IETF Logo Mail Archive

Re: [Spud] Putting Network-Layer Information in the Network Layer

Tom Herbert <tom@herbertland.com> Fri, 10 July 2015 16:19 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E46C1B2CEC for <spud@ietfa.amsl.com>; Fri, 10 Jul 2015 09:19:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AoOTYD9mcWbS for <spud@ietfa.amsl.com>; Fri, 10 Jul 2015 09:19:21 -0700 (PDT)
Received: from mail-ig0-f171.google.com (mail-ig0-f171.google.com [209.85.213.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 911581B2CF1 for <spud@ietf.org>; Fri, 10 Jul 2015 09:19:19 -0700 (PDT)
Received: by igoe12 with SMTP id e12so38615218igo.1 for <spud@ietf.org>; Fri, 10 Jul 2015 09:19:19 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=VfT3bYE9ZfvNh9lCseAxcNoL+MjLIyGzby6WjP8Oqu0=; b=entlbPiWIjWFZ0FZ6BiSeLlYip3uhIXuTGSEiOZg3/ta5Kz3KCzHHrD6NuOkC5QlQo I6dzR16rt2ahZ9R45EZct/uwK+wRgnlNRVuE5/WbaC7LrXy9lV1Da+1/rDt5HByaqM5V EENW8UYvpHd3YtCHMectd7ZVgSUVXsRCL6v4JAQar3COsQzAmpB9353Fkyrg2X6jQJic EGmuV9pYY9GQnU8OGQBHg9XnqkBTXqTgeVFjE2ZyZFzsppe5pmEMeWMxLzx91D6XjK87 I/HYRBg7k03V66syQGRNHVLLhC4RHCor8+o2UARc/wk00jLQ6eYF42VgXZdhUeMRhjDj 6UhQ==
X-Gm-Message-State: ALoCoQlCJ/s/wbFirWanFEUwho3EzVw7jpwoKHSPC9D8x95ivWsqVfuOBuAM761m9ejoa1JyfunA
MIME-Version: 1.0
X-Received: by 10.107.9.142 with SMTP id 14mr6820721ioj.142.1436545159095; Fri, 10 Jul 2015 09:19:19 -0700 (PDT)
Received: by 10.107.142.86 with HTTP; Fri, 10 Jul 2015 09:19:19 -0700 (PDT)
In-Reply-To: <CB3FEFD0-1FE0-49D4-A650-349218ABD00A@trammell.ch>
References: <20150703151910.417.20312.idtracker@ietfa.amsl.com> <176C39DB-16F3-4E46-9A1D-22290A38FBA6@tik.ee.ethz.ch> <CALx6S37Eo6eAE4GTkAWGe+w0ZhDHyuMym7+txgjai5GRw+pgiQ@mail.gmail.com> <7158BF85-8731-40A0-9920-36D21D73D7F2@trammell.ch> <CALx6S37w1J=v48gFCH18E-3UZyfC28_d_LTuKjC5VHtXC0eu2Q@mail.gmail.com> <5A64B99E-89C5-4D5C-BFF2-C5F0C25EC35D@trammell.ch> <559D8301.2020604@isi.edu> <006C9182-7352-4086-AF18-785AEFD44979@trammell.ch> <559EB134.2090905@isi.edu> <CB3FEFD0-1FE0-49D4-A650-349218ABD00A@trammell.ch>
Date: Fri, 10 Jul 2015 09:19:19 -0700
Message-ID: <CALx6S37Xy1gg0O-OmkMMdxbJoQmHDS79Z9ZoU92-kAsDfUbTrQ@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
To: Brian Trammell <ietf@trammell.ch>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/bCSAiD5SGDnLs7g2XnlYsodderk>
Cc: spud@ietf.org, =?UTF-8?Q?Mirja_K=C3=BChlewind?= <mirja.kuehlewind@tik.ee.ethz.ch>, Joe Touch <touch@isi.edu>
Subject: Re: [Spud] Putting Network-Layer Information in the Network Layer
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jul 2015 16:19:23 -0000

> Coming back to the layering question:
>
> It does seem to me that what we're (the we that wrote the two documents starting this thread) trying to do is explicitly reinforce the boundary between the network layer and the transport layer, where this is defined as "things the path needs to see versus things only endpoints need to see". Asking nicely (i.e., publishing RFCs) did not work in this case: the transport ports are de facto part of the network layer now, and short of blowing the Internet up and starting over I can't see a way to get them back. So now we are left with enforcing the boundary cryptographically, leaving some space in the "new network layer" (in this case, IP + UDP (for ports) + SPUD) for those things now commonly done within the network.
>
This "new network layer" breaks down at fragmentation. Only the first
fragment carries port numbers and the embedded network layer
information in the payload. Other fragments will carry neither, but
still can carry IP options, DSCP, TTL, ECN marking, flow labels in
IPv6.

An alternate possibility would be to embed IP options within UDP. So a
packet might look like IP-UDP-IP options-payload. This allows us to
use native options (say in our data center where we can control
things), but maybe to use embedded IP options in UDP on paths in the
Internet where we see options are being dropped. SFC-in-UDP
(https://tools.ietf.org/html/draft-kumar-sfc-nsh-udp-transport-00)
proposes a similar model, although I don't believe they allow
middleboxes to modify or to be regularly looking the headers.

> If we can do this in the _current_ network layer (IPv6 (with options) with some alternate way to handle NAT + DTLS, or we find a portal to an alternate universe where end-to-end IPsec is widely deployable and manageable), then great, let's do that. I'm pessimistic enough to believe that that hasn't been a realistic prospect at any time during this century, though.
>
I don't understand what the issue is with crypto here. SSL/TLS are
widely deployed with use of NAT, and we are certainly using encrypted
tunnels over the Internet.

Tom

> Cheers,
>
> Brian
>
>> Joe
>>
>> _______________________________________________
>> Spud mailing list
>> Spud@ietf.org
>> https://www.ietf.org/mailman/listinfo/spud
>
>
> _______________________________________________
> Spud mailing list
> Spud@ietf.org
> https://www.ietf.org/mailman/listinfo/spud
>

v2.8.7 | Report a Bug | By Email