Re: [tsvwg] David Black's WGLC review of draft-ietf-tsvwg-rfc6040update-shim-08
"Black, David" <David.Black@dell.com> Mon, 20 May 2019 14:39 UTC
Return-Path: <David.Black@dell.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F7BA120096 for <tsvwg@ietfa.amsl.com>; Mon, 20 May 2019 07:39:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.71
X-Spam-Level:
X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dell.com header.b=o/fTa2/L; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=emc.com header.b=d9sw+vqZ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zNSl23wKfUJo for <tsvwg@ietfa.amsl.com>; Mon, 20 May 2019 07:39:29 -0700 (PDT)
Received: from mx0b-00154904.pphosted.com (mx0b-00154904.pphosted.com [148.163.137.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27C77120089 for <tsvwg@ietf.org>; Mon, 20 May 2019 07:39:29 -0700 (PDT)
Received: from pps.filterd (m0170395.ppops.net [127.0.0.1]) by mx0b-00154904.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x4KEUAL7026562; Mon, 20 May 2019 10:38:39 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dell.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=smtpout1; bh=iLityKzjMpT0J8nRPeJ0FELkdquAyNMCSr6L/f1DVuU=; b=o/fTa2/LGENpujqZ68cyFlkcWcinCA6dV8HL8TjB40xZT35TDoSk2kuYo3jhLxSFTAvO Lh1e5HDu01jaqyBT7JHgHTQmenC6+d7b/2r5HjBul9vTIeylXz8N0IrdQ5DCeIXdL9Sm Eux54Sm7y9pjavHDZtVyBUwfqgVm43utu4zhUBA4W6x4aU44bYmtTJvAUDT6zaXWTHnT J9xb2CQ0oCAtwrGglH3KzTnw8boJ1GApkVvjn/lh4hOgDAth+tCJ1gwrosUlFel4JgKL sKZkZPrk+e1PV3J8LOqe2BxkFaOU+sCVKQk0Wu3p942o22M3OLOMdrtV3XiEedQi0Zei fA==
Received: from mx0a-00154901.pphosted.com (mx0a-00154901.pphosted.com [67.231.149.39]) by mx0b-00154904.pphosted.com with ESMTP id 2sjeqnm9bm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 20 May 2019 10:38:39 -0400
Received: from pps.filterd (m0142693.ppops.net [127.0.0.1]) by mx0a-00154901.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x4KESiFF152932; Mon, 20 May 2019 10:38:38 -0400
Received: from mailuogwhop.emc.com (mailuogwhop.emc.com [168.159.213.141]) by mx0a-00154901.pphosted.com with ESMTP id 2skv4ujbrn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 20 May 2019 10:38:38 -0400
Received: from maildlpprd06.lss.emc.com (maildlpprd06.lss.emc.com [10.253.24.38]) by mailuogwprd02.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id x4KEcTCq018417 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 20 May 2019 10:38:35 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd02.lss.emc.com x4KEcTCq018417
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1558363116; bh=wfYWiqaTnRnRf0P2vzOJm25ZyL4=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=d9sw+vqZZ+2ZJPFdvK15uS1Jej9XvfIDLsTc0KTQ0rwzARkqStIf92WEe1Km7MhA0 2i17cnYZ+KI1DHezWVzcfgVmQfkQx4/KLn7Igv/u2u6XTNn4Vc3v3K1HI0s8yUIxTr vevT6eBXMk3wUWFV5x96IxIUZK1QKwwHB6PglfM4=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd02.lss.emc.com x4KEcTCq018417
Received: from mailusrhubprd02.lss.emc.com (mailusrhubprd02.lss.emc.com [10.253.24.20]) by maildlpprd06.lss.emc.com (RSA Interceptor); Mon, 20 May 2019 10:37:55 -0400
Received: from MXHUB301.corp.emc.com (MXHUB301.corp.emc.com [10.146.3.27]) by mailusrhubprd02.lss.emc.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.0) with ESMTP id x4KEc6MC008483 (version=TLSv1.2 cipher=AES128-SHA256 bits=128 verify=FAIL); Mon, 20 May 2019 10:38:14 -0400
Received: from MX307CL04.corp.emc.com ([fe80::849f:5da2:11b:4385]) by MXHUB301.corp.emc.com ([10.146.3.27]) with mapi id 14.03.0439.000; Mon, 20 May 2019 10:37:27 -0400
From: "Black, David" <David.Black@dell.com>
To: Bob Briscoe <ietf@bobbriscoe.net>, "gorry@erg.abdn.ac.uk" <gorry@erg.abdn.ac.uk>
CC: "tsvwg@ietf.org" <tsvwg@ietf.org>
Thread-Topic: [tsvwg] David Black's WGLC review of draft-ietf-tsvwg-rfc6040update-shim-08
