[Masque] Unifying CONNECT-IP Proposals
David Schinazi <dschinazi.ietf@gmail.com> Fri, 27 August 2021 15:04 UTC
Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A37783A09DD for <masque@ietfa.amsl.com>; Fri, 27 Aug 2021 08:04:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Ax0HdPIFi2h for <masque@ietfa.amsl.com>; Fri, 27 Aug 2021 08:04:30 -0700 (PDT)
Received: from mail-pf1-x430.google.com (mail-pf1-x430.google.com [IPv6:2607:f8b0:4864:20::430]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3139C3A094E for <masque@ietf.org>; Fri, 27 Aug 2021 08:04:30 -0700 (PDT)
Received: by mail-pf1-x430.google.com with SMTP id y11so5899517pfl.13 for <masque@ietf.org>; Fri, 27 Aug 2021 08:04:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=PUkXynpFNGIpt2ZhgdSzKAgzUT9KcB4RHgF7kGTpVL0=; b=f51UHdPTp2bQTfWi/dVNZwG7wUVoR/WebV0GMfjEfRz41qMpgMC6xy2CvSOfIA6l4f 1S43OfeYjo780wj4eVW7ujpcFNRkgbunFRf2ycyY8TCbo0D4jztVCGv6OlkGWR7DMBqc tNn/PSlti7JkQLV4i5/Gobj5gdIRqxdjWDi8HChlFdffCEG9jyVfHVbnRnsV3aTH2ZGC hap/FGId+59IK9qsp+0+Ihr0bGRnE6X1lCTPy3/tY60nEcRgWZlWt4jSkAZGrEbIwvoE wZv+70iShw93ab+OA1JdjYUTUV8AGE5Wki2hTOnXSVSzZpvcbf/O6a7gVogJlRorE/KP 2+uw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=PUkXynpFNGIpt2ZhgdSzKAgzUT9KcB4RHgF7kGTpVL0=; b=FE5BEqZwIPxc2pQ+W942XWEftc+144jU1Q76jAj2VLfY6A6roE60ImsOHI6366z3do PKGxk7x8jEjZNTvtxuKVy7RJ/n8tG+wSayv+8Y0nSUeybPhoSFvuoXAydZ9lINej8mb/ 5GKC66ANDdJthjQkXG+YmeizOzgzErsc5EhZUKFrjQEj7pXACc7wZ4MtLEVD1wcAHHFb rGTSSN9XrJcs76ty9/+mXJty4uP4xXVT9e5Yau7EScORBA1dDItg7GfMX+lOlZNmJG1q zIRfyB35BkSAfo6MmdeAAsDbn/GBH6ZpcPdUcMzy4E5r2tOTbEN3R7Pom1fm427gob6q /KRw==
X-Gm-Message-State: AOAM532u0CxQ7Vg7b0N2lo+tTIlnmcjWctzuN3zYMiB6vRgAguSJEhIi LKFjp6xt5KTKEA6z57Hy/kxo9LPh78/4XVUw3l+TPCSlvaY=
X-Google-Smtp-Source: ABdhPJxg7XWLhM09dozWi07S4blemlIY4GcZg4bW9ZEIj2Umjsp1zepu339/SoCayEVXpSjPtcX1peIOX0HmVvn4zeY=
X-Received: by 2002:a63:ac43:: with SMTP id z3mr6751241pgn.402.1630076667964; Fri, 27 Aug 2021 08:04:27 -0700 (PDT)
MIME-Version: 1.0
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Fri, 27 Aug 2021 11:04:16 -0400
Message-ID: <CAPDSy+5R68Kn8uD_ig1vVbxO+Z=vEBJBy+veBCXN-GU1xmGGzw@mail.gmail.com>
To: MASQUE <masque@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c02e2f05ca8bccf6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/2pyQyeCvq27ZzNJEg4Rim4NZFpc>
Subject: [Masque] Unifying CONNECT-IP Proposals
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Aug 2021 15:04:48 -0000
Hi MASQUE Enthusiasts, As you know, we've had two distinct proposals for CONNECT-IP for a while. While both of them have interesting features, we need to unify on a joint effort if we want to make progress. In order to further that goal, we've made some edits to the existing documents in order to create a unified coherent path forward. First, we updated draft-ietf-masque-ip-proxy-reqs to reflect working group consensus: since the WGLC showed consensus on everything except the network-to-network use-case and the route negotiation requirement, both of those were removed from the document. draft-ietf-masque-ip-proxy-reqs-03 [1] now better reflects the working group's choice. Based on these requirements, and on the WG consensus at IETF 110 to focus on Proxying IP Packets, we also updated draft-cms-masque-connect-ip. We removed all routing-related features and now draft-cms-masque-connect-ip-02 [2] contains solely what is needed to satisfy the WG's requirements from draft-ietf-masque-ip-proxy-reqs-03. We've had some interesting conversations with Tommy Pauly on this topic and would love for him to join us as editor on draft-cms-masque-connect-ip. Additionally, the discussion at IETF 111 showed that folks were also interested in various features that didn't have WG consensus: some are interested in negotiating routing and some are interested in flow forwarding. We believe that both of those are interesting features worth pursuing. The best way to accomplish this is through extensions. Luckily CONNECT-IP is extensible. We wrote up the routing negotiation as an extension in draft-cms-masque-connect-ip-ext-routes [3]. This enables split-tunnel VPN and the network-to-network use-case. We also made sure that flow forwarding mode would work as an extension, and as proof-of-concept wrote it up as draft-tbd-masque-connect-ip-ext-flow [4]. As mentioned in that document, this is mostly copied from draft-kuehlewind-masque-connect-ip-01 [5] with some minor modifications. We would like to have the authors of draft-kuehlewind-masque-connect-ip author this extension, given that they produced the interesting ideas in it. We think this refactor would be a great path forward for the MASQUE working group: it would allow us to unify multiple proposals around a common extensible protocol. We did discuss merging these three documents into one, but decided against it because it would unnecessarily delay the publication of CONNECT-IP. We would love for the working group to adopt both extensions as they will influence the design of CONNECT-IP, but both need to solve some specific hard problems that don't need to delay CONNECT-IP, so they deserve their own drafts. As usual, comments and thoughts are most welcome! Thanks, David [1] https://datatracker.ietf.org/doc/html/draft-ietf-masque-ip-proxy-reqs-03 [2] https://datatracker.ietf.org/doc/html/draft-cms-masque-connect-ip-02 [3] https://datatracker.ietf.org/doc/html/draft-cms-masque-connect-ip-ext-routes-00 [4] https://datatracker.ietf.org/doc/html/draft-tbd-masque-connect-ip-ext-flow-00 [5] https://datatracker.ietf.org/doc/html/draft-kuehlewind-masque-connect-ip-01
- [Masque] Unifying CONNECT-IP Proposals David Schinazi
- Re: [Masque] Unifying CONNECT-IP Proposals Tommy Pauly
- Re: [Masque] Unifying CONNECT-IP Proposals Eric Kinnear
- Re: [Masque] Unifying CONNECT-IP Proposals Martin Duke
- Re: [Masque] Unifying CONNECT-IP Proposals Eric Rescorla
- Re: [Masque] Unifying CONNECT-IP Proposals Martin Duke
- Re: [Masque] Unifying CONNECT-IP Proposals David Schinazi
- Re: [Masque] Unifying CONNECT-IP Proposals Martin Duke