Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
IETF Response to “LS on New IP, Shaping Future Network” (ietf.org)
124 points by polymorph1sm on April 4, 2020 | hide | past | favorite | 54 comments


For the uninitiated, there's a bit of a culture clash going on there in the background - not between the IETF and the ITU but rather between the Western groups that have brought up the internet and Chinese groups that are joining the tables now.

The IETF, ITU, IEEE and similar groups have their "social etiquette" and lots of unspoken agreements that people learn when starting to interact there, but the way these things work is not exactly culturally neutral.

This isn't as much of an IETF shutdown of the ITU, rather an IETF shutdown of a group of Chinese people and companies. The ITU isn't blind to understanding that the Internet works thanks to the open IETF processes, but the ITU also has its procedures, and that's how you get these proposals.

If you want to look at similar occurences inside the IETF, there's for example TTZ: https://datatracker.ietf.org/doc/rfc8099/

NB: this isn't the Chinese being "stupid" or anything - it's an impedance mismatch in culture. It needs to be fixed by all involved. (The particular "LS on New IP" proposal is obviously stupid, but - such proposals exist at, say, Cisco, too. They just don't make it out of there. That's the cultural difference.)


There's also the historical issue that the ITU championed OSI, while the IETF eventually formed around IP. OSI was a plan-everything, top-down-control, international government system, which reflects the ITU's own structure. It's hard to get involved in the ITU. Anyone can join the IETF.

OSI's remnants are basically the concept of a 7-layer stack and the X.5yy standards that became certificate formats and, drastically simplified, LDAP.


On thing I like about the IEEE (and potentially others, I am unfamiliar) is that the etiquette is not unspoken. It’s written very clearly and spoken out loud as the rules prior to every daily meeting. Everyone must either agree to it or leave. You are not allowed to continuously violate etiquette and be allowed to contribute.

Perhaps the rules are not culturally neutral, but they do maximize mutual respect, which promotes the ideology of treating every individual at the meeting equally.


It's not that much about the etiquette "inside" these orgs, but rather what happens before and after, i.e. what makes it to the orgs. Cross-copy from my post below (https://news.ycombinator.com/item?id=22777361):

Another angle to view this from is to consider this a startup.

In US & EU, dumb ideas occasionally turn into startups, then they show up on crowdfunding (or, worst case, find a dumb VC), and then they die in a fire of varying gloriousness.

In China, the startup happens inside of Huawei instead. The ideas are equally dumb, but they don't die as easily, and when they make it out of Huawei they suddenly have the Huawei name attached and the Chinese government behind it. And it falls to the ITU, IETF, IEEE, or whomever else to shut it down.

> the ideology of treating every individual at the meeting equally.

Even this turns into a problem. There's several "cringe" drafts each IETF meeting. Everyone wants to, but noone feels permitted to go up to the respective authors and tell them they're idiots.


A challenge of the IETF generally is that it is very solution-driven. There are many, many solutions that are proposed per meeting, and the barrier to proposing a document is very low. This is good for hearing different ideas (counter to one of the replies that you got below). The challenge is that it takes /significant/ effort to:

- Understand whether a solution that is being proposed actually addresses a problem that a real network or technology system has.

- Reshape a set of proposals that have already reached "we already implemented this" into something different.

Both of these challenges require significant investment from the community. People have to be willing to stand up and critique the drafts (which they do), but also take the subsequent steps of going to work with these folks to help them understand how better they might address real gaps, or even to explain why the ideas aren't going to work in practice. The problem is that for most technical contributors, this work isn't moving anything forward -- it's more "good of the Internet" work. My observation is that there are limited cycles available from the folks in the IETF to do this work, but the number of new drafts coming in has increased at a rate that out-strips it (source: >15y working in the IETF routing area in general). Equally, there is limited support from the folks that employ IETF contributors for doing this work -- would they rather spend time fixing standards that they have customer demand from, or stopping standards that they probably won't need to ever implement (and thus have little to no negative affect on them)? These two challenges for the IETF have really exacerbated the culture clashes there.

