IETF Logo Mail Archive

Re: [IPv6] why ? off topic and Beyond Charter (was: draft-ietf-6man-hbh-processing)

Toerless Eckert <tte@cs.fau.de> Wed, 02 August 2023 19:51 UTC

Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1661CC152573 for <ipv6@ietfa.amsl.com>; Wed, 2 Aug 2023 12:51:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.657
X-Spam-Level:
X-Spam-Status: No, score=-6.657 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0x73VRPsfhgZ for <ipv6@ietfa.amsl.com>; Wed, 2 Aug 2023 12:51:34 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4A00C1526F4 for <6man@ietf.org>; Wed, 2 Aug 2023 12:51:33 -0700 (PDT)
Received: from faui48e.informatik.uni-erlangen.de (faui48e.informatik.uni-erlangen.de [131.188.34.51]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTPS id 4RGN005GBBznkTC; Wed, 2 Aug 2023 21:51:28 +0200 (CEST)
Received: by faui48e.informatik.uni-erlangen.de (Postfix, from userid 10463) id 4RGN004gZVzkwcH; Wed, 2 Aug 2023 21:51:28 +0200 (CEST)
Date: Wed, 02 Aug 2023 21:51:28 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: Tom Herbert <tom@herbertland.com>
Cc: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, Michael Richardson <mcr+ietf@sandelman.ca>, "6man@ietf.org" <6man@ietf.org>
Message-ID: <ZMqzwJwRowVqH1BW@faui48e.informatik.uni-erlangen.de>
References: <BL0PR05MB531645AB597EC108AC5B2D41AE06A@BL0PR05MB5316.namprd05.prod.outlook.com> <5840.1690652533@localhost> <BL0PR05MB5316A3121580E6D6D807D878AE0BA@BL0PR05MB5316.namprd05.prod.outlook.com> <ZMp19DiaxPnaMhRJ@faui48e.informatik.uni-erlangen.de> <BL0PR05MB5316BED6C784CF1046F54EE7AE0BA@BL0PR05MB5316.namprd05.prod.outlook.com> <ZMqOEJhu5CcTaDNV@faui48e.informatik.uni-erlangen.de> <CALx6S36CmLr1fT08jLryY08_npH0qHd8DFBK-9zDJnmOWPaQ=g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CALx6S36CmLr1fT08jLryY08_npH0qHd8DFBK-9zDJnmOWPaQ=g@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/h7N0EcubUOA-6NZpl2EUucargI4>
Subject: Re: [IPv6] why ? off topic and Beyond Charter (was: draft-ietf-6man-hbh-processing)
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Aug 2023 19:51:39 -0000

On Wed, Aug 02, 2023 at 10:52:44AM -0700, Tom Herbert wrote:
> RFC8799 is good to define limited domains but is not normative. I
> think that's appropriate.

Agreed.

> If there were a normative definition of
> limited domains then we risk bifurcating Internet protocols.

I think this depends on how we define it. If we effectively want to define
paths which are not "Internet paths", i think we are effectively doing this
implicitly in a lot of drafts, for example outlining the requirements
you need to match so you can forego congestion control on such paths
(aka: need to use circuit breakers instead). And i think "non Internet"
== "controlled environemnts" works well, because "non Internet" AND "not controlled"
typically just means "broken home networks that cause SP insolvency" ;-))

> For
> instance, there could be one version of IPv6 for limited domains, and
> one version of IPv6 for everyone else. In fact, this is pretty much
> what the proposal to give SRv6 its own EtherType endeavours do.

Did you comment on Andrew's draft, would love to read it, haven't tried to
catch up.

I think different ethertype can be a an interesting way to profile different
uses of IPv6, but i don't think it religiously implies creation of a new
protocol.

> IMO,
> bifurcating core protocols for limited domains would have  adverse
> effects on implementation and protocol interoperability.

We alreasdy have so many features that are getting or not getting enabled
on different network paths. I really don't sdee ethertype or HbH header as
something different. I am more concerned of figuring out how we use
the tools we have for security, safety and simplicity. Doing name-calling
"this is or is not IPv6" is i think not very helpfull.

> With regards to HBH processing, the reference to limited domains is
> not for defining the protocol, or about processing, but for basic
> deployability.

Sure. But intent for traffic to be for a controlled network (ne limited domain)
by mean of ethertype could be one help with deployability. I have really not
decided what i think overall pro/con, but i am surely not interested in the
argument "if it's not IPv6 ethertype, it's not IPv6".

