IETF Logo Mail Archive

Re: Other use cases for header insertion (was Re: Header Insertion and TI-FA)

Tom Herbert <tom@herbertland.com> Wed, 13 May 2020 14:56 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C51BC3A0C9E for <ipv6@ietfa.amsl.com>; Wed, 13 May 2020 07:56:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ktY0rlsIRxNq for <ipv6@ietfa.amsl.com>; Wed, 13 May 2020 07:56:33 -0700 (PDT)
Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E8243A0C9A for <6man@ietf.org>; Wed, 13 May 2020 07:56:33 -0700 (PDT)
Received: by mail-ej1-x62f.google.com with SMTP id o10so14465201ejn.10 for <6man@ietf.org>; Wed, 13 May 2020 07:56:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Xlx358fgnEUycAbf1lF9vvWAfH3YwFXrO9xdEgGDOOY=; b=EjyYwUHcerl3tScK7iroS5TD8h+E541cgQfvKQsZFNBbw9WT11fjOPo8VdCxoE4E9N TN0y9Guz2XSv2048cLEKSSXvPcP6KACzNtar2X7vmWAgL8aFit/RG7h1CfJAHFqRKxRn SlyoZds9M+VxFiMK+oA9tE7pEeovtbNATDZAv87dhqlaOTzkeLRuyKaXKqmOh2mKpW2w QhgRzspf25m11bEOyCRQyzSlFJgw0QMm4BhNRyocSO2pWyKVyvbr0Q7d1BgRvxLfl4at +kkh23o4yOUtP+q2x9bGjb1IiyqWVuE/mVBy6NIKpUSW4OSkaKqfV5xVjKIOg/fty7+3 rE3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Xlx358fgnEUycAbf1lF9vvWAfH3YwFXrO9xdEgGDOOY=; b=TcrJ+BcVmLV06j1TE8WietN8y65Fz8TmhdNwULveuUoW5FnIHkwnByzzqLaZZsDE34 sMeARyW2PGVjqZAO9vDeE/FFCfrSLSj4lO8yEx94dRMJONfPc+b5TH4C9npORF+I9txh ivP09reCBe3rjIcXmEZ652yPev0z2duiPzrarNL1wVud/5JKMPwfVsStHEBYhODwknXx 7Geu4HeiJ6/glWmopwkWAb3B2m9/E3AD75cLKYfp26aJ+uUIxRQLln1P1aqTrmSfjfsT U/eAJozz0dmL00PZerT/R5RL5To3s8jxDM5SI6TK07LMDH3JFKz49GGAWRXYnhrp1wiH UA9A==
X-Gm-Message-State: AGi0Pua10F4qOEUAr0tLH8I1rX5rzj6I0fSIi4JX/q1Tf+zwH4YOTzfq SFDKyS46KeJVTt20Qo+xsL5UkgUATsdQhis6IgTcuA==
X-Google-Smtp-Source: APiQypIggNr5o3z7tLJBygFOPJvgTpiZfm6ApuieLCLbrPbJMuT3hejMcC0fBQrbmeytPerfrMvtSFc+dlbfxI6m56w=
X-Received: by 2002:a17:906:328c:: with SMTP id 12mr21211639ejw.69.1589381791821; Wed, 13 May 2020 07:56:31 -0700 (PDT)
MIME-Version: 1.0
References: <DM6PR05MB6348FA1FC00258ACE4FDE444AEA10@DM6PR05MB6348.namprd05.prod.outlook.com> <CALx6S35EncqhfBCP0aZHqBQ2MBT1VSxpRUB59dOTBpP4wwFsjg@mail.gmail.com> <CAO42Z2yXxZCddqrWv5Ycpi8R9YcvGj-=3o+a65LyKJnf38T7KQ@mail.gmail.com> <CALx6S34=a6gcLYLi+ksFnw2ETUper3ZMog7BUz2+o64-SU0_5Q@mail.gmail.com> <CAO42Z2yrfL0fHyF=sC0gK-wDgBSOYGiRMaATXHdJj3JkNryg8Q@mail.gmail.com>
In-Reply-To: <CAO42Z2yrfL0fHyF=sC0gK-wDgBSOYGiRMaATXHdJj3JkNryg8Q@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Wed, 13 May 2020 07:56:20 -0700
Message-ID: <CALx6S35FD5+L4vYMkTuAmiLeK5vFfhjNSdnYF5gWfkCiRZOv+A@mail.gmail.com>
Subject: Re: Other use cases for header insertion (was Re: Header Insertion and TI-FA)
To: Mark Smith <markzzzsmith@gmail.com>
Cc: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, 6man <6man@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/AArmLGuVFOV0DsOxPIdXXR_OFvc>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 May 2020 14:56:36 -0000

