IETF Logo Mail Archive

Re: Limited Domains:

Toerless Eckert <tte@cs.fau.de> Thu, 29 April 2021 19:18 UTC

Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94DA73A00C4 for <ipv6@ietfa.amsl.com>; Thu, 29 Apr 2021 12:18:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.87
X-Spam-Level:
X-Spam-Status: No, score=-0.87 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 67GY0Pr8egb6 for <ipv6@ietfa.amsl.com>; Thu, 29 Apr 2021 12:18:03 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 001D73A00C8 for <ipv6@ietf.org>; Thu, 29 Apr 2021 12:18:02 -0700 (PDT)
Received: from faui48e.informatik.uni-erlangen.de (faui48e.informatik.uni-erlangen.de [131.188.34.51]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id 56601548056; Thu, 29 Apr 2021 21:17:51 +0200 (CEST)
Received: by faui48e.informatik.uni-erlangen.de (Postfix, from userid 10463) id 4D6BD4E731F; Thu, 29 Apr 2021 21:17:51 +0200 (CEST)
Date: Thu, 29 Apr 2021 21:17:51 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: Tom Herbert <tom@herbertland.com>
Cc: Dirk Trossen <dirk.trossen@huawei.com>, 6man WG <ipv6@ietf.org>
Subject: Re: Limited Domains:
Message-ID: <20210429191751.GC21928@faui48e.informatik.uni-erlangen.de>
References: <CALx6S35JhJ_+WNpQ10JHB6L2E8MTEaCRO9c6g7rT-2BK3ZnsuA@mail.gmail.com> <43b67ede-b019-c573-5637-c07168e7ec6d@gmail.com> <CA+wi2hNcxPs_MLAKiQm2UzjMLgBVyH+-Z8SV__WDDOuc2rYafQ@mail.gmail.com> <20210428201140.GA21928@faui48e.informatik.uni-erlangen.de> <0df23143-1834-2ff9-3399-cde3de479fc0@foobar.org> <CA+wi2hOE=vU4=xLJnaPfDc_fEv5+zOSXK9orfPWs+W5g1_FYjg@mail.gmail.com> <20210428235851.GB21928@faui48e.informatik.uni-erlangen.de> <CALx6S35yk2opePy3k6-4j9XSEBHt9NjDEe03-DiLJoHbWehMSA@mail.gmail.com> <5a8833e2dee848d9b22bd5bbf17be67d@huawei.com> <CALx6S34ubytc08_GGCcmB=Tyg3L9v8YbZ1f_LkKAaA6wuYnobA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CALx6S34ubytc08_GGCcmB=Tyg3L9v8YbZ1f_LkKAaA6wuYnobA@mail.gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/ZVVHKeTT52EZStODH4j1VP_QufI>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Apr 2021 19:18:08 -0000

On Thu, Apr 29, 2021 at 07:04:29AM -0700, Tom Herbert wrote:
> Yes, to the extent that LDs are not used as a rationale to create regional
> dialects of standard protocols that are non-conforming or not interoperable
> with nodes outside the domain.

I guess we would have to write down exactly what we mean with "conformance"
or "interoperability" to be sure we talk about the same thing, but 
i would say that "interoperability" is IMHO the most core
requirement.

E.g.: If i come up with a better header than the IPv6 header, for
example lets say simply allowing variable long addresses (and keep
everything else the same, just for the sake of the example), then that
to me would be a valid option. But how would we call it...
"backward compatible, conforming, interoperable" ?

Technically it could support 1:1 transformation between proper IPv6
packets and the subset of that new header packets that represent iPv6 packets
(lets say also for the sake of simplicity all 128 bit address packets).
Aka: This would not be different to some pre-existing header transformations
such as header compression (although this wouldn't be compression for the
128 bit addresses).

While there are other goals of interest, this is the discussion about
whether we could have new better headers that functionally are a superset
of what IPv6 does plsu stuff that the header does and that goes beond
IPv6 (RFC8200) would have to stay in the limited domain.

Which i think would be very easy to show because once such a packet hits a router
that on the outgoing interface only has an IPv6 neighbor, it would need
to translate the packet to IPv6, and it wouldn't translate, so drop/icmp.

This just gives us a lot more freeedom to build better packet encoding
than if we'd be constrained to just rfc8200. As i gave the example
in before: We could fit IP Multicast into IPv4/IPv6 because it could
fit the available addressing. We couldn't do the same for BIER. So
instead of repeating the one-off new headers (like we had to do for
BIER), lets try to figure out what more flexible header would suffice
to add new semantics.

> > If so, however, couldn't a more flexible addressing be one of those ways,
> > among others?
> 
> Sure, as long as conformance with RFC8200 and other standards is
> maintained. For instance, I'd like to see every flow get assigned it's own
> unique source address to prevent correlations being made by third parties
> on the Internet that different flows are sourced from the same user (CGNAT
> already does this somewhat).

