IETF Logo Mail Archive

Re: [MBONED] I-D Action: draft-acg-mboned-multicast-models-02.txt

"Manfredi, Albert E" <albert.e.manfredi@boeing.com> Fri, 10 November 2017 20:10 UTC

Return-Path: <albert.e.manfredi@boeing.com>
X-Original-To: mboned@ietfa.amsl.com
Delivered-To: mboned@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2675C129466 for <mboned@ietfa.amsl.com>; Fri, 10 Nov 2017 12:10:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OmUaPZUhCsrF for <mboned@ietfa.amsl.com>; Fri, 10 Nov 2017 12:10:00 -0800 (PST)
Received: from phx-mbsout-02.mbs.boeing.net (phx-mbsout-02.mbs.boeing.net [130.76.184.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 557E2124F57 for <mboned@ietf.org>; Fri, 10 Nov 2017 12:10:00 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by phx-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id vAAK9xUE021560; Fri, 10 Nov 2017 13:09:59 -0700
Received: from XCH15-06-09.nw.nos.boeing.com (xch15-06-09.nw.nos.boeing.com [137.136.239.172]) by phx-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id vAAK9nhJ021450 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=OK); Fri, 10 Nov 2017 13:09:49 -0700
Received: from XCH15-06-11.nw.nos.boeing.com (2002:8988:efdc::8988:efdc) by XCH15-06-09.nw.nos.boeing.com (2002:8988:efac::8988:efac) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Fri, 10 Nov 2017 12:09:48 -0800
Received: from XCH15-06-11.nw.nos.boeing.com ([137.136.239.220]) by XCH15-06-11.nw.nos.boeing.com ([137.136.239.220]) with mapi id 15.00.1320.000; Fri, 10 Nov 2017 12:09:48 -0800
From: "Manfredi, Albert E" <albert.e.manfredi@boeing.com>
To: Tim Chown <Tim.Chown@jisc.ac.uk>
CC: MBONED WG <mboned@ietf.org>
Thread-Topic: I-D Action: draft-acg-mboned-multicast-models-02.txt
Thread-Index: AQHTUdYPqU0dK+jzYE2Aawd+iPMOX6L9H2QAgBBSm4CAAJH84A==
Date: Fri, 10 Nov 2017 20:09:48 +0000
Message-ID: <96877569f0524339bb7841e8d61736c2@XCH15-06-11.nw.nos.boeing.com>
References: <150940561832.28310.1470763748333970243@ietfa.amsl.com> <C54D2DC2-6EA7-41D2-BEC2-81A27BC202BF@jisc.ac.uk> <9563781e07234ac7919ecaf64b02073e@XCH15-06-11.nw.nos.boeing.com> <0AB23114-4E96-4521-834E-E4C1D87991D8@jisc.ac.uk>
In-Reply-To: <0AB23114-4E96-4521-834E-E4C1D87991D8@jisc.ac.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [137.136.248.6]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: <https://mailarchive.ietf.org/arch/msg/mboned/kIT2RmIZws4TBKE7rvO6bcdTU_4>
Subject: Re: [MBONED] I-D Action: draft-acg-mboned-multicast-models-02.txt
X-BeenThere: mboned@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Mail List for the Mboned Working Group <mboned.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mboned>, <mailto:mboned-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mboned/>
List-Post: <mailto:mboned@ietf.org>
List-Help: <mailto:mboned-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mboned>, <mailto:mboned-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Nov 2017 20:10:02 -0000

-----Original Message-----
From: Tim Chown [mailto:Tim.Chown@jisc.ac.uk] 

>> I think that in practice, interdomain multicast is now being discouraged
>> for security reasons. Conversely, ASM, within a single domain remains very
>> useful. That’s why I’d be uncomfortable with a blanket condemnation of ASM.
>
> I think that’s what the draft currently says, but while also recommending
> SSM in general, esp. for new applications.
>
> The Rationale section

Hi Tim, thanks. Yes, I'd prefer only to reduce the strength of the recommendation against intradomain ASM. Very simple changes to the text.

>> Everything depends on use case. In a control system scenario, ASM may well
>> ... Or, also frequently, multicast is used for status messages from many
>> sources, some or all of which have redundant interfaces. So having every host
>> configured to know all the possible sources, and join all of the possible
>> multicast groups, becomes a huge pain. Hardly “simpler” than ASM.
>
> Well, the point is that source discovery is pushed from the network layer to a
> higher layer, simplifying network state, and putting the responsibility on the
> applications to communicate about or discover appropriate sources.

I agree that source discovery has been pushed to higher layers, but I'm also concerned about complication being added at those upper layers! My point is that it's preferable to avoid all the background chatter that would have to occur, in some multicast scenarios such as the one described above, for every host in the multicast group to keep track the source(s) that might be relevant at any given time. This could become really laborious and unnecessary, whether it's done dynamically, or ahead of time, as a static configuration requirement.

Enforcing SSM only is like doing IP multicast over ATM or any other circuit-switched system. You have to go through the chore of setting up pt-mpt SVCs before you can use multicast, which implies knowledge of every potential source. The approach removes one really appealing aspect of the leaf join model possible when using frame switching schemes like Ethernet. I get that for interdomain use, it's a way simpler approach, but it would be a shame for everything to have to be done that way, always.

> We could add some text along the lines you’ve written above to section 7.3.  Care to draft a paragraph?

I'd start by removing entirely, or at least softening, the last sentence of Section 7.

7.  Recommendations on ASM and SSM deployment

   This document recommends that the use of interdomain ASM is
   deprecated, i.e., only SSM is to be used for interdomain multicast.
   Intradomain multicast may still benefit from ASM, however security
   considerations may potentially make intradomain SSM preferable.

And then in Section 7.3, just a minor change, and remove the last sentence:

7.3.  Intradomain ASM

   The use of ASM within a single multicast domain, such as an
   enterprise or campus, is relatively common today. Such sites may
   configure an RP for the site, and may choose to use Anycast-RP or MSDP
   for RP resilience. Alternatively, such sites may deploy multicast
   routing algorithms that do not require any RP, within the domain.
   Regardless, this document does not preclude continued use of ASM in
   the intradomain scenario.

Some other wording, in Sections 7.5 and 7.6, could also be softened. For instance, in 7.6, it says:

   Thus, in theory, it should be possible to port ASM-only applications
   to be able to run using SSM, if an appropriate out-of-band mechanism
   can be chosen to convey the participant source addresses.

True enough. Point being, having to create this other "out of band mechanism" becomes an extra complication imposed by an SSM-only regime. In no way can this be called simplification. Moving the complexity up the protocol ladder does not mean the complexity has been eliminated. It's much like IP multicast over ATM, where now something extra has to be programmed, to set up the multiple necessary circuits.

Bert

v2.23.0 | Report a Bug | By Email