Re: draft-voyer-6man-extension-header-insertion
Mark Smith <markzzzsmith@gmail.com> Thu, 30 March 2017 20:06 UTC
Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AF5612941C for <ipv6@ietfa.amsl.com>; Thu, 30 Mar 2017 13:06:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.198
X-Spam-Level:
X-Spam-Status: No, score=-2.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tP75DO2PZsCp for <ipv6@ietfa.amsl.com>; Thu, 30 Mar 2017 13:06:55 -0700 (PDT)
Received: from mail-vk0-x233.google.com (mail-vk0-x233.google.com [IPv6:2607:f8b0:400c:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9187C1292CE for <ipv6@ietf.org>; Thu, 30 Mar 2017 13:06:55 -0700 (PDT)
Received: by mail-vk0-x233.google.com with SMTP id s68so68246318vke.3 for <ipv6@ietf.org>; Thu, 30 Mar 2017 13:06:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=FCDXW9zhb+ksF6gsZJpohXVM4SUI9+CcAzWKWN9BIy8=; b=afurG1MRjZPoX2/DoPkDsw7hW33EPUbcfXdy49KdzwOOQrFJiyRZhc9FGMAo9ek1XK WOGPnZGFdWZFkCQ7JaNnCYrU45rrXxPvNI9x7i4KeZdZKzc5Y7e0YwP2qeKGc31mYZCo QVNn5LL/rqPn4r4YvLp4mf4a6ODXX/MGzYl260hf1Tg1BPps4wfABnm/PQWo75/5QKc/ RV45vxqnfY3AHfLWF44zK5QW5YSOoOvBrLi5IKGbSGVP/kQmD2+9av3VoHK/+gCOhrvC sc2VkCUtjqJ2NftQm6SZH1WY+GA8Y5VIELMkRnVJMMSKo3EhqJylSOKmzxRQajPBQkbI yDWw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=FCDXW9zhb+ksF6gsZJpohXVM4SUI9+CcAzWKWN9BIy8=; b=fbL2yEELBTPfSSAF2friU++9o72WLqALqUDgQZzPqK0LB7ZQOyOS1MiPDlia/SbvLn XMxwUEa9GBK0AjmTIKxEwg6iGsNuHCUrF3hvD1a9b2uyXjT+p8opR6M3jOcxv/ysmyyN IkXlwvVcqYfIl/xU+kSAUPRPTGbtYb7N7gzyEZmbA4hLT0jpOQkT+99K+g5xUn6dANvW nYTSOFEzeOyGdjudBkArpTuqjkpWECw65GADdMSrvZZ2UKMVotwmOwtS07JeBO2uZHAy LGFQQxvTbeISvgT5yf51A32n6WUlal3rmJe7W7klXyHBywmijBYUVJ/VS3lyleAXrG38 kDcg==
X-Gm-Message-State: AFeK/H19wTPB0LI7Jvef2lWOkx7tl+sryaaMLJ6AYs1OG1gRStLzEN5r/qREq46TsXAG9aKJo9E0Q1W1sviUsA==
X-Received: by 10.176.83.124 with SMTP id y57mr779555uay.141.1490904414394; Thu, 30 Mar 2017 13:06:54 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.159.36.181 with HTTP; Thu, 30 Mar 2017 13:06:24 -0700 (PDT)
In-Reply-To: <F0D31132-EEFD-4197-973A-A22D5ACCB0FF@cisco.com>
References: <CAO42Z2wbACHruEKnFYyU2-9bNLo7qbm4McSa6Rx5uBwKnfn5bA@mail.gmail.com> <F0D31132-EEFD-4197-973A-A22D5ACCB0FF@cisco.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Fri, 31 Mar 2017 07:06:24 +1100
Message-ID: <CAO42Z2yOgnUjpb0R95FAQDOvvL2CaSyKmXGoZs3EYzGfn2_-Lw@mail.gmail.com>
Subject: Re: draft-voyer-6man-extension-header-insertion
To: "Stefano Previdi (sprevidi)" <sprevidi@cisco.com>
Cc: 6man WG <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/MCOKqLrchCStGP4wSMLkX0VAMFY>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2017 20:06:58 -0000
On 30 March 2017 at 07:55, Stefano Previdi (sprevidi) <sprevidi@cisco.com> wrote: > >> On Mar 28, 2017, at 10:07 PM, Mark Smith <markzzzsmith@gmail.com> wrote: >> >> They're missing the difference between encapsulation and insertion. > > > not really: > > . a packet is received at ingress of the controlled domain > . the packet is encapsulated into a new outer ipv6 header where SA/DA are internal to the domain. > . from now on: > . this packet is a packet sourced and destined within the controlled domain. > . the original packet is encapsulated and will remain untouched/unmodified (i.e., noting will be inserted into the original packet). So that is the transit case, and yes, that packet is left as sent by it's originating host. The 6PE example is the one that is claiming that "packet" is changing in size, and that is not correct. "While transiting in the core, the size of the label stack (hence the size of the packet)" Any time this draft mentions "packet" without context, it is going to be read as "IPv6 packet" because this draft is an IPv6 draft and this is an IPv6 working group. While that might sound like I'm being pedantic, this 6PE example seems to be being used to show that 6PE already changes the size of the IPv6 packet, and therefore changing IPv6 packet sizes mid-flight is normal and acceptable. > . a packet sourced and destined internally in the controlled domain can safely be increased in its size and can be safely have EHs inserted by transit nodes. I don't agree with that statement. What if the inserted EH isn't actually removed when it should be? The domain already supports IPv6-in-IPv6 encapsulation, going the transit packet example. Why complicate things by also having the same domain support insertion, when already supported IPv6-in-IPv6 encapsulation can be used to achieve the same outcome? EH insertion and DA address swapping seem to be to be far more complicated and therefore expensive and error prone operations than network-layer to link-layer (where IPv6 is also being used as a link-layer) type encapsulation/decapsulation. > . when the packet reaches the egress node of the controlled domain, the outer encapsulation and any inserted EH are removed. IOW, the packet that leaves the domain is exactly the same packet that entered the domain. Your specification will say that, probably as a MUST. The trouble is that implementations don't always behave as specified. "In theory, practice and theory are the same. In practice they're not." If a later router or host receives a packet with an EH that hasn't been removed when it should have been, what will happen? That behaviour isn't currently specified. We know