> The baseline support needed for HBH options to be
> usable to anyone is that they are not arbitrarily dropped in the
> network.

Please define arbitrarily.

>  Saying that HBH Options is usable in limited domains roughly
> defines a deployment where we believe they are usable. The fuzziness
> about what exactly a limited domain is actually beneficial in this
> case as we're not restricted to some rigid architectural definition or
> requirements.

I think i kinda agree, but somehow we need to be more explanatory/descriptive
about this.

Cheers
    Toerless

> Tom
> 
> >
> > Cheers
> >     Toerless
> >
> > On Wed, Aug 02, 2023 at 04:02:57PM +0000, Ron Bonica wrote:
> > > Toerless,
> > >
> > > Many things developed in the IETF (e.g., MPLS, DiffServ, IPv6 Extension Headers) rely on a common understanding of "limited domains". However, if there is any such common understanding, I can't find it in an IETF consensus document.
> > >
> > > Because this issue has greater scope than IPv6, it probably doesn't belong in the 6man WG. Maybe INTAREA?
> > >
> > > Maybe the AD's can give us some direction. Or at very least, recommend a higher dose of medication 😉
> > >
> > >                                                                  Ron
> > >
> > >
> > >
> > >
> > > Juniper Business Use Only
> > > -----Original Message-----
> > > From: Toerless Eckert <tte@cs.fau.de>
> > > Sent: Wednesday, August 2, 2023 11:28 AM
> > > To: Ron Bonica <rbonica@juniper.net>
> > > Cc: Michael Richardson <mcr+ietf@sandelman.ca>; 6man@ietf.org
> > > Subject: why ? off topic and Beyond Charter (was: draft-ietf-6man-hbh-processing)
> > >
> > > [External Email. Be cautious of content]
> > >
> > >
> > > Thanks, Ron
> > >
> > > a) rfc8799
> > >
> > > My main issue with rfc8799 is the introdcution of the term "limited domain" instead of staying with "controlled environments", which i remember having been the the main term before (or controlled networks). For example, i worked with global enterprise networks with 100,000 IP routers in the 200x, and calling that a "limited domain" is irritating. Likewise NASA deep space mission networks.
> > >
> > > Do you have any specific technical functions in mind when you say "finish work on rfc8799" ?
> > >
> > > b) Why do you call this beyond charter ? Do you mean 6man charter ?
> > >
> > > If work for controlled environments is supposedly off-charter, why then did we do e.g. rfc8754 ?
> > >
> > > The mayority of use of IPv6 i would argue is not across the Internet. MPLS or SRv6 packets are not Internet packets. They may just carry Internet packets as payload. The Internet is a service. In many cases also just as an overlay. If the 6MAN charter is not inclusive to the mayority use of IPv6, then it needs to change.
> > >
> > > For example, we are now working in DetNet on several options per-hop latency control of packet forwarding, and that ultimately would lead IMHO best to a HbH header (and/or routing header given how we also need path steering, but obviously, we'd like to keep one of the two steering headers we already defined - rfc6554/8754). But DetNet wisely is not claiming to want to make this work "for the Internet", but for controlled environments (single domain actually i think, but i think there is no reason why it wouldn't work already for federated controlled environments).
> > >
> > > Cheers
> > >     Toerless
> > >
> > > On Wed, Aug 02, 2023 at 02:01:21PM +0000, Ron Bonica wrote:
> > > > Hi Michael,
> > > >
> > > > This posting may be off topic and beyond the 6man charter, but I can't resist responding. Apologies in advance to the chairs.
> > > >
> > > > Years ago, networks were limited by there lack of interoperability. A frame relay network couldn't communicate with an ATM network and neither could communicate with an ethernet. So, the Fathers of the Internet superimposed an internetworking layer. IP, ICMP, TCP and UPD instantiated this layer.
> > > >
> > > > Then, at least for a while, there was a single monolithic Internet. Because most participants were funded by a small handful of governments, their goals, acceptable use policies, forwarding policies, routing policies and security policies were all very similar to one another.
> > > >
> > > > While this model was easy to comprehend, it was not sustainable. Routing protocols could not scale to infinity. So, the Internet was broken into domains, with Intradomain Gateway Protocols supporting intradomain routing and an Interdomain Routing Protocol (aka, BGP) supporting interdomain routing. BGP introduced the concept of an Autonomous System (AS). An AS is a special case of a limited domain that is applicable to Interdomain Routing.
