IETF Logo Mail Archive

Re: What is necessity for SRH, and other EH, insertion/removal?

cpolish@surewest.net Thu, 19 December 2019 03:26 UTC

Return-Path: <cpolish@surewest.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9B3512004F for <ipv6@ietfa.amsl.com>; Wed, 18 Dec 2019 19:26:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=surewest.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oDavoAUrdnaW for <ipv6@ietfa.amsl.com>; Wed, 18 Dec 2019 19:26:37 -0800 (PST)
Received: from fmlca.mycci.net (fmlca.mycci.net [66.60.128.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04A3C120018 for <ipv6@ietf.org>; Wed, 18 Dec 2019 19:26:36 -0800 (PST)
Received: from ca01-cl01-vpl-nges-mailq-002.ipnms.net ([10.40.0.236]) by fmlca.mycci.net with ESMTP id xBJ3QYkU009065-xBJ3QYkV009065; Wed, 18 Dec 2019 19:26:34 -0800
Received: from vinny.peecee3.com (gw.ca-rsvl-lb1-lb2-v27.ipnms.net [10.40.253.1]) (Authenticated sender: cpolish@surewest.net) by ca01-cl01-vpl-nges-mailq-002.ipnms.net (Postfix) with ESMTPA id A9A03DC0003; Wed, 18 Dec 2019 19:26:33 -0800 (PST)
Date: Wed, 18 Dec 2019 19:26:32 -0800
From: cpolish@surewest.net
To: Tom Herbert <tom@herbertland.com>
Cc: 6man <ipv6@ietf.org>
Subject: Re: What is necessity for SRH, and other EH, insertion/removal?
Message-ID: <20191219032632.GA25723@vinny.peecee3.com>
References: <CALx6S34vG=L_5nw_FzxHBUy+7tbWH4dhOh8xodOfKf2oOdrarg@mail.gmail.com> <CALx6S36g6gDJNp=unQJaGoGoMxnRpbqGni=JHvPFJ3ovmuzO4A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CALx6S36g6gDJNp=unQJaGoGoMxnRpbqGni=JHvPFJ3ovmuzO4A@mail.gmail.com>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=surewest.net; s=fmlca; c=relaxed/relaxed; h=date:from:to:cc:subject:message-id:references:mime-version:content-type; bh=nvyg5/+to0GND0qs9J5KSFRiniXqStxMKCtVcrdEnfo=; b=CSocVuRTE1biAkvwFrlAxmF1+ddGksq50F/RW7kS+MGmcH/eznZGuSHIUKdIBfJk+hdQmu7Eq8JF LfdB7/89mchh2BRxeXmmcAMaAr3gPT0qlNu5nGjoLkMRhzR5JmW+QOxumOnjYhuw9skHKaTDkNMK /GCN9JBN7VVZneMYwkNYFoYn1O10JBWIsVPEeE0hfmo5zWZOmPmXZ34P1hQ8QcDCtxQUF72L83w0 cUuRRSlFbfWV+ax02rvCygmFqkJdEG6n9vE4ezqiP3rJPmHnWDXMmIqoIlB7iHUk95YO5h/PyIHg vWQChFGa/PjmfkNFEglhsu4qoN9r/YxTq96q9Q==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/MPg7RwQGvrVS10M4tzD-m0fPuaQ>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Dec 2019 03:26:39 -0000

On 2019-12-18 14:07, Tom Herbert wrote:
> On Sat, Dec 7, 2019 at 9:17 AM Tom Herbert <tom@herbertland.com> wrote:
> >
> > Pulling this out into a separate thread. Pertinent questions are:
> >
> > Why is extension header insertion and removal at necessary?
> >
> > Why isn't the proposed alternative of IPIP encapsulation sufficient?
> > (where the encapsulating headers contain the extension headers that
> > would otherwise be inserted)
> >
> I believe that inband network telemetry (INT and IOAM ) might provide
> the best motivation for extension header insertion. One of the goals
> is to allow network operators to perform telemetry on packets as they
> traverse their network. A telemetry header, INT or IOAM, is put into
> packets on ingress to the domain and removed at egress, and
> intermediate nodes modify the packet with measurement data.
> 
> Key requirements are that not all packets for a flow need to be
> measured, and measured packets need to follow the same path as those
> not measured  in order for the measurements to reflect what is
> happening for the flow. IPIP encapsulation would change the hash that
> ECMP uses so encapsulated packets might traverse a different path--
> therefore it's not sufficient in this case. Extension header insertion
> would maintain the routing in ECMP (although the fact that extension
> headers aren't supported in IPv4 creates another problem).
> 
> Some of the inband telemetry implementations are already addressing
> this by inserting the inband telemetry headers directly into the UDP
> or TCP payload of existing packets and removing the inserted payload
> bytes at the egress point. Since only transport payload is being
> modified, the packets will be routed the same way as other modified
> packets for a flow. The obvious problem with this approach is that
> payload is being changed by intermediate nodes such that if the end
> host were to ever receive the modified packet this could result in
> silent data corruption of users' data. So this protocol mechanism is
> fundamentally not robust and probably dangerous. I think this actually
> makes extension header insertion, where the worst case scenario is
> probably unexplained packet loss, look palatable!

Explained that way, it evoked this thought: Put telemetry in a
trailer [cf. RFC893]. If conforming IPv6 implementations expect
there's no information after the nominally final octet of a
packet, then they'll neglect to forward (the trailer) onward?
QED! No escape to the "open" Internet, no munged ECMP hash, no
header insertion. Obvs, processing trailers on the fast path is
... problematic.

v2.23.0 | Report a Bug | By Email