Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-ietf-opsawg-nat-yang-15: (with DISCUSS)
"Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net> Mon, 24 September 2018 11:59 UTC
Return-Path: <ietf@kuehlewind.net>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EC5D130DC4 for <opsawg@ietfa.amsl.com>; Mon, 24 Sep 2018 04:59:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); domainkeys=pass (1024-bit key) header.from=ietf@kuehlewind.net header.d=kuehlewind.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3vNxwOlSKqQo for <opsawg@ietfa.amsl.com>; Mon, 24 Sep 2018 04:59:38 -0700 (PDT)
Received: from kuehlewind.net (kuehlewind.net [83.169.45.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F8B4124C04 for <opsawg@ietf.org>; Mon, 24 Sep 2018 04:59:37 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=kuehlewind.net; b=IgdUZhSZoFFuPHVq6518dbsQJxrgQERmIqGE8sPzE4DigQJ1A4I+hnL3tp14m9stZ3TQ6Ldcx7pAPnkjgOfEMi2qqEJRJ4I1gdXSZTg9NwQXG2Ms00v3M6JQDAc6rgj7QCCuhVlTQ/EJvU2iBNJjTBaOnVt3Yr1I8h4cTptX2SI=; h=Received:Received:Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Cc:Content-Transfer-Encoding:Message-Id:References:To:X-Mailer:X-PPP-Message-ID:X-PPP-Vhost;
Received: (qmail 31205 invoked from network); 24 Sep 2018 13:59:35 +0200
Received: from mue-88-130-61-096.dsl.tropolys.de (HELO ?192.168.178.24?) (88.130.61.96) by kuehlewind.net with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 24 Sep 2018 13:59:35 +0200
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: "Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302DFE5E28@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
Date: Mon, 24 Sep 2018 13:59:32 +0200
Cc: "opsawg@ietf.org" <opsawg@ietf.org>, "draft-ietf-opsawg-nat-yang@ietf.org" <draft-ietf-opsawg-nat-yang@ietf.org>, "opsawg-chairs@ietf.org" <opsawg-chairs@ietf.org>, The IESG <iesg@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <1E5A992A-A523-4B7E-88C9-009E1F752D21@kuehlewind.net>
References: <153754677994.7443.9092939251929421656.idtracker@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93302DFE5AA0@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <4E1DE484-9B3C-4977-A4F3-13F716A109AD@kuehlewind.net> <787AE7BB302AE849A7480A190F8B93302DFE5C3E@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <23FA14C7-66E0-4A3C-B0AB-91CB3DF48203@kuehlewind.net> <787AE7BB302AE849A7480A190F8B93302DFE5CBD@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <6A1A7EE4-DA1E-42E5-B85E-76A767D38524@kuehlewind.net> <787AE7BB302AE849A7480A190F8B93302DFE5DD4@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <ED51748E-3759-47C7-B442-4C31E25EE1CF@kuehlewind.net> <787AE7BB302AE849A7480A190F8B93302DFE5E28@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
To: mohamed.boucadair@orange.com
X-Mailer: Apple Mail (2.3445.9.1)
X-PPP-Message-ID: <20180924115935.31197.33594@lvps83-169-45-111.dedicated.hosteurope.de>
X-PPP-Vhost: kuehlewind.net
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/UHfXtTJtzsDu0PoqyI8bASG9rKM>
Subject: Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-ietf-opsawg-nat-yang-15: (with DISCUSS)
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Sep 2018 11:59:40 -0000
Work for me. (I wouldn’t use the word tempting but anyway.) I will clear my discuss with this update! Mirja > Am 24.09.2018 um 13:57 schrieb <mohamed.boucadair@orange.com> <mohamed.boucadair@orange.com>: > > Re-, > > I can add this text to cover your comment: > > It is tempting to define TCP-specific timers as generic timers > applying to any connection-oriented protocol. Nevertheless, such > approach is not followed in this document because there is no > standard document specifying such generic behavior. Future documents > may be edited to clarify how to reuse TCP-specific timers when > needed. > > Please let me know if this is OK. > > Thank you. > > Cheers, > Med > >> -----Message d'origine----- >> De : Mirja Kuehlewind (IETF) [mailto:ietf@kuehlewind.net] >> Envoyé : lundi 24 septembre 2018 13:45 >> À : BOUCADAIR Mohamed IMT/OLN >> Cc : opsawg@ietf.org; draft-ietf-opsawg-nat-yang@ietf.org; opsawg- >> chairs@ietf.org; The IESG >> Objet : Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-ietf-opsawg-nat-yang- >> 15: (with DISCUSS) >> >> Hi Med, >> >> top-posting as we coming