idnits 2.17.1 draft-irtf-panrg-questions-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (May 22, 2019) is 1801 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) Summary: 3 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Path Aware Networking RG B. Trammell 3 Internet-Draft Google 4 Intended status: Informational May 22, 2019 5 Expires: November 23, 2019 7 Open Questions in Path Aware Networking 8 draft-irtf-panrg-questions-02 10 Abstract 12 This document poses open questions in path-aware networking, as a 13 background for framing discussions in the Path Aware Networking 14 proposed Research Group (PANRG). Path-aware networking has two 15 aspects: the exposure of properties of available Internet paths to 16 endpoints and applications running on them, and allowing endpoints 17 and applications to use these properties to select paths through the 18 Internet for their traffic. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at https://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on November 23, 2019. 37 Copyright Notice 39 Copyright (c) 2019 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (https://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction to Path-Aware Networking . . . . . . . . . . . . 2 55 2. Questions . . . . . . . . . . . . . . . . . . . . . . . . . . 3 56 2.1. A Vocabulary of Path Properties . . . . . . . . . . . . . 3 57 2.2. Discovery, Distribution, and Trustworthiness of Path 58 Properties . . . . . . . . . . . . . . . . . . . . . . . 4 59 2.3. Supporting Path Selection . . . . . . . . . . . . . . . . 4 60 2.4. Interfaces for Path Awareness . . . . . . . . . . . . . . 4 61 2.5. Implications of Path Awareness for the Data Plane . . . . 5 62 2.6. What is an Endpoint? . . . . . . . . . . . . . . . . . . 5 63 2.7. Operating a Path Aware Network . . . . . . . . . . . . . 6 64 2.8. Deploying a Path Aware Network . . . . . . . . . . . . . 6 65 3. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7 66 4. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 67 4.1. Normative References . . . . . . . . . . . . . . . . . . 7 68 4.2. Informative References . . . . . . . . . . . . . . . . . 7 69 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 8 71 1. Introduction to Path-Aware Networking 73 In the current Internet architecture, the interdomain network layer 74 provides an unverifiable, best-effort service: an application can 75 assume that a packet with a given destination address will eventually 76 be forwarded toward that destination, but little else. A transport 77 layer protocol such as TCP can provide reliability over this best- 78 effort service, and a protocol above the network layer such as IPsec 79 AH [RFC4302] or TLS [RFC5246] can authenticate the remote endpoint. 80 However, no explicit information about the path is available, and 81 assumptions about that path sometimes do not hold, sometimes with 82 serious impacts on the application, as in the case with BGP hijacking 83 attacks. 85 By contrast, in a path-aware internetworking architecture, endpoints 86 have the ability to select or influence the path through the network 87 used by any given packet, and the network and transport layers 88 explicitly expose information about the path or paths available 89 between two endpoints to those endpoints and the applications running 90 on them, so that they can make this selection. 92 Path selection provides transparency and control to applications and 93 users of the network. Selection may be made at either the 94 application layer or the transport layer. Path control at the packet 95 level enables the design of new transport protocols that can leverage 96 multipath connectivity across maximally-disjoint paths through the 97 Internet, even over a single physical interface. When exposed to 98 applications, or to end-users through a system configuration 99 interface, path control allows the specification of constraints on 100 the paths that traffic should traverse, for instance to confound 101 passive surveillance in the network core. 103 We note that this property of "path awareness" already exists in many 104 Internet-connected networks in an intradomain context. Indeed, much 105 of the practice of network engineering using encapsulation at layer 3 106 can be said to be "path aware", in that it explicitly assigns traffic 107 at tunnel endpoints to a given path within the network. Path-aware 108 internetworking seeks to extend this awareness across domain 109 boundaries without resorting to overlays, except as a transition 110 technology. 112 2. Questions 114 Realizing path-aware networking requires answers to a set of open 115 research questions. This document poses these questions, as a 116 starting point for discussions about how to realize path awareness in 117 the Internet, and to direct future research efforts within the Path 118 Aware Networking Research Group. 120 2.1. A Vocabulary of Path Properties 122 In order for information about paths to be exposed to an endpoint, 123 and for the endpoint to make use of that information, it is necessary 124 to define a common vocabulary for path properties. The elements of 125 this vocabulary could include relatively static properties, such as 126 the presence of a given node or service function on the path; as well 127 as relatively dynamic properties, such as the current values of 128 metrics such as loss and latency. 