idnits 2.17.1 draft-irtf-panrg-questions-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 29, 2020) is 1328 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Path Aware Networking RG B. Trammell 3 Internet-Draft Google Switzerland GmbH 4 Intended status: Informational August 29, 2020 5 Expires: March 2, 2021 7 Current Open Questions in Path Aware Networking 8 draft-irtf-panrg-questions-07 10 Abstract 12 In contrast to the present Internet architecture, a path-aware 13 internetworking architecture has two important properties: it exposes 14 the properties of available Internet paths to endpoints, and provides 15 for endpoints and applications to use these properties to select 16 paths through the Internet for their traffic. This document poses 17 questions in path-aware networking open as of 2020, that must be 18 answered in the design, development, and deployment of path-aware 19 internetworks. It was originally written to frame discussions in the 20 Path Aware Networking proposed Research Group (PANRG), and has been 21 published to snapshot current thinking in this space. 23 Status of This Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at https://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on March 2, 2021. 40 Copyright Notice 42 Copyright (c) 2020 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (https://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction to Path-Aware Networking . . . . . . . . . . . . 2 58 1.1. Definition . . . . . . . . . . . . . . . . . . . . . . . 3 59 2. Questions . . . . . . . . . . . . . . . . . . . . . . . . . . 3 60 2.1. A Vocabulary of Path Properties . . . . . . . . . . . . . 4 61 2.2. Discovery, Distribution, and Trustworthiness of Path 62 Properties . . . . . . . . . . . . . . . . . . . . . . . 4 63 2.3. Supporting Path Selection . . . . . . . . . . . . . . . . 5 64 2.4. Interfaces for Path Awareness . . . . . . . . . . . . . . 5 65 2.5. Implications of Path Awareness for the Data Plane . . . . 6 66 2.6. What is an Endpoint? . . . . . . . . . . . . . . . . . . 6 67 2.7. Operating a Path Aware Network . . . . . . . . . . . . . 7 68 2.8. Deploying a Path Aware Network . . . . . . . . . . . . . 7 69 3. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8 70 4. Informative References . . . . . . . . . . . . . . . . . . . 8 71 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 9 73 1. Introduction to Path-Aware Networking 75 In the current Internet architecture, the network layer provides an 76 unverifiable, best-effort service: an application can assume that a 77 packet with a given destination address will eventually be forwarded 78 toward that destination, but little else. A transport layer protocol 79 such as TCP can provide reliability over this best-effort service, 80 and a protocol above the network layer such as IPsec AH [RFC4302] or 81 TLS [RFC8446] can authenticate the remote endpoint. However, little, 82 if any, explicit information about the path is available, and 83 assumptions about that path often do not hold, sometimes with serious 84 impacts on the application, as in the case with BGP hijacking 85 attacks. 87 By contrast, in a path-aware internetworking architecture, endpoints 88 have the ability to select or influence the path through the network 89 used by any given packet, and the network and transport layers 90 explicitly expose information about the path or paths available from 91 one endpoint to another, and vice versa, to those endpoints and the 92 applications running on them, so that they can make this selection. 94 Path selection provides transparency and control to applications and 95 users of the network. Selection may be made at either the 96 application layer or the transport layer. Path control at the packet 97 level enables the design of new transport protocols that can leverage 98 multipath connectivity across disjoint paths through the Internet, 99 even over a single physical interface. When exposed to applications, 100 or to end-users through a system configuration interface, path 101 control allows the specification of constraints on the paths that 102 traffic should traverse, for instance to confound passive 103 surveillance in the network core [RFC7624]. 105 We note that this property of "path awareness" already exists in many 106 Internet-connected networks within single domains. Indeed, much of 107 the practice of network engineering using encapsulation at layer 3 108 can be said to be "path aware", in that it explicitly assigns traffic 109 at tunnel endpoints to a given path within the network. Path-aware 110 internetworking seeks to extend this awareness across domain 111 boundaries without resorting to overlays, except as a transition 112 technology. 