Whilst eqvinox's analysis above draws the line at a particular contributing company, in my experience, this isn't solely the case. If we look at the IPv6 data plane for segment routing being progressed in the SPRING working group, it has the same hallmarks. A solution was proposed that it wasn't really clear what the problem it solved was, there was no significant technical debate to say that it wasn't needed or was harmful ahead of time (6man and spring didn't see these contributors), and only later down the line - when there was significant investment of a number of companies in it - was its implementability, and efficacy discussed. At this point there's zero chance that this technology will actually be morphed or deprecated (at best there'll be a competing solution), even if there's no standardisation of it.

Overall - I don't see anything particularly new here, other than another outlet for the frustration of not necessarily being able to push forward standards in the Internet industry. The other outlet has been open source - as we've seen more push towards just running code. Some areas of the IETF have embraced this one with much more ease (SPDY->HTTP/2.0, QUIC adoption etc.), but the routing area - with its implementations relevant to quite a small number of implementing vendors - has been harder to crack. (Source: I work with a team that took this route, and has really struggled to bring ideas back into the IETF and have them openly evaluated.)


The IETF is a pita when it comes to the routing area. Operators aren't well represented there and it's vendors running the show (this is why Randy Bush calls it the IVTF, and he's right). I am happy to see folks like Job make some progress there (and a few others), but I lost taste for the pedantry when I saw real operators asking for decent BGP changes get shot down.


Job is definitely managing to make some great progress, which is impressive. There aren't a huge number of folks that have the time and effort that is required to push these things through.

I've worked for an operator all the time that I've been in the IETF, and its definitely pedantry, not-invented-here, and lack of understanding of real issues that prevents us making significant progress. I personally have had more than one go at trying to improve IETF<->operator communication, and made little to no progress.

A much more successful model has been writing code, co-developing it with other operators and vendors if possible, and then working directly with vendors to push their implementations. This model self-selects on solutions that are actually used (because there's non-standards-focused engineers involved), and rather than worrying about potential edge cases, get to handle the problems that occur in practice. This is a bit harder to do with changes that require global scope -- but all technologies we develop now need to coexist with legacy, so I'm not clear that it's not the best model as we go forward.


> A much more successful model has been writing code, co-developing it with other operators and vendors if possible, [...]

Indeed. This provides the barrier the IETF lacks, and does so in a pretty nice way. It may not work all the time, but even if it helps in 90% of cases that's a great improvement.


> Operators aren't well represented there

Is there anything stopping operators from showing up? The IETF mailing lists are no more exclusive than (say) the NANOG ones I would think.


There's no reason operators can't show-up, and a bunch of us do - however, it requires significantly more time investment than posting to NANOG. In some of my professional roles this has been easy to get, in others (especially smaller shops) it's much harder to justify the benefit of spending the time there.


The NANOG community is much better to operate in. You are dealing with your peers (ha) and what you say generally resonates with the audience better. At IETF, you have people who collect paychecks from companies who technically run networks, but have no responsibility with the operation of it.


Well, which is why it may be useful to get some of the NANOG (or international equivalent) folks involved in the IETF (and vice versa?): having end-user buy-in is important for any technology or service.


> Whilst eqvinox's analysis above draws the line at a particular contributing company

Sorry, that was not my intention, and it does very much happen with other authors, companies and countries - including Western ones. It's not spread evenly though, that's where cultural and social differences play in :/.


Are you so sure about that last one?


Attacking authors is a good avenue to stifle good ideas. It breeds toxic standards bodies (I’m remembering my experience with MIPI here).

No one at the MIPI and IEEE meetings that I’ve been to are afraid to speak their mind about ideas though. If you have a bad idea they’ll take the mic and explain why they think it’s bad. It’s intimidating to speak because of the PhD characters in the room, but if you know your stuff and you’re up to speed they will listen to you. And when it comes time to vote, no one’s vote will be influenced from fear of the social repercussions. If every non-Chinese person in the room doesn’t want a Huawei idea in a spec, then it isn’t getting in. That’s their job as curators and gatekeepers.


> If you have a bad idea they’ll take the mic and explain why they think it’s bad.

