(sipp) DRAFT minutes of SIPP working group
Ross Callon <rcallon@pobox.wellfleet.com> Wed, 03 August 1994 03:29 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa18979; 2 Aug 94 23:29 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa18975; 2 Aug 94 23:29 EDT
Received: from Sun.COM by CNRI.Reston.VA.US id aa23164; 2 Aug 94 23:29 EDT
Received: from Eng.Sun.COM (zigzag.Eng.Sun.COM) by Sun.COM (sun-barr.Sun.COM) id AA22807; Tue, 2 Aug 94 20:28:47 PDT
Received: from sunroof2.Eng.Sun.COM by Eng.Sun.COM (4.1/SMI-4.1) id AA16684; Tue, 2 Aug 94 20:29:02 PDT
Received: by sunroof2.Eng.Sun.COM (4.1/SMI-4.1) id AA00309; Tue, 2 Aug 94 20:31:03 PDT
Received: from Eng.Sun.COM (engnews1) by sunroof2.Eng.Sun.COM (4.1/SMI-4.1) id AA03426; Tue, 2 Aug 94 12:38:39 PDT
Received: from Sun.COM (sun-barr) by Eng.Sun.COM (4.1/SMI-4.1) id AA22119; Tue, 2 Aug 94 12:36:11 PDT
Received: from lobster.wellfleet.com by Sun.COM (sun-barr.Sun.COM) id AA20696; Tue, 2 Aug 94 12:35:51 PDT
Received: from pobox.wellfleet (pobox.wellfleet.com) by lobster.wellfleet.com (4.1/SMI-4.1) id AA15324; Tue, 2 Aug 94 15:32:33 EDT
Received: from cabernet.wellfleet by pobox.wellfleet (4.1/SMI-4.1) id AA04740; Tue, 2 Aug 94 15:29:04 EDT
Date: Tue, 02 Aug 1994 15:29:04 -0400
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Ross Callon <rcallon@pobox.wellfleet.com>
Message-Id: <9408021929.AA04740@pobox.wellfleet>
To: sipp@sunroof.eng.sun.com
Subject: (sipp) DRAFT minutes of SIPP working group
Cc: ipng@sunroof.eng.sun.com
X-Orig-Sender: owner-sipp@sunroof.eng.sun.com
Precedence: bulk
Reply-To: sipp@sunroof.eng.sun.com
Enclosed are DRAFT minutes of the SIPP working group last week in Toronto. Corrections should be send to Bob Hinden, hinden@eng.sun.com (Bob will be forwarding the updated minutes for inclusion in the IETF proceedings -- I will be out the rest of the week). Ross ----------------------------------------------------------------- SIPP Working Group, Wednesday 4pm Bob Hinden started by going over the agenda, and introducing the recommendation of the IPng area directors from Monday morning. Agenda - Review agenda - Discuss IPng recommendation and future direction - SIPP specification (Steve Deering) - Addressing Architecture (Bob Hinden) - Simple transtion moved to transition working group. - Christian's miscellaneous topics - Address Allocation Architecture (Yakov) - Source Routing (Tony Li -- joint with SDRP working group) - Real Time (Chuck Davin) - To Do list (assign people to jobs) IPng AD Recommendations - SIPP header format (with extension headers) - 16 byte fixed length addresses - SIPP security work - Simplified transition (SST) - ... Open Areas - source routing - max payload size and minimum MTU - autoconfiguration and re-addressing - authentication and encryption options - pseudo-header checksum rules - address assignment plan - tunneling - mobility - header compression The working group agreed that SIPP should disband after this IETF, and we should put our effort into the new (and noticeably similar in many regards) IPng effort. The basic IPng header becomes 40 bytes, with 32 byes of this being source and destination addresses. Nothing else has changed except that "payload type" has been renamed to be "next header". Minor header tweaks have been made to the Fragmentation Header and to the Routing Header. A new end to end options header has been defined. This is a "bag" of options, and allows conveyance of "ignorable" options on end to end basis (strictly host to host). This header is for options which, if not understood, should be ignored by the destination host. Note that current SIPP (and future IPng) header format does not preclude using EIDs, although they are not explicitly specified. <Dave Clark is to provide text here regarding EIDs and flow ID, which may be set by the host as well as by routers and can be used to speed processing.. Addresses once again identify interfaces and not nodes. This is related to multicast (specifically, an obscure problem which was found in the IS-IS working group in Seattle). There is a request to add the justification / description of the problem to the IPng draft. Due to the simplification of the transition plan, the C-bit is gone (replaced with prefixes). This effects the detailed text of checksumming rules. There is also a slight change to UDP checksumming rules. An appendix has been added on how to design options. Issues: - Jumbograms: How large should the upper bound be? How should this be encoded (perhaps with a not-quite-straight-linear encoding, such as if first bit is 1, implying a greater than 32K packet, then the length is in 8-byte multiples rather than one byte multiples). - Minimum MTU: What are the tradeoffs here? - Fancier source routing. Source routing reversibility versus authenticate- ability. - Authentication header format and semantics: This is in flux. The IPv4 security group is paying attention to the IPng requirements which may result in some (probably small) changes to this field. - Changes to pseudoheader checksumming rules (eg, due to SST and/or due to authentication header). When we are authenticated strongly, then why should we make use of a pseudoheader checksum at all? (the protection against changes to the packet provided by a good signature algorithm is much stronger