114 This document presents a snapshot of open questions in this space 115 that will need to be answered in order to realize a path-aware 116 internetworking architecture; it is published to further frame 117 discussions within and outside the Path Aware Networking Research 118 Group, and is published with the rough consensus of that group. 120 1.1. Definition 122 For purposes of this document, "path aware networking" describes 123 endpoint discovery of the properties of paths they use for 124 communication, and endpoint reaction to these properties that affects 125 routing and/or transmission; note that this can and already does 126 happen to some extent in the current Internet architecture. 127 Expanding on this definition, a "path aware internetwork" is one in 128 which endpoint discovery of path properties and endpoint selection of 129 paths used by traffic exchanged by the endpoint are explicitly 130 supported, regardless of the specific design of the protocol features 131 which enable this discovery and selection. 133 Research into path aware networking covers any and all aspects of 134 designing, building, and operating path aware internetworks or the 135 networks and endpoints attached to them. This document presents a 136 collection of research questions to address in order to make a path 137 aware Internet a reality. 139 2. Questions 141 Realizing path-aware networking requires answers to a set of open 142 research questions. This document poses these questions, as a 143 starting point for discussions about how to realize path awareness in 144 the Internet, and to direct future research efforts within the Path 145 Aware Networking Research Group. 147 2.1. A Vocabulary of Path Properties 149 In order for information about paths to be exposed to an endpoint, 150 and for the endpoint to make use of that information, it is necessary 151 to define a common vocabulary for paths through an internetwork, and 152 properties of those paths. The elements of this vocabulary could 153 include terminology for components of a path and properties defined 154 for these components, for the entire path, or for subpaths of a path. 155 These properties may be relatively static, such as the presence of a 156 given node or service function on the path; as well as relatively 157 dynamic, such as the current values of metrics such as loss and 158 latency. 160 This vocabulary must be defined carefully, as its design will have 161 impacts on the expressiveness of a given path-aware internetworking 162 architecture. This expressiveness also exhibits tradeoffs. For 163 example, a system that exposes node-level information for the 164 topology through each network would maximize information about the 165 individual components of the path at the endpoints, at the expense of 166 making internal network topology universally public, which may be in 167 conflict with the business goals of each network's operator. 168 Furthermore, properties related to individual components of the path 169 may change frequently and may quickly become outdated. However, 170 aggregating the properties of individual components to distill end- 171 to-end properties for the entire path is not trivial. 173 The first question: how are paths and path properties defined and 174 represented? 176 2.2. Discovery, Distribution, and Trustworthiness of Path Properties 178 Once endpoints and networks have a shared vocabulary for expressing 179 path properties, the network must have some method for distributing 180 those path properties to the endpoint. Regardless of how path 181 property information is distributed to the endpoints, the endpoints 182 require a method to authenticate the properties - to determine that 183 they originated from and pertain to the path that they purport to. 185 Choices in distribution and authentication methods will have impacts 186 on the scalability of a path-aware architecture. Possible dimensions 187 in the space of distribution methods include in-band versus out-of- 188 band, push versus pull versus publish-subscribe, and so on. There 189 are temporal issues with path property dissemination as well, 190 especially with dynamic properties, since the measurement or 191 elicitation of dynamic properties may be outdated by the time that 192 information is available at the endpoints, and interactions between 193 the measurement and dissemination delay may exhibit pathological 194 behavior for unlucky points in the parameter space. 196 The second question: how do endpoints and applications get access to 197 trustworthy path properties? 