130 This vocabulary must be defined carefully, as its design will have 131 impacts on the expressiveness of a given path-aware internetworking 132 architecture. This expressiveness also exhibits tradeoffs. For 133 example, a system that exposes node-level information for the 134 topology through each network would maximize information about the 135 individual components of the path at the endpoints at the expense of 136 making internal network topology universally public, which may be in 137 conflict with the business goals of each network's operator. 139 The first question: how are path properties defined and represented? 141 2.2. Discovery, Distribution, and Trustworthiness of Path Properties 143 Once endpoints and networks have a shared vocabulary for expressing 144 path properties, the network must have some method for distributing 145 those path properties to the endpoint. Regardless of how path 146 property information is distributed to the endpoints, the endpoints 147 require a method to authenticate the properties - to determine that 148 they originated from and pertain to the path that they purport to. 150 Choices in distribution and authentication methods will have impacts 151 on the scalability of a path-aware architecture. Possible dimensions 152 in the space of distribution methods include in-band versus out-of- 153 band, push versus pull versus publish-subscribe, and so on. There 154 are temporal issues with path property dissemination as well, 155 especially with dynamic properties, since the measurement or 156 elicitation of dynamic properties may be outdated by the time that 157 information is available at the endpoints, and interactions between 158 the measurement and dissemination delay may exhibit pathological 159 behavior for unlucky points in the parameter space. 161 The second question: how do endpoints get access to trustworthy path 162 properties? 164 2.3. Supporting Path Selection 166 Access to trustworthy path properties is only half of the challenge 167 in establishing a path-aware architecture. Endpoints must be able to 168 use this information in order to select paths for traffic they send. 169 As with the dissemination of path properties, choices made in path 170 selection methods will also have an impact on the tradeoff between 171 scalability and expressiveness of a path-aware architecture. One key 172 choice here is between in-band and out-of-band control of path 173 selection. Another is granularity of path selection (whether per 174 packet, per flow, or per larger aggregate), which also has a large 175 impact on the scalabilty/expressiveness tradeoff. Path selection 176 must, like path property information, be trustworthy, such that the 177 result of a path selection at an endpoint is predictable. 179 The third question: how can endpoints select paths to use for traffic 180 in a way that can be trusted by both the network and the endpoints? 182 2.4. Interfaces for Path Awareness 184 In order for applications to make effective use of a path-aware 185 networking architecture, the control interfaces presented by the 186 network and transport layers must also expose path properties to the 187 application in a useful way, and provide a useful set of paths among 188 which the application can select. Path selection must be possible 189 based not only on the preferences and policies of the application 190 developer, but of end-users as well. Also, the path selection 191 interfaces presented to applications and end users will need to 192 support multiple levels of granularity. Most applications' 193 requirements can be satisfied with the expression path selection 194 policies in terms of properties of the paths, while some applications 195 may need finer-grained, per-path control. 197 The fourth question: how can interfaces to the transport and 198 application layers support the use of path awareness? 200 2.5. Implications of Path Awareness for the Data Plane 202 In the current Internet, the basic assumption that at a given time t 203 all traffic for a given flow will traverse a single path, for some 204 definition of path, generally holds. In a path aware network, this 205 assumption no longer holds. The absence of this assumption has 206 implications for the design of protocols above any path-aware network 207 layer. 209 For example, one advantage of multipath communication is that a given 210 end-to-end flow can be "sprayed" along multiple paths in order to 211 confound attempts to collect data or metadata from those flows for 212 pervasive surveillance purposes [RFC7624]. However, the benefits of 213 this approach are reduced if the upper-layer protocols use linkable 214 identifiers on packets belonging to the same flow across different 215 paths. Clients may mitigate linkability by opting to not re-use 216 cleartext connection identifiers, such as TLS session IDs or tickets, 217 on separate paths. The privacy-conscious strategies required for 218 effective privacy in a path-aware Internet are only possible if 219 higher-layer protocols such as TLS permit clients to obtain 220 unlinkable identifiers. 222 The fifth question: how should transport-layer and higher layer 223 protocols be redesigned to work most effectively over a path-aware 224 networking layer? 226 2.6. What is an Endpoint? 