IETF Logo Mail Archive

Re: [nfsv4] AD review of draft-ietf-nfsv4-rpcrdma-cm-pvt-data

Chuck Lever <chuck.lever@oracle.com> Thu, 07 November 2019 18:54 UTC

Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9891912098D; Thu, 7 Nov 2019 10:54:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XcmHx-SHG5Gn; Thu, 7 Nov 2019 10:54:30 -0800 (PST)
Received: from userp2130.oracle.com (userp2130.oracle.com [156.151.31.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34D3312096D; Thu, 7 Nov 2019 10:54:30 -0800 (PST)
Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.27/8.16.0.27) with SMTP id xA7Is425092352; Thu, 7 Nov 2019 18:54:27 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=corp-2019-08-05; bh=rkOQsERjbonTU/e6waNYZPBG91s6LP6TzJkBuoBS+3Q=; b=NJvZGmb1RFHLmV6y4fwX5jQ5MTtHuslTQYdVQ7XhZCKFWRnsCFMmaQETPVawZ+Qw+ipY fidUV1iRU5Im1M3q1hPBYj/rBK+ZHpuz0nZMHk9qG8aUHzhFWEb0s1LOe6BeqKs9NfdG HHckWRIHr+TnUHW1lDzaWAj43ARLoG7KeWgfZe25Wyhkx+Y+TFWwWk76tceENgON8VFi x4IFl1vC6xI0p8tEFCbj2CPW8r3+GAQE2SmC2ckRwW/3K4D7KNPO/xyTaA6YqrQUd/Wd mAYheqfy8/IY4W7EkdmjVMfNNfz3ZhmjeW63VPyWwVyfpqANjHgtWa/MXy42VymhVgxJ ow==
Received: from aserp3030.oracle.com (aserp3030.oracle.com [141.146.126.71]) by userp2130.oracle.com with ESMTP id 2w41w18bey-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 07 Nov 2019 18:54:27 +0000
Received: from pps.filterd (aserp3030.oracle.com [127.0.0.1]) by aserp3030.oracle.com (8.16.0.27/8.16.0.27) with SMTP id xA7InNUR016557; Thu, 7 Nov 2019 18:54:26 GMT
Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by aserp3030.oracle.com with ESMTP id 2w41wfkvk5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 07 Nov 2019 18:54:25 +0000
Received: from abhmp0004.oracle.com (abhmp0004.oracle.com [141.146.116.10]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id xA7IsPbM025092; Thu, 7 Nov 2019 18:54:25 GMT
Received: from anon-dhcp-152.1015granger.net (/68.61.232.219) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 07 Nov 2019 10:54:25 -0800
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Chuck Lever <chuck.lever@oracle.com>
In-Reply-To: <8388856224c5b33dd9f39321d32b91e210994fe5.camel@ericsson.com>
Date: Thu, 07 Nov 2019 13:54:24 -0500
Cc: "draft-ietf-nfsv4-rpcrdma-cm-pvt-data@ietf.org" <draft-ietf-nfsv4-rpcrdma-cm-pvt-data@ietf.org>, "nfsv4@ietf.org" <nfsv4@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <2983CE6F-CF71-4749-82D5-8EA4BDCEB7F3@oracle.com>
References: <HE1PR0701MB2697052833EB5B100338912F957F0@HE1PR0701MB2697.eurprd07.prod.outlook.com> <262BD619-26E1-4C09-BE0C-537D05109DD1@oracle.com> <5e2d5ca8986a23ed98543371ffca9462b064c892.camel@ericsson.com> <09BF5B7E-20E1-461C-9D18-5F45A37F25E4@oracle.com> <8388856224c5b33dd9f39321d32b91e210994fe5.camel@ericsson.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9434 signatures=668685
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1910280000 definitions=main-1911070176
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9434 signatures=668685
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1910280000 definitions=main-1911070177
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/kX2s_AjfsNZbPoY3EnIc7XsBeC0>
Subject: Re: [nfsv4] AD review of draft-ietf-nfsv4-rpcrdma-cm-pvt-data
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2019 18:54:34 -0000


> On Nov 7, 2019, at 11:22 AM, Magnus Westerlund <magnus.westerlund@ericsson.com> wrote:
> 
> Hi Chuck,
> 
> This updates contains quite a lot of improvmenets. Howver I do have some
> feedback where I think it can be further improved.
> 
> 
> Section 1: I am missing in the introduction of the assumption that to be able to
> use this option one requires an ULP with a private data field. I think there
> should be a paragraph here providing that context and include infromational
> references to protocols that may use this extension. And I think including that
> IETF defined ULP here as one option in addition to IBA would be good. 
> 
> Section 4 calls the 32-bit ID for format identifier, while the IANA Section
> calls it protocol number. Please align the language here. Also the name of the
> format is inconsistent after these latest changes. I think the more extensive
> name of the format was clearer then what is propsoed now. Becasue it is really
> this specific option that is identified, not RPC over RDMA protocol in general. 
> 
> Section 4: First paragraph. Depending on what is added to Section 1, this may or
> may not need this first paragraph in the current form. But, I get the
> impression, that this text either isn't needed here or needs to contain way more
> details for the specific protocol. I think the later is hard to do, especially
> for an protocol that we don't have change control over. 
> 
> Section 6.1: The appointment of the designated expert is done by the IESG and
> not the Area Director themselves. See section 5.2.1 of RFC 8126. 
> 
> Section 6.1:
> "The DE will post the request to the nfsv4 WG mailing list (or a successor to
> that list) for comment and review.  The DE will approve	or deny the request and
> publish notice of the decision within 30 days."
> 
> I would propose that this is reworded so that it will not be necessary for the
> IETF to designate a successor list, even if there are no real community. I would
> propose a simple addition like:
> 
> The DE will post the request to the nfsv4 WG mailing list (or a successor to
> that list), if such a list exist, for comment and review.

