IETF Logo Mail Archive

Re: [IPv6] why ? off topic and Beyond Charter (was: draft-ietf-6man-hbh-processing)

Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 02 August 2023 21:55 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D622C151554 for <ipv6@ietfa.amsl.com>; Wed, 2 Aug 2023 14:55:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.196
X-Spam-Level:
X-Spam-Status: No, score=-2.196 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.091, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H1XPSmCkYmcy for <ipv6@ietfa.amsl.com>; Wed, 2 Aug 2023 14:55:45 -0700 (PDT)
Received: from mail-pg1-x52b.google.com (mail-pg1-x52b.google.com [IPv6:2607:f8b0:4864:20::52b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26409C15155E for <6man@ietf.org>; Wed, 2 Aug 2023 14:55:45 -0700 (PDT)
Received: by mail-pg1-x52b.google.com with SMTP id 41be03b00d2f7-5645bbc82aaso165878a12.2 for <6man@ietf.org>; Wed, 02 Aug 2023 14:55:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691013344; x=1691618144; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=hH2YV/XvBvmQg3+VerIjTNyDXVRCnmDjvHqpepRWCk8=; b=bPuyWelOHbxiRQaM2u5d1j8YNC4hthqYQ9Ja6+yqQ6Y7E10a3Ovxsmp7N0Mq+Z6os8 J+V4NC1xkNNZepEf8x8Ww8IK0LKxb8swuFNBNWC58JeUmKKpPavw/x71wdL6PdPpIlOA 2hyiK9qJbHJr8/S7gxjMblmTN5jdcUcB1lgYaoK8XuR0D2a7RVpvHHPH9drtECgpGrnm 9FgMGeXnXACgKYOabVQu9pnzp53ZyK+mmWWAJcluWqNVos00iQIgU57mUsHi9zcNIEyb ZR0V4uIRyOB0zMOzdcqGNjyfDsZJDbVkuAAFHtOkmz+gta3vIayZG/qxXiO5fn3rkUzF q3SQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691013344; x=1691618144; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=hH2YV/XvBvmQg3+VerIjTNyDXVRCnmDjvHqpepRWCk8=; b=PTRFbMIu+gNTSvKL/VTcZ1/dfmkvZg5xco4nu0FoNpKaLNSiCezhngZ2gaSjMDXqvQ EQTYo5ePVBRudOUI4nqSptgy0xKuZx3wPtMfg3qOUIQBTDmAYOtqnw1D4mioGVKy+tPD 4Dmz5UGcG7V5ddyeQVEAJvIvlCuBOUUQZw14+KTInOO4KmXw6VkGMNxrrYbDOdMkBZqS 1icMz/ZuuP4opeX1cZ7L1aIaW/DQ7Xcw0pGck3tW6cWcwE1PHfdZcQs7z3NuAwpauPRm rCTYqUO8UC0GUOoVDIu6wB3UhlXZLgW1MMIBXi7LaEFibKzNy3EQgiM4ybDGEfK1pLu3 vTBA==
X-Gm-Message-State: ABy/qLZ6E3ULUewGaFyAJE9F47sZ+l89Y/h/HyeOQXN28aWGghFdOate SJaPjFnU4DyyD30KbjJ5beJiQHF2pQAMPw==
X-Google-Smtp-Source: APBJJlGQ7XIT/3hHWj4ClRHBHGu36zx+A0ITgkTDtOcw8+BGVg+OFFzhTZn38yiKtnhi4b7ygBSWRw==
X-Received: by 2002:a17:903:244e:b0:1b8:aee8:a21c with SMTP id l14-20020a170903244e00b001b8aee8a21cmr19936203pls.31.1691013344370; Wed, 02 Aug 2023 14:55:44 -0700 (PDT)
Received: from ?IPV6:2406:e003:10cc:9901:b2e1:1101:7ba7:19fd? ([2406:e003:10cc:9901:b2e1:1101:7ba7:19fd]) by smtp.gmail.com with ESMTPSA id f13-20020a170902ab8d00b001b9e9f191f2sm12858410plr.15.2023.08.02.14.55.41 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 02 Aug 2023 14:55:43 -0700 (PDT)
Message-ID: <384457fb-f8ef-1054-b12a-edf3eedb5799@gmail.com>
Date: Thu, 03 Aug 2023 09:55:38 +1200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0
Content-Language: en-US
To: Toerless Eckert <tte@cs.fau.de>, Tom Herbert <tom@herbertland.com>
Cc: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, Michael Richardson <mcr+ietf@sandelman.ca>, "6man@ietf.org" <6man@ietf.org>
References: <BL0PR05MB531645AB597EC108AC5B2D41AE06A@BL0PR05MB5316.namprd05.prod.outlook.com> <5840.1690652533@localhost> <BL0PR05MB5316A3121580E6D6D807D878AE0BA@BL0PR05MB5316.namprd05.prod.outlook.com> <ZMp19DiaxPnaMhRJ@faui48e.informatik.uni-erlangen.de> <BL0PR05MB5316BED6C784CF1046F54EE7AE0BA@BL0PR05MB5316.namprd05.prod.outlook.com> <ZMqOEJhu5CcTaDNV@faui48e.informatik.uni-erlangen.de> <CALx6S36CmLr1fT08jLryY08_npH0qHd8DFBK-9zDJnmOWPaQ=g@mail.gmail.com> <ZMqzwJwRowVqH1BW@faui48e.informatik.uni-erlangen.de>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
In-Reply-To: <ZMqzwJwRowVqH1BW@faui48e.informatik.uni-erlangen.de>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/uAoZ1xYqMdr4ful9D_XCxjXgHx4>
Subject: Re: [IPv6] why ? off topic and Beyond Charter (was: draft-ietf-6man-hbh-processing)
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Aug 2023 21:55:49 -0000

