idnits 2.17.1 draft-irtf-panrg-questions-11.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (11 November 2021) is 891 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Path Aware Networking RG B. Trammell 3 Internet-Draft Google Switzerland GmbH 4 Intended status: Informational 11 November 2021 5 Expires: 15 May 2022 7 Current Open Questions in Path Aware Networking 8 draft-irtf-panrg-questions-11 10 Abstract 12 In contrast to the present Internet architecture, a path-aware 13 internetworking architecture has two important properties: it exposes 14 the properties of available Internet paths to endpoints, and provides 15 for endpoints and applications to use these properties to select 16 paths through the Internet for their traffic. While this property of 17 "path awareness" already exists in many Internet-connected networks 18 within single domains and via administrative interfaces to the 19 network layer, a fully path-aware internetwork expands these concepts 20 across layers and across the Internet. 22 This document poses questions in path-aware networking open as of 23 2021, that must be answered in the design, development, and 24 deployment of path-aware internetworks. It was originally written to 25 frame discussions in the Path Aware Networking proposed Research 26 Group (PANRG), and has been published to snapshot current thinking in 27 this space. 29 Discussion Venues 31 This note is to be removed before publishing as an RFC. 33 Source for this draft and an issue tracker can be found at 34 https://github.com/panrg/questions. 36 Status of This Memo 38 This Internet-Draft is submitted in full conformance with the 39 provisions of BCP 78 and BCP 79. 41 Internet-Drafts are working documents of the Internet Engineering 42 Task Force (IETF). Note that other groups may also distribute 43 working documents as Internet-Drafts. The list of current Internet- 44 Drafts is at https://datatracker.ietf.org/drafts/current/. 46 Internet-Drafts are draft documents valid for a maximum of six months 47 and may be updated, replaced, or obsoleted by other documents at any 48 time. It is inappropriate to use Internet-Drafts as reference 49 material or to cite them other than as "work in progress." 51 This Internet-Draft will expire on 15 May 2022. 53 Copyright Notice 55 Copyright (c) 2021 IETF Trust and the persons identified as the 56 document authors. All rights reserved. 58 This document is subject to BCP 78 and the IETF Trust's Legal 59 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 60 license-info) in effect on the date of publication of this document. 61 Please review these documents carefully, as they describe your rights 62 and restrictions with respect to this document. Code Components 63 extracted from this document must include Simplified BSD License text 64 as described in Section 4.e of the Trust Legal Provisions and are 65 provided without warranty as described in the Simplified BSD License. 67 Table of Contents 69 1. Introduction to Path-Aware Networking . . . . . . . . . . . . 2 70 1.1. Definition . . . . . . . . . . . . . . . . . . . . . . . 4 71 2. Questions . . . . . . . . . . . . . . . . . . . . . . . . . . 4 72 2.1. A Vocabulary of Path Properties . . . . . . . . . . . . . 5 73 2.2. Discovery, Distribution, and Trustworthiness of Path 74 Properties . . . . . . . . . . . . . . . . . . . . . . . 5 75 2.3. Supporting Path Selection . . . . . . . . . . . . . . . . 6 76 2.4. Interfaces for Path Awareness . . . . . . . . . . . . . . 6 77 2.5. Implications of Path Awareness for the Transport and 78 Application Layers . . . . . . . . . . . . . . . . . . . 7 79 2.6. What is an Endpoint? . . . . . . . . . . . . . . . . . . 7 80 2.7. Operating a Path Aware Network . . . . . . . . . . . . . 8 81 2.8. Deploying a Path Aware Network . . . . . . . . . . . . . 9 82 3. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 10 83 4. Informative References . . . . . . . . . . . . . . . . . . . 10 84 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 11 86 1. Introduction to Path-Aware Networking 88 In the current Internet architecture, the network layer provides an 89 unverifiable, best-effort service to the endpoints using it. While 90 there are technologies that attempt better-than-best-effort delivery, 91 the interfaces to these are generally administrative as opposed to 92 endpoint-exposed (e.g. Path Computation Element (PCE) [RFC4655] and 93 Software-Defined Wide Area Network (SD-WAN) approaches), and they are 94 often restricted to single administrative domains. In this 95 environment, an application can assume that a packet with a given 96 destination address will eventually be forwarded toward that 97 destination, but little else. 99 A transport layer protocol such as TCP can provide reliability over 100 this best-effort service, and a protocol above the network layer such 101 as IPsec Authentication Header (AH) [RFC4302] or Transport Layer 102 Security (TLS) [RFC8446] can authenticate the remote endpoint. 