idnits 2.17.1 draft-irtf-panrg-questions-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 24, 2019) is 1585 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) Summary: 3 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Path Aware Networking RG B. Trammell 3 Internet-Draft Google Switzerland GmbH 4 Intended status: Informational December 24, 2019 5 Expires: June 26, 2020 7 Current Open Questions in Path Aware Networking 8 draft-irtf-panrg-questions-04 10 Abstract 12 In contrast to the present Internet architecture, a path-aware 13 internetworking architecture has two important properties: it exposes 14 the properties of available Internet paths to endpoints, and provides 15 for endpoints and applications to use these properties to select 16 paths through the Internet for their traffic. This document poses 17 questions in path-aware networking open as of 2019, that must be 18 answered in the design, development, and deployment of path-aware 19 intetnetworks. It was originally written to frame discussions in the 20 Path Aware Networking proposed Research Group (PANRG), and has been 21 published to snapshot current thinking in this space. 23 Status of This Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at https://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on June 26, 2020. 40 Copyright Notice 42 Copyright (c) 2019 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (https://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction to Path-Aware Networking . . . . . . . . . . . . 2 58 2. Questions . . . . . . . . . . . . . . . . . . . . . . . . . . 3 59 2.1. A Vocabulary of Path Properties . . . . . . . . . . . . . 3 60 2.2. Discovery, Distribution, and Trustworthiness of Path 61 Properties . . . . . . . . . . . . . . . . . . . . . . . 4 62 2.3. Supporting Path Selection . . . . . . . . . . . . . . . . 4 63 2.4. Interfaces for Path Awareness . . . . . . . . . . . . . . 5 64 2.5. Implications of Path Awareness for the Data Plane . . . . 5 65 2.6. What is an Endpoint? . . . . . . . . . . . . . . . . . . 6 66 2.7. Operating a Path Aware Network . . . . . . . . . . . . . 6 67 2.8. Deploying a Path Aware Network . . . . . . . . . . . . . 7 68 3. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7 69 4. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 70 4.1. Normative References . . . . . . . . . . . . . . . . . . 8 71 4.2. Informative References . . . . . . . . . . . . . . . . . 8 72 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 8 74 1. Introduction to Path-Aware Networking 76 In the current Internet architecture, the interdomain network layer 77 provides an unverifiable, best-effort service: an application can 78 assume that a packet with a given destination address will eventually 79 be forwarded toward that destination, but little else. A transport 80 layer protocol such as TCP can provide reliability over this best- 81 effort service, and a protocol above the network layer such as IPsec 82 AH [RFC4302] or TLS [RFC5246] can authenticate the remote endpoint. 83 However, no explicit information about the path is available, and 84 assumptions about that path sometimes do not hold, sometimes with 85 serious impacts on the application, as in the case with BGP hijacking 86 attacks. 88 By contrast, in a path-aware internetworking architecture, endpoints 89 have the ability to select or influence the path through the network 90 used by any given packet, and the network and transport layers 91 explicitly expose information about the path or paths available 92 between two endpoints to those endpoints and the applications running 93 on them, so that they can make this selection. 95 Path selection provides transparency and control to applications and 96 users of the network. Selection may be made at either the 97 application layer or the transport layer. Path control at the packet 98 level enables the design of new transport protocols that can leverage 99 multipath connectivity across maximally-disjoint paths through the 100 Internet, even over a single physical interface. When exposed to 101 applications, or to end-users through a system configuration 102 interface, path control allows the specification of constraints on 103 the paths that traffic should traverse, for instance to confound 104 passive surveillance in the network core. 106 We note that this property of "path awareness" already exists in many 107 Internet-connected networks in an intradomain context. Indeed, much 108 of the practice of network engineering using encapsulation at layer 3 109 can be said to be "path aware", in that it explicitly assigns traffic 110 at tunnel endpoints to a given path within the network. Path-aware 111 internetworking seeks to extend this awareness across domain 112 boundaries without resorting to overlays, except as a transition 113 technology. 115 2. Questions 117 Realizing path-aware networking requires answers to a set of open 118 research questions. This document poses these questions, as a 119 starting point for discussions about how to realize path awareness in 120 the Internet, and to direct future research efforts within the Path 121 Aware Networking Research Group. 123 2.1. A Vocabulary of Path Properties 125 In order for information about paths to be exposed to an endpoint, 126 and for the endpoint to make use of that information, it is necessary 127 to define a common vocabulary for paths through an internetwork, and 128 properties of those paths. The elements of this vocabulary could 129 include terminology for components of a path and properties defined 130 for these components, for the entire path, or for subpaths of a path. 131 These properties may be relatively static, such as the presence of a 132 given node or service function on the path; as well as relatively 133 dynamic, such as the current values of metrics such as loss and 134 latency. 