IETF Logo Mail Archive

Re: [mpls] Last Call: <draft-ietf-mpls-in-udp-04.txt> (Encapsulating MPLS in UDP) to Proposed Standard

Edward Crabbe <edc@google.com> Tue, 21 January 2014 19:20 UTC

Return-Path: <edc@google.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91C721A01EB for <mpls@ietfa.amsl.com>; Tue, 21 Jan 2014 11:20:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.913
X-Spam-Level:
X-Spam-Status: No, score=-1.913 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id slQbSShUasW1 for <mpls@ietfa.amsl.com>; Tue, 21 Jan 2014 11:20:10 -0800 (PST)
Received: from mail-wg0-x22b.google.com (mail-wg0-x22b.google.com [IPv6:2a00:1450:400c:c00::22b]) by ietfa.amsl.com (Postfix) with ESMTP id F1B451A01B8 for <mpls@ietf.org>; Tue, 21 Jan 2014 11:20:09 -0800 (PST)
Received: by mail-wg0-f43.google.com with SMTP id y10so8466477wgg.10 for <mpls@ietf.org>; Tue, 21 Jan 2014 11:20:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=EW9LgIeK4q+2SxMCcshgt5j2HCuP8rbWawyBVWDlcRk=; b=LtAUlCfLhOQd2dbOY9mIcZohYWDPXEeO0lA1ezKtRkHa8O3xrFqD9CDV4hOBQXYtlE gbpF3vu7CHgquAoSh3hn+JcgiWwyUY20L20HH+ItajUozwpHZ62MYMuwMiWC5LhHhgVv drv6VNltfzwt6inBBXWNdpYNafseDV6RyLn9629W7VZT4NHOIxa00Q2WcVKDin2JABei fCK9WTWXkCqFmzsvdEw9WHAo+3DLP4VwKGxmTES8E15Kc7FFaQ7uMniT/tjs29kqsB+E Ul6bEYdtgkev0kcytimFPPgSq4n0kiCQgVNgr5sr8qwan70brchRwnJ/nuaRGsmrcKe+ WfIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=EW9LgIeK4q+2SxMCcshgt5j2HCuP8rbWawyBVWDlcRk=; b=kY3Z7om0i5HxIvmCMyN59QC1Qd0y7sQTpP3ryD6tHv/GxhBcT8+BgUf3kFG4jiaT6m u8ce1hFyRU4qtP7NBFinGYZYF3NxRHvypIY/9JBeLu1F6uLW0NRaUHQKfO+viBMQmtPh w61QZG7YSvN4P3bt1TMDU9XeJrfkX6AG//fawEvV5k1cn7t6pu/Xwv5+9EN44cxDn8vD ueZCKMP1q3TV1eA6jgcP+1xHtCwJNZxLbloeaBINcfqv+OrRTboE9R9Yoz7bF0TPdiZq BNb60kRq7THHzbvT04q9Djjw/kNbEzJyXQxKAkDoL9Z77YyFHDB5tnKn0rgId/a8Tp/u tEDw==
X-Gm-Message-State: ALoCoQnknyecVQTAd/qToLFXIVvLvqGqc546PKTnQO9PcyJ10fvm6q0hjtqh9k+kwF1H+h09KoyRv0OP5PloYxHDAQtXDpqq2M1vHJdCk4cbezoAUGYip6z8hGeugmcmWEmPWNmaHoTHmev0ht9Z2fe+3D21Q4Apu/jnTqO12PrLFcpayp35QbW3vP3oyoDL5KnZ7bg8GA7a
X-Received: by 10.180.205.204 with SMTP id li12mr7726751wic.34.1390332008911; Tue, 21 Jan 2014 11:20:08 -0800 (PST)
MIME-Version: 1.0
Received: by 10.194.23.3 with HTTP; Tue, 21 Jan 2014 11:19:28 -0800 (PST)
In-Reply-To: <290E20B455C66743BE178C5C84F1240847E63346D9@EXMB01CMS.surrey.ac.uk>
References: <290E20B455C66743BE178C5C84F1240847E63346D1@EXMB01CMS.surrey.ac.uk> <201401202247.s0KMllSl047284@maildrop2.v6ds.occnc.com> <290E20B455C66743BE178C5C84F1240847E63346D6@EXMB01CMS.surrey.ac.uk> <52DE5F19.1060907@cisco.com> <558A15A9-204A-4447-923C-58DC2A3CED8A@netapp.com> <52DE680C.30704@cisco.com> <290E20B455C66743BE178C5C84F1240847E63346D9@EXMB01CMS.surrey.ac.uk>
From: Edward Crabbe <edc@google.com>
Date: Tue, 21 Jan 2014 11:19:28 -0800
Message-ID: <CACKN6JFuwKPMmKWuooJqoGR9zL87k-pqv87MVt3fCPnLuEOMhQ@mail.gmail.com>
To: l.wood@surrey.ac.uk
Content-Type: multipart/alternative; boundary="001a11c37bea82fe3a04f07fe553"
Cc: joelja@bogus.com, "mpls@ietf.org" <mpls@ietf.org>, "Eggert, Lars" <lars@netapp.com>
Subject: Re: [mpls] Last Call: <draft-ietf-mpls-in-udp-04.txt> (Encapsulating MPLS in UDP) to Proposed Standard
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2014 19:20:13 -0000

