IETF Logo Mail Archive

Re: [middisc] TCP middlebox option requirements

Andrew Knutsen <andrew.knutsen@bluecoat.com> Tue, 24 May 2011 20:30 UTC

Return-Path: <andrew.knutsen@bluecoat.com>
X-Original-To: middisc@ietfa.amsl.com
Delivered-To: middisc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AA91E069D for <middisc@ietfa.amsl.com>; Tue, 24 May 2011 13:30:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.557
X-Spam-Level:
X-Spam-Status: No, score=-1.557 tagged_above=-999 required=5 tests=[AWL=1.042, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2qlyKAptOclZ for <middisc@ietfa.amsl.com>; Tue, 24 May 2011 13:30:54 -0700 (PDT)
Received: from whisker.bluecoat.com (whisker.bluecoat.com [216.52.23.28]) by ietfa.amsl.com (Postfix) with ESMTP id 33E0BE0670 for <middisc@ietf.org>; Tue, 24 May 2011 13:30:53 -0700 (PDT)
Received: from exchfront1.internal.cacheflow.com (exchfront1 [10.2.2.114]) by whisker.bluecoat.com (8.14.2/8.14.2) with ESMTP id p4OKUkJq021530; Tue, 24 May 2011 13:30:47 -0700 (PDT)
Received: from [10.9.84.250] ([10.9.84.250]) by exchfront1.internal.cacheflow.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 24 May 2011 13:30:41 -0700
Message-ID: <4DDC1571.5040406@bluecoat.com>
Date: Tue, 24 May 2011 13:30:41 -0700
From: Andrew Knutsen <andrew.knutsen@bluecoat.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10
MIME-Version: 1.0
To: "Eddy, Wesley M. (GRC-MS00)[ASRC AEROSPACE CORP]" <wesley.m.eddy@nasa.gov>, David Harrington <ietfdbh@comcast.net>
References: <0C53DCFB700D144284A584F54711EC5809BD740A@xmb-sjc-21c.amer.cisco.com><4BF6CF8A.5030707@bluecoat.com><AF3CDDFAE1BB6C41B8F9EF3F4ADA9D11ADAB3597@MAILBOXES2.nbttech.com><4BFC6B29.1080706@bluecoat.com><2A7D4A79-0E08-480F-A67B-35338D226E14@bluecoat.com><AF3CDDFAE1BB6C41B8F9EF3F4ADA9D11ADB9D3D6@MAILBOXES2.nbttech.com><93730462-B3C5-4ACA-8C0A-C69F52BF0822@bluecoat.com> <C304DB494AC0C04C87C6A6E2FF5603DB47E64A333F@NDJSSCC01.ndc.nasa.gov>, <3A2E247DEDD847669D302BFF7ED0E69B@davidPC> <C304DB494AC0C04C87C6A6E2FF5603DB5AB9554DA5@NDJSSCC01.ndc.nasa.gov>
In-Reply-To: <C304DB494AC0C04C87C6A6E2FF5603DB5AB9554DA5@NDJSSCC01.ndc.nasa.gov>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 24 May 2011 20:30:41.0626 (UTC) FILETIME=[7350F3A0:01CC1A51]
Cc: "middisc@ietf.org" <middisc@ietf.org>
Subject: Re: [middisc] TCP middlebox option requirements
X-BeenThere: middisc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussions on TCP option for middlebox discovery." <middisc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/middisc>, <mailto:middisc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/middisc>
List-Post: <mailto:middisc@ietf.org>
List-Help: <mailto:middisc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/middisc>, <mailto:middisc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 May 2011 20:30:55 -0000

    Just out of curiosity, what advantage to the PEN's have over OUI's?  
Perhaps that they're easier to get?

     If we do use PEN's, I'd suggest using the same three bytes we're 
using for the OUI now.  Or, we could make a three-byte PEN an 
alternative to the OUI, using vendor 0xFE for example.

    In any case, I think the single-byte vendor code alternative is 
still a necessity given the crowding  in SYN packets. I expect most 
"stakeholders" here plan on using that alternative.

    I'm hoping the inclusion of either a vendor code or a standard type, 
combined with minimal requirements on what the option is used for in an 
RFC, will be sufficient to discourage misuse.

