IETF Logo Mail Archive

Re: I-D Action: draft-voyer-6man-extension-header-insertion-02.txt

Tom Herbert <tom@herbertland.com> Tue, 28 November 2017 01:22 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EDC6126DD9 for <ipv6@ietfa.amsl.com>; Mon, 27 Nov 2017 17:22:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6aAquO_dwu2X for <ipv6@ietfa.amsl.com>; Mon, 27 Nov 2017 17:22:13 -0800 (PST)
Received: from mail-qk0-x22c.google.com (mail-qk0-x22c.google.com [IPv6:2607:f8b0:400d:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D63E1200C1 for <ipv6@ietf.org>; Mon, 27 Nov 2017 17:22:13 -0800 (PST)
Received: by mail-qk0-x22c.google.com with SMTP id p19so35061037qke.2 for <ipv6@ietf.org>; Mon, 27 Nov 2017 17:22:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=iVFmH9i3jvJ6Di/SX1W8/Hp3191HmkTQMUP7WNn2A/w=; b=EkSrbN6cftYPwTJ4kRewWlYtO7IIRJNkqKnZYOttSMhj/e6stkGc3jn5VEWGUOEZEk 4dZbTHSdzuu3o8M6WXzZGhGGYxHbdhEkx4jq1aCAgv4iYuA94P55Jf8xnDrVldojd80u y4QVWzqWXA/YHxFxHvXNdKP7h7SE78MDXhQObJ+OXiidprSI9PvB/nkTDGCGJ1UngsJl jUYRMi0lHmoWNGM5hYW5oE93ev4nmO/bQPXWBh065mm9wesJTIRrbFtHCWSnV2Adn/pZ cIFQXRdglVp9Jv0tqcL8aFdzfpbh0D+Z7ekaBjOVRy67QqoWZfQvKqneE1TsCDkk3Izr SHAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=iVFmH9i3jvJ6Di/SX1W8/Hp3191HmkTQMUP7WNn2A/w=; b=Fa324tpa1iOkd95Dy/XbTBwTE9EGLWkXZeVAOzwroaXe0h/BzTAs1W+NlE57VQlnCc ZoBtSYzS7OsbQokQ8CJsGYMtZOgAk/hMhZZ00mG6aMH/bcbUe4JpdwrnH5BVHYBI2rHz e9R2e6khB4Zplvwz1Z0abA8gn0RRQV7QSMX7Zfv4AVdmCrcahnrT6NBnrliBwdBRb3pu XbkqUH+nVxGN9oXMx689XDrv2JHd1S2WSgB45+/vpdLFA+XlyKXv2V2iCRM0/88+5UF6 xeS6CzJgI+CsyQSlbCt6jGXtSF6w4fV953LZT3IicC+nLtFifInYyqD0+dBNRUkN9sjs n5EA==
X-Gm-Message-State: AJaThX5jq+qtTA3el8eDvXozNqUcDkV/TBDRH2f8gM3vUzRuzH+wh/Jz TtfODB6KyvJVCbf2ojbgyRPwr1v0FllQBQ+3X5UxSA==
X-Google-Smtp-Source: AGs4zMbpAevsbmQeCBaUASLsXXamB/XfvWMsx7DlUsOnSFMdjeTBv0HIDrQNfMAm1l7xsue8Amwmq50cMbArzcToZlo=
X-Received: by 10.55.215.67 with SMTP id m64mr62309187qki.91.1511832132069; Mon, 27 Nov 2017 17:22:12 -0800 (PST)
MIME-Version: 1.0
Received: by 10.200.43.121 with HTTP; Mon, 27 Nov 2017 17:22:11 -0800 (PST)
In-Reply-To: <4ca3fd6b-4cd6-f6ac-ce03-415c2c9a4c3c@gmail.com>
References: <151120281628.21912.1099097760493570225@ietfa.amsl.com> <4ca3fd6b-4cd6-f6ac-ce03-415c2c9a4c3c@gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Mon, 27 Nov 2017 17:22:11 -0800
Message-ID: <CALx6S37dWDGY48YTza6Amu5s3t9LDA61uGWWLyV+cAuMOjtCgA@mail.gmail.com>
Subject: Re: I-D Action: draft-voyer-6man-extension-header-insertion-02.txt
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: draft-voyer-6man-extension-header-insertion@ietf.org, 6man <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/DYi5bUHnN3xY_sjjPFwAoS7tszo>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Nov 2017 01:22:16 -0000

On Mon, Nov 27, 2017 at 2:31 PM, Brian E Carpenter
<brian.e.carpenter@gmail.com> wrote:
> Hi,
>
> I'm probably repeating myself, but it seems clear that this draft
> in its present form will never get anywhere. Firstly I will try to
> justify this statement, and secondly I'll try to make some
> constructive suggestions.
>
> I. The problems with the current draft:
>
> I.1. No RFC is allowed to have more than five authors without
> an extremely good reason. If six or seven people have contributed
> roughly equal amounts you might just be able to persuade the
> RFC Editor to list everybody, but 18? Never.
> https://tools.ietf.org/html/rfc7322#section-4.1.1
>
> I.2. More serious is the tone, which starts with the Abstract.
> "The network operator and vendor community has clearly indicated..."
> is, to put it mildly, out of place in an IETF document. We work
> by facts and rough consensus, not by declarations by vested
> interests. I think a lot of people will simply stop reading
> the draft after that sentence.
>
> The tone needs to be rational and factual argument about why
> the proposed mechanism is both desirable and harmless. The
> abstract needs to be a factual summary.
>
> I.3. A detail is that since this draft recommends ignoring
> a rule in RFC 8200, it needs to be aimed at the standards
> track with Updates: 8200.
>
> I.4. Another detail is that in some places the draft seems
> to assume that only segment routing headers will be
> candidates for insertion. That may be true today, but
> probably not for ever.
>
+1

