Re: [Int-area] New Draft - ICMPv6 Loopback
Tal Mizrahi <tal.mizrahi.phd@gmail.com> Wed, 21 June 2023 11:49 UTC
Return-Path: <tal.mizrahi.phd@gmail.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A03F0C151543 for <int-area@ietfa.amsl.com>; Wed, 21 Jun 2023 04:49:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.095
X-Spam-Level:
X-Spam-Status: No, score=-1.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vyoiF6lLIRY2 for <int-area@ietfa.amsl.com>; Wed, 21 Jun 2023 04:49:24 -0700 (PDT)
Received: from mail-io1-xd34.google.com (mail-io1-xd34.google.com [IPv6:2607:f8b0:4864:20::d34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4EE3C151541 for <int-area@ietf.org>; Wed, 21 Jun 2023 04:49:24 -0700 (PDT)
Received: by mail-io1-xd34.google.com with SMTP id ca18e2360f4ac-7747cc8bea0so45569739f.1 for <int-area@ietf.org>; Wed, 21 Jun 2023 04:49:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1687348164; x=1689940164; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=fQRzbXnn0vJIn7RK/e3rX6il1ul/2l0NGJIke+1uHJo=; b=YjSIbPkCSiKSkEER7sFw4Bh4/gWh2PJfPbsu0gpkALoqAO64AVDxlrm+RQPVzBLVix n+i+GSkOk3yz4La7KmzrRnsoFPaxazEPXrCXg8UhPfEo1lGQQ5KAgpHxaYeGIW846+dp aqrWnMOniStc3dAjrNrCEiie+8e1FBya8xQR/5K+2/7BfRDOVfOx7d0Vf1pGBRAxsiHV +5Vf6+GfdXB3JaxslI5kQLa/NeC+6OZ+hdFF1PGtSq5B4acVMObHzcYIeLTjDSCU/jq4 qaq3/4aGlS7QEqV9m5tAnD/gH3EbJYGs+fbZValk2r7JdMA3QEJlrkKd2EaNMePy36pq 5R5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687348164; x=1689940164; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fQRzbXnn0vJIn7RK/e3rX6il1ul/2l0NGJIke+1uHJo=; b=Y2hzfvyeWjh3vOpjojKCZG6lMYtiPk2qQj4wm+agiRw4P5ec6kG4G+/3TbrdY8L4pk ndAbQDUdWnkGbVp9/EYnyfv8bxfnq4m29ysmpD9xPdYKLAs82oZXD21dhyqlEeQ7GOiS D5hmlD+lLZH+pEMxfbCrzBZd+EiEpNHSkZzGcruEKXG56DaKEi6tmF1k0FjtVxDBTzAS C5ZLn3zbWFLb13MM63mJv1reM1OiLWHh2bJsyYq7GKeVT6NmiGoIJbgXjgVbNrVJxBnc wJqc4dQTjO0DAma7h1FF/SguSvAjbXhIBziTNEeFumQ/SWPzH5DNgppX5C00QAoRoZrG ffmg==
X-Gm-Message-State: AC+VfDwVfqFjZphvjysRGiytwFy1UqkM9BI9Apgu/fOyyxwnjGuZ69RE tSekT3waEH4AHv8VduBayj6sDuVvkEd+LMKo3i+AWJGc
X-Google-Smtp-Source: ACHHUZ5tAuHD4Qp3QwJjD4RyocJDvJnsax/sP17beCQ3vXGWwR77BbhUplwM+41WpKCfajbE26zyGZMGAYJ5jiyTlxk=
X-Received: by 2002:a6b:c905:0:b0:77e:242b:440a with SMTP id z5-20020a6bc905000000b0077e242b440amr11673480iof.0.1687348163789; Wed, 21 Jun 2023 04:49:23 -0700 (PDT)
MIME-Version: 1.0
References: <CABUE3Xm5nT4R8wUu6FfXW0u66YoyDS45cRTuiGjRJ0CRGsevnQ@mail.gmail.com> <908A768F-F9CF-468A-A7C1-27736FE10BFE@gmail.com> <5B0C59DC-BD03-4BEE-A719-6E892F61F916@cisco.com> <CABUE3Xk--WodVbGFQtJvPTdtH154bNE6nufxoFDJuh6nVbpFRg@mail.gmail.com> <95cdc678-a7c8-078f-08aa-6aac9c053b15@gmail.com> <CABUE3Xnt+r3nWPFeui3dqQTXpTUUOudyTfkGJm=bL57ySevjLw@mail.gmail.com> <954f791b-3242-f933-f6fd-a3ba89765114@hs-augsburg.de>
In-Reply-To: <954f791b-3242-f933-f6fd-a3ba89765114@hs-augsburg.de>
From: Tal Mizrahi <tal.mizrahi.phd@gmail.com>
Date: Wed, 21 Jun 2023 14:49:12 +0300
Message-ID: <CABUE3XmA7nC5w26FrhQztPEevTaQbDAbqrMi6a=SvkE1=wN3+w@mail.gmail.com>
To: Rolf Winter <rolf.winter@hs-augsburg.de>
Cc: int-area@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/sc_5XmnO_x6YgFExUJJAVv0swZE>
Subject: Re: [Int-area] New Draft - ICMPv6 Loopback
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Internet Area WG Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jun 2023 11:49:28 -0000
