IETF Logo Mail Archive

[IPv6] Data for EH drops (was Re: Comments on draft-ietf-6man-hbh-processing-12)

Tom Herbert <tom@herbertland.com> Wed, 06 December 2023 16:38 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F24B7C14CF1F for <ipv6@ietfa.amsl.com>; Wed, 6 Dec 2023 08:38:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4znSFMij4kB4 for <ipv6@ietfa.amsl.com>; Wed, 6 Dec 2023 08:37:57 -0800 (PST)
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20305C14F60D for <ipv6@ietf.org>; Wed, 6 Dec 2023 08:37:57 -0800 (PST)
Received: by mail-ed1-x529.google.com with SMTP id 4fb4d7f45d1cf-54c67b0da54so7157804a12.0 for <ipv6@ietf.org>; Wed, 06 Dec 2023 08:37:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland.com; s=google; t=1701880675; x=1702485475; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=VbgSJ4ZRuWjNssX+CeAHzzy++GM/bb+eBPDWBY0aQI0=; b=gYurKLyhSsROyalI7gn/F/7/ONu7RlQbqBGIAiCIRHIZMWEG2fZWk5DDRmXW/ExxrX mMCQhjj6NwMX1HJM2tNu/yb1qZda+2C3ytjnKAindw010O7F5+BL/RD8fPVg/To+I8+u t0yyMBIh6Kt4Ier3u9kOLntN58SK6R7kqP7V/HriPf/KrrKqNF7Agx+1s4ZLeDja9y0A H0mYTLLmlo1ENO1cLf+o7Hh4XYRWsSMyGfxi6+yvD792G7u0GNrgENIi4Ia7e77rLCMU LeftFwIU/c1Mt2Rvuvhh2r4EalqqDppYxdNoiD6bvps7npHmgXTBVoHXx7djdnWlIpK6 iCLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701880675; x=1702485475; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VbgSJ4ZRuWjNssX+CeAHzzy++GM/bb+eBPDWBY0aQI0=; b=ioLfCjHkzS37GJVhEh88zx27O/jbbjmZZf5xnbAEj2pZqugh8MketZD/48SZkBYBUq +4yk8dYy8iaAdyag7iM0+U3NbpBkl9KzhO4OYAPdE1v8l9G9aBgog0/7XaVYUkqPOOsp rnE96MfotutR06s6oyN5b5HUqhM8yOKTDkFbBcwyQ6MK2rWdiYQhcL8jo11udsdFKCh/ e0VCyAKJlkUkPybqvH4PCxNTH8Vznoa+2Z5U7RfDkJq7N2KNCy8MrZP8q+NJdxRH2BXy l2g5JenTJyNNC96X3H9r1JLWAQsty4bl3TnJes1Q7ow/9PQfeNRL5/FS/dysQAwJ+ZLX w2xg==
X-Gm-Message-State: AOJu0YzNcLuVSygFQJkKGPagMJ6cFJqZ7p3P+u8QI1sr1wgazDYl/9HW +nI3QRC9NQXIva8xU+PiRCbXevqJfcXLe90NdQL6dQ==
X-Google-Smtp-Source: AGHT+IGQakp2ML1JWxwz/DoDnRjfx292kuHlHLb6wrG9QRgXS1tP9zTMiIx2pDTIbrP27xitLbX/KG97CPL92Hgt9Ac=
X-Received: by 2002:a05:6402:30bb:b0:54c:b889:9c12 with SMTP id df27-20020a05640230bb00b0054cb8899c12mr713407edb.18.1701880675198; Wed, 06 Dec 2023 08:37:55 -0800 (PST)
MIME-Version: 1.0
References: <f10f3392afec44fbb02be63cc87c3b9c@boeing.com> <CALx6S375Xw+w1ngWdThnacE5U9gXRoEc=gPVdNKAqHpZ3zA7Yg@mail.gmail.com> <46D42B3A-7921-445A-98E8-E1F91719E635@apnic.net> <CALx6S36EgnCJiYFypsc3__OWriLBL65LbaH5R405G0aAdvMU0w@mail.gmail.com> <1EE55DA8-79D7-44DF-91A4-2EAD073AE986@apnic.net> <2A60C348-47C5-4237-880B-23614E7AB44B@jisc.ac.uk> <PH0PR11MB4966141E18068D07361104BDA984A@PH0PR11MB4966.namprd11.prod.outlook.com>
In-Reply-To: <PH0PR11MB4966141E18068D07361104BDA984A@PH0PR11MB4966.namprd11.prod.outlook.com>
From: Tom Herbert <tom@herbertland.com>
Date: Wed, 06 Dec 2023 08:37:44 -0800
Message-ID: <CALx6S34S8TZx4G-RaHcXu0++dWDPzZbhXHO2DpzBrA7EfDbHJA@mail.gmail.com>
To: "Eric Vyncke (evyncke)" <evyncke=40cisco.com@dmarc.ietf.org>
Cc: Tim Chown <Tim.Chown=40jisc.ac.uk@dmarc.ietf.org>, Geoff Huston <gih@apnic.net>, 6man <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/OMAVtec3iVATJPkrl_hozOjmsaw>
Subject: [IPv6] Data for EH drops (was Re: Comments on draft-ietf-6man-hbh-processing-12)
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Dec 2023 16:38:01 -0000

