►
From YouTube: IETF111-PANRG-20210729-2330
Description
PANRG meeting session at IETF111
2021/07/29 2330
https://datatracker.ietf.org/meeting/111/proceedings/
A
Okay,
let's
start
on
time,
so
welcome
to
our
networking
research
group.
Brian,
unfortunately,
is
not
with
us
today,
because
he
had
to
make
a
hard
choice
between
this
session
and
his
vacation.
As
you
can
see,
he
did
the
right.
He
made
the
right
choice.
So
that's
going
to
be
interesting
because
I'm
going
to
do
it
single-handed,
let's
see
how
good
I
am
at
multitasking,
which
probably
means
I
might
miss
something
in
the
chat
room.
A
A
A
A
Dear
speakers,
I
hope
we
all
gonna
use
this
share,
preloaded
slide
presentation,
so
you
can
control
it.
Let
me
know
if
you
want
me
to
advance
slides
for
you.
The
biggest
problem
we
have
right
now.
So
we
cannot
proceed
is
that
we
need
a
minutes
taker
and,
as
we
now
going
to
call
it
jabber
medium
someone
who
will
convey
the
messages
from
the
chat
room
and
make
sure
that
I
am
not
missing
them.
Please
we
need
volunteers.
A
A
A
So
let's
try
to
be
on
time
and
before
we
proceed
what's
going
on
in
the
group.
First
of
all,
congratulations,
everyone
and
spencer,
in
particular,
for
publishing
our
first
rfc
of
obstacles
to
deployment
great
job.
I'm
really
happy
to
see
it
happening.
Surprisingly,
it
was.
It
was
published
before
the
question
draft
question
draft
is
currently
in
the
rsg
poll,
so
hopefully
we'll
see
it
as
published
document
as
well
soon,
and
we
have
one
active
research
group
document
which
will
be
actually
the
next
presentation
so
cereal.
The
floor
is
yours.
C
C
Okay,
perfect,
so
yeah.
Let
me
get
started
so
today,
I'll
present
the
new
revision
that
we
did
on
the
vocabulary
of
path
properties
draft.
I
think
it
will
probably
not
take
10
minutes.
So
since
you
have
full
agenda,
I
guess
that's
a
good
thing
yeah.
So,
first
of
all,
thanks
for
all
the
for
all
the
participation,
the
mailing
list
and
for
the
good
feedback.
C
So
the
transparency
property
is
now
defined
as
follows:
if
a
node
performs
an
action
on
a
flow
transparently,
with
respect
to
some
meter
information,
if
it
performs
the
action
independently
of
this
given
meter
information,
so
this
transparency
property
is
defined
on
a
flow
with
respect
to
an
action.
Sorry,
this
transparency
property
is
defined
on
a
node
with
respect
to
an
action,
a
flow
and
some
meter
information,
and
we
defined
some
examples
of
actions.
C
C
So
first,
you
have
a
very
simple
ip
router
which
decides
where
to
forward
the
packet
based
on
the
ip
header
so
based
on
destination
ip
address.
However,
it
does
not
even
need
to
look
at
the
tcp
and
udp
headers,
so
it's
transparent
to
them.
However,
it's
not
transparent
to
the
ip
headers,
and
then
we
have
kind
of
the
opposite,
which
is
a
very
simple
firewall
rule
which
simply
blocks
incoming
tcp
syn
packets.
C
However,
it
will
not
be
transparent
to
the
tcp
and
utp
header
contents,
since
it
performs
the
action
blocking
based
on
the
content
on
these
headers,
and
then
we
have
a
network
address
translation
node,
which
is
neither
transparent
to
the
transport
layer
headers
nor
to
the
ip
headers,
since
it
might
block
packets,
it
might
forward
them
to
different
on
different
outgoing
interfaces
and
they
might
even
modify
the
port
or
ip
addresses
for
numbers
or
ip
addresses,
and
then
there
so.
The
term
transparency
is
also
used
in
other
ietf
draft,
and
this
sparked
some
confusion.
