IETF Logo Mail Archive

Re: [mpls] MPLS Working Group Last Call on draft-ietf-mpls-mna-requirements

Stewart Bryant <sb@stewartbryant.com> Tue, 24 October 2023 10:28 UTC

Return-Path: <sb@stewartbryant.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD035C151083; Tue, 24 Oct 2023 03:28:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=stewartbryantcom.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AxayK7slOh-a; Tue, 24 Oct 2023 03:28:16 -0700 (PDT)
Received: from GBR01-LO2-obe.outbound.protection.outlook.com (mail-lo2gbr01on2081.outbound.protection.outlook.com [40.107.10.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A97AC151076; Tue, 24 Oct 2023 03:28:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Yyx8LPU7yvYHf9tEU9Drj8VfHUc8lEc7T7M5BNbZwsox1sYbCC5Finj0Ih/+M7FIMGJ6R3hYN5newIt68i6nzOg/h58INQAoZwn4RkSEpsyt3bXEgAM5ji1YxP/6N19Z4chwKdXw07LOgGhTEVyb/Y2qKMtqTEXf+EN52kxcRQMkLe7fPfCpSwt5mwZHbPcnXb4cvdbFx7D4CwNGOzS2IUGLIwd1ZRf76GnwkPvOzbtKIWG+sgCobiJtGgVKMagyiJrmWX0dX0asFuUpIkhwb5DUaWIn82bjt1ACh9HtYnEOAirOndELVSl+deo4ajyYV0V3wpNmx4kgA4aLb5JQjw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DzdUeNsZiFlKXLNaDVydOUxrwMW9QqhJusYZiEBPyUI=; b=KHQBf8tTdQ27OJBlhqSlE2QWrJK2A/t8/yZcB4kpksKubvfZkv42xQ1lbBxuLrraVmfDXJzXy3MT1/sp2KmMdQ09t75Tf4AbvF7281ktnoz13o2PooE5RiIqLgftElWOwDqMnmLVSxZyDN5GNs3kjruuJBkLSVCEUHtMH8AxT2A4lWA9CkUs6yiu9JWg13GER6U7naE3VTg3F+g7edv0TgP1J6NHyDaRgkbpkTy2VbYZa98ASBi/P6Nf4O4deOfteaNinPJXIm/XoSEyxDGYKq1hBfWGY/AW+uWQ4onc2MztJAYDVR8+n98d8Eaisz/sZSHoAm+P7H5vmhBNHncZPg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=stewartbryant.com; dmarc=pass action=none header.from=stewartbryant.com; dkim=pass header.d=stewartbryant.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stewartbryantcom.onmicrosoft.com; s=selector2-stewartbryantcom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DzdUeNsZiFlKXLNaDVydOUxrwMW9QqhJusYZiEBPyUI=; b=kR6fCKrhaDrZ511Vmgn3ZZgv3tTFTM3mzWgWco3VafGfy9/Odq01eB/Ucf+kexWBzKAtXVxQEvYgqO56E9oKUMIl6hv/6Oinav10TxJmJdXilo3+gga9YFLuo8BIDeOe/hLTVzwJHYZEoqdRWZFS1sviVMhTuzy4cbNZPKE8/uI=
Received: from LOYP123MB3214.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:f1::16) by CWXP123MB6099.GBRP123.PROD.OUTLOOK.COM (2603:10a6:400:1bc::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6907.33; Tue, 24 Oct 2023 10:28:07 +0000
Received: from LOYP123MB3214.GBRP123.PROD.OUTLOOK.COM ([fe80::71f0:a651:d2d:8df2]) by LOYP123MB3214.GBRP123.PROD.OUTLOOK.COM ([fe80::71f0:a651:d2d:8df2%3]) with mapi id 15.20.6907.032; Tue, 24 Oct 2023 10:28:07 +0000
