IETF Logo Mail Archive

Re: [mif-arch-dt] New Version Notification for draft-anipko-mif-mpvd-arch-00.txt

Dmitry Anipko <Dmitry.Anipko@microsoft.com> Sat, 27 July 2013 02:09 UTC

Return-Path: <Dmitry.Anipko@microsoft.com>
X-Original-To: mif-arch-dt@ietfa.amsl.com
Delivered-To: mif-arch-dt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F168211E81B6 for <mif-arch-dt@ietfa.amsl.com>; Fri, 26 Jul 2013 19:09:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.033
X-Spam-Level:
X-Spam-Status: No, score=0.033 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599, UNRESOLVED_TEMPLATE=3.132]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l6rsZzNrIWF7 for <mif-arch-dt@ietfa.amsl.com>; Fri, 26 Jul 2013 19:09:39 -0700 (PDT)
Received: from db9outboundpool.messaging.microsoft.com (mail-db9lp0251.outbound.messaging.microsoft.com [213.199.154.251]) by ietfa.amsl.com (Postfix) with ESMTP id 56F2411E81B8 for <mif-arch-dt@ietf.org>; Fri, 26 Jul 2013 19:09:38 -0700 (PDT)
Received: from mail63-db9-R.bigfish.com (10.174.16.226) by DB9EHSOBE014.bigfish.com (10.174.14.77) with Microsoft SMTP Server id 14.1.225.22; Sat, 27 Jul 2013 02:09:37 +0000
Received: from mail63-db9 (localhost [127.0.0.1]) by mail63-db9-R.bigfish.com (Postfix) with ESMTP id 33082880243 for <mif-arch-dt@ietf.org>; Sat, 27 Jul 2013 02:09:37 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC104.redmond.corp.microsoft.com; RD:autodiscover.service.exchange.microsoft.com; EFVD:NLI
X-SpamScore: -21
X-BigFish: VS-21(zz9371I1454I542Izz1f42h208ch1ee6h1de0h1fdah2073h1202h1e76h1d1ah1d2ah1fc6hzz1de098h1033IL1de096h8275dh1de097hz2fh2a8h683h839h944hd24hf0ah1220h1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh162dh1631h1758h18e1h1946h19b5h1b0ah1d07h1d0ch1d2eh1d3fh1de9h1dfeh1dffh1e1dh9a9j1155h)
Received-SPF: pass (mail63-db9: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Dmitry.Anipko@microsoft.com; helo=TK5EX14HUBC104.redmond.corp.microsoft.com ; icrosoft.com ;
X-Forefront-Antispam-Report-Untrusted: CIP:157.56.240.21; KIP:(null); UIP:(null); (null); H:BL2PRD0310HT002.namprd03.prod.outlook.com; R:internal; EFV:INT
Received: from mail63-db9 (localhost.localdomain [127.0.0.1]) by mail63-db9 (MessageSwitch) id 1374890974680668_27007; Sat, 27 Jul 2013 02:09:34 +0000 (UTC)
Received: from DB9EHSMHS022.bigfish.com (unknown [10.174.16.242]) by mail63-db9.bigfish.com (Postfix) with ESMTP id A0AA764004A for <mif-arch-dt@ietf.org>; Sat, 27 Jul 2013 02:09:34 +0000 (UTC)
Received: from TK5EX14HUBC104.redmond.corp.microsoft.com (131.107.125.8) by DB9EHSMHS022.bigfish.com (10.174.14.32) with Microsoft SMTP Server (TLS) id 14.16.227.3; Sat, 27 Jul 2013 02:09:34 +0000
Received: from ch1outboundpool.messaging.microsoft.com (157.54.51.81) by mail.microsoft.com (157.54.80.25) with Microsoft SMTP Server (TLS) id 14.3.136.1; Sat, 27 Jul 2013 02:08:57 +0000
Received: from mail186-ch1-R.bigfish.com (10.43.68.243) by CH1EHSOBE022.bigfish.com (10.43.70.79) with Microsoft SMTP Server id 14.1.225.22; Sat, 27 Jul 2013 02:06:34 +0000
Received: from mail186-ch1 (localhost [127.0.0.1]) by mail186-ch1-R.bigfish.com (Postfix) with ESMTP id 2A4314C02DD for <mif-arch-dt@ietf.org.FOPE.CONNECTOR.OVERRIDE>; Sat, 27 Jul 2013 02:06:34 +0000 (UTC)
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(377454003)(199002)(189002)(13464003)(52044002)(54356001)(53806001)(76482001)(56776001)(49866001)(4396001)(54316002)(47976001)(47736001)(50986001)(69226001)(63696002)(65816001)(80022001)(74366001)(74662001)(31966008)(46102001)(79102001)(51856001)(77982001)(59766001)(47446002)(19580405001)(16406001)(19580395003)(33646001)(74502001)(19580385001)(83322001)(81542001)(74316001)(83072001)(76786001)(76796001)(74706001)(76576001)(81342001)(74876001)(56816003)(77096001)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:SN2PR03MB079; H:SN2PR03MB077.namprd03.prod.outlook.com; CLIP:10.255.124.4; RD:InfoNoRecords; A:1; MX:1; LANG:en;
