Re: [Tsv-art] Tsvart early review of draft-ietf-intarea-gue-07
"Gorry (erg)" <gorry@erg.abdn.ac.uk> Sat, 09 March 2019 11:55 UTC
Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 492D2126D00; Sat, 9 Mar 2019 03:55:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W_SS-Ja5uj5C; Sat, 9 Mar 2019 03:55:01 -0800 (PST)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [137.50.19.135]) by ietfa.amsl.com (Postfix) with ESMTP id 0CEFA1271FF; Sat, 9 Mar 2019 03:55:00 -0800 (PST)
Received: from [10.12.156.88] (unknown [85.255.236.85]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id 78B061B0007C; Sat, 9 Mar 2019 11:54:54 +0000 (GMT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: "Gorry (erg)" <gorry@erg.abdn.ac.uk>
X-Mailer: iPhone Mail (16D57)
In-Reply-To: <155209829934.26739.17273081538632335266@ietfa.amsl.com>
Date: Sat, 09 Mar 2019 11:54:53 +0000
Cc: tsv-art@ietf.org, draft-ietf-intarea-gue.all@ietf.org, int-area@ietf.org, ietf@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <EAAF74A2-0EA3-4C1B-AA07-0644892A9EE8@erg.abdn.ac.uk>
References: <155209829934.26739.17273081538632335266@ietfa.amsl.com>
To: David Black via Datatracker <noreply@ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/WkOOh-GAkN5UyLcSMoAdN7znIMI>
Subject: Re: [Tsv-art] Tsvart early review of draft-ietf-intarea-gue-07
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Mar 2019 11:55:04 -0000
Heads-Up: On this, I fear we do not agree. I think there are serious issues - I will send an email summarising what I said at the Mic in IntArea last meeting and we should perhaps then talk. Gorry > On 9 Mar 2019, at 02:24, David Black via Datatracker <noreply@ietf.org> wrote: > > Reviewer: David Black > Review result: On the Right Track > > This document has been reviewed as part of the transport area review team's ongoing > effort to review key IETF documents. These comments were written primarily for > the transport area directors, but are copied to the document's authors and WG to > allow them to address any issues raised and also to the IETF discussion list for > information. > > When done at the time of IETF Last Call, the authors should consider this > review as part of the last-call comments they receive. Please > always CC tsv-art@ietf.org if you reply to or forward this review. > > GUE is a new generic UDP encapsulation that is intended to provide a common > widely applicable encapsulation mechanism that can displace a variety of > more specific encapsulation mechanisms. The draft is well written and has > a number of clever ideas, e.g., use of the first two bits of the IP version number > to define GUE variant 1 without including a GUE header. > > I found three major issues and a number of minor issues. I apologize for the delay > in this review courtesy of a day-job crisis and being one of the recipients of the > second round of the flu in the eastern US. > > --- Major --- > > [1] IPv6 zero checksum > > 5.7.3: > > In IPv6, there is no checksum in the IPv6 header that protects > against mis-delivery due to address corruption. Therefore, when GUE > is used over IPv6, either the UDP checksum or the GUE header checksum > SHOULD be used unless there are alternative mechanisms in use that > protect against misdelivery. The UDP checksum and GUE header checksum > SHOULD NOT be used at the same time since that would be mostly > redundant. > > If neither the UDP checksum nor the GUE header checksum is used, then > the requirements for using zero IPv6 UDP checksums in [RFC6935] and > [RFC6936] MUST be met. > > I don't think the second paragraph works, because it imposes design > requirements on the encapsulated protocol to protect the GUE header when > one cannot in general expect design of that protocol to anticipate GUE > encapsulation. My initial suggestion is to change the first "SHOULD" > in the first paragraph to a "MUST" but even that may not meet RFC 6936's > requirements. > > In any case, please read RFC 6936 in detail, and explain how GUE meets > RFC 6936's requirements - in general it is not sufficient to require to just > state that they have to be met because some of the requirements are > protocol design requirements that GUE has to