Re: I-D Action: draft-ietf-6man-ipv6-alt-mark-07.txt

Stewart Bryant <stewart.bryant@gmail.com> Sat, 24 July 2021 09:39 UTC

Return-Path: <stewart.bryant@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BDBE3A3459; Sat, 24 Jul 2021 02:39:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QoVNj6K3FpKT; Sat, 24 Jul 2021 02:39:52 -0700 (PDT)
Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [IPv6:2a00:1450:4864:20::331]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 215683A3455; Sat, 24 Jul 2021 02:39:51 -0700 (PDT)
Received: by mail-wm1-x331.google.com with SMTP id a80-20020a1c98530000b0290245467f26a4so3097971wme.0; Sat, 24 Jul 2021 02:39:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=fJbyk7UBf37FvYnOC/5iGHIPe0Jy1gpF7geMneSwjEk=; b=YnL1h1HsMYRp7YY2slnZRkMorr0u+g+ChHf5TM5D4TSottOiaoWc+IlDJd2OwCDbdP 64qKHh+WxaDNLD4cK/OzvVJoU/dPycL9u9cNEGvN6zZhLF87O7c0UJAvuKfjDPPCKXVm ktWTtbMbDsl9tAiQ5CbGZGa9fzM45VdObcfykGT+nUj4Xn1wFgRQpfJUakYJ4NEFY31X 4krUDfbsRIsTHQsmiocpNF4Qptt07vXvCdlQUQM2e5/1zgp+FNIcCQpPguHkfQqhhXHC tZyX38HU5vwRBigJb0caddhKvyApdbOa7alpJ2XOu49boiIEkZh8l0J/A1iklxY539CG yWQg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=fJbyk7UBf37FvYnOC/5iGHIPe0Jy1gpF7geMneSwjEk=; b=e75SppiX3+iqKsu9rDjz9ums3FX9/VjUuQeW04BOZGVKdPNfTu9cx1z2MNccSqpg9y oGjrC5KpetRY8ZffGdVpCPwbOQqNxylG1NBzwDCqQmnxz1ilVDOG5jgoK9wZifJOg689 HIJ0aIn3ld3M3kivzi/LuIeQb6DWwqq839qno/eEH74mJG5skORDxbICTocuQQQdYhss d7Z63RPhuOqERiRxaY2Bj880TmXz4OgjXy3Vhhwg7Kn6HNLPMJGDXS/zTb1VvSWRDK8o sA8AjL/Lmu571rkatGNJN7q0tbD0+sh00oHBB0QC+NlPeNPNFYGFzPsDltzEqCjiySD7 J6Dg==
X-Gm-Message-State: AOAM531ZZvSJfrQfUWDAdWl7uy8idW8TQ+FmnwcyMJDSdhNVLOjEvzi1 D6r7r1mQiJuqExGUJGw+8KY=
X-Google-Smtp-Source: ABdhPJwNY9IMU7KGJZOSqX92X+eg46McZJuNWoC5xhp5g1UkLzK9BxPp/K6auMwdFIf1FA6S9rkr4A==
X-Received: by 2002:a05:600c:2105:: with SMTP id u5mr8239824wml.18.1627119589464; Sat, 24 Jul 2021 02:39:49 -0700 (PDT)
Received: from [192.168.8.103] ([148.252.128.223]) by smtp.gmail.com with ESMTPSA id s17sm36224545wrv.2.2021.07.24.02.39.48 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 24 Jul 2021 02:39:48 -0700 (PDT)
From: Stewart Bryant <stewart.bryant@gmail.com>
Message-Id: <CD3C5416-44A7-42A8-9F7A-3E14820A38C7@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_7595D622-F0F6-4A1C-919C-7EF63B25CD69"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
Subject: Re: I-D Action: draft-ietf-6man-ipv6-alt-mark-07.txt
Date: Sat, 24 Jul 2021 10:39:47 +0100
In-Reply-To: <CAO42Z2zUcK_k=VO4b+wxJWDWxA=TR5w9W7oAufMZ9Ufiks6-Tw@mail.gmail.com>
Cc: Stewart Bryant <stewart.bryant@gmail.com>, Giuseppe Fioccola <giuseppe.fioccola@huawei.com>, Yoshifumi Nishida <nsd.ietf@gmail.com>, 6MAN <6man@ietf.org>, Christopher Wood <caw@heapingbits.net>, draft-ietf-6man-ipv6-alt-mark.all@ietf.org
To: Mark Smith <markzzzsmith@gmail.com>
References: <ea7246fe81b140fba42e6d202c2afc8b@huawei.com> <B2749D3A-FF51-47ED-9D25-D973BF9A4309@gmail.com> <5cd00f25326146619c699160d671a4f2@huawei.com> <CAO42Z2zUcK_k=VO4b+wxJWDWxA=TR5w9W7oAufMZ9Ufiks6-Tw@mail.gmail.com>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/cxC0C2l9qRlpgfA8J2b4-JOaYC8>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Jul 2021 09:39:58 -0000

