IETF Logo Mail Archive

Re: [savnet] Request WG adoption of draft-wu-savnet-inter-domain-architecture-07

Libin Liu <liu.libin@outlook.com> Sat, 30 March 2024 14:01 UTC

Return-Path: <liu.libin@outlook.com>
X-Original-To: savnet@ietfa.amsl.com
Delivered-To: savnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2DD3C14F6FE for <savnet@ietfa.amsl.com>; Sat, 30 Mar 2024 07:01:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=outlook.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fGSShWDGPmIT for <savnet@ietfa.amsl.com>; Sat, 30 Mar 2024 07:01:28 -0700 (PDT)
Received: from JPN01-TYC-obe.outbound.protection.outlook.com (mail-tycjpn01olkn2033.outbound.protection.outlook.com [40.92.99.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC726C14F6BC for <savnet@ietf.org>; Sat, 30 Mar 2024 07:01:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=c2A/TPbcSPwr/VJq3UcEFssojS9vUYVfvkddSgcEXL4+2L7UWcIkhYbjPI0nnVGJEwGEQ7PhsI7A1u/ir5ZpRvG8Tz6NeerpfeB8FlUkbXUQ7DysJnzdmYzyCiRW4SQ1jtuKwOAgfCMY5PjsHy1dnEHqv+q+dl0nc9XGznQvihqUkn3niA0PI38S1GrlwyAPyZ3RXggZ7Gr1jhI1OSxSJnBAaYUqf9axfup4EBdyM1mqEpubdieVrICaKmvszsGeoRjmpPONvwTkpJLVJ6sl9bcw4J/1QTGBFXDuNWCs2XyaDdB4jda+1Xd9T0aUwPLBI4K5H0jMAiZgAMXCqJQmdw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KeJ6brwF9KWiMjxiL2UTX2XvQa5CFwDMYHEZD75GVjc=; b=fJNLcA+JXR+Nh43RUJFYaeVTWtSs5UdHUmpU5103oeoMIGYFetfKqF+lbG87crz7GRrYMoAh76uZg1vKuYoMyBQkq1KxL/VsnwZk0d9tbmYjRjsQRS/bY7HEFySRKC00rGygYHOOF9dn5GfvK5Cmd4ogqemnLBCzTE0baaXwKbRc4LhrhOtfJaO/pKAjdIQvD676Xx14MZ0E06kUpqxTdeCw2FdgUZggh+u7qaRh3JlypTVR9MJql8NUaJytNCBdRnARar7qsQI0JGTCPdS0VJ+gR1j1D0b7GEG+hfOPh022KOssD2y5xxCE6KNPIY2xOD2FjSNqj7ORXZym6YcFRw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KeJ6brwF9KWiMjxiL2UTX2XvQa5CFwDMYHEZD75GVjc=; b=u98I3Fe5lgemZApbSIXt1ppYPaG4nve/oStfI3r28XZ+uNpfNdflm2987XH7L7/eJZcVn6t4RZUSifkBOzIrbd7LZhRcF7YsqtT//3Flf2HW/2DANUD5z0OTyC+hS5oW1AXDOdbkctbhDcVigrZsxZhcePR8oVZRFiad9tI7bwsNBp/1QPMs+F6EhAcCuQL51J2I/vbm64zLVyT6AtNWj4hVBhOdejP4JMfyo1JuAlaAzMgqNbuNKOu60avOCRddS3dzrg15do6kpl0KebPekOwY9S6XjI5MSZhHTU7aWhKMOqwKizBeSaLMH4ja9bs/162RE3QES3cUFH8j4bna4Q==
Received: from TYYP286MB1083.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:ca::10) by OSZP286MB2256.JPNP286.PROD.OUTLOOK.COM (2603:1096:604:18e::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.40; Sat, 30 Mar 2024 14:01:23 +0000