On 03-Aug-23 07:51, Toerless Eckert wrote:
> On Wed, Aug 02, 2023 at 10:52:44AM -0700, Tom Herbert wrote:
>> RFC8799 is good to define limited domains but is not normative. I
>> think that's appropriate.
> 
> Agreed.

+1. And the reason we used the new phrase "limited domain" was
exactly because it was new. All the older terms like "controlled
environment" seemed to carry baggage and preconceptions.

> 
>> If there were a normative definition of
>> limited domains then we risk bifurcating Internet protocols.

That issue is of course discussed in RFC 8799. I've got nothing
to add, except that it isn't a risk; it's already happened (and
HbH is a good and messy example).

There is a technical debt in the RFC, a list of functional
requirements:
https://www.rfc-editor.org/rfc/rfc8799.html#section-6-5

That, it seems to me, is where there is real work to do (but not
in 6man). Of course, a domain policy could include rules like
"Allow any HbH" or "Allow only the following HbH options".

Note for Toerless: the obvious example of a well-defined limited
domain is of course RFC 8994.

    Brian

> 
> I think this depends on how we define it. If we effectively want to define
> paths which are not "Internet paths", i think we are effectively doing this
> implicitly in a lot of drafts, for example outlining the requirements
> you need to match so you can forego congestion control on such paths
> (aka: need to use circuit breakers instead). And i think "non Internet"
> == "controlled environemnts" works well, because "non Internet" AND "not controlled"
> typically just means "broken home networks that cause SP insolvency" ;-))
> 
>> For
>> instance, there could be one version of IPv6 for limited domains, and
>> one version of IPv6 for everyone else. In fact, this is pretty much
>> what the proposal to give SRv6 its own EtherType endeavours do.
> 
> Did you comment on Andrew's draft, would love to read it, haven't tried to
> catch up.
> 
> I think different ethertype can be a an interesting way to profile different
> uses of IPv6, but i don't think it religiously implies creation of a new
> protocol.
> 
>> IMO,
>> bifurcating core protocols for limited domains would have  adverse
>> effects on implementation and protocol interoperability.
> 
> We alreasdy have so many features that are getting or not getting enabled
> on different network paths. I really don't sdee ethertype or HbH header as
> something different. I am more concerned of figuring out how we use
> the tools we have for security, safety and simplicity. Doing name-calling
> "this is or is not IPv6" is i think not very helpfull.
> 
>> With regards to HBH processing, the reference to limited domains is
>> not for defining the protocol, or about processing, but for basic
>> deployability.
> 
> Sure. But intent for traffic to be for a controlled network (ne limited domain)
> by mean of ethertype could be one help with deployability. I have really not
> decided what i think overall pro/con, but i am surely not interested in the
> argument "if it's not IPv6 ethertype, it's not IPv6".
> 
>> The baseline support needed for HBH options to be
>> usable to anyone is that they are not arbitrarily dropped in the
>> network.
> 
> Please define arbitrarily.
> 
>>   Saying that HBH Options is usable in limited domains roughly
>> defines a deployment where we believe they are usable. The fuzziness
>> about what exactly a limited domain is actually beneficial in this
>> case as we're not restricted to some rigid architectural definition or
>> requirements.
> 
> I think i kinda agree, but somehow we need to be more explanatory/descriptive
> about this.
> 
> Cheers
>      Toerless
> 
>> Tom
>>
>>>
>>> Cheers
>>>      Toerless
>>>
>>> On Wed, Aug 02, 2023 at 04:02:57PM +0000, Ron Bonica wrote:
>>>> Toerless,
>>>>
>>>> Many things developed in the IETF (e.g., MPLS, DiffServ, IPv6 Extension Headers) rely on a common understanding of "limited domains". However, if there is any such common understanding, I can't find it in an IETF consensus document.
>>>>
>>>> Because this issue has greater scope than IPv6, it probably doesn't belong in the 6man WG. Maybe INTAREA?
