IETF Logo Mail Archive

Re: [Int-area] New Draft - ICMPv6 Loopback

Tal Mizrahi <tal.mizrahi.phd@gmail.com> Wed, 21 June 2023 11:49 UTC

Return-Path: <tal.mizrahi.phd@gmail.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A03F0C151543 for <int-area@ietfa.amsl.com>; Wed, 21 Jun 2023 04:49:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.095
X-Spam-Level:
X-Spam-Status: No, score=-1.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vyoiF6lLIRY2 for <int-area@ietfa.amsl.com>; Wed, 21 Jun 2023 04:49:24 -0700 (PDT)
Received: from mail-io1-xd34.google.com (mail-io1-xd34.google.com [IPv6:2607:f8b0:4864:20::d34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4EE3C151541 for <int-area@ietf.org>; Wed, 21 Jun 2023 04:49:24 -0700 (PDT)
Received: by mail-io1-xd34.google.com with SMTP id ca18e2360f4ac-7747cc8bea0so45569739f.1 for <int-area@ietf.org>; Wed, 21 Jun 2023 04:49:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1687348164; x=1689940164; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=fQRzbXnn0vJIn7RK/e3rX6il1ul/2l0NGJIke+1uHJo=; b=YjSIbPkCSiKSkEER7sFw4Bh4/gWh2PJfPbsu0gpkALoqAO64AVDxlrm+RQPVzBLVix n+i+GSkOk3yz4La7KmzrRnsoFPaxazEPXrCXg8UhPfEo1lGQQ5KAgpHxaYeGIW846+dp aqrWnMOniStc3dAjrNrCEiie+8e1FBya8xQR/5K+2/7BfRDOVfOx7d0Vf1pGBRAxsiHV +5Vf6+GfdXB3JaxslI5kQLa/NeC+6OZ+hdFF1PGtSq5B4acVMObHzcYIeLTjDSCU/jq4 qaq3/4aGlS7QEqV9m5tAnD/gH3EbJYGs+fbZValk2r7JdMA3QEJlrkKd2EaNMePy36pq 5R5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687348164; x=1689940164; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fQRzbXnn0vJIn7RK/e3rX6il1ul/2l0NGJIke+1uHJo=; b=Y2hzfvyeWjh3vOpjojKCZG6lMYtiPk2qQj4wm+agiRw4P5ec6kG4G+/3TbrdY8L4pk ndAbQDUdWnkGbVp9/EYnyfv8bxfnq4m29ysmpD9xPdYKLAs82oZXD21dhyqlEeQ7GOiS D5hmlD+lLZH+pEMxfbCrzBZd+EiEpNHSkZzGcruEKXG56DaKEi6tmF1k0FjtVxDBTzAS C5ZLn3zbWFLb13MM63mJv1reM1OiLWHh2bJsyYq7GKeVT6NmiGoIJbgXjgVbNrVJxBnc wJqc4dQTjO0DAma7h1FF/SguSvAjbXhIBziTNEeFumQ/SWPzH5DNgppX5C00QAoRoZrG ffmg==
X-Gm-Message-State: AC+VfDwVfqFjZphvjysRGiytwFy1UqkM9BI9Apgu/fOyyxwnjGuZ69RE tSekT3waEH4AHv8VduBayj6sDuVvkEd+LMKo3i+AWJGc
X-Google-Smtp-Source: ACHHUZ5tAuHD4Qp3QwJjD4RyocJDvJnsax/sP17beCQ3vXGWwR77BbhUplwM+41WpKCfajbE26zyGZMGAYJ5jiyTlxk=
X-Received: by 2002:a6b:c905:0:b0:77e:242b:440a with SMTP id z5-20020a6bc905000000b0077e242b440amr11673480iof.0.1687348163789; Wed, 21 Jun 2023 04:49:23 -0700 (PDT)
MIME-Version: 1.0
References: <CABUE3Xm5nT4R8wUu6FfXW0u66YoyDS45cRTuiGjRJ0CRGsevnQ@mail.gmail.com> <908A768F-F9CF-468A-A7C1-27736FE10BFE@gmail.com> <5B0C59DC-BD03-4BEE-A719-6E892F61F916@cisco.com> <CABUE3Xk--WodVbGFQtJvPTdtH154bNE6nufxoFDJuh6nVbpFRg@mail.gmail.com> <95cdc678-a7c8-078f-08aa-6aac9c053b15@gmail.com> <CABUE3Xnt+r3nWPFeui3dqQTXpTUUOudyTfkGJm=bL57ySevjLw@mail.gmail.com> <954f791b-3242-f933-f6fd-a3ba89765114@hs-augsburg.de>
In-Reply-To: <954f791b-3242-f933-f6fd-a3ba89765114@hs-augsburg.de>
From: Tal Mizrahi <tal.mizrahi.phd@gmail.com>
Date: Wed, 21 Jun 2023 14:49:12 +0300
Message-ID: <CABUE3XmA7nC5w26FrhQztPEevTaQbDAbqrMi6a=SvkE1=wN3+w@mail.gmail.com>
To: Rolf Winter <rolf.winter@hs-augsburg.de>
Cc: int-area@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/sc_5XmnO_x6YgFExUJJAVv0swZE>
Subject: Re: [Int-area] New Draft - ICMPv6 Loopback
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Internet Area WG Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jun 2023 11:49:28 -0000

Hi Rolf,

I agree that a new type is not necessarily required for every case,
however a new type is probably the cleanest solution for Loopback.