Received: from TYYP286MB1083.JPNP286.PROD.OUTLOOK.COM ([fe80::da09:aee9:8a46:d8de]) by TYYP286MB1083.JPNP286.PROD.OUTLOOK.COM ([fe80::da09:aee9:8a46:d8de%5]) with mapi id 15.20.7409.042; Sat, 30 Mar 2024 14:01:23 +0000
From: Libin Liu <liu.libin@outlook.com>
To: Olaf Struck <olafstruck@hotmail.com>, Lancheng Qin <qlc19@mails.tsinghua.edu.cn>
CC: "savnet@ietf.org" <savnet@ietf.org>, "liulb@zgclab.edu.cn" <liulb@zgclab.edu.cn>
Thread-Topic: Re: [savnet] Request WG adoption of draft-wu-savnet-inter-domain-architecture-07
Thread-Index: AQHagP+anwasvkay+EmnjYq+SR8icrFOBWmAgACragCAAZqq/w==
Date: Sat, 30 Mar 2024 14:01:23 +0000
Message-ID: <OS3P286MB10746FF197C8E29C8FBD12A7E2392@OS3P286MB1074.JPNP286.PROD.OUTLOOK.COM>
References: <TYSPR03MB89035199FE9406A5C35CAC20C33B2@TYSPR03MB8903.apcprd03.prod.outlook.com> <459bee5d.2e95e.18e881ca7ca.Coremail.qlc19@mails.tsinghua.edu.cn> <TYSPR03MB8903AB1ECB9224B87E243F6AC33A2@TYSPR03MB8903.apcprd03.prod.outlook.com>
In-Reply-To: <TYSPR03MB8903AB1ECB9224B87E243F6AC33A2@TYSPR03MB8903.apcprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-tmn: [qdFOQU9jqwcdPtzBL9gpM3INKzzI7QoRw3pBVzUMQIJXOWijj6H0eeybmhzwC+KVJe2ROAvNsKM=]
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: TYYP286MB1083:EE_|OSZP286MB2256:EE_
x-ms-office365-filtering-correlation-id: 81737a8f-4bdd-4254-b04c-08dc50c1e275
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: qtX4Bkvtv1jkLW63UixpEnUmrhzkv6Dta3Z0O24WrKXV8kliEqadhNKoU7M6hcMcpRoBeNIl9p12bKanQzroBwBu1dkXT7cGg+yYGPElgkfEyfHJ5yOBfGNkX/921MpVQlmmWlNOiniKra1NVlHIa2y4f2YIGBRRI3teBkJmgoND9lDeGceMHQb31U35hiYrlIzxeN4pYeEdMQV2bBpIU1whCkc6qbNZh6QeNsCtDK722xWFntsyBBtxkam4T7fkcidarF3gh/BMPuVJkpBqDV8vrQzIeQRLeJrxqx5X4kQCrvVqM7Mcbs1Q8g8t2KlhZPooocRbY0f4Ca3s1k4cqzEx4U6g2sXFPYtrkvw2KXGffg2czEjh3wpFZiyag7ZdjtITuNzQzI1s+HM7vOAVg1mjnIaco5p3KJzPewzzJ7JbD61q+YzvGRndWqqLthuPsDRD16bDC+1JcJk+TBICaAV+Dv6VOzhUhEpR+2KCIdE6Ftuhx4kmqphtf6TTcBsrYgKOTnOqD5I1Aq3Z+m45NQvjMIIBK9Vo73ib/rUFXqLv+DQ0iqJgLdpyxO9YR26ymxsHlLB/+tKZJw0cbU8iL4kVWUa1/WTcV3JJ2onlL18YOALOTg1lGgsUT3xHW0xoR94V2Sc4xu/uZqM8iCBrMeIQsys5V1Zgudko9/J4i4CG1TcwBIzM1PAHKM05JJ6Z
