IETF Logo Mail Archive

Re: [Spud] SPUD magic number

Toerless Eckert <eckert@cisco.com> Fri, 10 April 2015 17:48 UTC

Return-Path: <eckert@cisco.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E59561AC3E1 for <spud@ietfa.amsl.com>; Fri, 10 Apr 2015 10:48:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2xfDH7i8a7tu for <spud@ietfa.amsl.com>; Fri, 10 Apr 2015 10:48:54 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40EC51AC3CB for <spud@ietf.org>; Fri, 10 Apr 2015 10:48:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2423; q=dns/txt; s=iport; t=1428688135; x=1429897735; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=jAFwghCEim5yhz61YKCnDcpHe45iPPUgUCe1nySRIec=; b=XLShHT/RUDa9fqE3IMZ5dtzEIzGymEcc4+nKoE81uxp4chKf2b2LqYyb A0PYQK+Qe4elyv7Frd9BB8rdaKCsm4/Yp72HC62c/zfMJu6OghohYpMcu ufLRtYcXSzZA3N+ahD1Qba5fAbJm+lD4R9sbiJmZ8PIxr1YXQHym02r6D o=;
X-IronPort-AV: E=Sophos;i="5.11,557,1422921600"; d="scan'208";a="140135408"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by alln-iport-2.cisco.com with ESMTP; 10 Apr 2015 17:48:54 +0000
Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id t3AHmrmn019829 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 10 Apr 2015 17:48:53 GMT
Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1]) by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id t3AHmqjf023582; Fri, 10 Apr 2015 10:48:52 -0700
Received: (from eckert@localhost) by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id t3AHmqac023581; Fri, 10 Apr 2015 10:48:52 -0700
Date: Fri, 10 Apr 2015 10:48:52 -0700
From: Toerless Eckert <eckert@cisco.com>
To: Tom Herbert <tom@herbertland.com>
Message-ID: <20150410174852.GF24286@cisco.com>
References: <CALx6S379MDL+dtnncB7J1Xz9xSbgS3gyEyKuQ7NaRNnHvh7E6w@mail.gmail.com> <430F4C7C-7565-48C1-833B-45F9E0D5F6B2@cisco.com> <CALx6S362LFQJKEEscWAsaHvWHAT+57+Fsj9VchMDicU6UDzMgg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CALx6S362LFQJKEEscWAsaHvWHAT+57+Fsj9VchMDicU6UDzMgg@mail.gmail.com>
User-Agent: Mutt/1.4.2.2i
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/5LrwRqbRVoa43XcFwHBfYvqjdXc>
Cc: "Pal Martinsen \(palmarti\)" <palmarti@cisco.com>, "spud@ietf.org" <spud@ietf.org>
Subject: Re: [Spud] SPUD magic number
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Apr 2015 17:48:56 -0000

On Fri, Apr 10, 2015 at 10:26:34AM -0700, Tom Herbert wrote:
> 32 bits seems a little light to me for this usage #2, especially if
> when some application packet inadvertently matches the magic number
> packet is dropped when it would have otherwise been accepted if magic
> numbers weren't being checked. 64 bits might be safer.

See my last email of how we ultimately would get 1/2^96 false
positive in middleboxes that are keeping today per-flow state
and with SPUD would do per-tube state.

> For UDP encapsulations (GUE, Geneve, VXLAN, etc), we probably would
> the magic number to be optional since we'll already have a port number
> to identify the protocol (at the client) and might not need middlebox
> support within a data center.

Even if just meant to be used for end-to-end signaling, i would not
remove the cookie. Its still very helpfull for end-to-end communication,
especially for any communication where it is not upfront clear whether
SPUD is used or not. And if there is prior signaling that makes
the endpoints know SPUD is used, then the cookie is easy to skip.
And hopefully the 32 bits are not going to be so valuable space
(SPUD tax..) that we need to make them optional.

I think the most important design goal should be to ensure that it
is easy for middleboxes to distinguish different type of "awareness"
int SPUD traffic, so that a middlebox would only need to inspect what
it is intersted in.

For example: A middlebox that ONLY wants to do a lightweight tracking
of flows would simply set up snoop punt entry in the forwarding plane
for cookie+cmd=01, cookie+cmd=02, cookie+cmd=03. And it would
never see data packets, but just connection setup/teardown.

With this in mind, i think it would be a lot better if SPUD had 8 bit
of CMD, and that would give us the ability to distinguish additional
levels of awareness through additional new CMDs, and only the middleboxes
interested in those commands would have to snoop those command packets
its interested in. And we could of course also simply say that the
high order bit = 0 or 1 is an indication whether middleboxes are
allowed to look at (and potentially modify) the packet. 

Cheers
    Toerless
> 
> Tom
> 
> _______________________________________________
> Spud mailing list
> Spud@ietf.org
> https://www.ietf.org/mailman/listinfo/spud

-- 
---
Toerless Eckert, eckert@cisco.com

v2.8.7 | Report a Bug | By Email