1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
|
<pre>Internet Architecture Board (IAB) B. Trammell, Ed.
Request for Comments: 7663 M. Kuehlewind, Ed.
Category: Informational ETH Zurich
ISSN: 2070-1721 October 2015
<span class="h1">Report from the IAB Workshop</span>
<span class="h1">on Stack Evolution in a Middlebox Internet (SEMI)</span>
Abstract
The Internet Architecture Board (IAB) through its IP Stack Evolution
program, the Internet Society, and the Swiss Federal Institute of
Technology (ETH) Zurich hosted the Stack Evolution in a Middlebox
Internet (SEMI) workshop in Zurich on 26-27 January 2015 to explore
the ability to evolve the transport layer in the presence of
middlebox- and interface-related ossification of the stack. The goal
of the workshop was to produce architectural and engineering guidance
on future work to break the logjam, focusing on incrementally
deployable approaches with clear incentives to deployment both on the
endpoints (in new transport layers and applications) as well as on
middleboxes (run by network operators). This document summarizes the
contributions to the workshop and provides an overview of the
discussion at the workshop, as well as the outcomes and next steps
identified by the workshop. The views and positions documented in
this report are those of the workshop participants and do not
necessarily reflect IAB views and positions.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Architecture Board (IAB)
and represents information that the IAB has deemed valuable to
provide for permanent record. It represents the consensus of the
Internet Architecture Board (IAB). Documents approved for
publication by the IAB are not a candidate for any level of Internet
Standard; see <a href="./rfc5741#section-2">Section 2 of RFC 5741</a>.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
<a href="http://www.rfc-editor.org/info/rfc7663">http://www.rfc-editor.org/info/rfc7663</a>.
<span class="grey">Trammell & Kuehlewind Informational [Page 1]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-2" ></span>
<span class="grey"><a href="./rfc7663">RFC 7663</a> SEMI Workshop October 2015</span>
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to <a href="https://www.rfc-editor.org/bcp/bcp78">BCP 78</a> and the IETF Trust's Legal
Provisions Relating to IETF Documents
(<a href="http://trustee.ietf.org/license-info">http://trustee.ietf.org/license-info</a>) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Table of Contents
<a href="#section-1">1</a>. Introduction . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-3">3</a>
<a href="#section-1.1">1.1</a>. Organization of This Report . . . . . . . . . . . . . . . <a href="#page-4">4</a>
<a href="#section-2">2</a>. The Situation in Review . . . . . . . . . . . . . . . . . . . <a href="#page-4">4</a>
<a href="#section-3">3</a>. Incentives for Stack Ossification and Evolution . . . . . . . <a href="#page-5">5</a>
<a href="#section-4">4</a>. The Role and Rule of Middleboxes . . . . . . . . . . . . . . <a href="#page-6">6</a>
<a href="#section-5">5</a>. Evolving the Transport Layer . . . . . . . . . . . . . . . . <a href="#page-6">6</a>
<a href="#section-6">6</a>. Outcomes . . . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-7">7</a>
<a href="#section-6.1">6.1</a>. Minimal Signaling for Encapsulated Transports . . . . . . <a href="#page-7">7</a>
<a href="#section-6.2">6.2</a>. Middlebox Measurement . . . . . . . . . . . . . . . . . . <a href="#page-8">8</a>
<a href="#section-6.3">6.3</a>. Guidelines for Middlebox Design and Deployment . . . . . <a href="#page-9">9</a>
6.4. Architectural Guidelines for Transport Stack Evolution . 9
<a href="#section-6.5">6.5</a>. Additional Activities in the IETF and IAB . . . . . . . . <a href="#page-10">10</a>
<a href="#section-6.6">6.6</a>. Additional Activities in Other Venues . . . . . . . . . . <a href="#page-10">10</a>
<a href="#section-7">7</a>. Security Considerations . . . . . . . . . . . . . . . . . . . <a href="#page-10">10</a>
<a href="#section-8">8</a>. Informative References . . . . . . . . . . . . . . . . . . . <a href="#page-10">10</a>
<a href="#appendix-A">Appendix A</a>. Attendees . . . . . . . . . . . . . . . . . . . . . <a href="#page-13">13</a>
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-13">13</a>
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . <a href="#page-13">13</a>
<span class="grey">Trammell & Kuehlewind Informational [Page 2]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-3" ></span>
<span class="grey"><a href="./rfc7663">RFC 7663</a> SEMI Workshop October 2015</span>
<span class="h2"><a class="selflink" id="section-1" href="#section-1">1</a>. Introduction</span>
The transport layer of the Internet has become ossified, squeezed
between narrow interfaces (from BSD sockets to pseudo-transport over
HTTPS) and increasing in-network modification of traffic by
middleboxes that make assumptions about the protocols running through
them. This ossification makes it difficult to innovate in the
transport layer, through the deployment of new protocols or the
extension of existing ones. At the same time, emerging applications
require functionality that existing protocols can provide only
inefficiently, if at all.