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: sEWrLDg9W75D8gQ1mRjdCR8rnvTNC8e34QbcXjIZ6MtkTjmuY4R6yd4FzNjxA1rT/qv8kEuO25WkQOn86RY3oZEqV2Ep1Ir6IHO79O+mt5+VOwWsauwFZIVtZCCSMtiTa497luwopzWRZqfuXM8swi1s0aWaoRk1BsIRDkPfHOrpvxFA4WBPexPpc95bVKNVCzMT5pVF68H6psJAp4WBacS+j8HojkgH+vpKXiGKSYf1SaVkJFSYlmTo7h4snhMswWVpiHDo5FCeN2ZBMlX9BvV81rR15aqXi5+/8L05ES4pSenH28vleWT3D3YNbpq+2ZKB7otoRUE65S6HjNXBoGp1cEOMCxFY9fybRas3XfXnT+UCmyuamdqp7ou3jWrdNlRpbZDKdp8PbpgqrgxGA5MZsWj85TDvRmeGUchWa6Ye0WNWZ32CirqPRk5AFRPNBuDTX62WRv+k5Kjwkp4lN1Zf/QqRrkh+n71YfJFIgyneDHyaVjqvj1TgDeKbWKIpasC9mpFK7gEXaMGn/bQDL08hrnonZG+Rfoj4Z2PZFCSWo3O5IcgE2b4ajRjFNv1kcDu88PKx37SkkBeIWf5wT6p0ZSPq/PPuksyuQd8QqsqH5KNnensUjFmS8OZ8JjYa1CZ56NWHEzdSRth/2RMqV7twodLY27wXY7LUU1l5lNGxLpH6qRgrwhXOi4vkoiIRmxDSV58Kfs1Hz/44tUc+mxWAb/bXk1vjv4lBZqJ4mO2JHA4JDdsCWs+VYxUzKC4CwXgJBkGzjTAtC4vY+eXhRgw2om0VPy2aOkopQ3oLWqPvMZv6sc0nQz/+dQpqSpzbppNwx5EWfxpzDKO9FT0HbtHo0MW5l5T/AO3LJlH0u06J4rdYw2hIw4QGPg6m5wNw7hhrziO5wkfwNHb4DMEOSUEdOFihYlJkLWkf7xuUk5vawLNLWVyCinPoVZf2fsXQk48VZbmslUfXk0ItXVu72fKd3kMeLYNm3n+8icsNp1qlscY00SBBj5vy3uuWxtCpIbdvp8pgt2zZZEgwP/KpyFO36oWNzU3RnXX6aGge4IxLn3AJ846xjchTLw+pWaMawe7jas9/h1067/ZdN9uBG03c2pVa+Rn3m+qBF3HDhu4ooNrG9hy/CCb/Tj2wt+SDg44cQHeYuvvHQfrEKYPfSjs+hzg4KqSku5DjBKsl5/9pGHliP2TU7Ejo2N7LTCDVtbn2CUZNm4AIse0e/hPDG6d8SWXpKgTgyOi26s2Jtz7FrJ/PNN1fRhO4o34t9ZSHEZSntW8I+BtgL40uMeOsqeuzHpwnP8MAnQyehA6q0Zs=
Content-Type: multipart/alternative; boundary="_000_OS3P286MB10746FF197C8E29C8FBD12A7E2392OS3P286MB1074JPNP_"
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: TYYP286MB1083.JPNP286.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 81737a8f-4bdd-4254-b04c-08dc50c1e275
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Mar 2024 14:01:23.7498 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: OSZP286MB2256
Archived-At: <https://mailarchive.ietf.org/arch/msg/savnet/mp8kL9XQZCWcKq_4GxRwyC_nxwQ>
Subject: Re: [savnet] Request WG adoption of draft-wu-savnet-inter-domain-architecture-07
X-BeenThere: savnet@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Source Address Validation in Intra-domain and Inter-domain Networks <savnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/savnet>, <mailto:savnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/savnet/>
List-Post: <mailto:savnet@ietf.org>
List-Help: <mailto:savnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/savnet>, <mailto:savnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Mar 2024 14:01:32 -0000

