IETF Logo Mail Archive

Re: [tsvwg] Update to Position Statement on ECT(1)

Gorry Fairhurst <gorry@erg.abdn.ac.uk> Thu, 28 May 2020 11:17 UTC

Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B95143A0D97 for <tsvwg@ietfa.amsl.com>; Thu, 28 May 2020 04:17:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o0DzAoOIIxSd for <tsvwg@ietfa.amsl.com>; Thu, 28 May 2020 04:17:50 -0700 (PDT)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [IPv6:2001:630:42:150::2]) by ietfa.amsl.com (Postfix) with ESMTP id 4A50F3A0D96 for <tsvwg@ietf.org>; Thu, 28 May 2020 04:17:50 -0700 (PDT)
Received: from Gs-MacBook-Pro.lan (fgrpf.plus.com [212.159.18.54]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id 9851D1B00151; Thu, 28 May 2020 12:17:41 +0100 (BST)
To: Sebastian Moeller <moeller0@gmx.de>, "Holland, Jake" <jholland@akamai.com>
Cc: TSVWG <tsvwg@ietf.org>
References: <BE44EAE9-5CFB-4F5D-85B8-05AFA516C151@akamai.com> <CACL_3VEbUHB-Omwp1-g5Tq3G3J-kKj9N3jPZLcfruicw3X=AsA@mail.gmail.com> <2CBBD8CD-2088-4E41-B113-EED665853D3C@akamai.com> <CAM4esxSFCBcxXjz5JJJg1z6+wwfN3mTrtJ8bKiBsj2TeOmmFSw@mail.gmail.com> <93331803-e7db-95dc-a4ae-052c347c3c86@bobbriscoe.net> <MN2PR19MB4045568B4A794F1DCE6974BB83B90@MN2PR19MB4045.namprd19.prod.outlook.com> <42234fd1-6ee8-cbcc-408c-1ea2b2554f2b@bobbriscoe.net> <9539CFBB-5F07-4104-B30D-BFE323F20352@akamai.com> <CACL_3VG3xwP=XLdzpdH2BMiFgb7a4aBNnp-SWkMSm+0=GbibXQ@mail.gmail.com> <5CD259C9-FA69-42C5-A879-1A85BB57343D@akamai.com> <B32AB94B-ECAA-4B76-80E3-510E4D071C51@gmx.de> <318274A2-E8D3-4CFA-B4BD-CD67EDA4A759@akamai.com> <7E25905C-37C8-401B-B50F-B3909EFAC3CE@gmx.de>
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Message-ID: <e3f787f3-a1ac-7201-0abc-5a77c8d53539@erg.abdn.ac.uk>
Date: Thu, 28 May 2020 12:17:40 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.8.0
MIME-Version: 1.0
In-Reply-To: <7E25905C-37C8-401B-B50F-B3909EFAC3CE@gmx.de>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/CkGsF1JqQmoyh3L9xjjHDnOJr3A>
Subject: Re: [tsvwg] Update to Position Statement on ECT(1)
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 May 2020 11:17:53 -0000

Please relate ECN tunnel discussions to the relevant work items. Is this 
related to draft-ietf-tsvwg-rfc6040update-shim or the 
draft-ietf-tsvwg-ecn-encap-guidelines or to draft-ietf-intarea-tunnels?

Gorry


On 28/05/2020 11:54, Sebastian Moeller wrote:
> Hi Jake,
>
> thanks for the information. Indeed a case of the perfect being an enemy of the good.
>  From rfc3168:
> "The presence of a copy of the ECN field in the inner header of an IP
>     tunnel mode packet provides an opportunity for detection of
>     unauthorized modifications to the ECN field in the outer header."
>
> This in a nutshell was an original sin, of being clever when KISS could have carried the day. Now, at the time that was probably a reasonable choice, but I wonder whether that design decision is not worth revisiting?
>
> I would humbly ask, whether it is possible to get rid of that requirement and get back to the simple strict copy regime and leave the tampering detection to the endpoints? As the current L4S tunneling discussion indicates, that intent of being cautious back then now is a burden.
>
> I note that according to https://tools.ietf.org/html/rfc4301 tunnel entry already does the simple copy inner to outer, it is really ony the decapsulation side that needs special care...
>
>
>> On May 28, 2020, at 10:21, Holland, Jake <jholland@akamai.com> wrote:
>>
>> Hi Sebastian,
>>
>> On 5/28/20, 12:57 AM, "Sebastian Moeller" <moeller0@gmx.de> wrote:
>>> I have a question regarding tunneling, that IMHO is left unanswered
>>> so far. Why is the rule for ECN and tunneling not simply: copy the
>>> inner to outer on encapsulation and the outer to inner on
>>> decapsulation. Period.
>> Please see RFC 6040.  Section 7 gives the design principles,
>> and Section 4 describes the current standard rules.  The Intro
>> also reviews some of the other considerations that went into it.
> 	[SM] Thanks.
>
>
>> Of course there are some important considerations toward ensuring
>> that CE is not erased on the inner or outer packet, regardless
>> of whatever network condition led to that occurring, if it
>> occurs, which seemed to get a bit more attention than the ECT(1)
>> overwriting.  But as far as I can tell, the overall reasoning is
>> more or less laid out there.
> 	[SM] So what puzzles me is that these rules all give tunneled traffic additional ECN sanity checking that non-encapsulated packets traveling over the same path and hence the same AQMs do not enjoy?
>
>
>> If you're looking for a deeper "why", I guess there's also the
>> comments in the writeup and final reviews:
>> https://datatracker.ietf.org/doc/rfc6040/writeup/
>> https://datatracker.ietf.org/doc/rfc6040/ballot/
> 	[SM] Thanks a lot, short but helpful.
>
>> Probably also there's some discussion in the list archives around
>> that time if you care to search for it.
>>
>> But it seems the consensus at the time landed on a copy of outer
>> to inner for ECT(1) overwriting ECT(0) on decapsulation, but not
>> for ECT(0) overwriting ECT(1) (which I think is the only change I'd
>> want in order to enable the 2-signal proposal, to the extent it
>> seems possibly worth doing).  To me it's an understandable decision,
>> especially considering RFC 6660, which seems essentially "SCE but
>> only applicable inside DSCP", and would prefer not to lose that pre-
>> congestion signal if something weird happens while it's tunneled.
> 	[SM] But again that same pre-congestion signal would be lost for non tunneled packets encountering the same path, no? The only additional step would e the tunnel decap, but we need that to work reliable anyway, as otherwise nothing is guaranteed anymore?
>
>> As an aside, I think it's a fair claim that Bob made, that he's the
>> one who has been trying to fit this jigsaw together for over a decade.
> 	[SM] Sure, that is quite some work and time invested in all of this.
>
>> Not to endorse his conclusion that the best choice today is to do
>> something that seems to break regular ECN, but between his authorship
>> of those specs and his long list of other publications on the topic,
>> it's a good bet that Bob has given the whole space a larger quantity
>> of thought than anyone else alive, which is certainly worth something.
> 	[SM] Sure, the sign that I propose simplistic solutions, is probably a cause of Kruger-Dunning and nit fully appreciation the intricacies of the problem space and what kind of unfortunate behavior already exists in the wild and needs to be dealt with.
>
> 	That said, "working best" with the current breed of tunnels is not the only sane criterion, especially if we are talking about longer term evolution of the network.
>
> Best Regards & Thanks
> 	Sebastian
>
>
>
>> Best regards,
>> Jake
>>
>>
-- 
G. Fairhurst, School of Engineering

v2.23.0 | Report a Bug | By Email