closer to a conclusion here. It’s okay to leave it >> tcp specific as you say below. Maybe you can add some text in the doc saying >> basically exactly what you say below, a future spec could describe how to >> reuse these timers. (I guess that could fit in to 2.3)…? >> >> Mirja >> >> >> >>> Am 24.09.2018 um 13:36 schrieb <mohamed.boucadair@orange.com> >> <mohamed.boucadair@orange.com>: >>> >>> Re-, >>> >>> Please see inline. >>> >>> Cheers, >>> Med >>> >>>> -----Message d'origine----- >>>> De : Mirja Kuehlewind (IETF) [mailto:ietf@kuehlewind.net] >>>> Envoyé : lundi 24 septembre 2018 11:39 >>>> À : BOUCADAIR Mohamed IMT/OLN >>>> Cc : opsawg@ietf.org; draft-ietf-opsawg-nat-yang@ietf.org; opsawg- >>>> chairs@ietf.org; The IESG >>>> Objet : Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-ietf-opsawg-nat- >> yang- >>>> 15: (with DISCUSS) >>>> >>>> Hi med, >>>> >>>> inline... >>>> >>>>> Am 24.09.2018 um 11:31 schrieb <mohamed.boucadair@orange.com> >>>> <mohamed.boucadair@orange.com>: >>>>> >>>>> Re-, >>>>> >>>>> Please see inline. >>>>> >>>>> Cheers, >>>>> Med >>>>> >>>>>> -----Message d'origine----- >>>>>> De : Mirja Kuehlewind (IETF) [mailto:ietf@kuehlewind.net] >>>>>> Envoyé : lundi 24 septembre 2018 11:23 >>>>>> À : BOUCADAIR Mohamed IMT/OLN >>>>>> Cc : The IESG; opsawg@ietf.org; draft-ietf-opsawg-nat-yang@ietf.org; >>>> opsawg- >>>>>> chairs@ietf.org >>>>>> Objet : Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-ietf-opsawg-nat- >>>> yang- >>>>>> 15: (with DISCUSS) >>>>>> >>>>>> Hi Med, >>>>>> >>>>>> please see inline. >>>>>> >>>>>>> Am 24.09.2018 um 10:55 schrieb <mohamed.boucadair@orange.com> >>>>>> <mohamed.boucadair@orange.com>: >>>>>>> >>>>>>> Re-, >>>>>>> >>>>>>> Please see inline. >>>>>>> >>>>>>> Cheers, >>>>>>> Med >>>>>>> >>>>>>>> -----Message d'origine----- >>>>>>>> De : Mirja Kuehlewind (IETF) [mailto:ietf@kuehlewind.net] >>>>>>>> Envoyé : lundi 24 septembre 2018 10:14 >>>>>>>> À : BOUCADAIR Mohamed IMT/OLN >>>>>>>> Cc : The IESG; opsawg@ietf.org; draft-ietf-opsawg-nat-yang@ietf.org; >>>>>> opsawg- >>>>>>>> chairs@ietf.org >>>>>>>> Objet : Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-ietf-opsawg- >> nat- >>>>>> yang- >>>>>>>> 15: (with DISCUSS) >>>>>>>> >>>>>>>> Hi Med, >>>>>>>> >>>>>>>> thanks for you reply. It makes sense that you may want different >> values >>>>>> for >>>>>>>> different protocol in the case of UDP and TCP. >>>>>>> However, I think the question >>>>>>>> is not that much which protocol but which properties does the protocol >>>>>> have, >>>>>>>> e.g. all connection-oriented protocol probably have some kind of >>>> handshake >>>>>>>> that can be used to trigger these timers. >>>>>>>> >>>>>>> >>>>>>> [Med] I hear you... but the issue is the other way around: availability >>>> of >>>>>> a stateful implementation which adheres to that design approach. >>>>>> >>>>>> Understood. And I also understand that your motivation is to aline with >>>>>> existing implementations, which makes sense. I just wonder if there is a >>>> way >>>>>> to make it even easier to enable new implementations for other protocols >>>> in >>>>>> future (without defining a new protocol-specific extension). >>>>>> >>>>>>> >>>>>>> >>>>>>>> Is it maybe possible to model these times generally for certain >> protocol >>>>>>>> feature and the have the ability to overwrite these „default“ values >>>> with >>>>>>>> protocol-specific values? >>>>>>> >>>>>>> [Med] There are ways to overwrite default values, e.g., define a type >> and >>>>>> derive new one from it. Nevertheless, it is simpler to define explicit >>>> timers >>>>>> as we have done in the document given that protocol differentiation is a >>>>>> requirement. One for UDP, one for ICMP, and state-specific timers for >> TCP. >>>>>> Future documents can re-use state-specific timers for generic >>>> configuration >>>>>> matters, if needed. >>>>>> >>>>>> What about maybe renaming the timers and don’t have tcp in the name but >>>>>> explain in the text that these timer are used for tcp but could/should >>>> also >>>>>> be used for other connection-oriented protocols…? Would that be an >> option >>>>>> that could eventually help? E.g. call the "tcp-trans-open-timeout“ just >>>>>> "trans-open-timeout“ and explain that RFC 7857 specifies