Hi Olaf.S,



Thank you for sharing your thoughts. Please see my reply below.



> The SAV architecture in the draft seems to employ the same or similar automatic mechanism in style as the route selection for FIB, but there are fundamental differences between the two, which will lead to different executing effects on the device.

[Libin:] The inter-domain SAVNET architecture draft proposes a fundamentally different mechanism for generating accurate SAV rules with the route selection for FIB. The route selection for FIB selects the “best” route to a destination prefix/address from all “accurate” candidates. Instead, inter-domain SAV rule generation relies on obtaining the real incoming direction of a source prefix/address to enter an AS. The draft obtains the accurate SAV rules (i.e., source prefix and their legitimate incoming direction) from SAV-specific information to perform SAV and recommends utilizing the general information for generating SAV rules when the SAV-specific information of ASes cannot be obtained. Different from SAV-specific information, the general information, e.g., local routing information, may be not accurate in many scenarios and has other problems in timeliness and trustworthiness as analyzed in Sections 5 and 8 of the draft. Also, this is why the SAV-specific information is recommended the highest priority.



> Route (FIB) selection is a process for selecting the optimal routes among all those feasible routes. As we known, it was created for this purpose from the first beginning. The key premise of this general functionality is that all alternative routes from different protocols always provide exactly accurate packets forwarding in any case. It is not a workable mechanism to seek out relatively more accurate entries, especially when it may tolerate potentially inaccurate SAV entries on a network equipment.

[Libin:] The draft utilizes SAV-specific information to generate SAV rules, as long as it is available. However, in the partial or incremental deployment of SAV-specific information, operators can utilize the general information to generate SAV rules according to the recommended priorities, which at least provides protect for the prefixes in the scenarios where existing SAV mechanisms work.



> Forwarding and processing packets correctly is the basic task of a device. If the mechanism is just copied from there to here, then perhaps it doesn’t need to state more about the consequence that the mechanism will cause on the network. The new architecture introduced in this draft also cloud not meet the requirements ultimately concluded in draft “draft-ietf-savnet-inter-domain-problem-statement-04”.

[Libin:] Agree that forwarding and processing packets correctly is the basic task of a device. Therefore, the inter-domain SAVNET architecture draft proposes SAV-specific information to solve the problems of existing SAV mechanisms as analyzed in the draft draft-ietf-savnet-inter-domain-problem-statement-04 and satisfy the requirements for new inter-domain SAV mechanisms in Section 6 of the problem statement (PS) draft. Also, in Section 6.1.1 of the PS draft, we have illustrated the accurate validation in all directions of an AS. The mechanism for generating SAV rules is fundamentally different with route selection as illustrated above.



> It might be valuable as a research effort, especially as it proposed the concept of specific rules table for accurately performing source address validation. But if we treat the main mechanism of this architecture as a potential standard that will emerge into the industry recently, it’s obvious that it cannot stand to the most basic verification of network practices, and I don’t think any vendor will develop and implement complying with it on devices in the foreseeable future.

[Libin:] I do not agree with this. Existing SAV mechanisms which had been implemented by vendors on their devices lead to improper blocks or improper admits in many practical scenarios. Operators complain a lot and they usually disable them on the devices. The inter-domain SAVNET architecture proposes SAV-specific information and solves the practical problems in industry and gives the guideline for designing and implementing new SAV mechanisms. Therefore, we discussed it in the IETF meetings and requested SAVNET WG adoption of the draft to promote new inter-domain SAV solutions.



> In addition, the above is not a negation to any new feature for generating accurate source address validating entries(even if it will take effect in patial and explicit scope at first), whether they are derived from the SAV-Specific information or other information available.

[Libin:] Yes, SAV is important and generating accurate SAV rules makes it work in practical scenarios.





