IETF Logo Mail Archive

Re: [tsvwg] draft-ietf-tsvwg-ieee-802-11-02 - editorial comments

"Tim Szigeti (szigeti)" <szigeti@cisco.com> Thu, 25 May 2017 01:43 UTC

Return-Path: <szigeti@cisco.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EE69129465 for <tsvwg@ietfa.amsl.com>; Wed, 24 May 2017 18:43:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.523
X-Spam-Level:
X-Spam-Status: No, score=-14.523 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1FyhEn4WI6Y0 for <tsvwg@ietfa.amsl.com>; Wed, 24 May 2017 18:43:48 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1BBB128796 for <tsvwg@ietf.org>; Wed, 24 May 2017 18:43:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2922; q=dns/txt; s=iport; t=1495676628; x=1496886228; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=RX/9me2oqqsRLfL7hc3RXfyeyJkp0+ugQ0GnaFCEfnY=; b=h3+3ub9ZKKVMAqthzULd7VhAFK9gCpupD5eO5ftY7jmXT+auS0doSz4T x5kwxCesdRjI/gpMesh6HpAiLuRhtlsRRLhgGb4oUOOcVL3nT3W3JnhlP otQCTkTZ242mtv1eN2MP7fHPLok96HQzLYsaZcZuWzu7B+mnyadV3yiuo 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CYAACaNSZZ/4cNJK1dGQEBAQEBAQEBAQEBBwEBAQEBg1WBbgeOAJFciCeNUIIPhiQCgnM/GAECAQEBAQEBAWsdC4UYAQEBAQIBOj8FBwQCAQgRBAEBHwkHIREUCQgCBA4FCIoGAw0IsE+HNA2EEQEBAQEBAQEBAQEBAQEBAQEBAQEBAR2LWYJVgV8BEgGGDgWdaDsBjk+ET5IAizKJGwEfOH8LcRWFPRyBY3aHFIEhgQ0BAQE
X-IronPort-AV: E=Sophos;i="5.38,389,1491264000"; d="scan'208";a="429058749"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 25 May 2017 01:43:47 +0000
Received: from XCH-ALN-016.cisco.com (xch-aln-016.cisco.com [173.36.7.26]) by alln-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id v4P1hlR2011434 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 25 May 2017 01:43:47 GMT
Received: from xch-rcd-010.cisco.com (173.37.102.20) by XCH-ALN-016.cisco.com (173.36.7.26) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 24 May 2017 20:43:47 -0500
Received: from xch-rcd-010.cisco.com ([173.37.102.20]) by XCH-RCD-010.cisco.com ([173.37.102.20]) with mapi id 15.00.1210.000; Wed, 24 May 2017 20:43:47 -0500
From: "Tim Szigeti (szigeti)" <szigeti@cisco.com>
To: "fredbakersba@gmail.com" <fredbakersba@gmail.com>
CC: "gorry@erg.abdn.ac.uk" <gorry@erg.abdn.ac.uk>, "tsvwg@ietf.org" <tsvwg@ietf.org>, "Jerome Henry (jerhenry)" <jerhenry@cisco.com>
Thread-Topic: draft-ietf-tsvwg-ieee-802-11-02 - editorial comments
Thread-Index: AQHS051LwDLgd1DAnEe9GMav17WLLaID5vqAgABu4YD///HYEA==
Date: Thu, 25 May 2017 01:43:47 +0000
Message-ID: <5d3c37a54bfb4cfab699613e34b32a5f@XCH-RCD-010.cisco.com>
References: <5923F086.8030804@erg.abdn.ac.uk> <b688d93985b6487f95ac1d24e7be524d@XCH-RCD-010.cisco.com> <C335E5E8-5D78-48ED-906B-264FE54E5B59@gmail.com>
In-Reply-To: <C335E5E8-5D78-48ED-906B-264FE54E5B59@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.132.12.130]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/xgYd-UIO7AjjRHJTgRwswuETpCM>
Subject: Re: [tsvwg] draft-ietf-tsvwg-ieee-802-11-02 - editorial comments
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 May 2017 01:43:50 -0000

Hi Fred,

> For CS7 (and any DSCP value not implemented in the domain) I would agree
> that it should be remarked or dropped. For CS6, recall that I have pointed out
> the assumptions that WiFi is the edge of the diffusers domain and has no IP
> layer routing across it. I think, and have said before that I think, that is a
> limiting assumption.

Nothing is being assumed here Fred. Two distinct recommendations are being made:

In the case where the wireless access-point represents the edge of the network (and thus simultaneously the edge of the Diffserv domain), then a recommendation is being made to remark or drop packets marked CS6 or CS7 (as there are no downstream devices participating in network control exchanges, and preserving these markings presents an easy attack-vector for WLAN DoS).

In the deployment model where the wireless access-point is NOT the edge of the network, then this recommendation does not apply (as brought out in Section 4.1.1).

A single recommendation simply will not ensure secure and consistent QoS treatment in both wireless deployment models.

-tim


> -----Original Message-----
> From: fredbakersba@gmail.com [mailto:fredbakersba@gmail.com]
> Sent: Wednesday, May 24, 2017 2:28 PM
> To: Tim Szigeti (szigeti)
> Cc: gorry@erg.abdn.ac.uk; tsvwg@ietf.org; Jerome Henry (jerhenry)
> Subject: Re: draft-ietf-tsvwg-ieee-802-11-02 - editorial comments
> 
> .The top-level observation (I'll follow-up with another email if needed about
> >> specific text) is that the latest revision discusses the way in which
> >> access points and wireless devices can change the DSCP marking or
> >> drop traffic because of the DSCP marking.
> >>
> >
> > I'd like to first stress the point that the remarking and dropping
> recommendations of network control traffic (marked CS6/CS7) at the edge of
> the wired-to-wireless network (as made in Section 4.1.1) were part of the
> original 2015 draft, and are not new recommendations in this latest revision.
> >
> > Additionally, these recommendations are drawn from similar
> recommendations made in RFC 4594-Section 3.2 which:
> >
> > "RECOMMENDED that packets marked CS7
> >   DSCP (a codepoint that SHOULD be reserved for future use) be dropped
> >   or remarked at the edge of the Diffserv domain."
> >
> > Our argument is that when the wireless access point represents the
> > edge of the network infrastructure (and thus the edge of the Diffserv
> > domain), this recommendation should hold;
> 
> For CS7 (and any DSCP value not implemented in the domain) I would agree
> that it should be remarked or dropped. For CS6, recall that I have pointed out
> the assumptions that WiFi is the edge of the diffusers domain and has no IP
> layer routing across it. I think, and have said before that I think, that is a
> limiting assumption.

v2.23.0 | Report a Bug | By Email