IETF Logo Mail Archive

Re: [tsvwg] (transport) RE: Advance notice on request to poll TSVWG for adoption of draft-kaippallimalil-tsvwg-media-hdr-wireless-03

Tom Herbert <tom@herbertland.com> Tue, 07 November 2023 21:26 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEEEBC187722 for <tsvwg@ietfa.amsl.com>; Tue, 7 Nov 2023 13:26:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VnX4toeo8XqH for <tsvwg@ietfa.amsl.com>; Tue, 7 Nov 2023 13:26:05 -0800 (PST)
Received: from mail-pg1-x532.google.com (mail-pg1-x532.google.com [IPv6:2607:f8b0:4864:20::532]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03CDAC15C286 for <tsvwg@ietf.org>; Tue, 7 Nov 2023 13:26:04 -0800 (PST)
Received: by mail-pg1-x532.google.com with SMTP id 41be03b00d2f7-565334377d0so4575102a12.2 for <tsvwg@ietf.org>; Tue, 07 Nov 2023 13:26:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland.com; s=google; t=1699392364; x=1699997164; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ur4fz7urUys6CAvI+ZBCEmAruDuOGaM6PmqwjXwm2Q8=; b=eXwcP93XTEFZPUAHyeG7h1kkeFv5lAZRV7242wJx2+nUk31Qtw0Bf1vjJdfnvGtC/l feI7rr2hbdxY4OLJszmTwIT6K4Pk6+nVavVU/wDeVFIqMvJ/WMhc2FaXUvQn66l8CahF mavGu0Ug8mQWCYKCWs8KdzfpzACAlpC8M8oABDivKsSu1GW4Mao599zVJuHjA68zQW17 mYV8dBZT3ixkfJY5lqmnAhcHZNmP5YSgqjNDhd78phBKdCt7GH1KP++HuuqTdnizkPZu pTjlZZ1JliqkYWGA4pki7t0+09JBnymG0078RbxQX2f0E3jtI+E8qQ4slIzYpO2mIV4Q YkvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699392364; x=1699997164; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ur4fz7urUys6CAvI+ZBCEmAruDuOGaM6PmqwjXwm2Q8=; b=MsbK7axfq2L/Y/vwGdZY7Uz/kbWTaMQB0Fttqo1H+f4f0OeY8Ll0TtNbVxt49RF1pl 4Z3lu66hKZNd6vOp7Czcd16vG5M9L0oU7LPOwEVvihjvXhSI3iE5JcFamw8Iz1ExzCWh Itl73VpURK6AAKYvi5OwP0frVUG/T4GmYTfg7ig4DXdRhI40VTJfZJk785NNKQa6FNMs ldHznAY/7QNqegTFo0D7z0Vx8afB7DOlqKumPzJb9W/EiwGHfL3zVvbCKw9ChBA7QfZE vcCjFZXdBRJnOm3LcHOoD7eBxVuLBbacF01tGgbEyE8YHptMqjHYURDQUMicPuLDmJbD UTcw==
X-Gm-Message-State: AOJu0Yy/PGss/wRSs1BfIRKlou43Kga+NCa6Ui2aZu4fhQk+GdEOZ4sE xZBJ9wPWly6r52uYYHjh2px6lcpeWV+grvs8rG8p6w==
X-Google-Smtp-Source: AGHT+IGjUk74Lfd/7OBi27mYzbTwiXUvyTj7lPbJq+J1wMwxXpP895yw3uVxqyQrUHXNvAntpuwHAv9CaJA7+c35vHg=
X-Received: by 2002:a17:90b:100b:b0:27f:fe79:eb6e with SMTP id gm11-20020a17090b100b00b0027ffe79eb6emr32817050pjb.8.1699392363959; Tue, 07 Nov 2023 13:26:03 -0800 (PST)
MIME-Version: 1.0
References: <CAKKJt-cr7e5pUR=zxaO35Tjn2d=oM-xBvpdyGop+xaLOG-_U9g@mail.gmail.com> <CALx6S34__pK8tTM08fzTAxx=_dAM4MsEwH1-RL7eXGrCdtnR1Q@mail.gmail.com> <7E9754EA-9A11-49F6-A3F2-3F5E630CEBA6@strayalpha.com> <SN4PR13MB5311CF46AF56025360252C3AE8DCA@SN4PR13MB5311.namprd13.prod.outlook.com> <CALx6S378sTLPzis3=qB07OvojjbCTV8St21-31_oZzsUNZ-5vA@mail.gmail.com> <3D728108-E440-4625-BC4F-F1D134C1BD63@gmx.de> <CALx6S36G3s6UjfLXoxdotGoJaaQgXDhBCTVJi=j8=NhQQDUMWw@mail.gmail.com> <CACL_3VFvjNXGWh3jUg7b21z6f8uWQr8aKe_Lok+gqt-_jy1XKg@mail.gmail.com> <SN4PR13MB5311ADF5015B050B3595C121E8A0A@SN4PR13MB5311.namprd13.prod.outlook.com> <CALx6S34KZPMTnMxUWm2x0Pu6npP9FzUuP3wwiu9Aqp4W_LLQ-g@mail.gmail.com> <SN4PR13MB5311E398BB76980CED7FB1BDE8A0A@SN4PR13MB5311.namprd13.prod.outlook.com> <3aad352f-e8c0-40a6-9e0f-783bf7df8ee7@gmail.com>
In-Reply-To: <3aad352f-e8c0-40a6-9e0f-783bf7df8ee7@gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Tue, 07 Nov 2023 14:25:50 -0700
Message-ID: <CALx6S348oOoQS8FEChtA0HVzjbK-ch0kOA2XVB-kvkE9rTFiKw@mail.gmail.com>
To: Bill Gage <billgage.ietf@gmail.com>
Cc: tsvwg <tsvwg@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000302af20609969e33"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/4Ale3iF12kpMkCJvojiM_BwVOe4>
Subject: Re: [tsvwg] (transport) RE: Advance notice on request to poll TSVWG for adoption of draft-kaippallimalil-tsvwg-media-hdr-wireless-03
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Nov 2023 21:26:09 -0000

