IETF Logo Mail Archive

Re: [IPv6] Removing extension headers from packets (revisited)

Tom Herbert <tom@herbertland.com> Wed, 16 August 2023 00:52 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A08DC14CF1F for <ipv6@ietfa.amsl.com>; Tue, 15 Aug 2023 17:52:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1MqsAaki9wwL for <ipv6@ietfa.amsl.com>; Tue, 15 Aug 2023 17:52:28 -0700 (PDT)
Received: from mail-oo1-xc2b.google.com (mail-oo1-xc2b.google.com [IPv6:2607:f8b0:4864:20::c2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37039C14E515 for <6man@ietf.org>; Tue, 15 Aug 2023 17:52:28 -0700 (PDT)
Received: by mail-oo1-xc2b.google.com with SMTP id 006d021491bc7-56c711a88e8so4434799eaf.2 for <6man@ietf.org>; Tue, 15 Aug 2023 17:52:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland.com; s=google; t=1692147147; x=1692751947; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=cx9i4r7Mw9mMAVElsDioqiCaAgmhK3qAHcxY6AA8dkk=; b=Zjw0MqwuJytFNqDjw+KFXPkVJ/w57usDOMUcORxCR6LvCqxlujaPSIElUeiKxOHy8y Ci9qyvcgPlLJbBrFHSrUk9VBAS3hphpA1g9FPtOp9h6wQNZdSHYNvCp9ZKy8AdQC408G u3HHtXEQ9QKllsMwhFShjAYwNeypAxUuLnnnnQv0grCd0xK286NItOM1Z1F0+jmCBwRT lY+ktDFvhswjaTFH5wXc6DT9GYfUk5NbojQm8hpkxTO9PXq1JmrAKrDoqWHVC4QjwuOL lvEFVeQXXGupOXRe/4i2LiefSNjehMl1G2eYJS6DxbW6j7chlkVAZAEdGhSNBx8V7sUO bftQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692147147; x=1692751947; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cx9i4r7Mw9mMAVElsDioqiCaAgmhK3qAHcxY6AA8dkk=; b=mCHn6Y+4vNDMKpHeDxSDjmhlC8Zvykc3lDF03zxftmY97L1axwf5nOdAJ2Yv33LmAj wjUTUIJMkZ7pcVEfiVc2l05XARMnvf3gKtoq/BZveNDFd9ohCyDFn2WQgq2FIgCyfk1Z 51vdFMPlvDSF3eqxWKCApBr+1B9Oz0TO27kO6NMEoJ04O+Qswt57S5dweru5if6LZ6YK 2NRONGK8Z+BK1kMr6/g9onKnjCoOTSJL+7Bsi1uW+lTxuRhbKSG7/VGwR9WRlTj6/0IL v4VvCkn6D0t7tGqImVyGm1DiPCseDSRkMFv3bqC1X5eAJMWZ7Qbjch3fnm1xKJP3XqOz opow==
X-Gm-Message-State: AOJu0YwRG6rdRlJLB+TbTnx8/pwhy5sYMbZyypH5IwLhTc2soaVMZooD RwRSmm/0EvOtN6o2oma3j/86vbVTU+JHSZR5Svw9Sw==
X-Google-Smtp-Source: AGHT+IGqob0oSsn6kvwNZbo4kBrcXqG9XQFD2gmrGJUySB99D0kEdmrSHiRHxqqCgxSsRN+4rAhVizzEZsRLKfVTJlY=
X-Received: by 2002:a05:6830:1158:b0:6b7:4cd0:8a1e with SMTP id x24-20020a056830115800b006b74cd08a1emr415025otq.19.1692147146831; Tue, 15 Aug 2023 17:52:26 -0700 (PDT)
MIME-Version: 1.0
References: <CALx6S36gQBgNAp-Poq3pRupGWUh0iA8M546=S=vUp5cQK_82TQ@mail.gmail.com> <CAO42Z2zAf4EAKhX1ZJC1KUk4DXcNZykA82hdUfo64h45q8DVUQ@mail.gmail.com> <CALx6S36pk0+YjdjgNvWCsAjF5NVmQLnp8pKc30uOb1DZmcfasQ@mail.gmail.com> <CAO42Z2zmxiGANzdB6RdrfgGLfH_Q-D7-U_JGJ0V++3ms8nGxOg@mail.gmail.com> <CALx6S37BYjhShGhHbg8qK4Fxeubrep7BGzRBmrHD9DcBcToxPw@mail.gmail.com> <620318f4-d6ae-3c29-c5f1-93797363d47c@joelhalpern.com> <CALx6S36RvnkZf6=dfFPJZo7MHzJTU28LOjVgV1Eq27p7iA_9-Q@mail.gmail.com> <e368a050-275a-18eb-b135-54bf4478e5bf@joelhalpern.com> <CALx6S34WTCENBtkrdR4oUGVeuaFhUb2a5veqtqNgsCHJ_3E=hA@mail.gmail.com> <52294b30-a5d9-0881-954d-0e06b3e23e75@joelhalpern.com> <CALx6S37W8ed-5qzdY-iV-awwqnUs=t1M=Jn9mO78404CyqC3wg@mail.gmail.com> <CAO42Z2xCafFK50kD0V5783g5UcA8YAsK2=b__YCbNA8MECL+Ag@mail.gmail.com>
In-Reply-To: <CAO42Z2xCafFK50kD0V5783g5UcA8YAsK2=b__YCbNA8MECL+Ag@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Tue, 15 Aug 2023 17:52:14 -0700
Message-ID: <CALx6S36QSaWwqPjTo_42qXWG6vmvYBN-EOB7VmYrTGQAzg2ybw@mail.gmail.com>
To: Mark Smith <markzzzsmith@gmail.com>
Cc: Joel Halpern <jmh@joelhalpern.com>, 6MAN <6man@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/O1QoBc2hPRYpKgZhGZXUkAobgsM>
Subject: Re: [IPv6] Removing extension headers from packets (revisited)
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Aug 2023 00:52:32 -0000