103 However, little, if any, explicit information about the path is 104 available to the endpoint, and assumptions about that path often do 105 not hold, sometimes with serious impacts on the application, as in 106 the case with BGP hijacking attacks. 108 By contrast, in a path-aware internetworking architecture, endpoints 109 have the ability to select or influence the path through the network 110 used by any given packet or flow. The network and transport layers 111 explicitly expose information about the path or paths available from 112 one endpoint to another, and to those endpoints and the applications 113 running on them, so that they can make this selection. The 114 Application Layer Traffic Optimization (ALTO) protocol [RFC7285] can 115 be seen as an example of a path-awareness approach implemented in 116 transport-layer terms on the present Internet protocol stack. 118 Path selection provides explicit visibility and control of network 119 treatment to applications and users of the network. This selection 120 is available to the application, transport, and/or network layer 121 entities at each endpoint. Path control at the flow and subflow 122 level enables the design of new transport protocols that can leverage 123 multipath connectivity across disjoint paths through the Internet, 124 even over a single physical interface. When exposed to applications, 125 or to end-users through a system configuration interface, path 126 control allows the specification of constraints on the paths that 127 traffic should traverse, for instance to confound passive 128 surveillance in the network core [RFC7624]. 130 We note that this property of "path awareness" already exists in many 131 Internet-connected networks within single domains. Indeed, much of 132 the practice of network engineering using encapsulation at layer 3 133 can be said to be "path aware", in that it explicitly assigns traffic 134 at tunnel endpoints to a given path within the network. Path-aware 135 internetworking seeks to extend this awareness across domain 136 boundaries without resorting to overlays, except as a transition 137 technology. 139 This document presents a snapshot of open questions in this space 140 that will need to be answered in order to realize a path-aware 141 internetworking architecture; it is published to further frame 142 discussions within and outside the Path Aware Networking Research 143 Group, and is published with the rough consensus of that group. 145 1.1. Definition 147 For purposes of this document, "path aware networking" describes 148 endpoint discovery of the properties of paths they use for 149 communication across an internetwork, and endpoint reaction to these 150 properties that affects routing and/or data transfer. Note that this 151 can and already does happen to some extent in the current Internet 152 architecture; this definition expands current techniques of path 153 discovery and manipulation to cross administrative domain boundaries 154 and up to the transport and application layers at the endpoints. 156 Expanding on this definition, a "path aware internetwork" is one in 157 which endpoint discovery of path properties and endpoint selection of 158 paths used by traffic exchanged by the endpoint are explicitly 159 supported, regardless of the specific design of the protocol features 160 which enable this discovery and selection. 162 A "path", for the purposes of these definitions, is abstractly 163 defined as a sequence of adjacent path elements over which a packet 164 can be transmitted, where the definition of "path element" is 165 technology-dependent. As this document is intended to pose questions 166 rather than answer them, it assumes that this definition will be 167 refined as part of the answer the first two questions it poses, about 168 the vocabulary of path properties and how they are disseminated. 170 Research into path aware networking covers any and all aspects of 171 designing, building, and operating path aware internetworks or the 172 networks and endpoints attached to them. This document presents a 173 collection of research questions to address in order to make a path 174 aware Internet a reality. 176 2. Questions 178 Realizing path-aware networking requires answers to a set of open 179 research questions. This document poses these questions, as a 180 starting point for discussions about how to realize path awareness in 181 the Internet, and to direct future research efforts within the Path 182 Aware Networking Research Group. 184 2.1. A Vocabulary of Path Properties 186 The first question: how are paths and path properties defined and 187 represented? 