Thread-Index: AdUGAGT4Th8zbG5rQXClmZ/2hSiF0gAAs+7gAZfidQAAGJaicAArho6AAGkwCgAAAF9XUA==
Date: Mon, 20 May 2019 14:37:27 +0000
Message-ID: <CE03DB3D7B45C245BCA0D243277949363057266B@MX307CL04.corp.emc.com>
References: <CE03DB3D7B45C245BCA0D243277949363055BC3F@MX307CL04.corp.emc.com> <CE03DB3D7B45C245BCA0D243277949363055BDDC@MX307CL04.corp.emc.com> <89e67cfc-9574-c7a7-b837-c909c2180595@bobbriscoe.net> <CE03DB3D7B45C245BCA0D243277949363056D070@MX307CL04.corp.emc.com> <5CDFBED3.7070207@erg.abdn.ac.uk> <dd907bc5-56bc-3c4d-8e3c-6e131e208074@bobbriscoe.net>
In-Reply-To: <dd907bc5-56bc-3c4d-8e3c-6e131e208074@bobbriscoe.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.238.21.130]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd02.lss.emc.com
X-RSA-Classifications: public
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-05-20_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905200096
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905200096
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/1_gKH8GM0GjlaRn2dhjlkgfHe4w>
Subject: Re: [tsvwg] David Black's WGLC review of draft-ietf-tsvwg-rfc6040update-shim-08
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 May 2019 14:39:33 -0000
+1 on Bob's comments - both the "MUST" and "SHOULD" statements in this discussion apply to the tunnel ingress. Thanks, --David > -----Original Message----- > From: Bob Briscoe <ietf@bobbriscoe.net> > Sent: Monday, May 20, 2019 6:26 AM > To: gorry@erg.abdn.ac.uk; Black, David > Cc: tsvwg@ietf.org > Subject: Re: [tsvwg] David Black's WGLC review of draft-ietf-tsvwg- > rfc6040update-shim-08 > > > [EXTERNAL EMAIL] > > > > On 18/05/2019 09:14, Gorry Fairhurst wrote: > > Just one check below: > > > > On 17/05/2019, 16:34, Black, David wrote: > >> > >> Before going further down the compliance rathole, let me suggest an > >> alternative that might resolve this quickly. > >> > >> The crucial text (whose technical correctness is not in question) is: > >> In order that the network operator can comply with the above > >> safety rules, even if an implementation of a tunnel ingress does > >> not claim to support RFC 6040, RFC 4301 or the full functionality > >> mode of RFC 3168: > >> > >> * it MUST make propagation of the ECN field between inner and > >> outer IP headers independent of any configuration of Diffserv > >> codepoint propagation; > >> > >> * it SHOULD be able to be configured to zero the outer ECN field. > >> > >> The headaches are being caused by treating that text as an update to > >> RFC 6040, but looking at it now, > >> > >> it reads like a best current practice recommendation, so . > >> > >> Would it be reasonable to move that text into the ecn-encapsulation > >> draft (which is intended to become > >> a BCP)? Doing that would sidestep the entire discussion of > >> consequences of the consequences of > >> updating RFC 6040 with that text. > >> > >> If that sounds plausible, we should take a look at whether any of the > >> other RFC 6040 update text in section > >> 4 should likewise be moved to the ECN encapsulation draft. > >> > > I had to read this several times, and wasn't quite sure: > > > > * it SHOULD be able to be configured to zero the outer ECN field. > > Was the intention that: > > > > * the configuration SHOULD allow a sender to zero the ECN field in the > > outer header. > > I'm not sure whether you're using 'sender' to mean 'tunnel ingress' or > the original sender. I've repeated the sentence with explanations in [], > 'cos I'm not quite sure what problem you're having with it. > > * it [the tunnel ingress] SHOULD be able to be configured to zero the > outer ECN field [the ECN field in the outer header]. > > > For instance, if a tunnel ingress with no specific ECN logic had a > configuration capability to refer to the last 2 bits of the old ToS Byte > of the