IETF Logo Mail Archive

Re: Other use cases for header insertion (was Re: Header Insertion and TI-FA)

Tom Herbert <tom@herbertland.com> Tue, 12 May 2020 00:27 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 072103A0DE0 for <ipv6@ietfa.amsl.com>; Mon, 11 May 2020 17:27:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lc1FVrVW05gK for <ipv6@ietfa.amsl.com>; Mon, 11 May 2020 17:27:43 -0700 (PDT)
Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E3383A0DDF for <6man@ietf.org>; Mon, 11 May 2020 17:27:42 -0700 (PDT)
Received: by mail-ej1-x62e.google.com with SMTP id e2so9489273eje.13 for <6man@ietf.org>; Mon, 11 May 2020 17:27:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=eXiLbNIbKUsmGqVRZ8Q6apAslqnqhWWIeSXgFPaatnQ=; b=dVVJ7sxp7j7yOZyrGHMuReeFhXApulMi6ca9B5hj5HNbmPNhSGpkVwgqa4Uv3YyrFD 2Asv6MsDXTr07xDW4Cr0IBdaO+0R/9cMa8Jdtxc4VZVtyomigrJtKWafBm7vgzt1gWKe VXDv3YwHK1EQ6ZIJpSvKBYe8l3xq9C9IwyK+JdkrvMebXRaduLlkn0ctWLtGe3y2ehEH Dk+bNxpd4h5FL+YZJxCt1SOq82w4WnsgaD6psUfPhguCMfplFMOgVmEzsiOwXV2edvQo jRPlekubpjbHHmlWtNCkSjFi8UQBr/Uu7ZyT3pqAmZge8rh/w3FVOKNXzc8tybnf7ebg Ik0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=eXiLbNIbKUsmGqVRZ8Q6apAslqnqhWWIeSXgFPaatnQ=; b=Mq2yyESxKt4IFG11bWcAPbZbFXcI3XTuxkxJJARxNtzVSQ/D+MWD1d59jWIlf9jv6n D3mwBppEU3LsrphH621Ph909wFIFurEqHNvpUGB9tp6IVQoN9iXA1GbMsGkIQBIF2cde k4Uv3jVBgp2OuwHMPc5V3WuInF0D2GJTSSQKrLINeVNv+i2bv9gAcWjP/qOCTCF71N2i r19C8sB0nys7vzFBaSE6Qr8fEo940EOu5Rh6jBHeYxePliqG/7hmP/IZEi0bWVMxhrN0 2ZmhEB77/Vls6hUeh8iPJ76mHjChT+zpVB5NihJg6rofwad9POu52eHmVzJLzY4waQId 2sBg==
X-Gm-Message-State: AGi0PuaVn16PYgBEBgudrDbnoEf3ZlHscq0DQNG8GumasFD9CrdU+Q/G GmdXGKWQwwqmDqODhkn8eWkVz4blMCVaI6Kuu3FqkQ==
X-Google-Smtp-Source: APiQypJj8+Vwo3ctNcM6ZNSdAZdTUgEJhkoBnGSOmDhhxvI8e5QX+TGjd47DwfQokib8K1whm2FzpXa+terr3EcrrQE=
X-Received: by 2002:a17:906:328c:: with SMTP id 12mr14586908ejw.69.1589243261143; Mon, 11 May 2020 17:27:41 -0700 (PDT)
MIME-Version: 1.0
References: <DM6PR05MB6348FA1FC00258ACE4FDE444AEA10@DM6PR05MB6348.namprd05.prod.outlook.com> <CALx6S35EncqhfBCP0aZHqBQ2MBT1VSxpRUB59dOTBpP4wwFsjg@mail.gmail.com> <CAO42Z2yXxZCddqrWv5Ycpi8R9YcvGj-=3o+a65LyKJnf38T7KQ@mail.gmail.com>
In-Reply-To: <CAO42Z2yXxZCddqrWv5Ycpi8R9YcvGj-=3o+a65LyKJnf38T7KQ@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Mon, 11 May 2020 17:27:29 -0700
Message-ID: <CALx6S34=a6gcLYLi+ksFnw2ETUper3ZMog7BUz2+o64-SU0_5Q@mail.gmail.com>
Subject: Re: Other use cases for header insertion (was Re: Header Insertion and TI-FA)
To: Mark Smith <markzzzsmith@gmail.com>
Cc: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, 6man <6man@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/0k24SD9iFUW3tmi9EsDAaEPqNi0>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 May 2020 00:27:45 -0000

On Mon, May 11, 2020 at 1:37 PM Mark Smith <markzzzsmith@gmail.com> wrote:
>
>
>
> On Tue, 12 May 2020, 00:50 Tom Herbert, <tom@herbertland.com> wrote:
>>
>> On Mon, May 11, 2020 at 5:58 AM Ron Bonica
>> <rbonica=40juniper.net@dmarc.ietf.org> wrote:
>> >
>> > Folks,
>> >
>> >
>> >
>> > Happy Monday!
>> >
>> >
>> >
>> > As I was painting this weekend, I remembered that the use-case for IPv6 Header insertion is TI-LFA. This made the following questions come to mind:
>> >
>>
>> Ron,
>>
>> There is at least one other use case for IPv6 Header insertion, that
>> being IOAM. For example, an operator may wish to collect per packet
>> statistics as packets traverse its network. An ingress router would
>> insert headers containing IOAM, routers would annotate the
>> information, and the egress router is expected to consume and remove
>> the headers.
>
>
>
> Have a review of this draft. EH insertion is not proposed for IOAM.
>
> Deployment Considerations for In-situ OAM with IPv6 Options
> https://tools.ietf.org/html/draft-ioametal-ippm-6man-ioam-ipv6-deployment-02
>
Mark,

