On "usable extension headers" and RFC7872
Fernando Gont <fgont@si6networks.com> Mon, 02 December 2019 10:21 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09034120073 for <ipv6@ietfa.amsl.com>; Mon, 2 Dec 2019 02:21:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ki0k5baSCY-2 for <ipv6@ietfa.amsl.com>; Mon, 2 Dec 2019 02:21:48 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83FC5120041 for <6man@ietf.org>; Mon, 2 Dec 2019 02:21:48 -0800 (PST)
Received: from [192.168.3.69] (unknown [190.192.64.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id DBF3985FC1; Mon, 2 Dec 2019 11:21:43 +0100 (CET)
To: "6man@ietf.org" <6man@ietf.org>
From: Fernando Gont <fgont@si6networks.com>
Subject: On "usable extension headers" and RFC7872
Autocrypt: addr=fgont@si6networks.com; prefer-encrypt=mutual; keydata= mQINBE5so2gBEACzBQBLUy8nzgAzSZn6ViXT6TmZBFNYNqTpPRvTVtUqF6+tkI+IEd9N2E8p pXUXCd0W4dkxz6o7pagnK63m4QSueggvp881RVVHOF8oTSHOdnGxLfLeLNJFKE1FOutU3vod GK/wG/Fwzkv9MebdXpMlLV8nnJuAt66XGl/lU1JrNfrKO4SoYQi4TsB/waUQcygh7OR/PEO0 EttiU8kZUbZNv58WH+PAj/rdZCrgUSiGXiWUQQKShqKnJxLuAcTcg5YRwL8se/V6ciW0QR9i /sr52gSmLLbW5N3hAoO+nv1V/9SjJAUvzXu43k8sua/XlCXkqU7uLj41CRR72JeUZ4DQsYfP LfNPC98ZGTVxbWbFtLXxpzzDDT8i3uo7w1LJ2Ij/d5ezcARqw01HGljWWxnidUrjbTpxkJ9X EllcsH94mer728j/HKzC9OcTuz6WUBP3Crgl6Q47gY5ZIiF0lsmd9/wxbaq5NiJ+lGuBRZrD v0dQx9KmyI0/pH2AF8cW897/6ypvcyD/1/11CJcN+uAGIrklwJlVpRSbKbFtGC6In592lhu7 wnK8cgyP5cTU+vva9+g6P1wehi4bylXdlKc6mMphbtSA+T3WBNP557+mh3L62l4pGaEGidcZ DLYT2Ud18eAJmxU3HnM8P3iZZgeoK7oqgb53/eg96vkONXNIOwARAQABtCVGZXJuYW5kbyBH b250IDxmZ29udEBzaTZuZXR3b3Jrcy5jb20+iQJBBBMBAgArAhsjBQkSzAMABgsJCAcDAgYV CAIJCgsEFgIDAQIeAQIXgAUCTmylpQIZAQAKCRCuJQ1VHU50kv7wD/9fuNtTfxSLk3B3Hs3p ixTy8YXVjdkVwWlnJjFd7BOWmg7sI+LDhpjGfT6+ddOiwkumnvUZpObodj4ysH0i8c7P4C5t F9yu7WjklSlrB5Rth2CGChg5bKt541z2WHkFFxys9qBLmCSYDeKQkzLqhCjIUJizY2kOJ2GI MnSFDzJjhSFEh//oW830Y8fel1xnf/NVF+lBVtRMtMOfoWUqDjvP3sJ1G4zgkDCnF0CfncLx +hq2Mv26Uq9OTzvLH9aSQQ/f067BOkKAJKsfHdborX4E96ISTz57/4xECRSMr5dVsKVm4Y// uVIsb+L5z+a32FaiBZIAKDgnJO7Z8j6CV5e5yfuBTtX52Yi9HjYYqnYJGSDxYd6igD4bWu+7 xmJPHjkdqZgGV6dQIgiUfqkU+s5Cv350vK48CMaT/ZLo2BdsMhWsmaHmb+waePUMyq6E4E9x 9Js+EJb9ZiCfxS9exgieZQpet1L36IvhiwByvkQM009ywfa30JeMOltUtfLi5V06WQWsTzPL 5C+4cpkguSuAJVDTctjCA0moIeVDOpJ8WH9voQ4IeWapQnX35OIoj1jGJqqYdx65gc1ygbyx b8vw+pJ9E5GLse5TQnYifOWpXzX9053dtbwp/2OVhU4KLlzfCPCEsoTyfu9nIZxdI2PMwiL5 M85BfjX4NmwBLmPGoLkCDQRObKNoARAAqqXCkr250BchRDmi+05F5UQFgylUh10XTAJxBeaQ UNtdxZiZRm6jgomSrqeYtricM9t9K0qb4X2ZXmAMW8o8AYW3RrQHTjcBwMnAKzUIEXXWaLfG cid/ygmvWzIHgMDQKP+MUq1AGQrnvt/MRLvZLyczAV1RTXS58qNaxtaSpc3K/yrDozh/a4pu WcUsVvIkzyx43sqcwamDSBb6U8JFoZizuLXiARLLASgyHrrCedNIZdWSx0z0iHEpZIelA2ih AGLiSMtmtikVEyrJICgO81DkKNCbBbPg+7fi23V6M24+3syHk3IdQibTtBMxinIPyLFF0byJ aGm0fmjefhnmVJyCIl/FDkCHprVhTme57G2/WdoGnUvnT7mcwDRb8XY5nNRkOJsqqLPemKjz kx8mXdQbunXtX9bKyVgd1gIl+LLsxbdzRCch773UBVoortPdK3kMyLtZ4uMeDX3comjx+6VL bztUdJ1Zc9/njwVG8fgmQ+0Kj5+bzQfUY+MmX0HTXIx3B4R1I1a8QoOwi1N+iZNdewV5Zfq+ 29NlQLnVPjCRCKbaz9k6RJ2oIti55YUI6zSsL3lmlOXsRbXN5bRswFczkNSCJxJMlDiyAUIC