panrg - Thursday, July 28, 2022

panrg

panrg@jabber.ietf.org

Thursday, July 28, 2022< ^ >

cabo has set the subject to: https://notes.ietf.org/notes-ietf-113-panrg

Room Configuration

Room Occupants

GMT+0
[17:37:06] <zulipbot> (Brian Trammell) meetecho: could we get the camera on the speaker? thanks!
[17:39:57] <zulipbot> (Erik Kline) are the existing deployments amenable to taking on any changes that standardisation might create?
[17:41:41] <zulipbot> (Brian Trammell) that's a very good question. could you bring it to the mic at discussion time? (I can also do so)
[17:41:56] <zulipbot> (Juan de los Galanes) ISPs are actually asking to start the standardization process. We believe they will be happy to use standard components when/if they are ready
[17:43:27] <zulipbot> (Erik Kline) 👍
[17:43:53] <zulipbot> (Juan de los Galanes) in the meantime, trying to answer: the ISPs (or most of them) have already asked about a possible standard. We believe they would be happy to use standard pieces
[17:52:18] <zulipbot> (Erik Kline) is there a "life of a packet" or "life of a socket" kind of summary somewhere?
[17:52:44] <zulipbot> (Mohamed Boucadair) Would be cool to see how the required info is passed to the CP, which packet is generated by an app, a sample packet when the SCION enriched data is inserted, etc.
[17:53:23] <zulipbot> (Erik Kline) ☝️
[17:55:46] <zulipbot> (Juan de los Galanes) Erik: we have some tutorial applications coded in Go, to show how the sockets work. In essence, from the point of view of the end-point, this could be one simple trace of a "client" application:
1) get paths to destination
2) for each path it wants to use: open socket (or sockopts setpath), write payload
3) wait for ACK, check path of the ACK packets
4) depending on 3 change policy and go to 1.
5) repeat until done / forever
[17:57:05] <zulipbot> (Juan-Carlos Zúñiga) If Auth fails, is it advertised to others, or simply ignored?
[17:57:05] <zulipbot> (Erik Kline) thank you.  Is there a "common case optimization" for step 1&2 when the client doesn't care which path is used?
[17:57:18] <zulipbot> (Juan de los Galanes) Life of a packet, dataplane wise, is quite simple: the packet has the path encoded in the header. It is sent from the end-point to the first BR in the source AS, which forwards the packet.
Forwarding implies a set of steps: check crypto MACs, advance counter, send to egress
[17:58:36] <zulipbot> (Erik Kline) if the path is in every header, what is the effective MSS for payload bits?
[17:58:50] <zulipbot> (Juan de los Galanes) Erik: there is no "standard path" from src to dst. Do you think that would be a good addition?
[17:59:23] <zulipbot> (Juan de los Galanes) Erik: header is roughly 80 bytes longer than with a regular IPv4 packet
[17:59:49] <zulipbot> (Erik Kline) so there's a max path len, then
[18:01:16] <zulipbot> (Jordi Subirà Nieto) Juan-Carlos: router authenticate Hop Fields and in principle it discards packets for which HF auth fails,  try ingto reduce workload on routers
[18:01:55] <zulipbot> (Juan de los Galanes) Mohamed: the process is explained in more detail in the free book about SCION (year 2017), roughly:
1. CP has all the data about the paths stored in a "path server" as part of the AS infra
2. Endpoint asks the path server for paths to DST. Gets them. The paths consist of crypto MACs, amont other things.
3. Application uses the path to send data to DST
[18:02:53] <zulipbot> (Mohamed Boucadair) Thanks, on (2) does the source has to know that the destination is attached to a SCION-enabled domain?
[18:03:20] <zulipbot> (Mohamed Boucadair) what if it isn't?
[18:03:33] <zulipbot> (Antoine Fressancourt) What is the type of voting / consensus mechanism in use in the PKI ? Are you assuming the use of a Paxos / blockchain ?
[18:03:46] <zulipbot> (Juan de los Galanes) Mohamed: the paths that the application gets are tied inside the path server to some metadata, e.g. geographic positions of the BRs, etc. The path itself does not contain that. The metainformation is spread during the path construction process (path exploration) for receivers to store it in their path servers
[18:04:56] <zulipbot> (Juan-Carlos Zúñiga) @jordi: thanks. I was wondering if the multilateral voting process applies only to DOs, or also to DON'Ts
[18:04:56] <zulipbot> (Juan de los Galanes) Mohamed: the source can send traffic only to SCION ASes
[18:06:47] <zulipbot> (Jordi Subirà Nieto) Antoine: It isn't a consensus protocol as you would find in a blockchain. The TRC considers a voting quorum. Each AS in that quorum has one vote, the TRC needs +1 votes than the threshold
[18:07:00] <zulipbot> (Mohamed Boucadair) I assume some Dst Prefs/ASN mappings should be supplied somehow to to the source (or at least the BR)
[18:07:00] <zulipbot> (Juan de los Galanes) if the destination AS is SCION aware (has at least one SCION BR), the endhost can be SCION unaware (e.g. IPv6), and the AS could use a gateway (called SIG: this is what the banking industry is using at the moment in production)
[18:09:07] <zulipbot> (Juan de los Galanes) Mohamed: there is no prior mappings: the path exploration process learns who the neighbors are, then the neighbors of the neighbors (downstream), etc.
