IETF Logo Mail Archive

Re: [tsvwg] ECN tunnel update to UDP Guidelines

Bob Briscoe <B.Briscoe-contractor@cablelabs.com> Tue, 21 May 2019 10:53 UTC

Return-Path: <B.Briscoe-contractor@cablelabs.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 647A81201D2 for <tsvwg@ietfa.amsl.com>; Tue, 21 May 2019 03:53:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cablelabs.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S8LYPH_UNUdq for <tsvwg@ietfa.amsl.com>; Tue, 21 May 2019 03:53:13 -0700 (PDT)
Received: from NAM05-CO1-obe.outbound.protection.outlook.com (mail-eopbgr720098.outbound.protection.outlook.com [40.107.72.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9405A1201CC for <tsvwg@ietf.org>; Tue, 21 May 2019 03:53:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cablelabs.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qiEX0hZgeKA5pwPKdaEpCcZS4LljebAEo9JMACic0eQ=; b=ajrW3gljQwDBgsbwKasWjLHnSH12xQx3ZGdBL2ENAaLwOS3ImHliwaI4xVoESgA6xa2Uf7Ta/Fkoypy9qUv1XaLczKieGm715J+ZwkKr6uIUU2YvGS94k0tDpSmIDLhNdTW6QwT3FWLux17YTxDzYYMkWqnc/Y6WucfXHI5oPdQ=
Received: from SN6PR06MB4720.namprd06.prod.outlook.com (52.135.117.142) by SN6PR06MB4349.namprd06.prod.outlook.com (52.135.122.215) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1900.17; Tue, 21 May 2019 10:53:09 +0000
Received: from SN6PR06MB4720.namprd06.prod.outlook.com ([fe80::bda5:df11:4ba2:6f87]) by SN6PR06MB4720.namprd06.prod.outlook.com ([fe80::bda5:df11:4ba2:6f87%7]) with mapi id 15.20.1900.020; Tue, 21 May 2019 10:53:09 +0000
From: Bob Briscoe <B.Briscoe-contractor@cablelabs.com>
To: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
CC: "Black, David" <David.Black@dell.com>, tsvwg IETF list <tsvwg@ietf.org>, "Eggert, Lars" <lars@netapp.com>, Greg Shepherd <gjshep@gmail.com>, Bob Briscoe <research@bobbriscoe.net>, Joe Touch <touch@strayalpha.com>
Thread-Topic: ECN tunnel update to UDP Guidelines
Thread-Index: AQHVD782B1fMkQqsT0GUB8HuUMbgoA==
Date: Tue, 21 May 2019 10:53:08 +0000
Message-ID: <SN6PR06MB4720244FD2B0C44ACB096AB0CD070@SN6PR06MB4720.namprd06.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=B.Briscoe-contractor@cablelabs.com;
x-originating-ip: [31.185.135.221]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 830b73bc-c921-4b3a-83aa-08d6ddda8310
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:SN6PR06MB4349;
x-ms-traffictypediagnostic: SN6PR06MB4349:
x-ms-exchange-purlcount: 5
x-microsoft-antispam-prvs: <SN6PR06MB4349FB981DFB297D0DAC13E0CD070@SN6PR06MB4349.namprd06.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0044C17179
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(136003)(396003)(366004)(346002)(39850400004)(199004)(189003)(316002)(66476007)(2906002)(15650500001)(66066001)(7696005)(5660300002)(54906003)(6246003)(53546011)(6506007)(99286004)(25786009)(66556008)(74316002)(68736007)(9686003)(6436002)(71190400001)(72206003)(229853002)(478600001)(54896002)(6306002)(71200400001)(14454004)(55016002)(6606003)(33656002)(486006)(6916009)(186003)(86362001)(53936002)(476003)(6116002)(3846002)(7736002)(66946007)(64756008)(66446008)(73956011)(52536014)(26005)(53336002)(81166006)(81156014)(4326008)(76116006)(8676002)(19627405001)(91956017)(102836004)(256004)(14444005)(8936002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR06MB4349; H:SN6PR06MB4720.namprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cablelabs.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 7IfXKGzDWkxiMA7cmH+kwr9XKKPErnZ3Wmtxo9sX3AwfTwrheIQimouyh4v6bS1GPHIwQi2jOFxk214Ujj/e8ki5ESMnj7U5fIHYAwOeWrnpsBLN+uJ8vtvxxPpmw7sjG/u3qUkZAaGBhdyAYpPiG4OvM2jtMF03PbbUV4CGjETYyYj/Hv1Ko0nGIwmS1Ay8u0OnL8CPq4EO7NNMdmkZSYPWTHlw/DeWpNSLgTgrR8fJWF46desM+FdmmF4h9GzLzAS4eAwG30QTNMMwry2tQKpySw1UJdxnX47zOvYsjAjYdcCLlbABpPnB+3hSaOUPVyjI3C17O60FkgnVKBQhZiOcWm9XdftVBdpbSTWkVOpYs22ijpZ9ZjY4pB/Wv1ZjDl9RlQk5f7H+j058YMaiNp4pOQ23UUrxSo5dMpL6izk=
Content-Type: multipart/alternative; boundary="_000_SN6PR06MB4720244FD2B0C44ACB096AB0CD070SN6PR06MB4720namp_"
MIME-Version: 1.0
X-OriginatorOrg: cablelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 830b73bc-c921-4b3a-83aa-08d6ddda8310
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 May 2019 10:53:08.9881 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ce4fbcd1-1d81-4af0-ad0b-2998c441e160
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR06MB4349
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/EUs-oVzUFKqJ_s287dVGNGAjQUs>
Subject: Re: [tsvwg] ECN tunnel update to UDP Guidelines
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 May 2019 10:53:27 -0000

