Current Open Questions in Path-Aware Networking
RFC 9217
| Document | Type | RFC - Informational (March 2022) | |
|---|---|---|---|
| Author | Brian Trammell | ||
| Last updated | 2022-03-16 | ||
| RFC stream | Internet Research Task Force (IRTF) | ||
| Formats | |||
| Additional resources | Mailing list discussion | ||
| IESG | Responsible AD | (None) | |
| Send notices to | (None) |
RFC 9217
#x27;s operator. Furthermore, properties related to
individual components of the path may change frequently and may
quickly become outdated. However, aggregating the properties of
individual components to distill end-to-end properties for the entire
path is not trivial.
2.2. Discovery, Distribution, and Trustworthiness of Path Properties
The second question: how do endpoints and applications get access to
accurate, useful, and trustworthy path properties?
Once endpoints and networks have a shared vocabulary for expressing
path properties, the network must have some method for distributing
those path properties to the endpoints. Regardless of how path
property information is distributed, the endpoints require a method
to authenticate the properties in order to determine that they
originated from and pertain to the path that they purport to.
Choices in distribution and authentication methods will have impacts
on the scalability of a path-aware architecture. Possible dimensions
in the space of distribution methods include in band versus out of
band, push versus pull versus publish subscribe, and so on. There
are temporal issues with path property dissemination as well,
especially with dynamic properties, since the measurement or
elicitation of dynamic properties may be outdated by the time that
information is available at the endpoints, and interactions between
the measurement and dissemination delay may exhibit pathological
behavior for unlucky points in the parameter space.
2.3. Supporting Path Selection
The third question: how can endpoints select paths to use for traffic
in a way that can be trusted by the network, the endpoints, and the
applications using them?
Access to trustworthy path properties is only half of the challenge
in establishing a path-aware architecture. Endpoints must be able to
use this information in order to select paths for specific traffic
they send. As with the dissemination of path properties, choices
made in path-selection methods will also have an impact on the trade-
off between scalability and expressiveness of a path-aware
architecture. One key choice here is between in-band and out-of-band
control of path selection. Another is granularity of path selection
(whether per packet, per flow, or per larger aggregate), which also
has a large impact on the scalability/expressiveness trade-off. Path
selection must, like path property information, be trustworthy, such
that the result of a path selection at an endpoint is predictable.
Moreover, any path-selection mechanism should aim to provide an
outcome that is not worse than using a single path or selecting paths
at random.
Path selection may be exposed in terms of the properties of the path
or the identity of elements of the path. In the latter case, a path
may be identified at any of multiple layers (e.g., routing domain
identifier, network-layer address, higher-layer identifier or name,
and so on). In this case, care must be taken to present semantically
useful information to those making decisions about which path(s) to
trust.
2.4. Interfaces for Path Awareness
The fourth question: how can interfaces among the network, transport,
and application layers support the use of path awareness?
In order for applications to make effective use of a path-aware
networking architecture, the control interfaces presented by the
network and transport layers must also expose path properties to the
application in a useful way, and provide a useful set of paths among
which the application can select. Path selection must be possible
based not only on the preferences and policies of the application
developer, but of end users as well. Also, the path-selection
interfaces presented to applications and end users will need to
support multiple levels of granularity. Most applications'
requirements can be satisfied with the expression of path-selection
policies in terms of properties of the paths, while some applications
may need finer-grained, per-path control. These interfaces will need
to support incremental development and deployment of applications,
and provide sensible defaults, to avoid hindering their adoption.
2.5. Implications of Path Awareness for the Transport and Application
Layers
The fifth question: how should transport-layer and higher-layer
protocols be redesigned to work most effectively over a path-aware
networking layer?
In the current Internet, the basic assumption that at a given time
all traffic for a given flow will receive the same network treatment
and traverse the same path or equivalent paths often holds. In a
path-aware network, this assumption is more easily violated. The
weakening of this assumption has implications for the design of
protocols above any path-aware network layer.
For example, one advantage of multipath communication is that a given
end-to-end flow can be "sprayed" along multiple paths in order to
confound attempts to collect data or metadata from those flows for
pervasive surveillance purposes [RFC7624]. However, the benefits of
this approach are reduced if the upper-layer protocols use linkable
identifiers on packets belonging to the same flow across different
paths. Clients may mitigate linkability by opting to not reuse
cleartext connection identifiers, such as TLS session IDs or tickets,
on separate paths. The privacy-conscious strategies required for
effective privacy in a path-aware Internet are only possible if
higher-layer protocols such as TLS permit clients to obtain
unlinkable identifiers.
2.6. What is an Endpoint?
The sixth question: how is path awareness (in terms of vocabulary and
interfaces) different when applied to tunnel and overlay endpoints?
The vision of path-aware networking articulated so far makes an
assumption that path properties will be disseminated to endpoints on
which applications are running (terminals with user agents, servers,
and so on). However, incremental deployment may require that a path-
aware network "core" be used to interconnect islands of legacy
protocol networks. In these cases, it is the gateways, not the
application endpoints, that receive path properties and make path
selections for that traffic. The interfaces provided by this gateway
are necessarily different than those a path-aware networking layer
provides to its transport and application layers, and the path
property information the gateway needs and makes available over those
interfaces may also be different.
2.7. Operating a Path-Aware Network
The seventh question: how can a path-aware network in a path-aware
internetwork be effectively operated, given control inputs from
network administrators, application designers, and end users?
The network operations model in the current Internet architecture
assumes that traffic flows are controlled by the decisions and
policies made by network operators as expressed in interdomain and
intradomain routing protocols. In a network providing path selection
to the endpoints, however, this assumption no longer holds, as
endpoints may react to path properties by selecting alternate paths.