WOay7ymzvgzPa+BY/mYn94vRaurDQ4/ljOfj6oqgfjts+dJev4Jj89vp8MQI3KJpZPEAEQEA AYkCJQQYAQIADwUCTmyjaAIbDAUJEswDAAAKCRCuJQ1VHU50km4xEACho45PZrUjY4Zl2opR DFNo5a6roTOPpgwO9PcBb3I5F8yX2Dnew+9OhgWXbBhAFq4DCx+9Gjs43Bn60qbZTDbLGJ/m 8N4PwEiq0e5MKceYcbetEdEUWhm5L6psU9ZZ82GR3UGxPXYe+oifEoJjOXQ39avf9S8p3yKP Diil0E79rn7LbJjMcgMLyjFg9SDoJ6pHLtniJoDhEAaSSgeV7Y745+gyMIdtQmrFHfqrFdjq D6G0HE+Z68ywc5KN67YxhvhBmSycs1ZSKAXv1zLDlXdmjHDHkU3xMcB+RkuiTba8yRFYwb/n j62CC4NhFTuIKOc4ta3dJsyXTGh/hO9UjWUnmAGfd0fnzTBZF8Qlnw/8ftx5lt4/O+eqY1EN RITScnPzXE/wMOlTtdkddQ+QN6xt6jyR2XtAIi7aAFHypIqA3lLI9hF9x+lj4UQ2yA9LqpoX 6URpPOd13JhAyDe47cwsP1u9Y+OBvQTVLSvw7Liu2b4KjqL4lx++VdBi7dXsjJ6kjIRjI6Lb WVpxe8LumMCuVDepTafBZ49gr7Fgc4F9ZSCo6ChgQNLn6WDzIkqFX+42KuHz90AHWhuW+KZR 1aJylERWeTcMCGUSBptd48KniWmD6kPKpzwoMkJtEXTuO2lVuborxzwuqOTNuYg9lWDl7zKt wPI9brGzquUHy4qRrA==
Message-ID: <3ab3df9d-eaec-1ea2-e3f3-0ddf856c9ecf@si6networks.com>
Date: Mon, 02 Dec 2019 07:19:49 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/GbDDE3FuxQSKpkYf6xSEe-0dP20>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Dec 2019 10:21:51 -0000
Folks, It seems I've experienced some email issues and have missed some of the emails in this threads. So my apologies for breaking the "thread" with this one. Some comments regarding RFC7872, and related discussion on the recent thread: * RFC7872 was produced at a time when there were claims that ipv6 fragments were dropped in the network, but when I asked about actual measurements, folks didn't point to any measurements backing such claims. We were not pursuing any specific results/claims, but just tried to find empirical data on the topic. * In order to e.g. find where in the network packets were being dropped, I ended up bulding an EH-enabled traceroute (EHs were not supported in popular implementations of traceroute). Once the tool was finished, I did some preliminar measurements. The results were way worse than expected... to an extent that I assumed there was a bug in the tools, so I ended up reviewing the code for at least a few days. The fine folks at RIPE Atlas ended up implementing EH support in their toolkit, which enabled Jen's measurements (see below). * While not included in RFC7872, I also did the same sort of measurements for IPsec-related EHs, with similar results. So empirical results seem to indicate that there is a general issue with EHs. And the rationale provided by operators (draft-gont-v6ops-ipv6-ehs-packet-drops, see bellow) seems to explain those numbers. * Besides the measurements we did in RFC7872, Jen did independent measurements with RIPE Atlas, and also got high packet drop rates: http://iepg.org/2014-07-20-ietf90/iepg-ietf90-ipv6-ehs-in-the-real-world-v2.0.pdf * Geoff did independent measurements wrt fragmentation, and got similar results: http://www.potaroo.net/presentations/2017-10-25-xtn-hdrs-dns.pdf and https://ripe78.ripe.net/presentations/41-2019-05-23-ipv6-fail.pdf * Eric did yet other independent measurements: https://datatracker.ietf.org/meeting/95/materials/slides-95-maprg-6.pdf and https://www.ipv6council.be/IMG/pdf/13-vyncke-extension_headers_on_the_Internet.pdf * RFC7872 was never meant to throw any results regarding limited network domains. In fact, if we had been able to measure "limited domains", they wouldn't be "limited domains" in the first place. Would they? And, besides, it would be pointless to publishe results on limited domains -- you can always build your own domain in which you can create your own reality. * RFC7872 documents in great detail how we obtained the results we obtained. That means that rather than resorting to wishful thinking or guesswork, we did our best not only to show results, but also to explain how we did our measurements, such that if folks believed our methodology had issues, or there were other things to be measured, they could improve on what we did. (For instance, Geoff did find that other measurements were warranted (see above)). * So... why are packets with EHs dropped? Well, at the time, the draft that eventually became RFC7872 discussed why operators block them (when they "intentionally" do so). Folks eventually argued that such discussion was an invitation for people to drop them (?!), and hence the discussion ended up in a separate document: draft-gont-v6ops-ipv6-ehs-packet-drops. As the reader may see, the document shows reasons other than "we are the dest AS and know better what EHs (if any) our hosts are expecting". * I might be wrong, but probably due to the discussion on this topic, is why we had this invited talk at IEPG <http://iepg.org/2015-11-01-ietf94/IEPG-RouterArchitecture-jgs.pdf> with insights on the challenges posed by IPv6 EHs. * If there's any lessons *I* can take from RFC7872 is that, what was welcome, seemed to be widely accepted and well understood in operational forums like IEPG, resulted controversial (to some) in IETF circles. And while in some forums the measurements were welcome, in others it seemed like an invitation to shoot the messenger(s) -- as if we were the ones dropping the packets, or we were happy about the packet drops. * RFC7872 originated in the v6ops wg, but was also discussed in many operational forums (iepg, ripe, lacnog, and others). That aside, the document was not only subject of a WGLC, but also of an IETC LC, and IESG review. So I personally don't get Ole's note/assumption that somehow the work/consensus of v6ops is not credible (?) (ref: https://mailarchive.ietf.org/arch/msg/ipv6/34VvkRv3wV-v1-8EOf_AI1SkdfU). At the end of the day, if you like and respect the process, you do it regardless of whether you personally agree with the outcome. * I bet all co-authors of RFC7872 (including myself) would be happy to see further measurements and analysis on the topic. In fact, we worked on the topic to get a better understanding of the topic. Thanks! Cheers, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- On "usable extension headers" and RFC7872 Fernando Gont