On Tue, May 12, 2020 at 2:44 PM Mark Smith <markzzzsmith@gmail.com> wrote:
>
>
>
> Hi Tom,
>
> On Tue, 12 May 2020, 10:27 Tom Herbert, <tom@herbertland.com> wrote:
>>
>> On Mon, May 11, 2020 at 1:37 PM Mark Smith <markzzzsmith@gmail.com> wrote:
>> >
>> >
>> >
>> > On Tue, 12 May 2020, 00:50 Tom Herbert, <tom@herbertland.com> wrote:
>> >>
>> >> On Mon, May 11, 2020 at 5:58 AM Ron Bonica
>> >> <rbonica=40juniper.net@dmarc.ietf.org> wrote:
>> >> >
>> >> > Folks,
>> >> >
>> >> >
>> >> >
>> >> > Happy Monday!
>> >> >
>> >> >
>> >> >
>> >> > As I was painting this weekend, I remembered that the use-case for IPv6 Header insertion is TI-LFA. This made the following questions come to mind:
>> >> >
>> >>
>> >> Ron,
>> >>
>> >> There is at least one other use case for IPv6 Header insertion, that
>> >> being IOAM. For example, an operator may wish to collect per packet
>> >> statistics as packets traverse its network. An ingress router would
>> >> insert headers containing IOAM, routers would annotate the
>> >> information, and the egress router is expected to consume and remove
>> >> the headers.
>> >
>> >
>> >
>> > Have a review of this draft. EH insertion is not proposed for IOAM.
>> >
>> > Deployment Considerations for In-situ OAM with IPv6 Options
>> > https://tools.ietf.org/html/draft-ioametal-ippm-6man-ioam-ipv6-deployment-02
>> >
>> Mark,
>>
>> For IOAM the assumption is that not all packets are necessarily
>> annotated for measurement and that both annotated and non-annotated
>> packets need to follow the same path in order for the the measurements
>> to be useful.
>
>
>
> I think that can be accommodated.
>
> The presence of an IOAM header in a packet is the selector of whether IOAM processing occurs, and whether an IOAM header is present when the packet leaves the node.
>
> i.e. for packet with IOAM header when it arrives at IOAM node.
>
> 1. packet is link-layer decapsulated (including IPv6 virtual-link layer (tunnel) decap)
> 2. As packet has IOAM header, IOAM info and packet passed to IOAM function to process/update IOAM information.
> 3. Once IOAM processing complete, packet's IP DA is looked up, determining egress interface and link-layer encapsulation.
> 4. The packet is link-layer encapsulated (possibly in IPv6 virtual link-layer/tunnel) with the IOAM header between the link-layer header and the IP packet, and sent on its way.

Mark,

So that would basically be per link IP-IP encapsulation . That
presumes that every possible node in the path understands and
processes the encapsulation and also there would be considerable
processing overhead at every intermediate node as opposed to just the
ingress and egress points. I think this approach would be a hard sell.