Competing control inputs from path-aware endpoints and the routing
control plane may lead to more difficult traffic engineering or non-
convergent forwarding, especially if the endpoints' and operators'
notion of the "best" path for given traffic diverges significantly.
The degree of difficulty may depend on the fidelity of information
made available to path-selection algorithms at the endpoints.
Explicit path selection can also specify outbound paths, while BGP
policies are expressed in terms of inbound traffic.
A concept for path-aware network operations will need to have clear
methods for the resolution of apparent (if not actual) conflicts of
intent between the network's operator and the path selection at an
endpoint. It will also need a set of safety principles to ensure
that increasing path control does not lead to decreasing
connectivity; one such safety principle could be "the existence of at
least one path between two endpoints guarantees the selection of at
least one path between those endpoints."
2.8. Deploying a Path-Aware Network
The eighth question: how can the incentives of network operators and
end users be aligned to realize the vision of path-aware networking,
and how can the transition from current ("path-oblivious") to path-
aware networking be managed?
The vision presented in the introduction discusses path-aware
networking from the point of view of the benefits accruing at the
endpoints, to designers of transport protocols and applications as
well as to the end users of those applications. However, this vision
requires action not only at the endpoints but also within the
interconnected networks offering path-aware connectivity. While the
specific actions required are a matter of the design and
implementation of a specific realization of a path-aware protocol
stack, it is clear that any path-aware architecture will require
network operators to give up some control of their networks over to
endpoint-driven control inputs.
Here, the question of apparent versus actual conflicts of intent
arises again: certain network operation requirements may appear
essential but are merely accidents of the interfaces provided by
current routing and management protocols. For example, related (but
adjacent) to path-aware networking, the widespread use of the TCP
wire image [RFC8546] in network monitoring for DDoS prevention
appears in conflict with the deployment of encrypted transports, only
because path signaling [RFC8558] has been implicit in the deployment
of past transport protocols.
Similarly, incentives for deployment must show how existing network
operation requirements are met through new path selection and
property dissemination mechanisms.
The incentives for network operators and equipment vendors need to be
made clear, in terms of a plan to transition [RFC8170] an
internetwork to path-aware operation, one network and facility at a
time. This plan to transition must also take into account that the
dynamics of path-aware networking early in this transition (when few
endpoints and flows in the Internet use path selection) may be
different than those later in the transition.
Aspects of data security and information management in a network that
explicitly radiates more information about the network's deployment
and configuration, and implicitly radiates information about endpoint
configuration and preference through path selection, must also be
addressed.
3. IANA Considerations
This document has no IANA actions.
4. Security and Privacy Considerations
This document poses questions about path-aware internetworking; the
answers are a matter for future research, and security considerations
for those answers would be included in the corresponding RFCs that
describe them. While each of these questions is to a lesser or
greater degree relevant to the security and privacy of users of a
path-aware network, questions of discovery and trustworthiness
(Section 2.2) are most security-relevant.
5. Informative References
[MEF70] MEF, "SD-WAN Service Attributes and Services", MEF
Standard, MEF 70, July 2019, <https://www.mef.net/wp-
content/uploads/2019/07/MEF-70.pdf>.
[RFC4655] Farrel, A., Vasseur, J.-P., and J. Ash, "A Path
Computation Element (PCE)-Based Architecture", RFC 4655,
DOI 10.17487/RFC4655, August 2006,
<https://www.rfc-editor.org/info/rfc4655>.
[RFC7285] Alimi, R., Ed., Penno, R., Ed., Yang, Y., Ed., Kiesel, S.,
Previdi, S., Roome, W., Shalunov, S., and R. Woundy,
"Application-Layer Traffic Optimization (ALTO) Protocol",
RFC 7285, DOI 10.17487/RFC7285, September 2014,
<https://www.rfc-editor.org/info/rfc7285>.
[RFC7624] Barnes, R., Schneier, B., Jennings, C., Hardie, T.,
Trammell, B., Huitema, C., and D. Borkmann,
"Confidentiality in the Face of Pervasive Surveillance: A
Threat Model and Problem Statement", RFC 7624,
DOI 10.17487/RFC7624, August 2015,
<https://www.rfc-editor.org/info/rfc7624>.
[RFC8170] Thaler, D., Ed., "Planning for Protocol Adoption and
Subsequent Transitions", RFC 8170, DOI 10.17487/RFC8170,
May 2017, <https://www.rfc-editor.org/info/rfc8170>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>.
[RFC8546] Trammell, B. and M. Kuehlewind, "The Wire Image of a
Network Protocol", RFC 8546, DOI 10.17487/RFC8546, April
2019, <https://www.rfc-editor.org/info/rfc8546>.
[RFC8558] Hardie, T., Ed., "Transport Protocol Path Signals",
RFC 8558, DOI 10.17487/RFC8558, April 2019,
<https://www.rfc-editor.org/info/rfc8558>.
Acknowledgments
Many thanks to Adrian Perrig, Jean-Pierre Smith, Mirja Kühlewind,
Olivier Bonaventure, Martin Thomson, Shwetha Bhandari, Chris Wood,
Lee Howard, Mohamed Boucadair, Thorben Krüger, Gorry Fairhurst,
Spencer Dawkins, Reese Enghardt, Laurent Ciavaglia, Stephen Farrell,
and Richard Yang for discussions leading to questions in this
document and for feedback on the document itself.
This work is partially supported by the European Commission under
Horizon 2020 grant agreement no. 688421 Measurement and Architecture
for a Middleboxed Internet (MAMI) and by the Swiss State Secretariat
for Education, Research, and Innovation under contract no. 15.0268.
This support does not imply endorsement.
Author's Address
Brian Trammell
Google Switzerland GmbH
Gustav-Gull-Platz 1
CH-8004 Zurich
Switzerland
Email: ietf@trammell.ch