Same thing happens at IETF. And then the draft is back next meeting, and it happens again. And again. Sometimes the authors get it, sometimes they don't, sometimes they're forced to continue because their academic or corporate career depends on it (- which they will lose either way, but they rather lose it later...)


Certain companies pay 2-3 extra months of salary for each draft or patent.


China has shown themselves to be masters manipulating international organizations composed of representatives of member states such as the ITU. Using monetary aid and political pressure they are able to get smaller states, which don't have any real skin in the game, to vote in agreement with them. I suspect this is more a calculated move than some sort of cultural mismatch.



I don’t see anything out of the ordinary here at all. Standard bodies have, and will always revolve around the friction of interested parties. I watched Cisco and Juniper fight tooth and nail over various MPLS rfc’s for years. Everyone and their mother wants to replace ICANN. How about 110v vs. 220v ??? Nothing is new here and to magnify this story out of proportion and work it into some greater US/China decoupling framework is not useful unless you support that agenda to begin with. IPv6 was agreed in 1998 and it took 20 years with many competing proposals to get anywhere. People have been trying to improve the internet according to their interpretation since there were bits in wires and this story is just another run of the mill standards body workgroup tug of war that happens 100x everyday in ISO/IEEE/IETF/Etc…


For those wondering that this is all about, refer to "LS on New IP, Shaping Future Network" [0] (and the attachments listed there):

---

> The September 23-27, 2019 meeting of the ITU-T Telecommunications Standardization Advisory Group (TSAG) considered a tutorial and contribution presentation on “New IP, Shaping Future Network” proposing to “analyse the current challenges and provide a development path for the future network for the next decade”.

> It was noted that the activities proposed could be related to the current work of several Study Groups across ITU-T.

> Please find attached the referenced contribution and tutorial for your review, and comment back to TSAG for its consideration ahead of WTSA-20.

---

The "tutorial" [1] (PPTX) is, well, "interesting"; to pique your interest, it includes such terms as "space-terrestrial network", "multi-level verification filtering system", "holographic communication", "multi-semantic addressing", and, of course, "blockchain"!

---

[0]: https://datatracker.ietf.org/liaison/1653/

[1]: https://www.ietf.org/lib/dt/documents/LIAISON/liaison-2019-0...


Seems like few people really read the stuff.

One sentence made me choke :

> "The network needs to provide specific QoS and security policies based on user identity, rather than mapping to something instead"

Well, no, sorry. It's an orwellian design proposal.


It depends, but I agree that this is a crazy hard problem to address correctly and not create dystopian side effects or even just risk that.

Imagine you need some QoS on a few streams for serious and useful purposes (telesurgery comes to mind). Core networks are able to provide that, but this is not usually mapped to user extensible protocols on general purpose/public access points.

Now there are indirect advantages in just not providing those, because:

- you also reduce the risk of dystopian usage / restriction of usage / etc.

- in some cases, you make mass-applications being developed for non-QoS networks instead, so you eventually end-up (maybe a few years behind, but this is a cost I'm willing to pay) with basically the same service on a simpler and less dependent to political context tech.

But:

- in the context of a benevolent legislation, this could be actually more useful and fair than the current situation, where network neutrality has became half a myth both in theory and in practice (there is no practical neutrality anymore when you can just put your own private datacenters all over the world plus high bandwidth links to supposed neutral providers, then use that to push your proprietary services/applications without emerging/low capital competition able to do the same)

- so you actually depend on private parties to be benevolent with the supposedly "best effort" but actually not anymore approach

- and then it is a matter of taste, but in some part of the world I'm more inclined to trust elected politics (even if they sometimes do some bullshit) defining regulation than private soulless multinationals with the often stated theory that they must optimize shareholder outcome and nothing else.

That being said, given both the current state of the world (and even if it was better, the always persistant risk of it degrading) and the practical difficulty to cleverly and benevolently regulate fast moving technical fields, I'm willing to stick to basically the current situation, which seems less prone to extreme situation.

But it would be a mistake to view authenticated QoS as inevitably and purely evil.


I beg to differ. It's the authenticated part that's the problem. That assumes you're tracking every connection to perfect granularity. Are you going to change the QoS for each host? Are you going to enforce every host to authenticate to determine which tier of service they are provided?

