IETF Logo Mail Archive

Re: I-D Action: draft-voyer-6man-extension-header-insertion-02.txt

Tom Herbert <tom@herbertland.com> Sat, 02 December 2017 18:05 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C065127ABE for <ipv6@ietfa.amsl.com>; Sat, 2 Dec 2017 10:05:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VwWrp0-f3Czm for <ipv6@ietfa.amsl.com>; Sat, 2 Dec 2017 10:05:53 -0800 (PST)
Received: from mail-qt0-x229.google.com (mail-qt0-x229.google.com [IPv6:2607:f8b0:400d:c0d::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C64801200FC for <ipv6@ietf.org>; Sat, 2 Dec 2017 10:05:52 -0800 (PST)
Received: by mail-qt0-x229.google.com with SMTP id u10so16791528qtg.2 for <ipv6@ietf.org>; Sat, 02 Dec 2017 10:05:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ZMG2dmHmYvJcDzJrLGVf9jqeyIr54WuXYfwXD+Tbb0M=; b=uxfyhx25yqwCWaD48NhNZOO4e1tk8a/5BGdxy5WFoyS865gduem3rlinZRe2Fuv+X5 2UGTpWz0V064kfNoO7srClj1ReOmAtLDoovgxZxwT50tfp2slr/H9rCic/jkQi1f4NDP 37VRM2USlioXu3dnquq55TapbzxtTw8oyOPLEYFeII97IqbEZ6vvTasBaA8jl13HNOU3 GQ6KacwupVxtAR1aGyBfGCIJ6KhkAj4sGaNwAJED3NwtqRJfk7obKN2LvPzNL3eGpSou /8f5/6+a3BWT7ZJfDQHFjKiOOOwqF67ZWXFwwZmcpnaQQr1044XLp9Gc//UGisdrjG8n mQ9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ZMG2dmHmYvJcDzJrLGVf9jqeyIr54WuXYfwXD+Tbb0M=; b=W6Wv8Orz/OnR2JIBBVpDFearhYwBojhCWavDAEl7kYkyy2m6s+yzRMhEIHK9DAjRKd J8gBxPYgt5S1SexNEXMr0jxB6HPq+JUBHqrNOqL6CQK1KWk+EwvOkw+/nJc7XQWTqDKZ ufO7SQNj9ToDKnAB0d+eLFKBJeVDT8r+DQcCMh0xRENHItytSgzmKvl5JQIQu7S809JG vj6wX7ckXxFng6+Aj5MD6R8LRcnaNCuuoaJyR/o0a1RXhx3xX27oj1d+FoXwqgDP5uC8 SwSIeQCfNkRvDZTf4Z8516+ekbDiyA2iSnpEc3Gn1QNfGG3r0/vKx37UThyXUqCC8rbb l+gA==
X-Gm-Message-State: AKGB3mJVmuE4gKdL3nix+o6oXy9pOXRj7sCXH4vvD8dYSNuKw3WEXz/E ua+OLM6hzr+vItsmGdpV7VjanSvrWOkHLDIgxJMthQ==
X-Google-Smtp-Source: AGs4zMYwT7Wh2U7rinZb4YrFYL1U3S2Pq/6MSdMgpBJlajyZZ3pu6G/mMZ7x3DIKd2fuO8bBJRZLwAh2DU8QCKLYp8g=
X-Received: by 10.200.3.158 with SMTP id t30mr14188869qtg.149.1512237951822; Sat, 02 Dec 2017 10:05:51 -0800 (PST)
MIME-Version: 1.0
Received: by 10.200.43.121 with HTTP; Sat, 2 Dec 2017 10:05:51 -0800 (PST)
In-Reply-To: <8ecf3590-5313-551e-fbb3-f95aada87a67@uniroma2.it>
References: <151120281628.21912.1099097760493570225@ietfa.amsl.com> <4ca3fd6b-4cd6-f6ac-ce03-415c2c9a4c3c@gmail.com> <f4425076-2f76-5713-2819-9d26671d56bb@si6networks.com> <4E92F160-C586-4C7B-BAEF-97C204856A8A@employees.org> <bc9d7f57-8687-7f85-8ac3-49751683232b@si6networks.com> <CA+b+ERnKbRXgFycgKd7EXMVvS1Mu_RTC5tfPbNE781TDZ49rYA@mail.gmail.com> <CAO42Z2wWSucKNouo0RxNf7pmyPErNk1bVny43qTLY6E333mpcQ@mail.gmail.com> <e41ee3ae-05ef-0a1a-505e-968323b07625@gmail.com> <CAO42Z2x2-WFyxYKpcwtm_z4WiFFf1M5oiW2=j6fXnqgUG1F8DQ@mail.gmail.com> <8ecf3590-5313-551e-fbb3-f95aada87a67@uniroma2.it>
From: Tom Herbert <tom@herbertland.com>
Date: Sat, 02 Dec 2017 10:05:51 -0800
Message-ID: <CALx6S35e0krDCLUhUQFws_gSJhtv0m_E_KQkyRQQWO=zL_=vnQ@mail.gmail.com>
Subject: Re: I-D Action: draft-voyer-6man-extension-header-insertion-02.txt
To: Stefano Salsano <stefano.salsano@uniroma2.it>
Cc: Mark Smith <markzzzsmith@gmail.com>, draft-voyer-6man-extension-header-insertion@ietf.org, 6man WG <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/HcepJEDFJTAIwQ76_KN0IOWP7NU>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Dec 2017 18:05:55 -0000

