IETF Logo Mail Archive

Re: [Spud] Fwd: New Version Notification for draft-herbert-transports-over-udp-00.txt

Joe Touch <touch@isi.edu> Sun, 22 May 2016 04:14 UTC

Return-Path: <touch@isi.edu>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5CD812D1DF for <spud@ietfa.amsl.com>; Sat, 21 May 2016 21:14:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.325
X-Spam-Level:
X-Spam-Status: No, score=-3.325 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-1.426] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oGDAfoTr_Vmn for <spud@ietfa.amsl.com>; Sat, 21 May 2016 21:14:56 -0700 (PDT)
Received: from nitro.isi.edu (nitro.isi.edu [128.9.208.207]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1241812D1BC for <spud@ietf.org>; Sat, 21 May 2016 21:14:56 -0700 (PDT)
Received: from [192.168.1.189] (cpe-172-250-251-17.socal.res.rr.com [172.250.251.17]) (authenticated bits=0) by nitro.isi.edu (8.13.8/8.13.8) with ESMTP id u4M4EAY4007416 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sat, 21 May 2016 21:14:12 -0700 (PDT)
To: Dave Dolson <ddolson@sandvine.com>, Tom Herbert <tom@herbertland.com>
References: <20160519175701.17290.47241.idtracker@ietfa.amsl.com> <CALx6S377qRfq7ufRVUx6Yn7ec4=EmK_=FL14PWT_qf4g840mbQ@mail.gmail.com> <20160519185943.GM12994@cisco.com> <CALx6S37qPpKpCT6ZpVQwRWf1XFKESYasOBcz26To9zw0GRyz5Q@mail.gmail.com> <573E31E1.807@isi.edu> <20160519221102.GS12994@cisco.com> <573E3C5E.2090300@isi.edu> <20160520001323.GC2511@cisco.com> <573E6303.8030701@isi.edu> <20160520012431.GF2511@cisco.com> <573F47C0.3010501@isi.edu> <CALx6S35SjaNsCUrY+xUgULR67U+yBPsG2-GWyA-QX0nTpgM2jg@mail.gmail.com> <573F58C9.8010605@isi.edu> <20160521142356.5697621.84991.85659@sandvine.com>
From: Joe Touch <touch@isi.edu>
Message-ID: <57413212.4040406@isi.edu>
Date: Sat, 21 May 2016 21:14:10 -0700
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <20160521142356.5697621.84991.85659@sandvine.com>
Content-Type: multipart/alternative; boundary="------------020709040906090608070509"
X-MailScanner-ID: u4M4EAY4007416
X-ISI-4-69-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/eM9oH2VHumYF_nBwEoN50AR3eOE>
Cc: Toerless Eckert <eckert@cisco.com>, spud <spud@ietf.org>
Subject: Re: [Spud] Fwd: New Version Notification for draft-herbert-transports-over-udp-00.txt
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 May 2016 04:14:58 -0000


On 5/21/2016 7:23 AM, Dave Dolson wrote:
> Another way of explaining the need for PLUS is that the internet architecture is deficient because it only provides connectivity between hosts, whereas there is a need to provide connectivity between applications running on hosts. 

Tunnels already provide that.

A tunnel is fundamentally a link layer over which network layer(s)
transit. UDP/IP can provide that capability through a variety of
existing ways.

However, it's nonsensical to expect a transport to use a tunnel
directly, just as TCP doesn't run over Ethernet.

> This is becoming more relevant as processes are jailed (using various approaches) for security.
>
> Raw sockets require root privilege to prevent different apps from reading or forging each others' packets. I think this restriction still makes sense on single-user machines‎, so it would not be right to say the fix is to loosen O/S security.

Again, now you're getting at an OS implementation issue. That is never
usefully fixed by the network architecture.


> So, one role of the PLUS layer is to extend the network-layer address to being able to address the application at IP address + port.
That's what IP in UDP already accomplishes.
> This is why I don't think there is a layering travesty here. It's redefining the network layer to be between applications.

Apps live inside hosts, and are identified by transport ports. Hosts are
identified by IP addresses. If you have a host inside a host, you need
to treat the outer host as a router+host, and the guest OSes as other
hosts on that router. See:
J. Touch, T. Faber, “Dynamic Host Routing for Production Use of
Developmental Networks <http://www.isi.edu/touch/pubs/icnp97/>,” in
/Proc. ICNP ’97/, Atlanta, Oct. 1997, pp. 285-292.

There's no problem solving any of this with a network layer inside UDP.
The problem is assuming that you can virtualize a network using just the
transport layer - a layer that fundamentally depends on addresses at a
network layer you fail to provide.

UDP already is used for tunnels in ways that solve this problem
correctly. Why do we need an incorrect approach?

Joe

v2.23.0 | Report a Bug | By Email