I'm also leary of proposals that redefine protocol behavior on the
basis that it will only be used in a controlled domain. This entails
assumptions that all devices (both intermediate devices and end hosts)
in the domain play by these rules, creates several corner cases that
need to be dealt with, and necessitates rationalization that packets
using non-interoperable protocol are never leaked out of the domain.

For instance, here is a corner case that I see...

>From the draft:

"The source domain may decide to place the IPv6 extension header
insertion where it suits its best: at the source of the packet or at
any midpoint within the source domain"

This statement implies that all hosts are under control of the source
domain, but that is not typically the case. A source host on its own
accord may create a packet with extension headers, some of which might
be the same type that intermediate devices insert and remove. It's not
clear what the disposition is of such packets and their extension
headers in in this draft.

Another question that comes to mind is why encapsulation does not work
here. That is encapsulate the packet on ingress to the domain, use
whatever extension headers are needed in the outer header, and
decapsulate on egress (i.e. this was the original "answer" to
extension header insertion). I'm guessing this might be because of
packet overhead, but it would be nice to see the reasons articulated.

Tom

> II. Constructive suggestions.
>
> I understand that the idea is to propose that this rule
> in https://tools.ietf.org/html/rfc8200#section-4 :
>
> "  Extension headers (except for the Hop-by-Hop Options header) are not
>    processed, inserted, or deleted by any node along a packet's delivery
>    path, until the packet reaches the node (or each of the set of nodes,
>    in the case of multicast) identified in the Destination Address field
>    of the IPv6 header."
>
> MAY be ignored within an administrative domain for packets that
> terminate within that domain. If that's the intention, I think
> there are several logical steps in the argument that need to
> be laid out. A lot of the ideas are already in the draft; this
> is mainly about making a clear and logical case that the whole
> community can understand.
>
> 1. Introduction, outline of use cases [1].
> 2. Precise definition of a domain and of its boundary, ingresses and egresses.
> 3. Explanation of how the class of packets eligible for header insertion are identified [2].
> 4. Explanation of how the well-known issues are avoided (PMTUD, fragmentation, IPSec).
> 5. Clear statement of what header manipulations are allowed and which devices may perform them.
> 6. Precise statement of which text in RFC 8200 is updated.
> 7. Security considerations
>
> [1] More details on use cases could be an appendix.
>
> [2] https://tools.ietf.org/html/draft-voyer-6man-extension-header-insertion-02#section-3
> is IMHO correct as far as transit packets go. But it
> should be presented as a mainstream part of the proposal,
> not as an example.
>
> I hope this is helpful.
>    Brian Carpenter
>
>
>
> On 21/11/2017 07:33, internet-drafts@ietf.org wrote:
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>
>>
>>         Title           : Insertion of IPv6 Segment Routing Headers in a Controlled Domain
>>         Authors         : Daniel Voyer
>>                           Daniel Bernier
>>                           John Leddy
>>                           Clarence Filsfils
>>                           Darren Dukes
>>                           Stefano Previdi
>>                           Stefano Salsano
>>                           Antonio Cianfrani
>>                           David Lebrun
>>                           Olivier Bonaventure
>>                           Prem Jonnalagadda
>>                           Milad Sharif
>>                           Hani Elmalky
>>                           Ahmed Abdelsalam
>>                           Robert Raszuk
>>                           Arthi Ayyangar
>>                           Dirk Steinberg
>>       Filename        : draft-voyer-6man-extension-header-insertion-02.txt
>>       Pages           : 14
>>       Date            : 2017-11-20
>>
>> Abstract:
>>    The network operator and vendor community has clearly indicated that
>>    IPv6 header insertion is useful and required.  This is notably the
>>    case when the entire journey of the packet remains in its source
>>    domain.  In such a context, it does not matter where the extension
>>    header is inserted.  The source domain may decide to place the IPv6
>>    extension header insertion where it suits its best: at the source of
>>    the packet or at any midpoint within the source domain.
>>
>>
>>
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-voyer-6man-extension-header-insertion/
>>
>> There are also htmlized versions available at:
>> https://tools.ietf.org/html/draft-voyer-6man-extension-header-insertion-02
>> https://datatracker.ietf.org/doc/html/draft-voyer-6man-extension-header-insertion-02
>>
>> A diff from the previous version is available at:
>> https://www.ietf.org/rfcdiff?url2=draft-voyer-6man-extension-header-insertion-02
>>
>>
>> Please note that it may take a couple of minutes from the time of submission
>> until the htmlized version and diff are available at tools.ietf.org.
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>>
>> _______________________________________________
>> I-D-Announce mailing list
>> I-D-Announce@ietf.org
>> https://www.ietf.org/mailman/listinfo/i-d-announce
>> Internet-Draft directories: http://www.ietf.org/shadow.html
>> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email