189 In order for information about paths to be exposed to an endpoint, 190 and for the endpoint to make use of that information, it is necessary 191 to define a common vocabulary for paths through an internetwork, and 192 properties of those paths. The elements of this vocabulary could 193 include terminology for components of a path and properties defined 194 for these components, for the entire path, or for subpaths of a path. 195 These properties may be relatively static, such as the presence of a 196 given node or service function on the path; as well as relatively 197 dynamic, such as the current values of metrics such as loss and 198 latency. 200 This vocabulary must be defined carefully, as its design will have 201 impacts on the expressiveness of a given path-aware internetworking 202 architecture. This expressiveness also exhibits tradeoffs. For 203 example, a system that exposes node-level information for the 204 topology through each network would maximize information about the 205 individual components of the path at the endpoints, at the expense of 206 making internal network topology universally public, which may be in 207 conflict with the business goals of each network's operator. 208 Furthermore, properties related to individual components of the path 209 may change frequently and may quickly become outdated. However, 210 aggregating the properties of individual components to distill end- 211 to-end properties for the entire path is not trivial. 213 2.2. Discovery, Distribution, and Trustworthiness of Path Properties 215 The second question: how do endpoints and applications get access to 216 accurate, useful, and trustworthy path properties? 218 Once endpoints and networks have a shared vocabulary for expressing 219 path properties, the network must have some method for distributing 220 those path properties to the endpoint. Regardless of how path 221 property information is distributed to the endpoints, the endpoints 222 require a method to authenticate the properties -- to determine that 223 they originated from and pertain to the path that they purport to. 225 Choices in distribution and authentication methods will have impacts 226 on the scalability of a path-aware architecture. Possible dimensions 227 in the space of distribution methods include in-band versus out-of- 228 band, push versus pull versus publish-subscribe, and so on. There 229 are temporal issues with path property dissemination as well, 230 especially with dynamic properties, since the measurement or 231 elicitation of dynamic properties may be outdated by the time that 232 information is available at the endpoints, and interactions between 233 the measurement and dissemination delay may exhibit pathological 234 behavior for unlucky points in the parameter space. 236 2.3. Supporting Path Selection 238 The third question: how can endpoints select paths to use for traffic 239 in a way that can be trusted by the network, the endpoints, and the 240 applications using them? 242 Access to trustworthy path properties is only half of the challenge 243 in establishing a path-aware architecture. Endpoints must be able to 244 use this information in order to select paths for specific traffic 245 they send. As with the dissemination of path properties, choices 246 made in path selection methods will also have an impact on the 247 tradeoff between scalability and expressiveness of a path-aware 248 architecture. One key choice here is between in-band and out-of-band 249 control of path selection. Another is granularity of path selection 250 (whether per packet, per flow, or per larger aggregate), which also 251 has a large impact on the scalabilty/expressiveness tradeoff. Path 252 selection must, like path property information, be trustworthy, such 253 that the result of a path selection at an endpoint is predictable. 254 Moreover, any path selection mechanism should aim to provide an 255 outcome that is not worse than using a single path, or selecting 256 paths at random. 258 Path selection may be exposed in terms of the properties of the path 259 or the identity of elements of the path. In the latter case, a path 260 may be identified at any of multiple layers (e.g. routing domain 261 identifier, network layer address, higher-layer identifier or name, 262 and so on). In this case, care must be taken to present semantically 263 useful information to those making decisions about which path(s) to 264 trust. 266 2.4. Interfaces for Path Awareness 268 The fourth question: how can interfaces among the network, transport, 269 and application layers support the use of path awareness? 