From: Stewart Bryant <sb@stewartbryant.com>
To: "Matthew Bocci (Nokia)" <matthew.bocci@nokia.com>
CC: Stewart Bryant <sb@stewartbryant.com>, "adrian@olddog.co.uk" <adrian@olddog.co.uk>, loa Andersson <loa@pi.nu>, "mpls@ietf.org" <mpls@ietf.org>, "draft-ietf-mpls-mna-requirements@ietf.org" <draft-ietf-mpls-mna-requirements@ietf.org>
Thread-Topic: [mpls] MPLS Working Group Last Call on draft-ietf-mpls-mna-requirements
Thread-Index: AQHZ9Hc5cTrtjw6oS02zj4i62dtWALBYygCAgAAWkgA=
Date: Tue, 24 Oct 2023 10:28:07 +0000
Message-ID: <36D3E8B6-4BB8-4E08-970B-26FD51B64D79@stewartbryant.com>
References: <2ded21ed-f70c-4361-a6a9-36df027194fd@pi.nu> <067901d9f477$3a10ded0$ae329c70$@olddog.co.uk> <AM6PR07MB40213A3CA9EEEAE08EB1D6C9EBD5A@AM6PR07MB4021.eurprd07.prod.outlook.com>
In-Reply-To: <AM6PR07MB40213A3CA9EEEAE08EB1D6C9EBD5A@AM6PR07MB4021.eurprd07.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3774.100.2.1.4)
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=stewartbryant.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: LOYP123MB3214:EE_|CWXP123MB6099:EE_
x-ms-office365-filtering-correlation-id: 1014fd76-af23-4804-8aea-08dbd47bea0a
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: a98c6B+h2IZLjF6rbiYSIaFM/AHwCL3dsCzp4x2P1ZtVMnoXJs+iX8uOR2fqSkoXnuvT6fs374uaWJxzT3aZ+SnQakXXpQaJU0s4fiZLVB+KTzFb41T+lfH34K8KYAXnTMZTIUOHB9k/4ftB3oYtOvJw7kkoFhhHUkSLyms3frVFFqSlYuf6JWs9xeLJdfuPZiU4u0Dgza5AcWZm07CtNbEK+XoNmzhxHygq5RaFj+GMDvSYcirveqKIMAUGf/DVcZe9RDVZQY/UAJE/RLCWqKHxsFzlTkY+wveDm99yXdq9ISTfQeKi4K5kbQtnT86r+xL3N4AI44BWT5GFC+F2/RVtrmJKy2sHU06NqgWBFdfNnh0WEECzf5xVhhS+SCXP6/m9PmVqIyJ5fY5AanRof647k19tudbXXsPJjNQZQH9PlSk+MNHBjQVeRfbREimyh6ma8Hir5LIISg0oqXlXr18hl82expnPwkIjo9g4VLMnUvV4ypBbso+AG/HqDcg9tDKVPQGkv2kh7MgkqP/kIhceyIFECrqjNCzV2m4Tu1494c5NGI30sokAbWK9SWsQhwHuBJyGOc2YYEs2Ce0jpZ+cbi5uriHACGJBJPd0M59muRQqsKElwMH6UZck8zMu
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:LOYP123MB3214.GBRP123.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(136003)(376002)(396003)(366004)(346002)(39830400003)(230922051799003)(451199024)(1800799009)(186009)(64100799003)(38070700009)(26005)(36756003)(38100700002)(166002)(2906002)(41300700001)(7066003)(5660300002)(86362001)(8936002)(33656002)(4326008)(8676002)(478600001)(6506007)(64756008)(76116006)(71200400001)(122000001)(316002)(66476007)(66946007)(6916009)(66556008)(54906003)(66446008)(2616005)(296002)(83380400001)(6486002)(6512007)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Z68R8MGZrx+UVWgzoCC2jBt93lPr2LEtOy4BV4+5