C
So
we
added
a
node
which
says,
for
example,
a
transparent
http
proxy,
which
modifies
some
mutable
fields
in
the
http
header
would
not
be
considered
transparent.
Given
this
definition
and
in
the
same
vein,
the
in
the
transport
protocol
path
signals
rfc
a
node
reacting
to
either
implicit
or
explicit
path.
Signals
would
also
not
be
considered
transparent.
C
However,
the
way
we
define
this
transparency
property
is
that
it's
easily
extendable,
so
that
you
could,
for
example,
define
a
specific
action
for
hdd
proxy,
which
says
only
modify
immutable,
http
fields,
and
then
you
could
still
define
transparency
in
this
way.
But
we
do
not
want
to
try
to
come
up
with
all
possible
transparency
examples.
So
we
try
to
give
some
intuition
and
then
make
this
definition.
Extendable.
C
It
can
be
an
onpath
entity,
so
basically
a
node
or
it
can
be
off
path
and
it
can
be
in
the
data
plane
or
in
the
control
plane.
For
example,
a
cdn
controller
is
a
sdn
controller,
an
entity
can
process
packet,
they
can
measure
path
properties
and
it
could
also
access.
Informations
information
gathered
about
specific
paths
and
basically,
every
node
is
an
entity.
E
D
D
D
C
We
don't
have
these
characteristics
right
now,
so
the
the
way
we
use
entity
in
in
this
document
is
to
describe,
as
you
said,
something
in
the
network,
essentially
anything
in
the
network.
And
then,
if
you
want
to
be
more
specific,
we
have
a
lot
of
terms,
for
example,
a
node
which
is
on
path,
a
host
which
is
generally
at
the
end,
a
link
which
connects
two
nodes.
So
we
have
all
these
terms
building
on
top
of
an
entity.
That's
why
an
entity
can
is
kind
of
the
anything
term,
but
we
didn't
clearly
define
it
before.
C
A
F
Okay,
I'm
richer,
so
two
questions
number
one.
I
likely
that
you
mentioned
the
entity
somehow
should
be
in
the
context
of
inheritance,
for
example
in
I
want
to
look
at,
of
course,
I'm
I
menu.
I
look
at
entity.
I
would
map
it
to
concept
like,
for
example,
the
object
class
in
java,
but
the
reason
why
you
introduce
object
class
is
essential
server
as
some
kind
of
root
object.
Is
you
want
to
introduce
all
kinds
of
functions
right,
clone
equals
finalize
and
you
put
a
bunch
of
object
into
it.
Therefore,
you
do
wait
notify.
F
C
C
G
Yeah
sure
so
we
so
we
as
we
say
we
don't
have
like
a
formal
classification
of
entities
or
properties
of
entities,
but
we
do
already
mention
different
entities
in
our
use
cases
section
right.
We
talk
about
path,
selection
and
there
could
be
an
entity
on
the
path
doing
the
path
selection.
There
could
also
be
an
entity
of
the
path
to
do
path,
selection,
and
so
I
guess
that
would
be
a
starting
point.
If
we
are
going
to
have
more.
F
Yeah,
because
the
main
reason
you
introduce
entity
is
something
like
you,
you
know
you
introduce
a
root
object,
essentially
you're
doing
some
kind
of
like
a
refactoring,
and
you
want
to
extract
some
common
property,
for
example.
In
this
context,
I
would
imagine
you
want
to
have
some
kind
of
common
id
every
entity
would
have
common
id
somehow,
then
it
makes
sense,
but
otherwise,
if
you
have
no,
I
have
term,
but
without
any
like
a
binding
properties.
It
sounds
a
little
bit
too
abstract
and
therefore
somehow
oftentimes.
F
F
Basically,
you
define
that
it's
transparent
to
a
to
a
field
basically
means
you're
transparent
to
a
set,
and
you
always
get
the
same
value
right
and
you
always
get
the
same
value.
Would
that
be
considered
as
transparent
or
so
what
exactly
all
can
be?
