IETF Logo Mail Archive

Re: [tsvwg] signaling packet importance [was Re: New Version Notification for draft-herbert-fast]

Sebastian Moeller <moeller0@gmx.de> Mon, 14 August 2023 08:55 UTC

Return-Path: <moeller0@gmx.de>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFC18C15152D for <tsvwg@ietfa.amsl.com>; Mon, 14 Aug 2023 01:55:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.554
X-Spam-Level:
X-Spam-Status: No, score=-2.554 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ADsxhInsD3WN for <tsvwg@ietfa.amsl.com>; Mon, 14 Aug 2023 01:55:12 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B681C151525 for <tsvwg@ietf.org>; Mon, 14 Aug 2023 01:55:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1692003299; x=1692608099; i=moeller0@gmx.de; bh=WIutQq1iFmdwXrW4xg2Q/ULDEsYJtl/kSITqSclw3JE=; h=X-UI-Sender-Class:Subject:From:In-Reply-To:Date:Cc:References:To; b=SAtd6myCuAYPtNtuMhXpvdlNpw86+yImh8jly83MbB7PVYEg6WWFv72J0JMEHm8eAM78A9S 4kllDX+snHtkcx8o+dm1zjUVfYJdTVwcAnz0aMEeZG89E2Ht4VDACjupcZ8Z3K+cZR8gKMUIe DL+iOy3wb0FaFaTPQp8YBS+L0lMSkyGR/q5mYLs25zLUa2yNThbJTGbg+luKq72YyF8UfNDVD MaNJZER4wNrXPXaYIxD3I1+Dt8e2y12Y0wmgMcT9hlk2E+4+z90LYqP/xRm6NWTnwZsmMxCOZ exv77BTKdNb4FYYwQPuKrvvhjmKZjZHh2KHl09ieYwbzx3BAgWYg==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from smtpclient.apple ([134.76.241.253]) by mail.gmx.net (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1Msq24-1pcGCZ32Bk-00tEaK; Mon, 14 Aug 2023 10:54:59 +0200
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.4\))
From: Sebastian Moeller <moeller0@gmx.de>
In-Reply-To: <SN4PR13MB5311ECEBF7141AC37D782047E816A@SN4PR13MB5311.namprd13.prod.outlook.com>
Date: Mon, 14 Aug 2023 10:54:58 +0200
Cc: "touch@strayalpha.com" <touch@strayalpha.com>, "C. M. Heard" <heard@pobox.com>, TSVWG <tsvwg@ietf.org>, Sri Gundavelli <sgundave@cisco.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <B2B6438D-96FC-4FBE-8361-70824CCBAAFC@gmx.de>
References: <5014A95B-C4CC-40DE-8CC7-4503D438E7F4@gmail.com> <CALx6S340SWJNOgj17aYF7_ij1ygj3szv6TGnSAe+GU3aqOLT6g@mail.gmail.com> <EDC4FB06-2F31-403C-96CE-1DC3F69CDCB1@gmail.com> <CACL_3VHNu7W=8TnatkApjy2BcaSzhpp9Aq++1W+fvKH0=EJtPQ@mail.gmail.com> <1A0F0DC9-8E0B-461A-9FD1-32C4BF78BD29@strayalpha.com> <CACL_3VEycg263=MMYOdPSGav1obOaY7567uVmNRDzhgn60z97Q@mail.gmail.com> <8E3CC770-E94B-4CA8-9FBD-CE59B5AD68D7@strayalpha.com> <SN4PR13MB5311AC6D43344330601DB0A0E816A@SN4PR13MB5311.namprd13.prod.outlook.com> <53022E94-30DA-4D85-B42C-6AD57AE225FE@gmx.de> <SN4PR13MB5311ECEBF7141AC37D782047E816A@SN4PR13MB5311.namprd13.prod.outlook.com>
To: Kaippallimalil John <john.kaippallimalil@futurewei.com>
X-Mailer: Apple Mail (2.3696.120.41.1.4)
X-Provags-ID: V03:K1:JJBdhWhWqwmoLauVuIRy+j7Ot2Nw0S5yWI88h32IopvOjs/tf2G mPgc2g6uakFDN2icAuP71SsybDdW20sFzO3esh8Lrj/2nWXGsy1GLmlToFGnuSI2i28ygyK gc5hg5v508RUWori7ZN1OsAJczeie4bftfSpaX9vDiISos5GAsHO/rQmdjXdV/2GPsxDd/M jcISSsBU0u9knP7YpHmFg==
UI-OutboundReport: notjunk:1;M01:P0:3U1BTORe2rY=;7eRY0iYB/AfLK5wOLPuEYwWmuA+ ACfh3WUQcycmwqb4dZN9iMQ+h5AHyRISYWF5B14cL+JP+K4dXKUQ3b34Ex9KSGwgc5CmQqPqn OEJGuiAwRfaeT33S0x6Qm9Tz+m170wc7ygDBiOvvXI73y1uQYM6HVPuW8JSoBvIL03s/KFrCK GWyf/F/vRGFAAm6RheQcLeCv7Wn9/k82osS/O+dXS7MFcoSmspVy/FL44xbJcbgMHkl0e9s2A u9s9BMbJXds7TwG9uMqlxazznUXsDPd+4QcydwKnnw8R071Tw8mLnBXCb5fOFlUotfFfjIpVR rQIvfDA0VRp+NuP3O5SxceR8OrTwmkLVxAHMS9bW/Peuigy7w3xLA0QRgTZmYWsfHVE+/c9qU 7Xb0tfNSgVL96u1+zcIejp1IYjK9XHqQ0ea1X+tPBGfG78iM8++RHH65yWHGdhowWhv1SiJMa GWgM9PDGvVy6/Rc5i13F87X03x9t+i7jFb1gqly+JoxfkHUpOev5TwaEsgoGgXgM6AxcoNt/y 7RVtxfhPviO+RNXu+STfi4O+CqWJo9sYmQ27W96lMk95NDfjGs/IAsZ7sXabrtf5JT+UqYRLj MhPRMrz6lcWS1hZG/lgbRHUwOxiCtA2c9M23zr7JIW6FO4frm+RdDW79JA8FnRsxIS52j0KMe k1UX/3so5R1dE8X6gg/7SiVkPQXJ/A24wVCAXQWHQ5hzWUIgjV0rcuvem6u5veyvCkfOq3DO4 bSEhm+JVAoYtCQIuIL9jeerY+o2xEeT+qQO1KMr/r7S/f89XRBuaKzI/C3+Roun3cPx77xCn7 xygj4MyLoT5thvhhtd2paIONVGvbKimIawWLk+u9wwC+9g6Gry6dXChYzLRH5aiL/izjj/a5E 4XhRHuX2rH9wMSVB3LBwbmCv1DXTKnH4NgrzaZI6oTLCGnOk7sKjN9cwdO0xJr1MEiXH5rz5Y ZAMod0tqKR5RqrqM3EQR430200Y=
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/i5a32okY3qV6ZsjiXDCf8HTYGzk>
Subject: Re: [tsvwg] signaling packet importance [was Re: New Version Notification for draft-herbert-fast]
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Aug 2023 08:55:16 -0000

