IETF Logo Mail Archive

Re: Inserting Extension Headers or not [was rfc2460bis question ]

Tim Chown <Tim.Chown@jisc.ac.uk> Thu, 28 April 2016 08:33 UTC

Return-Path: <tim.chown@jisc.ac.uk>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16F1F12B055 for <ipv6@ietfa.amsl.com>; Thu, 28 Apr 2016 01:33:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.111
X-Spam-Level:
X-Spam-Status: No, score=-4.111 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=jisc365.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W6rBXVVYtzYG for <ipv6@ietfa.amsl.com>; Thu, 28 Apr 2016 01:33:45 -0700 (PDT)
Received: from eu-smtp-delivery-189.mimecast.com (eu-smtp-delivery-189.mimecast.com [207.82.80.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB8BB12B021 for <ipv6@ietf.org>; Thu, 28 Apr 2016 01:33:44 -0700 (PDT)
Received: from emea01-db3-obe.outbound.protection.outlook.com (mail-db3lrp0083.outbound.protection.outlook.com [213.199.154.83]) (Using TLS) by eu-smtp-1.mimecast.com with ESMTP id uk-mta-20-0nzFGVcCQAi1OgBFzkHfPg-1; Thu, 28 Apr 2016 09:33:37 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jisc365.onmicrosoft.com; s=selector1-jisc-ac-uk; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Hc4f2deGEewxE6XGljBCRSqe2zqm1QP4+CcP1zzJXuE=; b=d5O+1BtG9GrK8PVemWs4LxqFvgsYNxhp//2b50f4zkqA2r8m20MrNTleQDIMHf5TC1IXGWLr2wmGspPZzJwNXAGLqXgC+sHA59MWHoEnJB3/ucWstE2DBFiXQUZzW1DX2C2S6xFWR/4lLmfgm3jhBh4px8TU29QZwheC0H4Ql2U=
Received: from AMSPR07MB455.eurprd07.prod.outlook.com (10.242.106.148) by AMSPR07MB453.eurprd07.prod.outlook.com (10.242.106.143) with Microsoft SMTP Server (TLS) id 15.1.477.8; Thu, 28 Apr 2016 08:33:36 +0000
Received: from AMSPR07MB455.eurprd07.prod.outlook.com ([10.242.106.148]) by AMSPR07MB455.eurprd07.prod.outlook.com ([10.242.106.148]) with mapi id 15.01.0466.027; Thu, 28 Apr 2016 08:33:36 +0000
From: Tim Chown <Tim.Chown@jisc.ac.uk>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: Re: Inserting Extension Headers or not [was rfc2460bis question ]
Thread-Topic: Inserting Extension Headers or not [was rfc2460bis question ]
Thread-Index: AQHRoP3VlQq8Gt0oREW1V7Q/DtgVAJ+fD1OA
Date: Thu, 28 Apr 2016 08:33:36 +0000
Message-ID: <44D6DCEE-0BB9-48B1-A77C-316A85E2B96F@jisc.ac.uk>
References: <E330D833-9CE9-4CEB-9989-26B6E69AA362@gmail.com> <988dcc9d-102e-735c-68a8-3aaa46059786@gmail.com>
In-Reply-To: <988dcc9d-102e-735c-68a8-3aaa46059786@gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3124)
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [194.82.140.195]
x-ms-office365-filtering-correlation-id: e1465460-37f6-45fa-0188-08d36f3fca95
x-microsoft-exchange-diagnostics: 1; AMSPR07MB453; 5:yFGHSRH8MoyBsQ7y59NG7d7tiUwu7QMeqAgpcP0fTyT90taUxiIkvmecmUG2bLKPYJZJmPOMxdTse3ehXvD+kzTzmmyEsKuQi8fm1cVeL0qH83FtPUDfsS7x05pfmMKgMoMPSBXCmS5mNirovPaA1g==; 24:jBc07mXfgBOWc4wKU1zyiv5RfAfeRoQ1gEoB/iQbjofyF0dh/u8oLvFJpkHzd6l71pt2/Xq3YxHdU4Y39AsYSlVo5RDydu/cxUS9DvBU+FE=; 7:phj5zW47MDHex8+3HXLw9xZFv2qoW60W846AFM+QGEPfboFcEjVInHWnnpEBlWIKLVBsOFPSos3Ic6BJJaMXECC80P4SKIyLKR44pyE1RWqv+QvR8QGthaOxH99aPHz6JWJ+4qdVOkkjSGubODpSqH25eYWKZGPKb8L/WFVe/a4NFOB7gTcnJKc2h4V7KD5b; 20:ZusiwE1Pc46BqpCEbUYe+ywJz68gVFE0z4HnbXsqptUJpgZfBcHhKT4HmYT6tVVnr9oWaL4TjTrR+iyynoFpv0egPfAX6T5WwxESWNXT+ldMoNbOoet8KGDOq6vBRrxD2xIGQPp6SAbfQCfPzXL75MZo4UQzDNRJFI555E22vRg=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:AMSPR07MB453;
x-microsoft-antispam-prvs: <AMSPR07MB453CEE7276993DFBD5FCD15D6650@AMSPR07MB453.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(9101521072)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046); SRVR:AMSPR07MB453; BCL:0; PCL:0; RULEID:; SRVR:AMSPR07MB453;
x-forefront-prvs: 0926B0E013
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(24454002)(50226002)(76176999)(122556002)(50986999)(74482002)(4326007)(102836003)(1220700001)(1096002)(586003)(77096005)(3846002)(6116002)(57306001)(83716003)(19580405001)(19580395003)(66066001)(81166005)(82746002)(5008740100001)(189998001)(2950100001)(2900100001)(15975445007)(33656002)(11100500001)(110136002)(5002640100001)(10400500002)(5004730100002)(106116001)(36756003)(5890100001)(86362001)(3660700001)(2906002)(3280700002)(92566002)(87936001)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:AMSPR07MB453; H:AMSPR07MB455.eurprd07.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-ID: <66C3FF4D59AE184C8944B9CE9FEDC367@eurprd07.prod.outlook.com>
MIME-Version: 1.0
X-OriginatorOrg: jisc.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Apr 2016 08:33:36.0195 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 48f9394d-8a14-4d27-82a6-f35f12361205
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AMSPR07MB453
X-MC-Unique: 0nzFGVcCQAi1OgBFzkHfPg-1
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: base64
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/4Moar0L4ZAx8wjBk09oECIBNR6M>
Cc: IPv6 List <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Apr 2016 08:33:49 -0000