199 2.3. Supporting Path Selection 201 Access to trustworthy path properties is only half of the challenge 202 in establishing a path-aware architecture. Endpoints must be able to 203 use this information in order to select paths for specific traffic 204 they send. As with the dissemination of path properties, choices 205 made in path selection methods will also have an impact on the 206 tradeoff between scalability and expressiveness of a path-aware 207 architecture. One key choice here is between in-band and out-of-band 208 control of path selection. Another is granularity of path selection 209 (whether per packet, per flow, or per larger aggregate), which also 210 has a large impact on the scalabilty/expressiveness tradeoff. Path 211 selection must, like path property information, be trustworthy, such 212 that the result of a path selection at an endpoint is predictable. 213 Moreover, any path selection mechanism should aim to provide an 214 outcome that is not worse than using a single path, or selecting 215 paths at random. 217 The third question: how can endpoints select paths to use for traffic 218 in a way that can be trusted by the network, the endpoints, and the 219 applications using them? 221 2.4. Interfaces for Path Awareness 223 In order for applications to make effective use of a path-aware 224 networking architecture, the control interfaces presented by the 225 network and transport layers must also expose path properties to the 226 application in a useful way, and provide a useful set of paths among 227 which the application can select. Path selection must be possible 228 based not only on the preferences and policies of the application 229 developer, but of end-users as well. Also, the path selection 230 interfaces presented to applications and end users will need to 231 support multiple levels of granularity. Most applications' 232 requirements can be satisfied with the expression path selection 233 policies in terms of properties of the paths, while some applications 234 may need finer-grained, per-path control. These interfaces will need 235 to support incremental development and deployment of applications, 236 and provide sensible defaults, to avoid hindering their adoption. 238 The fourth question: how can interfaces to the transport and 239 application layers support the use of path awareness? 241 2.5. Implications of Path Awareness for the Data Plane 243 In the current Internet, the basic assumption that at a given time 244 all traffic for a given flow will receive the same network treatment 245 and traverse the same path or equivalend paths often holds. In a 246 path aware network, this assumption is more easily violated. The 247 weakening of this assumption has implications for the design of 248 protocols above any path-aware network layer. 250 For example, one advantage of multipath communication is that a given 251 end-to-end flow can be "sprayed" along multiple paths in order to 252 confound attempts to collect data or metadata from those flows for 253 pervasive surveillance purposes [RFC7624]. However, the benefits of 254 this approach are reduced if the upper-layer protocols use linkable 255 identifiers on packets belonging to the same flow across different 256 paths. Clients may mitigate linkability by opting to not re-use 257 cleartext connection identifiers, such as TLS session IDs or tickets, 258 on separate paths. The privacy-conscious strategies required for 259 effective privacy in a path-aware Internet are only possible if 260 higher-layer protocols such as TLS permit clients to obtain 261 unlinkable identifiers. 263 The fifth question: how should transport-layer and higher layer 264 protocols be redesigned to work most effectively over a path-aware 265 networking layer? 267 2.6. What is an Endpoint? 269 The vision of path-aware networking articulated so far makes an 270 assumption that path properties will be disseminated to endpoints on 271 which applications are running (terminals with user agents, servers, 272 and so on). However, incremental deployment may require that a path- 273 aware network "core" be used to interconnect islands of legacy 274 protocol networks. In these cases, it is the gateways, not the 275 application endpoints, that receive path properties and make path 276 selections for that traffic. The interfaces provided by this gateway 277 are necessarily different than those a path-aware networking layer 278 provides to its transport and application layers, and the path 279 property information the gateway needs and makes available over those 280 interfaces may also be different. 282 The sixth question: how is path awareness (in terms of vocabulary and 283 interfaces) different when applied to tunnel and overlay endpoints? 285 2.7. Operating a Path Aware Network 287 The network operations model in the current Internet architecture 288 assumes that traffic flows are controlled by the decisions and 289 policies made by network operators, as expressed in interdomain and 290 intradomain routing protocols. In a network providing path selection 291 to the endpoints, however, this assumption no longer holds, as 292 endpoints may react to path properties by selecting alternate paths. 