Maybe,
for
example,
if
I
have
a
firewall
on
that,
I
would
always
what
no
matter
what
it
is.
I
would
always
always
put
the
same
value.
Would
that
be
transparent?
F
Even
read,
for
example,
I'm
sorry
like
in
the
card,
there
are
two
ways
you
can
program.
Language
design.
One
way
is
no
matter.
What
I
do
I
return
constant.
Second
one
is
even
from
my
team's
analysis.
I
should
not
even
look
at
your
code
if
I
look
at
I'm
tinted,
so
therefore,
I'm
not
transparent
so
which
one
are
you
you're
trying
to
go?
Go
ahead.
A
A
B
B
So
we've
had
multipath
transport
protocols,
some
tsp
for
a
while
we've
had
them
for
tcp
we've
had
them
for
sctp.
We
just
we're
starting
we're,
starting
to
start
an
adoption,
call
for
dccp
multipath
in
tsp
working
group,
as
opposed
as
of
this
morning,
and
we've
been
talking
about
that
for
quick,
never
mind.
B
So
there
are
a
bunch
of
interesting
technical
questions
like
multi-path,
sequencing
and
loss
detection
and
congestion
control
and
reordering
and
stuff
like
that,
but
there's
a
less
technical
question
I
wanted
to
focus
on,
which
is
what
are
applications?
Try
actually
trying
to
do.
There
have
been
a
lot
of
use
cases
put
forward
in
discussions,
especially
in
the
quick
working
group,
and
not
a
lot
of
commonality
between
use
cases.
So
I
wanted
to
step
back
and
ask
how
many
path
selection
strategies
are
enough.
B
So
here's
what
I've
seen
so
far
and
these
links
are
actually
active
if
people
have
curiosities
in
the
in
the
slide
deck
that's
in
the
proceedings,
but
there
are
at
least
10
past
selection
strategies
that
were
described
in
discussions
in
the
quick
working
group.
So
far,
that's
been
the
that's
been
the
most
active
place
for
talking
about
use
cases
that
I'm
aware
of
the
number
of
desired
strategies
is
growing
over
time,
and
it's
not
obvious
to
me
that
there's
an
upper
bound
on
the
number
of
strategies.
B
It's
already
happening,
it's
happening
in
ietf
and
in
three
hbp,
where
which
is
another
place?
A
lot
of
this
stuff
has
been
talked
about,
and
so
next
slide,
please
so
that
you
know
and,
like
I
said,
I've
got.
These
are
all
live
links
if
you
look
more
closely
just
because
we
don't
have
unlimited
time
here,
but
my
question
was:
can
you
rather
than
continue
to
ask
past
election
strategies?
Can
we
identify
building
blocks
and
use
them
to
use?
B
B
So
what
I'd
like
to
do
is
to
assume
that
multiple
active
paths
is
going
to
become
more
realistic
over
time,
not
just
use
wi-fi
when
you
got
wi-fi
and
5g
when
you
don't,
even
even
at
3gbp
now
right
now
there
are.
There
is
the
concept
of
having
5g
or
4g
or
public
wi-fi
in
a
couple
of
different
variations
or
private
wi-fi,
and
we
could
talk.
You
know
we
could
talk
about
that.
B
B
So
here's
why
I'd
like
to
do
that?
There's
some
implementers
that
really
can't
handle
multi-paths
just
by
today,
either
doing
a
granular
control
which
we
can
talk
about
in
more
detail.
Certainly
the
nice
people
at
apple
have
have
talked
about
that
in
more
detail
or
bandwidth,
aggregation
which,
which
was
a
common
use,
which
was
a
common
conversation
in
3gpp
and
in
places
like
the
broadband
forum
and
stuff
like
that
either
granular
control
or
bandwidth
aggregation.
B
I'd
like
to
support
multi-cath
without
cut
requiring
constant
library
upgrades.
You
know
questions
like
how
many
selection
strategies
do
you
put
in
the
library
how
many
libraries
do
you
ship
with
a
application
and
at
least
some
strategies
get
standardized,
so
there's
more
maintenance
work
as
they
get
added
with
no
upper
bound
next
slide.
