Minutes IETF111: ippm
minutes-111-ippm-00
Meeting Minutes | IP Performance Measurement (ippm) WG | |
---|---|---|
Date and time | 2021-07-28 19:00 | |
Title | Minutes IETF111: ippm | |
State | Active | |
Other versions | markdown | |
Last updated | 2021-08-02 |
IPPM IETF 111
When Wednesday 28 July 2021, 12:00-14:00 UTC
Where: Meetecho
Chairs: Tommy Pauly & Ian Swett
Documents
IOAM Drafts
Frank:
- In-Situ OAM Deployment
- In IESG review.
- Document started in OPSAWG
- IPPM is the natural place to progress the work
Tommy:
- Any opinions?
Martin:
- Fine with coming into IPPM
Tommy:
- The WG will kick off the adoption call
TAL:
- In-situ OAM Flags
- In-situ OAM Direct Exporting
- Various attacks described by Martin
- Revised drafts
- One iteration on DEX drafts
- Main changes: IOAM encapsulation nodes in order to mitigate these attacks
- Avoid nesting of direct exporting
- Exporting applied to trusted nodes.
Please follow the slides for checking the main changes
TAL:
- Main changes are related to security
- Otherwise the draft is stable
- This was for the flag draft
- Moving onto In-situ OAM Direct Exporting
- Advise from WG chairs?
- Issue 1: Whether to have an explicit hop count in DEX option?
- Issue 2: Different DEX option field length?
Please follow the slide 9 for this
TAL:
- Resolve the above two issues and apply them to the draft.
Martin:
- The draft is going in the correct direction. As a NiT: the situations were cases that could happen, and might be exploited, rather than security problems.To
TAL:
- Any comments?
Frank:
- Integrity of In-situ OAM Data Fields
- Proposing new IOAM options which are integrity protected
- Overhead consideration due to integrity protection.
Please follow slide number 12
Frank:
- (Shows a table)
- Next slide
- Multiple ways to go on HASH and sign.
- The method we have adopted is to have a suite of Hash and sign for flexibility.
- Requires Nonce and Signature.
- Next slide
- The Integrity sub-header will follow the IOAM Option header when the IOAM Option Type is Integrity Protected Option.
- Next Slide
- People think there should be integrity for IOAM data.
- We'll have an extension option much like DEX.
- Hope for a WG Adoption call in future.
- Any comments?
Tommy:
- At some time, we might want to do a secdir review?
- How much implementation is done so far?
Frank:
- From our perspective, it's difficult.
- There is no current implementation.
Justin:
- IOAM in the Linux from 2-3 years.
- Next release will be in 5-6 weeks
Tommy:
- Timeline on the implementation?
Justin:
- Going step-by-step as it's a huge part.
Frank:
- (To Tommy) Opinion on adoption?
Tommy:
- We kick-off deployment and integrity drafts from next week.
Frank:
- We might want to move from Informational status to standards Track.
STAMP YANG Draft
Greg Mirsky
- Session identifier is unique to STAMP session sender
- Symmetric packet of fixed size - RFC 8762
- Ability to generate variable length - RFC 8972
- next slide
- Snapsnot of the YANG data model
- This explains what the session ID is.
- The STAMP session identifier is unique locally
Check the slide 3 for more information
- Specification defines fixed size packets
- Should the STAMP YANG model include the extra padding TLV?
- Other STAMP extensions defined in RFC 8972?
- Open questions to all.
- Should be include the other extensions in the base YANG model or have it as separate modules?
- Default no padding and option to define extra padding TLV.
- The quesiton to the WG: How the TLVs to reflect in the STAMP YANG model?
Rakesh:
- YANG model should have it optional extensions, similar to RFC 8972.
Greg:
- That makes sense.
Richard:
- Agrees with Rakesh and Greg.
- RFC 8762 allowed padding outside the TLV
Greg:
- RFC 8762 does not define how you do padding.
- RFC 8972 - Not only extra padding but combine with other TLV.
- Let's discuss this on the mailing list.
- Next steps are continue working and WGLC by IETF 112.
STAMP SRPM Draft
Rakesh:
- Updates in revision 00 and 01.
- next slide
- Revision 00 is newly adopted by IPPM WG
- Updated the security secitons
- introdued the new error flag D
Check the slide number 3 for the revision 00 updates
- Update to the security section
- Add stamp TLV flag
- Minor editorial changes
Check the slide number 4 for revision 01 updates
- next slide
- Informational or Standards Track discussion on in WG on STAMP?
- next slide
- Any questions?
