[mpls] 答复: AD review of draft-ietf-mpls-in-udp
Xuxiaohu <xuxiaohu@huawei.com> Fri, 01 November 2013 06:55 UTC
Return-Path: <xuxiaohu@huawei.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9213D21F9C37 for <mpls@ietfa.amsl.com>; Thu, 31 Oct 2013 23:55:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.58
X-Spam-Level:
X-Spam-Status: No, score=0.58 tagged_above=-999 required=5 tests=[AWL=-2.208, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, CN_BODY_35=0.339, MIME_8BIT_HEADER=0.3, MIME_BASE64_TEXT=1.753, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_MED=-4, SARE_SUB_ENC_GB2312=1.345]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eh3-sKw5gL13 for <mpls@ietfa.amsl.com>; Thu, 31 Oct 2013 23:55:21 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) by ietfa.amsl.com (Postfix) with ESMTP id 8FB1711E8284 for <mpls@ietf.org>; Thu, 31 Oct 2013 23:55:18 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml204-edg.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id AXL14182; Fri, 01 Nov 2013 06:55:16 +0000 (GMT)
Received: from LHREML405-HUB.china.huawei.com (10.201.5.242) by lhreml204-edg.china.huawei.com (172.18.7.223) with Microsoft SMTP Server (TLS) id 14.3.158.1; Fri, 1 Nov 2013 06:54:47 +0000
Received: from NKGEML408-HUB.china.huawei.com (10.98.56.39) by lhreml405-hub.china.huawei.com (10.201.5.242) with Microsoft SMTP Server (TLS) id 14.3.158.1; Fri, 1 Nov 2013 06:55:11 +0000
Received: from NKGEML512-MBS.china.huawei.com ([169.254.8.193]) by nkgeml408-hub.china.huawei.com ([10.98.56.39]) with mapi id 14.03.0158.001; Fri, 1 Nov 2013 14:54:59 +0800
From: Xuxiaohu <xuxiaohu@huawei.com>
To: Xuxiaohu <xuxiaohu@huawei.com>, "Carlos Pignataro (cpignata)" <cpignata@cisco.com>, Adrian Farrel <adrian@olddog.co.uk>
Thread-Topic: AD review of draft-ietf-mpls-in-udp
Thread-Index: Ac7HiaXROcI88rhSTwi1i42VDdiSNwB4ZqMAAFJcaoAC9dF/gAAPWyxQAAFp5oA=
Date: Fri, 01 Nov 2013 06:54:58 +0000
Message-ID: <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE08223D5C@NKGEML512-MBS.china.huawei.com>
References: <005a01cec789$a7669d10$f633d730$@olddog.co.uk> <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE0821620A@NKGEML512-MBS.china.huawei.com> <00be01ceca8a$ca1e6410$5e5b2c30$@olddog.co.uk> <95067C434CE250468B77282634C96ED33365369E@xmb-aln-x02.cisco.com> <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE08223D3A@NKGEML512-MBS.china.huawei.com>
In-Reply-To: <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE08223D3A@NKGEML512-MBS.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.111.98.134]
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Cc: "draft-ietf-mpls-in-udp@tools.ietf.org" <draft-ietf-mpls-in-udp@tools.ietf.org>, distinguished MPLS chairs <mpls-chairs@tools.ietf.org>, "mpls@ietf.org" <mpls@ietf.org>
Subject: [mpls] 答复: AD review of draft-ietf-mpls-in-udp
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mpls>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2013 06:55:30 -0000
> -----邮件原件----- > 发件人: mpls-bounces@ietf.org [mailto:mpls-bounces@ietf.org] 代表 > Xuxiaohu > 发送时间: 2013年11月1日 14:24 > 收件人: Carlos Pignataro (cpignata); Adrian Farrel > 抄送: draft-ietf-mpls-in-udp@tools.ietf.org; distinguished MPLS chairs; > mpls@ietf.org > 主题: [mpls] 答复: AD review of draft-ietf-mpls-in-udp > > Hi Carlos, > > > -----邮件原件----- > > 发件人: Carlos Pignataro (cpignata) [mailto:cpignata@cisco.com] > > 发送时间: 2013年11月1日 1:53 > > 收件人: Adrian Farrel > > 抄送: Xuxiaohu; draft-ietf-mpls-in-udp@tools.ietf.org; distinguished > > MPLS chairs; mpls@ietf.org > > 主题: Re: AD review of draft-ietf-mpls-in-udp > > > > Hi, > > > > On Oct 16, 2013, at 12:14 PM, Adrian Farrel <adrian@olddog.co.uk> wrote: > > > > > Hello, > > > > > > Just cutting down to the conversation... > > > > > >>> Abstract > > > [snip] > > >>> "...applicable in some circumstances" says nothing, of course. > > >>> Either don't say this, or explicitly state the circumstance. Since > > >>> (see below) the applicability is very specific and there is a > > >>> clear use case that is the target of your work, I strongly suggest > > >>> that you call out this case in the Abstract. > > >> > > >> Is it ok for you if the above sentence is changed to"... applicable > > >> in some circumstances where IP-based encapsulation for MPLS is > > >> required and fine- grained load-balancing of IP tunneled MPLS > > >> packets is > > required as well..."