228 The vision of path-aware networking articulated so far makes an 229 assumption that path properties will be disseminated to endpoints on 230 which applications are running (terminals with user agents, servers, 231 and so on). However, incremental deployment may require that a path- 232 aware network "core" be used to interconnect islands of legacy 233 protocol networks. In these cases, it is the gateways, not the 234 application endpoints, that receive path properties and make path 235 selections for that traffic. The interfaces provided by this gateway 236 are necessarily different than those a path-aware networking layer 237 provides to its transport and application layers, and the path 238 property information the gateway needs and makes available over those 239 interfaces may also be different. 241 The sixth question: how is path awareness (in terms of vocabulary and 242 interfaces) different when applied to tunnel and overlay endpoints? 244 2.7. Operating a Path Aware Network 246 The network operations model in the current Internet architecture 247 assumes that traffic flows are controlled by the decisions and 248 policies made by network operators, as expressed in interdomain 249 routing protocols. In a network providing path selection to the 250 endpoints, however, this assumption no longer holds, as endpoints may 251 react to path properties by selecting alternate paths. Competing 252 control inputs from path-aware endpoints and the interdomain routing 253 control plane may lead to more difficult traffic engineering or 254 nonconvergent forwarding, especially if the endpoints' and operators' 255 notion of the "best" path for given traffic diverges significantly. 257 A concept for path aware network operations will need to have clear 258 methods for the resolution of apparent (if not actual) conflicts of 259 intent between the network's operator and the path selection at an 260 endpoint. It will also need set of safety principles to ensure that 261 increasing path control does not lead to decreasing connectivity; one 262 such safety principle could be "the existence of at least one path 263 between two endpoints guarantees the selection of at least one path 264 between those endpoints." 266 The seventh question: how can a path aware network in a path aware 267 internetwork be effectively operated, given control inputs from the 268 network administrator as well as from the endpoints? 270 2.8. Deploying a Path Aware Network 272 The vision presented in the introduction discusses path aware 273 networking from the point of view of the benefits accruing at the 274 endpoints, to designers of transport protocols and applications as 275 well as to the end users of those applications. However, this vision 276 requires action not only at the endpoints but within the 277 interconnected networks offering path aware connectivity. While the 278 specific actions required are a matter of the design and 279 implementation of a specific realization of a path aware protocol 280 stack, it is clear than any path aware architecture will require 281 network operators to give up some control of their networks over to 282 endpoint-driven control inputs. 284 Here the question of apparent versus actual conflicts of intent 285 arises again: certain network operations requirements may appear 286 essential, but are merely accidents of the interfaces provided by 287 current routing and management protocols. Incentives for deployment 288 must show how existing network operations requirements are met 289 through new path selection and property dissemination mechanisms. 291 The incentives for network operators and equipment vendors to do 292 provide be made clear, in terms of a plan to transition [RFC8170] an 293 internetwork to path-aware operation, one network and facility at a 294 time. 296 The eighth question: how can the incentives of network operators and 297 end-users be aligned to realize the vision of path aware networking? 299 3. Acknowledgments 301 Many thanks to Adrian Perrig, Jean-Pierre Smith, Mirja Kuehlewind, 302 Olivier Bonaventure, Martin Thomson, Shwetha Bhandari, Chris Wood, 303 Lee Howard, and Mohamed Boucadair for discussions leading to 304 questions in this document, and for feedback on the document itself. 306 This work is partially supported by the European Commission under 307 Horizon 2020 grant agreement no. 688421 Measurement and Architecture 308 for a Middleboxed Internet (MAMI), and by the Swiss State Secretariat 309 for Education, Research, and Innovation under contract no. 15.0268. 310 This support does not imply endorsement. 312 4. References 314 4.1. Normative References 316 [RFC4302] Kent, S., "IP Authentication Header", RFC 4302, 317 DOI 10.17487/RFC4302, December 2005, 318 . 320 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 321 (TLS) Protocol Version 1.2", RFC 5246, 322 DOI 10.17487/RFC5246, August 2008, 323 . 325 4.2. Informative References 327 [RFC7624] Barnes, R., Schneier, B., Jennings, C., Hardie, T., 328 Trammell, B., Huitema, C., and D. Borkmann, 329 "Confidentiality in the Face of Pervasive Surveillance: A 330 Threat Model and Problem Statement", RFC 7624, 331 DOI 10.17487/RFC7624, August 2015, 332 . 334 [RFC8170] Thaler, D., Ed., "Planning for Protocol Adoption and 335 Subsequent Transitions", RFC 8170, DOI 10.17487/RFC8170, 336 May 2017, . 338 Author's Address 340 Brian Trammell 341 Google 342 Gustav-Gull-Platz 1 343 8004 Zurich 344 Switzerland 346 Email: ietf@trammell.ch