IETF Logo Mail Archive

Re: [ippm] v6 option types for IOAM data fields

Mark Smith <markzzzsmith@gmail.com> Mon, 29 October 2018 22:26 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52513131030; Mon, 29 Oct 2018 15:26:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.497
X-Spam-Level:
X-Spam-Status: No, score=-1.497 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F4FZ4KC_f71r; Mon, 29 Oct 2018 15:26:00 -0700 (PDT)
Received: from mail-ot1-x32f.google.com (mail-ot1-x32f.google.com [IPv6:2607:f8b0:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14351127133; Mon, 29 Oct 2018 15:26:00 -0700 (PDT)
Received: by mail-ot1-x32f.google.com with SMTP id p23so9210570otf.11; Mon, 29 Oct 2018 15:26:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YQSzMG+x6vpM4Cfd6TzPzEZc8smn6oF8CZ7SVywWVg8=; b=KmF44PfDEzX/HmxZKdbiokB0pbZLk4+ljnprXef3DcaM57+hkruVjlAnWrkK41juiF 2gCQ5mM/jBG35cpqy8FhdcChmoU5a5dUJAPafP7LgIZ0oNMMrrcNjxedlLk0iAUeiQwq p4wqgcEaUpCW5E06DVry67BZBroclDH8TXzRVkG80Y0vguKuVPoLbq7Q9lGkQl8uXI30 VXxWZYTFpbk5ZOBWpEz9C35LvpMyaL5zudub1U8oPO4lecKIGkVdXtbW6ABoWGBW6cfI XnKUk59M2x4KAgt337CkOP+aHHHpOd06Zd1p+LwbK9ISDcMx4nxm9ZBK0uEottOqWLeS 5Ktw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YQSzMG+x6vpM4Cfd6TzPzEZc8smn6oF8CZ7SVywWVg8=; b=ApHX2OpOR1lOA05KfwfAJoBAl3bEoPDkt254BFZgseNGhOXWnO/1iLYoVOKwP0x7ZS vypgcRjgL7BddXnElPvavccgwKoO+BeWOaW9lzfuJo2xDwm3hD6s50IS61nLdk8Il2Zg 831tgXTpTPObInRdeQdbxQI8Ovh0oksvPVW/uc4kwo4BtWxLbSEQi3UaUFWvp7Pb+LhI 7NwS4O2uxRs6DoZsI3o2XT802vXkCp7Lbp6tT9VyzD06w/cXxuK14x2uBuJx+lF0vGG6 xQYc4DVWkaR7iapMnOcE4Ui1Aj0M9sQLxDJY9GxDdzdhEXhDVS4onbpMsQSlm2BS/80V f0YA==
X-Gm-Message-State: AGRZ1gJnn7mtWfkPeIFmHL1igcfn4Lga0+dtJ6Scn+EZKxs75Odwouhd fDS1sJIDWoSbra6r/9BrFu8U0PlG8oUtDc6UbvY=
X-Google-Smtp-Source: AJdET5cdpzuVLB33yvo8NwZcszAIjj3Ex3FkHQZePhRiruwbbiyCe8ev+Wpn1Ih7qES0OKnRFWS0JPiNnyccDZjEhp4=
X-Received: by 2002:a9d:550f:: with SMTP id l15mr9065868oth.83.1540851959037; Mon, 29 Oct 2018 15:25:59 -0700 (PDT)
MIME-Version: 1.0
References: <CACL_3VGxyn-PYosFsKPVdd8C=P5AbE6HD1zrimHKuh2MPkhnuQ@mail.gmail.com> <505272eac2dd44fa891d4d36d14da9af@XCH-RCD-008.cisco.com>
In-Reply-To: <505272eac2dd44fa891d4d36d14da9af@XCH-RCD-008.cisco.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Tue, 30 Oct 2018 09:25:32 +1100
Message-ID: <CAO42Z2wGMzc_RT=eWTx9Ve-5reS0nCWiteGOuE16=MB4Fg8mkg@mail.gmail.com>
To: fbrockne@cisco.com
Cc: "C. M. Heard" <heard@pobox.com>, 6man WG <ipv6@ietf.org>, ippm@ietf.org
Content-Type: multipart/alternative; boundary="000000000000ab84400579658d90"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/z5-X-Xk0_CEEf0_alkvZGXGoK4k>
Subject: Re: [ippm] v6 option types for IOAM data fields
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Oct 2018 22:26:02 -0000

Hi Frank,

On Tue., 30 Oct. 2018, 05:36 Frank Brockners (fbrockne), <fbrockne@cisco.com>
wrote:

> Thanks Mike. On the scope of an IOAM deployment:
> draft-ietf-ippm-ioam-data-04 clarifies in section 3 that IOAM is a domain
> focused feature, i.e. not expected to be deployed on the open Internet.
>

That still violates RFC 8200, there are no exceptions for "closed" domains.

