Re: [Rtg-dt-encap-considerations] draft-rtg-dt-encap-02 for review

Erik Nordmark <nordmark@sonic.net> Wed, 20 May 2015 16:15 UTC

Return-Path: <nordmark@sonic.net>
X-Original-To: rtg-dt-encap-considerations@ietfa.amsl.com
Delivered-To: rtg-dt-encap-considerations@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D66C41A8894 for <rtg-dt-encap-considerations@ietfa.amsl.com>; Wed, 20 May 2015 09:15:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.711
X-Spam-Level:
X-Spam-Status: No, score=-0.711 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_LOW=-0.7, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id igwmfPzh0x4i for <rtg-dt-encap-considerations@ietfa.amsl.com>; Wed, 20 May 2015 09:15:55 -0700 (PDT)
Received: from c.mail.sonic.net (c.mail.sonic.net [64.142.111.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF8201A87E9 for <Rtg-dt-encap-considerations@ietf.org>; Wed, 20 May 2015 09:15:55 -0700 (PDT)
Received: from [172.22.227.238] ([162.210.130.3]) (authenticated bits=0) by c.mail.sonic.net (8.15.1/8.15.1) with ESMTPSA id t4KGFqW2023359 (version=TLSv1.2 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 20 May 2015 09:15:52 -0700
Message-ID: <555CB339.4080407@sonic.net>
Date: Wed, 20 May 2015 09:15:53 -0700
From: Erik Nordmark <nordmark@sonic.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Tom Herbert <tom@herbertland.com>
References: <5554E2C1.3000306@sonic.net> <CALx6S34kcZd9xg=eQ=Dq85uB4RBHFad9-_UWrJ5yuGvG=9zjQw@mail.gmail.com>
In-Reply-To: <CALx6S34kcZd9xg=eQ=Dq85uB4RBHFad9-_UWrJ5yuGvG=9zjQw@mail.gmail.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Sonic-CAuth: UmFuZG9tSVbagc9REQul/UB/QboGQf/ST6rbn+XJMQpNFKfU9wb+vK6fqLFY7Ybs+KSLvgzvgzukdvgnBpkrogeuva2iREFy
X-Sonic-ID: C;ss6JfAv/5BGf2fjYVPtzAg== M;aG6dfAv/5BGf2fjYVPtzAg==
X-Sonic-Spam-Details: 0.0/5.0 by cerberusd
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtg-dt-encap-considerations/5HL30gLEZevuf_7YojOi91ZDGx4>
Cc: "rtg-dt-encap-considerations@ietf.org" <Rtg-dt-encap-considerations@ietf.org>
Subject: Re: [Rtg-dt-encap-considerations] draft-rtg-dt-encap-02 for review
X-BeenThere: rtg-dt-encap-considerations@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Routing Area Design Team on Encapsulation Considerations discussion list <rtg-dt-encap-considerations.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-dt-encap-considerations>, <mailto:rtg-dt-encap-considerations-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtg-dt-encap-considerations/>
List-Post: <mailto:rtg-dt-encap-considerations@ietf.org>
List-Help: <mailto:rtg-dt-encap-considerations-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-dt-encap-considerations>, <mailto:rtg-dt-encap-considerations-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 May 2015 16:15:58 -0000

On 5/19/15 2:45 PM, Tom Herbert wrote:
> Some comments on version 02:
>
> On the IPv6 flow label: Brian Carpenter made pretty much the same
> point that IPv6 flow label could be used in lieu of UDP encapsulation
> for entropy. This was in the context of IP-over-UDP. The argument was
> short circuited a bit because IP-over-UDP lacked extensibility and we
> already have N other protocols that can do the same thing but are
> extensible. It might be worthwhile to point out that a major reason
> for encapsulating over UDP is that it allows arbitrary and extensible
> encapsulations, entropy for ECMP is essentially nice side effect.
Do you have some suggested text to add? I can't easily tell where we 
would add such text since we don't have a "why use UDP" section; the 
entropy section talks just about entropy.

