Re: [tsvwg] Ben Campbell's No Objection on draft-ietf-tsvwg-gre-in-udp-encap-18: (with COMMENT)
"Ben Campbell" <ben@nostrum.com> Thu, 29 September 2016 02:32 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF66212B03F; Wed, 28 Sep 2016 19:32:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.216
X-Spam-Level:
X-Spam-Status: No, score=-4.216 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-2.316] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PnkAGzkifrpX; Wed, 28 Sep 2016 19:32:37 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4B8512B008; Wed, 28 Sep 2016 19:32:37 -0700 (PDT)
Received: from [10.0.1.21] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id u8T2WNWA058885 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 28 Sep 2016 21:32:24 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.21]
From: Ben Campbell <ben@nostrum.com>
To: Lucy yong <lucy.yong@huawei.com>
Date: Wed, 28 Sep 2016 21:32:22 -0500
Message-ID: <C8814545-D55D-4A8C-946C-DFF89DE15D5A@nostrum.com>
In-Reply-To: <2691CE0099834E4A9C5044EEC662BB9D572DAFBA@dfweml501-mbb>
References: <147493161550.5041.6760488501697947208.idtracker@ietfa.amsl.com> <2691CE0099834E4A9C5044EEC662BB9D572DAFBA@dfweml501-mbb>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.5r5263)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/lTAn_z0vU_QioqQhmevfWjIHqgg>
Cc: "david.black@emc.com" <david.black@emc.com>, "draft-ietf-tsvwg-gre-in-udp-encap@ietf.org" <draft-ietf-tsvwg-gre-in-udp-encap@ietf.org>, The IESG <iesg@ietf.org>, "tsvwg@ietf.org" <tsvwg@ietf.org>, "tsvwg-chairs@ietf.org" <tsvwg-chairs@ietf.org>
Subject: Re: [tsvwg] Ben Campbell's No Objection on draft-ietf-tsvwg-gre-in-udp-encap-18: (with COMMENT)
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2016 02:32:40 -0000
Hi, thanks for the response. Comments also inline, with sections removed
that do not seem to need further discussion.
Thanks!
Ben.
On 27 Sep 2016, at 13:53, Lucy yong wrote:
[...]
>
>
> -1, paragraph 5, first sentence: I found the sentence structure
> confusing. I think you mean to say that GRE-in-UDP tunnels are not
> safe to carry arbitrary traffic over the Internet, but it can be read
> to mean to say that since the internet is an arbitrary traffic
> environment, it's not safe to use GRE-in-UDP on it.
> [Lucy] OLD: In full generality with the capability to carry arbitrary
> traffic, GRE-in-UDP tunnels are not safe for general deployment in the
> public Internet. Therefore GRE-in-UDP tunnel deployments are limited
> to two applicability scenarios for which requirements are specified in
> this document:
> NEW: A GRE-in-UDP tunnel is capable of carrying arbitrary traffic and
> behaves as a general UDP application on an IP network. However a
> GRE-in-UDP tunnel carrying a type of traffic may not meet the UDP
> application requirements on the Internet [RFC5405bis], such GRE-in-UDP
> tunnels MUST NOT run over Internet. For this reason, the document
> specifies two deployment scenarios for GRE-in-UDP tunnels and
> specifies the GRE-in-UDP tunnel requirements for each of them,
> respectively. The two scenarios are:
That helps. I suggest a slight tweak:
OLD (your-new):
However a GRE-in-UDP tunnel carrying a type of traffic may not meet
the UDP application
requirements on the Internet [RFC5405bis], such GRE-in-UDP tunnels
MUST NOT run over Internet.
NEW (newer-new):
However a GRE-in-UDP tunnel carrying certain types of traffic may
not meet the UDP application
requirements on the Internet [RFC5405bis]. GRE-in-UDP tunnels MUST
NOT cary such traffic
over the Internet.
Now, that brings a question to mind. Is the tunnel implementation
expected to police this? Or is an application expected to know whether a
tunnel crosses an unsafe network? I suspect the answer is that we expect
administrators to configure things so that this doesn't happen. But
whatever the answer, it would be helpful to mention it in the text.
>
> -1, paragraph 6: When might security not be a concern? Would it make
> sense to start with an assumption that security _is_ a concern, then
> consider situations for which it might not be?
> [Lucy] OLD: The document also specifies Datagram Transport Layer
> Security (DTLS) for GRE-in-UDP tunnels to be used where/when security
> is a concern.