Thanks for the further comments. I've updated

https://chucklever.github.io/i-d-rpcrdma-cm-pvt-data/draft-ietf-nfsv4-rpcrdma-cm-pvt-data.html

to address them.


> Cheers
> 
> Magnus
> 
> 
> On Wed, 2019-11-06 at 17:00 -0500, Chuck Lever wrote:
>> Hi Magnus-
>> 
>>> On Nov 5, 2019, at 4:46 AM, Magnus Westerlund <
>>> magnus.westerlund@ericsson.com> wrote:
>>> 
>>> On Mon, 2019-11-04 at 11:36 -0500, Chuck Lever wrote:
>>>> Hi Magnus, thanks for your review and moving forward with the AD write-up.
>>>> 
>>>>> On Nov 4, 2019, at 9:56 AM, Magnus Westerlund <
>>>>> magnus.westerlund=40ericsson.com@dmarc.ietf.org> wrote:
>>>>> 
>>>>> Hi,
>>>>> 
>>>>> I have started my AD review. It was such a short document that I thought
>>>>> I
>>>>> read through it to figure out what more I need to read. So I have not
>>>>> yet
>>>>> read like RFC 8166. So from a context of having little context
>>>>> understanding
>>>>> the below are my comments and questions. I think it may be faster if you
>>>>> help answering them then I read a lot of documents and still have
>>>>> question
>>>>> marks. 
>>>>> 
>>>>> 
>>>>> 	1. So this private data field is only existing in Infinite Band
>>>>> Connection manger? So what this document is defining a structure to a
>>>>> field
>>>>> which currently don’t have any structure but are part of a protocol
>>>>> defined
>>>>> by another body? 
>>>>> 		a. Have this work been formally agreed with IBTA? 
>>>>> 		b. Or is the relationship to the connection manager used
>>>>> to
>>>>> establish the RPC over RDMA different, if that is the case it needs to
>>>>> be
>>>>> better explained. 
>>>> 
>>>> The private data field is for use by Upper Layer Protocols. It's existence
>>>> is defined by the IBTA, but not its content. It's opaque to the CM, hence
>>>> the name "private".
>>>> 
>>>> Both iSER and iWARP itself (both IETF-defined) can place data in this
>>>> field.
>>>> That's why there
>>>> is a 32-bit format ID field: if that doesn't match the constant defined in
>>>> this document, that means some other ULP is using the private data field,
>>>> and its contents are then ignored by RPC-over-RDMA.
>>> 
>>> So with new text as proposed in other email to clarify that this extensions
>>> apply to several different protocols will help making it clear that this is
>>> useful for IETF to define and not stepping on anyone's particular toes. 
>>> 
>>>> 
>>>> 
>>>>> 	3. Section 5: Is there only going to be one object of private
>>>>> data
>>>>> forever in the relevant communication? If not, why isn’t this a well-
>>>>> specified TLV so that unknow type entries can be skipped to the nest
>>>>> object?
>>>> 
>>>> As I understand it, the private data field is used by one ULP at a time.
>>>> I'm not aware of a TLV. There are already existing ULP implementations
>>>> that do not assume a TLV, so that might be a tough sell.
>>>> 
>>> 
>>> That helps a bit, but basically what we end up with is that the ULP need to
>>> cordinate between the end-point about which private data format(s) it will
>>> use.
>>> And if is to include multiple formats it need to know that the peer can
>>> delimit
>>> all of them. That is what I see as the issue. Maybe this assumption and
>>> responsibility of the ULP can be made clearer in the document. 
>>> 
>>>> 
>>>>> 	4. Even if there ever is going to be one entry, can you be more
>>>>> formal
>>>>> in description of what is a valid message using another format
>>>>> identifier,
>>>>> is that only the 32-bit field of the format Identifier, or also the
>>>>> version.
>>>> 
>>>> I can cite the use of this field by other protocols, if that would help.
>>> 
>>> As I said yes. 
>>>> 
>>>> 
>>>>> 	5. Isn’t the version field just unnecessary? If one needs
>>>>> version using
>>>>> another format identifier is more easy than the identifier + version
>>>>> construct.
>>>> 
>>>> It's possibly superfluous. But:
>>>> 
>>>> - the two fields serve different purposes, even though they could be
>>>> combined.
>>>> - there's already an implementation that uses both fields.
>>> 
>>> So, I understand that your down the road on this one and you don't need to
>>> implement any change. But, it was a reflection I had after commenting on
>>> issue
>>> 4). 
>>> 
>>>> 
>>>> 
>>>>> 	6. Section 6: The IANA consideration is confusing. If the
>>>>> specification
>>>>> for a CM private data format requires IESG approval, then why have the
