IETF Logo Mail Archive

Re: [tsvwg] draft-ietf-tsvwg-ieee-802-11-02 - editorial comments

"Tim Szigeti (szigeti)" <szigeti@cisco.com> Thu, 01 June 2017 06:18 UTC

Return-Path: <szigeti@cisco.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1730C12EB26 for <tsvwg@ietfa.amsl.com>; Wed, 31 May 2017 23:18:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.522
X-Spam-Level:
X-Spam-Status: No, score=-14.522 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EkG5OyKllT6N for <tsvwg@ietfa.amsl.com>; Wed, 31 May 2017 23:18:23 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CC5112EB22 for <tsvwg@ietf.org>; Wed, 31 May 2017 23:18:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4956; q=dns/txt; s=iport; t=1496297903; x=1497507503; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=7NyYiWegBNruqrS3wESsJ4E6rxpVXvFB4AL1BxFRkGM=; b=QTTcFUcWbQZ+ulCDwI2ypOEHQYVvL2S8CBWWvJV+U7coUfrB8WdT/FCr DxFRqDah2n8VhSdBDYT/xSo45JTPKRBZjXhZLQtTSM/reGsurhybrgpZ2 rwlxOI4raMe9Ks6TvIyNp6CG6veKJk1XYvfPDN+KEFK3O+YYsZAowQDp3 M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CYAABcsS9Z/5tdJa1dGQEBAQEBAQEBAQEBBwEBAQEBg1eBbweOBZFziCmNUYIPhiQCgm8/GAECAQEBAQEBAWsohRgBAQEBAgE6PwwEAgEIEQQBAQEeCQchERQJCAIEDgUIigoDDQiuMIczDYQRAQEBAQEBAQEBAQEBAQEBAQEBAQEBHYtggliBYQELBwGGDgWWeoZxOwGOUYRPkgGLNokfAR84fwt0FYVMHIFjdocoDxeBDIENAQEB
X-IronPort-AV: E=Sophos;i="5.39,278,1493683200"; d="scan'208";a="34230863"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 01 Jun 2017 06:18:22 +0000
Received: from XCH-RCD-020.cisco.com (xch-rcd-020.cisco.com [173.37.102.30]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id v516ILK5023969 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 1 Jun 2017 06:18:21 GMT
Received: from xch-rcd-010.cisco.com (173.37.102.20) by XCH-RCD-020.cisco.com (173.37.102.30) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 1 Jun 2017 01:18:21 -0500
Received: from xch-rcd-010.cisco.com ([173.37.102.20]) by XCH-RCD-010.cisco.com ([173.37.102.20]) with mapi id 15.00.1210.000; Thu, 1 Jun 2017 01:18:21 -0500
From: "Tim Szigeti (szigeti)" <szigeti@cisco.com>
To: Fred Baker <fredbakersba@gmail.com>
CC: "gorry@erg.abdn.ac.uk" <gorry@erg.abdn.ac.uk>, "tsvwg@ietf.org" <tsvwg@ietf.org>, "Jerome Henry (jerhenry)" <jerhenry@cisco.com>
Thread-Topic: draft-ietf-tsvwg-ieee-802-11-02 - editorial comments
Thread-Index: AQHS051LwDLgd1DAnEe9GMav17WLLaID5vqAgABu4YD///HYEIAJVYMAgAH4XjA=
Date: Thu, 01 Jun 2017 06:18:21 +0000
Message-ID: <319a1a49ae9e45a4835ebbddc8c7cf05@XCH-RCD-010.cisco.com>
References: <5923F086.8030804@erg.abdn.ac.uk> <b688d93985b6487f95ac1d24e7be524d@XCH-RCD-010.cisco.com> <C335E5E8-5D78-48ED-906B-264FE54E5B59@gmail.com> <5d3c37a54bfb4cfab699613e34b32a5f@XCH-RCD-010.cisco.com> <A1EBA4CC-7160-4BBC-8EF4-74D4443620B9@gmail.com>
In-Reply-To: <A1EBA4CC-7160-4BBC-8EF4-74D4443620B9@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.19.22.195]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/zMq1gFKOWNzPVr-rL2jLGJRGdMA>
Subject: Re: [tsvwg] draft-ietf-tsvwg-ieee-802-11-02 - editorial comments
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jun 2017 06:18:25 -0000

Hi Fred,

Glad to hear your back from vacation.

A couple of comments inline...