B
B
B
I'd
like
to
find
out
if
it's
interesting
to
anybody
and
I'd
like
to
think
of
people,
I'd
like
to
find
out
if
people
think
it's
doable
and
of
course
do
you
want
to
help.
We
can
talk
here
and
we've
got
about
seven
and
a
half
minutes
to
talk,
and
we
can
talk
about
and
gather,
and
we
can
talk
on
the
mailing
list
and
we
can
talk
about
github
there's.
B
B
F
F
paper
is
called
the
trident
and
if
you
look
at
table
1
of
that
paper,
the
sitcom
2018
called
the
trident
paper.
We
have
something
called
the
result.
Algebra
basically
means
that
one
we
will
call
it
out.
We
don't
call
the
path,
but
somehow
you
can
think
about
it
somehow
very
similar
to
a
path
in
some
sense.
Okay,
and
we
tried
very
hard
to
come
up
with
something
called
algebra.
If
you
read
it,
essentially,
we
define
around
like
eight
nine
operators.
F
Therefore,
every
single
operation
like
australia,
you
you
mentioned,
can
be
somehow
composed
you
using
this
call
something
called
algebra,
but
I
still
remember
those
three
years
ago
and
obviously
come
reviewers
like.
Why
is
this
a
framework
complete
and
why
this
optimal
all
kinds
of
things,
which
I
don't
know
how
to
answer
so,
I
presume
I
think
you
are
trying
to
somehow
coming
out,
because
you
want
to
talk
about
all
the
10
strategies.
Do
you
have
some
kind
of
algebra
to
essentially
to
be
minimal?
B
B
I
I
appreciate
that
a
lot
lot
lot
and
that's
exactly
the
kind
of
thing
I'm
hoping
for
the
other
thing
that
I
didn't
you
know,
because
we
have
a
short
period
of
time
to
talk
about.
Was
that
not
all
these?
Not
all
these
strategies
are
at
the
same
level,
so
you
know
so
so
you
know
some
of
them
were
pretty
high
level.
Some
of
them
are
at
the
at
the
level
of
of
you
know,
especially
once
you
start
combining
things
to
say.
Well,
you
know
I
have.
B
I
have
three
paths,
so
that's
like
close
load,
chair,
load
balancing,
but
when
one
of
them
goes
away,
I
want
to.
I
want
to
fell
over
to
the
two
passes,
still
work.
So
that's
like
something
else.
So
let
me
say
I
I
I
look.
I
look
forward
to
seeing
the
paper
and
I
look
forward
to
continue
discussions
and
penalty
cool
anybody
else.
A
B
A
Have
a
video
proof
of
this
and
by
the
way
I
would
I
do
prefer
people
to
have
communication
about
this
on
the
mailing
list,
or
maybe
on
github
and
mailing
lists
at
least
important
things.
Please
keep
them
in
the
mailing
list
as
well.
Even
if
you
discuss
them
offline
somewhere.
Okay,
let
me
stop
sharing
slides
terminal
next.
H
H
Sadly,
tcp
over
satellite,
the
speed
comes
from
peps
rather
than
the
protocol
itself,
and
so
we
have
a
situation
where
peps
are
sort
of
a
key
component
to
geocommunication
and
peps
are
also
a
deployment
barrier
for
other
protocols
and
so
perhaps
make
it
hard
to
deploy
tcp
modifications
over
time.
They
drop
a
lot
of
support
for
things
they
make
it.
H
We
think
that
satellite
systems
require
path
awareness.
I
I
think
you
could
reasonably
say
that
the
pep,
so
the
performance
enhancing
proxy
in
a
satellite
system
is,
is
path
aware.
It
knows
what
is
happening
inside
the
network,
and
it
knows
it
has
this
long
delay,
and
that
is
part
of.
Why
is
able
to
accelerate
connections
so
well
and
we
have
satellite
topologies
in
in
all
sorts
of
different
forms
as
well?