Received: from mail186-ch1 (localhost.localdomain [127.0.0.1]) by mail186-ch1 (MessageSwitch) id 1374890739191089_15950; Sat, 27 Jul 2013 02:05:39 +0000 (UTC)
Received: from CH1EHSMHS031.bigfish.com (snatpool2.int.messaging.microsoft.com [10.43.68.234]) by mail186-ch1.bigfish.com (Postfix) with ESMTP id 812FB1C005E; Sat, 27 Jul 2013 02:05:38 +0000 (UTC)
Received: from BL2PRD0310HT002.namprd03.prod.outlook.com (157.56.240.21) by CH1EHSMHS031.bigfish.com (10.43.70.31) with Microsoft SMTP Server (TLS) id 14.16.227.3; Sat, 27 Jul 2013 02:05:38 +0000
Received: from SN2PR03MB079.namprd03.prod.outlook.com (10.255.175.155) by BL2PRD0310HT002.namprd03.prod.outlook.com (10.255.97.37) with Microsoft SMTP Server (TLS) id 14.16.341.1; Sat, 27 Jul 2013 02:05:37 +0000
Received: from SN2PR03MB077.namprd03.prod.outlook.com (10.255.175.153) by SN2PR03MB079.namprd03.prod.outlook.com (10.255.175.155) with Microsoft SMTP Server (TLS) id 15.0.731.11; Sat, 27 Jul 2013 02:05:14 +0000
Received: from SN2PR03MB077.namprd03.prod.outlook.com ([169.254.14.77]) by SN2PR03MB077.namprd03.prod.outlook.com ([169.254.14.242]) with mapi id 15.00.0731.000; Sat, 27 Jul 2013 02:05:14 +0000
From: Dmitry Anipko <Dmitry.Anipko@microsoft.com>
To: Tim Chown <tjc@ecs.soton.ac.uk>, "mif-arch-dt@ietf.org" <mif-arch-dt@ietf.org>
Thread-Topic: [mif-arch-dt] New Version Notification for draft-anipko-mif-mpvd-arch-00.txt
Thread-Index: AQHOhts9Swgiwm2ExEmJ04l4rS7doZl3rKHA
Date: Sat, 27 Jul 2013 02:05:14 +0000
Message-ID: <c00478f9e7ee4ab6948959623dd3a09d@SN2PR03MB077.namprd03.prod.outlook.com>
References: <20130714041913.29430.66253.idtracker@ietfa.amsl.com> <e7573b69f58a4f0b903cf7a3ae03cf48@SN2PR03MB077.namprd03.prod.outlook.com> <024f01ce836a$0c59b220$250d1660$@com> <9f84e98ff5bc45e2ac0465c72bdc24e1@SN2PR03MB077.namprd03.prod.outlook.com> <002801ce851f$f8eb8cb0$eac2a610$@com> <8D23D4052ABE7A4490E77B1A012B63077521C9E7@mbx-01.win.nominum.com> <8AD05C25-AA13-48BF-810C-439C178EE1D3@ecs.soton.ac.uk> <EMEW3|25fe7aca8d4acd7aafc4345bd0e9fa99p6LDwI03tjc|ecs.soton.ac.uk|8AD05C25-AA13-48BF-810C-439C178EE1D3@ecs.soton.ac.uk>
In-Reply-To: <EMEW3|25fe7aca8d4acd7aafc4345bd0e9fa99p6LDwI03tjc|ecs.soton.ac.uk|8AD05C25-AA13-48BF-810C-439C178EE1D3@ecs.soton.ac.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.255.124.4]
x-forefront-prvs: 0920602B08
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OrganizationHeadersPreserved: SN2PR03MB079.namprd03.prod.outlook.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%corpf5vips-237160.customer.frontbridge.com$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%ECS.SOTON.AC.UK$RO%2$TLS%6$FQDN%corpf5vips-237160.customer.frontbridge.com$TlsDn%
X-CrossPremisesHeadersPromoted: TK5EX14HUBC104.redmond.corp.microsoft.com
X-CrossPremisesHeadersFiltered: TK5EX14HUBC104.redmond.corp.microsoft.com
X-OriginatorOrg: microsoft.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
Subject: Re: [mif-arch-dt] New Version Notification for draft-anipko-mif-mpvd-arch-00.txt
X-BeenThere: mif-arch-dt@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: MIF Architecture Design Team mailing list <mif-arch-dt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif-arch-dt>, <mailto:mif-arch-dt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif-arch-dt>
List-Post: <mailto:mif-arch-dt@ietf.org>
List-Help: <mailto:mif-arch-dt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif-arch-dt>, <mailto:mif-arch-dt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Jul 2013 02:09:46 -0000

