IETF Logo Mail Archive

Re: [Masque] Unifying CONNECT-IP Proposals

Eric Kinnear <ekinnear@apple.com> Fri, 27 August 2021 21:29 UTC

Return-Path: <ekinnear@apple.com>
X-Original-To: masque@ietfa.amsl.com
Delivered-To: masque@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A95F73A1AC8 for <masque@ietfa.amsl.com>; Fri, 27 Aug 2021 14:29:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.552
X-Spam-Level:
X-Spam-Status: No, score=-2.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cQDXd_sU0hn6 for <masque@ietfa.amsl.com>; Fri, 27 Aug 2021 14:29:18 -0700 (PDT)
Received: from ma1-aaemail-dr-lapp03.apple.com (ma1-aaemail-dr-lapp03.apple.com [17.171.2.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EC163A1A66 for <masque@ietf.org>; Fri, 27 Aug 2021 14:29:18 -0700 (PDT)
Received: from pps.filterd (ma1-aaemail-dr-lapp03.apple.com [127.0.0.1]) by ma1-aaemail-dr-lapp03.apple.com (8.16.0.42/8.16.0.42) with SMTP id 17RLHh2w065308; Fri, 27 Aug 2021 14:29:15 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=VaParPVKRCFlrCquUJcUdTRo8NPJy/7ILP67TWzgfk8=; b=nQd8/fDYkUYYlwX+jn0QFqAiH0C9QtIxIenhYN4Y/BhAnPBUg4xef8WtQhupYl2sixGi EbFOR5tKQeTWSX9ZJzwze2L87v5Qq2c+US/v8+zh6WecEZ8ktb/xVlXNOulb6pGpH4sV auJ3ZM6P14BkfdOUqqKuhwZASCXYChgmyN5lDGqc3GT9ztFyRkTKFRS1PIgo+SU6W6A0 2DcAxDDv1LzCqv6cmE8k/ZltcxfaHrWiIx1Dka7DtoylV2JQCGUWGpapdnGEyscgtdgh m1OUyqpp1C/Gp01Rwn7sSn/4fD1j8KNWAQDoKXqljkJCH+AucXVVeMyaJD1R4pmwEL7a Cg==
Received: from rn-mailsvcp-mta-lapp03.rno.apple.com (rn-mailsvcp-mta-lapp03.rno.apple.com [10.225.203.151]) by ma1-aaemail-dr-lapp03.apple.com with ESMTP id 3ak0fxjbkj-4 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 27 Aug 2021 14:29:15 -0700
Received: from rn-mailsvcp-mmp-lapp01.rno.apple.com (rn-mailsvcp-mmp-lapp01.rno.apple.com [17.179.253.14]) by rn-mailsvcp-mta-lapp03.rno.apple.com (Oracle Communications Messaging Server 8.1.0.9.20210415 64bit (built Apr 15 2021)) with ESMTPS id <0QYI00EEMP0Q6030@rn-mailsvcp-mta-lapp03.rno.apple.com>; Fri, 27 Aug 2021 14:29:14 -0700 (PDT)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp01.rno.apple.com by rn-mailsvcp-mmp-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.9.20210415 64bit (built Apr 15 2021)) id <0QYI00M00ONDBC00@rn-mailsvcp-mmp-lapp01.rno.apple.com>; Fri, 27 Aug 2021 14:29:14 -0700 (PDT)
X-Va-A:
X-Va-T-CD: e0b4e3205114c910a61d426831c8e828
X-Va-E-CD: 6c1ede292e2dad9ac95f133c0296153b
X-Va-R-CD: 15ce42f524a80f9844fd58149fa20e76
X-Va-CD: 0
X-Va-ID: 33b18a8b-bcda-47b4-8d94-1bbbfa673198
X-V-A:
X-V-T-CD: e0b4e3205114c910a61d426831c8e828
X-V-E-CD:
X-V-R-CD: 007e5c9c-7635-4af5-944d-9967eb61e5e1
X-V-CD: 0
X-V-ID: 007e5c9c-7635-4af5-944d-9967eb61e5e1
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-08-27_06:2021-08-27, 2021-08-27 signatures=0
Received: from smtpclient.apple (ekinnear1.scv.apple.com [17.192.171.50]) by rn-mailsvcp-mmp-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.9.20210415 64bit (built Apr 15 2021)) with ESMTPSA id <0QYI00BKDP0PV000@rn-mailsvcp-mmp-lapp01.rno.apple.com>; Fri, 27 Aug 2021 14:29:14 -0700 (PDT)
From: Eric Kinnear <ekinnear@apple.com>
Message-id: <B10F043A-C095-4544-BCBF-8C0FEDA78811@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_95FC8D6C-C120-446E-B220-3F186A15B261"
MIME-version: 1.0 (Mac OS X Mail 15.0 \(3693.0.1.1.13\))
Date: Fri, 27 Aug 2021 14:29:13 -0700
In-reply-to: <7C135A13-4E2E-4619-9620-73D6540329C6@apple.com>
Cc: David Schinazi <dschinazi.ietf@gmail.com>, Chris Wood <caw@heapingbits.net>, MASQUE <masque@ietf.org>
To: Tommy Pauly <tpauly@apple.com>
References: <CAPDSy+5R68Kn8uD_ig1vVbxO+Z=vEBJBy+veBCXN-GU1xmGGzw@mail.gmail.com> <7C135A13-4E2E-4619-9620-73D6540329C6@apple.com>
X-Mailer: Apple Mail (2.3693.0.1.1.13)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-08-27_06:2021-08-27, 2021-08-27 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/masque/JN2oZn9HLt3wGfDgfTXvWDEzUWc>
Subject: Re: [Masque] Unifying CONNECT-IP Proposals
X-BeenThere: masque@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiplexed Application Substrate over QUIC Encryption <masque.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/masque>, <mailto:masque-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/masque/>
List-Post: <mailto:masque@ietf.org>
List-Help: <mailto:masque-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/masque>, <mailto:masque-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Aug 2021 21:29:24 -0000