Gorry,

What you're suggesting is what I proposed to David earlier (see my suggested text right at the bottom of this thread). It highlights that this RFC /indirectly/ updates the UDP guidelines by updating RFC6040. I figured that this approach at least flags that the UDP guidelines have been altered, so a text search would find this out. However, it doesn't list RFC8085 explicitly in the Updates header.

I was happy to just go along with whatever David wanted, as doc shepherd. However, I wasn't aware of the general desire to keep the UDP guidelines primarily about e2e UDP. I can see that it will get unwieldy if every RFC about UDP tunnels ends up updating the UDP guidelines. So it would be better to rely mostly on the int-area tunnel I-D.

Indeed, since I replied to Joe's point about fragmentation & tunnels, I've realized that there were no normative requirements in RFC6040 about handling ECN during reassembly (other than a reference to ecn-encap-guidelines which are just guidelines), so I will be referring to the int-area tunnels I-D from this shim draft, and I suspect Joe might end up wanting to point his fragmentation discussion to the shim draft explicitly, not just RFC6040.


Bob

PS. I've switched to sending from my CableLabs address, cos Netapp's mail system doesn't trust the reputation of my (ietf@bobbriscoe.net) mail provider. I should make it clear though that I have my independent hat on for this ECN-encap work, not my CableLabs hat.


On 21/05/2019 11:16, Gorry Fairhurst wrote:
I'm just looking at this and wondering whether we need to update RFC8085 at all. The document primarily targets traditional use of UDP as an endpoint API to applications and upper layer protocols.

As I recall, the intention was to punt all discussion of tunnels away from this document, towards other documents, such as the INTAREA tunnels ID. That may have taken longer to complete than we first imagined, but to me it still remains the primary advice on what to do when designing/configuring tunnels. thjsi is part of a long list of items that refer the reader to other documents.

See below:

On 21/05/2019, 10:39, Bob Briscoe wrote:
David,

[I've added the UDP Guidelines authors to the distr. and digested the relevant parts of this otherwise long thread at the end for them.]

On 20/05/2019 15:52, Black, David wrote:

1.


 2. RFC 8085 on UDP Guidelines is a BCP, and should be updated
    directly for that reason (vs. indirectly via an update of RFC
    6040).  No other RFC that cites RFC 6040 would be affected,
    unless it’s also a BCP.

I've searched through RFC8085 and I do not think detailed discussion of this update to RFC6040 would be appropriate for the following reasons. Nonetheless, a pointer from RFC8085 to flag the tunnel configuration updates in this shim RFC could be appropriate.

UDP tunnels are a small part of RFC8085, tucked away at the bottom of Section 3.1 about congestion control; in Section 3.1.11 "UDP Tunnels" <https://tools.ietf.org/html/rfc8085#section-3.1.11>. Most of 3.1.11 is about congestion control, then there's a list of brief bullets with other considerations for UDP tunnels. There is no place where UDP tunnel management is mentioned, whether by config or auto-controlled set-up. For your convenience, I've repeated the ECN bullet and the sentence that opens the list below:

    Designing a tunneling mechanism requires significantly more expertise
    than needed for many other UDP applications, because tunnels are
    usually intended to be transparent to the endpoints transmitting over
    them, so they need to correctly emulate the behavior of an IP link
    [INT-TUNNELS  <https://tools.ietf.org/html/rfc8085#ref-INT-TUNNELS>], for example:
    o  Requirements for tunnels that carry or encapsulate using ECN code
       points [RFC6040  <https://tools.ietf.org/html/rfc6040>].
    o  ...

