJrXvg2vTliHe2ElrBYDglIr bBOQXKDt1OcsvtNbNa5u/C+Jb5WHEdLdO6KpTZSsFuNmpbWgb3reiTR+r GOiNNvBV0EOovRcEw/oR8kcr4uHNXLREJclYpvThzgPDIvyxv/QGXEbcS 4=;
X-Files: signature.asc : 195
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ag8FADpNJVKtJV2a/2dsb2JhbABagweBBsB8gS0WdIIkAQEBAwF5BQsCAQgiJCERJQIEDgUIBodiAwkGr2ENiUaNCYI8MQeDHYEAA5AjgS6EO44ghS+DIIIq
X-IronPort-AV: E=Sophos; i="4.89,1011,1367971200"; d="asc'?scan'208"; a="251728096"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-9.cisco.com with ESMTP; 03 Sep 2013 02:49:52 +0000
Received: from xhc-aln-x10.cisco.com (xhc-aln-x10.cisco.com [173.36.12.84]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id r832nqDj026371 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 3 Sep 2013 02:49:52 GMT
Received: from xmb-rcd-x09.cisco.com ([169.254.9.63]) by xhc-aln-x10.cisco.com ([173.36.12.84]) with mapi id 14.02.0318.004; Mon, 2 Sep 2013 21:49:51 -0500
From: "Fred Baker (fred)" <fred@cisco.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: Re: I-D Action: draft-baker-ipv6-ospf-dst-flowlabel-routing-03.txt
Thread-Topic: I-D Action: draft-baker-ipv6-ospf-dst-flowlabel-routing-03.txt
Thread-Index: AQHOpAVC3nwJzcBz/0uTz9DSg4Ed9ZmzgYWAgAAqwQA=
Date: Tue, 03 Sep 2013 02:49:50 +0000
Message-ID: <8C48B86A895913448548E6D15DA7553B9D2766@xmb-rcd-x09.cisco.com>
References: <20130828154148.2174.50810.idtracker@ietfa.amsl.com> <52252A6D.8090608@gmail.com>
In-Reply-To: <52252A6D.8090608@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.21.73.36]
Content-Type: multipart/signed; boundary="Apple-Mail=_0DD34C8F-A4FB-4D87-9B92-D8944B98B823"; protocol="application/pgp-signature"; micalg="pgp-sha1"
MIME-Version: 1.0
Cc: 6man <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Sep 2013 02:49:59 -0000
I thought we had been over this ground and come up with text you found acceptable? Did I inadvertently change it, or are you just bringing up the topic again? On Sep 2, 2013, at 5:16 PM, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote: > Hi, > > The IPv6 flow label is defined by RFC 6437. This isn't just an editorial > correction - the rules about how to set the flow label are in 6437, > not in 2460. > > I believe that this draft (and draft-baker-ipv6-isis-dst-flowlabel-routing) > needs some extra text explaining how it's compatible with the flow label > specification. I don't think there's any problem, it just needs a little > explanation. > > We're talking about a 20-bit authorization token, which I assume would > be an unpredictable value, such that there is only a one-per-million > chance of an off-path attacker guessing it. So a pesudo-random value is > needed, and from the RFC 6437 point of view that is just fine. > > That means we can say something like the following: > > According to [RFC6437], a flow is "a sequence of packets sent from a > particular source to a particular unicast, anycast, or multicast destination > that a node desires to label as a flow." It is not necessarily in 1:1 > correspondence with a single transport connection. Using a given label > (in this case an authorization token) for all traffic to a given destination > is compatible with this definition. In fact [RFC6437] allows for, but does > not define, uses of the flow label that rely on pre-established flow-specific > state, and route authorization is an example of such stateful usage. > Assuming the authorization token will have a pseudo-random value, it will > also serve well for the load balancing scenarios described in [RFC6437]. > > Also one warning: there are rumours of firewalls that will change or clear > flow labels. This would break the authorization token. > > Regards > Brian
- Re: I-D Action: draft-baker-ipv6-ospf-dst-flowlab… Brian E Carpenter
- Re: I-D Action: draft-baker-ipv6-ospf-dst-flowlab… Fred Baker (fred)
- Re: I-D Action: draft-baker-ipv6-ospf-dst-flowlab… Brian E Carpenter
- RE: I-D Action: draft-baker-ipv6-ospf-dst-flowlab… Duncan, Richard (Jeremy)