>
>From section 3:

"Designers of
   carrier protocols for IOAM must specify mechanisms to ensure that
   IOAM data stays within an IOAM domain.  In addition, the operator of
   such a domain is expected to put provisions in place to ensure that
   IOAM data does not leak beyond the edge of an IOAM domain, e.g. using
   for example packet filtering methods."

Neither the designers or the operators can ensure this IOAM information
won't leak.

Possible reasons it can leak:

- operator configuration error - e.g. forgetting to configure the domain
boundary (e.g. router with multiple domain exit interfaces, forgetting to
add that option on one of them), or misconfiguring it.

- partial device failure - the device still forwards packets, but ceases to
remove this information due to a hardware fault that has appeared

- vendor implementation bugs that fails to remove the information.

Any or all of these can occur, and as it is on egress, the consequences may
not be visible to the domain network operator, because network operators
rarely inspect packets after they've left their network. Once a packet is
sent onto somebody else, it is assumed to have been sent without faults.

There are many instances of leaks at the boundary of what are supposed to
be closed domains, such as packets containing RFC1918 private addresses (in
packet headers themselves, or in DNS packets - such a big problem that www.a
s112.net <http://as112.net> was created), and route leaks e.g.
https://bgpmon.net/how-the-internet-in-australia-went-down-under/

As operators usually have only one device at the edge of the domain, that
would be performing the domain boundary function, that device becomes a
single point of failure. Enforcement is therefore quite fragile. A domain
boundary enforced by two domain edge devices in-line would increase
robustness, however I'd think that would be rarely deployed, because we
haven't seen that commonly with IPv4 NAT.

The only way for an operator to ensure these leaks don't and never occur is
for the domain to literally not be physically connected to the Internet
i.e. the domain is air gapped from the Internet. If there is a link between
the domain and the Internet that can carry IP packets, then there is always
a possibility that information can leak from the domain.

So accepting that leaks can always occur, a far more robust option is to
leave the original packet alone entirely, and encapsulate it in a domain
local IPv6 header (i.e RFC2473, section 3.1) with domain local limited
addresses (i.e. ULA addresses) and the additional EH.

That still doesn't ensure that packet won't leak outside the domain,
because those packets will follow a default route, however as the packet's
addressing is invalid outside of the domain, that packet will be dropped
once it reaches either an invalid Internet address filter, or a default
free Internet router. The packet with the failed-to-be-removed outer ULA
IPv6 header will never reach the destination address of the inner packet,
because the DA of the inner packet is in the ULA IPv6 packet's payload.

Failure of the mechanism would be much more obvious, localised to the
domain implementing the mechanism (rather than being externalised to
somebody else's domain/network), and absolute, because the failure mode is
packets being entirely discarded.

Regards,
Mark.



> Frank
>
> -----Original Message-----
> From: C. M. Heard <heard@pobox.com>
> Sent: Montag, 29. Oktober 2018 16:03
> To: 6man <ipv6@ietf.org>; IPPM <ippm@ietf.org>
> Cc: Frank Brockners (fbrockne) <fbrockne@cisco.com>
> Subject: Re: v6 option types for IOAM data fields
>
> On Thu, 25 Oct 2018 15:06:57 +0000 Frank Brockners (fbrockne) wrote:
> > Quick heads up: In the 6MAN meeting in BKK, we’ll review
> > draft-ioametal-ippm-6man-ioam-ipv6-options-01 – which requests 2
> > option types from the DO/HbyH options sub-registry.
> >
> > While the bulk of the IOAM work is progressed in the IPPM WG, we’d
> > greatly appreciate your feedback on
> > draft-ioametal-ippm-6man-ioam-ipv6-options-01,
> > which defines how IOAM data fields are carried using v6 extension
> headers.
> > Cc’ing the IPPM WG as well, to keep everyone on the same page.
>
> I have two brief comments on this work.
>
> First, I see that the Incremental Tracing Option changes length in transit.
> It is not appropriate for it to be carried in an IPv6 option intended for
> use on the open Internet, for exactly the same reason that insertion of
> extension headers by intermediate nodes is not allowed on the open Internet.
>
> Second, I see that two IPv6 option code points are requested, one with the
> "chg" flag set, the other with the "chg" flag clear. While there is no harm
> in this, it is not strictly necessary; the only real purpose of this flag
> is to determine whether the option data is or is not included in the
> Authentication Header Integrity Check Value computation.
>
> Mike Heard
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email