Tom

>
> for a non-IOAM packet, (standard IP forwarding, just showing for completeness)
>
> 1. packet is link-layer decapsulated.
> 2. As packet is vanilla IP, packet bypasses the IOAM function.
> 3. packet's IP DA is looked up, determining egress interface and link-layer encapsulation.
> 4. packet is link-layer encapsulated, and sent on its way.
>
> The information produced by IP DA lookups in both cases is the same, so packets with or without IOAM headers will follow the same path through the network if they have the same DA.
>
>>
>> <snip>
>
>
>>
>> >> This use case makes me think the WG should consider how to make header
>> >> insertion safe and viable.
>> >
>> >
>> > There's a need for a layer 2.5 local networking protocol that has smaller headers (and smaller addressing) than IPv6, that won't cause problems if it leaks because it is not the Internet's protocol, because all this EH insertion debate and pain is caused by people wanting to use IPv6, but not wanting to pay the IPv6 internetworking protocol overhead. They're trying to have their cake and eat it too.
>>
>> I think we need to keep an open mind. While I agree that the SR use
>> case hasn't been well explained why EH insertion is needed, I don't
>> think we can preclude that there might not be other use cases where it
>> makes sense.
>
>
> I don't think it will ever make sense to me, and I've thought about the idea of insertion verses encapsulation since the invention of 802.1Q in around the early 2000s, verses the Eth-in-Eth tunelling pre-standard solution Cisco I had deployed.
>
> 802.1Q violates the purpose of the FCS, which is a path integrity check between the frame's original source and its final destination.
>
>>
>> >
>
>
>>
>> <snip>
>>
>> A lot of people thought NAT was a hack too :-)
>
>
> It still is, and I've thought that for nearly 25 years.
>
> Here's my 3 part, 4500 word essay, from an operators point of view, on the trouble with NAT, based on my AusNOG presentation on that topic in the previous year.
>
> https://blog.apnic.net/2016/10/25/trouble-nat-part-1/
> https://blog.apnic.net/2016/10/26/trouble-nat-part-2/
> https://blog.apnic.net/2016/10/27/trouble-nat-part-3/
>
> Slides if that is TL;DR:
>
> https://www.ausnog.net/sites/default/files/ausnog-2016/presentations/1.2_Mark_Smith_AusNOG2016.pdf
>
> Getting rid of NAT is why I've spent so much of my own time on IPv6 here in the IETF.
>
>
>> My concern is if we
>> dismiss protocols becasue we view them as hacks without giving serious
>> consideration to how they might be made to work reasonably,
>
>
>
> I've given it serious consideration. It's not about whether it can be made to work, to me it is about how hard it is going to be to fix it when it breaks.
>
> I consider EH insertion or EH removal so bad that I would much rather deploy IPv6 with NAT, because at least with NAT, in one of the packet directions, the NAT device overwrites the packets' source address with its own. I can troubleshoot broken NAT much easier than I'll be able to troubleshoot anonymous EH insertion or removal.
>
>
>> perhaps in
>> a limited domain, people will deploy these hacks anyway and in  fact
>> may end up doing things the are far worse (like the aforemention hacks
>> where intermediate nodes are mucking with TCP payload).
>
>
> I don't think we are obligated to accommodate and facilitate special cases that comes along, even if there is a level of popularity.
>
> IPv6 is supposed to be the general purpose Internet and internetworking protocol. Being general purpose means good enough for the majority of cases, may not be good enough for special cases.
>
> If those special cases can't compromise their requirements to suit IPv6, then they shouldn't use IPv6. They should come up with something different that is much more tailored and specialised that better suits their requirements.
>
>
> Regards,
> Mark.
>
>>
>> Tom
>>
>> >
>> > Regards,
>> > Mark.
>> >
>> >>
>> >> Tom
>> >> >
>> >> >
>> >> > How does TI-LFA work when the original packet already contains a routing header? Will it insert a second, so that the packet has two routing headers?
>> >> > How does TI-LFA work when the node directly upstream of the link (i.e., the PLR) is not a segment endpoint? Will it insert an routing header? Is that consistent with 8200?
>> >> >
>> >> >
>> >> >
>> >> >                                                                                                                         Ron
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > Juniper Business Use Only
>> >> >
>> >> > --------------------------------------------------------------------
>> >> > IETF IPv6 working group mailing list
>> >> > ipv6@ietf.org
>> >> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> >> > --------------------------------------------------------------------
>> >>
>> >> --------------------------------------------------------------------
>> >> IETF IPv6 working group mailing list
>> >> ipv6@ietf.org
>> >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> >> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email