IETF Logo Mail Archive

Re: IPv6 Anycast has been killed by LINUX patch in 2016 - who cares?

Phillip Hallam-Baker <phill@hallambaker.com> Mon, 09 August 2021 16:47 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 575753A0A1F; Mon, 9 Aug 2021 09:47:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Level:
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id InOT2LcNTISQ; Mon, 9 Aug 2021 09:47:10 -0700 (PDT)
Received: from mail-yb1-f172.google.com (mail-yb1-f172.google.com [209.85.219.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A6983A0A1D; Mon, 9 Aug 2021 09:47:10 -0700 (PDT)
Received: by mail-yb1-f172.google.com with SMTP id m193so30730085ybf.9; Mon, 09 Aug 2021 09:47:10 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Ll8S52c/WViGHWNB6JtMW5JXT49A1uqVqZIkqZ2Cbg4=; b=tHfv7DbuQ3AFVJEILewvy86zrCoL8O7/2oybvBioMrdJ0b9+mWzipmCvj5Pa0fXECh xC2RM2wid+NBMAaBrwslPFPzIrlPZTvMO7LSMNROqt4Gp5YdsB6V5W9a3pY97CgJGPMn t9AAlh4KMO0Ogoj+2K8qVGizyMFKdCzFxnTMY3G70IV/qTi/3kbGFZckJx1NOU9J2Wn0 mYsIMuQJPnbfUHDjCDixT9Y2QTRyInXDmQ8FvgVgZkaCJuoJdtndfCsT9PXshydo2w76 3pR2bv8FMxKDo2YF2JBlw39PAlhkNYe2HKshiggfbugjZmDNlVuJlG1w4bvjFMbiLji1 uQRw==
X-Gm-Message-State: AOAM530/ldlHKAdFCM0iNvO8kXTVSb+Sc8/pRCSLAx/ja6P+v+8KRn79 cLJnOgIN6QLMqgDvd0Z66ts3P9kmAMROO6jLjkU=
X-Google-Smtp-Source: ABdhPJym9gniyIQ76Xutt/cqsKRT6MYYKQbksrDEuZ3Y4c5bm28OkccUXvyak5no0GDip8G7Xnjcu6K+w2aeri5GJXQ=
X-Received: by 2002:a25:e60a:: with SMTP id d10mr30958161ybh.56.1628527629533; Mon, 09 Aug 2021 09:47:09 -0700 (PDT)
MIME-Version: 1.0
References: <CALx6S36pbw2angEmDpu5DnX2nix9KgxFs7ExU17x+JXQFs23TA@mail.gmail.com> <CALZ3u+Yt2X3faSVW7K0eaxmaQy6iA6p4=f0c4E_F4CP0tfjHYw@mail.gmail.com> <CALx6S343sL0=5wUTRSXMnhSamjTTZU=DzA9Y+dbJ4NRTu0_83w@mail.gmail.com> <CALZ3u+ad6Cecp4T+wfuKVJ4ZmnQvaCSX2njFPCN8DuctrU6uew@mail.gmail.com> <CALx6S37u=y1wX8+6d8aX-6=N1MFEqO9RwxQN5zhZnS4DLM8DcA@mail.gmail.com> <CALZ3u+bHbsdzQsHOHx-6nEe6yQBbHMDhH9_PWB=WHTchB8tj5w@mail.gmail.com> <CALx6S36MpCOh2mR+cfM__ASTdn9c4CuhxUrCnUgEv1WhORLyRg@mail.gmail.com> <CALZ3u+ZyQKUJc__HWu6drNyLSCJJ8bOsLfg1B18xwB9+HMe8GA@mail.gmail.com> <CALx6S366bXkCsyEkWCONBX5kcB9JzHU=aNF9hd+wT9FcTdShFw@mail.gmail.com> <CALZ3u+aP=v_1=w1xqfEKof7Cc6Ba3pwOYV3O=0b=NxS4hRWhiA@mail.gmail.com> <YRBdZrKV+MrrhUCG@mit.edu> <CALZ3u+aBdE3Bw3_ry+CuV4tS016c4mWewJFpr0aCbBnwj70Vzg@mail.gmail.com> <a3833e04-c123-ef52-95f9-cae80a1390e7@foobar.org>
In-Reply-To: <a3833e04-c123-ef52-95f9-cae80a1390e7@foobar.org>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Mon, 09 Aug 2021 12:46:56 -0400
Message-ID: <CAMm+LwiAbiK618+kY9JTLr7_mQd-E5TKyNsGqOLrGQoLzjJo=A@mail.gmail.com>
Subject: Re: IPv6 Anycast has been killed by LINUX patch in 2016 - who cares?
To: Nick Hilliard <nick@foobar.org>
Cc: Töma Gavrichenkov <ximaera@gmail.com>, 6man WG <ipv6@ietf.org>, Theodore Ts'o <tytso@mit.edu>, IETF discussion list <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000dd860c05c923220f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/GC4A3yx4qee5DqDe5IvGbGtG7Fg>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Aug 2021 16:47:13 -0000

We have people vigorously asserting that Linux broke IPv6 TCP over Anycast
five years ago and this is serious.

And We have people vigorously asserting that TCP over Anycast works
absolutely perfectly and there are no issues.

And they are the same people. It cannot work and not work at the same time.


As a user, I find that a lot of the commercial systems I end up having to
use are considerably less reliable than they should be. Running a real time
trading desktop over a 1Gbs pipe to a big name brokerage is not 100%
reliable which is rather surprising.

What I am objecting to here is the assumption that people can make use of
some undocumented feature that was never guaranteed to work and then insist
that the rest of the Internet maintain that feature in perpetuity. Nope,
does not work that way because however important your application is to
YOU, it is almost certainly not important to ME.


The core assumption of the Internet is that the narrow waist is an
unreliable transport which makes no guarantees. That is why TCP exists in
the first place.

Like BitCoin, deployment of TCP turns out to be immutable. Whatever clever
features people might think they can add, they cannot because TCP is a
platform feature and requires deep operating system voodoo to change.

So if you want your applications to work, you need to think about moving
away from TCP to a modern transport over UDP that takes account of the
additional capabilities and features of the network as deployed.


I would not design a DDoS resistant transport over IPv6 the same way as
over IPv4. What a waste! With 128 bits of addressing, why on earth give
everyone the same target IP address at the discovery layer??? Of course I
am going to be mixing it up.

What this discussion is doing that is useful is surfacing some of the
operational assumptions that are not supported in the infrastructure but
relied on by real installations. We will never have an exhaustive set of
such assumptions.


At the end of the day, there are two operational arguments that invariably
turn out to be false:

1) This change I am proposing to the infrastructure is so important it MUST
be deployed.
2) This feature I rely on is so important it MUST NOT ever change.

What is really strange is that these arguments seem to be the ones most
commonly made in BOFs and WG kickoffs. We have 30 years of experience
telling us that both are false but they still come up, over and over again.

Making a protocol dependent on deployment of a new DNS record is a really
good way to make sure it will never see deployment and I speak as the
author of the only new DNS record to be successfully deployed since SRV
(nope, TLSA still not in C-Panel, most people can't use it, take a look at
the business model and you will see why that isn't happening). Making a
protocol dependent on TCP fast start was another wrecking choice. The list
goes on.

An internetwork is not the same thing as a network. tThe IETF is not the
administrator of the internetwork because the distinctive feature of an
Internetwork is that there is no administrator.

v2.23.0 | Report a Bug | By Email