On Fri, Dec 1, 2017 at 11:15 PM, Stefano Salsano
<stefano.salsano@uniroma2.it> wrote:
> Il 2017-12-01 23:07, Mark Smith ha scritto:
>
> <snip>
>>
>>
>> I asked numerous times (at least 3 from memory), what is wrong with
>> exclusively using tunnelling for this. I think eventually Robert said
>> because of the tunnelling overhead.
>>
>> The trouble with this argument is that this draft doesn't exclusively
>> propose extension header insertion, it also describes using
>> tunnelling. The only distinction between which method to use is
>> whether the packet originates within the SR domain ("Source Domain and
>> Packet Journey") or originates externally to it ("Transit through a
>> Source Domain"). So tunnelling overhead is apparently quite acceptable
>> as long packets happen to come from outside the SR domain. I can't see
>> anything that explains why packets that originate internally can't or
>> must not be tunnelled.
>
>
> Hi Mark,
>
> with the first tunneling operation you create a new packet that originates
> in your SR domain.
>
> We definitely want it, so the further SR insertion will only be applied to
> such packets (and hosts outside the domain will not receive unexpected
> ICMP...) and we believe that it is worth paying the tunneling overhead here.
>
Stefano,

The problem is that almost all hosts are outside of the SR domain,
even ones attached to the local network. If hosts were within the SR
domain they could just source packets with the right extension headers
or encapsulation. But that is not common, especially in a public
network. So it seems likely nearly all packets would end up being
encpasulated anyway (i.e. the packet flow in section 3 will be
common).

If packets are tunneled when they enter the domain then that should
provide sufficient isolation so that the encapsulating node can use
whatever extension headers it wants (e.g. tunneling should ensure that
source hosts won't receive unexpected ICMP). But then that's not EH
insertion, that is sourcing a packet with EH in compliance with
RFC8200. The only argument for EH insertion then would be if some
intermediate node in the domain inserted something; this at least only
affects packets sourced within the domain so information is less
likely to leak out of the domain. However, in that case why not do the
segment routing at the ingress node of the domain in conjuction with
the encapsulation and avoid the complexities needed to make EH
insertion work correctly?

> We think that for further operations that require adding of SRH information
> to such packets originating in your SR domain, the SR insertion is more
> efficient than tunnelling into a new packet.
>
> This is both from the point of view of the packet size (and increase of
> packet headers size) and from the point of view of the cost of packet
> manipulation operations.
>
Packet manipulation operations where? At an intermediate node
processing is more likely to take a performance hit because of the
presence of extension headers regardles of whether they were inserted
directly or in an encapsulation,

An assumption that more bits in the packet always reduces efficiency
would be incorrect. For instance, we have shown on real hardware that
GRE/UDP/IP is more efficient than GRE/IP. This is because network
devices have optimized for processing UDP/IP as opposed to GRE/IP so
the benefits of additional eight bytes UDP header outweighs the cost.

A performance analysis based on empirical data should be in the draft
if efficiency of packet manipulation is a primary motivation.

> There can be scenarios in which you have more than one such operation to be
> applied to the packet, let us assume two. If you go for tunnelling you have
> the first encapsulation, then two more IPv6-in-IPv6 encapsulation in the
> same packet, for a total of 3 encapsulations. If you go for tunneling + SR
> insertion you only have the first encapsulation and then "simple" mangling
> of SRH header.
>
I understand how nested encapsulation could work to cross multiple
domains, I don't see how this would be done with SR insertion. Maybe
the intent is that packets will have a stack of routing headers?
Please elaborate this use case in the draft.

Tom

v2.23.0 | Report a Bug | By Email