Architectural implications of EH / filtering (was: draft-ietf-opsec-ipv6-eh-filtering)
Warren Kumari <warren@kumari.net> Tue, 11 December 2018 23:58 UTC
Return-Path: <warren@kumari.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1166130F7C for <ietf@ietfa.amsl.com>; Tue, 11 Dec 2018 15:58:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.359
X-Spam-Level:
X-Spam-Status: No, score=-3.359 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-1.459, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r_YjCetycou4 for <ietf@ietfa.amsl.com>; Tue, 11 Dec 2018 15:58:46 -0800 (PST)
Received: from mail-wm1-x32c.google.com (mail-wm1-x32c.google.com [IPv6:2a00:1450:4864:20::32c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9133128CE4 for <ietf@ietf.org>; Tue, 11 Dec 2018 15:58:43 -0800 (PST)
Received: by mail-wm1-x32c.google.com with SMTP id n190so4024196wmd.0 for <ietf@ietf.org>; Tue, 11 Dec 2018 15:58:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=zRxUlthQCLzT1undfSZzkZIQcXQ06zqS6jQahCtujfI=; b=v/3BV94DvUwbZhi2CRfuvT4TR6KcYlrv/1k7VfV3yC0e5LdhPbohJJgw5GyvltXc8+ vdUdZ+kOoR/xnPev7dqBHI2ASqlG+BZxLYETSuBbAAlKD5lJ2cvDCGzMonCxJ9UNLDr5 iXUOBbC9ZZLYsLtRtLzja9hOYPnNIR5vtwPxlR6XDn0rSzDU52m5k26YofmSn7iOBQDK hUymxfyBF643uv+bUawDPzyPRqYNQH2TkKrIDsBpY+kwTUK184Fwek9hLWq2gm1cx6eW MoQp4vDEaMMNkuNMO/E7Q8O8saK8LsqeZAbv/aMIuLBHHLlAkulZih33UYEWa/KSZWUV coTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=zRxUlthQCLzT1undfSZzkZIQcXQ06zqS6jQahCtujfI=; b=e6ZikZkOiW2FKfs76VBhUbAjqQAYOaO/81kwuPhugg06VPyL0TpeS1XTwjFGZNRf5v UtRM4Khq9hJDu3Tgbw9wz57WbVV7qjyyupjedrW0Io4bFLVWsoYGoiNTyTJFPTY3CE+K N15Q0M8kG3V8/KlL9Q+LgezvFznnQ3q5wO4u9DC2cSXp4cHqakveCdeUig7L5YoP/AeI R4vgQuHNkQH/CBzx73t8Hwx4UAXaMD59ZantTwTzQlPN6T1doccAM64BrNYrXTThd7I4 9oWCS+JBNg4nLGbb00j5B3SxI7DMx/Qmpaiq8nZln424eATIcfTzff/NHoD4Bla2YyTB X0VA==
X-Gm-Message-State: AA+aEWbshW8ICvYxKbMz5rIpOX3y3VmYc8L8Re9/7NZCSTi9QFZ/Eua5 PNBvy+zXAh3c+runtcwyQeAwXOjQmvlZ3encDbCAjO8wRqTedw==
X-Google-Smtp-Source: AFSGD/Wok8IYdbEGik9KmFd5kQszZ7lJe4FtiKJpw2Dju0vd7bpEJY6vVVK3RNEfRsuBOmiVj3i7xIKZS/CBZnZDwtQ=
X-Received: by 2002:a1c:f112:: with SMTP id p18mr3969933wmh.83.1544572721553; Tue, 11 Dec 2018 15:58:41 -0800 (PST)
MIME-Version: 1.0
From: Warren Kumari <warren@kumari.net>
Date: Tue, 11 Dec 2018 18:58:05 -0500
Message-ID: <CAHw9_iK59mb2twkzkCd+at7=2=NfwvkPwuPCfT6kLx=WaBQ3zA@mail.gmail.com>
Subject: Architectural implications of EH / filtering (was: draft-ietf-opsec-ipv6-eh-filtering)
To: IETF Discuss <ietf@ietf.org>, opsec wg mailing list <opsec@ietf.org>, tsv-art@ietf.org, draft-ietf-opsec-ipv6-eh-filtering.all@ietf.org
Content-Type: multipart/alternative; boundary="00000000000065fcca057cc7dcf4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/IeLuqKaxTcL0TyMm6crAmCVtTEk>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Dec 2018 23:59:00 -0000
Thank you, everyone, for a spirited discussion! I've gone through the discussions and broken the emails down into a few categories - there were a number of emails on the document itself, many of them with helpful suggestions on how to improve / focus the document (thank you!). More recently the discussion has become more acrimonious, and morphed from discussion **on this document** into the larger philosophical discussions on filtering in general, if what we have designed and call IPv6 can actually be implemented / deployed in the real world on core-type devices, what it means to claim compliance with a specification, the role of ISPs, ossification caused by operational decisions, "my network, my rules", etc. The IETF LC thread on the document, and the TSVART review (and corresponding thread) both generated useful, and actionable comments, and I've asked the authors to go through them carefully and address them -- these fall into the "on the document" category. I think that once these have been done, the document itself will be in acceptable shape to proceed (but keep reading!) There has been a significant amount of