271 In order for applications to make effective use of a path-aware 272 networking architecture, the control interfaces presented by the 273 network and transport layers must also expose path properties to the 274 application in a useful way, and provide a useful set of paths among 275 which the application can select. Path selection must be possible 276 based not only on the preferences and policies of the application 277 developer, but of end-users as well. Also, the path selection 278 interfaces presented to applications and end users will need to 279 support multiple levels of granularity. Most applications' 280 requirements can be satisfied with the expression of path selection 281 policies in terms of properties of the paths, while some applications 282 may need finer-grained, per-path control. These interfaces will need 283 to support incremental development and deployment of applications, 284 and provide sensible defaults, to avoid hindering their adoption. 286 2.5. Implications of Path Awareness for the Transport and Application 287 Layers 289 The fifth question: how should transport-layer and higher layer 290 protocols be redesigned to work most effectively over a path-aware 291 networking layer? 293 In the current Internet, the basic assumption that at a given time 294 all traffic for a given flow will receive the same network treatment 295 and traverse the same path or equivalend paths often holds. In a 296 path aware network, this assumption is more easily violated. The 297 weakening of this assumption has implications for the design of 298 protocols above any path-aware network layer. 300 For example, one advantage of multipath communication is that a given 301 end-to-end flow can be "sprayed" along multiple paths in order to 302 confound attempts to collect data or metadata from those flows for 303 pervasive surveillance purposes [RFC7624]. However, the benefits of 304 this approach are reduced if the upper-layer protocols use linkable 305 identifiers on packets belonging to the same flow across different 306 paths. Clients may mitigate linkability by opting to not re-use 307 cleartext connection identifiers, such as TLS session IDs or tickets, 308 on separate paths. The privacy-conscious strategies required for 309 effective privacy in a path-aware Internet are only possible if 310 higher-layer protocols such as TLS permit clients to obtain 311 unlinkable identifiers. 313 2.6. What is an Endpoint? 315 The sixth question: how is path awareness (in terms of vocabulary and 316 interfaces) different when applied to tunnel and overlay endpoints? 317 The vision of path-aware networking articulated so far makes an 318 assumption that path properties will be disseminated to endpoints on 319 which applications are running (terminals with user agents, servers, 320 and so on). However, incremental deployment may require that a path- 321 aware network "core" be used to interconnect islands of legacy 322 protocol networks. In these cases, it is the gateways, not the 323 application endpoints, that receive path properties and make path 324 selections for that traffic. The interfaces provided by this gateway 325 are necessarily different than those a path-aware networking layer 326 provides to its transport and application layers, and the path 327 property information the gateway needs and makes available over those 328 interfaces may also be different. 330 2.7. Operating a Path Aware Network 332 The seventh question: how can a path aware network in a path aware 333 internetwork be effectively operated, given control inputs from 334 network administrators, application designers, and end users? 336 The network operations model in the current Internet architecture 337 assumes that traffic flows are controlled by the decisions and 338 policies made by network operators, as expressed in interdomain and 339 intradomain routing protocols. In a network providing path selection 340 to the endpoints, however, this assumption no longer holds, as 341 endpoints may react to path properties by selecting alternate paths. 342 Competing control inputs from path-aware endpoints and the routing 343 control plane may lead to more difficult traffic engineering or 344 nonconvergent forwarding, especially if the endpoints' and operators' 345 notion of the "best" path for given traffic diverges significantly. 346 The degree of difficulty may depend on the fidelity of information 347 made available to path selection algorithms at the endpoints. 348 Explicit path selection can also specify outbound paths, while BGP 349 policies are expressed in terms of inbound traffic. 351 A concept for path aware network operations will need to have clear 352 methods for the resolution of apparent (if not actual) conflicts of 353 intent between the network's operator and the path selection at an 354 endpoint. It will also need set of safety principles to ensure that 355 increasing path control does not lead to decreasing connectivity; one 356 such safety principle could be "the existence of at least one path 357 between two endpoints guarantees the selection of at least one path 358 between those endpoints." 