To begin to address this problem, the IAB, within the scope of its IP
Stack Evolution Program, organized a workshop to discuss approaches
to de-ossify transport, especially with respect to interactions with
middleboxes and new methods for implementing transport protocols.
Recognizing that the end-to-end principle has long been compromised,
we start with the fundamental question of matching paths through the
Internet with certain characteristics to application and transport
requirements.
We posed the following questions in the call for papers: Which paths
through the Internet are actually available to applications? Which
transports can be used over these paths? How can applications
cooperate with network elements to improve path establishment and
discovery? Can common transport functionality and standardization
help application developers to implement and deploy such approaches
in today's Internet? Could cooperative approaches give us a way to
rebalance the Internet back toward its end-to-end roots?
The call for papers encouraged a focus on approaches that are
incrementally deployable within the present Internet. Identified
topics included the following:
o Development and deployment of transport-like features in
application-layer protocols
o Methods for discovery of path characteristics and protocol
availability along a path
o Methods for middlebox detection and characterization of middlebox
behavior and functionality
o Methods for NAT and middlebox traversal in the establishment of
end-to-end paths
o Mechanisms for cooperative path-endpoint signaling, and lessons
learned from existing approaches
<span class="grey">Trammell & Kuehlewind Informational [Page 3]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-4" ></span>
<span class="grey"><a href="./rfc7663">RFC 7663</a> SEMI Workshop October 2015</span>
o Economic considerations and incentives for cooperation in
middlebox deployment
The Internet Architecture Board (IAB) holds occasional workshops
designed to consider long-term issues and strategies for the
Internet, and to suggest future directions for the Internet
architecture. This long-term planning function of the IAB is
complementary to the ongoing engineering efforts performed by working
groups of the Internet Engineering Task Force (IETF), under the
leadership of the Internet Engineering Steering Group (IESG) and area
directorates.
The SEMI workshop followed in part from the IAB's longer term
interest in the evolution of the Internet and the adoption of
Internet protocols, including the Internet Technology Adoption and
Transition workshop [<a href="./rfc7305" title=""Report from the IAB Workshop on Internet Technology Adoption and Transition (ITAT)"">RFC7305</a>], "What Makes for a Successful Protocol"
[<a href="./rfc5218" title=""What Makes For a Successful Protocol?"">RFC5218</a>], back to Deering's plenary talk [<a href="#ref-deering-plenary">deering-plenary</a>] at IETF
51 in 2001.
<span class="h3"><a class="selflink" id="section-1.1" href="#section-1.1">1.1</a>. Organization of This Report</span>
This workshop report summarizes the contributions to, and discussions
at the workshop, organized by topic. We started with a summary of
the current situation with respect to stack ossification, and
explored the incentives that have made it that way and the role of
incentives in evolution. Many contributions were broadly split into
two areas: middlebox measurement, classification, and approaches to
defense against middlebox modification of packets; and approaches to
support transport evolution. All accepted position papers and
detailed transcripts of discussion are available at
<a href="https://www.iab.org/activities/workshops/semi/">https://www.iab.org/activities/workshops/semi/</a>.
The outcomes of the workshop are discussed in <a href="#section-6">Section 6</a>, including
progress after the workshop toward each of the identified work items
as of the time of publication of this report.
<span class="h2"><a class="selflink" id="section-2" href="#section-2">2</a>. The Situation in Review</span>
At the time of Deering's talk in 2001, network address translation
(NAT) was identified as the key challenge to the Internet
architecture. Since then, the NAT traversal problem has been largely
solved, but the boxes in the middle are getting smarter and more
varied.
