IETF Logo Mail Archive

Re: Limited Domains:

Stewart Bryant <stewart.bryant@gmail.com> Wed, 14 April 2021 10:36 UTC

Return-Path: <stewart.bryant@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B34693A1A2B; Wed, 14 Apr 2021 03:36:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5y3masrNAKWr; Wed, 14 Apr 2021 03:36:16 -0700 (PDT)
Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C1373A1A27; Wed, 14 Apr 2021 03:36:15 -0700 (PDT)
Received: by mail-wr1-x42f.google.com with SMTP id c15so10420695wro.13; Wed, 14 Apr 2021 03:36:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=piI/EDEcWtq4Qw5+UI13/mPdXOwKiq5tHgIOVaQKz+w=; b=bQVmJaIrVC5i0z3UDjvWQTnVtOHeL7S46wl3BMLWGu1cdqXoCAlv+rVHHcT9S/ma1T hgdLspkm0chFXxUJFmFUDE21t+GxT+WurLSEY/J2f75gAXMb4MDS3O9O8UuoP9CIR6hl 3ENZyX/8nGgZ3GYjxKVMU/6r9pIkLBarOjlD+nqeW+3Qx6J3rJeRlk8DtNGSD4pdWrua 6P2GsKNODxyc1H2fhBhEOJ5zn9XT/C4Udgljx+5cqbawFeV2Y1ClkvYHlgR+671rOBta rkgEwwRs9Hjzrk6lyPm04RtGL4RB487F/eWKnRuz+Ovs+PoBSHxtPijPTaVpev1F0CUi ZbNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=piI/EDEcWtq4Qw5+UI13/mPdXOwKiq5tHgIOVaQKz+w=; b=hqGhc4ieQbvqCgTlnoqOoulwthSS53U9kFGdRLSORuubquIrdoFMGGKGH9X1vInyTz YOIKK7GfIkevpgLA2MEon/6YsUyB/G06sEK+b86cu2QnSPuG72znBQSEyhpbkItCvYDt rkiKQBjBjXTb7si/wfYCHpo3ZPU/2Kq15DEjy45XozhsXx2ts20TY9hMnyEoB9HsJQQm zJLIbE3KFOwJwn5puN08cda2ETHl0Pd79tfcPsfobJ/klh5sZSvMM8NUjzgQvZ4KjbJo zTLL9JNbzYoYCtpG/CyAgtKXx+cvYxoQO++05rslxg5yqYQvZmd/GQzjYXdBFo1eYUzo vp+w==
X-Gm-Message-State: AOAM5313xU8CX7glMKj1Cc6RsQsXk9x3dKtbh3F2vLV9klW6C2nd6i/H qa2j2AfnEyv0COD9d8+UuxQ=
X-Google-Smtp-Source: ABdhPJz7Ff+U2rixLUZ2D+U73Pu/LMlWgGuLWBawAwLoCSEAxyHnfNN3QK5RrRsGMVYUpPQyoGdrZQ==
X-Received: by 2002:a5d:51c6:: with SMTP id n6mr35565578wrv.230.1618396571722; Wed, 14 Apr 2021 03:36:11 -0700 (PDT)
Received: from [192.168.8.167] ([85.255.235.142]) by smtp.gmail.com with ESMTPSA id r8sm7868936wrp.34.2021.04.14.03.36.10 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 14 Apr 2021 03:36:11 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Subject: Re: Limited Domains:
From: Stewart Bryant <stewart.bryant@gmail.com>
In-Reply-To: <9b22cfe4-22eb-3977-2d25-79eb61370291@gmail.com>
Date: Wed, 14 Apr 2021 11:36:10 +0100
Cc: Stewart Bryant <stewart.bryant@gmail.com>, "Ahmed Abdelsalam (ahabdels)" <ahabdels@cisco.com>, "6man@ietf.org" <6man@ietf.org>, "draft-filsfils-6man-structured-flow-label@ietf.org" <draft-filsfils-6man-structured-flow-label@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <17DC585D-3378-42BF-8CD0-67676BF0CFD3@gmail.com>
References: <BL0PR05MB5316991D4124AD85BC69392AAE709@BL0PR05MB5316.namprd05.prod.outlook.com> <1697a0f8-b3cd-9f7d-d610-305b5305c9a1@gmail.com> <4077E736-0092-44C6-80D1-E094F468C00C@gmail.com> <12878114-5c26-86f9-89c3-bcfa10141684@gmail.com> <CALx6S35NBfVJmjqVwhNV3nui2avUOXn6ySMG3cxx2AvGkwr_Ow@mail.gmail.com> <08A6C3D2-A81C-413A-81B3-EFAAA9DBCCE5@cisco.com> <5b68beb6-a6f9-828b-5cca-9c5ec2bfbea7@foobar.org> <126B0A5E-B421-4B1F-AAEB-ABD48FFA4289@cisco.com> <CALx6S35yxqAqWJVhav-=+TB2ZyYttAFfsLNs6Btt+QUx__aQ1w@mail.gmail.com> <9b22cfe4-22eb-3977-2d25-79eb61370291@gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/zLOmGUTP6WJzLbCj8BAPt151Xg0>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Apr 2021 10:36:20 -0000

As far as I can see the only safe limited domain protocol is one specifically designed for use in limited domains.

Any other approach leads to confusion, mistakes, security threats, complexity and cost.

Thus declaring that an “ordinary” IPv6 packet can simultaneously have both global and limited scope has the potential for creating significant issues for those wishing to use basic IPv6 in a limited domain.

We have an example of an IETF limited domain protocol: MPLS. This has a very simple lightweight data plane security model: it is a different protocol from IP and if it is presented with an IP packet at its edge, it simple wraps it in MPLS and sends it safely on its way across the network for export Into some other network. Operators have a lot of experience with this protocol and we know that the model that MPLS is not IP results in complete confidence that the network will not confuse the two.

Equally we know of cases where IP is vulnerable to attack because it is so difficult to exclude packets. This was at the heart of the reason that source routing, was deprecated some years ago.

Now I am not for a moment suggesting that the limited domain applications that the flow-label authors have in mind should be done in MPLS, but I am suggesting that if they want a limited domain protocol with properties different from IPv6, and there is no obvious way to unambiguously indicate the new functionality in basic IPv6, they ought to design a protocol with the properties that they require that is not IPv6.

I am reminded in this discussion of the a time when another SDO wanted to make a “small” incompatible change to MPLS and argued that as this was only deployed in a limited domain that was safe.The IETF position was that incompatible and unrecognisable modification to one of our network protocols was a bad thing. A protracted high profile argument ensued and in the end  the IETF view won the day.

This protracted discussion on flow labels seems to be in a similar mould, and I would argue that we should not accept a change to the forwarding actions on an IPv6 packet unless it is possible for the forwarder to know precisely and unambiguously  which action it is to take on the packet is is currently parsing.

- Stewart

v2.23.0 | Report a Bug | By Email