IETF Logo Mail Archive

Re: TSVART review of draft-ietf-6man-deprecate-atomfrag-generation

Joe Touch <touch@isi.edu> Sun, 28 August 2016 16:34 UTC

Return-Path: <touch@isi.edu>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7E9F12B03B; Sun, 28 Aug 2016 09:34:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.448
X-Spam-Level:
X-Spam-Status: No, score=-7.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.548] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B5Fz0rGB0WFT; Sun, 28 Aug 2016 09:34:36 -0700 (PDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77AFE12B018; Sun, 28 Aug 2016 09:34:36 -0700 (PDT)
Received: from [192.168.1.189] (cpe-172-250-251-17.socal.res.rr.com [172.250.251.17]) (authenticated bits=0) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id u7SGXsT9008088 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sun, 28 Aug 2016 09:33:56 -0700 (PDT)
Subject: Re: TSVART review of draft-ietf-6man-deprecate-atomfrag-generation
To: Fernando Gont <fgont@si6networks.com>, 6man <ipv6@ietf.org>
References: <786d5c2c-a88d-7539-9604-6df0b8ed68dd@isi.edu> <0f339ba8-cf63-e961-b19f-895c39585fb7@si6networks.com>
From: Joe Touch <touch@isi.edu>
Message-ID: <585f4689-d19e-dd54-e75b-4eb3644274ed@isi.edu>
Date: Sun, 28 Aug 2016 09:33:54 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <0f339ba8-cf63-e961-b19f-895c39585fb7@si6networks.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/bvmCmRX7HD2tHuK4KHE7nUynXGE>
Cc: "tsv-art@ietf.org" <tsv-art@ietf.org>, draft-ietf-6man-deprecate-atomfrag-generation@ietf.org, Transport Area <tsv-area@ietf.org>, IETF discussion list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Aug 2016 16:34:38 -0000

Hi, Fernando,

First, I'd like to note something more important about this doc - the
abstract itself argues that this change should update the core IPv6
spec. Given that is already well underway, why is this document even
needed?

That said, see below in-line...


On 8/27/2016 3:37 PM, Fernando Gont wrote:
> Hello, Joe,
>
> Thanks so much for your review! -- Please find my responses in-line...
>
> On 08/26/2016 04:29 PM, Joe Touch wrote:
>> Document: draft-ietf-6man-deprecate-atomfrag-generation 
>> Title: Generation of IPv6 Atomic Fragments Considered Harmful
>> Reviewer: J. Touch
>> Review Date: August 26, 2016
>> IETF Last Call Date: August 8, 2016
>>
>> Summary: This draft is on the right track but has open issues, described
>> in the review.
>>
>> The document has no issues directly applicable to transport protocols.
>> The impact on transports is indirect, in the ability of RFC 6145-style
>> IPv6/IPv4 translators to support IPv6-to-IPv4 translation and deal with
>> IPv4-side fragmentation.
>>
>> However, there are some important non-transport issues that are noted below.
>>
>> Major issues:
>>
>> The impact of this change does not appear to have been explored. Section
>> 3 ends with a claim that links where this translation issue would be a
>> problem are rare, but there is no evidence presented as to whether
>> current RFC 6145 translators would be capable of complying with the
>> changes in this doc, e.g., to be able to generate IPv4 IDs as needed.
>> I.e., this document needs to update RFC6145 Sec 5.1 to require that IPv4
>> ID generation MUST be supported (and used), rather than MAY.
> RFC 6145 has been revised as RFC7915.
The second sentence of this draft cites 6145. You raise a good point,
but given 7915 obsoletes 6145 (rather than updating it), all references
throughout should then refer to 7915 instead.

> The document concludes that the translator should create IPv4 IDs rather
>> than relying on atomic fragments as a source of that information (as per
>> RFC2460) because there is no benefit, but are two reasons why this
>> method is directly hazardous as well: 1) RFC 2460 does not require that
>> the IPv6 ID field is generated to ensure that the low 16-bits are unique
>> as required for use as IPv4 IDs as defined in RFC 6145, and 2) RFC 6145
>> translation could result in collisions where two distinct IPv6
>> destinations are translated into the same IPv4 address, such that IDs
>> that might have been generated to be unique in the IPv6 context could
>> end up colliding when used in the translated IPv4 context. I.e., this
>> does not require ECMP as implied in Section 3.
> mmm.. not sure I follow. When we refer to ECMP in Section 3 we're
> actually describing the only possible scenario in which relying on the
> ID in the Frag Header could be of use (i.e., possibly result in lower
> collision rates).

I'm not speaking of when the ID in the Frag Header can be useful. I'm
speaking of other more likely cases where using the low 16 bits of the
IPv6 ID field can generate IPv4 collisions.

>
>> Minor issues:
>>
>> IMO, it remains unwise to continue to imply that networks should treat
>> packets with fragment headers as an attack. Fragmentation support is
>> critical to tunneling (see draft-ietf-intarea-tunnels) and we need to
>> find ways to support their use safely. The text should be edited to
>> explain that the primary motivation here is to avoid generating
>> erroneous IPv4 ID fields, rather than to react to the incorrect
>> classification of fragment headers as incompatible with the Internet.
> Not sure what you mean.
>
> We're not implying that packets employing FH are an attack. FWIW, I
> don't personally think so. We do think that, when employing
> fragmentation, you open the door to a number of attack vectors. See
> e.g., Section 5 of draft-gont-v6ops-ipv6-ehs-packet-drops-03.txt.
Some of the attacks described are based on the widespread dropping of a
valid IPv6 packet with valid IPv6 extension headers.

IMO, it is important to be clear that this makes users of a legitimate
IPv6 capability vulnerable because of incorrect behavior of routers. It
seems important to remind readers that the real issue here is the
non-compliant routers. If that information isn't present, it implies
that it is the use of the EHs that is incorrect and should be avoided in
general. That's impossible for fragmentation - it is a critical
capability without which tunneling cannot exist.

>
>> The claim that links with IPv6 MTUs smaller than 1260 are rare needs to
>> be supported with evidence. I appreciate that such evidence may be
>> difficult to observe. In the absence of evidence, the statement should
>> be more clear that there is no evidence to the contrary -- which is not
>> the same as being able to claim that they *are* in fact rare.
> I see your point. Any suggestion on how to tweak the text?

It depends on what you know. AFAICT, we have no information on this
issue. If that's the case, then the text should just state the impact on
such links and say that "there is no evidence yet as to the prevalence
of their use".

Joe

v2.23.0 | Report a Bug | By Email