SEMI, as the IP Stack Evolution program in general, is far from the
first attempt to solve the problems caused by middlebox interference
in the end-to-end model. Just within the IETF, the MIDCOM, NSIS, and
<span class="grey">Trammell & Kuehlewind Informational [Page 4]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-5" ></span>
<span class="grey"><a href="./rfc7663">RFC 7663</a> SEMI Workshop October 2015</span>
BEHAVE efforts have addressed this problem, and the TRAM working
group is updating the NAT traversal outcomes of MIDCOM to reflect
current reality.
We believe we have an opportunity to improve the situation in the
present, however, due to a convergence of forces. While the tussle
between security and middleboxes is not new, the accelerating
deployment of cryptography for integrity and confidentiality makes
many packet inspection and packet modification operations obsolete,
creating pressure to improve the situation. There is also new energy
in the IETF around work that requires transport-layer flexibility
we're not sure we have (e.g., WebRTC) as well as flexibility at the
transport interface (TAPS).
<span class="h2"><a class="selflink" id="section-3" href="#section-3">3</a>. Incentives for Stack Ossification and Evolution</span>
The current situation is, of course, the result of a variety of
processes, and the convergence of incentives for network operators,
content providers, network equipment vendors, application developers,
operating system developers, and end users. Moore's Law makes it
easier to deploy more processing on-path, network operators need to
find ways to add value, enterprises find it more scalable to deploy
functionality in-network than on endpoints, and middleboxes are
something vendors can vend. These trends increase ossification of
the network stack.
Any effort to reduce the resulting ossification in order to make it
easier to evolve the transport stack, then, must consider the
incentives to deployment of new approaches by each of these actors.
As Christian Huitema [<a href="#ref-huitema-semi">huitema-semi</a>] pointed out, encryption provides
a powerful incentive here: putting a transport protocol atop a
cryptographic protocol atop UDP resets the transport versus middlebox
tussle by making inspection and modification above the encryption and
demux layer impossible. Any transport evolution strategy using this
approach must also deliver better performance or functionality (e.g.,
setup latency) than existing approaches while being as deployable as
these approaches, or moreso.
Indeed, significant positive net value at each organization where
change is required -- operators, application developers, equipment
vendors, enterprise and private users -- is best to drive deployment
of a new protocol, said Dave Thaler, pointing to [<a href="./rfc5218" title=""What Makes For a Successful Protocol?"">RFC5218</a>]. All
tussles in networking stem from conflicting incentives unavoidable in
a free market. For upper-layer protocols, incentives tend to favor
protocols that work anywhere, use the most efficient mechanism that
works, and are as simple as possible from an implementation,
maintenance, and management standpoint. For lower-layer protocols,
<span class="grey">Trammell & Kuehlewind Informational [Page 5]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-6" ></span>
<span class="grey"><a href="./rfc7663">RFC 7663</a> SEMI Workshop October 2015</span>
incentives tend toward ignoring and or disabling optional features,
as there is a positive feedback cycle between being rarely used and
rarely implemented.
<span class="h2"><a class="selflink" id="section-4" href="#section-4">4</a>. The Role and Rule of Middleboxes</span>
Middleboxes are commonplace in the Internet and constrain the ability
to deploy new protocols and protocol extensions. Engineering around
this problem requires a "bestiary" of middleboxes, a classification
of which kinds of impairments middleboxes cause and how often,
according to Benoit Donnet [<a href="#ref-edeline-semi">edeline-semi</a>].
Even though the trend towards Network Function Visualization (NFV)
allows for faster update-cycle of middleboxes and thereby more
flexibility, the function provided by middleboxes will stay. In
fact, service chaining may lead to more and more add-ons to address
and manage problems in the network, in turn further increasing the
complexity of network management. Ted Hardie [<a href="#ref-hardie-semi">hardie-semi</a>] warned
that each instance may add a new queue and may increase the
bufferbloat problem that is counterproductive for new emerging
latency-sensitive applications. However, this new flexibility also
provides a chance to move functionality back to the end host.
Alternately, more appropriate in-network functionality could benefit
from additional information in application and path characteristics,
though this in turn implies a variety of complicated trust
relationships among nodes in the network. In any case, an increasing
trend of in-network functionality can be observed, especially in
mobile networks.