? > > > Or can > > >> you suggest any text on this point? > > > > > > That helps a lot. > > > Thanks. > > > > I do not think adding the proposed text is the best fix. Saying > > "circumstances where IP-based encapsulation for MPLS is required and > > fine-grained load-balancing of IP tunneled MPLS packets is required as > > well" implies potentially that existing IP-based encapsulation for > > MPLS are not appropriate for fine-grained load-balancing of IP > > tunneled MPLS packets, and that's not necessarily the case, since > > fields in other encapsulations can be used (and are > > used) for that (e.g., GRE Key, L2TPv3 Session ID). > > > Also, this proposal contradicts your (Adrian's) point below about the > > inability to know what's encapsulated in MPLS (the proposed text says > > "of IP tunneled MPLS packets"). > > I have changed it to "load-balancing of MPLS packet over IP networks". > > > Additionally, please note that RFC 4023 says in the abstract "Each of > > these is applicable in some circumstances." which sets the expectation > > that it will be answered in the doc as applicability. > > > > I'd propose just removing the "...applicable in some circumstances" or > > be even more specific about the applicability. > > The abstract is changed to: > > "This document specifies an IP-based encapsulation for MPLS, called > MPLS-in-UDP (User Datagram Protocol), which is applicable in some > circumstances where IP-based encapsulation for MPLS is required and further > fine-grained load-balancing of MPLS packets over IP networks is required as well. > Although other IP-based encapsulations for MPLS can improve the > load-balancing as well by using some fields in the encapsulation headers, one > major benefit of MPLS-in-UDP comparing to other IP-based encapsulations for > MPLS is that the former can improve the load-balancing without any > requirement on the core of the IP networks." s/by using some fields in the encapsulation headers/by using some special field in the encapsulation header as an entropy field/ Xiaohu > [snip] > > > > If I am correct and it is never appropriate, it would be better to say that > > > "using zero checksum is NOT RECOMMENDED because of..." and then > point > > to the > > > text you quoted. > > > > > > if I am incorrect then please discuss with me further. > > > > A further point that does not imply you are incorrect, but I will note > > that other MPLS-in-IP encapsulations do not have a checksum in the > > transport, and perhaps that's what needs to be added to the document. > > I have added "... note that other MPLS-in-IP encapsulations do not have a > checksum in the transport header..." to the doc. > > Best regards, > Xiaohu > > > Thanks, > > > > -- Carlos. > > > > > > > >>> Section 4 > > >>> > > >>> As for other common processing procedures associated with tunneling > > >>> encapsulation technologies including but not limited to Maximum > > >>> Transmission Unit (MTU) and preventing fragmentation and > reassembly, > > >>> Time to Live (TTL) and differentiated services, the corresponding > > >>> "Common Procedures" defined in [RFC4023] which are applicable for > > >>> MPLS-in-IP and MPLS-in-GRE encapsulation formats SHOULD be > > followed. > > >>> > > >>> I think it is probably important to