On Tue, Nov 7, 2023, 1:14 PM Bill Gage <billgage.ietf@gmail.com> wrote:

> In many wireless networks, the Wireless Node acts like a NAT or proxy so
> that the IP address seen by the server is associated with the Wireless
> Node, not (directly) with the client. Even if the client IP address is
> visible to the server, the Wireless Node must be on the (downlink)
> forwarding path so that it can intercept a packet destined for the
> client and redirect the packet to the access node that is serving the
> client.
>
> Given this, I think you could incorporate the metadata into a
> destination options header. A number of surveys have indicated that IPv6
> packets with destination options are not dropped in-transit, unlike the
> problems experienced with HbH options.
>
> Destination options are independent of the transport protocol and, so,
> would be applicable to UDP, TCP, RTP, QUIC, etc. Destination options can
> also be included in an authentication header integrity check value for
> protection.
>
> It would be fairly easy for a server to announce support for providing
> metadata in the destination option of an initial packet and only provide
> subsequent metadata if the Wireless Node (or client) provided a
> reciprocal indication of support in the destination option of a response
> packet.
>

Bill,

Yes, I've been thinking about this as well. Compared to some of the
alternatives this has a certain appeal. I can't immediately think of
anything this would fundamentally break, and it would be possible to update
Destination Options in flight using same rules for modifiable HBH options.
Repurposing Destination Options like this would probably be an update
RFC8200.

