IETF Logo Mail Archive

Re: [Spud] Fwd: New Version Notification for draft-herbert-transports-over-udp-00.txt

Ca By <cb.list6@gmail.com> Mon, 23 May 2016 15:52 UTC

Return-Path: <cb.list6@gmail.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B57B012D95A for <spud@ietfa.amsl.com>; Mon, 23 May 2016 08:52:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zm4-pRvw3Kry for <spud@ietfa.amsl.com>; Mon, 23 May 2016 08:52:01 -0700 (PDT)
Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 877CC12D1AD for <spud@ietf.org>; Mon, 23 May 2016 08:52:00 -0700 (PDT)
Received: by mail-oi0-x230.google.com with SMTP id b65so139933820oia.1 for <spud@ietf.org>; Mon, 23 May 2016 08:52:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=w5jGqOaU9APpdPwNYMQafWujd0pxFhnCEoPCbbsf/Xo=; b=WmV9vN6TOSw0EBFv2aCLKJWD844Ase+3h1Qua+CCRYO8V3gkkjV7AweOgnSQdslIC1 6/cKmlk4pp7E+Y3jJUNbRLduRjSvIjp6WpZtTyGZ0j0OUT6RWY7m70okC3ThFJbByoEu oJH7vJ8B8KmjWvg/fYimB6ifpG4r/JHgQaYnGG7KGvo9dZgIeP1G/li/fuU9EycKgpY6 DzkUWuQT7qAk/hxKjHWZHiT2Quu6XlHz4gWsO7ILOxVCIQ2DmkRA1JJ0oQ/G8UdDKaf/ HDQXZCs/nbTpFD7DdYvvkGZdaNKfi/ZF0IcjCYDs8QViPn9CaUldBL72T+71oYK1Ey8L HLZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=w5jGqOaU9APpdPwNYMQafWujd0pxFhnCEoPCbbsf/Xo=; b=HnJs3HwOuAg1I2U5jfyt8J1m8Y5s7+IHNW88immP8NYFD9yf/lZUUCFJEkIrSoUk/9 LZSCnv8F4dlFl97LN2L+z9vXjdI2OVC+UbkA8ObWbs/XIWkEQdCUARCjCI0nZT/95Pug MNR5WRt4I+gb/wZtcmN9Q4NueWB2io35PgQSBnqt+9a4vSKmSOweEz72FAeKcBpYXIIW eoRAVqvrcKTRVyS8mczadYcqN1xPqdRJTKB8MlxNG+IV6pS7Jev0y77XQLEah02+ALo7 ffr84Cg6d6yh4ONKyIpWMsKPEpKGiwYVSfdZM+m4vy2pQjgz2J5nTBl11CDjnoUpBWfH rgHA==
X-Gm-Message-State: ALyK8tJdDMfetxkh9t4QVkpYU71jU3Z2yte/MyF+KwbpCVB42EyhdjHliZYCB25xVDqunQNO3eN0SKgKLCbGiQ==
MIME-Version: 1.0
X-Received: by 10.157.9.100 with SMTP id 91mr2515034otp.142.1464018719910; Mon, 23 May 2016 08:51:59 -0700 (PDT)
Received: by 10.157.42.69 with HTTP; Mon, 23 May 2016 08:51:59 -0700 (PDT)
In-Reply-To: <CALx6S35x-+D-tq2BbibuqY7iTVptZ+_6LzLFJM7JTm5g=dZ+2w@mail.gmail.com>
References: <CALx6S377qRfq7ufRVUx6Yn7ec4=EmK_=FL14PWT_qf4g840mbQ@mail.gmail.com> <20160519185943.GM12994@cisco.com> <CALx6S37qPpKpCT6ZpVQwRWf1XFKESYasOBcz26To9zw0GRyz5Q@mail.gmail.com> <573E31E1.807@isi.edu> <20160519221102.GS12994@cisco.com> <573E3C5E.2090300@isi.edu> <20160520001323.GC2511@cisco.com> <573E6303.8030701@isi.edu> <20160520012431.GF2511@cisco.com> <573F47C0.3010501@isi.edu> <20160520182115.GO2511@cisco.com> <CALx6S378X7bk5q-u7Kxu+s3w1ZZ5kZcyhCVEUyPG_=hVzNH2tA@mail.gmail.com> <655C07320163294895BBADA28372AF5D48860CBE@FR712WXCHMBA15.zeu.alcatel-lucent.com> <DM2PR0301MB06553A6249DB5BAD06D2A96BA84B0@DM2PR0301MB0655.namprd03.prod.outlook.com> <CALx6S35m9xCvzLqXyLgARdoep_WfZBoLsGFNUVUx8GfxXfiYNg@mail.gmail.com> <CAGD1bZZFkWNQ6dnETVoA0oat2h03JscCD6OcZPasFdKTYnkMQQ@mail.gmail.com> <D326F273-8736-4079-AF1A-8495320917F8@ifi.uio.no> <CAD6AjGQPEEEsMoqdE-E3FMRVwKVSdygPOnUVgmhXLH-v-C2fbQ@mail.gmail.com> <CALx6S35x-+D-tq2BbibuqY7iTVptZ+_6LzLFJM7JTm5g=dZ+2w@mail.gmail.com>
Date: Mon, 23 May 2016 08:51:59 -0700
Message-ID: <CAD6AjGQp3_8SxptBn0aJ5-KQtJv5sYF=NZebZtbgGF8A_CQkdw@mail.gmail.com>
From: Ca By <cb.list6@gmail.com>
To: Tom Herbert <tom@herbertland.com>
Content-Type: multipart/alternative; boundary="94eb2c04f3fcbebaeb0533846bb8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/Id78Zq3mX2I15y3KAdPFgtHrAmQ>
Cc: Toerless Eckert <eckert@cisco.com>, Michael Welzl <michawe@ifi.uio.no>, Joe Touch <touch@isi.edu>, "Scharf, Michael (Nokia - DE)" <michael.scharf@nokia.com>, "spud@ietf.org" <spud@ietf.org>, Jana Iyengar <jri@google.com>, Christian Huitema <huitema@microsoft.com>
Subject: Re: [Spud] Fwd: New Version Notification for draft-herbert-transports-over-udp-00.txt
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 May 2016 15:52:02 -0000