than the protection provided by the IP/TCP checksum). - One more change, the name "SIPP" is being changed to "IPng". Or, perhaps we could call it IPv6 (pronounced IP Six). The group voted overwhelmingly for IP6. The working group then entertained questions and open discussion of issues: - What routing are we planning on having? Same as IPv4 (except not BGP, this will be replaced by IDRP). - Revisit minimum MTU issue: The main reason for this is to allow bigger UDP packets (eg, for SNMP and other applications running over UDP over IPng). Given that MTU discovery is required by IPng, this implies that the IPng conversation between two hosts will use larger packets if and only if the subnets can carry it (?Does this help UDP applications much?). IPng over localtalk is a reason for smaller MTUs. Also there are some systems in orbit which are working with 576 byte MTUs (service calls are extremely expensive on satellites -- something about space shuttles and rocket fuel prices here). - JumboGrams: Larger MTUs are useful in special very high performance local networks. Ultranet optimizes at approximately 200Kbyte packets. Once you hit a router, this tradeoff changes to prefer smaller packets (at least much smaller than 200Kbytes). As links get faster and more reliable, the optimal size for packets increases. Datacommunications are changing. Various forms of video and supercomputers result in very large files being sent. We need larger MTUs for larger files. If you increase the field size then you have made a syntactical change to the packet, but this doesn't ensure that you will be able to send those large packets over the links. Routers have to control the latency, which implies that MTU size will have to take into account the speed of the link and the desired maximum delay (per hop). This means that in some cases supercomputers may discover a small MTU size due to latency or other considerations for other traffic through intermediate hops. The maximum MTU size is tied into the design of the hosts. Supercomputers are currently designed such that a very large MTU is optimal. The problem with MTU is latency, not processing. So, lets look at the rate of increase of the speed of the pipes. Eventually we will therefore need large packets. One suggestion is that a length of zero is an escape to a hop-by-hop option, which contains a larger (32-byte) real length field. This was accepted. - APIs should be a priority. - We need to get a big picture of the work ahead of us, so that we can get our hands around it. Vendors have to come up with their own prototype and product strategy. At this point Scott Bradner, red in face, removed his crying laptop from the room to have its diaper changed (or somehow to get it to shut up). - Choice of Protocol type / Ethertype issue. From the NHRP (ROLC) working group, there is a need to identify protocol / address family in a number of protocols (for example, to identify address type in IDRP). Also, a different Ethertype / DataLink type would create a clearer dual stack. The problem is that this would have an effect on all media. Changing all of the link layer types would be a lot of work (with relatively little to show for it). This has a widespread effect on implementations. Another issue related to link layer protocol types involves the possibility of IP code breaking when it sees a packet which the link claims is an IP packet but which the IP code doesn't recognize. This could result in a large number of apparent checksum errors (but shouldn't happen unless there is some sort of configuration error). We should to go out and check whether routers are checking the IP version (what are existing routers going to do when they get an IPng packet?). - For SST prefix(es), why not use a prefix which sums to zero under the IPv4 checksum? Thus, instead of using 0:0:0:0:0:0 and 0:0:0:0:0:1 for prefixes in SST, why not use 0:0:0:0:0:0 and 0:0:0:0:0:FFFF? Source Route Discussion, joint with SDRP (Peter Ford): At this point the SDRP working group joined us for a discussion of source routing. Hop by hop forwarding is not sufficient as the **ONLY** forwarding method for IPng (reasons for alternative include mobility, virtual private nets on top of provider infrastructure, provider selection, TOS, Multicast, transit policies, etc). We need to go beyond the current hop by hop forwarding paradigm. Source routing is part of what is needed for use in some cases. Need to be able to specify a routing domain in a source route (or an aggregation of some sort, not just a single real router). Need to be able to deal with route failures (what if specified next hop cannot be satisfied?). Strict versus loose indication has to be on a per-hop basis. The source route option is variable length up to 32 intermediate hops, with a pointer to indicate the current hop, a bit mask to indicate strict versus loose for each hop, plus a length field, etc. The source route address list contains all addresses (including the final destination, but not the source), so you don't do a swap, you just do a write. This also helps if the source route header needs to be authenticated (since only the pointer field changes -- and you could simply not authenticate this one field). There is a concern about the length of addresses in the source routing