IETF Logo Mail Archive

Re: [IPv6] why ? off topic and Beyond Charter (was: draft-ietf-6man-hbh-processing)

Tom Herbert <tom@herbertland.com> Wed, 02 August 2023 17:53 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C8B9C14CE2C for <ipv6@ietfa.amsl.com>; Wed, 2 Aug 2023 10:53:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AZvE_BnRSUMs for <ipv6@ietfa.amsl.com>; Wed, 2 Aug 2023 10:52:56 -0700 (PDT)
Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com [IPv6:2607:f8b0:4864:20::62d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7119C151534 for <6man@ietf.org>; Wed, 2 Aug 2023 10:52:56 -0700 (PDT)
Received: by mail-pl1-x62d.google.com with SMTP id d9443c01a7336-1bbf8cb694aso1170875ad.3 for <6man@ietf.org>; Wed, 02 Aug 2023 10:52:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland.com; s=google; t=1690998776; x=1691603576; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=spdKu6kHEBY4q4j1F6IxFmiVV3peiSeqxEjkKMgXvYw=; b=cVJhsniXjuZ5yk97EbWz4AzashO14bCqx/UsQ+ncR5wsu/a919v6pQb8rM1oVdsesd Z/G7qsmq90VxcDy81dusfv3a69IfE8AF8xukqpEc96TowvZjSkm9AqxbNs1TSGGC3ZDv 8Hs2fB3YEktxJeYybdt4S/XO84z8k8pFPa+W+BFGGGo9FwQz565ikGn7/Ubn9P9ovNUl Jc972Pqh6FXhmEQAx3Wy7wrKJkUQ1gZqjHvn+oZsy8xi+CnYw36jFqBH6q/aXSEwh+KT o/No1Bc+BVg3L4BaB2bEAl61tVfAL+a7m82SWz3k95hNaXr2uWjY2vR+geb3yAuVqZO7 gbFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690998776; x=1691603576; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=spdKu6kHEBY4q4j1F6IxFmiVV3peiSeqxEjkKMgXvYw=; b=IEx3ptx9+HN3pIsnWSJjVZIBw9T47n3B9OEd0PcovM6E0U9hz9Qcu/LM8o4EiDj8ma LatxXvUuD0JJpsvMwyt7dcwD1KLen62GFmVPq68Y8N8ZAHjnVv6gj6kv34ThZyVE5sPH RnrPu32C94/9gBSZiFNxYmnXxdImEGcFszaOxdA19dyypx1FH7blFTyzUQZzuyvK1N0/ lUXvRMSudWqFhCR77NponCOVbpGB13BPK0L0kYPFAkpgcr9RGxTMkvqpS8qLlAjrkWyz YdIYae9+cIEyh/+0YirzxZgkVKfENT4+NUXg+3Q8RnHZym5jTPOEI2J2eozbd4G9Q0hu cKHQ==
X-Gm-Message-State: ABy/qLZbUc6sl2Cci+vhNAEaCsjMnUGwR72c20P6SIT2lE5LuOjojS3X 5hFSsSb2hpxyX98fp8whv2kvoaDlweBV5mIKj2Jh0Q==
X-Google-Smtp-Source: APBJJlFMiqIGLn9pL1YUjfadE2kJp9/sAe3Rd1nOqSdZg2UYtocjYrUUDRoFc46abtKMCS/pj+ZzRHi2o8r9YkDA8Xg=
X-Received: by 2002:a17:902:e807:b0:1b9:e091:8037 with SMTP id u7-20020a170902e80700b001b9e0918037mr20271922plg.30.1690998775719; Wed, 02 Aug 2023 10:52:55 -0700 (PDT)
MIME-Version: 1.0
References: <BL0PR05MB531645AB597EC108AC5B2D41AE06A@BL0PR05MB5316.namprd05.prod.outlook.com> <5840.1690652533@localhost> <BL0PR05MB5316A3121580E6D6D807D878AE0BA@BL0PR05MB5316.namprd05.prod.outlook.com> <ZMp19DiaxPnaMhRJ@faui48e.informatik.uni-erlangen.de> <BL0PR05MB5316BED6C784CF1046F54EE7AE0BA@BL0PR05MB5316.namprd05.prod.outlook.com> <ZMqOEJhu5CcTaDNV@faui48e.informatik.uni-erlangen.de>
In-Reply-To: <ZMqOEJhu5CcTaDNV@faui48e.informatik.uni-erlangen.de>
From: Tom Herbert <tom@herbertland.com>
Date: Wed, 02 Aug 2023 10:52:44 -0700
Message-ID: <CALx6S36CmLr1fT08jLryY08_npH0qHd8DFBK-9zDJnmOWPaQ=g@mail.gmail.com>
To: Toerless Eckert <tte@cs.fau.de>
Cc: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, Michael Richardson <mcr+ietf@sandelman.ca>, "6man@ietf.org" <6man@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/ulNso22LLg-Sz9lz8fzleLVuMzY>
Subject: Re: [IPv6] why ? off topic and Beyond Charter (was: draft-ietf-6man-hbh-processing)
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Aug 2023 17:53:00 -0000