consider PMTU in the presence > > >>> of ECMP (probably not necessary in the case of LAG). How does the > > >>> source know the PMTU for each different value of the source port > > >>> that it might apply? > > >> > > >> IMHO, it is a common issue for any load-balancing mechanism. Would > > >> it be > > > better > > >> to write a separate doc to address this common issue? > > > > > > That is a really good question. > > > I think discovering PMTU is technology dependent, but the general > > > issue of discovery in ECMP doesn't appear to be well discussed. > > > > > >>> As far as I can see Section 5 is not ECN-friendly and says that > > >>> when the payload protocol of the MPLS packet is not "TCP-friendly" > > >>> the application generating the packets must use magic to avoid > > >>> swamping the network. > > >>> > > >>> We will see what the TSV area congestion experts have to say, but > > >>> I think we will find that the approach here is simplistic unless > > >>> the network across which the UDP tunnel runs is used for no other > > >>> traffic except UDP tunnels carrying MPLS packets. > > >> > > >> We originally just intented to mention this issue to the same > > >> extent as MPLS > > > over > > >> L2TPv3 [rfc4817]. BTW, it seems that MPLS in IP or GRE [RFC4023] > > >> doesn't mention this point at all. We would like to see what the > > >> TSV area congestion experts have to say as well on this point. > > > > > > Yeah, this is fine. I am not an expert in this stuff and we will > > > need their opinions. Perhaps they won't say anything :-) > > > > > >>> Section 6 seems to indicate a major draw-back of this scheme. You > > >>> have to note that MPLS networks are able to get away with having > > >>> very little security because it is very hard to inject MPLS > > >>> packets into a > > network. > > >>> But MPLS-in-(foo-in-)IP encapsulation provides a way to inject > > >>> packets just like any packet can be injected into an IP network. > > >> > > >> Sure. It's the same issue with any other IP-based encapsulations for MPLS. > > > > > > Indeed, hence my point about security, below... > > > > > >>> Security (such as IPsec) provides a way to ensure that rogue > > >>> packets do not have their headers stripped and their payload MPLS > > >>> packets added to an LSP. > > >> > > >>> You are making a clear statement that using IPsec means that there > > >>> is no point in doing MPLS-in-UDP encapsulation. You need to follow > > >>> up on > > this! > > >>> > > >>> The first thing to do is to enhance the applicability text in > > >>> Section 1 to say where you would deploy this such that security is > > >>> not an > > issue. > > >> > > >>> The second thing is to talk about the security mechanisms that can > > >>> be applied at the edges of the network to reduce the likelihood of > > >>> such attacks being possible. > > >>> > > >>> Lastly (or probably firstly!) you need to describe the attack > > >>> vector and the implications of such an attack so that the > > >>> implementer/deployer is clear what the risks are. > > >> > > >> Will fix it. > > > > > > OK. I also wonder whether you looked at DTLS. > > > > > > Thanks for all the work. > > > > > > Adrian > > > > > _______________________________________________ > mpls mailing list > mpls@ietf.org > https://www.ietf.org/mailman/listinfo/mpls
- [mpls] AD review of draft-ietf-mpls-in-udp Adrian Farrel
- Re: [mpls] AD review of draft-ietf-mpls-in-udp Xuxiaohu
- Re: [mpls] AD review of draft-ietf-mpls-in-udp Adrian Farrel
- [mpls] 答复: AD review of draft-ietf-mpls-in-udp Xuxiaohu
- Re: [mpls] AD review of draft-ietf-mpls-in-udp Carlos Pignataro (cpignata)
- [mpls] 答复: AD review of draft-ietf-mpls-in-udp Xuxiaohu
- [mpls] 答复: AD review of draft-ietf-mpls-in-udp Xuxiaohu
- Re: [mpls] AD review of draft-ietf-mpls-in-udp Carlos Pignataro (cpignata)