IETF Logo Mail Archive

Re: All IPv6 fields are now mutable (Re: Typo correction Re: Question from SPRING regarding draft-filsfilscheng-spring-srv6-srh-compression)

Tom Herbert <tom@herbertland.com> Sun, 17 October 2021 20:40 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 584193A0C6F for <ipv6@ietfa.amsl.com>; Sun, 17 Oct 2021 13:40:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h0OV7jQCpXHW for <ipv6@ietfa.amsl.com>; Sun, 17 Oct 2021 13:40:05 -0700 (PDT)
Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB64D3A0C6D for <ipv6@ietf.org>; Sun, 17 Oct 2021 13:40:04 -0700 (PDT)
Received: by mail-ed1-x52d.google.com with SMTP id y12so64039173eda.4 for <ipv6@ietf.org>; Sun, 17 Oct 2021 13:40:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=coNmtsUsAbK2y+i3Fyly+GaxSqn8zRr6Y66/9PcQWLw=; b=BqCtHafUvHRDptSO61RzwzZH6wXDrIfPXgKyM40/ztxBvrUqeU8rK3WpEV3axB8DGB 4KfKoMdsSIEO5VfEc5iiOzKx+psaswn/H5pjYgNjxuuRBlgJkVOdaxIYsIrBo/TiWKNd kAxpBrgSzmmDHRZrZg1NtGOO42fqGC7pUzsn6lyhsKFwYoSpIL+U+nzJSvlHi4sMbDnh keDUKDB1FsyqlDshOsS1K+ANEbvNtgwJwmhrpHw4lHp8v24i8iRgAlalsNSPmygMc6zl yeOdwofOHh2ZPYcJhEroAD+x0tOBJbujxd8Ub6FIpZxibVfcpQOuXXAouhXdeALvmScR Q5ug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=coNmtsUsAbK2y+i3Fyly+GaxSqn8zRr6Y66/9PcQWLw=; b=r5C/HMVtA/aYHLPkip/iETe3Olzjns0K0+7T0DhbWDuNXT42hzHh1TpxQsw5gmJAtq SJRX6o8ciWEMy5l4YfVvcU2a8EEDwJO+GNhp0lRlpU5IVXc0YXWl4IYKzPwQdgiFYp7b fJY3bCvmizneDvpsa3D+toQQRgTY8gHSGTdpKDt1wzijQqUZ9OSMYJArtqd34lH//bxn F6/EsslwIdaYJjZhlAY7ohhbcromNK0oUzGPjwYJf9vS6JO0q13yqnW4QauTWrtgRcgh ckvxXNZUVuMrftdtrD+92GKuBS3iElJ3SWM8OaQwTXvH2ZARzN4Be8cw0F6NZCMzI5U+ XYKg==
X-Gm-Message-State: AOAM53295dC9oLTethzcaA343rEX/9NCe05x11T2ijmSublyqbZViGKY V0LIH+9cO2ZNn0ah4JIMdPIHlONmP4kpXMjtdu6y9FxJ9gsFQw==
X-Google-Smtp-Source: ABdhPJzeVHuPLuYJzgvzoQiF0M90/aliiTx9Sr0Ub4RZQMPARY98v9eDLVPObglcLQgXq7xz1ne8PVMFrfTCpuq0NoY=
X-Received: by 2002:a17:907:3312:: with SMTP id ym18mr23954411ejb.370.1634503202630; Sun, 17 Oct 2021 13:40:02 -0700 (PDT)
MIME-Version: 1.0
References: <85fddbe9-4eb8-7d90-d246-a888fe8bdcd3@joelhalpern.com> <139d72fd-98de-f46a-767f-6a493c4facc9@joelhalpern.com> <1396_1634278622_61691CDE_1396_28_5_787AE7BB302AE849A7480A190F8B93303542C654@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CAO42Z2wvKNyYeKAZdVOh2c8G95JZuhgxumNixMWWsK9u_QDRTQ@mail.gmail.com> <1101.1634412958@localhost> <CAO42Z2yFMjPhQFrJH2eJWpYZpiM4gDS_hAEDUVj4aJO-UyTxSg@mail.gmail.com>
In-Reply-To: <CAO42Z2yFMjPhQFrJH2eJWpYZpiM4gDS_hAEDUVj4aJO-UyTxSg@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Sun, 17 Oct 2021 13:39:51 -0700
Message-ID: <CALx6S34G6a1DOWNfZxZ=XjYjFxR-kOPMMMLeQ18woUhrqwLUWQ@mail.gmail.com>
Subject: Re: All IPv6 fields are now mutable (Re: Typo correction Re: Question from SPRING regarding draft-filsfilscheng-spring-srv6-srh-compression)
To: Mark Smith <markzzzsmith@gmail.com>
Cc: Michael Richardson <mcr@sandelman.ca>, 6man WG <ipv6@ietf.org>, SPRING WG <spring@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/9n1jm3pxAanu-Z20_XjCcGJkONI>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Oct 2021 20:40:11 -0000