360 2.8. Deploying a Path Aware Network 362 The eighth question: how can the incentives of network operators and 363 end-users be aligned to realize the vision of path aware networking, 364 and how can the transition from current ("path-oblivious") to path- 365 aware networking be managed? 367 The vision presented in the introduction discusses path aware 368 networking from the point of view of the benefits accruing at the 369 endpoints, to designers of transport protocols and applications as 370 well as to the end users of those applications. However, this vision 371 requires action not only at the endpoints but also within the 372 interconnected networks offering path aware connectivity. While the 373 specific actions required are a matter of the design and 374 implementation of a specific realization of a path aware protocol 375 stack, it is clear than any path aware architecture will require 376 network operators to give up some control of their networks over to 377 endpoint-driven control inputs. 379 Here the question of apparent versus actual conflicts of intent 380 arises again: certain network operations requirements may appear 381 essential, but are merely accidents of the interfaces provided by 382 current routing and management protocols. For example, related (but 383 adjacent) to path aware networking, the widespread use of the TCP 384 wire image [RFC8546] in network monitoring for DDoS prevention 385 appears in conflict with the deployment of encrypted transports, only 386 because path signaling [RFC8558] has been implicit in the deployment 387 of past transport protocols. 389 Similarly, incentives for deployment must show how existing network 390 operations requirements are met through new path selection and 391 property dissemination mechanisms. 393 The incentives for network operators and equipment vendors need to be 394 made clear, in terms of a plan to transition [RFC8170] an 395 internetwork to path-aware operation, one network and facility at a 396 time. This plan to transition must also take into account that the 397 dynamics of path aware networking early in this transition (when few 398 endpoints and flows in the Internet use path selection) may be 399 different than those later in the transition. 401 Aspects of data security and information management in a network that 402 explicitly radiates more information about the network's deployment 403 and configuration, and implicitly radiates information about endpoint 404 configuration and preference through path selection, must also be 405 addressed. 407 3. Acknowledgments 409 Many thanks to Adrian Perrig, Jean-Pierre Smith, Mirja Kuehlewind, 410 Olivier Bonaventure, Martin Thomson, Shwetha Bhandari, Chris Wood, 411 Lee Howard, Mohamed Boucadair, Thorben Krueger, Gorry Fairhurst, 412 Spencer Dawkins, Theresa Enghardt, Laurent Ciavaglia, and Stephen 413 Farrell, for discussions leading to questions in this document, and 414 for feedback on the document itself. 416 This work is partially supported by the European Commission under 417 Horizon 2020 grant agreement no. 688421 Measurement and Architecture 418 for a Middleboxed Internet (MAMI), and by the Swiss State Secretariat 419 for Education, Research, and Innovation under contract no. 15.0268. 420 This support does not imply endorsement. 422 4. Informative References 424 [RFC4302] Kent, S., "IP Authentication Header", RFC 4302, 425 DOI 10.17487/RFC4302, December 2005, 426 . 428 [RFC4655] Farrel, A., Vasseur, J.-P., and J. Ash, "A Path 429 Computation Element (PCE)-Based Architecture", RFC 4655, 430 DOI 10.17487/RFC4655, August 2006, 431 . 433 [RFC7285] Alimi, R., Ed., Penno, R., Ed., Yang, Y., Ed., Kiesel, S., 434 Previdi, S., Roome, W., Shalunov, S., and R. Woundy, 435 "Application-Layer Traffic Optimization (ALTO) Protocol", 436 RFC 7285, DOI 10.17487/RFC7285, September 2014, 437 . 439 [RFC7624] Barnes, R., Schneier, B., Jennings, C., Hardie, T., 440 Trammell, B., Huitema, C., and D. Borkmann, 441 "Confidentiality in the Face of Pervasive Surveillance: A 442 Threat Model and Problem Statement", RFC 7624, 443 DOI 10.17487/RFC7624, August 2015, 444 . 446 [RFC8170] Thaler, D., Ed., "Planning for Protocol Adoption and 447 Subsequent Transitions", RFC 8170, DOI 10.17487/RFC8170, 448 May 2017, . 450 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 451 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 452 . 454 [RFC8546] Trammell, B. and M. Kuehlewind, "The Wire Image of a 455 Network Protocol", RFC 8546, DOI 10.17487/RFC8546, April 456 2019, . 458 [RFC8558] Hardie, T., Ed., "Transport Protocol Path Signals", 459 RFC 8558, DOI 10.17487/RFC8558, April 2019, 460 . 462 Author's Address 464 Brian Trammell 465 Google Switzerland GmbH 466 Gustav-Gull-Platz 1 467 CH- 8004 Zurich 468 Switzerland 470 Email: ietf@trammell.ch