Here is an alternative solution that does not require a new type:
- The Loopback requester sends an Echo Request with code=X (newly
allocated to indicate Loopback Request).
- The Loopback responder replies with an Echo Reply with code=X+1
(newly allocated to indicate Loopback Reply).
- The requester can distinguish a Loopback reply (code=X+1) from a
reply received from a legacy device (which reflects code=X).

While this solution should work, it assumes a certain behavior from
legacy devices (reflecting code=X as-is) that is not compliant with
RFC 4443.
Therefore, I believe using a new type would be cleaner.

Cheers,
Tal.

On Wed, Jun 21, 2023 at 12:39 PM Rolf Winter <rolf.winter@hs-augsburg.de> wrote:
>
> Hi Tal,
>
> I don't think your assessment that a new type is required really holds
> for every case. I think the key point is, the requests get _reflected_.
> So if you expect something else in you response (e.g. Echo Request would
> expect a different type in the Echo Response), then you can distinguish
> a reflecting host from a host that actually understands this "new ICMP
> thing". The real good news is in both measurement cases are that a) most
> tested NATs let those packets through (both request and response) and b)
> mostly, they cross the internet unmodified as can be seen in the
> unmodified code inside the ICMP reply (for v4 at least).
>
> Best,
>
> Rolf
>
> Am 21.06.23 um 06:53 schrieb Tal Mizrahi:
> > Hi Valentin,
> >
> > Thanks for this valuable data.
> > Based on your findings, the good news is that new codes will most
> > likely traverse NATs, and the bad news is that most hosts will respond
> > according to the "old" behavior without checking the code value. In
> > light of the latter observation, I would say that new behavior *from
> > the responder* requires a new ICMP type. However, more feedback about
> > this assessment is welcome.
> >
> > Cheers,
> > Tal.
> >
> > On Tue, Jun 20, 2023 at 8:45 PM Valentin Heinrich
> > <v.heinrich99@gmail.com> wrote:
> >>
> >> we had similar questions when working on reverse traceroute
> >> (https://datatracker.ietf.org/doc/html/draft-heiwin-intarea-reverse-traceroute).
> >> Should we use new ICMP types or extend existing ones with a new code?
> >>
> >> We actually conducted measurements to test deployability of those two
> >> choices.
> >> One of the big question marks was whether new ICMP messages using a new
> >> type are able to traverse common NAT middleboxes.
> >> Unfortunately, as one would probably expect, new ICMP types are most
> >> commonly filtered (or they just bypass the NAT, which is just as bad as
> >> they are forwarded untranslated into the public internet).
> >> We then sent ICMP Echo requests with the new codes 1 and 2 through those
> >> same NAT boxes.
> >> Only a single NAT box (out of 12) dropped the corresponding Echo
> >> response message and in all other cases both requests and replies
> >> correctly traversed the NAT.
> >> In this regard, our measurements showed that extending existing ICMP
> >> Echo messages with new codes is the way to go if immediate deployability
> >> is the goal.
> >>
> >> We then also performed a measurement to assess the deployment of ICMP
> >> Echo messages with new codes on the public Internet.
> >> We probed over a million hosts that correctly responded to regular ICMP
> >> Echo requests (code 0) with ICMP Echo responses.
> >> To each of those hosts we sent ICMP Echo requests with code 1. Over 92%
> >> of the probed hosts responded with an ICMP Echo response and reflected
> >> the new code back in their response.
> >> The fact that we received that many "reflective" responses shows us,
> >> that ICMP Echo messages (both request and response) with a new code make
> >> it through the Internet unfiltered and unaltered in the vast majority of
> >> cases. About 3% of the probes were answered with a regular ICMP Echo
> >> response (code 0), thus not reflecting the request's code back.
> >>
> >> For more details of the measurement study, you can have a look at this
> >> talk: https://youtu.be/Y7NtqLEtfgjU?t=63
> >>
> >> Or listen to this episode of the Ping Podcast:
> >> https://blubrry.com/ping_podcast/94883480/reverse-traceroute-its-just-traceroute-but-the-other-direction/
> >>
> >>
> >> One caveat is however that we conducted these measurements only on IPv4.