Hi,

> On 28 Apr 2016, at 04:26, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
> 
> On 28/04/2016 13:18, Bob Hinden wrote:
>> Hi,
>> 
>> I would like to get closure on the question if inserting IPv6 extension headers is allowed or not, and should this be a clarification in rfc2460bis.  This topic was discussed in Buenos Aires and on the mailing list.
>> 
>> The relevant text from Section 4 "IPv6 Extension Headers" in <draft-ietf-6man-rfc2460bis-04.txt>
>> 
>>   Extension headers must never be inserted by any node other than the
>>   source of the packet.  IP Encapsulation must be used to meet any
>>   requirement for inserting headers, for example, as defined in
>>   [RFC2473].
>> 
>> This text was added to the draft in version —01 published on 2 November 2015.
>> 
>> The question is if this text was the original intent of rfc2460.  That would allow it to be part of rfc2460bis going to Internet Standard.  If it is a change, then it should not be included.
>> 
>> In my personal view (as one of the authors of rfc2460), I think it was the original intent to not allow extension headers to be inserted.  My thinking is that not allowing extension headers to be inserted is related the design of IPv6 that includes only supporting fragmentation at the source.  IPv4 allows the addition of options resulting in changing the header length, but it includes per-hop fragmentation so any resulting MTU issues can be dealt with.  Even IPv4 fragments can be fragmented.  I think it is a consequence of IPv6 not allow per-hop fragmentation, that extension headers were not intended to be inserted along the path to the destination.
> 
> I think this exactly correct. I did a bit of archaeology and found the message
> where Steve Deering summarised the issues resolved before RFC 1883 (the predecessor
> of RFC 2460) was published in 1995. I've attached it below - look just after
> "rejected at the Stockholm meeting" i.e. IETF 33. The comment that triggered
> it was in message (IPng 346) from Charlie Lynn sent 30 June 1995.
> 
> [I knew my mail archives would be useful one day.]

Stunning recollection powers Brian!

The paragraph you point to, i.e.:

	"reasons for rejection: insertion of extension headers en-route breaks
     	PMTU-discovery and can result in ICMP error messages being sent to
     	non-guilty parties.  The desired effect can be achieved, and those
     	problems avoided, by using en-route encapsulation (with optional
     	Routing Header) rather than header insertion.”

still seems valid to me, and thus I agree with Bob’s proposal. Whether the above rationale is also included is an additional question.

For example, in section 2.2 ofdraft-ietf-6man-segment-routing-header, it states: "At the ingress node of an SR domain where the ingress node receives an IPv6 packet and encapsulates it into an outer IPv6 header followed by a Segment Routing header."