On Wed, Aug 2, 2023 at 10:11 AM Toerless Eckert <tte@cs.fau.de> wrote:
>
> Agreed.
>
> IntArea would certainly be good for an IETF track version of something like 8799
> However, i think we can already well brainstorm here, what degree of coordination
> (intradomain, intraprovider interdomain, federation, Internet) would relate to
> what processing of HbH header. Maybe really have the process the other way around,
> where e.g.: in SRv6 work started in SPRING, and the header was outsourced to 6MAN
> and now maybe with HbH where we work out what can work how and get architecture
> review or addtl broader documentation from INTAREA...

Toerless,

RFC8799 is good to define limited domains but is not normative. I
think that's appropriate. If there were a normative definition of
limited domains then we risk bifurcating Internet protocols. For
instance, there could be one version of IPv6 for limited domains, and
one version of IPv6 for everyone else. In fact, this is pretty much
what the proposal to give SRv6 its own EtherType endeavours do. IMO,
bifurcating core protocols for limited domains would have  adverse
effects on implementation and protocol interoperability.

With regards to HBH processing, the reference to limited domains is
not for defining the protocol, or about processing, but for basic
deployability. The baseline support needed for HBH options to be
usable to anyone is that they are not arbitrarily dropped in the
network. Saying that HBH Options is usable in limited domains roughly
defines a deployment where we believe they are usable. The fuzziness
about what exactly a limited domain is actually beneficial in this
case as we're not restricted to some rigid architectural definition or
requirements.