>>>>
>>>> Maybe the AD's can give us some direction. Or at very least, recommend a higher dose of medication 😉
>>>>
>>>>                                                                   Ron
>>>>
>>>>
>>>>
>>>>
>>>> Juniper Business Use Only
>>>> -----Original Message-----
>>>> From: Toerless Eckert <tte@cs.fau.de>
>>>> Sent: Wednesday, August 2, 2023 11:28 AM
>>>> To: Ron Bonica <rbonica@juniper.net>
>>>> Cc: Michael Richardson <mcr+ietf@sandelman.ca>; 6man@ietf.org
>>>> Subject: why ? off topic and Beyond Charter (was: draft-ietf-6man-hbh-processing)
>>>>
>>>> [External Email. Be cautious of content]
>>>>
>>>>
>>>> Thanks, Ron
>>>>
>>>> a) rfc8799
>>>>
>>>> My main issue with rfc8799 is the introdcution of the term "limited domain" instead of staying with "controlled environments", which i remember having been the the main term before (or controlled networks). For example, i worked with global enterprise networks with 100,000 IP routers in the 200x, and calling that a "limited domain" is irritating. Likewise NASA deep space mission networks.
>>>>
>>>> Do you have any specific technical functions in mind when you say "finish work on rfc8799" ?
>>>>
>>>> b) Why do you call this beyond charter ? Do you mean 6man charter ?
>>>>
>>>> If work for controlled environments is supposedly off-charter, why then did we do e.g. rfc8754 ?
>>>>
>>>> The mayority of use of IPv6 i would argue is not across the Internet. MPLS or SRv6 packets are not Internet packets. They may just carry Internet packets as payload. The Internet is a service. In many cases also just as an overlay. If the 6MAN charter is not inclusive to the mayority use of IPv6, then it needs to change.
>>>>
>>>> For example, we are now working in DetNet on several options per-hop latency control of packet forwarding, and that ultimately would lead IMHO best to a HbH header (and/or routing header given how we also need path steering, but obviously, we'd like to keep one of the two steering headers we already defined - rfc6554/8754). But DetNet wisely is not claiming to want to make this work "for the Internet", but for controlled environments (single domain actually i think, but i think there is no reason why it wouldn't work already for federated controlled environments).
>>>>
>>>> Cheers
>>>>      Toerless
>>>>
>>>> On Wed, Aug 02, 2023 at 02:01:21PM +0000, Ron Bonica wrote:
>>>>> Hi Michael,
>>>>>
>>>>> This posting may be off topic and beyond the 6man charter, but I can't resist responding. Apologies in advance to the chairs.
>>>>>
>>>>> Years ago, networks were limited by there lack of interoperability. A frame relay network couldn't communicate with an ATM network and neither could communicate with an ethernet. So, the Fathers of the Internet superimposed an internetworking layer. IP, ICMP, TCP and UPD instantiated this layer.
>>>>>
>>>>> Then, at least for a while, there was a single monolithic Internet. Because most participants were funded by a small handful of governments, their goals, acceptable use policies, forwarding policies, routing policies and security policies were all very similar to one another.
>>>>>
>>>>> While this model was easy to comprehend, it was not sustainable. Routing protocols could not scale to infinity. So, the Internet was broken into domains, with Intradomain Gateway Protocols supporting intradomain routing and an Interdomain Routing Protocol (aka, BGP) supporting interdomain routing. BGP introduced the concept of an Autonomous System (AS). An AS is a special case of a limited domain that is applicable to Interdomain Routing.
>>>>>
>>>>> According to RFC 4271, an AS appears to other ASs to have a single coherent interior routing plan and presents a consistent picture of what destinations are reachable through it. While AS's can propose reachability through one another, the cannot change one another's interior routing plane. Moreover, reachability proposals can be accepted or rejected by BGP policy. Exterior BGP (eBGP) gateways enforce BGP policy.
>>>>>