293 Competing control inputs from path-aware endpoints and the routing 294 control plane may lead to more difficult traffic engineering or 295 nonconvergent forwarding, especially if the endpoints' and operators' 296 notion of the "best" path for given traffic diverges significantly. 297 The degree of difficulty may depend on the fidelity of information 298 made available to path selection algorithms at the endpoints. 299 Explicit path selection can also specify outbound paths, while BGP 300 policies are expressed in terms of inbound traffic. 302 A concept for path aware network operations will need to have clear 303 methods for the resolution of apparent (if not actual) conflicts of 304 intent between the network's operator and the path selection at an 305 endpoint. It will also need set of safety principles to ensure that 306 increasing path control does not lead to decreasing connectivity; one 307 such safety principle could be "the existence of at least one path 308 between two endpoints guarantees the selection of at least one path 309 between those endpoints." 311 The seventh question: how can a path aware network in a path aware 312 internetwork be effectively operated, given control inputs from the 313 network administrator as well as from the endpoints? 315 2.8. Deploying a Path Aware Network 317 The vision presented in the introduction discusses path aware 318 networking from the point of view of the benefits accruing at the 319 endpoints, to designers of transport protocols and applications as 320 well as to the end users of those applications. However, this vision 321 requires action not only at the endpoints but within the 322 interconnected networks offering path aware connectivity. While the 323 specific actions required are a matter of the design and 324 implementation of a specific realization of a path aware protocol 325 stack, it is clear than any path aware architecture will require 326 network operators to give up some control of their networks over to 327 endpoint-driven control inputs. 329 Here the question of apparent versus actual conflicts of intent 330 arises again: certain network operations requirements may appear 331 essential, but are merely accidents of the interfaces provided by 332 current routing and management protocols. Incentives for deployment 333 must show how existing network operations requirements are met 334 through new path selection and property dissemination mechanisms. 336 The incentives for network operators and equipment vendors need to be 337 made clear, in terms of a plan to transition [RFC8170] an 338 internetwork to path-aware operation, one network and facility at a 339 time. This plan to transition must also take into account that the 340 dynamics of path aware networking early in this transition (when few 341 endpoints and flows in the Internet use path selection) may be 342 different than those later in the transition. 344 The eighth question: how can the incentives of network operators and 345 end-users be aligned to realize the vision of path aware networking, 346 and how can the transition from current ("path-oblivious") to path- 347 aware networking be managed? 349 3. Acknowledgments 351 Many thanks to Adrian Perrig, Jean-Pierre Smith, Mirja Kuehlewind, 352 Olivier Bonaventure, Martin Thomson, Shwetha Bhandari, Chris Wood, 353 Lee Howard, Mohamed Boucadair, Thorben Krueger, Gorry Fairhurst, 354 Spencer Dawkins, and Theresa Enghardt for discussions leading to 355 questions in this document, and for feedback on the document itself. 357 This work is partially supported by the European Commission under 358 Horizon 2020 grant agreement no. 688421 Measurement and Architecture 359 for a Middleboxed Internet (MAMI), and by the Swiss State Secretariat 360 for Education, Research, and Innovation under contract no. 15.0268. 361 This support does not imply endorsement. 363 4. Informative References 365 [RFC4302] Kent, S., "IP Authentication Header", RFC 4302, 366 DOI 10.17487/RFC4302, December 2005, 367 . 369 [RFC7624] Barnes, R., Schneier, B., Jennings, C., Hardie, T., 370 Trammell, B., Huitema, C., and D. Borkmann, 371 "Confidentiality in the Face of Pervasive Surveillance: A 372 Threat Model and Problem Statement", RFC 7624, 373 DOI 10.17487/RFC7624, August 2015, 374 . 376 [RFC8170] Thaler, D., Ed., "Planning for Protocol Adoption and 377 Subsequent Transitions", RFC 8170, DOI 10.17487/RFC8170, 378 May 2017, . 380 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 381 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 382 . 384 Author's Address 386 Brian Trammell 387 Google Switzerland GmbH 388 Gustav-Gull-Platz 1 389 8004 Zurich 390 Switzerland 392 Email: ietf@trammell.ch