Hi Rolf, I agree that a new type is not necessarily required for every case, however a new type is probably the cleanest solution for Loopback. Here is an alternative solution that does not require a new type: - The Loopback requester sends an Echo Request with code=X (newly allocated to indicate Loopback Request). - The Loopback responder replies with an Echo Reply with code=X+1 (newly allocated to indicate Loopback Reply). - The requester can distinguish a Loopback reply (code=X+1) from a reply received from a legacy device (which reflects code=X). While this solution should work, it assumes a certain behavior from legacy devices (reflecting code=X as-is) that is not compliant with RFC 4443. Therefore, I believe using a new type would be cleaner. Cheers, Tal. On Wed, Jun 21, 2023 at 12:39 PM Rolf Winter <rolf.winter@hs-augsburg.de> wrote: > > Hi Tal, > > I don't think your assessment that a new type is required really holds > for every case. I think the key point is, the requests get _reflected_. > So if you expect something else in you response (e.g. Echo Request would > expect a different type in the Echo Response), then you can distinguish > a reflecting host from a host that actually understands this "new ICMP > thing". The real good news is in both measurement cases are that a) most > tested NATs let those packets through (both request and response) and b) > mostly, they cross the internet unmodified as can be seen in the > unmodified code inside the ICMP reply (for v4 at least). > > Best, > > Rolf > > Am 21.06.23 um 06:53 schrieb Tal Mizrahi: > > Hi Valentin, > > > > Thanks for this valuable data. > > Based on your findings, the good news is that new codes will most > > likely traverse NATs, and the bad news is that most hosts will respond > > according to the "old" behavior without checking the code value. In > > light of the latter observation, I would say that new behavior *from > > the responder* requires a new ICMP type. However, more feedback about > > this assessment is welcome. > > > > Cheers, > > Tal. > > > > On Tue, Jun 20, 2023 at 8:45 PM Valentin Heinrich > > <v.heinrich99@gmail.com> wrote: > >> > >> we had similar questions when working on reverse traceroute > >> (https://datatracker.ietf.org/doc/html/draft-heiwin-intarea-reverse-traceroute). > >> Should we use new ICMP types or extend existing ones with a new code? > >> > >> We actually conducted measurements to test deployability of those two > >> choices. > >> One of the big question marks was whether new ICMP messages using a new > >> type are able to traverse common NAT middleboxes. > >> Unfortunately, as one would probably expect, new ICMP types are most > >> commonly filtered (or they just bypass the NAT, which is just as bad as > >> they are forwarded untranslated into the public internet). > >> We then sent ICMP Echo requests with the new codes 1 and 2 through those > >> same NAT boxes. > >> Only a single NAT box (out of 12) dropped the corresponding Echo > >> response message and in all other cases both requests and replies > >> correctly traversed the NAT. > >> In this regard, our measurements showed that extending existing ICMP > >> Echo messages with new codes is the way to go if immediate deployability > >> is the goal. > >> > >> We then also performed a measurement to assess the deployment of ICMP > >> Echo