This process is not exactly what happens in reality, but the exploration process in the book covers it in more detail.
[18:09:33] <zulipbot> (Mohamed Boucadair) I understood that I have to buy the book ;-)
[18:09:46] <zulipbot> (Antoine Fressancourt) What is the trust model between ISDs ? How is the federation between trust zones organized ?
[18:09:59] <zulipbot> (Juan de los Galanes) Erik: there is indeed a max length for the path, but IIRC it's quite high (> 64 ASes)
[18:10:51] <zulipbot> (Jen Linkova) I think the book is free
[18:11:04] <zulipbot> (Juan de los Galanes) Mohamed: no need to buy the book. There is a free version
[18:11:30] <zulipbot> (Juan de los Galanes) https://scion-architecture.net/pages/publications/
[18:11:31] <zulipbot> (Jordi Subirà Nieto) Juan-Carlos: we consider two voting cases for the TRC (Trust-root config) for the ISD. The regulars one and the sensitive ones, the sensitive ones (less likely to be used) and some use-case would be removing some AS from the Core.
[18:11:44] <zulipbot> (Mohamed Boucadair) Thanks, @Juan for the pointer
[18:12:26] <zulipbot> (Erik Kline) Thanks Juan (for all the prompt answers!)
[18:13:57] <zulipbot> (Juan de los Galanes) Kazuaki: the CP PKI is tailor made for the properties we wanted at the data plane. We can definitely look at other models, and the properties that will emerge by using them instead
[18:15:11] <zulipbot> (Jordi Subirà Nieto) Antoine: ISDs have the choice to disseminate or not from remote ISDs, needed for AS within that ISD to verify remote information. So every ISD is to decide
[18:15:24] <zulipbot> (Juan-Carlos Zúñiga) Thanks for the answers Jordi
[18:17:44] <zulipbot> (Antoine Fressancourt) Don’t agree with « partial path control » for SR here
[18:19:16] <zulipbot> (Kazuaki Ueda) Thanks @Juan for the answer!
[18:20:50] <zulipbot> (Simon Leinen) As a current SCION ISP, what @Juan said reflects our thinking well. We'd like an open standard as a good basis for a sustainable multi-vendor ecosystem.
[18:26:52] <zulipbot> (Juan de los Galanes) Antoine: I think Nico is talking about end-to-end inter-domain path control, thus the "partial" (intra AS).
But please ask Nico directly, and we'll find out
[18:36:34] <zulipbot> (Erik Kline) documenting current practice can be done via Independent Stream?
[18:37:28] <zulipbot> (Mohamed Boucadair) What would be really good  is to exercise how scion addresses the PANRG questions.
[18:38:10] <zulipbot> (Mohamed Boucadair) Some hidden challenges should be documented (including operational aspects) that are usually hidden
[18:38:23] <zulipbot> (Mohamed Boucadair) I'm supportive of such kind of work
[18:38:36] <zulipbot> (Jeff Tantsura) To get it presented to routing audience, potentially we could do a RTGWG interim (not offering it yet, but presenting an option)
[18:39:55] <zulipbot> (Juan de los Galanes) Taking good note, thanks Mohamed and Jeff
[18:42:25] <zulipbot> (Juan de los Galanes) Brian: I totally agree. The standardization process in and of itself is going to help a lot (and will help us find problems we never thought of, etc)
[18:45:17] <zulipbot> (Colin Perkins) When is the London i-d deadline?
[18:45:30] <zulipbot> (Jen Linkova) I guess end of Oct..2 weeks before so ~~20th?
[18:45:57] <zulipbot> (Jen Linkova) (off top of my head)
[18:45:57] <zulipbot> (Mohamed Boucadair) One last comment: For LISP, I'm afraid that some assessments you shared in the slide may not be agreed on by LISP WG. You may consider socializing that comparison in the lisp WG or just reach out Dino (Farrinacci).
[18:50:06] <zulipbot> (Jordi Subirà Nieto) Mohamed: Thanks for sharing your thoughts, sure more discussion may be worth it. We'll keep that in mind, but I also may even envision using LISP over SCION, but that's a different topic.
[18:54:44] <zulipbot> (Brian Trammell) draft deadline would be 24 October. I'd want to run an interim the week of 10 October at the latest (so there's time to incorporate any feedback from that meeting into drafts for London)
[18:56:42] <zulipbot> (Nicola Rustignoli) @_**Mohamed Boucadair|413** [said](https://zulip.ietf.org/#narrow/stream/287-panrg/topic/jabber/near/30871):
```quote
One last comment: For LISP, I'm afraid that some assessments you shared in the slide may not be agreed on by LISP WG. You may consider socializing that comparison in the lisp WG or just reach out Dino (Farrinacci).
```
Thanks for pointing this out, I'd be happy to dig more into that and have a chat with the LISP folks
[19:00:56] <zulipbot> (Nicola Rustignoli) And thank you all for your feedback. We'll be digesting it and we'll ping you on the list as soon as we  manage to update the existing drafts
[19:14:07] <zulipbot> (Mohamed Boucadair) For the transport functionality review, you may start looking at the RFCs produced by the TAPS WG
[19:14:20] <zulipbot> (Mohamed Boucadair) I also suggest you look at https://datatracker.ietf.org/doc/draft-ietf-taps-arch/
[19:14:46] <zulipbot> (Jen Linkova) @Med: do you want to say it at the mic? Or shall I proxy?
[19:15:12] <zulipbot> (Mohamed Boucadair) no need to go to the mic for this. Thanks
[19:19:47] <zulipbot> (Juan de los Galanes) thanks everyone, have a good one
[19:23:28] <zulipbot> (Nicola Rustignoli) Thank you everyone!