IETF Logo Mail Archive

[IPv6] why ? off topic and Beyond Charter (was: draft-ietf-6man-hbh-processing)

Toerless Eckert <tte@cs.fau.de> Wed, 02 August 2023 15:27 UTC

Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6E2BC151981 for <ipv6@ietfa.amsl.com>; Wed, 2 Aug 2023 08:27:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.657
X-Spam-Level:
X-Spam-Status: No, score=-1.657 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pDszmXVo8uZk for <ipv6@ietfa.amsl.com>; Wed, 2 Aug 2023 08:27:53 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8522AC151709 for <6man@ietf.org>; Wed, 2 Aug 2023 08:27:53 -0700 (PDT)
Received: from faui48e.informatik.uni-erlangen.de (faui48e.informatik.uni-erlangen.de [131.188.34.51]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTPS id 4RGG7m5y4QznkVW; Wed, 2 Aug 2023 17:27:48 +0200 (CEST)
Received: by faui48e.informatik.uni-erlangen.de (Postfix, from userid 10463) id 4RGG7m5MylzkwcC; Wed, 2 Aug 2023 17:27:48 +0200 (CEST)
Date: Wed, 02 Aug 2023 17:27:48 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, "6man@ietf.org" <6man@ietf.org>
Message-ID: <ZMp19DiaxPnaMhRJ@faui48e.informatik.uni-erlangen.de>
References: <BL0PR05MB531645AB597EC108AC5B2D41AE06A@BL0PR05MB5316.namprd05.prod.outlook.com> <5840.1690652533@localhost> <BL0PR05MB5316A3121580E6D6D807D878AE0BA@BL0PR05MB5316.namprd05.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <BL0PR05MB5316A3121580E6D6D807D878AE0BA@BL0PR05MB5316.namprd05.prod.outlook.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/MrbmMSW1PeCaabrnGkHStisnrD8>
Subject: [IPv6] why ? off topic and Beyond Charter (was: draft-ietf-6man-hbh-processing)
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Aug 2023 15:27:56 -0000

Thanks, Ron

a) rfc8799

My main issue with rfc8799 is the introdcution of the term "limited domain" instead of
staying with "controlled environments", which i remember having been the the main term before
(or controlled networks). For example, i worked with global enterprise networks with 100,000
IP routers in the 200x, and calling that a "limited domain" is irritating. Likewise
NASA deep space mission networks. 

Do you have any specific technical functions in mind when you say "finish work on rfc8799" ?

b) Why do you call this beyond charter ? Do you mean 6man charter ?

If work for controlled environments is supposedly off-charter, why then did we do e.g. rfc8754 ?

The mayority of use of IPv6 i would argue is not across the Internet. MPLS or SRv6 packets are
not Internet packets. They may just carry Internet packets as payload. The Internet is 
a service. In many cases also just as an overlay. If the 6MAN charter is not inclusive to the mayority
use of IPv6, then it needs to change.

For example, we are now working in DetNet on several options per-hop latency control of packet
forwarding, and that ultimately would lead IMHO best to a HbH header (and/or routing header given how
we also need path steering, but obviously, we'd like to keep one of the two steering headers we already
defined - rfc6554/8754). But DetNet wisely is not claiming to want to make this work "for the Internet", but
for controlled environments (single domain actually i think, but i think there is no reason why
it wouldn't work already for federated controlled environments).

Cheers
    Toerless

On Wed, Aug 02, 2023 at 02:01:21PM +0000, Ron Bonica wrote:
> Hi Michael,
> 
> This posting may be off topic and beyond the 6man charter, but I can't resist responding. Apologies in advance to the chairs.
> 
> Years ago, networks were limited by there lack of interoperability. A frame relay network couldn't communicate with an ATM network and neither could communicate with an ethernet. So, the Fathers of the Internet superimposed an internetworking layer. IP, ICMP, TCP and UPD instantiated this layer.
> 
> Then, at least for a while, there was a single monolithic Internet. Because most participants were funded by a small handful of governments, their goals, acceptable use policies, forwarding policies, routing policies and security policies were all very similar to one another.
> 
> While this model was easy to comprehend, it was not sustainable. Routing protocols could not scale to infinity. So, the Internet was broken into domains, with Intradomain Gateway Protocols supporting intradomain routing and an Interdomain Routing Protocol (aka, BGP) supporting interdomain routing. BGP introduced the concept of an Autonomous System (AS). An AS is a special case of a limited domain that is applicable to Interdomain Routing.
> 
> According to RFC 4271, an AS appears to other ASs to have a single coherent interior routing plan and presents a consistent picture of what destinations are reachable through it. While AS's can propose reachability through one another, the cannot change one another's interior routing plane. Moreover, reachability proposals can be accepted or rejected by BGP policy. Exterior BGP (eBGP) gateways enforce BGP policy.
> 
> Another special case of limited domains is applicable to forwarding behavior. An ISP might enforce an Expedited Forwarding policy for packets with one DHCP marking and a Best Effort policy for packets with another DHCP marking. In this case, the ISP might remark (or even drop) EF packet received from other domains, because it has no way to be compensated for the expedited service.
> 
> Another special case of limited domains is applicable to security. One ISP may accept one class of packets from a neighboring ISP, while another ISP may not. Many IETF RFCs refer to this kind of limited domain in their Security Considerations sections. Sadly, the IETF does not have a consensus document that defines a limited domain. RFC 8799 is a good start, but it was published on the Independent Stream and, therefore, does not represent IETF consensus.
> 
> Maybe we should complete work on RFC 8799?
> 
>                                                                                    Ron
> 
> 
> 
> 
> 
> 
> Juniper Business Use Only
> -----Original Message-----
> From: Michael Richardson <mcr+ietf@sandelman.ca>
> Sent: Saturday, July 29, 2023 1:42 PM
> To: Ron Bonica <rbonica@juniper.net>; 6man@ietf.org
> Subject: Re: [IPv6] draft-ietf-6man-hbh-processing
> 
> 
> Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org> wrote:
>     > The Internet is a loosely confederated group of "limited domains". Each
>     > limited domain maintains its own forwarding and routing policy. HBH
>     > processing, as it is defined in RFC 8200, is OK within a limited
>     > domain. It provides yet another tool for deployment of that limited
>     > domain's forwarding and policies.
> 
> It's an interesting view.
> 
> So, the "unlimited Internet" is just a path across a bunch of limited domains, where the sender does not know which limited domains will be used.
> I think that is a useful change from how we used to think about the Internet, because it might be that we know something about the nearby limited domain,
> and something else about the receivers limited domain.   It's the unknown
> part in the middle that gets in our way.
> 
> An interesting thing about Ben Schwartz and Co's RISAV proposal is that it gives a way for those two limited domains to communicate directly.
> 
>     > Deployment of the HBH across limited domains may not be a very good
>     > idea, because it provides a tool for one limited domain to influence
>     > the forwarding and routing polices of another. Can you think of a
>     > single HBH option for which the above statement is not true? (The
>     > question is not rhetorical.)
> 
> If the HBH didn't influence things, then we wouldn't bother!
> So by definition, it's true.
> But, you are missing a key phrase in this:
> 
>      it provides a tool for one limited domain to influence
>      the forwarding and routing polices of another IN AN UNAUTHORIZED WAY
> 
> 
> --
> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
>            Sandelman Software Works Inc, Ottawa and Worldwide
> 
> 
> 
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

-- 
---
tte@cs.fau.de

v2.23.0 | Report a Bug | By Email