>
> Security:
>
> In relationship to encapsulating in UDP it seems like DTLS will be
> preferred over IPsec (e.g. GRE/UDP)  in this context as being a better
> fit. In this simplest form this seems to means that UDP encap
> protocols will be asking for two port assignments.
>
> "Interaction with packet security such as IPsec" -> "Interaction with
> packet security such as IPsec or DTLS"
OK

>
> I would rewrite 2nd paragraph is section 11.3 as:
>
> "The more interesting case is when security is applied to the
> encapsulation payload. This will keep the encapsulation headers in the
> outer header visible to the network (for instance in nvo3 we may way
> to firewall based on VNI ID even if the payload is encrypted). On
> possibility is to apply DTLS to the encapsulation payload. In this
> model the protocol stack may be something like
> IP|UDP|Encap|DTLS|encrypted_payload. The encapsulation and security
> should be done together at an encapsulator and resolved at the
> decapsulator. Since the encapsulation header is outside of the
> security coverage, this may itself require security (like described
> above)."
OK
>
> In last paragraph of section 11.3 please scratch whole sentence "In
> this case of security..."
OK
>
> Section 13:
>
> Unnecessary colloquialism? "encaps"->"encapsulation method"
OK - I took care of the other occurances of encaps and decaps as well.
>
> I think section 15.1 can be removed
I wanted to check if it is all covered earlier in the document. I see 
that e.g. ietf-tsvwg-port-use isn't referenced earlier.
I'll see if I have some time to do this later - we can always fix it 
once it is a WG document as well.
>
> Section 18:
>
> Would change "Avoid full packet checksums in encapsulation if
> possible" to "Avoid full packet checksums in cases where necessary
> devices cannot support them"
I don't know what others think, but that seems to be confusing. It seems 
to imply that some devices are sub-standard and can be fixed, when in 
fact it is impossible to do a full packet checksum, where the checksum 
is placed in the header, in a low-latency cut-through device.

 From an IETF standardization perspective it is quite hard to predict 
how the protocols we define will be deployed. It might be that they will 
be only deployed in hosts (with full packet buffering NICs), or it might 
be that they will continue to be deployed in a mixture of such hosts and 
routers/switches.

We could point out that a full packet trailer checksum/CRC wouldn't have 
the same concerns ...
>
> "if" -> "If" in same paragraph
OK

>
> Section 22 Open issues, next protocol header. Joe Touch has been
> arguing that IPv4 and IPv6 should not use separate protocol numbers by
> the same one as IP encapsulation and differentiate by IP version
> number. Don't know if we want to bring this up, but someone eventually
> will. :-)
Just because you decided to wake the sleeping bear doesn't mean I intend 
to do the same thing.
Joe is welcome to stand up and say that IPv6 over Ethernet should be 
changed to use 0x800 ;-)

Thanks,
    Erik

>
> Tom
>
>
> On Thu, May 14, 2015 at 11:00 AM, Erik Nordmark <nordmark@sonic.net> wrote:
>> Attached is -02 of the document.
>>
>> Albert said he would check whether there are some additional text we want to
>> add about the control word, but I've completed the other edits we have
>> discussed.
>>
>> https://docs.google.com/document/d/1OvGxiNTPuncHl1N-6JH-6MJvZ3D9PK1LpjwsRgArgJ8/
>> is up to date with the issues, but doesn't have the exact same proposed text
>> changes as the I-D.
>>
>> I edited the attached diffs to remove the diffs related to the change in
>> pagination.
>>
>> Please review the changes, and check whether there are additional things we
>> should lift out to the "In summary" bulleted lists.
>>
>> It would be good to submit this next week - if anything controversial shows
>> up we can discuss it on the call next Thursday.
>>
>> Regards,
>>     Erik
>>
>>
>> _______________________________________________
>> Rtg-dt-encap-considerations mailing list
>> Rtg-dt-encap-considerations@ietf.org
>> https://www.ietf.org/mailman/listinfo/rtg-dt-encap-considerations
>>
> _______________________________________________
> Rtg-dt-encap-considerations mailing list
> Rtg-dt-encap-considerations@ietf.org
> https://www.ietf.org/mailman/listinfo/rtg-dt-encap-considerations
>