Re: [Int-area] New Version Notification for draft-herbert-ipv4-hbh-destopt-00.txt
Joe Touch <touch@strayalpha.com> Thu, 26 September 2019 14:30 UTC
Return-Path: <touch@strayalpha.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31CCF12002F for <int-area@ietfa.amsl.com>; Thu, 26 Sep 2019 07:30:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.219
X-Spam-Level:
X-Spam-Status: No, score=-1.219 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strayalpha.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wp8XXtpHq246 for <int-area@ietfa.amsl.com>; Thu, 26 Sep 2019 07:30:14 -0700 (PDT)
Received: from server217-3.web-hosting.com (server217-3.web-hosting.com [198.54.115.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C724A12004A for <int-area@ietf.org>; Thu, 26 Sep 2019 07:30:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=strayalpha.com; s=default; h=To:References:Message-Id: Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version: Content-Type:Sender:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=t1m42XItGpRs7lqMtLRIfLjOOYZVssnakWj5OIob66c=; b=NJg8cLZ2p8syDIkXXL2TpbQTE ozZmXsXQO7kmHxarV7cgIBRsx4gvw40k69WbPN0Q0Do4WuMcCLcnwVz+sZE+vmqrmW0DEUqtJWdKL nSOu5tttbNo5e5amJIkKv6PiZVKED3dK6K+rPrB8fn6jJeswThm0tM0L4ORHou8+RN/UG6lDhL5WO Q8feg7KeERyPRP4E8acrKnvz8Vq6p5leqXAygALE8BMJ83B5SlD7seqBDNk6Y1YjjEwjk18Xn6c9Q Z1G1eHxi1TTeYY2G4Bfktu7HmEyFWET3Hr/lt4dgTwyXeNj0HbqOgXTFLz1XC40dEOiBRoDA+uGQl rKUXMqMSw==;
Received: from cpe-172-250-225-198.socal.res.rr.com ([172.250.225.198]:52433 helo=[192.168.1.10]) by server217.web-hosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from <touch@strayalpha.com>) id 1iDUmW-000R7o-GU; Thu, 26 Sep 2019 10:30:13 -0400
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Joe Touch <touch@strayalpha.com>
In-Reply-To: <CALx6S34rgin9SAn2mhHM2oJQDuW-FZr321NrgUNwbEm897CWqQ@mail.gmail.com>
Date: Thu, 26 Sep 2019 07:30:07 -0700
Cc: int-area <int-area@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <8DCB2677-B0EA-4294-BAB1-E551A1CB0A30@strayalpha.com>
References: <156935120173.15675.13886157580266731680.idtracker@ietfa.amsl.com> <CALx6S358jb+=em4abc_Zz7bq5UXmtOyPxc=5fq8b2NRdnxE0mQ@mail.gmail.com> <A1CDE533-7782-412D-85CD-A94B4B3F6B1C@strayalpha.com> <CALx6S34rgin9SAn2mhHM2oJQDuW-FZr321NrgUNwbEm897CWqQ@mail.gmail.com>
To: Tom Herbert <tom@herbertland.com>
X-Mailer: Apple Mail (2.3445.9.1)
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server217.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strayalpha.com
X-Get-Message-Sender-Via: server217.web-hosting.com: authenticated_id: touch@strayalpha.com
X-Authenticated-Sender: server217.web-hosting.com: touch@strayalpha.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/e9rGtpaXnPeRhpRa35881qptnco>
Subject: Re: [Int-area] New Version Notification for draft-herbert-ipv4-hbh-destopt-00.txt
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Sep 2019 14:30:17 -0000
Hi, Tom, I’ll resend my primary concern: > On Sep 25, 2019, at 8:46 AM, Tom Herbert <tom@herbertland.com> wrote: > > On Tue, Sep 24, 2019 at 8:38 PM Joe Touch <touch@strayalpha.com> wrote: >> ... >> - that said, why is this supposed to help? can you give us examples of successful IPv6 *options* deployed this way at line rate in hardware (notably not for experiments or diagnostic debugging)? >> (NB: I don’t consider tunnel encapsulation/decap or IPsec useful examples; those can already be >> supported that way and don’t really need this “option” mechanism; frag isn’t useful either) >> > Joe, > > The use case for this is the same as that for IPv6 HBH and DestOpts. My concern is that the HBH options are not used largely for the same reasons that IP options are not used: a) they are not cost-effective to implement in the fast path b) slow-path processing is not considered useful. > There is a need in IPv4 to carry optional network layer information > that might be inspected and possibly modified (HBH options at least). That’s called a packet. If routers actually didn’t look further inside without explicit permission of a HBH header, I’d agree. But they routinely dig far into packets for their own purposes, often at the expense of E2E integrity or semantics. > IOAM is a very good example It’s a pending example; if you can show no widely deployed and used IPv6 HBH header, then this all becomes speculation. … > Defining an IOAM protocol for IPv4 is the problem. There are at least > five proposals: > > 1) Use IPv4 options to carry the data (e.g. IPv4+options->TCP) > 2) Allocate a new IP protocol number to carry IOAM data (IPv4->IOAM->TCP) > 3) Embed IOAM data in the optional data of a UDP encapsulation like > Geneve or GUE (IPv4->UDP->GUE->TCP) > (draft-brockners-ippm-ioam-geneve-03) > 4) Use GRE and create a new EtherType that contain IOAM data structure > (IPv4->GRE->IOAM->TCP) (draft-weis-ippm-ioam-gre-00) > 5) Enable Hop-by-Hop options in IPv4 and use the IOAM HBH option being > defined (IPV4->HBH->TCP) (this draft) > > #1 is the standard way to extend IPv4 for this sort of thing, however > IPv4 are generally considered