On Monday, May 23, 2016, Tom Herbert <tom@herbertland.com> wrote:

> On Sun, May 22, 2016 at 1:06 PM, Ca By <cb.list6@gmail.com <javascript:;>>
> wrote:
> >
> >
> > On Sunday, May 22, 2016, Michael Welzl <michawe@ifi.uio.no
> <javascript:;>> wrote:
> >>
> >> Hi,
> >>
> >> I still didn’t get to read the draft - apologies!  I probably like it
> :-)
> >> but I hope it allows putting multiple TCP connections under one single
> UDP
> >> 5-tuple.
> >> Anyway, not speaking pro- or con- this draft, just a comment in line:
> >>
> >>
> >> On 22. mai 2016, at 05.03, Jana Iyengar <jri@google.com <javascript:;>>
> wrote:
> >>
> >> Possibly unsurprisingly, I like this draft. I'd like to argue some of
> the
> >> choices made in the draft but I'll do that separately. For now, I just
> >> wanted to articulate a few thoughts as I caught up on this thread:
> >>
> >> - The ship has sailed on new native-IP transports. I worked on SCTP for
> 6
> >> years and tried and watched it get nowhere in terms of deployment over
> >> native-IP. It wasn't because it was in the kernel, it was primarily
> because
> >> of NATs and various middleboxes. Yes this is definitely my opinion, but
> >> arguing this point is silly. No new native IP transport has seen
> significant
> >> deployment over the internet over the past 20 years, and it's not for
> lack
> >> of trying.
> >>
> >> “The ship has sailed” and “it’s not for lack of trying” are both wrong
> >> IMO. How many applications have tried to use SCTP/IP and fallen back to
> TCP
> >> in case it doesn’t work? How many applications do you expect to change
> in
> >> order to get such a change to happen? And why should anyone expect
> someone
> >> designing or maintaining a router or middlebox to support native SCTP
> when
> >> they never even see the packets and never even hear anyone say “my
> >> application works better elsewhere because of SCTP” ?
> >>
> >> This is what TAPS is trying to address. It’s a very deep architectural
> >> problem of the Internet - an inability to automate fall-backs, which
> >> unnecessarily burdens application developers. Rant, rant, rant, make me
> stop
> >> :-)
> >>
> >> Now all this being said, I also don’t fully get why some folks have
> such a
> >> big problem with running stuff over UDP. I’m not against doing that, if
> only
> >> as a temporary solution that would serve to convince people that the
> >> transport (option, ..) is useful.
> >> In a TAPS world, it’s just another option to try…
> >>
> >
> > The fact that udp is mostly (by volume) internet attack traffic  is my
> > concern with udp.
> >
> > If legitimate traffic starts using udp in volume, it will make
> distiguishing
> > and thwarting voulmetric attacks very difficult at scale. Without
> currently
> > curbing n * 100g blasts of udp traffic with blanket policers, i would
> not be
> > able to keep my network up... This is a daily issue.  For example, my
> usual
> > udp volume is about 1%. If it goes to 10% suddenly, it is likely smart to
> > drop 11% and onwards as a 10x increase in udp is 100% certainly not
> legit.
> >
> > My request to quic and spud is simply use a different transport protocol
> > number so that their interesting and innovative traffic does not run up
> > against the many network policers that are required to enforce well known
> > baselines of good normal udp traffic. The quic folks say that they
> cannot do
> > that since 10 year old cpe only passes udp and tcp, then they rant about
> > ossified stacks and how we need to put everything on udp to make progess
> ...
> > Seems like they are just choosing to ossify on udp ...  And udp is
> already
> > considered trash (reflection attacks) ...So we agree to disagree, i guess
> >
> Isn't any other protocol besides TCP also considered trash right now?
>
>
My network only "manages" udp.  Ymmv.

UDP based transport protocols would use well know port numbers. A

firewall can allow UDP port X that carries a


>
A "firewall" is a enterprise solution that does not scale for large
national internet providers in the usa

Yes, the bulk of the trash is less than 20 source ports (chargen, ntp,
snmp, ntp, dns, ....). But we also get very large bot swarms doing straight
packet attacks with udp.  Even a novice like me can write to udp sockets in
python on any port and stuff data through it.



>
> properly congestion
>
controlled protocols not subject to reflection attacks, but disallow
> other UDP ports.
>
> Tom
>
> > https://tools.ietf.org/html/draft-byrne-opsec-udp-advisory-00
> >
> >
> >
> >> Cheers,
> >> Michael
> >>
> >
>

v2.23.0 | Report a Bug | By Email