On Wed, Dec 6, 2023 at 6:35 AM Eric Vyncke (evyncke)
<evyncke=40cisco.com@dmarc.ietf.org> wrote:
>
> Tim,
>
>
>
> *Very* interesting return of information as R&E networks are probably easier to approach with a “research” topic such as EH drops.
>
>
>
> If the R&E networks drops are not by policy, then I am afraid that either the policy is not correctly applied or there is a platform limitation (e.g., applying a L4 ACL forces line cards to parse the EH chain until either the L4 header is found or max size of EH is reached).

Eric,

The latter is parsing buffer limitation in hardware devices. The
marker for this is when we see packets with small DestOpts are good,
but larger ones are dropped.

The APNIC data has numbers for the drop rates of different size
DestOpts (https://blog.apnic.net/2022/10/13/ipv6-extension-headers-revisited/).
Looking at the APNIC data the drop rates of DestOpts for different
sizes are reported as 8,16 bytes->30%, 32 bytes->32%, 64 bytes->39%,
128->86%. Assuming that drops in the 8 byte case are because of
policy, we can normalize to the drop rates for those devices that
don't drop all EH by policy: 8 bytes->0%, 16 byte->3%, 64 bytes->13%,
128 bytes->80%. Success with 8 and 16 bytes imply at least a 96 byte
parsing buffer, success of 16 bytes implies at least 128 byte parsing
buffer, and 128 bytes implies a 192 byte or larger parsing buffer.

Based on this analysis, the requirement specified in the
draft-ietf-6man-eh-limits-11 draft is:

"If a router needs to parse the transport layer, for instance to
deduce the transport layer port numbers, it MUST be able to correctly
forward packets that contain an IPv6 header chain of 104 or fewer
bytes, or equivalently, a router MUST be able to process a packet with
an aggregate length of extension headers less than or equal to 64
bytes."

IMO, the APNIC data implies that a 128 byte parsing buffer is
reasonably common in deployment to justify this requirement is
feasible. It's true that smaller parsing buffers are a bit more
common, however a 32 byte chain length is going to be less useful than
64 bytes for EH.

Tom

>>
>
> -éric
>
>
>
> From: ipv6 <ipv6-bounces@ietf.org> on behalf of Tim Chown <Tim.Chown=40jisc.ac.uk@dmarc.ietf.org>
> Date: Wednesday, 6 December 2023 at 15:02
> To: Geoff Huston <gih@apnic.net>
> Cc: 6man <ipv6@ietf.org>
> Subject: Re: [IPv6] Comments on draft-ietf-6man-hbh-processing-12
>
> Hi,
>
> > In the first part of this yer, with the assistance from Gorry Fairhust and Anna Costura ot the Univ of Aberdeen we conducted a related experiment using a server located at that institution (which does NOT drop EH packets,) connected to JANET (which also  does not drop EH packets). However, we found that the major transit providers in the UK DO drop EH packets, including BT, BSKYB, Level 3, H3GUK, EE and ZEN. So we found it hard to see further afield.
>
> As someone who works for Jisc, who operate Janet, we noted from Gorry’s experiment that there was indeed at least one upstream transit provider we use to commercial networks who dropped packets with EHs. On contacting one they denied that such drops were configured or deliberate, despite the evidence being presented by Anna.  We found no way forward from there to determine the underlying cause.
>
> > Within the UK the result we found was that most transit paths encounter EH dropping at some point, and that means we can't "leap over" these obstruction points and look behind them. So I'm unable to device a broad scale  measurement that measures EH drop rates in the larger Internet.
>
> It would be interesting to determine the drop rates in the R&E networks. Our R&E connectivity is almost exclusively via GÉANT, who connect the European NREN backbones, save for a direct path to HEAnet in Ireland. We *think* that R&E networks don’t drop, but as yet have no evidence. I suppose you could tag the R&E networks as “limited domain” in that the new alt-mark and min mtu discovery RFCs published last year might be supported there.
>
> Tim
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email