You want QoS? Fine. Provision your network for it, let everyone enjoy it. As soon as you start putting levers in place to pick who gets the better service tier, you get crap like Verizon throttling essential services right when they're needed the most because someone decided that their bloody contract wasn't looking like they were getting fleeced enough while said service is trying to ensure the damn countryside isn't completely burnt down.

Once the mechanism is in place it'll get abused, because their is always a buck to be made by doing so, or an ideological ambition to be realized. Sometimes it's just better not to even open that damn door. DPI and traffic shaping be damned.


Perhaps so, but there is plenty of precedent and quite a few networks operate in this manner (or something close to it). The real problem from an engineering perspective is that doing such a thing makes it much harder to deploy new devices and applications, since identities must be managed by some authority. Sometimes that is what you want (think of a corporate network where access is limited to provisioned devices) but it is not what we want for the public Internet (which is meant to be as general purpose and open-ended as possible).


Still it might be an improvement over "whoever yells the loudest", which is the current situation.

And even though it has multiple interpretations, I only mean that at the technical implementation level.

Edit: downvotes because you hate QoS?

Edit2: Yes, I get the irony.


This is a piece of art: the most polite and well-researched STFU I have ever seen.

A gem: “We also note that any real-time systems requiring sub-millisecond latency inevitably have limited scope because of the constraints of the speed of light.”


To understand better what's going on, you need to check https://www.state.gov/wp-content/uploads/2020/02/USCIB-508.p... and https://www.ietf.org/lib/dt/documents/LIAISON/liaison-2019-0... and then you will understand what's this about: China wants to abuse the ITU-T to design a new Internet.

> Source: Huawei Technologies Co. Ltd. (China), China Mobile Communications Corporation, China Unicom, Ministry of Industry and Information Technology (MIIT)

> Title: “New IP, Shaping Future Network”: Propose to initiate the discussion of strategy transformation for ITU-T

The US Council For International Business answers:

> In recent years, however, the T-Sector’s workstream has expanded into areas in which we do not believe the ITU has the expertise or mandate

> In general, we urge the U.S. Government to [...] advocate against Resolutions that would [...] broaden the scope of the ITU’s consideration of such technologies into domains such as ethics, R&D, and/or human rights.;

Reading the spin at https://www.lightwaveonline.com/optical-tech/article/1664896... I am not sure how far fetched would it be to say that China is bribing the ITU Telecommunication Standardization Advisory Group so eventually it can shake off the US yoke on such standards. Because this spiel basically casts the US in bad light and very diligently omits even the mention of China. As https://link.springer.com/chapter/10.1007/978-3-030-14540-8_... mentions "according to many observers, economic globalisation and the liberalisation of telecoms/internet policy have remade the world in the image of the United States" although this paper argues against the hegemonic U.S. control of the internet, there can be little doubt China would love to strip away that control be it hegemonic or not.


> China wants to abuse the ITU-T to design a new Internet.

No. Chinese companies are trying to get recognized and running headfirst into a brick wall.

Designing a new internet is counterproductive to Chinese international sales of telco equipment and therefore also to building Chinese influence. And as far as domestic internet is concerned, they have a pretty firm handle on that already, without designing a new one.


P.S.: Another angle to view this from is to consider this a startup.

In US & EU, dumb ideas occasionally turn into startups, then they show up on crowdfunding (or, worst case, find a dumb VC), and then they die in a fire of varying gloriousness.

In China, the startup happens inside of Huawei instead. The ideas are equally dumb, but they don't die as easily, and when they make it out of Huawei they suddenly have the Huawei name attached and the Chinese government behind it. And it falls to the ITU, IETF, IEEE, or whomever else to shut it down.

Don't get confused by the "Ministry of Industry and Information Technology (MIIT)" there either. This isn't "state driven." They're just different faces of the same large blob.