So
we're
not
just
talking
about
internet
looking
paths.
Look
like
broadband
internet.
H
We
see
big
distribution
networks
where
we
have
point-to-point
links
where
we're
pushing
out
video.
We
see
transit
networks
and
we're
starting
to
talk
about
almost
delay,
tolerant
networking
style
like
blob
networks
that
we
can
use
in
the
satellite,
and
so
we
we
have
this
network
component.
That
has
many
different
views
to
it
and
it
is
becoming
part
of
an
end-to-end
path
and
user
traffic
gets
to
experience
the
the
interesting
components
of
satellite
as
well
and
so
satellite
capacity.
H
So
we've
written
this
draft.
The
draft
originally
started
as
advice
for
quick
because
there's
a
lot
of
concern
in
the
in
the
the
geo
market.
That
quick
was
just
not
really
going
to
work
very
well.
Early
results
showed
that
quick
did
was
reasonably
competitive
compared
to
tcp
with
a
pet,
so
quick
actually
got
a
nice
feather
in
its
cap,
and
so
I'm
just
rushing
up
trying
to
finish
so
we
can
talk,
and
so
we've
laid
out
the
document
in
a
way
following
from
2480.
H
H
And
so
we
have
a
new
format
where
we
talk
about
the
different
types
of
networks
and
then
how
these
networks
mitigate
the
complexities
of
satellite
networks,
and
then
we
hope
to
talk
more
in
detail
about
different
protocols,
and
so
we
are
going
to
find
it
really
easy
to
get
tcp
specific
mechanisms
for
geo
and
maybe
a
bit
harder
to
get
more
magazines
for
other
places.
There
is
ongoing
work
to
look
it
quick
and
so
for
panergy.
We
have
a
couple
of
questions
for
you.
We
we
think
this
is.
H
This
is
great
and
we
think
this
is
a
sort
of
a
core
area
where
path
awareness
is
required
and
we
need
to
design
around
this
and
we'd
really
like
to
generate
advice
for
transport
protocol.
Authors
we'd
like
there
to
be
a
document
to
point
out
in
the
future,
so
you
can
say
that
this
is
why
you
need
to
be
able
to
deal
with
like
long
rtts
or
this
is
why
you
need
to
deal
with
massive
spikes
in
in
latency.
H
We
need
input
from
people
that
operate
leo
and
mio
networks,
operators,
users,
people
receiving
selling
the
networks.
We
really
appreciate
input
because
we're
sort
of
lacking
in
information
here
and
then
for
pan
rg.
We
wonder
if
this
is
work
that
is
of
interest
to
pan
energy.
We
think
it
might
be
because
the
path
component
is
so
core
and
we'd
love
to
hear
people's
thoughts
on
how
we
should
move
forward
with
the
draft.
B
So
I
just
wanted
suspense.
I
just
wanted
to
say
that
thank
you
for
bringing
this
work
here
and
the
the
generalization
that
you're
talking
about
and
the
focus
on
advice
to
pro
transport
protocol
designers.
That's
the
way
that
the
pill
working
group
work
with
with
wanting
you
know
one.
You
know.
Basically,
if
you,
if
you
look
at
the
output
of
the
concluded
pill,
quirky
group
there's
a
rfc
number,
which
I
don't
remember
what
the
rsc
number
is,
but
it's
advice
to
some
network
designers.
B
H
H
Yeah-
and
so
we
do
have
a
section
talking-
we
have
a
section
left
open
for
for
hybrid
deployments,
but
what
we
need
is
information
about
real
networks
and,
ideally,
networks
that
we
can
experiment
inside
of,
and
that
would
help
us
characterize
the
network
so
that
we
can
create
advice
for
the
designers
of
transport
protocols.
And
so
we
are.
H
H
G
Okay,
yeah
quick
comment,
so
I
read
your
draft.
I
liked
it.
I
think
it's.
It
fits
well
into
a
penergy
as
well,
because
it's
a
specific
example
of
path.