that protocols assume that the received packet's structure and most of its field values (e.g., excluding Hop Limit, flow label etc.) were set by the device specified in the source address field. If an inserted EH is not removed, and you can't guarantee that, then devices are receiving packets that are corrupt by the current specifications. I think this is a change that is violating Postel's Robustness principle. I think one meaning of "Be conservative with what you send," is don't send something that might break somebody else's devices.You might argue you aren't, because your specification will say the inserted EH MUST be removed. However, you can't guarantee that, and that is why Jon said, paraphrasing, "don't send them in the first place/" > . the size of the packet increased inside the domain due to encapsulation of course but also due to EH insertion while in transit in the domain. The MTU problem doesn’t exist in reality because the MTU of interfaces in the controlled domain is roughly 4 times what is at the ingress. > . the point of the draft is to say that if the packet is sourced and destined within a controlled domain, it is safe to allow insertion of EHs by transit nodes. > > once again: the EH insertion happens into the outer header, not into the original packet. > The outer IPv6 packet is also an IPv6 packet - the inner IPv6 is really just application payload (tunnelling is really just a host-to-host application). So inserting an EH into the outer IPv6 packet is also violating the IPv6 specifications. >> >> The increase and decrease in "packet" size that is occurring in their >> 6PE example is as the PDU crosses layer boundaries due to >> encapsulation or decapsulation. This is occurring as the PDU travels >> vertically between layers. From the IPv6 perspective, the 6PE layer is >> a link layer below the network layer. > > > the example of 6pe outlines the fact that the packet, while transiting within a domain, can increase in its size due to label stack being pushed. > > >> While the IPv6 packet traverses the 6PE domain, the IPv6's packet size >> and structure is not changed in any way. > > > the same is in our approach: > > . the original packet is encapsulated into an outer header and its size will not change. > . the encapsulating packet will get EH inserted. > > >> EH insertion is increasing the PDU size and changing the packet >> structure while the packet travels horizontally within the IPv6 layer. >> That will break things if the destination host doesn't expect the >> packet size or structure to change, and they don't, because it is not >> a described "within layer" packet processing behaviour in RFC2460. The >> destination host expects that the packet received has a structure and >> size that is the same as sent by the device identified in the source >> address field, which is the host that originated the packet. >> >> EH insertion makes the source address field both meaningless and >> holding an incorrect value while the inserted EH is present. > > > not really: > . the SA is untouched by the EH insertion. The SA is the address of the ingress node of the controlled domain. > . the DA is updated with the first segment of the EH (we assume the inserted EH is the SRH). > . the DA is updated at each segment > > >> A >> specification for EH insertion would need to state this very clearly. >> Many of the negative consequences of EH insertion are because it makes >> the packet's source address field meaningless and holding a incorrect >> value. > > > again, not really in this case: the SA is untouched and it represents the ingress node of the controlled domain. > > >> The only things that are permitted to change while an IPv6 packet is >> in flight (within the IPv6 layer) are values of a defined set of >> fields specified in RFC2460 e.g., hop limit, flow label, traffic >> class. Only field values change, no fields are added or removed - the >> packet's structure and size stays the same after these modifications >> if or when they occur. > > > I understand what rfc2460 specified and the reason of our draft is to explain that things have changed in the last 20 years and we should take them into consideration. > That's the thing that is missing. There is an assertion that inserting EHs is required (a much stronger word than "preferred"), yet no explanation of why it is required or essential. The use of the word "required" implies that the inserting EH is essential for this to work. I don't think it is, encapsulation could achieve the same outcome, and it is an existing, well known method that won't interact unexpectedly with existing IPv6 implementations. Regards, Mark. > s. > > Regards, Mark. >> >> >> Regards, >> Mark. >> >> -------------------------------------------------------------------- >> IETF IPv6 working group mailing list >> ipv6@ietf.org >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 >> -------------------------------------------------------------------- >
- draft-voyer-6man-extension-header-insertion Mark Smith
- Re: draft-voyer-6man-extension-header-insertion Stefano Previdi (sprevidi)
- Re: draft-voyer-6man-extension-header-insertion Mark Smith
- Re: draft-voyer-6man-extension-header-insertion Stefano Previdi (sprevidi)
- Re: draft-voyer-6man-extension-header-insertion C. M. Heard