All of which is why MPLS or some evolution therefore is a better approach to providing a packet transport network (or other controlled domain). The operator of an MPLS network has complete control over the separation of the user traffic and their infrastructure traffic.

It is going to be really interesting to see whether SRv6 triumphs or crashes out because of the difficulty of providing the degree of traffic separation that is intrinsic to  MPLS.

- Stewart


> On 24 Jul 2021, at 00:00, Mark Smith <markzzzsmith@gmail.com> wrote:
> 
> 
> 
> On Fri, 23 Jul 2021, 18:20 Giuseppe Fioccola, <giuseppe.fioccola@huawei.com <mailto:giuseppe.fioccola@huawei.com>> wrote:
> Hi Mike,
> 
> To avoid misunderstanding, the precondition of controlled domain may be kept as MUST. We can further specify that authentication MUST be used if, for specific scenarios, it is applied outside a controlled domain.
> 
> 
> Realise that a "MUST be limited to a controlled domain" in an RFC is nothing more than an aspiration. It's theory rather than reality.
> 
> Packets are encouraged to try to exit "controlled" domains attached to the Internet due to the domain's default route, and then can leave the controlled domain ("leak") due failure of the controlling boundary because of implementation bugs, operator configuration error or partial node failure.
> 
> Authentication must be a MUST for anything that is designed for a controlled domain if the controlled domain may be attached to the Internet, which is a possibility for any of them if they use IPv6.
> 
> Packets getting to where they shouldn't would be one of the motivations of Postel's "Be conservative with what you send".
> 
> 
> Regards,
> Mark.
> 
> 
>  
> 
> Regards,
> 
>  
> 
> Giuseppe
> 
>  
> 
>  
> 
> From: Mike Simpson <mikie.simpson@gmail.com <mailto:mikie.simpson@gmail.com>> 
> Sent: Friday, July 23, 2021 9:36 AM
> To: Giuseppe Fioccola <giuseppe.fioccola@huawei.com <mailto:giuseppe.fioccola@huawei.com>>
> Cc: Erik Kline <ek.ietf@gmail.com <mailto:ek.ietf@gmail.com>>; Yoshifumi Nishida <nsd.ietf@gmail.com <mailto:nsd.ietf@gmail.com>>; 6man@ietf.org <mailto:6man@ietf.org>; Christopher Wood <caw@heapingbits.net <mailto:caw@heapingbits.net>>; draft-ietf-6man-ipv6-alt-mark.all@ietf.org <mailto:draft-ietf-6man-ipv6-alt-mark.all@ietf.org>
> Subject: Re: I-D Action: draft-ietf-6man-ipv6-alt-mark-07.txt
> 
>  
> 
> Why not just keep it at MUST so that you don’t pollute the internets. 
> 
>  
> 
> We will end up having to filter for it anyway as always but it seems foolhardy and unpleasant to intentionally weaken the language. 
> 
>  
> 
> Your new hotness belongs in your controlled domain. If you are going to try and force it onto networks you don’t control then it’s not going to work and you will end up having to tunnel it anyways. 
> 
>  
> 
> Why is this so hard to understand?
> 
> 
> 
> 
> On 22 Jul 2021, at 15:09, Giuseppe Fioccola <giuseppe.fioccola@huawei.com <mailto:giuseppe.fioccola@huawei.com>> wrote:
> 
> 
> 
> Hi Erik,
> 
> Thanks for the input.
> 
> I tend to agree that the condition “MUST” can be changed to “SHOULD”. I can address your comments in the -08 version.
> 
>  
> 
> Regards,
> 
>  
> 
> Giuseppe
> 
>  
> 
> From: Erik Kline <ek.ietf@gmail.com <mailto:ek.ietf@gmail.com>> 
> Sent: Wednesday, July 21, 2021 11:15 PM
> To: Giuseppe Fioccola <giuseppe.fioccola@huawei.com <mailto:giuseppe.fioccola@huawei.com>>
> Cc: Stewart Bryant <stewart.bryant@gmail.com <mailto:stewart.bryant@gmail.com>>; Christopher Wood <caw@heapingbits.net <mailto:caw@heapingbits.net>>; Yoshifumi Nishida <nsd.ietf@gmail.com <mailto:nsd.ietf@gmail.com>>; 6man@ietf.org <mailto:6man@ietf.org>; draft-ietf-6man-ipv6-alt-mark.all@ietf.org <mailto:draft-ietf-6man-ipv6-alt-mark.all@ietf.org>