And it's not about subversion either. They can't do that, yet. If you buy Cisco, Juniper, Ericsson, or Alcatel, and you find a backdoor... you just add it to the list of backdoors. But if you find a backdoor in Huawei, can you imagine the shitstorm that's gonna break loose? They seriously can't afford that. They'd lose not only US & EU sales and influence, but Middle East, African and South American too. They can start doing that in 10 years maybe, but not yet.


> If you buy Cisco, Juniper, Ericsson, or Alcatel, and you find a backdoor... you just add it to the list of backdoors. But if you find a backdoor in Huawei, can you imagine the shitstorm that's gonna break loose?

There is a saying I ran across at some point:

* The newspapers lie. The government lies. But in a democracy they are not the same lies.

The "problem" with any Chinese company is that this distinction is often hard to make, whereas in Western countries there is much more independence (though not perfect, e.g., RSA and Dual_EC_DRBG).

So when there is a backdoor-like situation in a product from a Western company it is not unreasonable to assume that it is not for nefarious purposes.


> So when there is a backdoor-like situation in a product from a Western company it is not unreasonable to assume that it is not for nefarious purposes.

This perception is exactly why you will get backdoors from Western intelligence services in Western gear, but the Chinese can't pull it off.

It's straight up cognitive dissonance. Western companies are the good guys. Western intelligence services are the good guys. They wouldn't harm "us" Westerners, it's gonna be OK... and the manufacturer will keep the intelligence services in check! We know since Snowden that they broke all the rules, but still, c'mon, it's not that bad, aight?

But if you find a single thing in a Huawei device that looks remotely like a backdoor, hell breaks loose. Of course the Chinese state is behind it! You can't trust them.

And:

> it is not for nefarious purposes.

Please tell me what on earth that purpose would be, for a company to backdoor their own commercial product. Why the f.ck would Cisco or Juniper want to backdoor their customer's networks for their own purposes? Their intent is to sell shit and "create value"! Backdooring your products does nothing to get either of these, but it can very much trash a whole product line.

It's sad, but social signaling and valuation causes its exact opposite in this case. Edward Snowden's achievement wasn't revealing that NSA backdoors exist - people knew that before, but it was "tinfoil hat" country. Now it's common accepted knowledge. Unfortunately, that knowledge hasn't led to change just yet...


> This perception is exactly why you will get backdoors from Western intelligence services in Western gear, but the Chinese can't pull it off.

Western people go after Western companies for backdoors just as harshly as they go after Chinese companies. See the paranoia about the "NSA_KEY" variable. See people going after RSA for their RNG.

> It's straight up cognitive dissonance. Western companies are the good guys. Western intelligence services are the good guys.

No, it's because Western companies are, generally speaking, more independent of Western intelligence. Heck, Western companies actively work against Western intelligence: how much effort did Google expend in encrypting intra-DC links after the NSA's glass-tapping program went public? How much effort is Apple putting into crypto on their various devices?


>Designing a new internet is counterproductive to Chinese international sales of telco equipment and therefore also to building Chinese influence. And as far as domestic internet is concerned, they have a pretty firm handle on that already, without designing a new one

I dont want to derail things into politics. But that sentence is clear thoughts of not understanding what the CCP actually wants. It is not counter productive to sales equipment to a new standard built and owned by Chinese, they will get a upper hand on that, and new equipment sales, not to mention internally they will be very loud about how they built the new Internet.

i.e It is exactly everything the CCP wants.


What's abuse about proposing new telecom standards through an telecom standardization org?


IETF has jurisdiction over Internet standards and ITU has telephones. Any kind of "new IP" falls under IETF but they won't approve any such thing so people take their proposals to ITU.


IETF does protocols and engineering, not internet governance. Specifying internetworking protocols is not a monopoly.

I'm no more enthusiastic about nation state involvement in internet governance than tje averagw HNer but putting out specs shouldn't be policed too much.


Yeah, and the reaction of the IETF is really weird. They feel threatened. And they would not feel threatened if the project was pure garbage.

And their points are weak. This is basically: this is OUR standard and WE are in charge of this part of the world now, don't you dare try to develop something else/better/an evolution.

If I was working on this, I would simply rename it to something other than IP, and be done with the drama.


