Re: HBH Option Header Configuration (draft-hinden-6man-hbh-processing)
Fernando Gont <fernando.gont@edgeuno.com> Wed, 09 June 2021 17:12 UTC
Return-Path: <fernando.gont@edgeuno.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75A463A1F05 for <ipv6@ietfa.amsl.com>; Wed, 9 Jun 2021 10:12:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=edgeuno.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E3T9kSWJVWBQ for <ipv6@ietfa.amsl.com>; Wed, 9 Jun 2021 10:12:39 -0700 (PDT)
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2103.outbound.protection.outlook.com [40.107.220.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DD653A1F03 for <ipv6@ietf.org>; Wed, 9 Jun 2021 10:12:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YWbXOSScaVYhnKirpNPsqDcLdQ3Qklpr49ckc+70l8kLV8jD0BZmdSkyjtX6OWs5YUfxfp+WGq5R2YMv7LYzj7KAqBzEftkM8FNnZcBBNod2zWNvn+w2VxUJy5/b/3IE91bOTalf+eXVGNFngDYBMmTl55LBB7mzOQcDK1dRvPoQpxqw9mZ6dKRuq8VMAk1FLoza1g/GkfoR8Gc0rBY/flH5LG4CWgu1M4sgp4ZaU6fE0JKXPUS/JzuLE3rnfo14yCCO0GDo1o6IlAIkCAIdFZ60z4mZ+dnVvWDKHCNXCJdHIynLhDWhwz1ZE/2SAkzuAfZx3o7JkzNkk2d7fIHE1w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cOFBecOOOLLNAHnL1KuTFalcH6X3XRhieixBiMyHiTU=; b=TkOxYnzX3cngJQALtnORQ1o+gCLI+Jr8orEGndaZlr5HeTOCl84MA/nC1x/6Wl+3fIAL3+vkEiERydKMcCsJvoFtv9+Qf52H6lc57+2AdStWStgbll+YY00pZwT6ATOVogjHQM3r80ECJkMmOI6YRqWEhhYY+4s68rkLPk0iXPVToD90uqSxIid/N6Ce+9E20eIC+Xmif0wsl/VdeVl5q5Qis2Ks5WXePSiCIQYOlU4FmOV/HlZQ/ySiDbXWwfBOJl8MCk+OvBu9lphIDnFVtre9E81vkY+eRzfzCWXP0hFj+xAS9mu3nRNWSjTHIli41Q/nUS/nN2XavI2EgJ39dw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=edgeuno.com; dmarc=pass action=none header.from=edgeuno.com; dkim=pass header.d=edgeuno.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=edgeuno.onmicrosoft.com; s=selector1-edgeuno-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cOFBecOOOLLNAHnL1KuTFalcH6X3XRhieixBiMyHiTU=; b=WqvUU+8MFgpoa4FoIX06xyx0RVMlanDB2+NLlOwrrbu/+nS36HjPSQ61iIzJc5cHYoFx0TTD6vGeeuCw5X46Je0LUbbon0h+n68V3X/s5dL/X2pWKvAArdiqc+X0b6THphCvFHn8u6yW839k8I9HNjf8I7h2JXyOUAXUqt2At2k=
Received: from SJ0PR05MB7514.namprd05.prod.outlook.com (2603:10b6:a03:2eb::6) by BYAPR05MB6520.namprd05.prod.outlook.com (2603:10b6:a03:ee::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4219.17; Wed, 9 Jun 2021 17:12:36 +0000
Received: from SJ0PR05MB7514.namprd05.prod.outlook.com ([fe80::59c9:fcf7:eeea:1148]) by SJ0PR05MB7514.namprd05.prod.outlook.com ([fe80::59c9:fcf7:eeea:1148%8]) with mapi id 15.20.4219.021; Wed, 9 Jun 2021 17:12:35 +0000
From: Fernando Gont <fernando.gont@edgeuno.com>
To: "bob.hinden@gmail.com" <bob.hinden@gmail.com>, "ipv6@ietf.org" <ipv6@ietf.org>
Subject: Re: HBH Option Header Configuration (draft-hinden-6man-hbh-processing)
Thread-Topic: HBH Option Header Configuration (draft-hinden-6man-hbh-processing)
Thread-Index: AQHXXKHZshcTXWR0/0yFwI0mtOb9n6sL6/+A
Date: Wed, 09 Jun 2021 17:12:35 +0000