> >> Results might or might not differ for IPv6.
> >> For reverse traceroute, which itself implements both ICMP and ICMPv6, we
> >> have however successfully tested our implementation across the public
> >> internet.
> >>
> >> I hope this data point helps in this discussion.
> >>
> >> On 07.06.23 06:30, Tal Mizrahi wrote:
> >>> Bob, Eric,
> >>>
> >>> Thanks for the feedback.
> >>> Defining a new code for ICMPv6 Echo rather than defining a new type
> >>> may be the right way to go.
> >>> Our main concern with this is that RFC 4443 defines what to do with an
> >>> unknown type, but does not define what to do with an unknown code. It
> >>> is not clear what existing implementations do when receiving an Echo
> >>> Request with an unknown code. That is why the current draft calls for
> >>> a new type. However, we are open to more feedback about this, and it
> >>> may end up being just a new code.
> >>>
> >>> Cheers,
> >>> Tal.
> >>>
> >>> On Tue, Jun 6, 2023 at 8:33 PM Eric Vyncke (evyncke) <evyncke@cisco.com> wrote:
> >>>> Without any hat, I agree with Bob.
> >>>>
> >>>> This I-D should eventually go to 6MAN WG though (with my AD hat)
> >>>>
> >>>> -éric
> >>>>
> >>>> On 06/06/2023, 08:34, "Int-area on behalf of Bob Hinden" <int-area-bounces@ietf.org <mailto:int-area-bounces@ietf.org> on behalf of bob.hinden@gmail.com <mailto:bob.hinden@gmail.com>> wrote:
> >>>>
> >>>>
> >>>> Tal,
> >>>>
> >>>>
> >>>> I did a quick read of your draft.
> >>>>
> >>>>
> >>>> As noted in the draft this seems to be very similar to ICMPv6 Echo/Echo Reply. The change is to include the request packet in the response, not just the payload.
> >>>>
> >>>>
> >>>> While I don’t have any real opinion on the need for this, I do think it would be a lot simpler if the draft just defined a new Code field value for Echo Request/Reply that specified this behavior. Currently the Code field is set to zero, another value could specify this behavior.
> >>>>
> >>>>
> >>>> Deployment might be easier as I suspect ICMPv6 types other than the current definitions will be filtered in many places.
> >>>>
> >>>>
> >>>> Bob
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>> On Jun 6, 2023, at 4:54 AM, Tal Mizrahi <tal.mizrahi.phd@gmail.com <mailto:tal.mizrahi.phd@gmail.com>> wrote:
> >>>>>
> >>>>> Hi,
> >>>>>
> >>>>> New draft: https://datatracker.ietf.org/doc/draft-mcb-intarea-icmpv6-loopback/ <https://datatracker.ietf.org/doc/draft-mcb-intarea-icmpv6-loopback/>
> >>>>>
> >>>>> We have posted a new draft that proposes two new ICMPv6 message types:
> >>>>> Loopback Request and Reply.
> >>>>> ICMPv6 Loopback is very similar to Echo, except that after a Loopback
> >>>>> Request is sent, its corresponding Reply includes as much of the IPv6
> >>>>> Loopback Request packet as possible, including the IPv6 header and
> >>>>> IPv6 extension headers and options if they are present.
> >>>>>
> >>>>> We believe that ICMPv6 Loopback can be very useful for returning IPv6
> >>>>> options that were included in Request packet back to the sender,
> >>>>> including for example sending IOAM [RFC 9197] data from the Request
> >>>>> back to the sender, sending the SRH [RFC 8754] of the Request back to
> >>>>> the sender, as well as for in-progress / future protocols such as
> >>>>> draft-filsfils-spring-path-tracing and draft-kumar-ippm-ifa.
> >>>>>
> >>>>> We would be happy for feedback, as well as suggestions about whether
> >>>>> the INT-AREA WG is the right place to discuss this draft.
> >>>>>
> >>>>> Cheers,
> >>>>> Tal.
> >>>>>
> >>>>> _______________________________________________
> >>>>> Int-area mailing list
> >>>>> Int-area@ietf.org <mailto:Int-area@ietf.org>
> >>>>> https://www.ietf.org/mailman/listinfo/int-area <https://www.ietf.org/mailman/listinfo/int-area>
> >>>>
> >>>>
> >>>>
> >>>>
> >>
> >> _______________________________________________
> >> Int-area mailing list
> >> Int-area@ietf.org
> >> https://www.ietf.org/mailman/listinfo/int-area
> >
> > _______________________________________________
> > Int-area mailing list
> > Int-area@ietf.org
> > https://www.ietf.org/mailman/listinfo/int-area
> _______________________________________________
> Int-area mailing list
> Int-area@ietf.org
> https://www.ietf.org/mailman/listinfo/int-area

v2.23.0 | Report a Bug | By Email