>>>>> Another special case of limited domains is applicable to forwarding behavior. An ISP might enforce an Expedited Forwarding policy for packets with one DHCP marking and a Best Effort policy for packets with another DHCP marking. In this case, the ISP might remark (or even drop) EF packet received from other domains, because it has no way to be compensated for the expedited service.
>>>>>
>>>>> Another special case of limited domains is applicable to security. One ISP may accept one class of packets from a neighboring ISP, while another ISP may not. Many IETF RFCs refer to this kind of limited domain in their Security Considerations sections. Sadly, the IETF does not have a consensus document that defines a limited domain. RFC 8799 is a good start, but it was published on the Independent Stream and, therefore, does not represent IETF consensus.
>>>>>
>>>>> Maybe we should complete work on RFC 8799?
>>>>>
>>>>>
>>>>> Ron
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Juniper Business Use Only
>>>>> -----Original Message-----
>>>>> From: Michael Richardson <mcr+ietf@sandelman.ca>
>>>>> Sent: Saturday, July 29, 2023 1:42 PM
>>>>> To: Ron Bonica <rbonica@juniper.net>; 6man@ietf.org
>>>>> Subject: Re: [IPv6] draft-ietf-6man-hbh-processing
>>>>>
>>>>>
>>>>> Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org> wrote:
>>>>>      > The Internet is a loosely confederated group of "limited domains". Each
>>>>>      > limited domain maintains its own forwarding and routing policy. HBH
>>>>>      > processing, as it is defined in RFC 8200, is OK within a limited
>>>>>      > domain. It provides yet another tool for deployment of that limited
>>>>>      > domain's forwarding and policies.
>>>>>
>>>>> It's an interesting view.
>>>>>
>>>>> So, the "unlimited Internet" is just a path across a bunch of limited domains, where the sender does not know which limited domains will be used.
>>>>> I think that is a useful change from how we used to think about the Internet, because it might be that we know something about the nearby limited domain,
>>>>> and something else about the receivers limited domain.   It's the unknown
>>>>> part in the middle that gets in our way.
>>>>>
>>>>> An interesting thing about Ben Schwartz and Co's RISAV proposal is that it gives a way for those two limited domains to communicate directly.
>>>>>
>>>>>      > Deployment of the HBH across limited domains may not be a very good
>>>>>      > idea, because it provides a tool for one limited domain to influence
>>>>>      > the forwarding and routing polices of another. Can you think of a
>>>>>      > single HBH option for which the above statement is not true? (The
>>>>>      > question is not rhetorical.)
>>>>>
>>>>> If the HBH didn't influence things, then we wouldn't bother!
>>>>> So by definition, it's true.
>>>>> But, you are missing a key phrase in this:
>>>>>
>>>>>       it provides a tool for one limited domain to influence
>>>>>       the forwarding and routing polices of another IN AN UNAUTHORIZED
>>>>> WAY
>>>>>
>>>>>
>>>>> --
>>>>> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
>>>>>             Sandelman Software Works Inc, Ottawa and Worldwide
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --------------------------------------------------------------------
>>>>> IETF IPv6 working group mailing list
>>>>> ipv6@ietf.org
>>>>> Administrative Requests:
>>>>> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/ipv6
>>>>> __;!!NEt6yMaO-gk!AaQzVNEurQaf1v0d6kAUb9Z8fWDkMvEBhrpvS-ubJFFstcfYh0Chl
>>>>> T1eW7JtPUL26ow7olXkVbPG$
>>>>> --------------------------------------------------------------------
>>>>
>>>> --
>>>> ---
>>>> tte@cs.fau.de
>>>>
>>>> --------------------------------------------------------------------
>>>> IETF IPv6 working group mailing list
>>>> ipv6@ietf.org
>>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>>> --------------------------------------------------------------------
>>>
>>> --
>>> ---
>>> tte@cs.fau.de
>>>
>>> --------------------------------------------------------------------
>>> IETF IPv6 working group mailing list
>>> ipv6@ietf.org
>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email