Hi John,


> On Aug 13, 2023, at 22:22, Kaippallimalil John <john.kaippallimalil@futurewei.com> wrote:
> 
> Hi Sebastian,
> 
>> [SM] Could you clarify what exactly "drop MED" means here:
>> a) the packet is dropped (by whom)?
>> b) the MED option is ignored by the scheduling node, and excised
>> c) the MED option is ignored by the scheduling node, and left alone
>> d) the sender stops emitting MED options
> 
> My mail was not clear earlier, sorry about that.
> By "drop", the intent is to remove the UDP option (MED) at the entrance (router) if it is from an untrusted domain. This is to be sure that the data is from a trusted domain only.

	[SM] UDP options, even if used to communicate with the network, should IMHO always be end-to-end. So removing an option during transfer of a packet is problematic. If you must add a bit "acted upon" which is only set to one if a node evaluated the MED option...

> The scheduling node (wireless access point, gNB, etc) will act on the data/option that is presented to it, as it only arrives from a trusted domain.

	[SM] Okay, maybe add another bit "ignore this option"... but realistically this feels quite ad-hoc and not how I would design a protocol to talk to network nodes... I would like to see robust and reliable communication that does not rely on any path between sender and scheduling node to be fully compliant to some rules that require active intervention...

> 
>> How will the sender/scheduling node actually know that the option was visible outside the limited trust-domain? I guess the sending network needs to have clear egress policies about which "exits" can be taken
>> by MED adorned packets, but that means all exist nodes need to peek deep into the UDP headers...
> 
> The scheduling node (wireless access point, gNB) will use the data in MED with the assurance that it has transited only through domains which are trusted (or the whole flow encrypted if it transits an untrusted domain).

	[SM] It essentially needs to trust the full path not having done any shenanigans, is that really as robust and reliable as desirable for a method that aims at affecting QoS/priorities?


> Yes, the sending domains should have clear egress policy to forward only to a trusted domain, or encrypt across a untrusted network.
> And the receiving domain should verify that it is arriving from a trusted network likewise, or is encrypted.  (an example in 3GPP is the use of Security Gateways (SEG) across untrusted networks).

	[SM] I think I like the much less fickle approach where the MED option is always encrypted with a key only distributed to the relevant scheduling nodes.