Tom

>
> Cheers
>     Toerless
>
> On Wed, Aug 02, 2023 at 04:02:57PM +0000, Ron Bonica wrote:
> > Toerless,
> >
> > Many things developed in the IETF (e.g., MPLS, DiffServ, IPv6 Extension Headers) rely on a common understanding of "limited domains". However, if there is any such common understanding, I can't find it in an IETF consensus document.
> >
> > Because this issue has greater scope than IPv6, it probably doesn't belong in the 6man WG. Maybe INTAREA?
> >
> > Maybe the AD's can give us some direction. Or at very least, recommend a higher dose of medication 😉
> >
> >                                                                  Ron
> >
> >
> >
> >
> > Juniper Business Use Only
> > -----Original Message-----
> > From: Toerless Eckert <tte@cs.fau.de>
> > Sent: Wednesday, August 2, 2023 11:28 AM
> > To: Ron Bonica <rbonica@juniper.net>
> > Cc: Michael Richardson <mcr+ietf@sandelman.ca>; 6man@ietf.org
> > Subject: why ? off topic and Beyond Charter (was: draft-ietf-6man-hbh-processing)
> >
> > [External Email. Be cautious of content]
> >
> >
> > Thanks, Ron
> >
> > a) rfc8799
> >
> > My main issue with rfc8799 is the introdcution of the term "limited domain" instead of staying with "controlled environments", which i remember having been the the main term before (or controlled networks). For example, i worked with global enterprise networks with 100,000 IP routers in the 200x, and calling that a "limited domain" is irritating. Likewise NASA deep space mission networks.
> >
> > Do you have any specific technical functions in mind when you say "finish work on rfc8799" ?
> >
> > b) Why do you call this beyond charter ? Do you mean 6man charter ?
> >
> > If work for controlled environments is supposedly off-charter, why then did we do e.g. rfc8754 ?
> >
> > The mayority of use of IPv6 i would argue is not across the Internet. MPLS or SRv6 packets are not Internet packets. They may just carry Internet packets as payload. The Internet is a service. In many cases also just as an overlay. If the 6MAN charter is not inclusive to the mayority use of IPv6, then it needs to change.
> >
> > For example, we are now working in DetNet on several options per-hop latency control of packet forwarding, and that ultimately would lead IMHO best to a HbH header (and/or routing header given how we also need path steering, but obviously, we'd like to keep one of the two steering headers we already defined - rfc6554/8754). But DetNet wisely is not claiming to want to make this work "for the Internet", but for controlled environments (single domain actually i think, but i think there is no reason why it wouldn't work already for federated controlled environments).
> >
> > Cheers
> >     Toerless
> >
> > On Wed, Aug 02, 2023 at 02:01:21PM +0000, Ron Bonica wrote:
> > > Hi Michael,
> > >
> > > This posting may be off topic and beyond the 6man charter, but I can't resist responding. Apologies in advance to the chairs.
> > >
> > > Years ago, networks were limited by there lack of interoperability. A frame relay network couldn't communicate with an ATM network and neither could communicate with an ethernet. So, the Fathers of the Internet superimposed an internetworking layer. IP, ICMP, TCP and UPD instantiated this layer.
> > >
> > > Then, at least for a while, there was a single monolithic Internet. Because most participants were funded by a small handful of governments, their goals, acceptable use policies, forwarding policies, routing policies and security policies were all very similar to one another.
> > >
> > > While this model was easy to comprehend, it was not sustainable. Routing protocols could not scale to infinity. So, the Internet was broken into domains, with Intradomain Gateway Protocols supporting intradomain routing and an Interdomain Routing Protocol (aka, BGP) supporting interdomain routing. BGP introduced the concept of an Autonomous System (AS). An AS is a special case of a limited domain that is applicable to Interdomain Routing.
> > >
> > > According to RFC 4271, an AS appears to other ASs to have a single coherent interior routing plan and presents a consistent picture of what destinations are reachable through it. While AS's can propose reachability through one another, the cannot change one another's interior routing plane. Moreover, reachability proposals can be accepted or rejected by BGP policy. Exterior BGP (eBGP) gateways enforce BGP policy.
> > >
> > > Another special case of limited domains is applicable to forwarding behavior. An ISP might enforce an Expedited Forwarding policy for packets with one DHCP marking and a Best Effort policy for packets with another DHCP marking. In this case, the ISP might remark (or even drop) EF packet received from other domains, because it has no way to be compensated for the expedited service.
> > >
> > > Another special case of limited domains is applicable to security. One ISP may accept one class of packets from a neighboring ISP, while another ISP may not. Many IETF RFCs refer to this kind of limited domain in their Security Considerations sections. Sadly, the IETF does not have a consensus document that defines a limited domain. RFC 8799 is a good start, but it was published on the Independent Stream and, therefore, does not represent IETF consensus.
> > >
> > > Maybe we should complete work on RFC 8799?
> > >
> > >
> > > Ron
> > >
> > >
> > >
> > >
> > >
> > >
> > > Juniper Business Use Only
> > > -----Original Message-----
> > > From: Michael Richardson <mcr+ietf@sandelman.ca>
> > > Sent: Saturday, July 29, 2023 1:42 PM
> > > To: Ron Bonica <rbonica@juniper.net>; 6man@ietf.org
> > > Subject: Re: [IPv6] draft-ietf-6man-hbh-processing
> > >
> > >
> > > Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org> wrote:
> > >     > The Internet is a loosely confederated group of "limited domains". Each
> > >     > limited domain maintains its own forwarding and routing policy. HBH
> > >     > processing, as it is defined in RFC 8200, is OK within a limited
> > >     > domain. It provides yet another tool for deployment of that limited
> > >     > domain's forwarding and policies.
> > >
> > > It's an interesting view.
> > >
> > > So, the "unlimited Internet" is just a path across a bunch of limited domains, where the sender does not know which limited domains will be used.
> > > I think that is a useful change from how we used to think about the Internet, because it might be that we know something about the nearby limited domain,
> > > and something else about the receivers limited domain.   It's the unknown
> > > part in the middle that gets in our way.
> > >
> > > An interesting thing about Ben Schwartz and Co's RISAV proposal is that it gives a way for those two limited domains to communicate directly.
> > >
> > >     > Deployment of the HBH across limited domains may not be a very good
> > >     > idea, because it provides a tool for one limited domain to influence
> > >     > the forwarding and routing polices of another. Can you think of a
> > >     > single HBH option for which the above statement is not true? (The
> > >     > question is not rhetorical.)
> > >
> > > If the HBH didn't influence things, then we wouldn't bother!
> > > So by definition, it's true.
> > > But, you are missing a key phrase in this:
> > >
> > >      it provides a tool for one limited domain to influence
> > >      the forwarding and routing polices of another IN AN UNAUTHORIZED
> > > WAY
> > >
> > >
> > > --
> > > Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
> > >            Sandelman Software Works Inc, Ottawa and Worldwide
> > >
> > >
> > >
> > >
> > > --------------------------------------------------------------------
> > > IETF IPv6 working group mailing list
> > > ipv6@ietf.org
> > > Administrative Requests:
> > > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/ipv6
> > > __;!!NEt6yMaO-gk!AaQzVNEurQaf1v0d6kAUb9Z8fWDkMvEBhrpvS-ubJFFstcfYh0Chl
> > > T1eW7JtPUL26ow7olXkVbPG$
> > > --------------------------------------------------------------------
> >
> > --
> > ---
> > tte@cs.fau.de
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
>
> --
> ---
> tte@cs.fau.de
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email