>>>>> expert review policy. In that case one can simply use the IESG approval
>>>>> policy instead. However, requiring any type of IESG approval here appear
>>>>> to
>>>>> be a way to high bar. I think expert review is likely appropriate, but
>>>>> the
>>>>> guidance to the Experts needs to be clearer. For example what happens if
>>>>> IBTA want to use this to add some format?
>>>> 
>>>> I would be OK with Expert Review only, but:
>>>> 
>>>> 1. I will need suggestions about expert guidance. Will look at other RFCs.
>>> 
>>> Basically the WG can specify what requirements you consider needed for a
>>> registration request. Publicly availble specification, contact information,
>>> what
>>> criterias the expert should make judgment on. Like if there are sensitive
>>> information or not. Etc. 
>>> 
>>>> 2. IMO WG consensus is needed on the replacement text of this section.
>>> 
>>> Sure, and if the WG want to choice IESG approval or Specification Required
>>> as
>>> policy for the registry that is also fine with me. However, I am currently
>>> not
>>> fine with the strange mix that is currently documented. 
>>> 
>>>> 
>>>> 
>>>>> 	7. Section 7: The security consideration. I am missing any
>>>>> discussion
>>>>> about the security requirements that the actual extension. It appears
>>>>> that
>>>>> integrity and source authenticity are required for safe operation of
>>>>> these
>>>>> two extensions.
>>>> 
>>>> Integrity is a property of RDMA Reliable Connection transports.
>>>> 
>>>> Not clear about the source authenticity requirement. Can you elaborate?
>>> 
>>> What I am trying to say, is that security consideration sections should make
>>> a
>>> security requirement analysis. And what I can see this private data when
>>> delivered to receiver, the receiver need to know that the data was not
>>> modified
>>> and it needs to know from whom it came. Thus integrity and source
>>> authentication. Then you can simply add a statement that the protocol you
>>> know
>>> to carry this field will provide that security service. 
>>> 
>>> The other aspect to consider is really if one can get any impact on the peer
>>> by
>>> being malicous in setting these fields. For example can I get the peer
>>> entity to
>>> consume more resources? To my understanding the answer is partially yes, but
>>> not
>>> without having to similarily promise to allocate resources. And if I don't
>>> do
>>> things will fail. And the point is that there is other methods that will be
>>> more
>>> efficient to do Denile of Service attacks on the peer in the protocol. 
>>> 
>>> It is usually good to document what aspects of attacks that has been
>>> considered
>>> and what level of an issue they are on.
>> 
>> The latest:
>> 
>> 
> https://protect2.fireeye.com/v1/url?k=86105e9f-da9a7c49-86101e04-0cc47ad93dcc-4cde713b365d5029&q=1&e=1de128de-db49-4c9d-8b49-89fbe4823d29&u=https%3A%2F%2Fchucklever.github.io%2Fi-d-rpcrdma-cm-pvt-data%2Fdraft-ietf-nfsv4-rpcrdma-cm-pvt-data.html
>> 
>> And a convenience URL for diffing with -04:
>> 
>> 
> https://tools.ietf.org/rfcdiff?url1=https://tools.ietf.org/id/draft-ietf-nfsv4-rpcrdma-cm-pvt-data.txt&url2=https://chucklever.github.io/i-d-rpcrdma-cm-pvt-data/draft-ietf-nfsv4-rpcrdma-cm-pvt-data.txt
>> 
>> 
>> I've tried to address the following issues that you called out after your
>> attempt at an AD write-up of -04:
>> 
>> - Now a Proposed Standard updating RFC 8166
>> - Replaced the stale link to the IB specification
>> - Additional text explaining precedents and the purpose of the Format
>> Identifier
>> - Revised the IANA Considerations section to remove "specification required"
>> language
>> - Revised the Security Considerations section
>> 
>> I can take this further if you would like more changes before the next steps.
>> Otherwise I can provide a draft-ietf-nfsv4-rpcrdma-cm-pvt-data-05.xml for you
>> to submit manually.
>> 
>> 
>> --
>> Chuck Lever
>> 
>> 
>> 
> -- 
> Cheers
> 
> Magnus Westerlund 
> 
> 
> ----------------------------------------------------------------------
> Networks, Ericsson Research
> ----------------------------------------------------------------------
> Ericsson AB                 | Phone  +46 10 7148287
> Torshamnsgatan 23           | Mobile +46 73 0949079
> SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
> ----------------------------------------------------------------------

--
Chuck Lever

v2.23.0 | Report a Bug | By Email