On Tue, Aug 15, 2023 at 5:39 PM Mark Smith <markzzzsmith@gmail.com> wrote:
>
> Hi Tom,
>
> On Tue, 15 Aug 2023 at 14:50, Tom Herbert
> <tom=40herbertland.com@dmarc.ietf.org> wrote:
> >
> >
> >
>
> <snip>
>
> >
> > I don't think there's any reliance on this being present. If packets don't have extension headers removed then they're leaked outside of the domain and are subject to higher drop rates.
> >
>
> I think this is assuming that the adjacent and upstream domains
> (networks) will never be using the same EH for their own purposes.
>
> If this EH is useful to you locally, then you can't prohibit your
> adjacent or upstream domains from using it too just because you are.
>
>
> > Encapsulation requires two parties to coordinate, the encapsulator and decapsulator. So in the models discussed, either the source host needs to encapsulate and edge router decapsulates, or edge router encapsulates and the final destination host decapsulates-- in either model hosts have to change and neither set of hosts are managed by a single entity (e.g. smart phones and web servers). Removing EH at the edge has the advantage of only have to change routers under the control of a single domain.
> >
>
> What if the EH isn't actually removed, because of:
>
> - implementation bugs
>
> - partial node failures that might fail to remove EHs yet still forward packets
>
> - operator device misconfiguration

Mark,

These arguments would apply to any function network. We've had to deal
with NAT implementation bugs, there are partial failures where a
tunnel device forgot to tunnel, and of course anything can and at some
point has been misconfigured.

>
> ?
>
> These and other problems caused by EH removal were covered in the
> "In-Flight EH Insertion Considered Harmful draft in the section about
> failed EH removal.

EH insertion would be considered harmful since it increases packet
size and could exceed path MTU to the point such that a sender
couldn't even send minimal size MTU packets without them being
systematically dropped. So EH insertion can materially break the IPv6
protocol, but I still don't see how EH removal could break it.