messages with new codes on the public Internet. > >> We probed over a million hosts that correctly responded to regular ICMP > >> Echo requests (code 0) with ICMP Echo responses. > >> To each of those hosts we sent ICMP Echo requests with code 1. Over 92% > >> of the probed hosts responded with an ICMP Echo response and reflected > >> the new code back in their response. > >> The fact that we received that many "reflective" responses shows us, > >> that ICMP Echo messages (both request and response) with a new code make > >> it through the Internet unfiltered and unaltered in the vast majority of > >> cases. About 3% of the probes were answered with a regular ICMP Echo > >> response (code 0), thus not reflecting the request's code back. > >> > >> For more details of the measurement study, you can have a look at this > >> talk: https://youtu.be/Y7NtqLEtfgjU?t=63 > >> > >> Or listen to this episode of the Ping Podcast: > >> https://blubrry.com/ping_podcast/94883480/reverse-traceroute-its-just-traceroute-but-the-other-direction/ > >> > >> > >> One caveat is however that we conducted these measurements only on IPv4. > >> Results might or might not differ for IPv6. > >> For reverse traceroute, which itself implements both ICMP and ICMPv6, we > >> have however successfully tested our implementation across the public > >> internet. > >> > >> I hope this data point helps in this discussion. > >> > >> On 07.06.23 06:30, Tal Mizrahi wrote: > >>> Bob, Eric, > >>> > >>> Thanks for the feedback. > >>> Defining a new code for ICMPv6 Echo rather than defining a new type > >>> may be the right way to go. > >>> Our main concern with this is that RFC 4443 defines what to do with an > >>> unknown type, but does not define what to do with an unknown code. It > >>> is not clear what existing implementations do when receiving an Echo > >>> Request with an unknown code. That is why the current draft calls for > >>> a new type. However, we are open to more feedback about this, and it > >>> may end up being just a new code. > >>> > >>> Cheers, > >>> Tal. > >>> > >>> On Tue, Jun 6, 2023 at 8:33 PM Eric Vyncke (evyncke) <evyncke@cisco.com> wrote: > >>>> Without any hat, I agree with Bob. > >>>> > >>>> This I-D should eventually go to 6MAN WG though (with my AD hat) > >>>> > >>>> -éric > >>>> > >>>> On 06/06/2023, 08:34, "Int-area on behalf of Bob Hinden" <int-area-bounces@ietf.org <mailto:int-area-bounces@ietf.org> on behalf of bob.hinden@gmail.com <mailto:bob.hinden@gmail.com>> wrote: > >>>> > >>>> > >>>> Tal, > >>>> > >>>> > >>>> I did a quick read of your draft. > >>>> > >>>> > >>>> As noted in the draft this seems to be very similar to ICMPv6 Echo/Echo Reply. The change is to include the request packet in the response, not just the payload. > >>>> > >>>> > >>>> While I don’t have any real opinion on the need for this, I do think it would be a lot simpler if the draft just defined a new Code field value for Echo Request/Reply that specified this behavior. Currently the Code field is set to zero, another value could specify this behavior. > >>>> > >>>> > >>>> Deployment might be easier as I suspect ICMPv6 types other than the current definitions will be filtered in many places. > >>>> > >>>> > >>>> Bob > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>>> On Jun 6, 2023, at 4:54 AM, Tal Mizrahi <tal.mizrahi.phd@gmail.com <mailto:tal.mizrahi.phd@gmail.com>> wrote: > >>>>> > >>>>> Hi, > >>>>> > >>>>> New draft: https://datatracker.ietf.org/doc/draft-mcb-intarea-icmpv6-loopback/ <https://datatracker.ietf.org/doc/draft-mcb-intarea-icmpv6-loopback/> > >>>>> > >>>>> We have posted a new draft that proposes two new ICMPv6 message types: > >>>>> Loopback Request and Reply. > >>>>> ICMPv6 Loopback is very similar to Echo, except that after a Loopback > >>>>> Request is sent, its corresponding Reply includes as much of the IPv6 > >>>>> Loopback Request packet as possible, including the IPv6 header and > >>>>> IPv6 extension headers and options if they are present. > >>>>> > >>>>> We believe that ICMPv6 Loopback can be very useful for returning IPv6 > >>>>> options that were included in Request packet back to the sender, > >>>>> including for example sending IOAM [RFC 9197] data from the Request > >>>>> back to the sender, sending the SRH [RFC 8754] of the Request back to > >>>>> the sender, as well as for in-progress / future protocols such as > >>>>> draft-filsfils-spring-path-tracing and draft-kumar-ippm-ifa. > >>>>> > >>>>> We would be happy for feedback, as well as suggestions about whether > >>>>> the INT-AREA WG is the right place to discuss this draft. > >>>>> > >>>>> Cheers, > >>>>> Tal. > >>>>> > >>>>> _______________________________________________ > >>>>> Int-area mailing list > >>>>> Int-area@ietf.org <mailto:Int-area@ietf.org> > >>>>> https://www.ietf.org/mailman/listinfo/int-area <https://www.ietf.org/mailman/listinfo/int-area> > >>>> > >>>> > >>>> > >>>> > >> > >> _______________________________________________ > >> Int-area mailing list > >> Int-area@ietf.org > >> https://www.ietf.org/mailman/listinfo/int-area > > > > _______________________________________________ > > Int-area mailing list > > Int-area@ietf.org > > https://www.ietf.org/mailman/listinfo/int-area > _______________________________________________ > Int-area mailing list > Int-area@ietf.org > https://www.ietf.org/mailman/listinfo/int-area
- [Int-area] New Draft - ICMPv6 Loopback Tal Mizrahi
- Re: [Int-area] New Draft - ICMPv6 Loopback Bob Hinden
- Re: [Int-area] New Draft - ICMPv6 Loopback Eric Vyncke (evyncke)
- Re: [Int-area] New Draft - ICMPv6 Loopback Tal Mizrahi
- Re: [Int-area] [IPv6] New Draft - ICMPv6 Loopback Erik Kline
- Re: [Int-area] [IPv6] New Draft - ICMPv6 Loopback Justin Iurman
- Re: [Int-area] [IPv6] New Draft - ICMPv6 Loopback Luigi IANNONE
- Re: [Int-area] [IPv6] New Draft - ICMPv6 Loopback Florian Obser
- Re: [Int-area] [EXTERNAL] Re: [IPv6] New Draft - … Robinson, Herbie
- Re: [Int-area] [IPv6] [EXTERNAL] Re: New Draft - … Tal Mizrahi
- Re: [Int-area] [IPv6] New Draft - ICMPv6 Loopback Michael Richardson
- Re: [Int-area] [IPv6] New Draft - ICMPv6 Loopback Tianran Zhou
- Re: [Int-area] [IPv6] New Draft - ICMPv6 Loopback Tal Mizrahi
- Re: [Int-area] [IPv6] New Draft - ICMPv6 Loopback Michael Richardson
- Re: [Int-area] New Draft - ICMPv6 Loopback Valentin Heinrich
- Re: [Int-area] New Draft - ICMPv6 Loopback Tal Mizrahi
- Re: [Int-area] New Draft - ICMPv6 Loopback waldemar
- Re: [Int-area] New Draft - ICMPv6 Loopback Rolf Winter
- Re: [Int-area] New Draft - ICMPv6 Loopback Tal Mizrahi
- Re: [Int-area] New Draft - ICMPv6 Loopback Rolf Winter
- Re: [Int-area] New Draft - ICMPv6 Loopback Bob Hinden