> 
>> At that point I would argue that having the sender simply encrypt the option with a key the intended scheduler node(s) has/have makes a ton of sense (the scheduling node might even replace the encrypted
>> MED option with its decrypted representation of the MED option for the benefit of the end-node (which then does not also need the key, and can recognize whether the MED option was evaluated)).
>> 
>> Side-note: I am still puzzled at how a scheduler would look like that is supposed to act on such rich information essentially in real-time.... and how to secure such a scheduler against abuse.
> 
> Key provisioning and management is quite complex if we are considering N applications x M wireless networks x Large number of endpoints.

	[SM] So is keeping your trusted paths trust worthy... plus as I proposed, have the scheduling nodes replace the encrypted MED with a plain text one, so end nodes need no keys and immediately see what information was used by the scheduler...


> Note that the content of the packet is always encrypted, and the key management here is for the UDP option/metadata.

	[SM] I am pretty sure if MED takes off and offers tangible benefits for scheduling it will also be used for unencrypted media streams (to spare the scheduling node the work to deep dive into the packets and collect that information). However my interest is keeping the MED option end to end and signal the end points whether the MED option was evaluated/acted upon.


> If we are looking at the general internet,

	[SM] Which, respectfully we should for an IETF PS/Experimental draft, what 3GPP members do in their own private networks (assuming it is without side effects) would not really need IETF RFC status, no?


> I agree that what you suggest, or something like that, would be necessary to secure against abuse.
> In the draft, we have a smaller scope, i.e., that of a trusted limited domain consisting of application, wireless network.
> (Two examples there: (1) an Edge Site connected to a Mobile access network, (2) scenario in (1), but with an untrusted transport network in between over which the entire data is bulk encrypted using IPSec)


	[SM] To me this would make this an informational draft, "look IETFers here is what 3GPP members will do in their private networks". But if it is without side effects, it might not need an RFC at all.
	However, I assume that you want video transmission servers to actually gain the ability to emit MED options, so the whole thing then will not be so nicely compartmentalized, at that point I think looking outside of the initial private use-case gains more importance.