Message-ID: <7f64a647efa75ef19c60b86a036e367d9c140381.camel@edgeuno.com>
References: <90F1C7DD-A8FF-45C1-9B9F-6E57A04AB88B@gmail.com>
In-Reply-To: <90F1C7DD-A8FF-45C1-9B9F-6E57A04AB88B@gmail.com>
Accept-Language: es-AR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Evolution 3.36.5-0ubuntu1
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=edgeuno.com;
x-originating-ip: [186.19.8.47]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 86c26f20-507e-4be5-5751-08d92b69c6eb
x-ms-traffictypediagnostic: BYAPR05MB6520:
x-microsoft-antispam-prvs: <BYAPR05MB652004E38F9DB71BF21FEB43E5369@BYAPR05MB6520.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: OFTz11WXg/Iv1pCUJRqI68/VfugR5dr/FalDlxOauRw0185jX84OZnoP0iko3BPCaifTan1y5CHW6xDjnIqvEfuRqyQFoiNj4KKLDIZc+cYO55voxTtgkvmxWANR93oRGjqEt6WGHGjCMleUKcwVoeVdE4l7AMxX3k5AUrI/1lXGtdZL5fkXIdAQCi2vpTfAw6iNzt1ku9ir+rT4naPRRU+L7USa/eB0BhH7/2vjMb0gqv6GnDvKIqmLA72X9QJ06wxpntcaHZlZ5eSvMZjFzB6BCFyKP8fZ3xNavI9kqfLep7vC9Fs8F1AEdijFqCD05ZTJkrfZycTBhAqF1Dz0Pi7RGI12Z/Bz2iUAh8ODo/HWdMbgRlHa/TXiAjJ4uto5bWrjrVJ8GEfW4tHmiRRE/K2d3Ifqc8iFTpjkdw+McZH5yes0w0QPiZJpmEprCz22Okz0EMjwNwMT2DUiuRqZ6w9lGasHIrGSon7KMpcAoaVziApqb+dKqBVuh7sqZtVqeNr3gx2IZRDfQ4lxBHS5tAYAqR4F4GaXsnvI250/vKFnqYzifxy0VCtix34z6CfGvqsNPhrrQTOIMFdQ67s2bjCbLvurZ8OPIOBY4MbdqnI=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR05MB7514.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(376002)(39830400003)(366004)(346002)(136003)(2616005)(44832011)(71200400001)(478600001)(36756003)(8936002)(5660300002)(6512007)(91956017)(6486002)(76116006)(186003)(110136005)(26005)(316002)(2906002)(86362001)(66574015)(64756008)(38100700002)(66556008)(66446008)(66946007)(8676002)(66476007)(83380400001)(122000001)(6506007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: skO9BDPum3KiGd+z+PQ/90+/lOHVafBLhIbz9U6nGmtZRKU5juLXzqDcjwCLRowe4q1m0l1QUwxFVf79VTMNHA1gbZoOZ/OwEuqmrFNfYvrsLzWIbr4k6+UjD+ESoTVAPLYBIEaI9Ny07jRb3FRmyO2zV6YdDxgE2MQCHNQB3KWB5UTLMChBjfSef9u9qiDr+CrybYSt0BzaFtscyyTKc/NiQWAccDvFch75oxWJdpCXJDgG21NQNbvCiqyRqjPN1M1yxlDWUav7a1VqSbFcxFe17W9OHiY1PYCd7f8OpbtqpFHXKi4+IH0c9U4tyninpAJIf7uuHwmKJ8fDX01dhP0R8z3iIdQ//ECxa5QYZUjdAE8wgQNXxKBMKsmAa0xSkIo/g/shbYU3mOap1TOBGAcHP5y/xxRZJbLUYKKlAC9THUWOJ9N0JfMcJQxf8Mh5mq1nwoc59Fy34fgeRsXB+Lr6x9/4lHoguDkt0YqIz7fAOz7UjoSnmLk5wB3JHkFwLIOr0CdQ6RFIq6EXmaMXKwrgG9irw6pueF+P8Xso4RmV3s7VJb+MA5MJko44JALXwh6ffHyD0VSjv99JQzP7w8xVmczSkeSkH/JqaeiWr7mTZ6YpumueEovdSy7mDfQF6H+mFo8SjccvWAyUNGhFaq6ulSDJAA45/iHsUDt8zbSX9sIfmwDVM8HApKmvl9y1pSKQij58RqO9umT6+AYxfkmhkKBAurvMd1oNc4hHHQEuNPfjcqd2wpjAE0sY6yu+Xw6Okd3QCB+WIMVo8wF2IDMxgbvgsdRIPOgVFwkF/oqpfeSBDwST8ijdEoBPOB6z2g7L4BWPIF7Qnj6La/LWVW+zlJAvg80iKj51j0/SS1oH1ZB1Q06wbMA0BObQFc4u/C7hNQDGOGE9cK+5ndDMQYZAEhlW7dT9dY9jNMYQwl73fBzzhq1RtvNmt1eR8rQz3KZbUKfAcBFCMCQtyM+oqfr/exUiTIW/NKAAJsDvhigyqwbXsN1aKNqAsfov27Z1krSqVsXqMqIVVURcfgf5y94+dWUXiVFCOVa8+LEu4FMPyu0sY7CkunVd3HueoImb+3A/Q1Co9avHzrh9HmDC9b7DVeAewWjncribFKgWGQ4Lg/N0TA6tM1z9NA+Wr8Tpgdqfx/kzFRc0KiwAdPFaqaLffk2w4V975homN5yuaWQfcyVb00hKRmupN6uK0GZPxMCDPRyFOI9kovaGCp511Th0NgpV86JoHnjVNtdcO8SY1mgwWKhGCMQmEPNWqouJqTalKweid+6C2Et3ZdKqXDsOhjh0SFKOHiP9n6uIDgsfabvL+xYG5Htd+cI9jcp2
