Re: Proposal for changing how IPv6 Hop-by-Hop Options are processed
Gyan Mishra <hayabusagsm@gmail.com> Fri, 04 December 2020 18:25 UTC
Return-Path: <hayabusagsm@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D99573A0A83 for <ipv6@ietfa.amsl.com>; Fri, 4 Dec 2020 10:25:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f0d94LfxdWka for <ipv6@ietfa.amsl.com>; Fri, 4 Dec 2020 10:25:57 -0800 (PST)
Received: from mail-pj1-x1031.google.com (mail-pj1-x1031.google.com [IPv6:2607:f8b0:4864:20::1031]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 028CA3A0A7E for <ipv6@ietf.org>; Fri, 4 Dec 2020 10:25:57 -0800 (PST)
Received: by mail-pj1-x1031.google.com with SMTP id j13so3650079pjz.3 for <ipv6@ietf.org>; Fri, 04 Dec 2020 10:25:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UYfJRk4sj1CwW1/qCQ23qo+K2zA9tqRkT2xpUVT3S4M=; b=GGt68Qh66iJf8muOeO0jMljhMcJ4Rly3NQ3lAPheqKEWAoBNOx9e1ADqu+KJ+hogTa kWHTmf5pphikJJa5I/J7sgpjl6wwtxyJnE0vsHJlLFmspFmTbEkdpcF3wia1tRXntVHy RAPy3RSgMZ04fTWrsibHnyrGZ7I/ziy4UYsblcT7FfuSfY9ddieMeuBvqbcBUEIE1pSI mfGfoL6n/aM7EEBGxL7b9vAFtB2V3khiVCC01iLNhXDTqv+G0XAWujOdx3aH9tfZaNet IjWDlTNBWCHnNrdz+9wA7PyA5euQRsl/8PyT79ePju2IRd0OjTcF66FmfcP4Sd4eZFYJ 2Mpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UYfJRk4sj1CwW1/qCQ23qo+K2zA9tqRkT2xpUVT3S4M=; b=VNmPx+VXzaUtWUGdZzkvac1YYGBUUHuri/+3Z0vzCzWIBr5po5DY6jTjD/rOV1UQZH 2UXF8O93+u1xvU6yA6PiOLL/3b81zMU3h81/dcJsrHpORdaFT/5dzVdRSjpMoH3tHC5B fj4vaKbfIMNiiPdHKVXt+TCtDf+tPw4dlonYBdDpFgjTgo8ESesNkC00Ge19cQOcIsmu XMJvLPM/Pvem3T2aC3nkNh3Z0efGVwwtpnLUUHKvP1hsQDBjTiX/00jbVh9uJN6d42Fz nZQkupUUoQhbpQQFcWLQvu8UiFdMOLoDZNm0G5bMNXbSBJYR+Lbn6HWpSNtmsrR+UJiv iYkw==
X-Gm-Message-State: AOAM533JTX/SDTtsrnSvzDBJfIZMeVaTdz1xQTujtF4iMpGWDDFEyPpc WPIPXCAV++QMoSD63+scD3rIeJLM9F+TZyzyygU=
X-Google-Smtp-Source: ABdhPJzibHJeb6hi3gL9Zmhbjv1kKh5YmfEJNoF2hZOj0/LHjpSem+I/WfEagQyVWpAxuNH0RzIXow4TPd9xWBKnKl4=
X-Received: by 2002:a17:90a:6809:: with SMTP id p9mr5072781pjj.112.1607106356287; Fri, 04 Dec 2020 10:25:56 -0800 (PST)
MIME-Version: 1.0
References: <160703668657.9405.8891046478566468162@ietfa.amsl.com> <C573A554-9221-49C2-94AB-E552F1BA69E4@gmail.com>
In-Reply-To: <C573A554-9221-49C2-94AB-E552F1BA69E4@gmail.com>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Fri, 04 Dec 2020 13:25:34 -0500
Message-ID: <CABNhwV21bbuXe4kuVZpRz5_yeX00fwPiypAJ0cFWRkVN27HwCw@mail.gmail.com>
Subject: Re: Proposal for changing how IPv6 Hop-by-Hop Options are processed
To: Bob Hinden <bob.hinden@gmail.com>, "Gengxuesong (Geng Xuesong)" <gengxuesong@huawei.com>, Michael McBride <michael.mcbride@futurewei.com>, Xiejingrong <xiejingrong@huawei.com>
Cc: Gorry Fairhurst <gorry@erg.abdn.ac.uk>, IPv6 List <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007b9e8305b5a79b81"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/JXgDFoiPS0g5-X6Q1dYda-uHoHs>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2020 18:26:00 -0000
Hi Bob & Ron I can see the benefits of this draft as two fold. 1. Eliminating hbh ddos vector on the internet that forces operators to drop hbh. 2. Allows new applications that use hbh functionality - that requires hbh to be processed in the fast path. There are networking technologies such in IPPM WG OAM, BIERv6 etc as well as other applications that can greatly benefit form hbh processing in the fast path. The concern I have with existing hbh headers that exist well known or otherwise that would be broken that use more then one option. https://www.iana.org/assignments/ipv6-parameters/ipv6-parameters.xml I can see the byte alignment to 8 bits being valuable for processing and eliminating of all the pad options. The verbiage below seems pretty tightly focused on trying to minimize processing to single hbh option to ensure all router platforms can process in the fast path. I don’t think that is practical and used a sledge hammer to solve a problem that could be solved with a tooth pick. Maybe a one size fits all model could be detrimental as most internet backbone routers are higher end, and may not require the stringent 1 option requirement as that is the problem to be solved by with hbh being dropped on internet backbone routers. For the backwards compatibility with existing well known and other hbh with more then one option could result in the same “dropping” of hbh that occurs today with operators filtering hbh explicitly to avoid ddos vector. This is due to the stringent single hbh option requirement. Nodes creating packets with a Hop-by-Hop option headers MUST only include a single option in the packet. This also requires that all Hop-by-Hop Options MUST be 8-octet aligned. See Section 6 <https://tools.ietf.org/html/draft-hinden-6man-hbh-processing-00#section-6> for more