Hi Tim,

Thank you for review and comments. They were discussed during the call on Monday, and I will try to summarize below my understanding of what was agreed on during the call. Please let me know whether you agree/disagree with the proposed changes/actions or if it appears the comment was not understood correctly.

>> If we talk of common scenarios, should we list them? Should we pick a couple that can be drilled into as examples later in the document, or in an Appendix? We had some discussion on this previously in the calls, but did we agree, what if anything, should go in this text?

[d.a.] People felt we should not duplicate the scenarios between the problem statement document and architecture. A text referring to detail scenarios in the problem statement will be added.

>> This explains how the PVD architecture can be incrementally deployed, with incremental benefit, which is a nice property - perhaps the title of that section can be tweaked, or the topic of implicit vs explicit PVD discovery separated?

[d.a.] Ok, will try to do that.

>> Towards the end of section 2.1 it would be great to have heuristics to do better than putting all implicit PVD information into one bucket, e.g. where a host is multihomed, where in such a case the host would have some idea of this due to multiple global prefixes.

[d.a.] There seemed to be agreement that it's not the main goal of the architecture to magically improve without explicit PVDs how such multi-homing on single link works; and that there may be no clear way how to do that, actually. That said, Suresh said that he will suggest some text on this, and this issue may be a good topic to discuss in the MIF meeting.

>> Are PVD IDs unique per PVD, per association between the client and PVD, per location, or...? e.g. if I am with a WiFi provider, will I always see the same PVD when I use that provider, anywhere? Would a friend on that provider see the same ID? Can any assumptions be made? As yet I don't think this is stated.

[d.a.] It seemed at least two question are raised here: 1) whether the PVD ID should be the same or different across networks, operated by the same provider. 2) whether everyone on the same link should see same set of PVDs, or on the same link different nodes might see different PVDs. 

On the call, there seemed to be agreement:

For 1), that both are possible and that the architecture shall not constraint either way. 
For 2), that in the current scope of the document on a single link, all nodes should receive information about the same PVDs. That said, individual nodes may have different policy/trust settings, based on which they decide to use different subsets of the received PVDs. Future extensions, where different nodes on the same link may see different PVDs from the network, are suggested to be out of scope for the current version of the architecture.

The clarifications for both points will be added.

>> The single PVD for dual-stack networks seems very sane. It is common today for a dual-stack host to get an IPv6 address and router via IPv6 RA, and other configuration information via IPv4 DHCP.

[d.a.] OK, I can add that as additional rationale.

>> So if there is an explicit vs implicit distinction for learning PVDs, perhaps a similar model should be applied here, explicit being e.g. a user toggle (explicit choice, rather like 3G vs WiFi, as hinted at in section 2.3), the implicit being e.g. connectivity tests (Happy PVDs?).

[d.a.] It didn't feel like there was a common understanding of how this comment could be actioned on. Please feel free to elaborate or suggest specific text which you'd want to see in the document in this regard.

>> A host may pick multiple PVDs intentionally to use MPTCP; it may explicitly want to ensure it is using different channels per path.