> On Aug 27, 2021, at 12:52 PM, Tommy Pauly <tpauly@apple.com> wrote:
> 
> Hi David,
> 
> While I appreciate the effort to show extensibility, I don’t think this is quite the right approach for what the core of CONNECT-IP would be, and how to frame collaboration on the different use cases.
> 
> Specifically, the proposed core document is still lacking a description of when the various capsules are needed, and I think it would be far simpler to say that the address assignment mode is something that is optional, rather than making extensions try to work around it. I’m also not convinced that these various use cases need to split up rather than having a more elegant and unified set of solutions.
> 
> As you mention, I’ve spoken a bit about this with the various authors and would be happy to help act as an editor to resolve these various directions. This needs to be a collaborative effort, and I think the protocol will be stronger for it.
> 
> Chairs, would you help set up a working interim call to work on how CONNECT-IP should be structured?

Thanks, Tommy! We’re working on enumerating the possible paths forward for the WG’s consideration. Stay tuned for an update.

Thanks,
Eric

> 
> Best,
> Tommy
> 
>> On Aug 27, 2021, at 8:04 AM, David Schinazi <dschinazi.ietf@gmail.com <mailto:dschinazi.ietf@gmail.com>> wrote:
>> 
>> Hi MASQUE Enthusiasts,
>> 
>> As you know, we've had two distinct proposals for CONNECT-IP for a while. While
>> both of them have interesting features, we need to unify on a joint effort if
>> we want to make progress. In order to further that goal, we've made some edits
>> to the existing documents in order to create a unified coherent path forward.
>> 
>> First, we updated draft-ietf-masque-ip-proxy-reqs to reflect working group
>> consensus: since the WGLC showed consensus on everything except the
>> network-to-network use-case and the route negotiation requirement, both of
>> those were removed from the document. draft-ietf-masque-ip-proxy-reqs-03 [1]
>> now better reflects the working group's choice.
>> 
>> Based on these requirements, and on the WG consensus at IETF 110 to focus on
>> Proxying IP Packets, we also updated draft-cms-masque-connect-ip. We removed
>> all routing-related features and now draft-cms-masque-connect-ip-02 [2]
>> contains solely what is needed to satisfy the WG's requirements from
>> draft-ietf-masque-ip-proxy-reqs-03. We've had some interesting conversations
>> with Tommy Pauly on this topic and would love for him to join us as editor on
>> draft-cms-masque-connect-ip.
>> 
>> Additionally, the discussion at IETF 111 showed that folks were also interested
>> in various features that didn't have WG consensus: some are interested in
>> negotiating routing and some are interested in flow forwarding. We believe that
>> both of those are interesting features worth pursuing. The best way to
>> accomplish this is through extensions. Luckily CONNECT-IP is extensible.
>> 
>> We wrote up the routing negotiation as an extension in
>> draft-cms-masque-connect-ip-ext-routes [3]. This enables split-tunnel VPN and
>> the network-to-network use-case.
>> 
>> We also made sure that flow forwarding mode would work as an extension, and as
>> proof-of-concept wrote it up as draft-tbd-masque-connect-ip-ext-flow [4]. As
>> mentioned in that document, this is mostly copied from
>> draft-kuehlewind-masque-connect-ip-01 [5] with some minor modifications. We
>> would like to have the authors of draft-kuehlewind-masque-connect-ip author
>> this extension, given that they produced the interesting ideas in it.
>> 
>> We think this refactor would be a great path forward for the MASQUE working
>> group: it would allow us to unify multiple proposals around a common extensible
>> protocol. We did discuss merging these three documents into one, but decided
>> against it because it would unnecessarily delay the publication of CONNECT-IP.
>> We would love for the working group to adopt both extensions as they will
>> influence the design of CONNECT-IP, but both need to solve some specific hard
>> problems that don't need to delay CONNECT-IP, so they deserve their own drafts.
>> 
>> As usual, comments and thoughts are most welcome!
>> 
>> Thanks,
>> David
>> 
>> [1] https://datatracker.ietf.org/doc/html/draft-ietf-masque-ip-proxy-reqs-03 <https://datatracker.ietf.org/doc/html/draft-ietf-masque-ip-proxy-reqs-03>
>> [2] https://datatracker.ietf.org/doc/html/draft-cms-masque-connect-ip-02 <https://datatracker.ietf.org/doc/html/draft-cms-masque-connect-ip-02>
>> [3] https://datatracker.ietf.org/doc/html/draft-cms-masque-connect-ip-ext-routes-00 <https://datatracker.ietf.org/doc/html/draft-cms-masque-connect-ip-ext-routes-00>
>> [4] https://datatracker.ietf.org/doc/html/draft-tbd-masque-connect-ip-ext-flow-00 <https://datatracker.ietf.org/doc/html/draft-tbd-masque-connect-ip-ext-flow-00>
>> [5] https://datatracker.ietf.org/doc/html/draft-kuehlewind-masque-connect-ip-01 <https://datatracker.ietf.org/doc/html/draft-kuehlewind-masque-connect-ip-01>
>> -- 
>> Masque mailing list
>> Masque@ietf.org <mailto:Masque@ietf.org>
>> https://www.ietf.org/mailman/listinfo/masque
>

v2.23.0 | Report a Bug | By Email