Tom


>
> /bill
>
>
> On 2023-10-31 1:52 p.m., Kaippallimalil John wrote:
> > Hi Tom,
> >
> >> Is there significance to referring to the "outer UDP packet" instead of
> just the
> >> "UDP packet"? Are you assuming a UDP tunnel is always used?
> >
> >       [JK] Yes, UDP tunnel is always used. (see Figure 5 /section 6.3 in
> draft)
> >>
> >> Since this makes the information end-to-end, how does it interact with
> or
> >> complement the data in a UDP transport layer protocol such as QUIC?
> >> For example, would MED data in a UDP Option be useful with RTP/QUIC? I
> >> would also point out that QUIC endeavours to encrypt the end-to-end
> >> information, do you believe that MED data in a UDP Option would be
> similarly
> >> encrypted (that would ensure that the network won't try to read or
> modify
> >> the data)?
> >
> >       [JK] MED is still sent per packet.
> > With QUIC or RTP, it would be a UDP in UDP tunnel, with the outer header
> UDP option carrying MED.
> > The inner packet is sent end-to-end and encrypted (or not) end-to-end.
> MED in outer UDP is used for classifying in wireless network.
> >
> > The information in MED does not contain user's data or content related
> data (like CSRC in RTP),
> > so there should be no need to encrypt - the data is more like the M bit,
> Seq#, SSRC, .. of RTP in RFC 9335 (Completely Encrypted RTP) which are only
> authenticated.
> > In the draft we specify that MED is sent only within a trusted limited
> domain and if it crosses an untrusted/transit network, everything must be
> encrypted.
> > Typically security gateways are used at the boundaries (see section 6.2,
> and Figure 4) in such cases and the draft is (re)stating that.
> > Authentication of MED may be needed to detect tampering on path if its
> usage extends beyond such limited domains.
> >
> > BR,
> > John
> >
> >
> >> -----Original Message-----
> >> From: Tom Herbert <tom@herbertland.com>
> >> Sent: Tuesday, October 31, 2023 10:54 AM
> >> To: Kaippallimalil John <john.kaippallimalil@futurewei.com>
> >> Cc: C. M. Heard <heard@pobox.com>; Sri Gundavelli
> >> <sgundave@cisco.com>; Spencer Dawkins at IETF
> >> <spencerdawkins.ietf@gmail.com>; Sebastian Moeller <moeller0@gmx.de>;
> >> Joe Touch <touch@strayalpha.com>; TSVWG <tsvwg@ietf.org>
> >> Subject: Re: (transport) RE: [tsvwg] Advance notice on request to poll
> >> TSVWG for adoption of draft-kaippallimalil-tsvwg-media-hdr-wireless-03
> >>
> >> On Tue, Oct 31, 2023 at 7:20 AM Kaippallimalil John
> >> <john.kaippallimalil@futurewei.com> wrote:
> >>>
> >>> Hi,
> >>>
> >>> Thanks for this feedback. Much of it has been factored into the
> proposed
> >> revision to use MED in outer packet UDP option for now.
> >>>
> >>> Further responses tagged with [JK]:
> >>>
> >>>> But the big elephant in the room is that
> >>>> draft-ietf-tsvwg-udp-options exclusively defines TRANSPORT options
> >>>> designed to be consumed by endpoints, not NETWORK options designed
> >>>> to be inspected by routers or other middleboxes. If
> >>>> draft-kaippallimalil-tsvwg-media-hdr-wireless-03
> >>>> is to be adopted as a basis for future work, then in my opinion one
> >>>> of the adoption questions should be whether the WG would be willing
> >>>> to make this change of direction to draft-ietf-tsvwg-udp-options.
> >>>>
> >>>> The rather lengthy previous discussion pretty much left this last
> >>>> point up in the air, but I came away with the conclusion that trying
> >>>> to fix
> >>>> IPv6 HbH options is probably the better alternative in the long run.
> >>>
> >>>          [JK] The authors discussed this and related notes from Alex
> with the
> >> various trade-offs of each of the transports.
> >>> For this draft, MED in outer UDP packet option from server
> (Provider-A) to
> >> wireless node (Provider-B) is sufficient.
> >>> The only potential drawback may be that the option at the end of the
> >> packet may affect performance, or may not depending on the
> >> implementation.
> >>
> >> Hi John,
> >>
> >> Is there significance to referring to the "outer UDP packet" instead of
> just the
> >> "UDP packet"? Are you assuming a UDP tunnel is always used?
> >>
> >> Since this makes the information end-to-end, how does it interact with
> or
> >> complement the data in a UDP transport layer protocol such as QUIC?
> >> For example, would MED data in a UDP Option be useful with RTP/QUIC? I
> >> would also point out that QUIC endeavours to encrypt the end-to-end
> >> information, do you believe that MED data in a UDP Option would be
> similarly
> >> encrypted (that would ensure that the network won't try to read or
> modify