IOAM CONF STATE
Xiao:
- Presented 08 in IETF 110
- Now draft-10
- Summary of updates from 08 - 10
- BIER added into the scope of this ddraft
- Define Ping and traceroute for BIER
- Will add SR as suggested during adoption poll
- Separate Pre-alloacte Tracing and Incremental
Check slide 2 for the details
- Two more discussion points (based on adoption poll)
Check slide 3 for the details
- Submit new drafts on specfic extensions and considerations to Pings
- next slide
- Next steps is to imrove it, more review and comments.
Frank:
- How will this combine with the IOAM YANG?
Xiao:
- If the controller has has no information about all the IOAM devices (on the path)
Frank:
- It would be nice to have a data model to synchronize with the IOAM YANG
Xiao:
- We'll consider it.
Cheng:
- Did you address the security issues?
Xiao:
- We have to update the draft on the comments from you and others
- We have already addressed it.
Explicit Flow measurements
Mauro:
- New techniques to employ few marking bits, inside the header of each packet, for loss and delay measurement
- Some inplementations are present.
Check the slide 3 for the IETF Hackathon and implementations
- There are two draft updates.
- Q-bit and R-bit improved burst loss resiliency.
- New option in the D-bit implementation.
- next slide
- (Slide on Delay bit)
Check the slide 5 for "D-bit" or Delay bit working
- next slide in "The Hidden Delay bit (Hidden RTT) variation (D^-bit)".
Check the slide 6 for it
- next slide
- (It's a slide on AD: Additional Delay for Hidden D-bit version)
Check the slide 7
- 2 direction Observer: right RTT
- 2-point measure ment: intra-domain RTT
Check the slide 8 for images and details
- next slide on "Delay Bits" Summary.
-
next slide on "Loss Bits" Summary.
-
Next steps: gaining interest for encrypted transport protocols
- WG adoption requested
- Welcome questions and comments
Martin:
- Some recommended choice will be helpful
Mauro:
- Spin bit - Depends on the privacy problems.
Hybrid Two step
Greg:
- update for max length field, flow identification (for environments like SSH and IOAM)
- Added mode for upstreaming (discussion with Pascal)
- next slide
- HTS mac length as unsigned 32 bits.
- Thoughts and comments?
- next slide
- Upstreaming HTS image (Slide 4)
- Studies on IOAM in constrained environments
- Packet go from Ingress node to Egress node
- Make the ingress node experience how the packets were treated by the network.
- Ingress node can consume the data locally and use it for analytics later
- Probably discuss on the mailing list
- Discussion with Frank, what characteristic information can be used by HTS
- Different environments defined in separate documents
Check the slide 5
- next slide
- Next steps for comments, suggestions and questions
- Ask for WG adoption.
Capacity Metric Protocol
Al:
- What security features are needed?
- How should it operate in different modes?
- next slide
- Ephemeral port used in the future
Please check the slide 3.
- New security modes.
- There are 6 modes.
Check the slide 3 for the modes
- Feedback on these modes?
- What's the bullet-proof posible security for IESG review?
- Any comments?
- From the chat:
- Martin Duke there is no silver bullet to pass security but early SECDIR review is your best bet
- Al Morton Would we need to adopt the draft to get an early SECDIR review?
- Martin Duke I don't know if that's a rule, but it is less likely to waste the reviewer's time. I suspect the security specifics are not going to affect our adoption call, so why not adopt and then request?
- Al Morton Right, we all just want a solution that passes muster. I hope we can generate enough discussion to warrant adoption!!! FYI- the feedback messages would be a fork-lift upgrade for any of our existing protocols... and there's history about the OWAMP and TWAMP security...
Link Aggregation Group (LAG)
- Slide 3 : Motivation
- next slide
- No changes to STAMP base test packet
- next slide
- Example: STAMP Micro Session
Rakesh:
- Instead of micro session, why not create a STAMP session?
Greg:
- It simplifies configuration and similar to BFD.
Enhanced Alternate Marking Method
Guiseppe:
- Specifies HBH or DH option for IPv6, developed in 6man (now in WGLC).
- Comments or questions to the list.
EPDMv2
Nalini:
- PDM can be used for DoS attack and timing attacks
- PDMv2 consists of registration phase and data transfer.
- Registration: Shared secret is exchanged
- Occasional KDF
- next slide
- PDMv2 Senariao and Secured paths: It's a solution for enterprises
- Enterprises
- HPKE in PDMv2: Registration phase, online phase, KDF, Pseudo-random repeating sequence, AEAD
- Questions??