fxpjIRHcdYSoAGcfVG+LnBeXJK8k1Qiq7YR3ZrNoLTVKUi++0MqMOIWbUM7CRky4NTJrYsTcpLnjn5ZCQAE92ce0QCXEuUM8VPlwIP8D2Pdzx7p3N2tEEoNSMIshcpGVhnfOnyvdRu182eNDDfj2yfuKLoeW1p2nkEI9Xjp0xQHMnok8eAHVpcOjWWywumEyVzJM1SraIgoIVe2NozhBFgoC54ZZbe3jvU/LaFraJXj+JC8sM1OH3Lt03CY89rOe8bqNyQ6d8DliTO8Y993X0hvYQ2BSSd2Ie0TFSrYJL9JYBLPoTKIiIATBJVPKilHdY1F69VA0I6Vp/YbQMMkzGfd1S4SP6Iu2EPa3yhLdr7ojr+A0hRvPYsSM45CJY88yscf+dYtzw3L4u4DJFqXv8BneU3ZcKdRqBAt4zRMQQCnjNNydZtsOjv++MuKwRIOO/fIdco2g4miXGNTDrPKlgL/4uqxeQAICMs1GvHR5KO2tPR9LJogUAbYDfnAbpIZpwzSOud7OX+8C3pnxH98B1dVBllg7ZslrJU+LQuTNnB2N7N4GWb9Jq28EPA3p39YDuAZ88OMxIr9CYI7Rpqky0WevyquahgnR7GvHlh6MNvao8NxNLsxtQET+U5OBOpkEmrgCnAVmm7mgRw395m9Jd3Pspsr5qQu5D/nejw2diLL7vM+RrkuhhW4N4gXkxVhOqvN1W0ev7GkjacDiF6lt8akPJ+mpi+KS32xtoJdjTB+g4ZcQBQdQeeir4pfK6uINHMiWIAzniQ4UqUcmB0PbMjd2vqDzmEyZU4+fCb7MgRzzO6R7HdXJow3Y6zsCp+q65xstfySEHpAysyM5eVpVAFAWvyzo31XLUXnGSu8sKVMPJxR9vCF6dG7GoSAGz/M/o7eNo9goTlrz4c0QohyNjQXTRybpZ+s3eYQX5rodtxihczioUZFyall3JP2ZrRyWCTN+TqO/U38/aKO5txXO18iTmAATPUiVpjXDyqIdTWepO4hyHXbfu1l9Sj6qriXx9InT0+kdNZ03+rvi0V1qWPNm8ZpMQEt2suUEGmE/f0Ceg8irCrW/JE0p1CleZqrxiOmIyYjCpGJc+semaIsyBUWeXLwvQWo9wAhpoTJptKc6vvoENjgbK9Ub9ahq65E2e5ygc46eipP9nQNv8ox+FRRpyio0ADmwP44nyI6GI8FIL8LjecZKSZA1Nosl2PGOZBWC/uuINEcoQMNTgep2PJh/mViIVvgPKrQyMQILT6IYl0lFFTHpKGBzGtLo5h22T1VV0wQ4X4VHvOpsEeICNj1sePYrT3v3nsCJrJHXWOBPnNqoI/JJ4Nuv702Xhmj9pxc/Uxus8lt+LK4r7Lri8f+O+xiXShA7WlAVixpNwAhSYj9iGS04btJWa4TadFPBxErbdovSzy7jVptbkHvKO1nHCACcwsVd7XwOd9IWBqS3gEwyLyyNbONA8KWY7PmvqdXFT5CJYoWcoQOEihK3lD1UQSJ/JBp6x3Drd2pRA7YI0q4QM3rM0NBNLhvRrrXmSk+CakiOiH1781GzVyZ8jABJvifsA8hn6FtIBb+9kZPWyA==
Content-Type: multipart/alternative; boundary="_000_36D3E8B64BB84E08970B26FD51B64D79stewartbryantcom_"
MIME-Version: 1.0
X-OriginatorOrg: stewartbryant.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LOYP123MB3214.GBRP123.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 1014fd76-af23-4804-8aea-08dbd47bea0a
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Oct 2023 10:28:07.5556 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 08ac3335-91dd-4a2d-90a7-b5e825494a75
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 4ugI9McydnmivqxwcHgBFy/hYfNK7LNR8w37w03F6cNevo9cHSeI1PDK/ltCCQrfjKmKiVD+vCwyC4gS2crFRQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CWXP123MB6099
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/eY2MeJWBI-WeXXNon3wM3bF05dU>
Subject: Re: [mpls] MPLS Working Group Last Call on draft-ietf-mpls-mna-requirements
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2023 10:28:21 -0000