detail. Nodes processing a packet with a Hop-by-Hop options header MUST discard the packet if there is more than one Hop-by-Hop option in that header. We have an application use case for hbh in the BIER WG for BIERv6 draft below: https://tools.ietf.org/html/draft-xie-bier-ipv6-encapsulation-08 In this draft today we encode the BIER header in the DOH options and set the option flag for en route hop by hop processing. So with that instead of the DOH being processed last it would be processed after the hbh. Per RFC 8200 we would set the 3rd highest order bit in the option type so the options data would change en route. Two of the currently defined extension headers specified in this document -- the Hop-by-Hop Options header and the Destination Options header -- carry a variable number of "options" that are type-length- value (TLV) encoded in the following format: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - | Option Type | Opt Data Len | Option Data +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - Option Type 8-bit identifier of the type of option. Opt Data Len 8-bit unsigned integer. Length of the Option Data field of this option, in octets. Option Data Variable-length field. Option-Type-specific data. The third-highest-order bit of the Option Type specifies whether or not the Option Data of that option can change en route to the packet's final destination. When an Authentication header is present in the packet, for any option whose data may change en route, its entire Option Data field must be treated as zero-valued octets when computing or verifying the packet's authenticating value. 0 - Option Data does not change en route 1 - Option Data may change en route So with the 3 highest order bits being reserved above their are only 5 bits remaining or 32 options remaining user configurable for custom options. There is not a ton of options to begin with but I think 1 is quite small. I think the DOH Header had similar identical properties of the hbh header when the 3rd higher octet is set for in route hop by hop processing specifying the data will change en route. Could this specification be extended to DOH as you can see the similarities for applicability in hop by hop en route processing flag use case that can be processed in the fast path. When you do the actual accounting or counting of the number of options being used for BIERv6 draft, if we decided to change to use hbh would we be using only 1 option I believe being the 3rd higher order bit flag for en route hop by hop processing. Would BIERv6 be in conformance with the single option setting requirement. We would ensure that when we encode the BIER header we have it 8 bit aligned boundary so we don’t require any padding bits. Kind Regards Gyan On Thu, Dec 3, 2020 at 6:16 PM Bob Hinden <bob.hinden@gmail.com> wrote: > Hi, > > Gorry and I put together a draft that proposes to change how IPv6 > Hop-by-Hop Options are processed. Links to the draft below. > > Abstract: > > This document specifies procedures for how IPv6 Hop-by-Hop options > are processed. It modifies the procedures specified in the IPv6 > Protocol Specification (RFC8200) to make processing in routers more > practical with the goal of making IPv6 Hop-by-Hop options useful to > deploy in the Internet. When published, this document updates > RFC8200. > > A very short summary is that there can only be one Hop-by-Hop option in a > Hop-by-Hop Option header, and that Hop-by-Hop Options must be process in > the fast path. > > Please read and comment on the draft (that is, not on just this email). > We think this might make Hop-by-Hop options practical to use in the > Internet. > > Bob & Gorry > > > > Begin forwarded message: > > > > From: internet-drafts@ietf.org > > Subject: New Version Notification for > draft-hinden-6man-hbh-processing-00.txt > > Date: December 3, 2020 at 3:04:46 PM PST > > To: "Robert M. Hinden" <bob.hinden@gmail.com>, "Godred Fairhurst" < > gorry@erg.abdn.ac.uk>, "Robert Hinden" <bob.hinden@gmail.com>, "Gorry > Fairhurst" <gorry@erg.abdn.ac.uk> > > > > > > A new version of I-D, draft-hinden-6man-hbh-processing-00.txt > > has been successfully submitted by Robert M. Hinden and posted to the > > IETF repository. > > > > Name: draft-hinden-6man-hbh-processing > > Revision: 00 > > Title: IPv6 Hop-by-Hop Options Processing Procedures > > Document date: 2020-12-03 > > Group: Individual Submission > > Pages: 11 > > URL: > https://www.ietf.org/archive/id/draft-hinden-6man-hbh-processing-00.txt > > Status: > https://datatracker.ietf.org/doc/draft-hinden-6man-hbh-processing/ > > Html: > https://www.ietf.org/archive/id/draft-hinden-6man-hbh-processing-00.html > > Htmlized: > https://tools.ietf.org/html/draft-hinden-6man-hbh-processing-00 > > > > > > Abstract: > > This document specifies procedures for how IPv6 Hop-by-Hop options > > are processed. It modifies the procedures specified in the IPv6 > > Protocol Specification (RFC8200) to make processing in routers more > > practical with the goal of making IPv6 Hop-by-Hop options useful to > > deploy in the Internet. When published, this document updates > > RFC8200. > > > > > > > > > > Please note that it may take a couple of minutes from the time of > submission > > until the htmlized version and diff are available at tools.ietf.org. > > > > The IETF Secretariat > > > > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > -- <http://www.verizon.com/> *Gyan Mishra* *Network Solutions A**rchitect * *M 301 502-134713101 Columbia Pike *Silver Spring, MD
- Proposal for changing how IPv6 Hop-by-Hop Options… Bob Hinden
- RE: Proposal for changing how IPv6 Hop-by-Hop Opt… Templin (US), Fred L
- RE: Proposal for changing how IPv6 Hop-by-Hop Opt… Tianran Zhou
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Tom Herbert
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Jen Linkova
- RE: Proposal for changing how IPv6 Hop-by-Hop Opt… Haoyu Song
- RE: Proposal for changing how IPv6 Hop-by-Hop Opt… Pengshuping (Peng Shuping)
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Gorry Fairhurst
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Nick Hilliard
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Tom Herbert
- RE: Proposal for changing how IPv6 Hop-by-Hop Opt… Ron Bonica
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… tom petch
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Tom Herbert
- RE: Proposal for changing how IPv6 Hop-by-Hop Opt… Ron Bonica
- RE: Proposal for changing how IPv6 Hop-by-Hop Opt… Templin (US), Fred L
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Gyan Mishra
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Tom Herbert
- RE: [EXTERNAL] Re: Proposal for changing how IPv6… Templin (US), Fred L
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Jeff Tantsura
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Fernando Gont
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Fernando Gont
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Fernando Gont
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Brian E Carpenter
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Tom Herbert
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Fernando Gont
- RE: Proposal for changing how IPv6 Hop-by-Hop Opt… Ron Bonica
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Gyan Mishra
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Fernando Gont
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… tom petch
- RE: [EXTERNAL] Re: Proposal for changing how IPv6… Templin (US), Fred L
- Re: [EXTERNAL] Proposal for changing how IPv6 Hop… otroan
- RE: [EXTERNAL] Proposal for changing how IPv6 Hop… Templin (US), Fred L
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Gyan Mishra
- Re: [EXTERNAL] Proposal for changing how IPv6 Hop… otroan
- RE: Proposal for changing how IPv6 Hop-by-Hop Opt… Templin (US), Fred L
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Tom Herbert
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Tom Herbert
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Templin (US), Fred L
- RE: Proposal for changing how IPv6 Hop-by-Hop Opt… Templin (US), Fred L
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Tom Herbert
- RE: [EXTERNAL] Re: Proposal for changing how IPv6… Templin (US), Fred L
- RE: Proposal for changing how IPv6 Hop-by-Hop Opt… Ron Bonica
- Re: [EXTERNAL] Re: Proposal for changing how IPv6… Tom Herbert
- RE: [EXTERNAL] Re: Proposal for changing how IPv6… Templin (US), Fred L
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Joel M. Halpern
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Tom Herbert
- Re: [EXTERNAL] Re: Proposal for changing how IPv6… Tom Herbert
- Re: [EXTERNAL] Re: Proposal for changing how IPv6… Brian E Carpenter
- RE: [EXTERNAL] Re: Proposal for changing how IPv6… Templin (US), Fred L
- RE: Proposal for changing how IPv6 Hop-by-Hop Opt… Ron Bonica
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Fernando Gont
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Fernando Gont
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Gyan Mishra
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Eric Vyncke (evyncke)
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Tom Herbert
- Re: Proposal for changing how IPv6 Hop-by-Hop Opt… Gyan Mishra
- RE: Proposal for changing how IPv6 Hop-by-Hop Opt… Xiejingrong (Jingrong)