I don't think the 'experience' card is such a good play here Lloyd.  Many
people on this list, and certainly a few of the ones you've been directly
arguing with, have no small amount experience running *extremely* large,
geographically distributed networks.   I've spent a bit of time running
some very large backbones and major content providers myself, and I have to
say, I'm finding most of your arguments here to be unconvincing at best.

I do find it a bit ironic that you're asking for (difficult to gather,
vendor variable and generally poorly documented) data form Stewart, when
your own argument has yet to be substantiated via any form of quantitative
impact analysis, either empirically or theoretically in a modern setting.
 I'd be interested in seeing empirical (back)scatter collection data
(similar to what Morley or Savage have done) to get some idea of impact
here.  I strongly suspect that corruption scatter will be trivial, and
certainly completely overwhelmed in terms volume by typical, day to day
DDoS backscatter.  Perhaps this may be an idea for your next research paper?

With regard to the congestion-control-of-all-tunnel-protocols argument: I
find the argument to be specious.  Curtis summed up the end-to-end version
of this argument pretty succinctly in an earlier email, to wit:

If congestion aware or using a congestion aware transport, the top
level applications are still congestion aware.  If congestion
ignorant, they are still congestion ignorant.  If hostile, they are
still hostile.


On Tue, Jan 21, 2014 at 9:56 AM, <l.wood@surrey.ac.uk> wrote:

> Stewart
>
> the IP header check is not the UDP pseudoheader check - and IPv6 has
> neither.
>
> If a NAT gets a corrupted header, won't it open up new state and attempt
> to translate for that header? Remember, this is UDP, not TCP - it's not on
> an existing connection that must have already been opened by SYN/ACK, where
> the NAT is more likely to reject it as unknown.
>
> 'NATs, which rewrite and can trash headers, demonstrate and validate the
> integrity of the Internet' is not a good argument imo.
>
> I'd like to see some evidence for '"obscure" IP protocol numbers will get
> dropped by default at NATs and firewalls.'. IP/GRE is relatively
> state-free, nothing much to translate at transport there - it's not SCTP.
> I've spent a couple of years running an ISP, and the 'oh, that protocol
> won't go through your NAT' has not come up.
>
> Lloyd Wood
> http://about.me/lloydwood
> ________________________________________
> From: Stewart Bryant [stbryant@cisco.com]
> Sent: 21 January 2014 12:29
> To: Eggert, Lars
> Cc: Wood L  Dr (Electronic Eng); curtis@ipv6.occnc.com; Joel Jaeggli;
> mpls@ietf.org
> Subject: Re: [mpls] Last Call: <draft-ietf-mpls-in-udp-04.txt>
> (Encapsulating MPLS in UDP) to Proposed Standard
>
> On 21/01/2014 12:07, Eggert, Lars wrote:
> > Hi,
> >
> > On 2014-1-21, at 12:50, Stewart Bryant <stbryant@cisco.com> wrote:
> >> In terms of congestion and misdelivery it is interesting looking
> >> at the number of horses that are already bounding around
> >> in the paddock outside the stable:
> >>
> >> IP types: 47 (GRE) and 137 (MPLS-in-IP) for example.
> > there is a big difference between encapsulation in IP and encapsulation
> in UDP. Everything encapsulated with "obscure" IP protocol numbers will get
> dropped by default at NATs and firewalls, whereas UDO traffic happily
> traverses them. The reach of UDP traffic is much broader.
> >
> > Lars
> So we have established that it's not the load on the NATs and Firewalls
> we are worried about.
>
> Seemingly from the above congestion is off the table as well.
>
> Now surely those same NATs and firewalls will be looking for an SA, DA,
> Type, SP, DP match
> and that is a lot of things that have to be right for a header
> corruption misdelivery to get
> through.
>
> - Stewart
>
>
> _______________________________________________
> mpls mailing list
> mpls@ietf.org
> https://www.ietf.org/mailman/listinfo/mpls
>

v2.23.0 | Report a Bug | By Email