Thank you Adrian/ We will work through these points in the process of producing a new draft, assuming of course we are aiming to publish a draft at all. I think an RFC is useful, but if we are not going to publish an RFC, why would we spend time refining and polishing the text?

I agree with Matthew, however I have a few additional comments that I include in the snipped text below.


---

Section 5 is a bit skimpy. You might at least point back to the
requirements in the other sections that relate to security.

But, since you say, "The mechanisms required by this document introduce
new security considerations to MPLS," you might at venture to say what
those new considerations are. In particular, does the use of MNA make
any difference to the security properties of other MPLS functions?

MB> To be honest, there has been little discussion of the security implications of MNA in the working group.
As an author I have a concern about a couple of aspects of MNA: it potentially
allows solutions to embed metadata from the payload into the MPLS layer (so exposing data that a user
might assume is otherwise opaque to any transport network), and using something inserted by the ingress LER to affect forwarding
downstream when the ingress may have no idea how that is being used or whether it is used in a manner consistent with
its intended use by ingress.

I  rewrote the FWK security section and I think that it could use yet more work. I think the right approach is to generalise the FWK text and see if there are other generalities that need including in the REQ test. We are in much the same position as SRv6 and N/W programming where introducing new capabilities in the data-plane as per the current fashion does expose new vulnerabilities. Indeed I wonder if IP itself would pass a modern security audit and thus have been killed over 40 years ago. This is of course all about pragmatism and we should use the requirements text to at least get people thinking in the right direction.



== MINOR ==

It came as a surprise to me in Section 1.1 that Ancillary Data can be
write as well as read. Maybe I haven't been paying attention to the
use cases. I suppose this is OK so long as the WG noticed and agreed.

MB> This reflects discussion about use cases such as time bounded networking where a mid-point may need to update a timestamp
embedded in the packet.

Yes there are a number of cases where it needs to be written. There are certainly cases associated with modern thinking on congestion control particularly in the 5/6G world. There is the NFFRR case (nearly 20 years back we abandoned some IPFRR approaches due to the absence of this facility) particularly with some of the failover approaches people seem to be thinking about. Then there is time transfer where residence time accumulation is required to improve the radar part of the time transfer. Time transfer is an increasing<http://increasing.ly>ly urgent aspect of national infrastructure security requirements as the vulnerability of space based time transfer becomes more apparent.

3.1

   6.   The design of any MNA solution SHOULD be such that an LSR is
        able to efficiently parse the label stack.

What does it mean to parse a label stack? Are you saying that an
implementation should be able to read ahead in the label stack? Is that
consistent with the MPLS architecture?

MB> Yes. Scanning the label stack is done today in the case of Entropy Label.
.. and there is an expectation within the WG that the NMA information will be deep in the stack if only to co-exist with SR.

What does "efficient" mean in this context?

MB> We were trying to capture a requirement to minimise how deep in the stack such parsing is required. I agree
we should be more explicit here.

Why is this a SHOULD? How would a solution designer decide to vary this?

MB> I agree it would be better as a MUST.

The problem with MUST is that it is solution constraining.

The reason for “efficient” is that this is in the fast path and so directly impacts the headline performance and the amount of h.w support needed to maintain that performance. As you know is a fundamental of all packet components that are processed by the forwarder in the fasts path that the process needs to be efficient. Unfortunately only a few modern engineers seem to have ever written forwarders and most need to be reminded that not thinking through this aspect of the problem carefully enough has significant consequences.


---

3.1

   8.   Consistent with MPLS best practise, MNA solutions MUST NOT
        increase the size of the MPLS label stack more than is
        necessary.

You and I might agree on this "best practice" but is it described
anywhere that can be referenced? And, is it necessary to mention the
best practice, or could you just write the requirement.

MB> I agree we can remove ‘consistent with MPLS best …’

And what does "more than is necessary" mean in the context of a
proposed solution?

MB> There are always going to be practical constraints on the size of the stack that can be pushed at ingress LER. This
is made worse by MNA, which may consume space that is needed for LSP labels, for example from an SR-TE label stack.
So what we were trying to say was that solution design choices, for example the way NAIs or ancillary data are encoded,  matters.
MB> We could be more specific and say that ‘solutions MUST minimize any additions to the size of the MPLS label stack”.

That is going to result in the ISD folks complaining that we are promoting PSD. That needs to be carefully worded and that is what the original text tried to do.

---

3.4

   11.  A solution MUST be provided to verify the authenticity of
        ancillary data processed to LSRs [RFC3552].

"Authenticity" is only mentioned once in 3552. "Authentication" is
mentioned a lot, but it is mainly about user identity. I think you
may be talking about "Data Integrity"?

MB> Yes. The intent here is to say that mechanisms are required to prevent a bad actor from using MNA to alter the forwarding or other behavior of the network in an undesirable way.

… except I cannot see how you get a satisfactory authentication method to work within acceptable ISD constraints.

- Stewart

v2.23.0 | Report a Bug | By Email