Awareness
like
you
list
path,
properties
that
some
entity
is
aware
of,
I
would
say,
and
then
and
then
you
optimize,
so
I
would
say:
maybe
it's
not
just
advice
to
protocol
designers.
It
could
also
be
some
protocol
configuration
right,
so
your
your
pathway
entity
could
say.
G
H
Yeah
thanks
teresa.
That's
actually
that's
really
helpful
so
for
for
tcp.
We
have
a
hard
experience
with
this,
because
you
have
to
tune
buffers
to
make
tcp
go
fast
when
you
don't
have
a
pep,
and
so
specifics
for
for
tcp
and
quick
could
be
actually
quite
interesting
to
include
in
the
document,
if
not
in
an
appendix,
so
that
at
least
that
information
is
captured
thanks.
A
A
A
A
I
I
The
the
particular
thing
with
with
this
filter
is
that
it's
high
speed-
and
it's
quite
that
expensive.
So
I
think
it
could
be
interesting
for
for
developing
later
drk
and
also
to
start
a
discussion.
Maybe
maybe
people
will
will
find
out
that
this
is
a
an
interesting
thing
to
to
talk
about
all
right.
So
this
is
the
the
index.
I
just
left
it
here
for
anybody
later
to
take
a
look
at
the
slides.
I
I
Traditionally
there
will
be
a
normal
fireball,
so
a
traditional
firewall
over
there,
but
the
problem
is
that
they
are
typically
quite
expensive
if
we
wanted
to
run
at
200
or
200
gigabits.
A
second,
and
thus
the
deployment
that
we
have
done
in
this
scenarios
is
replacing
that
firewall
with
a
lagging
filter.
Some
of
the
different
deployments
we
co-locate
the
the
filter
with
a
with
a
traditional
fireball,
but
in
this
one
would
be
just
replacing
the
firewall
completely.
I
So
the
the
basic
architecture
for
the
filter
is
well
the
data
plane
we'll
see
that
in
the
next
slide.
But
it's
just
the
filters
themselves
is
a
modular
design
and
then
we
just
rearrange
the
the
pipeline
as
we
as
we
find
suits
the
control
plane.
Is
there
just
to
support
the
data
plane,
of
course,
and
in
the
presentation
I'm
just
going
to
be
talking
about
the
fetching
of
the
drks
themselves,
because
the
other
parts
are
just
quite
standard
all
right.
So
this
is
the
pipeline
of
the
filter
itself
on
the
left.
I
We
have
the
entry
or
the
entry
point
of
a
new
packet
arriving.
We
just
have
the
top
of
of
the
pipeline
taking
care
of
the
regular
iep
and
this
forward
into
the
traditional
firewall.
Then
we
have
that
distinction
between
ipm
scion,
which
is
just
a
path
of
where
architecture
run
with
the
r
key.
And
then,
if
that's
the
case,
we
just
do
the
the
normal
work
for
the
filter
then
check
that
the
destination
is
not
saturated.
We
can
configure
a
rate
limit
for
that
destination.
I
If
that
is
the
case,
we
just
drop
the
packet.
Otherwise
we
continue
and
we
do
the
check
of
the
the
source
authentication
for
that
for
that
packet.
I'm
gonna
be
talking
about
that
one
in
particular,
then,
if
that
is
correct,
then
we
go
on
and
we
check
for
duplicates.
If
that
is
not
a
duplicate,
we
would
forward
it
to
the
computational
cluster.
I
In
that
case,
all
right,
so
drk
is
kind
of
necessary
in
this
in
this
product
in
this
filter,
because
otherwise
we
wouldn't
be
able
to
process
at
that
speed
and
so
that
we
we
need
to
process
packets
in
nanoseconds
really,
even
even
with,
because
we
want
to
run
it
in
a
like.
We
said
in
a
normal
pc
and
then
that
would
be
impossible
to
be
to
derive
keys
using,
for
instance,
asymmetric
cryptography.
We
have
to
use
this
kind
of
different
techniques
also
because
we
can
source
authenticate
each
one
of
the
packets.