field (the total amount of infomation which needs to be carried in the field causes the limit of 32 hops). Concern about amount of "heavy duty header munging" which needs to do this in high speed routers. There needs to be an option to allow a source routed route setup, with subsequent packets forwarded based on flow ID, with most packets not carrying the source route. There is a question regarding whether the source route can be added by routers (as an alternative to adding it by the source host). Clearly this is possible if the router encapsulates in a new IPng header, and uses a source routing header in the encapsulating IPng packet header. There is some interest in doing this without adding an additional IPng header in order to save bits, particularly if multiple routers at different levels of the hierarchy have to add source routes (at different levels). The co-chairs of the SDRP working group are willing to accept the ownership of the source routing header. This implies that source routing will be in a separate document. However, this is so important that it is important that using a different document does NOT imply a lowering of the importance of the header. SIPP, continued Thursday morning 9:45am The IPng Mailing List has been set up as: ip-ng@sunroof.eng.sun.com To join, send an email message to: majordomo@sunroof.eng.sun.com with "subscribe ip-ng" in the text of the message We discussed the addressing architecture internet-draft: Changes from last version: - remove c-bit - extended addresses removed - source route reversal rules moved to main SIPP specification - address types defined - removed text for binding addresses to specific interfaces Basic format for writting addresses in text: - twobytesinhex:twobytesinhex:etc:etc:etc:etc:etc:etc - can compress leading zeros - can compress middle zeroes (only one set thereof) - IPv4 format replaces the last 32 bits (two * two bytes) with ipv4 dotted decimal notation Currently assigned address types: 00 reserved 01 provider based unicast 10 geographic 110 reserved 1110 00 NSAPs 1110 01 reserved 1110 10 reserved 1110 11 IPX allocation 1111 00 reserved 1111 10 reserved 1111 110 reserved 1111 1110 local use 1111 1111 multicast It has been suggested to move some of the allocated values together, in order to allow the reserved blocks to be contiguous in more cases. For example, the NSAP allocation and the IPX allocation might be moved to be contiguous. Cluster addresses are a specific form of one of the other types of addresses. For example, some cluster addresses might correspond to provider based unicast. Currently, there is no allocation for anycast. However, if (when) someone figures out how to do anycast, there is plenty of space left to allow this to be added. Brian Carpenter has a proposal regarding how to map NSAPs into this space. This is still evolving. There is still some uncertainty regarding how this will actually be used. Until we know what the use is, it is hard to determine precisely whether the mapping is complete. One important use which has been identified is to allow existing address allocation plans to be used for IPng. A complete mapping is not possible into less than 20 bytes. The important thing is the logical mapping (to make sure that the necessary information is mapped), not the exact syntax. Space is reserved for IPX, but the details have not been worked out yet. It would be highly desireable to have a convergence of multiple network layer protocols to IPng. For example, to run OSI applications over IPng. This might be done via some update to RFC 1006, or in a more straightforward and efficient way by running OSI application over TP4 over IPng. Some work should be done on this (but this is outside of the scope of an IPng addresing discussion). The working group discussed the reverse mapping from address to names via DNS. Does this have to be based on 16-bit boundaries, 8-bit boundaries, nibble boundaries, or otherwise? While the written text format has the ":" delimeters on 16-bit boundaries, the hexadecimal digits are obviously specified on nibble boundaries. Christian Huitema has the action item to write up a proposed resolution to this issue. Bob Hinden gave two examples of how addresses might be assigned (on LANs and on point to point links). It is important to remember that these are only EXAMPLEs, and other formats ARE ALLOWED. Bob illustrated how unicast provider-based addresses may be autoconfigured. This uses a 48-bit "magic cookie" which is assigned to the host (while it is possible that this may be bit-for-bit identical with mac addresses for administrative ease, it is essential that this must not be required to be a mac nor a subnet address). The 48-bit magic cookie is appended to a "m" bit long subnet ID plus an "n" bit long subscriber prefix (such that 48+m+n comes out to 8*16 bits). The subnet ID may itself be substructured, as may the subscriber ID. For PPP links with only two ends, the subscriber prefix plus subnet ID may be longer, possibly leaving only 2 bits for the node ID on a point to point link (2 bits rather than one so that a value can be assigned to the wire itself). Other types of links, such as multi-drop links, may have different lengths for the node ID field. Steve provided another example. THIS IS AN