I propose to update that by replacing the bullet as follows:

    o Requirements for how tunnel endpoints propagate any ECN field
    within the UDP header to and from the outer IP header [RFC6040
    <https://tools.ietf.org/html/rfc6040>]. This includes the
    requirement for a tunnel ingress to zero the outer ECN field
    unless it is known that the tunnel egress implements ECN logic
    [RFCXXXX]. {RFCXXXX refers to the present document so it will need
    to be inserted by the RFC Editor}

I've changed the existing bullet, because it is itself incorrect. It makes the common mistake of implying UDP tunnels can choose whether to use ECN codepoints. They can't. The UDP encapsulation will itself always be encapsulated by an IP header, which always "uses ECN codepoints" whether the tunnel designer likes it or not. That is the nub of the problem that this update to RFC6040 attempts to solve.

I am yet to be persauded that this needs any update to RFC8085, but will listen of course if people feel there is something wong in defering the topic to INT-TUNNELS <https://tools.ietf.org/html/rfc8085#ref-INT-TUNNELS> and RFC 6040 (and its updates).


More specifically, in the shim draft I will remove the UDP paragraph from the opening text in section 5, and instead create a sub-section of 5.1 for UDP tunnels, alongside all the other specific RFC updates. I'll also add RFC8085 to the updates header. Then in that new section I'll paste the UDP paragraph, but with the end altered as follows:

    Section 3.1.11
    <https://tools.ietf.org/html/draft-ietf-tsvwg-rfc6040update-shim-08#section-3.1.11>
    of the UDP usage guidelines [RFC8085
    <https://tools.ietf.org/html/rfc8085>] includes the following
    brief guidance about how a tunnel that encapsulated packets with a
    UDP/IP header handles the ECN field:
    "    o Requirements for tunnels that carry or encapsulate using
    ECN code points [RFC6040]."

    The following text replaces that bullet as an update to RFC 8085:
    "<the replacement bullet text I've already proposed above>"

I don't think this needs to say more than something like:-

RFC 8085 refers to RFC 6040, and the present document updates the text provided in RFC 6040, specifically this includes the requirement for a UDP tunnel ingress to zero the outer ECN field unless it is known that the tunnel egress implements ECN logic.
Bob


Gorry

Thanks, --David



On 09/05/2019 02:08, Black, David wrote:


*From:* Black, David
*Sent:* Wednesday, May 8, 2019 8:50 PM
*To:* tsvwg@ietf.org
*Subject:* David Black's WGLC review of draft-ietf-tsvwg-rfc6040update-shim-08

On 17/05/2019 23:54, Bob Briscoe wrote:


[snip]

[D] Section 5

   Section 3.1.11 of the UDP usage guidelines [RFC8085] already explains

   that a tunnel that encapsulates an IP header directly within a UDP/IP

   datagram needs to follow RFC 6040 when propagating the ECN field

   between inner and outer IP headers.  The requirements in Section 4

   update RFC 6040 so, by reference, they automatically update RFC 8085

   to add the important but previously unstated requirement that, if the

   UDP tunnel egress does not, or might not, support ECN propagation, a

   legacy UDP tunnel ingress has to clear the outer IP ECN field to

   0b00, e.g. by configuration.


[DB] That's too clever/subtle - this draft should explicitly update RFC 8085.
[BB] Not happy about this. Followed to its logical conclusion, as well as updating RFC6040, this draft would then need to update every RFC that already normatively references RFC6040 (e.g. GUE, Geneve, etc).

Wouldn't such an update get kicked out during IESG review, as a duplicate update? Certainly it might make the ID nits checker issue a high-pitched scream as it runs round a tight loop of "Updates" headers.

So, instead, how about stating the above para in the opposite order as follows:

   This document indirectly updates the UDP usage guidelines [RFC8085]

   to add the important but previously unstated requirement that, if the

   UDP tunnel egress does not, or might not, support ECN propagation, a

   legacy UDP tunnel ingress has to clear the outer IP ECN field to

   0b00, e.g. by configuration. Section 3.1.11 of RFC 8085 already explains

   that a tunnel that encapsulates an IP header directly within a UDP/IP

   datagram needs to follow RFC 6040 when propagating the ECN field

   between inner and outer IP headers. And the requirements in Section 4

   update RFC 6040 so, by reference, they indirectly update RFC 8085.




--
________________________________________________________________
Bob Briscoehttp://bobbriscoe.net/

v2.23.0 | Report a Bug | By Email