136 This vocabulary must be defined carefully, as its design will have 137 impacts on the expressiveness of a given path-aware internetworking 138 architecture. This expressiveness also exhibits tradeoffs. For 139 example, a system that exposes node-level information for the 140 topology through each network would maximize information about the 141 individual components of the path at the endpoints, at the expense of 142 making internal network topology universally public, which may be in 143 conflict with the business goals of each network's operator. 144 Furthermore, properties related to individual components of the path 145 may change frequently and may quickly become outdated. However, 146 aggregating the properties of individual components to distill end- 147 to-end properties for the entire path is not trivial. 149 The first question: how are paths and path properties defined and 150 represented? 152 2.2. Discovery, Distribution, and Trustworthiness of Path Properties 154 Once endpoints and networks have a shared vocabulary for expressing 155 path properties, the network must have some method for distributing 156 those path properties to the endpoint. Regardless of how path 157 property information is distributed to the endpoints, the endpoints 158 require a method to authenticate the properties - to determine that 159 they originated from and pertain to the path that they purport to. 161 Choices in distribution and authentication methods will have impacts 162 on the scalability of a path-aware architecture. Possible dimensions 163 in the space of distribution methods include in-band versus out-of- 164 band, push versus pull versus publish-subscribe, and so on. There 165 are temporal issues with path property dissemination as well, 166 especially with dynamic properties, since the measurement or 167 elicitation of dynamic properties may be outdated by the time that 168 information is available at the endpoints, and interactions between 169 the measurement and dissemination delay may exhibit pathological 170 behavior for unlucky points in the parameter space. 172 The second question: how do endpoints get access to trustworthy path 173 properties? 175 2.3. Supporting Path Selection 177 Access to trustworthy path properties is only half of the challenge 178 in establishing a path-aware architecture. Endpoints must be able to 179 use this information in order to select paths for traffic they send. 180 As with the dissemination of path properties, choices made in path 181 selection methods will also have an impact on the tradeoff between 182 scalability and expressiveness of a path-aware architecture. One key 183 choice here is between in-band and out-of-band control of path 184 selection. Another is granularity of path selection (whether per 185 packet, per flow, or per larger aggregate), which also has a large 186 impact on the scalabilty/expressiveness tradeoff. Path selection 187 must, like path property information, be trustworthy, such that the 188 result of a path selection at an endpoint is predictable. 190 The third question: how can endpoints select paths to use for traffic 191 in a way that can be trusted by both the network and the endpoints? 193 2.4. Interfaces for Path Awareness 195 In order for applications to make effective use of a path-aware 196 networking architecture, the control interfaces presented by the 197 network and transport layers must also expose path properties to the 198 application in a useful way, and provide a useful set of paths among 199 which the application can select. Path selection must be possible 200 based not only on the preferences and policies of the application 201 developer, but of end-users as well. Also, the path selection 202 interfaces presented to applications and end users will need to 203 support multiple levels of granularity. Most applications' 204 requirements can be satisfied with the expression path selection 205 policies in terms of properties of the paths, while some applications 206 may need finer-grained, per-path control. 208 The fourth question: how can interfaces to the transport and 209 application layers support the use of path awareness? 211 2.5. Implications of Path Awareness for the Data Plane 213 In the current Internet, the basic assumption that at a given time t 214 all traffic for a given flow will traverse a single path, for some 215 definition of path, generally holds. In a path aware network, this 216 assumption no longer holds. The absence of this assumption has 217 implications for the design of protocols above any path-aware network 218 layer. 220 For example, one advantage of multipath communication is that a given 221 end-to-end flow can be "sprayed" along multiple paths in order to 222 confound attempts to collect data or metadata from those flows for 223 pervasive surveillance purposes [RFC7624]. However, the benefits of 224 this approach are reduced if the upper-layer protocols use linkable 225 identifiers on packets belonging to the same flow across different 226 paths. Clients may mitigate linkability by opting to not re-use 227 cleartext connection identifiers, such as TLS session IDs or tickets, 228 on separate paths. The privacy-conscious strategies required for 229 effective privacy in a path-aware Internet are only possible if 230 higher-layer protocols such as TLS permit clients to obtain 231 unlinkable identifiers. 233 The fifth question: how should transport-layer and higher layer 234 protocols be redesigned to work most effectively over a path-aware 235 networking layer? 237 2.6. What is an Endpoint? 