outer (e.g. with a 0x3 mask) and set them to zero, while also > being able to allow the DSCP to be mapped or set to something, that > would be sufficient to satisfy both the implementation requirements. > > In fact, I think I'll add that as an example. > > > Bob > > > > > > > Gorry > > > >> Thanks, --David > >> > >> *From:*Bob Briscoe <ietf@bobbriscoe.net> > >> *Sent:* Thursday, May 16, 2019 7:44 PM > >> *To:* Black, David; tsvwg@ietf.org > >> *Subject:* Re: [tsvwg] David Black's WGLC review of > >> draft-ietf-tsvwg-rfc6040update-shim-08 > >> > >> [EXTERNAL EMAIL] > >> > >> David, > >> > >> I'll split your email in two and solely deal with the major issue > >> first. See inline. > >> > >> On 09/05/2019 02:08, Black, David wrote: > >> > >> idnits found a couple of minor things: > >> > >> * Current reference for IKEv2 is RFC 7296 instead of RFC 5996 > >> * If any text was copied from pre-5378 RFCs, an additional > >> boilerplate disclaimer is required. > >> > >> Thanks, --David > >> > >> *From:* Black, David > >> *Sent:* Wednesday, May 8, 2019 8:50 PM > >> *To:* tsvwg@ietf.org <mailto:tsvwg@ietf.org> > >> *Subject:* David Black's WGLC review of > >> draft-ietf-tsvwg-rfc6040update-shim-08 > >> > >> This is a solidly written draft on updating tunnel protocols that > >> use shim headers to propagate ECN according to RFC 6040. > >> > >> Unfortunately, I found a major issue with the updates [1] along > >> with a few minor issues (easily dealt with) and a bunch of > >> editorial items. > >> > >> The major issue [1] on updates creating non-compliant > >> implementations looks like it will need WG discussion on what > >> should be done, as the "right thing to do" appears to be in > >> potential conflict with deployed "running code". > >> > >> --- Major --- > >> > >> [1] Compliance with RFC 6040 update > >> > >> Section 3.1 says: > >> > >> However, an RFC has no jurisdiction over implementations that choose > >> > >> not to comply with it or cannot comply with it, including all those > >> > >> implementations that pre-dated the RFC. Therefore it would have been > >> > >> unreasonable to add such a requirement to RFC 6040. > >> > >> But then Section 4 goes on to do exactly that by updating RFC > >> 6040 to > >> > >> add this text: > >> > >> In order that the network operator can comply with the above > >> > >> safety rules, even if an implementation of a tunnel ingress does > >> > >> not claim to support RFC 6040, RFC 4301 or the full functionality > >> > >> mode of RFC 3168: > >> > >> * it MUST make propagation of the ECN field between inner and > >> > >> outer IP headers independent of any configuration of Diffserv > >> > >> codepoint propagation; > >> > >> * it SHOULD be able to be configured to zero the outer ECN field. > >> > >> followed by this attempt to excuse the result: > >> > >> There might be concern that the above "MUST" makes compliant > >> > >> equipment non-compliant at a stroke. However, any equipment that is > >> > >> still treating the former ToS octet (IPv4) or the former Traffic > >> > >> Class octet (IPv6) as a single 8-bit field is already non-compliant, > >> > >> and has been since 1998 when the upper 6 bits were separated off for > >> > >> the Diffserv field [RFC2474], [RFC3260]. For instance, copying the > >> > >> ECN field as a side-effect of copying the DSCP is a seriously unsafe > >> > >> bug that risks breaking the feedback loops that regulate load on a > >> > >> tunnel. > >> > >> These three chunks of text need to be aligned.. I'm not sure what > >> should > >> > >> be done here, as the concern about updating RFC 6040 to cause > >> non-compliance > >> > >> is an important concern. > >> > >> [BB] This draft proposes to update RFC6040, which in turn updated > >> RFC3168, which in turn updated RFC2474 (there were other