Best,

Libin

________________________________
From: savnet <savnet-bounces@ietf.org> on behalf of Olaf Struck <olafstruck@hotmail.com>
Sent: Friday, March 29, 2024 9:02 PM
To: Lancheng Qin <qlc19@mails.tsinghua.edu.cn>
Cc: savnet@ietf.org <savnet@ietf.org>; liulb@zgclab.edu.cn <liulb@zgclab.edu.cn>
Subject: Re: [savnet] Request WG adoption of draft-wu-savnet-inter-domain-architecture-07


Hi,


Thank you for the reply, it becomes clear to me.

The SAV architecture in the draft seems to employ the same or similar automatic mechanism in style as the route selection for FIB, but there are fundamental differences between the two, which will lead to different executing effects on the device.


Route (FIB) selection is a process for selecting the optimal routes among all those feasible routes. As we known, it was created for this purpose from the first beginning. The key premise of this genenral functionality is that all alternative routes from different protocols always provide exactly accurate packets forwarding in any case. It is not a workable mechanism to seek out relatively more accurate entries, especially when it may tolerate potentially inaccurate SAV entries on a network equipment.


Forwarding and processing packets correctly is the basic task of a device. If the mechanism is just copied from there to here, then perhaps it doesn’t need to state more about the consequence that the mechanism will cause on the network. The new architecture introduced in this draft also cloud not meet the requirements ultimately concluded in draft “draft-ietf-savnet-inter-domain-problem-statement-04”.


It might be valuable as a research effort, especially as it proposed the concept of specific rules table for accurately performing source address validation. But if we treat the main mechanism of this architecture as a potential standard that will emerge into the industry recently, it’s obvious that it cannot stand to the most basic verification of network practices, and I don’t think any vendor will develop and implement complying with it on devices in the foreseeable future.



In addition, the above is not a negation to any new feature for generating accurate source address validating entries(even if it will take effect in patial and explicit scope at first), whether they are derived from the SAV-Specific information or other information available.


Best,

Olaf.S


________________________________
From: Lancheng Qin <qlc19@mails.tsinghua.edu.cn>
Sent: Friday, 29 March 2024 3:49
To: Struck Olaf <olafstruck@hotmail.com>
Cc: savnet@ietf.org <savnet@ietf.org>
Subject: Re: Re: [savnet] Request WG adoption of draft-wu-savnet-inter-domain-architecture-07

Hi Olaf.s,



Correct.


To achieve accurate validation (especially in the incremental deployment scenario), the new SAV solution is suggested to preferentially use higher-priority SAV-related information to generate SAV rules. You can refer to Section 9 for more details.


Best,
Lancheng


-----原始邮件-----
发件人: "Struck Olaf" <olafstruck@hotmail.com>
发送时间: 2024-03-28 19:13:43 (星期四)
收件人:
抄送: "savnet@ietf.org" <savnet@ietf.org>
主题: Re: [savnet] Request WG adoption of draft-wu-savnet-inter-domain-architecture-07


Hi Libin,



Referring to the introduction in section 6, does it mean that if the high-priority entry existed in SIB, then the SIB Manager will select it (e.g., SAV-specific Information, RPIK information) as the SAV Rule that will be executed on forwarding plane, otherwise the relatively low-priority entries (e.g., information from RIB, FIB, etc.) are preferred.



Just to be clear, according to the design concept of the mechanism in this draft, is that a right understanding of how it roughly works?







Best,

Olaf.s



From: Libin Liu<liulb@zgclab.edu.cn>
Sent: 2024-03-23 10:51:57
To: savnet@ietf.org
Subject: [savnet] Request WG adoption of draft-wu-savnet-inter-domain-architecture-07


Dear WG and Chairs,
Following the presentation in the WG meeting on this draft, we would like to request the SAVNET WG adoption for it.
As we presented in the WG meeting, this draft addresses all the comments from our community and all its updates have been discussed during the meetings from IETF 115 to IETF 119, as well as in the mailing list.
Thank you.
Best,
Libin
--
savnet mailing list
savnet@ietf.org
https://www.ietf.org/mailman/listinfo/savnet

v2.23.0 | Report a Bug | By Email