> >> the data)?
> >>
> >> Tom
> >>
> >>>
> >>>
> >>>
> >>>
> >>>> -----Original Message-----
> >>>> From: C. M. Heard <heard@pobox.com>
> >>>> Sent: Saturday, October 28, 2023 12:53 PM
> >>>> To: Kaippallimalil John <john.kaippallimalil@futurewei.com>; Sri
> >>>> Gundavelli <sgundave@cisco.com>; Spencer Dawkins at IETF
> >>>> <spencerdawkins.ietf@gmail.com>
> >>>> Cc: Tom Herbert <tom@herbertland.com>; Sebastian Moeller
> >>>> <moeller0@gmx.de>; Joe Touch <touch@strayalpha.com>; TSVWG
> >>>> <tsvwg@ietf.org>
> >>>> Subject: Re: [tsvwg] Advance notice on request to poll TSVWG for
> >>>> adoption of draft-kaippallimalil-tsvwg-media-hdr-wireless-03
> >>>>
> >>>> On Sat, Oct 28, 2023 at 9:50 AM Tom Herbert wrote:
> >>>>> On Sat, Oct 28, 2023 at 9:18 AM Sebastian Moeller wrote:
> >>>>>> Unless the respective layer's data is encrypted, intermediate
> >>>>>> nodes obviously can look into packets at every level they
> >>>>>> desire, and since they do not need to ask for permission there
> >>>>>> is really nothing stopping them... Given that fact, it seems
> >>>>>> academic to claim there is a practical difference in usability of
> UDP
> >> options and IPv6 HBH.
> >>>>>
> >>>>> I think there are material differences. UDP Options only work with
> >>>>> UDP, UDP options are in protocol trailers which would be
> >>>>> problematic to support in router hardware data path, and there's
> >>>>> no distinction between transport layer options and network layer
> >>>>> options (i.e. last thing we want is for some router to burn cycles
> >>>>> parsing and skip over a bunch of transport layer options to find
> >>>>> the network layer options they're interested in).
> >>>>
> >>>> I'd like to answer these points.
> >>>>
> >>>> 1. UDP Options only work with UDP.
> >>>>
> >>>> Correct.
> >>>>
> >>>> On the other hand, IPv6 HbH options work only with IPv6 and by all
> >>>> accounts suffer from an egregious drop rate in today's open Internet.
> >>>> There is some empirical evidence that the Internet is much more
> >>>> tolerant of UDP options; however, the measurements didn't test what
> >>>> happens when UDP Length == 8 (which would be required by the
> >>>> potential fixes in 2 and 3 below).
> >>>>
> >>>> 2. UDP options are in protocol trailers which would be problematic
> >>>> to support in a router's [or any middlebox's] hardware data path.
> >>>>
> >>>> Correct but potentially fixable: draft-ietf-tsvwg-udp-options
> >>>> defines per- fragment options, which do not have that disadvantage.
> >>>> Moreover, any host to network signalling in a packet that uses UDP
> >>>> fragmentation would necessarily have to put such signals in the
> >>>> per-fragment options area, not in the trailer (which cannot in
> >>>> principle be located until the packet is reassembled). There is some
> >>>> waste of space by using an atomic FRAG option, but that could in
> >>>> principle be mitigated by introducing a third format that omits the
> >> Identification, Frag.
> >>>> Offset, and Reass DgOpt Start fields (this would be useful in any
> >>>> situation where an endpoint wants to hide one or more UNSAFE
> >> options).
> >>>>
> >>>> 3. There's no distinction between transport layer options and
> >>>> network layer options.
> >>>>
> >>>> Again, correct but potentially fixable: add a proviso to the spec
> >>>> that any option intended for the endpoint use  only SHOULD be in the
> >> trailer.
> >>>>
> >>>> My intent here is not to advocate for the changes, but rather to
> >>>> point out that they are likely to be NECESSARY to turn UDP options
> >>>> into a suitable carrier for host-to-network signalling. I brought
> >>>> these points up before, but I didn't see them addressed in
> >>>> draft-kaippallimalil-tsvwg-media-hdr-wireless-
> >>>> 03.
> >>>>
> >>>> But the big elephant in the room is that
> >>>> draft-ietf-tsvwg-udp-options exclusively defines TRANSPORT options
> >>>> designed to be consumed by endpoints, not NETWORK options designed
> >>>> to be inspected by routers or other middleboxes. If
> >>>> draft-kaippallimalil-tsvwg-media-hdr-wireless-03
> >>>> is to be adopted as a basis for future work, then in my opinion one
> >>>> of the adoption questions should be whether the WG would be willing
> >>>> to make this change of direction to draft-ietf-tsvwg-udp-options.
> >>>>
> >>>> The rather lengthy previous discussion pretty much left this last
> >>>> point up in the air, but I came away with the conclusion that trying
> >>>> to fix
> >>>> IPv6 HbH options is probably the better alternative in the long run.
> >>>>
> >>>> Mike Heard
>
>

v2.23.0 | Report a Bug | By Email