RFCs in the > >> tree of updates ending at RFC6040, but those updates were not with > >> respect to the Diffserv/ECN fields). > >> > >> I fully agree that we have to be careful not to make any equipment > >> that already complies with any of these RFCs non-compliant. And we > >> don't... > >> > >> If any equipment does not satisfy the proposed 'MUST' statement > >> above, it will not be treating the DSCP and the ECN fields > >> independently. Such equipment would not have complied with RFC2474, > >> which separated out the last 2 bits of the ToS byte, which made it > >> possible to specify ECN in the first place. > >> > >> So the proposed 'MUST' statement does not make any equipment that > >> complied with any of these RFCs non-compliant, unless it was already > >> non-compliant with RFC2474. And RFC2474 grandfathered all these RFCs. > >> So the equipment would already be non-compliant with all these RFCs. > >> > >> Now, check the detailed wording: > >> > >> even if an implementation of a tunnel ingress does > >> > >> not claim to support RFC 6040, RFC 4301 or the full functionality > >> > >> mode of RFC 3168: > >> > >> * it MUST make propagation of the ECN field between inner and > >> > >> outer IP headers independent of any configuration of Diffserv > >> > >> codepoint propagation; > >> > >> > >> You'll notice RFC2474 is not in the list of RFCs that an > >> implementation might even not claim to support. That's because the > >> MUST is about Diffserv configuration. If equipment offers any > >> Diffserv configuration, it already has to comply with RFC2474. > >> However, if it doesn't already comply with this MUST, it already > >> doesn't comply with RFC2474. > >> > >> So again, this MUST does not make any equipment that complied with > >> any of the chain of RFCs non-compliant, unless they were already > >> non-compliant with RFC2474, and therefore non-compliant with all the > >> RFCs in the chain of updates up to RFC6040, because RFC2474 > >> grandfathered the chain. > >> > >> > >> > >> Analogous non-compliance concerns apply to the updates to other > >> RFCs in > >> > >> Section 5 to varying degrees. > >> > >> If you accept my arguments above, but can still find other > >> non-compliance concerns, please do point them out. > >> > >> Nonetheless, I'm pretty sure I've been similarly careful to avoid > >> introducing any non-compliance surprises. > >> > >> > >> > >> Bob > >> > >> > >> > >> > >> -- > >> > __________________________________________________________ > ______ > >> Bob Briscoehttp://bobbriscoe.net/ <http://bobbriscoe..net/> > > > > -- > __________________________________________________________ > ______ > Bob Briscoe http://bobbriscoe.net/
- [tsvwg] David Black's WGLC review of draft-ietf-t… Black, David
- Re: [tsvwg] David Black's WGLC review of draft-ie… Black, David
- Re: [tsvwg] David Black's WGLC review of draft-ie… Bob Briscoe
- Re: [tsvwg] David Black's WGLC review of draft-ie… Black, David
- Re: [tsvwg] David Black's WGLC review of draft-ie… Bob Briscoe
- Re: [tsvwg] David Black's WGLC review of draft-ie… Bob Briscoe
- Re: [tsvwg] David Black's WGLC review of draft-ie… Bob Briscoe
- Re: [tsvwg] David Black's WGLC review of draft-ie… Gorry Fairhurst
- Re: [tsvwg] David Black's WGLC review of draft-ie… Bob Briscoe
- Re: [tsvwg] David Black's WGLC review of draft-ie… Black, David
- Re: [tsvwg] David Black's WGLC review of draft-ie… Black, David
- Re: [tsvwg] David Black's WGLC review of draft-ie… Black, David
- [tsvwg] ECN tunnel update to UDP Guidelines (was:… Bob Briscoe
- Re: [tsvwg] David Black's WGLC review of draft-ie… Bob Briscoe
- Re: [tsvwg] ECN tunnel update to UDP Guidelines Gorry Fairhurst
- Re: [tsvwg] ECN tunnel update to UDP Guidelines Bob Briscoe
- Re: [tsvwg] ECN tunnel update to UDP Guidelines Black, David