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <5F11C44C2AA4204D998E8C017ED2337F@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: edgeuno.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR05MB7514.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 86c26f20-507e-4be5-5751-08d92b69c6eb
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jun 2021 17:12:35.6347 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 20879dba-fabf-45da-8300-60b8ce560217
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: wifSZv3GAPST9Npm0cQZmsmc8zZS+kdlqGdFD/J4JxJBUPQ8rn8y0pRc8wDS0RabmA6rtFNHSSc57NhqB99Jj6C8uWu7uAvIS8cZ1u1bAv4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB6520
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Cu1Pl8KGFqtoBWzMYCl5XYYiULM>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jun 2021 17:12:42 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello, Bob, On Tue, 2021-06-08 at 13:06 -0700, Bob Hinden wrote: > Gorry and I are going over the comments received on draft-hinden- > 6man-hbh-processing-01, thanks very much for your comments, it is > very helpful. We are working on respond to them. > > One issue that is common to several questions is what does > configuration mean regarding HBH Option headers. Our draft and in > hindsight RFC8200 is not clear what this means. The note in Section > 4 of RFC8200: > > NOTE: While [RFC2460] required that all nodes must examine and > process the Hop-by-Hop Options header, it is now expected that > nodes > along a packet's delivery path only examine and process the > Hop-by-Hop Options header if explicitly configured to do so. > > This can be interpreted to mean a configuration flag > allowing/disallowing processing of a HBH Option Header, or specific > configuration for each HBH Option type. IMO, the above meanns "unless you have been explicitly configured otherwise, feel free to skip/ignore the HbH header". That relieves intermmediate systems from having to process HbH header, which in some cases might be unnfeasible. > draft-hinden-6man-hbh-processing-01 says: > > This document updates [RFC8200] that a > node MUST process the first Option in the Hop-by-Hop Header in the > Fast Path and MAY process additional Hop-by-Hop Options if > configured > to do so. > IMO, it's hard to enforce that requirement -- if at all possible. 1) You're assuming there is a fast-path -- maybe there isn't such a thing. 