For IOAM the assumption is that not all packets are necessarily
annotated for measurement and that both annotated and non-annotated
packets need to follow the same path in order for the the measurements
to be useful. This is one of the motivations for hacking the the TCP
payload, it doesn't change how the packet is routed since ECMP should
be unaffected. It also works equivalently in IPv4 and does invoke any
external mechnisms like MPLS, additional routing information, or link
layer addressing.

> My suggestion for that draft was the "IP-in-IPv6 encapsulation with ULA" section.
>
> If the IOAM nodes are a link-layer adjacent and contiguous through the IOAM domain, which I think will be likely in a lot of deployments, then the outer tunnel addressing could be Link-Local Addresses, and the IPv6 tunnels are implicit as LLAs are required for all IPv6 interfaces.
>
> An even lower overhead option in this scenario is to carry the IOAM header directly after the link-layer header, similar to how the MPLS label stack is encoded after the link-layer header, before the IP header.
>
> That would mean defining an IOAM link-layer type value for the IOAM header, however there aren't many link-layers, and an Ethertype for the IOAM header is already being defined:
>
> "Ethernet Encapsulation for In-situ OAM Data"
> https://tools.ietf.org/html/draft-weis-ippm-ioam-eth-02
>
> I'll email Frank again about this as I haven't heard anything since I emailed him before.
>
>>
>> The big difference between this use case and SR is that
>> there's no source routing involved so the ingress router doesn't
>> necessarily know what the egress router is, hence the ingress router
>> wouldn't know the right destination address to use in encapsulation.
>
>
> The model to have in mind is how packets are mapped onto MPLS LSPs and how packets are mapped onto link-layer next hops. Destination address route table lookup specifying next IPv6 hop and corresponding link-layer encapsulation and next hop link-layer address. In this case the outer IPv6 tunnels between IOAM nodes are virtual link-layers.
>
>
>>
>> I believe that this is currently being developed and maybe even being
>> deployed, but not under the auspices of IETF. Frankly, figuring out
>> how to do header insertion in a sensible and standard way would be a
>> step up from some of the methods being proposed. The most egregious
>> proposal I've seen was one in which the ingress router would place the
>> IOAM information in the TCP payload and then use diff serv bits to
>> indicate the TCP payload is modified. Of course the day a network
>> fails to remove the inserted information this completely breaks TCP!
>>
>> This use case makes me think the WG should consider how to make header
>> insertion safe and viable.
>
>
> There's a need for a layer 2.5 local networking protocol that has smaller headers (and smaller addressing) than IPv6, that won't cause problems if it leaks because it is not the Internet's protocol, because all this EH insertion debate and pain is caused by people wanting to use IPv6, but not wanting to pay the IPv6 internetworking protocol overhead. They're trying to have their cake and eat it too.

I think we need to keep an open mind. While I agree that the SR use
case hasn't been well explained why EH insertion is needed, I don't
think we can preclude that there might not be other use cases where it
makes sense.

>
> MPLS framing is an example of something that suits requirement ("MPLS" here is not implying the "MPLS Family" of protocols (RSVP, LDP etc.) that are apparently the actual cause of the problem that SR is trying to solve). There could be other options.
>
> So people need to either accept the IPv6 overhead trade-off to get the commodity benefits of IPv6, or be willing to deploy a lower overhead local network protocol to carry that local information in their network.
>
> EH insertion is a hack and will always be a hack, and anything that tries to work around its issues will also going to be a hack. Decommodified IPv6 due to hacks is not commodity IPv6.

A lot of people thought NAT was a hack too :-) My concern is if we
dismiss protocols becasue we view them as hacks without giving serious
consideration to how they might be made to work reasonably, perhaps in
a limited domain, people will deploy these hacks anyway and in  fact
may end up doing things the are far worse (like the aforemention hacks
where intermediate nodes are mucking with TCP payload).

Tom

>
> Regards,
> Mark.
>
>>
>> Tom
>> >
>> >
>> > How does TI-LFA work when the original packet already contains a routing header? Will it insert a second, so that the packet has two routing headers?
>> > How does TI-LFA work when the node directly upstream of the link (i.e., the PLR) is not a segment endpoint? Will it insert an routing header? Is that consistent with 8200?
>> >
>> >
>> >
>> >                                                                                                                         Ron
>> >
>> >
>> >
>> >
>> >
>> >
>> > Juniper Business Use Only
>> >
>> > --------------------------------------------------------------------
>> > IETF IPv6 working group mailing list
>> > ipv6@ietf.org
>> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> > --------------------------------------------------------------------
>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email