IETF Logo Mail Archive

Re: I-D Action: draft-voyer-6man-extension-header-insertion-02.txt

Tom Herbert <tom@herbertland.com> Thu, 30 November 2017 22:30 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E00EC129504 for <ipv6@ietfa.amsl.com>; Thu, 30 Nov 2017 14:30:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YqsSd1R22bhH for <ipv6@ietfa.amsl.com>; Thu, 30 Nov 2017 14:30:33 -0800 (PST)
Received: from mail-qt0-x232.google.com (mail-qt0-x232.google.com [IPv6:2607:f8b0:400d:c0d::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E94131286C7 for <ipv6@ietf.org>; Thu, 30 Nov 2017 14:30:32 -0800 (PST)
Received: by mail-qt0-x232.google.com with SMTP id d4so10836522qtj.5 for <ipv6@ietf.org>; Thu, 30 Nov 2017 14:30:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=6kzHiNcxGjojk9A15bwqxMAIL3Eer9Nlzqn7DFr19ek=; b=SpksG9NQbwfkijcrmJhRyv+dITRY+SctsOdUfDgu/XHUPUL7+UsNotuumMLQ1W6dZ/ he5BmiCfTo9p0oHc/E+t/e+VNgdSIafT/85K2r+1HKHQRgY+0WDENzfDsMPiioLjUIol dN3CjplpNK9kAeDBYMv67xXO/xRuGb2mbU+zaxxNjmmjA7t1IVieqNvTb4oCGcJC5HBr /F6iYkKvsTmIbO+oyJ+GuclDI9cKGFQd6/BwZnyjFbdVx4gLZWquYMukSmsng46iT3fA 0p9ivd9+k4OAwBfMvQyneyn3vJsv9aDswAnW9ToSvhr+LZ0MlS+rHfKQr5eTh2xeeelp 0TbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=6kzHiNcxGjojk9A15bwqxMAIL3Eer9Nlzqn7DFr19ek=; b=SdZHsadsQDTk/fiQhnx7GlMzBkeIP3kktSG28OxvUYa7Oz1hLJOkHKqeplnnyGDdRo qwAqmQEEo9xOQ88Nt31NcJ6kskH83N5DmQ5xxAfjZYniIZE4x6pwD4fqJRRLhX0ikN+D acYFiKCPsAqAtReMCTEA645OMMYv3fkmP+ynfEvtqriGEgQ1o6LnceTyWVdETlxxRPcc y6TbnfAfvmlvVNlXZiCtadpXWXgXrPLPxSPuQGie8TypGIPvdstAjy+IC8pE9iNioJXv 2wPWx3fLPIEugYshnU8Z8/lqYKdLYlMbYcNdDfGv6Dz0YPOOodnVkRH22hadAlZ1AzMp wM4g==
X-Gm-Message-State: AKGB3mIZNIAXOAoIdnxQ0837y80a0IrrdrzV6xSEqiAw9YcF+qILtfTt UMLjb3Eldmh7466x8/T7OVOSLFglscnDa4bEMgKuZw==
X-Google-Smtp-Source: AGs4zMb/o+U4RLumKFFPdHLpMfAg4rv31g3JwoAg4JcLIUSoh5lg5HfAV8RrRfMK8wkrGcUuWXVfnFpnv6HpZIv8Mbw=
X-Received: by 10.200.22.91 with SMTP id x27mr5765353qtk.226.1512081031970; Thu, 30 Nov 2017 14:30:31 -0800 (PST)
MIME-Version: 1.0
Received: by 10.200.43.121 with HTTP; Thu, 30 Nov 2017 14:30:31 -0800 (PST)
In-Reply-To: <CA+b+ERmxW9fwYx1nn1am=qdsROxX6nmnd_7vFRV9d2cZpeVrZw@mail.gmail.com>
References: <151120281628.21912.1099097760493570225@ietfa.amsl.com> <4ca3fd6b-4cd6-f6ac-ce03-415c2c9a4c3c@gmail.com> <f4425076-2f76-5713-2819-9d26671d56bb@si6networks.com> <4E92F160-C586-4C7B-BAEF-97C204856A8A@employees.org> <bc9d7f57-8687-7f85-8ac3-49751683232b@si6networks.com> <CA+b+ERnKbRXgFycgKd7EXMVvS1Mu_RTC5tfPbNE781TDZ49rYA@mail.gmail.com> <CALx6S34XAA7Fo96Es9z1Yz+Eo9XdWvPHXmCAcw_WSzP8JNjKuQ@mail.gmail.com> <CA+b+ER=6AJAKY-7YREQXv6VQ7XSAQrpDd-=bcqA2hLUXSKq_Mg@mail.gmail.com> <CALx6S37MuMUbL+JBrBEeqrwX_A7+3UX4YcHs011GjuEqWQ4q9w@mail.gmail.com> <CA+b+ERmxW9fwYx1nn1am=qdsROxX6nmnd_7vFRV9d2cZpeVrZw@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 30 Nov 2017 14:30:31 -0800
Message-ID: <CALx6S346yyn6zGPZCJxuqsHhL4S=mviNRoWeZetKDHB7byDxVA@mail.gmail.com>
Subject: Re: I-D Action: draft-voyer-6man-extension-header-insertion-02.txt
To: Robert Raszuk <robert@raszuk.net>
Cc: Fernando Gont <fgont@si6networks.com>, draft-voyer-6man-extension-header-insertion@ietf.org, 6man WG <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/2r0ymP2mNJFlJyAd3rhhygQf-hc>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Nov 2017 22:30:36 -0000

On Thu, Nov 30, 2017 at 2:07 PM, Robert Raszuk <robert@raszuk.net> wrote:
> Tom,
>
> The biggest advantage of SRv6 in contrast to SR-MPLS is that the SRH (one or
> more) are not modified through the SR applicability of the packets.
>
> So node which understands SRv6 can generate ICMP to both src of the packet
> (poor host) as well as ingress node in SR domain (as it is explicitly listed
> in Ingress Node TLV of first SRH). Node which does not understand SRv6 will
> likely only send it to original src .. but this is a feature not a bug. This
> is how traceroute works.
>
But it is a bug. This is sending ICMP errors to hosts about packets
containing tcontent that they could not have possibly sent. What's
worse is that if the ICMP error contains the SR header this gives the
host a whole bunch of detail about the internal structure and paths of
the network which seems like a security issue to me.

> If you do encap how will host now see all the nodes on the way traceroute or
> tracepath ? Do you think that hosts admins will be happy to be blinded by
> 6man ?
>
A nice solution to the traceroute issue for encapsulation has already
proposed. See https://tools.ietf.org/html/draft-nordmark-nvo3-transcending-traceroute-03.
Many similar issues regarding encpasulation (dealing the MTU, ECN,
diff-serv propagation, etc.) have also been thought through in various
RFCs (RFC4459 for instance discusses the MTU and fragmentation).

Tom


Tom

v2.23.0 | Report a Bug | By Email