meet. > > [2] Tunnels > > Section 5.8 needs to normatively reference draft-ietf-intarea-tunnels > and be revised accordingly, e.g., as that draft will update RFC 4459. > > [3] Congestion control > > Section 5.9: > > In the case that the encapsulated traffic does not implement any or > sufficient control, or it is not known whether a transmitter will > consistently implement proper congestion control, then congestion > control at the encapsulation layer MUST be provided per [RFC8085]. > > Ok, that text has the right overall view, but I question whether this > "MUST" requirement is implementable in practice based on the brief > discussion in this section. > > > --- Minor --- > > [A] 3.2.2. Ctype field: > > This document does not specify any standard control message types > other than type 0. Type 0 does not define a format of the control > message. Instead, it indicates that the GUE payload is a control > message, or part of a control message (as might be the case in GUE > fragmentation), that cannot be correctly parsed or interpreted > without additional context. > > Hmm - seems to be a lot of "trust us" in this text. What does this > text add over and above the first paragraph in this section? The quoted > paragraph does not by itself appear to specify anything that interoperates. > > [B] 3.3.1. (Flags and extension fields) Requirements: > > Extension fields are placed in order of the flags. New flags are to > be allocated from high to low order bit contiguously without holes. > > That is not mentioned in the IANA considerations. How will that be > enforced? > > [C] 3.4. Private data: > > If a decapsulator receives a GUE packet with private data, it MUST > validate the private data appropriately. > > What does "appropriately" mean? In other words, how a protocol designer > or implementer determine whether the "MUST" requirement has been complied > with? > > [C] 5.3. Encapsulator operation: > > For instance, if an IP packet is being > encapsulated in GUE then diffserv interaction [RFC2983] and ECN > propagation for tunnels [RFC6040] SHOULD be followed. > > That's close, but not what needs to be said. RFC 2983 is informative > - it should be referenced as a useful source of design guidance without > using an RFC 2119 keyword. The quoted text requires that RFC 2983 be > normatively referenced, which is unlikely to be what was wanted (NB: > I'm the author of RFC 2983). > > In contrast, the RFC 6040 requirement ought to be a "MUST" requirement, > not a "SHOULD" requirement. > > [D] 5.11.1. Flow classification: > > This discussion of IPsec headers (AH and ESP) needs to reference the > relevant IPsec RFCs. > > In addition, some more discussion on how AH transport mode works is > needed, as the GUE receiver does some header processing *before* the > IPsec AH transport mode processing that includes header checks. That > appears to merit mention in security considerations. > > [E] Section B.1 on privileged ports appears to contain a security > consideration that should be included in the security considerations > section > > --- Editorial --- > > Section 5.1: > > Network tunneling can be achieved by encapsulating layer 2 or layer 3 > packets. > > Should explain what layer 2 and layer 3 mean. GUE encapsulation of > layer 3 packets is directly provided by GUE variant 1, but how is GUE > intended to provide (or how could GUE provide) encapsulation of layer 2 > packets? Adding an example will suffice. > > Section 5.2: > > When encapsulating layer 4 packets, > > Say a few words on how this is done, e.g., protocol nubmer for UDP or TCP > in GUE variant 0. > > Section 5.4: > > Note that set flags in a GUE > header that are unknown to a decapsulator MUST NOT be ignored. If a > GUE packet is received by a decapsulator with unknown flags, the > packet MUST be dropped. > > This should be stated in Section 3.3.1 also as part of explaining how > GUE flags work. > > > > > _______________________________________________ > Tsv-art mailing list > Tsv-art@ietf.org > https://www.ietf.org/mailman/listinfo/tsv-art
- [Tsv-art] Tsvart early review of draft-ietf-intar… David Black via Datatracker
- Re: [Tsv-art] Tsvart early review of draft-ietf-i… Gorry (erg)