> -----Original Message-----
> From: Fred Baker [mailto:fredbakersba@gmail.com]
> Sent: Tuesday, May 30, 2017 12:10 PM
> To: Tim Szigeti (szigeti)
> Cc: gorry@erg.abdn.ac.uk; tsvwg@ietf.org; Jerome Henry (jerhenry)
> Subject: Re: draft-ietf-tsvwg-ieee-802-11-02 - editorial comments
> 
> I'm now back from vacation.
> 
> Here's where our views seem to diverge. You argue that you are basing the
> comment about dropping CS6 on RFC 4594. What RFC 4594 says, however, is:
> 
>    o  Drop or remark CS7 packets at ingress to DiffServ network domain.
>    o  CS7 marked packets SHOULD NOT be sent across peering points.
>       Exchange of control information across peering points SHOULD be
>       done using CS6 DSCP and the Network Control service class.
> 
> It doesn't say to drop CS6, and the argument for dropping CS6 is that routing
> traffic is not exchanged on WiFi networks (which is the assumption I
> commented on). 

[TS] 
The context is very clearly limited to WiFi networks where the AP represents the edge of the network, and not WiFi networks in general.

When the only devices downstream are end-user client devices, then routing protocols are not legitimately expected to be exchanged. 

 > That is true today, but may not be true in the future. I think
> the assumption that routing traffic will never be exchanged on WiFi networks
> is a dangerous assumption long term.

[TS] 
We certainly don't think that. This is why the deployment model of wireless networks that extend the IP infrastructure (and over which routing traffic is legitimately exchanged) is clearly called out and addressed..

HTH clarify Fred.

-tim

> 
> > On May 24, 2017, at 6:43 PM, Tim Szigeti (szigeti) <szigeti@cisco.com>
> wrote:
> >
> > Hi Fred,
> >
> >> For CS7 (and any DSCP value not implemented in the domain) I would
> >> agree that it should be remarked or dropped. For CS6, recall that I
> >> have pointed out the assumptions that WiFi is the edge of the
> >> diffusers domain and has no IP layer routing across it. I think, and
> >> have said before that I think, that is a limiting assumption.
> >
> > Nothing is being assumed here Fred. Two distinct recommendations are
> being made:
> >
> > In the case where the wireless access-point represents the edge of the
> network (and thus simultaneously the edge of the Diffserv domain), then a
> recommendation is being made to remark or drop packets marked CS6 or CS7
> (as there are no downstream devices participating in network control
> exchanges, and preserving these markings presents an easy attack-vector for
> WLAN DoS).
> >
> > In the deployment model where the wireless access-point is NOT the edge
> of the network, then this recommendation does not apply (as brought out in
> Section 4.1.1).
> >
> > A single recommendation simply will not ensure secure and consistent QoS
> treatment in both wireless deployment models.
> >
> > -tim
> >
> >
> >> -----Original Message-----
> >> From: fredbakersba@gmail.com [mailto:fredbakersba@gmail.com]
> >> Sent: Wednesday, May 24, 2017 2:28 PM
> >> To: Tim Szigeti (szigeti)
> >> Cc: gorry@erg.abdn.ac.uk; tsvwg@ietf.org; Jerome Henry (jerhenry)
> >> Subject: Re: draft-ietf-tsvwg-ieee-802-11-02 - editorial comments
> >>
> >> .The top-level observation (I'll follow-up with another email if
> >> needed about
> >>>> specific text) is that the latest revision discusses the way in
> >>>> which access points and wireless devices can change the DSCP
> >>>> marking or drop traffic because of the DSCP marking.
> >>>>
> >>>
> >>> I'd like to first stress the point that the remarking and dropping
> >> recommendations of network control traffic (marked CS6/CS7) at the
> >> edge of the wired-to-wireless network (as made in Section 4.1.1) were
> >> part of the original 2015 draft, and are not new recommendations in this
> latest revision.
> >>>
> >>> Additionally, these recommendations are drawn from similar
> >> recommendations made in RFC 4594-Section 3.2 which:
> >>>
> >>> "RECOMMENDED that packets marked CS7  DSCP (a codepoint that
> SHOULD
> >>> be reserved for future use) be dropped  or remarked at the edge of
> >>> the Diffserv domain."
> >>>
> >>> Our argument is that when the wireless access point represents the
> >>> edge of the network infrastructure (and thus the edge of the
> >>> Diffserv domain), this recommendation should hold;
> >>
> >> For CS7 (and any DSCP value not implemented in the domain) I would
> >> agree that it should be remarked or dropped. For CS6, recall that I
> >> have pointed out the assumptions that WiFi is the edge of the
> >> diffusers domain and has no IP layer routing across it. I think, and
> >> have said before that I think, that is a limiting assumption.

v2.23.0 | Report a Bug | By Email