additional discussion after this - and it mostly falls into the "larger discussion" category. It covers things such as: * the implications of protocol design on implementability / deployability (can protocol X be deployed at scale?). Should feasibility of implementation in hardware be a consideration? * the harms caused by filtering in the network (ossification, survivability of extensions, layering principles) * operators need to perform filtering for end-point protection / DDoS mitigation / ECMP * what it means to be compliant with a specification (if you can forward at rate X, but only filter at rate x/1,000,000 are you compliant?). If it is not possible to buy / build a device which filters at line rate, is that the fault of the vendor, the operator or the protocol design? * do intermediate devices have any right to filter / role in filtering? If operators need to be able to do X to run their service / network, and they have to choose between "protocol correctness" and "keeping the network running", is it acceptable to drop / fold / spindle / mutilate correctness to keep the network up? The discussion seems to have broken into 2 camps -- those who are saying that 1: the network / vendors should be able to do what the RFCs say, vs 2: those who say that operational reality trumps RFCs. This seems to be one of the tussles -- the other is (largely): 1: blocking unknown X is harmful to future protocols / development (blacklist approach) vs 2: I run a [network / service / system] and know what packets I'm expecting. If I don't expect X, I'm just going to drop it (whitelist approach) This same discussion has come up a number of times over the past few years -- "Why operators filter fragments" was one instance, the (multitude) of EH discussions were another. It is clear that we are fairly far apart in many instances of this discussion, and it is worth further discussing the different philosophies. I feel that we should be discussing the architectural issues separately (not in the thread on this document). I also think that there is a fair bit of distance between the "operators" view and the "architecture" view. I'm going to further investigate / discuss this, but I think that it might be worth: * having some presentations / discussions on "how X works when deployed / implementation shortcomings". As an example, at the IEPG meeting in Yokohama (IETF94) these was a presentation on "MODERN ROUTER ARCHITECTURE FOR PROTOCOL DESIGNERS" - http://www.iepg.org/2015-11-01-ietf94/IEPG-RouterArchitecture-jgs.pdf . As another example, I was recently informed of a surprising limitation in TLS libraries -- these are apparently well known to those who work in this space, but I'd certainly never heard of them. I think that we (IETF participants in general) sometimes fall into believing that we know how technology X works because we've helped design it, but don't necessarily know what happens once it escapes our clutches / flies out of the nest. * consider having a BoF on this / these topics. * perhaps something like a workshop? As for the current discussion, I'd like people to please: a: step back and decided if you are simply repeating your current position (but in a new and louder voice) or if you are bringing something new to the topic. b: move the discussion to this thread -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
- Architectural implications of EH / filtering (was… Warren Kumari
- Re: Architectural implications of EH / filtering … Stephen Farrell
- Re: Architectural implications of EH / filtering … tjw ietf
- Re: Architectural implications of EH / filtering … Ole Troan
- Re: [Tsv-art] Architectural implications of EH / … Spencer Dawkins at IETF
- Re: Architectural implications of EH / filtering … Warren Kumari
- Re: Architectural implications of EH / filtering … Fernando Gont
- Re: Architectural implications of EH / filtering … Warren Kumari
- Re: Architectural implications of EH / filtering Wes Hardaker