Tim

>    Brian
> 
>> Note, I think it would be fine for someone to document how to do extension header insertion, as long as they describe how it works, and how to deal issues like MTU problems.  This can be be an update to rfc2460bis (after it is published).
>> 
>> However, I do not think leaving the rfc2460bis text in an ambiguous state on this topic is a good idea.
>> 
>> Comments?
>> 
>> Thanks,
>> Bob
> 
> -------- Forwarded Message --------
> Subject: (IPng 609) changes to Last Call'ed specs
> Date: Sun, 27 Aug 1995 20:59:26 PDT
> From: Steve Deering <deering@parc.xerox.com>
> To: ipng@sunroof.eng.sun.com
> CC: deering@parc.xerox.com
> 
> At the request of our ADs, I prepared the following list of agreed-upon
> changes and outstanding issues with the set of specs that underwent
> IETF-wide Last Call in June and July.  Please let me know of any errors
> or omissions.
> 
> Steve
> 
> ===================================
> 
> IPv6 Specification
> ------------------
> 
> The following changes were posted to the IETF list immediately following
> the Last Call, so I think we can consider them to also have been Last Called:
> 
>  - In the examples of how to lay out options, on page 29, two places
>    where it says "Hdr Ext Len=1" should be "Hdr Ext Len=3"
>    (reported by Hamid Asayesh).
> 
>  - In section 6, Flow Labels, I forgot to include the Priority field
>    in the list of fields that must have the same value for all
>    packets in the same flow (reported by Markus Jork).
> 
>  - The description of what the Jumbo Payload Length field covers
>    should be made clearer (reported by Christian Huitema).
> 
> The following changes were proposed by Charlie Lynn in the only "formal"
> response to the Last Call, and accepted at the first ipngwg meeting in
> Stockholm:
> 
>  - For options containing data that can change en-route (and which therefore
>    have the third-highest-order bit of their Option Type set to 1), make it
>    clear that *all* bytes of the Option Data field are to be excluded from
>    the Authentication function, and explain that "excluded" means "treated
>    as if they were all zero-valued bytes".
> 
>  - Change the Routing Header to enable it to be ignored by final destinations
>    that do not understand the Routing Type.  In Stockholm, Deering proposed,
>    and the attendees agreed with, the following revised format for the
>    first 32 bits of the Routing Header, for all Routing Types:
> 
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>     |  Next Header  |  Hdr Ext Len  |  Routing Type | Segments Left |
>     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>     |                                                               |
> 
>    where
> 
> 	Hdr Ext Len   is the length of the header in 8-octet units, not
> 	              including the first 8 octets
> 
> 	Segments Left is the number of "legs" left to traverse in the
>                      route; if this value is zero, the receiver may
> 	              ignore this header (i.e., it indicates that the
> 	              route has been completed), whether or not the
> 	              receiver understands the Routing Type
> 
> The following additional changes were agreed to either on the mailing list
> or in the Stockholm meetings:
> 
>  - "Improve" the host/router terminology.  What I propose to do is add a
>    footnote to the terminology section saying something like this:
> 
> 	* it is possible, though unusual, to have a device with multiple
>          interfaces configured to forward non-self-destined packets
>          arriving from some set (fewer than all) of its interfaces, and
> 	  to discard non-self-destined packets arriving from its other
> 	  interfaces.  Such a device must obey the protocol requirements
> 	  for routers when receiving packets from, and interacting with
> 	  neighbors over, the former (forwarding) interfaces.  It must
> 	  obey the protocol requirements for hosts when receiving packets
> 	  from, and interacting with neighbors over, the latter (non-
> 	  forwarding) interfaces.
> 
>    Comments?
> 
>  - Clarify the operation of Type 0 Routing Header by giving an example,
>    showing the values of the header fields on each segment of the route.
> 
>  - Clarify the handling of options, extension headers, Next Header fields,
>    etc. for fragmented packets by giving a few examples of packets before
>    and after fragmentation (suggested by Dimitry Haskins and others).
> 
>  - Specify that fragments cannot reassemble to form a jumbogram (suggested
>    by Craig Metz).
> 
> 
> ICMPv6 Specification
> --------------------
> 
>  - Add note warning about the possibility of upper-layer header being
>    truncated from the returned packet in an error message, due to large
>    number of extension header bytes, which can defeat delivery of the
>    error message to the guilty upper-layer protocol instance.
> 
>  - Delete description of pseudo-header, replacing it with a reference to