Regards
	Sebastian





> 
> BR,
> John
> 
> 
> -----Original Message-----
> From: Sebastian Moeller <moeller0@gmx.de>
> Sent: Sunday, August 13, 2023 2:43 PM
> To: Kaippallimalil John <john.kaippallimalil@futurewei.com>
> Cc: touch@strayalpha.com; C. M. Heard <heard@pobox.com>; TSVWG <tsvwg@ietf.org>; Sri Gundavelli <sgundave@cisco.com>
> Subject: Re: [tsvwg] signaling packet importance [was Re: New Version Notification for draft-herbert-fast]
> 
> Hi John,
> 
> 
>> On Aug 13, 2023, at 17:47, Kaippallimalil John <john.kaippallimalil@futurewei.com> wrote:
>> 
>>> My concern is that endorsing use of UDP options to signal in-network devices could cause the same reaction as IP HBH options - that they could be seen as unsafe to routers and could cause an over-reaction that causes >  deliberate blocking or stripping.
>>> 
>>> As the discussion noted, that’s not currently the case, or at least as best can be determined. I
>>> 
>>> It’d be useful to avoid creating new reasons that routers would want to interfere. I.e., the question isn’t whether IP options are an alternative - they clearly are the appropriate place for draft-kaippallimalil-tsvwg-media->  hdr-wireless and draft-reddy-tsvwg-explcit-signal - it’s whether using UDP options for those purposes could jeapordize them for everyone else.
>> 
>> The procedures in draft-kaippallimalil-tsvwg-media- hdr-wireless can in theory be realized by encoding it in IPv6 HBH options (IPv4 is another questions) but I share Mike's concern about the timeline.
>> (-- " Those might bear fruit someday, though the timeline is at best uncertain").
>> The authors (of tsvwg-media- hdr-wireless) are primarily looking to providing a viable solution for 3GPP in the short term (end of 2024 or so) even if it is an Experimental or Informational one.
>> 
>> And I acknowledge the issue that Joe has pointed to - of whether UDP options will be seen as unsafe, and a corresponding over-reaction.
>> Our attempt in draft-kaippallimalil-tsvwg-media- hdr-wireless to avoid this has been that:
>> -  the MED option is to be used only within a limited domain that spans an application network and wireless network with pre-established trust (RFC 8799)
>> -  if the MED option crosses an "untrusted network" (e.g. , a transport network in between), the entire flow should be encrypted such that MED is not visible.
>> -  if a MED option is visible outside the limited domain with trust (set of application, wireless networks), the draft recommends that MED be dropped.
> 
>        [SM] Could you clarify what exactly "drop MED" means here:
> a) the packet is dropped (by whom)?
> b) the MED option is ignored by the scheduling node, and excised
> c) the MED option is ignored by the scheduling node, and left alone
> d) the sender stops emitting MED options
> 
> How will the sender/scheduling node actually know that the option was visible outside the limited trust-domain? I guess the sending network needs to have clear egress policies about which "exits" can be taken by MED adorned packets, but that means all exist nodes need to peek deep into the UDP headers...
> 
> At that point I would argue that having the sender simply encrypt the option with a key the intended scheduler node(s) has/have makes a ton of sense (the scheduling node might even replace the encrypted MED option with its decrypted representation of the MED option for the benefit of the end-node (which then does not also need the key, and can recognize whether the MED option was evaluated)).
> 
> Side-note: I am still puzzled at how a scheduler would look like that is supposed to act on such rich information essentially in real-time.... and how to secure such a scheduler against abuse.
> 
> Regards
>        Sebastian
> 
> 
>> 
>> BR,
>> John
>> 
>> 
>> 
>> From: tsvwg <tsvwg-bounces@ietf.org> On Behalf Of touch@strayalpha.com
>> Sent: Sunday, August 13, 2023 10:07 AM
>> To: C. M. Heard <heard@pobox.com>
>> Cc: TSVWG <tsvwg@ietf.org>; Sri Gundavelli <sgundave@cisco.com>
>> Subject: Re: [tsvwg] signaling packet importance [was Re: New Version Notification for draft-herbert-fast]
>> 
>> My concern is that endorsing use of UDP options to signal in-network devices could cause the same reaction as IP HBH options - that they could be seen as unsafe to routers and could cause an over-reaction that causes deliberate blocking or stripping.
>> 
>> As the discussion noted, that’s not currently the case, or at least as best can be determined. I
>> 
>> It’d be useful to avoid creating new reasons that routers would want to interfere. I.e., the question isn’t whether IP options are an alternative - they clearly are the appropriate place for draft-kaippallimalil-tsvwg-media-hdr-wireless and draft-reddy-tsvwg-explcit-signal - it’s whether using UDP options for those purposes could jeapordize them for everyone else.
>> 
>> draft-daiya-tsvwg-udp-options-protocol-number is of a completely different nature; it aims to be part of the transport protocol in chaining the meaning of protocol layers, rather than encoding them all in the destination port of the first exchange. In that regard, it’s more like draft-touch-tcpm-sno (service number option), except that it would require similar ’next protocol’ identifiers at all protocol layers, which is (sadly) not the way current services and protocol stacks work.
>> 
>> Joe
>> 
>> 
>> —
>> Dr. Joe Touch, temporal epistemologist
>> http://www.strayalpha.com/
>> 
>> 
>> On Aug 12, 2023, at 6:14 PM, C. M. Heard <mailto:heard@pobox.com> wrote:
>> 
>> On Fri, Aug 11, 2023 at 7:47 PM Joe Touch wrote:
>> Just to be clear:
>> On Aug 11, 2023, at 2:42 PM, C. M. Heard <mailto:heard@pobox.com> wrote:
>> I've been pushing the idea to co-opt the per-fragment UDP options used for host-to-network signaling, and I'd like to make some comments about that.
>> 
>> This confuses transport options with network options.
>> 
>> Not confusion, but rather an explicit proposal to use the per-fragment options as network options instead of transport options. It is put forward to provide potentially workable solutions to the problems that draft-kaippallimalil-tsvwg-media-hdr-wireless and draft-reddy-tsvwg-explcit-signal are intended to solve.
>> 
>> Granted, an architecturally preferable way to accomplish these objectives would be to use IPv4 Options or IPv6 Hop-by-Hop Options. Indeed, I myself would prefer for IPv4/IPv6 Options to be used if the issues of high discard rates of packets with these options could be solved. There are efforts underway to mitigate the problems for IPv6 Hop-by-Hop Options. Those might bear fruit someday, though the timeline is at best uncertain. But as far as I know, the discard rates for IPv4 Options are equally dismal, and there are no efforts underway to fix that problem. Correction by parties with better knowledge of the facts than mine are invited.
>> 
>> My take is that the problems that draft-kaippallimalil-tsvwg-media-hdr-wireless and draft-reddy-tsvwg-explcit-signal (and possibly draft-daiya-tsvwg-udp-options-protocol-number as well) could, in principle, be solved by what I see as a modest change of direction to the UDP Options spec. Whether that would work out in practice is much less certain, for the reasons that Tom Herbert has pointed out. IMO it is a judgement call whether the chances are better to get IP Options (in any version) to work within our professional lifetimes. Given that, I don't think it would be right to turn draft-kaippallimalil-tsvwg-media-hdr-wireless and draft-reddy-tsvwg-explcit-signal away without a proper discussion.
>> 
>> Thanks,
>> 
>> Mike
>> 
>

v2.23.0 | Report a Bug | By Email