On Sat, Oct 16, 2021 at 4:59 PM Mark Smith <markzzzsmith@gmail.com> wrote:
>
> On Sun, 17 Oct 2021, 06:36 Michael Richardson, <mcr@sandelman.ca> wrote:
> >
> > Mark Smith <markzzzsmith@gmail.com> wrote:
> >     > In fight changing DAs also will break AH protection of the IPv6 header.
> >
> > AH is dead. It's been dead for decades.
> > I say this as an IPsec enthusiast who wishes this wasn't true.
> > But it is.
>
>
> Then all IPv6 field immutability while the packet is in flight is also dead.
>
> "Controlled domain" == redefine any field, field semantics, and field
> processing we like in an existing protocol, yet claim we're still
> using the original protocol.
>
> That has been tacitly endorsed via standards track RFC8986. The Next
> Header field is not supposed to be modified in flight per internet
> standard RFC8200, yet standards track RFC8986 specifies the behaviour
> via PSP.
>
> This SRH compression ID is redefining the IPv6 DA field semantics. It
> encodes multiple network hop destinations in the single IPv6
> destination address field.
>
> Structured Flow Label -
> https://datatracker.ietf.org/doc/draft-filsfils-6man-structured-flow-label/
> is redefining the IPv6 flow label field.
>
> This will be an operational nightmare in the future, when there are
> multiple applicable RFCs that conflict with each other. I don't want
> to have to spend time getting into arguments with vendors about which
> protocol variant RFC their implementation should or shouldn't have to
> comply with while I have 1000s, 10s or 100s of 1000s of customers
> off-line.

Mark,

I think you might be lumping together several disparate proposals in
your general claim that "IPv6 field immutability while the packet is
in flight is also dead".

When SRH was under discussion in 6man there was a lot of work to
define which fields were immutable and that is described in RFC8754.
Those definitions are sufficient to specify proper interaction between
SRH and AH, however RFC8754 knowingly breaks AH as that handling was
not specified. Some of us did object to that, but I suppose expediency
to publish the protocol won out. Nevertheless, there is nothing that
prevents someone from properly defining AH usage with SRH.

As for the IPv6 destination address, it was never defined to be an
immutable field inflight. In fact, the core operation of a routing
header is to overwrite the destination address at each intermediate
destination. NAT also changes the DA in flight, but there is a
significant difference between NAT and the routing header header
operation: when a routing header is set in a packet the sender knows
and indicates the destination address. For the purposes of AH or
transport checksum, both the sender and final receiver use this
address-- there is no ambiguity and the fact that the destination
address is mutable in flight doesn't adversely impact end to end
protocol operations that operate on the addresses.

We have seen various proposals to steal bits or redefine flow label
fields, but IMO it's unlikely any of those will ever get consensus.
Hosts routinely set the flow label as an unstructured value, and
redefining flow label semantics would be a massive retroactive change
in deployment. I would point out though, that the flow label is
technically not immutable in flight, RFC6437 allows it to be modified
by intermediate nodes for "only for compelling operational security
reasons".

Tom




>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email