> NEW: To provide origin traffic privacy and security, the document
> specifies Datagram Transport Layer Security (DTLS) for GRE-in-UDP
> tunnels. A GRE-in-UDP tunnel with DTLS SHOULD be used where/when
> origin traffic security is a concern.
Would it be fair to say it MUST be used when security is a concern?
Otherwise, can you suggest circumstances where security is a concern
where it might reasonable not to use it?
>
> - 6.1, paragraph 1: Previous sections said UDP checksums SHOULD be
> used for IPv4. Should this section be interpreted to mean that _if_
> the checksum is used, it MUST be processes this way? If so, that could
> use clarification.
> [Lucy] Yes, this interpretation is right. Will this change avoids a
> mis-interpreation?
> OLD: For UDP in IPv4, the UDP checksum MUST be processed as specified
> in [RFC768] and [RFC1122] for both transmit and receive.
> NEW: For UDP in IPv4, when UDP checksum is used, the UDP checksum
> process MUST follow the procedures specified in [RFC768] and [RFC1122]
> for both transmit and receive.
Yes, that helps.
>
> -6.2, paragraph 2: Does the allowance to use the zero-checksum in some
> cases violate the MUST for UDP checksums over IPv6?
> [Lucy] suggest the following change to clear this ambiguity.
> OLD: For UDP in IPv6, the UDP checksum MUST be processed as specified
> in [RFC768] and [RFC2460] for both transmit and receive.
> NEW: For UDP in IPv6, when UDP checksum is used, the UDP checksum
> process MUST follow the procedures specified in [RFC768] and [RFC2460]
> for both transmit and receive.
Actually, I was referring to a previous statement that checksums MUST be
used for IPv6. But now when I look back at that, I realize it was for
"generic" tunnels, not TMCE tunnels. I think your proposal is a slight
improvement, but no change is really necessary.
>
> -8, third paragraph:
> Isn’t this just a restatement of the previous requirement that all
> traffic carried over default gre-in-udp tunnels must be congestion
> controlled?
> [Lucy] yes. Congestion considerations in this section considers two
> deployment scenarios. This statement is for Internet scenario.
> Although it is a repeat from previous requirement, IMO: it is
> necessary to state it here for a default-GRE-in-UDP tunnel use case.
My concern is not that it the concept is restated here, it's that both
use 2119 keywords, but in different ways that people may find confusing.
My suggestion is to simply state this version without the upper case MAY
(that is, make the "MAY" a "may"). If yo really want to have both
versions use 2119 language, then it would better to use the same
language (i.e. MUST NOT carry non-congestion-controlled traffic.)
>
> -8, paragraph 5:
> This also seems a restatement of the requirement that traffic on
> generic tunnels MUST be congestion controlled. Given that you probably
> don’t select your network path based on the nature of the data, I
> think it’s better stated in the original terms.
> [Lucy] this paragraph considers a TMCP GRE-in-UDP tunnel, which means
> a gre-in-udp tunnel used in TMCE network. For this case, traffic on
> the tunnel is not required to be congestion controlled. The text is
> clearly stated. In addition, it states operation needs to consider how
> to avoid gre-in-udp encapsulated traffic in escaping to the Internet.
> Sorry, not clear what to change to make it clearer.
Let me simplify my. The text seems to say that TMCE tunnels MUST be TMCE
tunnels. The MUST doesn't add anything that hasn't already been
normatively said.
[...]
>
> -11, last paragraph: Is SHOULD sufficient for this case?
> [Lucy] IMO: for the header corruption reason, the mechanism stated in
> paragraph is sufficient to avoid the original traffic to be
> mis-delivered to another application. That addresses a privacy and
> security concern.
Let me restate the question: Why SHOULD and not MUST? Can you imagine a
circumstance when the GRE header _is_ used for privacy or security where
it might be a reasonable choice to _not_ use a UDP or GRE checksum?
- [tsvwg] Ben Campbell's No Objection on draft-ietf… Ben Campbell
- Re: [tsvwg] Ben Campbell's No Objection on draft-… Lucy yong
- Re: [tsvwg] Ben Campbell's No Objection on draft-… Ben Campbell
- [tsvwg] Ben Campbell's No Objection on draft-ietf… Lucy yong
- Re: [tsvwg] Ben Campbell's No Objection on draft-… Ben Campbell