239 The vision of path-aware networking articulated so far makes an 240 assumption that path properties will be disseminated to endpoints on 241 which applications are running (terminals with user agents, servers, 242 and so on). However, incremental deployment may require that a path- 243 aware network "core" be used to interconnect islands of legacy 244 protocol networks. In these cases, it is the gateways, not the 245 application endpoints, that receive path properties and make path 246 selections for that traffic. The interfaces provided by this gateway 247 are necessarily different than those a path-aware networking layer 248 provides to its transport and application layers, and the path 249 property information the gateway needs and makes available over those 250 interfaces may also be different. 252 The sixth question: how is path awareness (in terms of vocabulary and 253 interfaces) different when applied to tunnel and overlay endpoints? 255 2.7. Operating a Path Aware Network 257 The network operations model in the current Internet architecture 258 assumes that traffic flows are controlled by the decisions and 259 policies made by network operators, as expressed in interdomain 260 routing protocols. In a network providing path selection to the 261 endpoints, however, this assumption no longer holds, as endpoints may 262 react to path properties by selecting alternate paths. Competing 263 control inputs from path-aware endpoints and the interdomain routing 264 control plane may lead to more difficult traffic engineering or 265 nonconvergent forwarding, especially if the endpoints' and operators' 266 notion of the "best" path for given traffic diverges significantly. 268 A concept for path aware network operations will need to have clear 269 methods for the resolution of apparent (if not actual) conflicts of 270 intent between the network's operator and the path selection at an 271 endpoint. It will also need set of safety principles to ensure that 272 increasing path control does not lead to decreasing connectivity; one 273 such safety principle could be "the existence of at least one path 274 between two endpoints guarantees the selection of at least one path 275 between those endpoints." 277 The seventh question: how can a path aware network in a path aware 278 internetwork be effectively operated, given control inputs from the 279 network administrator as well as from the endpoints? 281 2.8. Deploying a Path Aware Network 283 The vision presented in the introduction discusses path aware 284 networking from the point of view of the benefits accruing at the 285 endpoints, to designers of transport protocols and applications as 286 well as to the end users of those applications. However, this vision 287 requires action not only at the endpoints but within the 288 interconnected networks offering path aware connectivity. While the 289 specific actions required are a matter of the design and 290 implementation of a specific realization of a path aware protocol 291 stack, it is clear than any path aware architecture will require 292 network operators to give up some control of their networks over to 293 endpoint-driven control inputs. 295 Here the question of apparent versus actual conflicts of intent 296 arises again: certain network operations requirements may appear 297 essential, but are merely accidents of the interfaces provided by 298 current routing and management protocols. Incentives for deployment 299 must show how existing network operations requirements are met 300 through new path selection and property dissemination mechanisms. 302 The incentives for network operators and equipment vendors need to be 303 made clear, in terms of a plan to transition [RFC8170] an 304 internetwork to path-aware operation, one network and facility at a 305 time. This plan to transition must also take into account that the 306 dynamics of path aware networking early in this transition (when few 307 endpoints and flows in the Internet use path selection) may be 308 different than those later in the transition. 310 The eighth question: how can the incentives of network operators and 311 end-users be aligned to realize the vision of path aware networking, 312 and how can the transition from current ("path-oblivious") to path- 313 aware networking be managed? 315 3. Acknowledgments 317 Many thanks to Adrian Perrig, Jean-Pierre Smith, Mirja Kuehlewind, 318 Olivier Bonaventure, Martin Thomson, Shwetha Bhandari, Chris Wood, 319 Lee Howard, Mohamed Boucadair, and Thorben Krueger for discussions 320 leading to questions in this document, and for feedback on the 321 document itself. 323 This work is partially supported by the European Commission under 324 Horizon 2020 grant agreement no. 688421 Measurement and Architecture 325 for a Middleboxed Internet (MAMI), and by the Swiss State Secretariat 326 for Education, Research, and Innovation under contract no. 15.0268. 327 This support does not imply endorsement. 329 4. References 331 4.1. Normative References 333 [RFC4302] Kent, S., "IP Authentication Header", RFC 4302, 334 DOI 10.17487/RFC4302, December 2005, 335 . 337 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 338 (TLS) Protocol Version 1.2", RFC 5246, 339 DOI 10.17487/RFC5246, August 2008, 340 . 342 4.2. Informative References 344 [RFC7624] Barnes, R., Schneier, B., Jennings, C., Hardie, T., 345 Trammell, B., Huitema, C., and D. Borkmann, 346 "Confidentiality in the Face of Pervasive Surveillance: A 347 Threat Model and Problem Statement", RFC 7624, 348 DOI 10.17487/RFC7624, August 2015, 349 . 351 [RFC8170] Thaler, D., Ed., "Planning for Protocol Adoption and 352 Subsequent Transitions", RFC 8170, DOI 10.17487/RFC8170, 353 May 2017, . 355 Author's Address 357 Brian Trammell 358 Google Switzerland GmbH 359 Gustav-Gull-Platz 1 360 8004 Zurich 361 Switzerland 363 Email: ietf@trammell.ch