EXAMPLE, DO NOT ASSUME THAT THIS IS THE ONLY WAY TO DO THINGS. In assigning fields, it is useful to leave unassigned bits in the right places to allow future growth. It is pointed out that drawing pictures tends to make people jump to unwarranted interpretations of the picture. Autoconfiguration / autoaddressing for low end (possibly stub) routers was pointed out as an important thing. Proposals on how to do this are welcome. Private "subscriber" networks with on the order of 1,000,000 nodes must be allowed (a gentleman from a high-tech-oriented large fortune 100 company pointed this out, quite correctly). The discussion today is of a provider based scheme. This implies that when you change your provider, you also change your addresses. However, it is important that this does not require a change to the local address allocation scheme used for assigning the "middle" and low order part of the address within a site. Also, end systems will autoconfigure the change to the (high order part of) address. Autoconfiguration of stub routers and/or small subnets is also important. however, some part of the worldwide Internet will need to be configured (we can't autoconfigure everything). Christian Huitema proposed that, rather than fitting IPv4 into IPng addresses at the low order 32 bits, why not do it in the middle of the address? This allows IPv4 addresse to be a seed for the IPng addressing scheme. One possible reason for NOT doing this is that this could lead to uncareful address allocation. Current IPv4 addresses are known to be poorly allocated. There seemed to be a general agreement that this was sufficient reason to *not* encourage IPng address assignments to be based on existing IPv4 address assignments. The proposal is that the minimum allocation to any subscriber is 64 bits. However, very large subscribers (example of Boeing was mentioned) may get larger allocations (ie, a shorter prefix means "this is Boeing", Boeing then gets more than 64 bits to play with). There needs to be some standard for how long a prefix large subscribers get, so that if they change providers (or have multiple providers at once) they get the same length prefix from each. GM was pointed out as another clear example of a big network what might want more than a 64 bit assignment. It was suggested that the big guys are very much like providers (perhaps the real issue comes in middle sized guys, and distinguishing these from the big guys). One comment suggested that it is desireable to *not* change addresses when you change providers. Somehow it was suggested that variable length addresses may help here, although it was not clear how. Local use addresses are provided for in this address hierarchy (prefix of 11111110). It is recommended that sites using local addresses start assigning the address bits from the right, with fill of zeroes from the left. This allows them to change the high order part of the addess when they later hook up to the Internet. On the other hand, there may be some systems where we know for sure that they will stay local (example of an aircraft carrier was given by someone who actually does have a lot of aircraft carriers -- not purchased with personal funds). These could use any address from the local space -- there is no particular reason to assign from the right in the case that we know that the system will always be only local. This group is not commenting on the desireability of local addresses. Rather we are providing the possibility of local addresses for those folks who think that they will be useful. A low order suffix of all zeroes is used for cluster addresses. A local loop back address is defined. This is the local address with the low order one bit set to one, and the rest set to zero (address FE00:0:0:0:0:0:0:1). The cluster label for this would appear to be FE00:0:0:0:0:0:0:0, although some of us were unclear what a cluster loopback address would mean. An unspecified address of 0:0:0:0:0:0:0:0: is defined. This is used where you don't know what an address is. For example, this may be used as a source address for a system which is sending a packet but doesn't yet know its own address. There was a question regarding why the loopback address is from a different block than the unspecified address. This means that two blocks have been cut into. Multicast adddress (starts with 11111111) has flags and scope. Details are defined in the spec. Question: Will we have multi-subnet broadcast addresses? Answer, there is no broadcast here, only multicast (you should never send to everyone, rather you should send to the right "lots of folks" multicast address). In some cases you will need to map IPng multicast onto LAN subnet broadcast, since some systems receive LAN broadcast more efficiently than LAN multicast. Some work on multicast addresses is still needed. Yakov gave a presentation on: Architecture for SIPP-16 Address Allocation (ie, the relationship between addressing and routing). This document provides guidelines. This is pretty much based on CIDR (ie, based on NSAP guidelines, based on much earlier work on hierarchical routing -- this is not a new idea but it works). This is based on what is currently deployed, which therefore does not require any drastic change from what we are doing. The set of administrative