this for TCP >> but >>>>>> other implementation for connection-oriented protocols could use the >> same >>>>>> timer? Just thinking... >>>>>> >>>>> >>>>> [Med] No problem to change the name if this helps, but I'm afraid this >>>> effort may be useless if there is no reference document that explains how >>>> these timers can be used for other protocols. >>>> >>>> Understood. I don’t think people go ahead an implement this without a >>>> reference doc (however, some might actually have implementation for other >>>> protocols that are just not documented in an RFC, anyway) but at least you >>>> would not necessary need to extend the yang model as soon as we have the >>>> reference docs. >>>> >>> >>> [Med] Another approach is that the reference document can indicate that >> tcp-* timers are used to instruct the behavior, and hence no medication will >> be required to the module. Given that we may be speculating about what would >> be defined in the future, I do still have a preference for the current >> approach in the draft. If a generic approach is defined in a future standard, >> then it is easy to define an extension by reusing what is already defined for >> TCP. >>> >>>>> >>>>> >>>>>>> >>>>>>>> >>>>>>>> Given that these protocol specific differences especially in NAT are a >>>>>> huge >>>>>>>> problem for the deployment of new protocol it would be really nice if >>>> this >>>>>>>> could be model in a generic as possible way. E.g. would be nice to be >>>> able >>>>>> to >>>>>>>> use the same config for the config for quic (one a NAT is implemented >> to >>>>>>>> detect the quic handshake over udp). >>>>>>> >>>>>>> [Med] For the quic example, one would argue that the UDP-related config >>>>>> parameters are sufficient; there is even no need to inspect whether this >>>> is >>>>>> quic or plain UDP packet. >>>>>> >>>>>> No, that’s exactly the problem. QUIC is a connection-oriented protocol, >> so >>>> it >>>>>> would potentially be possible and desirable to have longer time-outs >> than >>>> you >>>>>> usually have for other UDP traffic. >>>>> >>>>> [Med] We can already do that with this model: per-port-timeout. An entry >>>> for 443, for example may be provided in such case. No? >>>> >>>> That already help. However, you might not always want to configure a long >>>> time-out without e.g. also having the trans-open-timeout as well which >> would >>>> be possible to implement with quic as the handshake is visible in clear. >>>> >>>> Btw. is the per port time-out protocol-independent? Because HTTPS is also >>>> using 443 (over TCP) and I guess you would want the usually tcp timers >> there. >>>> So not sure if that config using the per-port-timeout would work at all? >>>> >>> >>> [Med] Good catch. A leaf is missing to indicate the protocol. If no >> protocol is indicated, this means "any protocol". Updated my local copy. >> Thanks. >>> >
- [OPSAWG] Mirja Kühlewind's Discuss on draft-ietf-… Mirja Kühlewind
- Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-i… mohamed.boucadair
- Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-i… Mirja Kuehlewind (IETF)
- Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-i… mohamed.boucadair
- Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-i… Mirja Kuehlewind (IETF)
- Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-i… Mirja Kuehlewind (IETF)
- Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-i… mohamed.boucadair
- Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-i… mohamed.boucadair
- Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-i… Mirja Kuehlewind (IETF)
- Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-i… Mirja Kuehlewind (IETF)
- Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-i… Juergen Schoenwaelder
- Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-i… Mirja Kuehlewind (IETF)
- Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-i… mohamed.boucadair
- Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-i… Mirja Kuehlewind (IETF)
- Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-i… mohamed.boucadair
- Re: [OPSAWG] Mirja Kühlewind's Discuss on draft-i… Mirja Kuehlewind (IETF)
- [OPSAWG] some too late nits in draft-ietf-opsawg-… tom petch
- Re: [OPSAWG] some too late nits in draft-ietf-ops… mohamed.boucadair