> > > >
> > > > According to RFC 4271, an AS appears to other ASs to have a single coherent interior routing plan and presents a consistent picture of what destinations are reachable through it. While AS's can propose reachability through one another, the cannot change one another's interior routing plane. Moreover, reachability proposals can be accepted or rejected by BGP policy. Exterior BGP (eBGP) gateways enforce BGP policy.
> > > >
> > > > Another special case of limited domains is applicable to forwarding behavior. An ISP might enforce an Expedited Forwarding policy for packets with one DHCP marking and a Best Effort policy for packets with another DHCP marking. In this case, the ISP might remark (or even drop) EF packet received from other domains, because it has no way to be compensated for the expedited service.
> > > >
> > > > Another special case of limited domains is applicable to security. One ISP may accept one class of packets from a neighboring ISP, while another ISP may not. Many IETF RFCs refer to this kind of limited domain in their Security Considerations sections. Sadly, the IETF does not have a consensus document that defines a limited domain. RFC 8799 is a good start, but it was published on the Independent Stream and, therefore, does not represent IETF consensus.
> > > >
> > > > Maybe we should complete work on RFC 8799?
> > > >
> > > >
> > > > Ron
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Juniper Business Use Only
> > > > -----Original Message-----
> > > > From: Michael Richardson <mcr+ietf@sandelman.ca>
> > > > Sent: Saturday, July 29, 2023 1:42 PM
> > > > To: Ron Bonica <rbonica@juniper.net>; 6man@ietf.org
> > > > Subject: Re: [IPv6] draft-ietf-6man-hbh-processing
> > > >
> > > >
> > > > Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org> wrote:
> > > >     > The Internet is a loosely confederated group of "limited domains". Each
> > > >     > limited domain maintains its own forwarding and routing policy. HBH
> > > >     > processing, as it is defined in RFC 8200, is OK within a limited
> > > >     > domain. It provides yet another tool for deployment of that limited
> > > >     > domain's forwarding and policies.
> > > >
> > > > It's an interesting view.
> > > >
> > > > So, the "unlimited Internet" is just a path across a bunch of limited domains, where the sender does not know which limited domains will be used.
> > > > I think that is a useful change from how we used to think about the Internet, because it might be that we know something about the nearby limited domain,
> > > > and something else about the receivers limited domain.   It's the unknown
> > > > part in the middle that gets in our way.
> > > >
> > > > An interesting thing about Ben Schwartz and Co's RISAV proposal is that it gives a way for those two limited domains to communicate directly.
> > > >
> > > >     > Deployment of the HBH across limited domains may not be a very good
> > > >     > idea, because it provides a tool for one limited domain to influence
> > > >     > the forwarding and routing polices of another. Can you think of a
> > > >     > single HBH option for which the above statement is not true? (The
> > > >     > question is not rhetorical.)
> > > >
> > > > If the HBH didn't influence things, then we wouldn't bother!
> > > > So by definition, it's true.
> > > > But, you are missing a key phrase in this:
> > > >
> > > >      it provides a tool for one limited domain to influence
> > > >      the forwarding and routing polices of another IN AN UNAUTHORIZED
> > > > WAY
> > > >
> > > >
> > > > --
> > > > Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
> > > >            Sandelman Software Works Inc, Ottawa and Worldwide
> > > >
> > > >
> > > >
> > > >
> > > > --------------------------------------------------------------------
> > > > IETF IPv6 working group mailing list
> > > > ipv6@ietf.org
> > > > Administrative Requests:
> > > > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/ipv6
> > > > __;!!NEt6yMaO-gk!AaQzVNEurQaf1v0d6kAUb9Z8fWDkMvEBhrpvS-ubJFFstcfYh0Chl
> > > > T1eW7JtPUL26ow7olXkVbPG$
> > > > --------------------------------------------------------------------
> > >
> > > --
> > > ---
> > > tte@cs.fau.de
> > >
> > > --------------------------------------------------------------------
> > > IETF IPv6 working group mailing list
> > > ipv6@ietf.org
> > > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > > --------------------------------------------------------------------
> >
> > --
> > ---
> > tte@cs.fau.de
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------

-- 
---
tte@cs.fau.de

v2.23.0 | Report a Bug | By Email