I
We
are
going
to
prevent
source
spoofing
source
address,
spoofing
and
also
it
makes
sense
now
to
do
a
duplicate,
suppression
or
duplicate
detection,
because
now
it's
not
trivial
to
to
have
a
different
packet.
So
we
can,
for
instance,
use
bloom
filters
to
detect
duplicates
easily
and
just
for
anybody
that
would
be
interested
in
this
in
the
drk
terminology.
I
Slow
path
is,
is
the
client
or
the
different
clients
that
we
have
sending
data
to
the
filter
or
to
the
computational
cluster
and
the
the
fast
path
is
the
the
filter
itself,
so
that,
yes,
with
the
filter,
leaves
all
right.
Just
as
a
quick
reminder,
I
think
I
still
have
some
two
minutes
left.
The
the
communication
in
the
r
key
is
about
oh
well.
All
the
the
procedure
is
about
exchanging
the
keys
and
then
deriving
keys
later
from
that
case
that
we
haven't
exchanged.
I
So
we
have
three
different
levels:
zero,
one
and
two
levels
here
is
just
the
secret:
there's,
never
like
leaving
the
the
aes
itself
and
it
has
tight
or
bound
a
validity
period.
Then
we
have
level
one
which
is
just
the
the
keys
used
to
communicate
between
pairs
of
aess,
always
with
a
fast
and
slow
side
for
the
derivation.
I
And
then
we
have
the
level
two
key,
which
is
the
actual
key
that
we
use
to
compute
the
mac
of
each
one
of
the
packets.
Those
that
key
in
particular
level.
Two
key
is
going
to
be
derived
live
every
time
that
we
see
a
packet,
but
that's
derived
in
nanoseconds.
It's
faster
than
an
actual
memory
lookup.
I
This
is
going
to
be
interesting,
interesting
also
for
what
we
want
to
do
later,
which
will
be
introducing
authentication
of
each
one
of
these
steps
that
we
have
taken
along
a
path
and
thus
path
validation
and
an
authentication
whether
we
have
traversed
that
path
or
not,
and
that's
the
reason
that
we
also
want
to
take
a
look
at
the
r
key
for
path.
Aware.
I
Networks
in
this
slide
we're
just
seeing
an
exchange
of
another
one
key,
which
is
just
a
regular
thing
that
we
do
in
the
control
plane,
meaning
that
we
do
that
ahead
of
time.
Typically,
like
two
periods
ahead
of
time
or
one
and
a
half
periods
ahead
of
time.
So
in
this
case
we
have
just
one
aes
with
some
clients
over
there
and
then
the
asb
is
where
our
filter
lives.
And
since
we
have
that
scenario
configured,
we
know
that
we
have
to
retrieve
the
l1
so
the
level
one
key
for
the
asa.
I
We
do
that
with
every
aes,
where
we
have
clients
configured
in
this
mode
of
operation,
we
have
to
retrieve
the
old
ones.
If
we
wouldn't
know
the
different
sources,
we
would
have
to
choose
a
different
configuration
for
drk,
which
we
actually
share
a
bound
to
protocol
levels
hierarchy
instead
of
a
level
monkey.
I
A
A
A
A
A
J
J
So
as
a
background,
the
kind
of
production
product
that
we're
doing
right
now
is
in
ios,
15
and
mac
os
monterey,
which
are
the
current
betas.
We
have
a
new
feature
called
icloud
private
relay
and
it's
a
it's.
A
user
privacy
feature
that's
trying
to
separate
out
client
ips
from
origin
servers,
and
it's
based
on
two
fundamental
technologies.
J
J
Okay,
so
why?
Why
is
this
here
like?
Why
is
a
privacy
proxy
relevant
for
pathway,
aware
networking,
and
I
think
it
you
know
actually
is
pretty
relevant,
because
if
you
look
at
the
architecture
that
we're
working
with
you
have
kind
of
maps
that
look
like
this,
in
which
you,
when
you're
trying
to
get
to
any
particular
destination.