> Subject: Re: FW: I-D Action: draft-ietf-6man-ipv6-alt-mark-07.txt
> 
>  
> 
> Giuseppe,
> 
>  
> 
> I think in S2.1 "MUST NOT" be used outside a "controlled domain" is perhaps a bit too strong.  Similarly in S6, "MUST be applied in...controlled domains" might be moderated down to "SHOULD only be applied...".
> 
>  
> 
> I'll note that it is possible for an AH option to be used to ensure the DstOpt variant is unmodified en route, and these two in conjunction can be used wherever desired to send such packets outside the given domain (subject, of course, to all the middlebox interference any such packet would inevitably receive -- but that's a separate issue).
> 
>  
> 
> On Tue, Jun 22, 2021 at 11:27 AM Giuseppe Fioccola <giuseppe.fioccola@huawei.com <mailto:giuseppe.fioccola@huawei.com>> wrote:
> 
> Dear Stewart, Christopher, Yoshi, All,
> Please note that I just submitted a new version of the draft. It has been thoroughly reviewed to address the comments received during the Last Call.
> 
> Your inputs are always welcome.
> 
> Regards,
> 
> Giuseppe 
> 
> -----Original Message-----
> From: ipv6 <ipv6-bounces@ietf.org <mailto:ipv6-bounces@ietf.org>> On Behalf Of internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>
> Sent: Tuesday, June 22, 2021 8:13 PM
> To: i-d-announce@ietf.org <mailto:i-d-announce@ietf.org>
> Cc: ipv6@ietf.org <mailto:ipv6@ietf.org>
> Subject: I-D Action: draft-ietf-6man-ipv6-alt-mark-07.txt
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the IPv6 Maintenance WG of the IETF.
> 
>         Title           : IPv6 Application of the Alternate Marking Method
>         Authors         : Giuseppe Fioccola
>                           Tianran Zhou
>                           Mauro Cociglio
>                           Fengwei Qin
>                           Ran Pang
>         Filename        : draft-ietf-6man-ipv6-alt-mark-07.txt
>         Pages           : 21
>         Date            : 2021-06-22
> 
> Abstract:
>    This document describes how the Alternate Marking Method can be used
>    as a passive performance measurement tool in an IPv6 domain.  It
>    defines a new Extension Header Option to encode Alternate Marking
>    information in both the Hop-by-Hop Options Header and Destination
>    Options Header.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-6man-ipv6-alt-mark/ <https://datatracker.ietf.org/doc/draft-ietf-6man-ipv6-alt-mark/>
> 
> There is also an htmlized version available at:
> https://datatracker.ietf.org/doc/html/draft-ietf-6man-ipv6-alt-mark-07 <https://datatracker.ietf.org/doc/html/draft-ietf-6man-ipv6-alt-mark-07>
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-6man-ipv6-alt-mark-07 <https://www.ietf.org/rfcdiff?url2=draft-ietf-6man-ipv6-alt-mark-07>
> 
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/ <ftp://ftp.ietf.org/internet-drafts/>
> 
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org <mailto:ipv6@ietf.org>
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 <https://www.ietf.org/mailman/listinfo/ipv6>
> --------------------------------------------------------------------
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org <mailto:ipv6@ietf.org>
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 <https://www.ietf.org/mailman/listinfo/ipv6>
> --------------------------------------------------------------------
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org <mailto:ipv6@ietf.org>
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 <https://www.ietf.org/mailman/listinfo/ipv6>
> --------------------------------------------------------------------
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------