What the most simple explained example fot this ? I am asking,
because i think you can not well technically defend against your
access service provider doing this correlation (at least down to
subscriber level), so to protect against a snooping access provider,
legal rquirements seem to be more appropriate. And the cloud services
themelves would perpass all data they want from higher layers
due to the wonderful world of browsers and untrustworthy apps. So,
who else along the path poses the biggest risk ? Specifically because
different attackers have totally different amount of money for the
attack and distribute it differently. Some naughty security agency
could easily redirect resources to individual target as opposed
to those attackers more interested in full spectrum marketing analysis.

Cheers
    Toerless

> Tom
> 
> 
> > Best,
> >
> > Dirk
> >
> > -----Original Message-----
> > From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Tom Herbert
> > Sent: 29 April 2021 02:42
> > To: Toerless Eckert <tte@cs.fau.de>
> > Cc: 6man WG <ipv6@ietf.org>
> > Subject: Re: Limited Domains:
> >
> > On Wed, Apr 28, 2021 at 4:59 PM Toerless Eckert <tte@cs.fau.de> wrote:
> > >
> > > On Wed, Apr 28, 2021 at 10:51:03PM +0200, Tony Przygienda wrote:
> > > > yepp, researchers are having fun unencumbered largely by harsh
> > > > realities
> > >
> > > Well, the better researcher attempt to get more of an understanding of
> > > the harsh realities by working with whats available to them, which is
> > > quite limited - a few P4 platforms. This lack of openness to
> > > multi-party innovation is what causes high-speed router platforms to
> > > become less and less relevant and devolve into commodities, at least
> > > at the level where folks in IETF are interested in them. Obviously the
> > > spped&feed hardware level will stay an ongoing motor of innovation and
> > > maybe even sales margin, but for the packet layer forwarding, we can
> > > close shop if we do not have a strategy to allow new markets/innovation
> > to be brought in.
> > >
> > > Heck, take a look at the challengers in 5G/6G. They are already moving
> > > purely into general purpose CPU because those challengers have no way
> > > to put innovation into accelerated forwarding hardware due to lack of
> > > access, complexity and also being stuck in a world of standards such
> > > as GTP that make innovation difficult.
> > >
> > Toerless,
> >
> > While I agree with your sentiment, this is really a lament about a segment
> > of the market not about anything IETF has done. For instance, no IETF
> > standard  requires high performance routers to be implemented in fixed
> > ASIC, in fact I believe the technology has evolved to the extent the
> > datapath could go through the CPU simultaneously achieving both performance
> > and flexibility (my company is working precisely on that).
> >
> > The hard problem is legacy and the Least Common Denominator effect. On the
> > Internet we are bound by the least common denominator of protocols which is
> > plain TCP/IPv4 and TCP/IPv6 that generally make it through the Internet.
> > UDP is looking a little better, at least because of QUIC which took a
> > behemoth to force support. The end result of all this is the ossification
> > of the Internet which as you point out stifles innovation and creation of
> > new markets. This is actually the appeal of limited domains, it creates
> > walled gardens where in which the least common denominator can be raised
> > and we can innovate in that sand box, however limited domains don't address
> > the underlying issue unless their scope continually expands to cover more
> > and more of the Internet.
> >
> > Tom
> >
> > > Its totally incomprehensible to me, why engineers who paycheck
> > > ultimately depends on hardware that already is way more flexible than
> > > what our current protocols use do not try harder to think about better
> > > models for third parties to get more value from this hardware. More
> > > flexible, programmable packet forwarding options are one core option
> > > here. And obviously no sane customer wants something thats not
> > > multi-vendor in this space which is where IETF could come in. And no
> > sane network operator wants another protocol silo.
> > > Which is where IPv4/IPv6 compatibility comes in as a base level
> > expectation.
> > >
> > > > while meanwhile large scale IP forwarding is still governed by the
> > > > microcents/bit payload that customers can run their business
> > > > profitably at and this is governed in turn by the merciless trifecta
> > > > of physical laws of power/cooling/space that did not only not change
> > > > in the last 50 years but last 500 and probably much longer even
> > > > before Newton laid his cranium under the said apple tree ...
> > >
> > > When single-family home systems are built from 19" CPU server racks
> > > providing compute across FTTH and powered by solar electricity, i
> > > think we are also starting to see big shifts in the economics of those
> > > core factors. But thats digression.
> > >
> > > I think we agree that from the protocols we remember, IP/IPv6 has done
> > > a pretty good job providing value out of the hardware deployed. But we
> > > also know that other protocols like Ethernet and MPLS have shown other
> > > sectors where they are doing better. So it seem to me obvious that as
> > > developers we should look ahead and see what it is we can best do to
> > > crearte more value. And certainly we know our hardware can already do
> > > more than what is utilized by the protocols.
> > >
> > > Cheers
> > >     Toerless
> > >
> > > --------------------------------------------------------------------
> > > IETF IPv6 working group mailing list
> > > ipv6@ietf.org
> > > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > > --------------------------------------------------------------------
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
> >

-- 
---
tte@cs.fau.de

v2.23.0 | Report a Bug | By Email