Tom

>
> https://datatracker.ietf.org/doc/html/draft-smith-6man-in-flight-eh-insertion-harmful-02
>
> I presented on it at IETF 106, slide deck:
>
> https://datatracker.ietf.org/meeting/106/materials/slides-106-6man-sessb-in-flight-ipv6-extension-header-insertion-considered-harmful-00
>
> It was suggested that it be worked towards publishing as a 6man WG
> RFC, however quite frankly, I could tell it was going to be ignored by
> the SPRING working group, and it was, so I didn't bother spending any
> further time on it.
>
>
> Regards,
> Mark.
>
>
>
> > Tom
> >
> >
> >> Yours,
> >>
> >> Joel
> >>
> >> On 8/14/2023 10:52 PM, Tom Herbert wrote:
> >>
> >>
> >>
> >> On Mon, Aug 14, 2023, 6:12 PM Joel Halpern <jmh@joelhalpern.com> wrote:
> >>>
> >>> Yes, knowing what the correct egress should be is, for the general case, a harder problem.  But, the example you cited is segment routing.  If the host is trusted enough by the operator to actually provide a segment route across the operator domain, it seems necessary for the host to have enough information to properly address the egress.  Thus, for the case you chose for an example, encaps seems quite natural, efficient, and achievable.
> >>
> >>
> >> Okay, maybe segment routing wasn't the best example :-) Consider draft-kaippallimalil-tsvwg-media- hdr-wireless. The basic idea of this draft is to let hosts annotate packets with information, signals that can be consumed by the network to provide QoS. This is for 3GPP networks, so the hosts are potentially all the mobile devices in a network. The signals are only processed by one intermediate device in the path which is the Mobile Router (basically the first hop router). After that point, the signal is no longer processed. All the mobile hosts have is a default route to their carrier and a destination address, they don't have any knowledge of whether a packet will leave a limited domain and what the egress point-- and, in fact, we don't want them to have that information since it would expose information about the internals of the provider network.
> >>>
> >>>
> >>> There may be other cases where knowing the proper egress is harder, but it seems to me that solving the information problem is MUCH easier than solving the problem of removing bytes from the middle of a packet at wire rate at a high speed inter-operator
> >>
> >>
> >> Functionally, it's equivalent to a decap/encap operation, or a push/pop of headers. Maybe fixed function hardware can't easily do this, but I'd be surprised if programmable devices like P4 couldn't do it. Also, like in the case of draft-kaippallimalil-tsvwg-media- hdr-wireless, the last intermediate that processes thh HBH options could also be the one that removes it from the packet.
> >>
> >> In any case, the points about debuggability and feasibility are well taken, but those are operational concerns. I am still wondering if removing a HBH extension header could actually break the IPv6 protocol.
> >>
> >> Tom
> >>
> >>
> >>> interface.
> >>>
> >>> Yours,
> >>>
> >>> Joel
> >>>
> >>> On 8/14/2023 9:05 PM, Tom Herbert wrote:
> >>>
> >>>
> >>>
> >>> On Mon, Aug 14, 2023, 5:53 PM Joel Halpern <jmh@joelhalpern.com> wrote:
> >>>>
> >>>> Hmmm.  Trimmed to focus on a point you make.
> >>>>
> >>>> Comments below.
> >>>>
> >>>> Joel
> >>>>
> >>>> On 8/14/2023 8:45 PM, Tom Herbert wrote:
> >>>> >
> >>>> > Hi Mark,
> >>>> >
> >>>> > No, it's not about bandwidth. It's about survivability and
> >>>> > deployability of extension headers. The current prevailing belief is
> >>>> > that extension headers are not usable across the Internet since there
> >>>> > is a high probability of packet drop. However, within a limited
> >>>> > domain, extension headers are deployable, especially if the network
> >>>> > itself is consuming them as would be the case of HBH options
> >>>> > requesting QoS or segment routing headers.
> >>>> >
> >>>> > This presents two problems:
> >>>> >
> >>>> > 1) Hosts create extension headers and if extension headers are known
> >>>> > to work in a limited domain then they can safely use them _if_ the
> >>>> > destination is in the same domain as the source and the entire path is
> >>>> > within the same limited domain. The problem is that a host wouldn't
> >>>> > necessarily know which destination are in the limited domain and which
> >>>> > aren't
> >>>> > 2) Even if a host knows it is sending to a destination outside of the
> >>>> > limited domain, it might still want to apply the packets and services
> >>>> > in extension headers for the time that the packet is in the limited
> >>>> > domain. For instance, segment routing might be used to route a packet
> >>>> > to a specific egress node. At the egress node, the SRH is removed and
> >>>> > the packet can be forwarded into the Internet (I believe this was the
> >>>> > scenario that motivated removal of SRH when it was presented a while
> >>>> > back)
> >>>> >
> >>>> > The alternative for #2 that is usually suggested is to use tunneling
> >>>> > from the source to an egress, for instance the outside IP header could
> >>>> > contain the extension headers and the encapsulated packet is the one
> >>>> > sent one the Internet with no extensions. That might work and be
> >>>> > conformant, but it's significantly more complex and probably not as
> >>>> > practical as just removing extension headers at the border router
> >>>> > (more decisions, we have to explicitly route to egress points, more on
> >>>> > the wire overhead, tracing ICMP errors back to a connection is
> >>>> > tricky). Also, troubleshooting still can be difficult because the same
> >>>> > packet looks very different depending on where it's viewed (for
> >>>> > instance, at one point the packet is encapsulated, at another point
> >>>> > it's not).
> >>>> >
> >>>> > Tom
> >>>> > ---------------------------------------------------
> >>>>
> >>>> <jmh>   You state that encaps / decaps is "significantly more complex
> >>>> and probably not as practical as just removing the extension headers at
> >>>> the border rotuer."  I am missing something .  As far as I can tell,
> >>>> decapsulation at an addressed egress is easy to implement and widely
> >>>> supported in existing hardware. Removing a set of bytes from the middle
> >>>> of a packet is not widely implemented, hard to do in fast path hardware,
> >>>> and prone to interesting failures all its own.   I would have exactly
> >>>> reversed the comparison you make. </jmh>
> >>>
> >>>
> >>> Joel,
> >>>
> >>> Easy at the decapsulation, not necessarily at the encap point. It's the same problem I mentioned before, hosts wouldn't know when a packet will be leaving the domain, and even if they did they wouldn't easily know what the endpoint address of the tunnel is should be for the real destination.
> >>>
> >>> Tom
> >>>
> >>>
> >>>
> >>>
> >>>>
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email