Costin Raiciu [<a href="#ref-raiciu-semi">raiciu-semi</a>] stated that middleboxes make the Internet
unpredictable, leading to a trade-off between efficiency and
reachability. While constructive cooperation with middleboxes to
establish a clear contract between the network and the endpoint might
be one approach to address this challenge, enforcement of contract in
less cooperative environments might require extensive tunneling.
Raiciu's contribution on "ninja tunneling" illustrates one such
approach.
<span class="h2"><a class="selflink" id="section-5" href="#section-5">5</a>. Evolving the Transport Layer</span>
For evolution in the transport layer itself, various proposals have
been discussed, reaching from the development of new protocols
(potentially as user-level stacks) encapsulated in UDP as a transport
identification sub-header to the use of TCP as a substrate where the
semantics of TCP are relaxed (e.g., regarding reliability, ordering,
flow control, etc.) and a more flexible API is provided to the
application.
<span class="grey">Trammell & Kuehlewind Informational [Page 6]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-7" ></span>
<span class="grey"><a href="./rfc7663">RFC 7663</a> SEMI Workshop October 2015</span>
Discussion on evolution during the workshop divided amicably along
two lines: working to fix the deployability of TCP extensions
(referred to in discussion as "the TCP Liberation Front") versus
working to build new encapsulation-based mechanisms to allow wholly
new protocols to be deployed (referred to in discussion as "the
People's Front of UDP"). David Black [<a href="#ref-black-semi">black-semi</a>] pointed out that
UDP encapsulation has to be adapted and separately discussed for
every use case, which can be a long and painful process. UDP
encapsulation can be an approach to develop more specialized
protocols that helps to address special needs of certain
applications. However, Stuart Cheshire [<a href="#ref-cheshire-semi">cheshire-semi</a>] (as presented
by Brian Trammell) pointed out that designing a new protocol instead
of fixing/extending TCP might not always solve the problem.
To address the extensibility problem of TCP, Bob Briscoe proposed
Inner Space [<a href="#ref-briscoe-semi">briscoe-semi</a>]. Here, the general principle is to extend
layer X's header within layer X+1; in the case of TCP, additional TCP
header and option space is provided within the TCP payload, such that
it cannot presently be inspected and modified by middleboxes.
Further, instead of only focusing on those cases where new extensions
and protocols are not deployable, Micheal Welzl [<a href="#ref-welzl-semi">welzl-semi</a>] points
out that there are also a lot of paths in the network that are not
ossified. To enable deployment on these paths, an end host would
need to probe or use a happy-eyeball-like approach [<a href="./rfc6555" title=""Happy Eyeballs: Success with Dual-Stack Hosts"">RFC6555</a>] and
potentially fallback. The TAPS working group implements the first
step to decouple applications from transport protocols allowing for
the needed flexibility in the transport layer.
<span class="h2"><a class="selflink" id="section-6" href="#section-6">6</a>. Outcomes</span>
The SEMI workshop identified several areas for further work, outlined
below.
<span class="h3"><a class="selflink" id="section-6.1" href="#section-6.1">6.1</a>. Minimal Signaling for Encapsulated Transports</span>
Assuming that a way forward for transport evolution in user space
would involve encapsulation in UDP datagrams, the workshop identified
that it may be useful to have a facility built atop UDP to provide
minimal signaling of the semantics of a flow that would otherwise be
available in TCP: at the very least, indications of first and last
packets in a flow to assist firewalls and NATs in policy decision and
state maintenance. This facility could also provide minimal
application-to-path and path-to-application signaling, though there
was less agreement on exactly what should or could be signaled here.
<span class="grey">Trammell & Kuehlewind Informational [Page 7]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-8" ></span>
<span class="grey"><a href="./rfc7663">RFC 7663</a> SEMI Workshop October 2015</span>
The workshop did note that, given the increasing deployment of
encryption in the Internet, this facility should cooperate with
Datagram Transport Layer Security (DTLS) [<a href="./rfc6347" title=""Datagram Transport Layer Security Version 1.2"">RFC6347</a>] in order to
selectively expose information about traffic flows where the
transport headers and payload themselves are encrypted.