J
We
now
have
a
lot
more
choices
that
the
client
can
make,
and
this
is
true
for
tor
and
stuff
today.
But
with
these
mask
proxies,
we
actually
have
a
lot
of
different
ways.
We
can
choose
to
route
traffic
along
different
nodes
and
combine
them
and
figure
out
many
many
different
paths
through
this,
and
this
is
something
in
the
architecture
that
we
have.
The
client
is
in
control
of
and
has
awareness
of,
mainly
as
a
privacy
thing,
but
it
also
opens
up
a
lot
of
path-aware
properties
in
general.
J
J
They
have
control
over
which
jobs
are
used,
and
this
where
things
are
going,
where
you're
actually
routing
on
your
path,
because
these
are
secure.
Quick
handshaked
proxies
you're,
validating
the
identity
of
every
node
along
the
path,
so
you're
really
sure
where
you're
going
and
it's
separating
the
data
out
of
who
can
see
your
ip
address
versus
who
can
see
where
you're
going
and
that
improves
privacy
and
you're
also
able
to
switch
paths
periodically
and
rotate
them
to
make
sure
that
you're
not
sending
all
of
your
data
to
one
spot.
J
J
You
have
the
fact
that
I
can
select
an
egress
proxy,
so
the
thing
that
I'm
going
out
of
to
be
very
optimally
co-located
with
the
content
right
now.
The
things
that
are
hosting
these
proxies
for
us
are
some
of
the
biggest
cdns
in
the
world,
and
so
we're
able
to
get
right
to
their
content
while
also
doing
this
privacy,
preserving
mechanism
and
the
clients
also
have
the
ability
to
switch
over
and
fail
over
between
different
paths
as
they
realize
that
maybe
one
is
broken
or
there's
a
better
performance
on
another
path.
J
They
can
choose
to
switch
and
do
measurements
on
these
also
because
this
is
using
quick,
quick
supports
migration,
and
so
there
are
avenues
that
we
have
still
yet
to
fully
explore
about.
You
know
what
it
means
to
do:
migration
across
different
paths,
so
you
can
have
like
your
final
egress
proxy,
be
stable,
but
end
up.
Trying
migrating
that
connection
over
many
other
different
intermediate
proxies
and
see
which
combination
ends
up
working
best.
J
And
then
so
you
know
this
right
now
is
something
that
we're
doing
as
a
particular
deployment
of
a
product,
but
we'd
like
to
see
it
kind
of
expand
in
use
case,
there's
new
work
that
can
be
done
on
how
you
do.
How
do
you
discover
new
proxies
and
new
paths
you
can
take?
How
can
you
discover
which
hosts
are
have
better
affinity
towards
specific
content
that
you
can
reach,
and
I
think
there
are
a
lot
of
really
interesting
research
topics
that
we
could
do
around?
J
How
do
you
migrate
traffic
efficiently
and
split
different
connections
on
different
paths
through
proxies
to
optimize
traffic
and
then
you're
kind
of
looking
forward?
If
we
see
things
like
mass
proxies
become
more
ubiquitous,
and
I
know
there
are
proposals
for
them
to
be
used
for
different
three
gpp
technologies.
J
Egress
proxies
essentially
hosted
by
content,
and
so
we're
allowed
then
to
have
really
really
good
privacy,
but
also
have
really
cool
properties
about
path
selection
anyway.
So
this
is
just
a
topic
I
wanted
to
introduce
to
this
group
and
get
people's
thoughts
on.
We
are
out
of
time.
I
know,
but
I'd
love,
to
hear
what
people
think
and
we
can
talk
about
it
on
the
mailing
list
too
or
in
the
chat.
A
A
Okay,
in
this
case,
this
concludes
the
session.
Thank
you
very
much
everyone.
I
think,
we'll
need
to
schedule
a
longer
session
next
time
so
see
you
and
in
the
next
30
years.
Thank
you
very
much,
especially
for
those
who
I
was
taking
many
meeting
minutes
and
was
looking
at
the
jabber.
Thank
you
very
much.