[d.a.] Good point, folks agreed to add text that for some transports and depending on PVD information, node may decide to use connections over multiple paths / PVDs (however for each connection, the operations still need to be done consistently within the particular PVD).

>> There may be cases for split PVDs, e.g. a host with VPN running, uses the VPN to the corporate network and the default provision for all other traffic (cue security comments...).

[d.a.] Sure, this seems to be one of the PVD use cases for different connections, but it was not clear how the text should be adjusted. Do you think the current text doesn't cover that or contradicts to that? If that's the case, can you suggest the specific changes?

>> Perhaps in addition to connection requests by applications the applications will first do DNS lookups, which is where the PVD selection is first used?

[d.a.] Sure, I will add specific text about name lookup, as a possible step where selection is done (it may be not necessarily the first step, however - because e.g. PVD selection could be done based on app identity).

>> eduroam is an interesting example here. Users authenticate to their home site using their home credentials, but the visited site then makes a provisioning (and authorisation) decision based on that result.  The visited site is the PVD, but the authentication is to the home site.  The authentication to eduroam can be mutual between the device and the visited network.

[d.a.] Can you suggest more specific text which you'd like to see included?

>>And a final question for now - are we including application configuration in this work, or is it purely network services?

[d.a.] There didn't seem to be agreement on the call on this, and this was also discussed on previous calls. It may be good topic to talk about in the MIF meeting.

-Dmitry

-----Original Message-----
From: mif-arch-dt-bounces@ietf.org [mailto:mif-arch-dt-bounces@ietf.org] On Behalf Of Tim Chown
Sent: Monday, July 22, 2013 5:57 AM
To: mif-arch-dt@ietf.org
Subject: Re: [mif-arch-dt] New Version Notification for draft-anipko-mif-mpvd-arch-00.txt

Hi,

Some quick comments, as I won't now be able to make the call today.

Overall, the draft is taking shape nicely.

Section 1

If we talk of common scenarios, should we list them? Should we pick a couple that can be drilled into as examples later in the document, or in an Appendix? We had some discussion on this previously in the calls, but did we agree, what if anything, should go in this text?

Section 2.1 

This explains how the PVD architecture can be incrementally deployed, with incremental benefit, which is a nice property - perhaps the title of that section can be tweaked, or the topic of implicit vs explicit PVD discovery separated?

Towards the end of section 2.1 it would be great to have heuristics to do better than putting all implicit PVD information into one bucket, e.g. where a host is multihomed, where in such a case the host would have some idea of this due to multiple global prefixes.

Section 2.3

Are PVD IDs unique per PVD, per association between the client and PVD, per location, or...? e.g. if I am with a WiFi provider, will I always see the same PVD when I use that provider, anywhere? Would a friend on that provider see the same ID? Can any assumptions be made? As yet I don't think this is stated.

Section 2.4

The single PVD for dual-stack networks seems very sane. It is common today for a dual-stack host to get an IPv6 address and router via IPv6 RA, and other configuration information via IPv4 DHCP.

Section 4.2

So if there is an explicit vs implicit distinction for learning PVDs, perhaps a similar model should be applied here, explicit being e.g. a user toggle (explicit choice, rather like 3G vs WiFi, as hinted at in section 2.3), the implicit being e.g. connectivity tests (Happy PVDs?).

Section 4.2.1

A host may pick multiple PVDs intentionally to use MPTCP; it may explicitly want to ensure it is using different channels per path.

There may be cases for split PVDs, e.g. a host with VPN running, uses the VPN to the corporate network and the default provision for all other traffic (cue security comments...).

Section 5.1

Perhaps in addition to connection requests by applications the applications will first do DNS lookups, which is where the PVD selection is first used?

Section 6

eduroam is an interesting example here. Users authenticate to their home site using their home credentials, but the visited site then makes a provisioning (and authorisation) decision based on that result.  The visited site is the PVD, but the authentication is to the home site.  The authentication to eduroam can be mutual between the device and the visited network.

And a final question for now - are we including application configuration in this work, or is it purely network services?

Tim

_______________________________________________
mif-arch-dt mailing list
mif-arch-dt@ietf.org
https://www.ietf.org/mailman/listinfo/mif-arch-dt

v2.23.0 | Report a Bug | By Email