To develop this concept further, it was decided to propose a BoF
session that would not form a working group, SPUD (Substrate Protocol
for User Datagrams), at the IETF 92 meeting in March in Dallas. A
document on use cases [<a href="#ref-SPUD-USE" title=""Use Cases for SPUD"">SPUD-USE</a>], a prototype specification for a
shim protocol over UDP [<a href="#ref-SPUD-PROTO">SPUD-PROTO</a>], and a separate specification of
the use of DTLS as a subtransport layer [<a href="#ref-TLS-DTLS" title=""DTLS as Subtransport protocol"">TLS-DTLS</a>] were prepared
following discussions at SEMI and presented at the BoF.
Clear from discussion before and during the SPUD BoF, and drawing on
experience with previous endpoint-to-middle and middle-to-endpoint
signaling approaches, is that any selective exposure of traffic
metadata outside a relatively restricted trust domain must be
declarative as opposed to imperative, non-negotiated, and advisory.
Each exposed parameter should also be independently verifiable, so
that each entity can assign its own trust to other entities. Basic
transport over the substrate must continue working even if signaling
is ignored or stripped, to support incremental deployment. These
restrictions on vocabulary are discussed further in [<a href="#ref-EXP-COOP" title=""Architectural Considerations for Transport Evolution with Explicit Path Cooperation"">EXP-COOP</a>].
There was much interest in the room in continuing work on an approach
like the one under discussion. It was relatively clear that the
state of the discussion and prototyping activity now is not yet
mature enough for standardization within an IETF working group. An
appropriate venue for continuing the work remains unclear.
Discussion continues on the spud mailing list (spud@ietf.org). The
UDP shim layer prototype is described by [<a href="#ref-SPUD-PROTO">SPUD-PROTO</a>].
<span class="h3"><a class="selflink" id="section-6.2" href="#section-6.2">6.2</a>. Middlebox Measurement</span>
Discussion about the impairments caused by middleboxes quickly
identified the need to get more and better data about how prevalent
certain types of impairments are in the network. It doesn't make
much sense, for instance, to engineer complex workarounds for certain
types of impairments into transport protocols if those impairments
are relatively rare. There are dedicated measurement studies for
certain types of impairment, but the workshop noted that prevalence
data might be available from error logs from TCP stacks and
applications on both clients and servers: these entities are in a
position to know when attempts to use particular transport features
failed, providing an opportunity to measure the network as a side
effect of using it. Many clients already have a feature for sending
<span class="grey">Trammell & Kuehlewind Informational [Page 8]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-9" ></span>
<span class="grey"><a href="./rfc7663">RFC 7663</a> SEMI Workshop October 2015</span>
these bug reports back to their developers. These present
opportunities to bring data to bear on discussion and decisions about
protocol engineering in an Internet full of middleboxes.
The HOPS (How Ossified is the Protocol Stack) informal birds of a
feather session ("Bar BoF") was held at the IETF 92 meeting in
Dallas, to discuss approaches to get aggregated data from these logs
about potential middlebox impairment, focusing on common data formats
and issues of preserving end-user privacy. While some discussion
focused on aggregating impairment observations at the network level,
initial work will focus on making relative prevalence information
available on an Internet-wide scope. The first activity identified
has been to match the types of data required to answer questions
relevant to protocol engineering to the data that currently is or can
easily be collected.
A mailing list (hops@ietf.org) has been established to continue
discussion.
<span class="h3"><a class="selflink" id="section-6.3" href="#section-6.3">6.3</a>. Guidelines for Middlebox Design and Deployment</span>
The workshop identified the potential to update [<a href="./rfc3234" title=""Middleboxes: Taxonomy and Issues"">RFC3234</a>] to provide
guidelines on middlebox design, implementation, and deployment in
order to reduce inadvertent or accidental impact on stack
ossification in existing and new middlebox designs. The IAB Stack
Evolution Program will follow up on this with the participants in the
now-closed BEHAVE working group, as it most closely follows the work
of that group. It will draw in part on the work of the BEHAVE
working group, and on experience with STUN, TURN, and ICE, all of
which focus more specifically on network address translation.
<span class="h3"><a class="selflink" id="section-6.4" href="#section-6.4">6.4</a>. Architectural Guidelines for Transport Stack Evolution</span>
The workshop identified the need for architectural guidance in
general for transport stack evolution: tradeoffs between user- and
kernel-space implementations, tradeoffs in and considerations for
encapsulations (especially UDP), tradeoffs in implicit versus
explicit interaction with devices along the path, and so on. This
document will be produced by the IAB IP Stack Evolution Program; the
new transport encapsulations document [<a href="#ref-EXP-COOP" title=""Architectural Considerations for Transport Evolution with Explicit Path Cooperation"">EXP-COOP</a>] may evolve into the
basis for this work.
Further, due to the underlying discuss on trust and a needed "balance
of power" between the end hosts and the network, the workshop
participants concluded that it is necessary to define approaches
based on the cryptographic protocol to enable transport protocol
extensibility.
<span class="grey">Trammell & Kuehlewind Informational [Page 9]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-10" ></span>
<span class="grey"><a href="./rfc7663">RFC 7663</a> SEMI Workshop October 2015</span>
<span class="h3"><a class="selflink" id="section-6.5" href="#section-6.5">6.5</a>. Additional Activities in the IETF and IAB</span>
The workshop identified the need to socialize ideas connected to
transport stack evolution within the IETF community, including
presentations in the transport and applications open area meetings on
protocol extensibility, UDP encapsulation considerations, and the
application of TLS/DTLS in order to prevent middlebox meddling. Much
of the energy coming out of the workshop went into the SPUD BoF (see
<a href="#section-6.1">Section 6.1</a>), so these presentations will be given at future
meetings.
There are also clear interactions between the future work following
the SEMI workshop and the IAB's Privacy and Security Program; Privacy
and Security program members will be encouraged to follow
developments in transport stack evolution to help especially with
privacy implications of the outcomes of the workshop.
<span class="h3"><a class="selflink" id="section-6.6" href="#section-6.6">6.6</a>. Additional Activities in Other Venues</span>
Bob Briscoe informally liaised the SEMI workshop discussions to the
ETSI Network Function Virtualization (NFV) Industry Specification
Group (ISG) following the workshop, focusing as well on the
implications of end-to-end encryption on the present and future of
in-network functionality. In the ISG's Security Working Group, he
proposed text for best practices on middlebox access to data in the
presence of end-to-end encryption.
<span class="h2"><a class="selflink" id="section-7" href="#section-7">7</a>. Security Considerations</span>
This document presents no security considerations.
<span class="h2"><a class="selflink" id="section-8" href="#section-8">8</a>. Informative References</span>
[<a id="ref-RFC3234">RFC3234</a>] Carpenter, B. and S. Brim, "Middleboxes: Taxonomy and
Issues", <a href="./rfc3234">RFC 3234</a>, DOI 10.17487/RFC3234, February 2002,
<<a href="http://www.rfc-editor.org/info/rfc3234">http://www.rfc-editor.org/info/rfc3234</a>>.
[<a id="ref-RFC5218">RFC5218</a>] Thaler, D. and B. Aboba, "What Makes For a Successful
Protocol?", <a href="./rfc5218">RFC 5218</a>, DOI 10.17487/RFC5218, July 2008,
<<a href="http://www.rfc-editor.org/info/rfc5218">http://www.rfc-editor.org/info/rfc5218</a>>.
[<a id="ref-RFC6347">RFC6347</a>] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security Version 1.2", <a href="./rfc6347">RFC 6347</a>, DOI 10.17487/RFC6347,
January 2012, <<a href="http://www.rfc-editor.org/info/rfc6347">http://www.rfc-editor.org/info/rfc6347</a>>.
[<a id="ref-RFC6555">RFC6555</a>] Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with
Dual-Stack Hosts", <a href="./rfc6555">RFC 6555</a>, DOI 10.17487/RFC6555, April
2012, <<a href="http://www.rfc-editor.org/info/rfc6555">http://www.rfc-editor.org/info/rfc6555</a>>.
<span class="grey">Trammell & Kuehlewind Informational [Page 10]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-11" ></span>
<span class="grey"><a href="./rfc7663">RFC 7663</a> SEMI Workshop October 2015</span>
[<a id="ref-RFC7305">RFC7305</a>] Lear, E., Ed., "Report from the IAB Workshop on Internet
Technology Adoption and Transition (ITAT)", <a href="./rfc7305">RFC 7305</a>,
DOI 10.17487/RFC7305, July 2014,
<<a href="http://www.rfc-editor.org/info/rfc7305">http://www.rfc-editor.org/info/rfc7305</a>>.
[<a id="ref-SPUD-USE">SPUD-USE</a>] Hardie, T., <a style="text-decoration: none" href='https://www.google.com/search?sitesearch=datatracker.ietf.org%2Fdoc%2Fhtml%2F&q=inurl:draft-+%22Use+Cases+for+SPUD%22'>"Use Cases for SPUD"</a>, Work in Progress,
<a href="./draft-hardie-spud-use-cases-01">draft-hardie-spud-use-cases-01</a>, February 2015.
[<a id="ref-SPUD-PROTO">SPUD-PROTO</a>]
Hildebrand, J. and B. Trammell, "Substrate Protocol for
User Datagrams (SPUD) Prototype", Work in Progress,
<a href="./draft-hildebrand-spud-prototype-03">draft-hildebrand-spud-prototype-03</a>, March 2015.
[<a id="ref-TLS-DTLS">TLS-DTLS</a>] Huitema, C., Rescorla, E., and J. Jana, "DTLS as
Subtransport protocol", Work in Progress,
<a href="./draft-huitema-tls-dtls-as-subtransport-00">draft-huitema-tls-dtls-as-subtransport-00</a>, March 2015.
[<a id="ref-EXP-COOP">EXP-COOP</a>] Trammell, B., Ed., "Architectural Considerations for
Transport Evolution with Explicit Path Cooperation", Work
in Progress, <a href="./draft-trammell-stackevo-explicit-coop-00">draft-trammell-stackevo-explicit-coop-00</a>,
September 2015.
[<a id="ref-black-semi">black-semi</a>]
Black, D., "UDP Encapsulation: Framework Considerations",
January 2015, <<a href="https://www.iab.org/wp-content/IAB-uploads/2014/12/semi2015_black.pdf">https://www.iab.org/wp-content/</a>
<a href="https://www.iab.org/wp-content/IAB-uploads/2014/12/semi2015_black.pdf">IAB-uploads/2014/12/semi2015_black.pdf</a>>.
[<a id="ref-briscoe-semi">briscoe-semi</a>]
Briscoe, B., "Tunneling Through Inner Space", October
2014, <<a href="https://www.iab.org/wp-content/IAB-uploads/2014/12/semi2015_briscoe.pdf">https://www.iab.org/wp-content/IAB-uploads/2014/12/</a>
<a href="https://www.iab.org/wp-content/IAB-uploads/2014/12/semi2015_briscoe.pdf">semi2015_briscoe.pdf</a>>.
[<a id="ref-cheshire-semi">cheshire-semi</a>]
Cheshire, S., "Restoring the Reputation of the
Much-Maligned TCP", January 2015, <<a href="https://www.iab.org/wp-content/IAB-uploads/2015/01/semi2015-cheshire.pdf">https://www.iab.org/</a>
<a href="https://www.iab.org/wp-content/IAB-uploads/2015/01/semi2015-cheshire.pdf">wp-content/IAB-uploads/2015/01/semi2015-cheshire.pdf</a>>.
[<a id="ref-deering-plenary">deering-plenary</a>]
Deering, S., "Watching the Waist of the Protocol
Hourglass", August 2001,
<<a href="https://www.ietf.org/proceedings/51/slides/plenary-1">https://www.ietf.org/proceedings/51/slides/plenary-1</a>>.
[<a id="ref-edeline-semi">edeline-semi</a>]
Edeline, K. and B. Donnet, "On a Middlebox
Classification", January 2015, <<a href="https://www.iab.org/wp-content/IAB-uploads/2014/12/semi2015_edeline.pdf">https://www.iab.org/</a>
<a href="https://www.iab.org/wp-content/IAB-uploads/2014/12/semi2015_edeline.pdf">wp-content/IAB-uploads/2014/12/semi2015_edeline.pdf</a>>.
<span class="grey">Trammell & Kuehlewind Informational [Page 11]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-12" ></span>
<span class="grey"><a href="./rfc7663">RFC 7663</a> SEMI Workshop October 2015</span>
[<a id="ref-hardie-semi">hardie-semi</a>]
Hardie, T., "Network Function Virtualization and Path
Character", January 2015, <<a href="https://www.iab.org/wp-content/IAB-uploads/2014/12/semi2015_hardie.pdf">https://www.iab.org/wp-content/</a>
<a href="https://www.iab.org/wp-content/IAB-uploads/2014/12/semi2015_hardie.pdf">IAB-uploads/2014/12/semi2015_hardie.pdf</a>>.
[<a id="ref-huitema-semi">huitema-semi</a>]
Huitema, C., "The Secure Transport Tussle", October 2014,
<<a href="https://www.iab.org/wp-content/IAB-uploads/2014/12/semi2015_huitema.pdf">https://www.iab.org/wp-content/IAB-uploads/2014/12/</a>
<a href="https://www.iab.org/wp-content/IAB-uploads/2014/12/semi2015_huitema.pdf">semi2015_huitema.pdf</a>>.
[<a id="ref-raiciu-semi">raiciu-semi</a>]
Raiciu, C., Olteanu, V., and , "Good Cop, Bad Cop: Forcing
Middleboxes to Cooperate", January 2015,
<<a href="https://www.iab.org/wp-content/IAB-uploads/2015/01/ninja.pdf">https://www.iab.org/wp-content/IAB-uploads/2015/01/</a>
<a href="https://www.iab.org/wp-content/IAB-uploads/2015/01/ninja.pdf">ninja.pdf</a>>.
[<a id="ref-welzl-semi">welzl-semi</a>]
Welzl, M., Fairhurst, G., and D. Ros, "Ossification: a
result of not even trying?", January 2015,
<<a href="https://www.iab.org/wp-content/IAB-uploads/2014/12/semi2015_welzl.pdf">https://www.iab.org/wp-content/IAB-uploads/2014/12/</a>
<a href="https://www.iab.org/wp-content/IAB-uploads/2014/12/semi2015_welzl.pdf">semi2015_welzl.pdf</a>>.
<span class="grey">Trammell & Kuehlewind Informational [Page 12]</span></pre>
<hr class='noprint'/><!--NewPage--><pre class='newpage'><span id="page-13" ></span>
<span class="grey"><a href="./rfc7663">RFC 7663</a> SEMI Workshop October 2015</span>
<span class="h2"><a class="selflink" id="appendix-A" href="#appendix-A">Appendix A</a>. Attendees</span>
The following people attended the SEMI workshop:
Mary Barnes, Richard Barnes, David Black, Marc Blanchet, Bob Briscoe,
Ken Calvert, Spencer Dawkins, Benoit Donnet, Lars Eggert, Gorry
Fairhurst, Aaron Falk, Mat Ford, Ted Hardie, Joe Hildebrand, Russ
Housley, Felipe Huici, Christian Huitema, Jana Iyengar, Mirja
Kuehlewind, Eliot Lear, Barry Leiba, Xing Li, Szilveszter Nadas, Erik
Nordmark, Colin Perkins, Bernhard Plattner, Miroslav Ponec, Costin
Raiciu, Philipp Schmidt, Martin Stiemerling, Dave Thaler, Brian
Trammell, Michael Welzl, Brandon Williams, Dan Wing, and Aaron Yi
Ding.
Additionally, Stuart Cheshire and Eric Rescorla contributed to the
workshop but were unable to attend.
Acknowledgments
The IAB thanks the SEMI Program Committee: Brian Trammell, Mirja
Kuehlewind, Joe Hildebrand, Eliot Lear, Mat Ford, Gorry Fairhurst,
and Martin Stiemerling. We additionally thank Prof. Dr. Bernhard
Plattner of the Communication Systems Group at ETH for hosting the
workshop, and the Internet Society for its support. Thanks to
Suzanne Woolf and Aaron Falk for the feedback and review.
Authors' Addresses
Brian Trammell (editor)
ETH Zurich
Gloriastrasse 35
8092 Zurich
Switzerland
Email: ietf@trammell.ch
Mirja Kuehlewind (editor)
ETH Zurich
Gloriastrasse 35
8092 Zurich
Switzerland
Email: mirja.kuehlewind@tik.ee.ethz.ch
Trammell & Kuehlewind Informational [Page 13]
</pre>
|
