IETF Logo Mail Archive

Re: What is necessity for SRH, and other EH, insertion/removal?

Tom Herbert <tom@herbertland.com> Wed, 18 December 2019 22:08 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9E4A120125 for <ipv6@ietfa.amsl.com>; Wed, 18 Dec 2019 14:08:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6QM9WY-zGXGS for <ipv6@ietfa.amsl.com>; Wed, 18 Dec 2019 14:08:05 -0800 (PST)
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 968E7120089 for <ipv6@ietf.org>; Wed, 18 Dec 2019 14:08:05 -0800 (PST)
Received: by mail-ed1-x52c.google.com with SMTP id bx28so2921482edb.11 for <ipv6@ietf.org>; Wed, 18 Dec 2019 14:08:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=2GIrZs1KLTT2GtY+qEvgykdREx2XVkJaN/QlzUuUuIg=; b=ip2eTCzpCFg6Uo65otc+1nSxQybuB0TzBPHZW1dtXtvAATHdM61fK3LCedLBFhuCS1 gMk+jnYkKb9TqcyE2B8nETDaSEVXvKySsIXvBMDz9nPM91ZXFAE+nUa9CS1Yew+8sWma huY63/fbXqsNrrNdkvxL+SAW9IuUsIh/RKBrVMDTcZN62kuCe9eVG+EkoY9H6J42bNz7 wm81aGMHMVP6xPLo2lALiCee5JFegykcoPVbd1RI6jcVJ7IDXcKAOu3JA3SImT74Jtk0 lVdwVuh30VMWuM47wFGWiVfjmI8bNVQL0w21v38Sbwx2VNPMazVVDC8h6j4ifHFq+j5z anHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=2GIrZs1KLTT2GtY+qEvgykdREx2XVkJaN/QlzUuUuIg=; b=PupENiMQ7vR6yycijGpnr+IhFGx0lDm5mf+ICscdzKlJwci7rZUNBa7yXnpJm281YM 4EZL7BBlfEjRYuP2T7x2up4CmtHcatcNf0pCuxn3R97vjFpp87zhdVVVb3bRS3NVzowC sRNEixjox5y0Mb2D+XY7+KMIjHJurpOSpwx1/JWtknt37DKc0a27dCdp443UOx8LZ3wr 1SxfZaoZwJ4Z/9rQK1IciVqmUvh99kYCvFGaeM47uwcBe8f7gx8DoqkuJvzXzqRaYYS6 FrIXKP/i7+fU0iDezaUNgSLtIAI2YRzy5HIFffOL/kHj7+lzNmd/rfhMp79WjVOC2Z5v x5Ow==
X-Gm-Message-State: APjAAAXBCUisCm/GaOdl8yzkn9oKjgn6kIdqs2qDe97vqnKU7uzZDYBZ bysZjgqUX1TvToEYvrCUnuaXMsC+e4Q2gVmL8T7VidfJ
X-Google-Smtp-Source: APXvYqx/goOaE605DOX3x7oWgPuZGhQAnc07cIJvQzNitGjZUhs6ChoDoWoFtyfLrmI0UoZXkZwIbNUKPAhwahC+WKg=
X-Received: by 2002:a17:906:8511:: with SMTP id i17mr5482297ejx.267.1576706883549; Wed, 18 Dec 2019 14:08:03 -0800 (PST)
MIME-Version: 1.0
References: <CALx6S34vG=L_5nw_FzxHBUy+7tbWH4dhOh8xodOfKf2oOdrarg@mail.gmail.com>
In-Reply-To: <CALx6S34vG=L_5nw_FzxHBUy+7tbWH4dhOh8xodOfKf2oOdrarg@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Wed, 18 Dec 2019 14:07:52 -0800
Message-ID: <CALx6S36g6gDJNp=unQJaGoGoMxnRpbqGni=JHvPFJ3ovmuzO4A@mail.gmail.com>
Subject: Re: What is necessity for SRH, and other EH, insertion/removal?
To: 6man <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/HzYHlhoOSUXageoE4a8E_O31iyQ>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Dec 2019 22:08:07 -0000

On Sat, Dec 7, 2019 at 9:17 AM Tom Herbert <tom@herbertland.com> wrote:
>
> Pulling this out into a separate thread. Pertinent questions are:
>
> Why is extension header insertion and removal at necessary?
>
> Why isn't the proposed alternative of IPIP encapsulation sufficient?
> (where the encapsulating headers contain the extension headers that
> would otherwise be inserted)
>
I believe that inband network telemetry (INT and IOAM ) might provide
the best motivation for extension header insertion. One of the goals
is to allow network operators to perform telemetry on packets as they
traverse their network. A telemetry header, INT or IOAM, is put into
packets on ingress to the domain and removed at egress, and
intermediate nodes modify the packet with measurement data.

Key requirements are that not all packets for a flow need to be
measured, and measured packets need to follow the same path as those
not measured  in order for the measurements to reflect what is
happening for the flow. IPIP encapsulation would change the hash that
ECMP uses so encapsulated packets might traverse a different path--
therefore it's not sufficient in this case. Extension header insertion
would maintain the routing in ECMP (although the fact that extension
headers aren't supported in IPv4 creates another problem).

Some of the inband telemetry implementations are already addressing
this by inserting the inband telemetry headers directly into the UDP
or TCP payload of existing packets and removing the inserted payload
bytes at the egress point. Since only transport payload is being
modified, the packets will be routed the same way as other modified
packets for a flow. The obvious problem with this approach is that
payload is being changed by intermediate nodes such that if the end
host were to ever receive the modified packet this could result in
silent data corruption of users' data. So this protocol mechanism is
fundamentally not robust and probably dangerous. I think this actually
makes extension header insertion, where the worst case scenario is
probably unexplained packet loss, look palatable!

Tom

> Please note, I'm asking for the technical justification of the
> protocol design, saying that it's necessary because it's already being
> deployed isn't useful in this regard.
>
> Tom

v2.23.0 | Report a Bug | By Email