IETF Logo Mail Archive

Re: We don't seem to be following our processes (Re: Network Programming - Penultimate Segment Popping)

"Joel M. Halpern" <jmh@joelhalpern.com> Sat, 07 December 2019 11:19 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DBC21201C6 for <ipv6@ietfa.amsl.com>; Sat, 7 Dec 2019 03:19:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P1SneH_RXN0M for <ipv6@ietfa.amsl.com>; Sat, 7 Dec 2019 03:19:22 -0800 (PST)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B56D1200F1 for <ipv6@ietf.org>; Sat, 7 Dec 2019 03:19:22 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 47VRmp0wYCz1nslK; Sat, 7 Dec 2019 03:19:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1575717562; bh=QhBRWEW0d8mI9+pxIOqHN+cKV/c5xBDpVsG2GntGO8k=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=Zpt1dzl6Qjm2PfqVul3yU4S2IpHX8/DFMkzodkaVhCjgWpwRKPAWILytdpOmH/7g9 ZrVRL1CUjz5azZAIDrKDQ2n7fhx2+dDHMf/eop/6OfDY+bVAoNYgRPZ6NEQ/UBSlZr 18pC7XsUUl7MPJoBY54n2PV5C3agmdIwRe2ks4Xc=
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from [172.20.3.198] (unknown [45.225.71.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 47VRmn2Tpzz1nslG; Sat, 7 Dec 2019 03:19:21 -0800 (PST)
Subject: Re: We don't seem to be following our processes (Re: Network Programming - Penultimate Segment Popping)
To: otroan@employees.org
Cc: 6man WG <ipv6@ietf.org>
References: <CALx6S3588ja9AZzBQ0dqwx0j-ki6A5tusye+odQKPyAyF+hEww@mail.gmail.com> <10E890EA-3278-44EE-881E-EBC91D419587@employees.org> <88287cb0-c0c3-f990-4dd7-338df87c7fb2@joelhalpern.com> <4E76C386-FB1E-4E48-814D-BB626466BEE3@employees.org>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <62aad5b1-553a-bd69-1c54-0802ea5a2bfb@joelhalpern.com>
Date: Sat, 07 Dec 2019 06:19:18 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <4E76C386-FB1E-4E48-814D-BB626466BEE3@employees.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/31Kynt-ixC8fvUZWd0jnIrVCgBc>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Dec 2019 11:19:24 -0000

On the one hand, as is attributed to Milo Medin, with sufficient thrust 
pigs will fly.  So I can not assert that something can not be made to work.

But I have not seen any clear demonstrationthat header insertion in a 
controlled domain is actually safe.   Even if you upgrade all the hosts 
and routers in the domain (a quite significant and difficult to achieve 
hurdle) many of the problems with header insertion by nodes other than 
the origin still apply.  For example, even if the origin "knows" what 
may happen, that does not mean it can properly attribute or respond to 
errors it receives caused by modifications it did not make to the packet.

But the important question is why is it even desirable.  No, 8200 is not 
a religious text.  But it is the product of our standards effort.  We 
reached an agreement that this was not a good idea.  As such, it seems 
to me it requires clear and explicit need before we agree to change the 
rules, even in "controlled domain".  We do not have an IETF agreement 
that "controlled domains" get an arbitrary pass.  We sometimes relax 
some requirements when a need can be shown.   That has not been shown here.

Yours,
Joel

On 12/7/2019 5:30 AM, otroan@employees.org wrote:
> Joel,
> 
>> The TI-LFA task can clearly be done with encapsulation.  That the proponents do not desire to do so is clear and understood.  Not desiring to do so is not a reason to violate a Full Standard RFC.
>>
>> That is why I asked what the purpose was for header insertion.  And citing the TI-LFA draft does not answer the quesiton.
> 
> The point I tried to make was that propopents of EH insertiona had a slightly more nuanced motivation for doing what they are doing,
> than what Fernando portray in this paragraph:
> 
>>> 3) Besides the technical arguments against EH insertion (which have been
>>> codified in draft-smith-6man-in-flight-eh-insertion-harmful, I have
>>> asked *lots* of times what's the technical motivation for doing EH
>>> insertion. It boils down to "to save 40 bytes", which doesn't seem to me
>>> as a compelling argument to violate the spec -- even less in a design
>>> that employs 128-bit waypoints and is claimed to be operated in a
>>> limited domain.
> 
> I see it necessary to speak up when I see participants consistently arguing against strawman.
> And call upon higher deities (RFC8200).
> 
> Strawman #1:
> The proponents of EH insertion proposes to do insertion/deletion directly on user (Internet) traffic.
> 
> => There may be a suspicion that this is what they want, but it is not what they have written down, nor claim.
> Take an example of 3 routers A, B and C that is under the same control.
> Traffic travels from left to right.
> 
> A -- B -- C
> 
> A has a tunnel to C using ULA source and destination.
> A packet ingresses on A, is encapsulated and forwarded towards C.
> A has for reasons unknown to us outsourced a function to B. Where B insert an extension header in the packet originated by A.
> C is also in on the game, being a tunnel end-point, removing the encapsulating header and extension header.
> 
> If you can leave the nuances of SR and the whatever they propose on the shelf for a minute.
> 
> Do you agree in principle that this approach of "header insertion in a controlled domain" can be made to work,
> and should be indiscernible from A inserting the extension header itself?
> 
> Ole
> 
> 
>

v2.23.0 | Report a Bug | By Email