a non-starter. It's well known that > routers don't deal with them well and the space is limited to forty > bytes. Is space an issue for IOAM? And if routers don’t do IP options, why do you think they would handle IOAM? > #2 would define a new type of extension header. This seems easily sufficient - the argument that it’s hard to get an IP protocol number is correct - it should be. But isn’t that what you’re doing with this draft? Wouldn’t needing an IP protocol number still be needed even if your draft passed? I.e., why do we need to do double the assignment and work - esp. given this is for an emerging proposal. > #3 isn't robust > because modifying UDP payload in the network leads to silent data > corruption when the UDP ports are misinterpreted (RFC7605). Agreed - a port filter would then disable this approach. But why isn’t that a *desirable* property? IMO, this protocol represents a potential security risk that should be easy for users or networks to disable and filter. > #4 is interesting. There is a certain appeal in that it's much easier > to get an EtherType allocation rather than an IP protocol number. > OTOH, this seems like an abuse of GRE to turn it into IP extensibility > mechanism which it was never intended to be. Arguably you’re doing the same with the IP protocol field, but then (as noted before), IPsec already did this. > #5 is the proposed method of this draft. > > Assuming that IPv4 options are not an option, all the remaining share > some properties. Each is creating or using an extension header in some > format (i.e. a header inserted between the IPv4 header and transport > layer). They are all subject to IPv4 fragmentation where fragments > will not contain the IOAM data-- the first fragment may contain IOAM > data and it would need to be specified whether intermediate nodes can > process the data. > > Tom > > > Th#2-#5 are variations on the same theme, namely to carry IOAM data in > some sort of extension header. The differences amongst these are the > format the extension header would take. >> Joe >> >>> On Sep 24, 2019, at 11:58 AM, Tom Herbert <tom@herbertland.com> wrote: >>> >>> Hello, >>> >>> I posted a new draft on allowing Hop-by-Hop and Destination options in >>> IPv4. Relative to the previous draft on IPv4 extension headers >>> (draft-herbert-ipv4-eh-01) this draft is narrow in intent to just >>> define use of HBH and DestOpt in IPv4 based on feedback during >>> IEFT104. >>> >>> Thanks, >>> Tom >>> >>> >>> ---------- Forwarded message --------- >>> From: <internet-drafts@ietf.org> >>> Date: Tue, Sep 24, 2019 at 11:53 AM >>> Subject: New Version Notification for draft-herbert-ipv4-hbh-destopt-00.txt >>> To: Tom Herbert <tom@herbertland.com> >>> >>> >>> >>> A new version of I-D, draft-herbert-ipv4-hbh-destopt-00.txt >>> has been successfully submitted by Tom Herbert and posted to the >>> IETF repository. >>> >>> Name: draft-herbert-ipv4-hbh-destopt >>> Revision: 00 >>> Title: IPv4 Hop-by-Hop Options and Destination Options >>> Extension Headers >>> Document date: 2019-09-24 >>> Group: Individual Submission >>> Pages: 18 >>> URL: >>> https://www.ietf.org/internet-drafts/draft-herbert-ipv4-hbh-destopt-00.txt >>> Status: https://datatracker.ietf.org/doc/draft-herbert-ipv4-hbh-destopt/ >>> Htmlized: https://tools.ietf.org/html/draft-herbert-ipv4-hbh-destopt-00 >>> Htmlized: >>> https://datatracker.ietf.org/doc/html/draft-herbert-ipv4-hbh-destopt >>> >>> >>> Abstract: >>> This specification enables the use of Hop-by-Hop Options and >>> Destination Options extension headers which are defined for IPv6 to >>> be used with IPv4. The goal is to provide a uniform and feasible >>> method of extensibility that is common between IPv4 and IPv6. >>> >>> >>> >>> >>> Please note that it may take a couple of minutes from the time of submission >>> until the htmlized version and diff are available at tools.ietf.org. >>> >>> The IETF Secretariat >>> >>> _______________________________________________ >>> Int-area mailing list >>> Int-area@ietf.org >>> https://www.ietf.org/mailman/listinfo/int-area >>
- [Int-area] Fwd: New Version Notification for draf… Tom Herbert
- Re: [Int-area] New Version Notification for draft… Joe Touch
- Re: [Int-area] New Version Notification for draft… Tom Herbert
- Re: [Int-area] New Version Notification for draft… Joe Touch
- Re: [Int-area] New Version Notification for draft… Tom Herbert
- Re: [Int-area] New Version Notification for draft… Joe Touch
- Re: [Int-area] New Version Notification for draft… Black, David
- Re: [Int-area] New Version Notification for draft… Joe Touch
- Re: [Int-area] New Version Notification for draft… Bob Hinden
- Re: [Int-area] New Version Notification for draft… Frank Brockners (fbrockne)
- Re: [Int-area] New Version Notification for draft… Joe Touch
- Re: [Int-area] New Version Notification for draft… Tom Herbert
- Re: [Int-area] New Version Notification for draft… Fred Baker
- Re: [Int-area] New Version Notification for draft… Tom Herbert
- Re: [Int-area] New Version Notification for draft… Ole Troan