requirements for obtaining and allocations IPng addresses are not discussed. This is not a specific plan for address assignment, nor does it deal with embedding address space from other protocols, nor multicast, ... The technical aspects of address allocation and the implications on routing are discussed in this document. The benefits of encoding *some* topological information in addresses is discussed. The need for additional levels of hierarchy, etc.. Hierarchical routing: Scaling requires that we achieve some level of information abstraction. Within a single-homed leaf domain: This implies that we give the domain a contiguous block of addresses abstracted into a single address prefix. This is preferably from a prefix assigned by the direct provider. Providers should have relatively large contiguous block, and give sub-blocks to customers. If you want to separate "R&E" from "commercial", you can have the provider have two relatively large sub-blocks. Question: When we change providers, do we cut a hole in the CIDR-allocations, or to we require re-addressing. It is desireable to make it as easy as possible to renumber, thereby allowing CIDR-holes to be corrected as much as possible. This does not require that we *always* renumber however. It was pointed out that embedding policy (eg, R&E versus commercial) in policy is a bad thing. This could explode, or become uselessly inadequate. Yakov, Steve, some other speakers, and the minute taker were in agreement on this. There is a problem that while it may make sense to some folks (US Government) to split folks into two particular categories, it may make sense to other folks (other governments or some large commercial companies) to split folks into different sets of categories. AUPs (appropriate use policies) will better be addressed by proper policy based routing capabilities, such as may be provided by SDRP. Multi-homed domains are harder to handle. There is no one correct solution. The document points out four possible solutions, any of which may be correct in any one particular situation. Thus, it is important to understand the various solutions in order to determine which should be used in any one case. Continental aggregation deals with large blobs of the topology.l This is anticipated as useful to help contain entropy (if changing providers results in entropy within one continent, this entropy can be contained). This could also be useful for multi-homed subscribers which are multi-homed within a single continent. Summary: The ability of the Internet to grow depends upon the ability of routing to scale. This requires the use of routing data abstraction, based on using addresses which reflect the topology. We recommend provider-based addresses. We could start experimenting with geographic addresses, for example for multi- homed sites which happen to be topologically "close" to one of the FIX's (there are some examples of this). Maximum aggregation is not actually needed. For example, there does not need to be *only* six address prefixes at the top level (one per continent, probably minus Antartica). It is sufficient to have a few hundred or a few thousand at the top. On the other hand, if you shoot for maximum aggregation, and assign addresses to that maximum aggregation is possible, this doesn't mean that you have to use it. The important thing is that when you allocate the addresses you need to shoot for aggregation. It must be possible to receive address allocation without connecting to a public Internet. Embedding IP addresses in IPng addresses, and NSAP addresses in IPng addresses, and IPX addresses in IPng addresses, may lead to an unroutable (or at least hard to route) network. Thus we have to get away from old bad address assignments to a new more topological more scalable / routeable address assignment. It may be that some bad addresses may give you the right to run IPng locally, but *not* give you the right to have people be capable of routing data to you. Education is essential. This will be an ongoing process. Last Topic: Generation of a TODO list: - source routing - max payload - minimum MTU - autoconfiguration and readdressing - authenticatioin and encryption - pseudo-header checksums - address assignment We need to assign names to documents. - address assignment: take current CIDR assignments and IPng-ize (Yakov) - address CIDR-stuff (Yakov) - base IPng spec (Steve Deering) - address something (Bob Hinden) - DNS (Christian H) - ICMP/IGMP (Deering and Conta) - MIB (Kayce) - neighbor discovery, Address Resolution (Bill Simpson, Conta) - NSAP mapping (Brian Carpenter, Jim Bound) - APIs (Bob Gilligan and Jim Bound) - security (Ran Atkinson) - compression (Bill Simpson) - FTP (Foobar) (Piscitello) - SNMP (not MIB) - OSPF - IDRP (IDRP Working Group) - IS-IS - RIP Overall consistency is the responsibility of the IPng working group chairs, and Dave Clark as official IPng Reviewer. ------------------------------------------------------------------------------ IETF SIPP Working Group - Archives: parcftp.xerox.com:/pub/sipp Unsubscribe: unsubscribe sipp (as message body, not subject) Direct all administrative requests to majordomo@sunroof.eng.sun.com
- (sipp) DRAFT minutes of SIPP working group Ross Callon
- (sipp) DRAFT minutes of SIPP working group Jim DeMarco