Andrew

On 5/24/2011 7:22 AM, Eddy, Wesley M. (GRC-MS00)[ASRC AEROSPACE CORP] 
wrote:
> Hi David, PENs are a good thought in comparison to OUIs for this purpose.
>
> I don't speak for the authors, but we have to be a bit sympathetic to the fact that there is only very limited amount of space available for TCP options and burning 32-bits for an enterprise number is going to eat away considerably from the space available to do something useful.
>
> Personally, I would have no problem seeing a compact mechanism that's just big enough to allow expandability to some double-digit multiple of the number of current vendors, and also support falling back to using either a full Private Enterprise Number or an OUI once the more compacted space is exhausted.
>
>
> ________________________________________
> From: David Harrington [ietfdbh@comcast.net]
> Sent: Tuesday, May 24, 2011 9:13 AM
> To: Eddy, Wesley M. (GRC-MS00)[ASRC AEROSPACE CORP]; 'Ron Frederick'; 'Mark Day'
> Cc: middisc@ietf.org; 'David Harrington'
> Subject: RE: [middisc] TCP middlebox option requirements
>
> Hi,
>
> I also have no skin in this game. and I'm looking at this list after
> months of ignoring it, so I'm way behind in the discussions.
>
> I am concerned that unless severely limited in what it can be used
> for, this will lead to other vendor-specific options.
> Whether that is good or bad I'll leave to other people to decide, such
> as my co-area director Wes, the IETF community and the IESG that will
> need to approve any document produced as a result of this discussion.
>
> I will observe that many IETF protocols developed for a limited use
> "escape into the wild". This happens ofetn when people decide to
> develop a weak or non- security solution and claim it will be only be
> used within an enterprise, but it then gains use in the Internet. I
> don't know if there is anything you can do to prevent this from
> becoming a generic option for vendor-specific features if you design
> in a vendor code. The best way to avoid that is to reach agreement on
> a standard that does not include a vendor code (which means accepting
> that your current products continue to not be compliant to the new
> standard).
>
> If you do have vendor-specific options, it will be important to make
> sure that each vendor is uniquely identified, so we don't have two
> vendors fighting over a vendor code. I recommend registering vendor
> codes with IANA to make sure this doesn't happen.
>
> IANA already maintains an Enterprise Number registry that is used for
> many IETF standards. It is a widely used ***standard*** in IETF
> standards for identifying vendors using a code number.
> http://www.iana.org/assignments/enterprise-numbers.
>
> Maybe you can convince the IESG that having another set of codes to
> identify vendors is important, and that a given vendor will likely
> have a different code in your vendor code list than that used by other
> standards. It doesn't sound very convincing to me.
>
> If expansion CAN take place in the future, and now you need 0xff plus
> an OUI, you will also have added complexity to TCP, requiring suppoort
> for one-byte vendor codes plus OUI support. and you will have added a
> new list of vendor codes (whether maintained by IANA or not), and
> you'll need to convince IESG all this extra complexity is justified.
>
> I recommend you consider simply using an existing IETF standard
> registry already supported by IANA, such as Enterprise Numbers, for
> your vendor codes. OR don't support vendor codes at all, and agree on
> a single standard.
>
> David Harrington
> Director, IETF Transport Area
> ietfdbh@comcast.net (preferred for ietf)
> dbharrington@huaweisymantec.com
> +1 603 828 1401 (cell)
>
>
>> -----Original Message-----
>> From: middisc-bounces@ietf.org
>> [mailto:middisc-bounces@ietf.org] On Behalf Of Eddy, Wesley
>> M. (GRC-MS00)[ASRC AEROSPACE CORP]
>> Sent: Thursday, May 27, 2010 12:53 PM
>> To: Ron Frederick; Mark Day
>> Cc: middisc@ietf.org
>> Subject: Re: [middisc] TCP middlebox option requirements
>>
>>> -----Original Message-----
>>> From: middisc-bounces@ietf.org [mailto:middisc-bounces@ietf.org] On
>>> Behalf Of Ron Frederick
>>> Sent: Thursday, May 27, 2010 12:44 PM
>>> To: Mark Day
>>> Cc: middisc@ietf.org
>>> Subject: Re: [middisc] TCP middlebox option requirements
>>>
>>> ...
>>>
>>> If this is really the case, it would be a mistake to limit the
> total
>>> number of type codes across all vendors to 256. We'd basically be
>>> repeating the mistake that led to this effort in the first
>> place, where
>>> TCP options as a whole have a space of 256 options and we're
>> currently
>>> using multiple of those to solve this problem.
>>
>> I don't have skin in the game, but on reading this thread, my
>> thought was that it's probably possible to use a single byte,
>> but define one codepoint (like 0xFF) to mean "use a full OUI
>> which follows".  This way you can start with using a single
>> byte given the relatively small number of vendors today, and
>> have a way to accommodate larger numbers in the future, if
>> the need arises.
>>
>> This only works if the means of extending to a full OUI is
>> part of the base specification and everyone has to support
>> it, otherwise there are backwards-compatibility issues when
>> someone tries to use it in the future.
>>
>> --
>> Wes Eddy
>> MTI Systems
>>
>>
>> _______________________________________________
>> middisc mailing list
>> middisc@ietf.org
>> https://www.ietf.org/mailman/listinfo/middisc
>>
> _______________________________________________
> middisc mailing list
> middisc@ietf.org
> https://www.ietf.org/mailman/listinfo/middisc

v2.23.0 | Report a Bug | By Email