ITU has been china's puppet for years. Fenghuo(Fiberhome) start this Y.2770 crap named "Requirements for Deep Packet Inspection in Next Generation Networks" back in 2012.

http://news.cnet.com/8301-13578_3-57557347-38/u.n-summit-vot...

> Because Y.2770 is confidential, many details remain opaque. But a document (PDF) posted by a Korean standards body describes how network operators will be able to identify "embedded digital watermarks in MP3 data," discover "copyright protected audio content," find "Jabber messages with Spanish text," or "identify uploading BitTorrent users." Jabber is also known as XMPP, an instant messaging protocol.


Good (paywalled, unfortunately) article on China using this as a way to move the infrastructure to depend on Huawei-owned patents so they can cash in on that work.

https://www.ft.com/content/ba94c2bc-6e27-11ea-9bca-bf503995c...



Did anybody here actually know the detail about the "New IP" protocol? How it works?

I can't read the pay-walled ft.com article, but I been hearing people say "kill-switch" on the topic. If there will be a "kill-switch" builtin in the protocol, does that means the "New network" will be more centralized and thus unstable and bad?

I think if the goal is to connect more devices, why not build a completely decentralized P2P network that is cheap, easy to maintain, and user-friendly?




incompetent redaction strikes again!

The redacted text are visible if you highlight over them.

The left reads as:

>Zhe Chen, Chuang Wang, Guanwen Li, Zhe Lou, Sheng Jiang

>Huawei Technologies Co., Ltd

>{chenzhe17, wangchuang, liguanwen, zhe.lou, jiangsheng}@huawei.com

The right reads as

>Alex Galis

>University College London

>a.galis@ucl.ac.uk


Some of the issues in the original paper are real (except the hologram where they have transformed marketing hype for stereo images into a real expectation of transmitting holograms). Pretty much all of them are capable of being implemented by tunneling through specialized transports, without needing to replace IPv6. After all, that is the "inter" in internets - you are already free to have specialized subnets. Cray implements low latency transport for IP in their supercomputers. You can use a VPN to anonymize your traffic, including transforming the addressing. And so on. If you step through the original presentation, everything is something you are free to implement and make available via IP ports as a subnet.


Afaik, the ITU already tried to design a network stack, OSI. And we are very lucky the world got TCP/IP instead of that monstrosity.


We can't even get IPv6 everywhere after several decades. We'll be dead before this is a thing (and it won't be).


IPv6 deployment was slow because there's no real incentive. There's the address exhaustion issue, but presumably the cost of buying IP addresses on the secondary market was lower than the cost of IPv6 deployment. On the other hand, this proposal does have incentive behind it, if reports about what's in it are accurate. Authoritarian governments would love having a kill switch and subscriber identification at the packet level.


The telecoms companies are still upset that they lost control of the protocols when IP became ascendant. The last time they tried to take back control was around 2006 when they came out with the ISO stack, a very awkward clone of TCP/IP. Speaking as someone who had to work with ITU standards like X.25 and X.400, I'd rather chew my own toes off then work with anything they come up with.


I think you mean the OSI (Open Systems Interconnect) stack, and it "came out" much earlier than 2006. I remember working with it myself in the early 90s. It's also inaccurate to say it was a clone of TCP/IP since many parts of that beyond simple packet formats (e.g. congestion control and routing) were still very much in flux at that time. Innovations were being made on both sides, and often transferred between the two. This was a time when DECnet and NetWare were still in use, and they also had their own heritage separate from TCP/IP. IETF was not the origin of every networking thought ever.

But you're right that this is mostly about telecom folks not getting over their loss in the circuit-switched vs. packet-switched war, and that chewing off limbs would be preferable to working with ITU-specific standards again. ;)


The number of ITU standards is HUGE and some of them are good, and some of them are even still in use. Given the volume, they are necessarily quite heterogeneous and designed by distinct groups of people. Likewise for the IETF RFCs.

Both attempt to address lots of layers of the stack, but I'd still consider IETF as more of an high level thing, and ITU more low level. At least where they succeeded, if only for a time. And given the development history, this is logical.


Great, we'll be running IPv17 by 2055...


New IP makes me think of New Speak from Orwell's 1984.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: