[AusNOG] RFC3514 The Security Flag in the IPv4 Header

David Hughes David at Hughes.com.au
Wed Apr 7 18:19:16 EST 2010


On 07/04/2010, at 5:39 PM, Narelle wrote:

> I think my all time favourite RFC has to be RFC 1925 The Twelve
> Networking Truths.


I still like the one below but clearly I am biased :)  It was knocked back as the joke RFC in 98 (I think) when we wrote it.  Much of the content was developed over beers around the roof-top pool at Apricot 98 in Manila.  Paul Ferguson couldn't help much as he was communicating by holding up signs as he'd lost his voice yelling in a pub the night before.  Oh, those were the days  (now I really sound old :)


David
...

								Patrik Faltstrom
								Tele2
								Paul Ferguson
								Cisco
								Steve Coya
								IETF Secretariat
								David Hughes
								Hughes Technologies


                Regional Beering Policy Internet-Draught

                      Beering Control Policy (BCP)


Introduction

Because of the increased interest in beering, there is a need of 
controlling the beering itself by internationally agreed rules. These 
rules are to make it easier for those truly implementing beering to get 
the throughput requested.

This paper defines a beering control policy (BCP) which is documenting 
the best current practice used at beering points when controlling 
throughput to receivers, as well as controlling the receiver's access 
to beering points in the first place.

Internationally, there might be some slight differences in policy used. 
For example, in some geographical areas, it is known that one request 
of packages means "bring one package and keep 'em coming", while in 
other areas the receiver have to request each package individually. The 
intention is that this policy will cover most of these localization 
issues. More details can be found in the section on 
internationalization.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 
document are to be interpreted as described in RFC 2119.

Beering Points

At the beering point the consumers requests beer. For this to happen, 
the consumer MUST have access to the same beering point as his beering 
partners. The beering point itself SHOULD use a policy for taking care 
of beering requests from consumers. The policy MUST be published using 
the http (Hop Transfer Transaction Protocol). To be able to fulfil 
requests from beering partners, the beering point MUST be a registrar 
for certain content types.

At a beering point, one can find various beering alliances. Parties at 
a beering point are NOT REQUIRED to beer with each other.

One can find the same content types at different beering points. This 
helps interoperability when the same beering partner start beering at 
more than one beering point as not all beering partners do accept all 
content types.


Settlements

The default settlement at a beering point MUST be free beering. That 
implies that each beering partner is carrying its own cost at the 
beering point, and they do not exchange payments between themselves. A 
beering partner MAY carry the cost for other partners - which because 
of that get free beering. This SHOULD be the case when partners have 
good cooperation regarding carrying the packages (including transit, 
see below).


Access to a beering point

A beering partner SHOULD be connected to a beering point at all times. 
To get effective beering, two or more partners MUST coexist at the same 
beering point at the same time. Access to a beering point is provided 
by transit of third parties. One such party is a Cab (Collaborative 
Access method for Beering points).

A beering point MUST provide beering for companies of a single partner. 
It is though not as interesting for the partner itself as beering 
between two or more parties. The beering point is though not the party 
to set such policies.

A beering point can be public or private. A public beering point is 
called a PUB (Public Unit for Beering).


Caching

If access to a beering point is troublesome, a partner MAY hold a local 
cache of packages at the home location. Such a cache is called a 
fridge. The packages SHOULD be preloaded into the cache in the case 
that such a media type is needed at a later stage. The cache can not be 
loaded on demand, but rather according to calculated needs. The 
packages are transported to the local cache in bursts of 1, 6, 8 or 24. 
Each such burst MAY be fragmented before the content of the package is 
inspected.


Packet size

To get efficient beering, mtu discovery SHOULD be used on the full path 
from one beering partner to another. Some beering partners does not 
handle the large 1024 ml packages, but only 576-ml packages. At some 
more strange beering points, packages with the size of 48 ml is in use 
-- which is extremely inefficient because of overhead in management not 
only between the beering partners, but also the beering point itself. 
To conclude, one can say that 48 ml is a bad, small size, 576 ml is 
better, and 1024 ml what one wants to use.


Frag^H^H^H^Hfermentation

The packages MAY be frag^H^H^H^Hfermented, fermentation is allowed, and 
each media type MAY have their own set of fermentation rules. What 
fermentation rule that has been used can be detected when inspecting 
the actual content of the packages.

While fermentation is allowed, fragmentation is considered harmful and 
MUST NOT be used, except when fragmenting a burst of more than one 
package. See above the section on caching.

There is a minimum mtu of 1 receptacle. An attempt to further fragment 
the packet below a unit of one minimum unit SHALL result is destructive 
fragmentation and a retransmission of the unit MUST occur before the 
expiration of a round. The party fragmenting MUST request 
retransmission of the round.


Streaming

At some beering points, the content of the packages get delivered using 
extremely large mtus (also called kegs). To fragment those large mtus 
into a container size that the peering partner can handle, a streaming 
protocol is used. The beering point MUST change delivery method from 
streaming to packagebased at a tap.


Throughput

The maximum throughput at a beering point can differ significantly 
between beering points. It also differs between beering partners -- but 
is upper bound by the administrative mechanisms at the beering point 
itself. The number of transactions that the beering point can handle 
limits the bandwidth.


Quality of the packet content

Different media types have different amount of hops. It is considered 
that the higher number of hops, the better. I.e. a large hop-count, the 
better

Each beering point is has it's own rules for MPDU (minimum/maximum 
packaging draught unit). The MPDU MAY be standardized in a geographical 
region. In the UK for example, the rules for MPDUs are stricter than in 
other countries.

Packet filtering MAY occur, but it is generally considered that 
filtering does not improve the quality of the packet content. Different 
media types require different methods, and amount of filtering. A 
beering partner MUST take into account when beering that filtering has 
occurred.

Some packet generators are known to produce SPAM - Socially Pervasive 
Anti Tasteful Media. Such media types are less frequent present at 
beering points, but more often at places from which the local cache is 
loaded. A partner SHOULD implement methods that filter out SPAM, or he 
may be the target for a denial of service attack, making him 
uninterested of high quality beering in the future.

The amount of head MAY vary between media types. It is also considered 
tradition for some media types at high quality beering points to have a 
firm, compact head. Such a head is achieved by using header 
compression. The goal is to be able to extract the content of the 
package without damaging the head.


Policy for a beering point

A beering point MUST give the ability for the beering partners to 
recycle the packet content, as a beering partner can not compress 
package content to an infinite amount. Some compression does happen -- 
when the partner has more ingress than egress.

Tunneling MAY be the only way to access resources at the tap when the 
beering point gets requests simultaneously. Tunneling is implemented by 
having one beering partner sending one request to the tap for all 
partners, instead of having all partners sending one request each. 
Tunneling of packages minimize the number of administrative 
transactions at the beering point, which according to discussion above 
increase the maximum amount of throughput. A beering point MUST allow 
tunneling (local transit) of packages.

The beering point MUST handle packet drop. When the buffers are close 
to full, the beering point SHOULD refuse to send more packages to avoid 
packet drop. The beering point MUST implement the random early drop 
method (RED), but other methods MAY be implemented.

The beering point MUST address collision avoidance when passing 
packages between beering partners. Collision leads to packet drop.

Beering stability/instability occurs when one disorderly beering 
partner can wreak havoc at either a public or private beering point. 
The beering point MUST use selective packet discard to ensure that 
control beers are not dropped, but that other beers may be dropped 
instead.


CIDR (Conservation of Inebriating Draft Receptacles)

There is currently an explosion of the number of small receptacles for 
holding draft beer. This is clearly a danger for public beering points 
(Pubs) that must contain all receptacles due to the fact that all 
receptacles use the same amount of shelf space. Obviously, a receptacle 
registrar MAY be implemented so it limits the allocation of these tiny 
receptacles, even at the expense of those partners who can only hold 
the small receptacles. If they can't hold a reasonable size receptacle, 
they shouldn't be at the pub in the first place. Consolidation of the 
beer space by large receptacle handlers as a natural consequence of 
this market. Renumbering into smaller receptacles is considered 
harmful, and SHOULD be avoided.

With respect to the establishment of receptacle registrars at the 
beering point, the use of a membership system would be the most 
effective. In order to obtain a receptacle, the beering point MUST both 
pay a yearly fee as well as document their need for packages in terms 
of engineering (how the package will be transferred into the 
receptacle) as well as deployment (how the package content will be 
taken care of). Simply wanting packages is insufficient -- if the 
registrars were to allocate receptacles to everyone who wanted them, 
there would clearly be insufficient receptacles for those who truly 
justify them.

The registries are aware of certain unfair situations with respect to 
historically allocated large receptacles.  However, recovery of used 
beer tends to be somewhat problematic -- very few individuals wish to 
make use of the recovered beer. Such efforts to reuse recovered beer 
SHALL be considered deviant. Even the use of filters will not be 
considered acceptable practice in such situations. Allocation of NEW 
beer is the only acceptable mode of operation.


Internationalization issues

Because no central registry exists for media types, the beering partner 
MUST be able to both identify and request the correct packet type at a 
beering point. This is increasingly harder when partners transit with 
global transit companies (airlines) to beering points not in the same 
cultural region as the partner normally act within. There is no 
standard on labeling of the packages to make it easier to exchange 
packages at a beering point, even though the beering point SHOULD have 
some common media types available to be able to fulfil foreign beering 
partners requests. At some beering points the packages are tagged with 
specific labels which makes exchange/switching of packages very 
efficient. A beering point SHOULD accept a partner leaving a credit 
card close to the tap. The card holds information the amount of 
packages the partner can receive.

Cultural differences not only make it hard to understand the labels of 
the packages, but also the communication at the beering point is 
difficult. A beering point SHOULD have adequate information for foreign 
partners, and MAY even be able to handle generic payments (greenbacks) 
for packages received.


Operational considerations

A beering partner MAY drop packages when the input buffers are full. 
Other partners at the same beering point can at that moment start 
hostile denial of service attacks to the poor partner, especially by 
the use of Socially Pervasive Anti Tasteful Media (SPAM). The service 
provider at the beering point SHOULD in those cases help the beering 
party to get in contact with a transit company (CAB) to be able to go 
back to its home.

A beering point MUST keep track of the amount of uncleared transactions 
with each beering partner -- as the beering partner might request more 
packages than he can pay for according to the settlement agreement 
between the beering partners and the service provider at the beering 
point.


Security Considerations

qANQR1DBwE4DUBKHZ1nrCuUQA/9ygLThUenLxqU+hLgfpJ2CkhJCk2pdX5c9WxzI
iyKNwJOdbSnk2tqHul1D+xFn9aFRdnVr68htkdepXlHWanFSVzdViDBDae4i8PEW
0b9zCcAq/P2WNvvToixnYLtOFjC/I0HIsewr9EWsJncd7zZUidrc2RS7CDxrmX31
dnQhQAP7BPz3YFbQ+bRJJG3Y8DzzJOZT4iKYU0TRcoKodbPyih+LTMX4PJ1IoQlE
V9NLqouazCrT4lW2q8NSWZFsuaZigPrBksObUqmhk1s3ED9sbHdd9Tgq46XtQAEh
ZPPH9gmb5On6teAuiKQ/nBeZLIEMrDM2x86RGYE/AyMqQB98wL7JwNyek1+G8a6a
ooNgzD3oWlYpo+w4E9uM6CMKgWrQzaVWiSSUBa1BfgfbUowlRDPpKvuEh6IICcUi
En313Cf1WZmzJ9jN+X97GBVXzluao10z9bCQNjv3ucD7/rMTvvU/BAQS/N0WnAdG
mh/WkRkDW0YER1+dgKPFBwNuLiHGTDOPLsgupRKDCgSJUhwt/2vBg+Uhfcnj0If9
oXK+QF5AGx/QT/rAQGBrbL8M3LxmS0MEPxjeoiOb8zhwH6gA4hX7kEw64gP1tbMe
bBQQBJSZ4Q/7scofxGaJEzq0nRaHxjMqBZXNvEZSqiSMAuWjx8ybKBczjS4W4Sam
NR21zftf8gwRdb5N1czAnEfcWryk5RuqPMUy8G+wXLRiDEQfgn6pkE9XtdnP1Fju
wcL5I00rQs7Yqmckv7KB50/BKwi6XxEsoG96BIx1nRAu7vPT45oXpHN0YqEEkmf2
fGPZlXfPJfSt8zLMPn366E7j5c0vZExgHt/XwIZjZoJ4OzaENiKdF0J2S3FKjXli
O2MVYxsX1XeZjpuiB9rfJ3ds9Rei
=eFHS


Acknowledgements:

The editors thank Samuel Adams, Bud Weiser, Hein E. Ken, C. O. Rona, 
Vic Bitter, Ann Hizer-Bush and Gordon Birch for valuable input during 
the developmen of this draught.


Authors Addresses

    Patrik Faltstrom
    Tele2
    Email: paf at swip.net

    Paul Ferguson
    Cisco
    Email: paul at cisco.com

    Steve Coya
    IETF Secretariat
    Email: scoya at ietf.org

    David Hughes
    Hughes Technologies
    Email: bambi at hughes.com.au


Appendix A -- Common used protocols in a PUB

BGP -- Beering Gathering Protocol -- The protocol used to exchange 
information at a beering point between beering parties according to 
earlier settlements.

LDAP: Light Draught Access Protocol used to lookup structured metadata 
about the various package types available in the world. It has nothing 
to do with beering points directly, but can be used by a beering point 
to give information to potential beering partners. One problem for 
global deployment of LDAP is though that we have no global naming 
schemes for packet types. Information on what distinguished names exist 
of packet types is exchanged between beering parties at a beering point.

SNMP: Shout and Nod Message Passing is used to monitor the amount of 
hops in each tap, and can also be used by the service provider at the 
beering point to check the available space in the buffers, to avoid 
buffer overflow and packet drop.

HTTP: Hop Transfer Transaction Protocol, is used by beering parties to 
check at the beering point information of the various taps available, 
i.e. also called the menu

DHCP: Dynamic Hangout Callee Protocol, used when communicating with 
companies handling transit to beering points -- CAB (a Collaborative 
Access method to Beering points). Normally a native language is used in 
this protocol, which means that local variants of DHCP do exist, which 
unfortunately makes it difficult in some places to come to the beering 
point you want.

OSPF: Open Shortest Path First: Locate closest watering hole for 
initial ingestion.

DNS: Draught Name Selection: Is used to select media type at the 
beering point. Specification of point of origination should use 
ISO-3166 country codes.

TIP: Preallocation of TIP may guarantee higher QOS (Quality Of Service).


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100407/00d4fce6/attachment.html>


More information about the AusNOG mailing list