>    the description in the IPv6 spec (suggested by Alistair Bell and
>    Marc Hasson).
> 
>  - Correct example of usage of the pointer in the Parameter Problem
>    message on page 15, by changing "48" to "40" (reported by Dimitry
>    Haskins and Francis Dupont).
> 
>  - Note that there is another exception to the "no ICMP error messages
>    in response to multicasts" rule, which is "unrecognized option"
>    Parameter Problem messages in response to options with high-order
>    bits "10..." (reported by Dimity Haskins).
> 
> Address Architecture Document
> -----------------------------
> 
>  - Add definition of "link-local address" to the terminology section
>    (suggested by Jim Bound).
> 
>  - Specify that "::" is a legal text representation of the Unspecified
>    (all-zeros) Address (suggested by Francis Dupont).
> 
> ===================================
> 
> The following suggestions in Charlie Lynn's formal response to the Last Call
> were rejected at the Stockholm meeting:
> 
>  - Add a bit to the Routing Header indicating whether or not it was
>    inserted into the packet en-route, i.e., by a node other than the
>    packet's originator.
> 
>      reasons for rejection: insertion of extension headers en-route breaks
>      PMTU-discovery and can result in ICMP error messages being sent to
>      non-guilty parties.  The desired effect can be achieved, and those
>      problems avoided, by using en-route encapsulation (with optional
>      Routing Header) rather than header insertion.
> 
>  - Change ICMP error messages to contain explicit fields identifying the
>    upper-layer protocol to which the error message should be delivered.
> 
>      reasons for rejection: considered unnecessary complexity to handle the
>      rare case of truncation of transport header from the returned packet
>      because of too many extension header octets.  Such error messages are
>      still usable for problem diagnosis other than in the upper-layer
>      itself, e.g., if logged at IPv6 layer or observed in a packet trace.
>      Will add warning to the ICMPv6 spec about consequences of long
>      extension header on ICMP error message dispatching.
> 
>  - Change Security Considerations section of ICMPv6 spec to specify when
>    and how to include an Authentication Header in ICMP error messages.
> 
>      reasons for rejection: group consensus that this belongs in aa
>      IPsec spec instead.
> 
> ===================================
> 
> The following issues and suggestions have been discussed on the mailing list
> since the base specs went to Last Call, but no group consensus on these issues
> has been reached yet:
> 
>  - Fragmentation issues:
> 	- change the minimum reassembly buffer size to a number larger
> 	  than 576?
> 	- specify that sources of fragmented packets must use the minimal
> 	  number of fragments required to fit in the perceived PMTU?
> 	- specify that all fragments with the M bit set must be no less
> 	  than 7 octets shorter than the perceived PMTU?
> 	- specify that all fragments with the M bit set must be no shorter
> 	  than 576 octets?
> 	- ignore fragments that partially overlap other fragments of the
> 	  same packet, or discard any packet that arrives as partially
> 	  overlapping fragments?
> 
>  - Routing Header issues:
> 	- add a "Total Length" field to the fragment header, carrying the
> 	  length of the original, unfragmented packet?
> 	- forbid forwarding of packets with Routing Headers by hosts?
> 	  (if not, make it clearer that hosts are expected to forward
> 	  packets with Routing Headers, if they are intermediate targets
> 	  of such packets.)
> 	- specify the reversing rules for packets that are responses to
> 	  packets that carry a Routing Header?
> 	- forbid or discourage reversal of an unauthenticated Routing Header?
> 	- forbid or discourage acceptance of a packet with an unauthenticated
> 	  Routing Header?
> 
>  - Allow the transport-layer checksum to be omitted when the Authentication
>    header (or the ESP header?) is being used?
> 
>  - Add a Congestion Indication bit to the base IPv6 header?
> 
>  - Add MUST/SHOULD/MAY conformance requirements for all IPv6 fields and
>    functions?
> 
>  - Build a single Terminology document, to be shared (either by reference
>    or inclusion) in all IPv6-related specs?
> 
>  - Allow the use of zero in the UDP Length field to indicate that the UDP
>    length should be derived from the Jumbogram Option?
> 
> Note: the above list does not include issues concerning those specs that
> have not yet been subjected to WG or IETF Last Call, e.g., the Neighbor
> Discovery spec.
> 
> ------------------------------------------------------------------------------
> IETF IPng Mailing List		      FTP archive: ftp.parc.xerox.com:/pub/ipng
> IPng Home Page:          http://playground.sun.com/pub/ipng/html/ipng-main.html
> Direct all administrative requests to majordomo@sunroof.eng.sun.com
> 
> 
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email