2) What if there are multiple HbH? 3) What about the option size? e.g., if the first option is, say 512 bytes long, maybe you just can't do that. 4) If processing other options is a MAY, is there any point in supporting multiple options in HbH? > Several people asked if we are proposing to remove the ability to not > process the HBH Option Header. > > We have discussed this and conclude that yes, we are proposing to > require all nodes to examine and process the first HBH Option in the > Fast Path. Not just drop packets with HBH Option Headers. This > change needs to be made clearer in the draft. While other might disagree, even if the IETF were to manage to progress this to an RFC, for the reasons specified above I really doubt this would have any impact on real devices. OTOH, we'd have a bunsh of things co-existing: 1) rfc2460 implementations, which aim to process all HbH 2) Deployed reality which drops HbH 3) RFC8200 implementations -- which ignore HbH unless required 4) draft-hinden-6man-hbh-processing, which would only process part of it. If I had any reason for even thinking about using HbH options, the above would certainly drive me away of that. > We do note that per option configuration could be set to not support > any options, that would be allowed, but it would require a router to > follow the two high order bits in the Option type that control if the > packet should be dropped or forwarded for at least the first option, > and any other options that it was configured to support. At least for infrastructure devices, that's not doable. I find it very hard for an operator to even consider processing HbH options (*), unless they have a very specific requirement to do so (say RSVP). (*) Some might extrapolate that to EHs in general :-) , but I won't get into that. ;-) Thanks, - -- Fernando Gont Director of Information Security EdgeUno, Inc. PGP Fingerprint: DFBD 63E3 B248 AE79 C598 AF23 EBAE DA03 0644 1531 -----BEGIN PGP SIGNATURE----- iQFOBAEBCgA4FiEE371j47JIrnnFmK8j667aAwZEFTEFAmDA9n8aHGZlcm5hbmRv LmdvbnRAZWRnZXVuby5jb20ACgkQ667aAwZEFTFGiQgAors1BHXz812gxmQzhv5H FUzC7+2gUeLJtgWNUamnrPUdZbMSvymYqRWRPvdviTklSJqTvGuthBgZBaEtJjDz i3QUcqjC0AFhVVOzXolfofO4s0gXSfarrl99BdOh3LwFGpXIOZJzKSTga8XvYTaC FywEDrek4+HQVNntcMOcF8lcn0RD3LrvU0NNYODoOGVXcdcMWroVujPPwleXJ9PJ ajgror9IR8QvqvPPSLJbxS0a2xnZb692YWJYCWG+lJoA7jyM1Hvex4C4ow5CbDQw v1U0+Yk0/Z9V9EriI8dwNB2WSwFw3geOq2pQaoJo02SYZX4TsbVeVThx6rT8SHD9 uQ== =7v0L -----END PGP SIGNATURE-----
- Re: HBH Option Header Configuration (draft-hinden… Nick Hilliard
- HBH Option Header Configuration (draft-hinden-6ma… Bob Hinden
- Re: HBH Option Header Configuration (draft-hinden… Brian E Carpenter
- Re: HBH Option Header Configuration (draft-hinden… Tom Herbert
- RE: HBH Option Header Configuration (draft-hinden… Pascal Thubert (pthubert)
- Re: HBH Option Header Configuration (draft-hinden… Fernando Gont
- Re: Re: HBH Option Header Configuration (draft-hi… Fernando Gont
- Re: Re: HBH Option Header Configuration (draft-hi… li_zhenqiang@hotmail.com
- Re: Re: HBH Option Header Configuration (draft-hi… Fernando Gont
- Re: Re: HBH Option Header Configuration (draft-hi… li_zhenqiang@hotmail.com