IETF Logo Mail Archive

Re: Death by extension header (was:RE: New Version Notification for draft-li-6man-hbh-fwd-hdr-00.txt)

Tom Herbert <tom@herbertland.com> Mon, 13 July 2020 18:53 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B97D33A1745 for <ipv6@ietfa.amsl.com>; Mon, 13 Jul 2020 11:53:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H3aZuifgT959 for <ipv6@ietfa.amsl.com>; Mon, 13 Jul 2020 11:53:21 -0700 (PDT)
Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 864633A173D for <6man@ietf.org>; Mon, 13 Jul 2020 11:53:21 -0700 (PDT)
Received: by mail-ej1-x635.google.com with SMTP id n26so18565332ejx.0 for <6man@ietf.org>; Mon, 13 Jul 2020 11:53:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HPOYLsEHf3v52G0flEUwrnxKgTriYxEkdCVxUsQa5Jk=; b=gF+TeHm7DBNaip/NHM3ZNmtjjW7Lwd/JtFjewZ0wPTAKDWjChe005jKXUNwO63guI1 5VxsgzQ/QJ5Ubqw26N3cbJmRM/Nl4+xrlmzZkFphM/eTh0Ykp4VIuBp7EDx3FvKmN4N0 ZRpOvqnetC+TAZIuV7ZND7+f5jWDI5ADK39GQtuWOgMFa47Yx0lwYO+4z1g72skTxpK+ rzR/qpVxKW0YBqZYSWEytuuHcUrduDM8rjkxJ++B2HREfijOIm6aopaRTOrbql2en1l6 aGIqJxiNubFstHksIfSxaj5zBBJrR0wxWR7Yev4fl4vGy4Ya/Frad+WKJC5wSBoL5Q7f G8xg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HPOYLsEHf3v52G0flEUwrnxKgTriYxEkdCVxUsQa5Jk=; b=oyBJpTA+fE3o0HJrDoyMsDlScKId7BX5PcqGpXT7EG3g7N5tXe/lLBbhnwdBXBNm9j uj9G9xhrmXoyJUJxIp+9o+vzLsEtiG7LbDiOEpPZK9yHB71VaEmARgNB+7PTpwxDj98w M/01/1TNSeFpXSZW5TZyXXpuOOXxwK0ggyNfIw4Ui7VN15PkMvyiYwb8xJm1tRfgWwYC 4vdgyRVP4nlMJ51q0nN3ADRiI4pl1yPDeL8tkXFMdE1BEMKtIFKwovP4gE5MaSPRMQvh sDnHo4E5jdGrYg6i5tE+raCpVwCq617ZJocx8ksUiPnmFWNxYZm5i7RgGmMMLecr3KlT 1EOQ==
X-Gm-Message-State: AOAM531u4w144ysQVdOhTIStt8fFFsnsC05s4/IEr2uvGc2JpoPy7T26 WDXF2iAeixdTdOwCJUCNSm4p50qc8PZjyrduR9YBLw==
X-Google-Smtp-Source: ABdhPJwwo9TGiiUNG9QORCJgTr8kZX5J9VsTYDmgMOT/Z8ybWf7JgyNk0GRZNvB4OEdqfpG7UCnq/8O6p2KaT13B8ek=
X-Received: by 2002:a17:906:6b0c:: with SMTP id q12mr1088998ejr.525.1594666399836; Mon, 13 Jul 2020 11:53:19 -0700 (PDT)
MIME-Version: 1.0
References: <DM6PR05MB6348708352E1EE4421A61D63AE650@DM6PR05MB6348.namprd05.prod.outlook.com> <CALx6S34e21BLHRfx+p7agrzzDsx-M-XxB6cZQnWc-d0wqSesRQ@mail.gmail.com> <20200710183228.GV42197@faui48f.informatik.uni-erlangen.de> <6fc66168-f04c-c23e-856c-5a61e1a28f5f@gont.com.ar> <CALx6S37T_7JYW=93iOhaHaq_Kw1CsaFc37sjT3Bo4Sx_wtbfqQ@mail.gmail.com> <c1ecb592-6e99-0dca-90c5-51a19b893af5@si6networks.com>
In-Reply-To: <c1ecb592-6e99-0dca-90c5-51a19b893af5@si6networks.com>
From: Tom Herbert <tom@herbertland.com>
Date: Mon, 13 Jul 2020 11:53:08 -0700
Message-ID: <CALx6S36m75249_Gk33n-6ZEahfod6hi5snD0u07ZjCPhH0fj7Q@mail.gmail.com>
Subject: Re: Death by extension header (was:RE: New Version Notification for draft-li-6man-hbh-fwd-hdr-00.txt)
To: Fernando Gont <fgont@si6networks.com>
Cc: Fernando Gont <fernando@gont.com.ar>, "6man@ietf.org" <6man@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/PZPjlUaPIDDLrd93lFRICW0Syyo>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jul 2020 18:53:23 -0000

On Mon, Jul 13, 2020 at 11:34 AM Fernando Gont <fgont@si6networks.com> wrote:
>
> On 13/7/20 15:11, Tom Herbert wrote:
> > On Mon, Jul 13, 2020 at 11:01 AM Fernando Gont <fernando@gont.com.ar> wrote:
> >>
> >> On 10/7/20 15:32, Toerless Eckert wrote:
> >>> IMHO: See my email earlier in the thread about punting stuff to slow-path, especially when/before
> >>> you figure out that you should have just ignored something at linerarte.
> >>>
> >>> Aka: not sufficiently prescriptive RFCs + bad implementations == extension header based features killed in deployments.
> >>
> >> Indeed. And add to that that the EH structure itself seems to be rather
> >> unfriendly with some popular hardware architectures. (unless with "not
> >> sufficiently prescriptive RFCs" you are meaning to set the maximum
> >> EH-header chain length to some sane value that folks might agree to
> >> comply with).
> >>
> >
> > RFC8504 implicitly does that for number of Hop-by-Hop or Destination
> > options in a packet:
> >
> > "A host MAY impose a limit on the maximum number of non-padding
> > options allowed in the destination options and hop-by-hop extension
> > headers.  If this feature is supported, the maximum number SHOULD be
> > configurable, and the default value SHOULD be set to 8."
> >
> > The default value of eight was derived from the number of already
> > defined options, extrapolation of new options that might be defined
> > and deployed, and discussions with some HW vendors that they can
> > efficiently process a small number of TLVs (as opposed to hundreds in
> > a packet that are possible without a limit).
>
> Kudos to RFC8504 and authors for that- That said, given that options may
> have a rather unlimited length, is that enough? It would seem to me that
> the most important thing is that E-H header length, as opposed to the
> length of individual options, or ther number of options...
>

Fernando,

draft-ietf-6man-icmp-limits-08 defines the ICMP errors for limits of
number of options, length of extension headers, length of extension
header chain, etc. However, I don't believe any default limits are
suggested other than the RFC8504 limits.

Wrt byte length, the most interesting limit with regards to routers is
when the aggregate length of the header chain exceeds the size of the
parsing buffer in the device. As I understand it common lengths of
parsing buffers are 128, 256, or 512 bytes. That might suggest the
default minimum should be 128 bytes or maybe 256 bytes. That is, we
would expect that routers should be able to process IP header,
extension headers, and first four bytes of transport header (e.g. to
get ports for ECMP) fit in the parsing buffer in the first N bytes of
the packet. We can narrow this down if the standard is followed such
that routers only process the IPv6 and HBH headers, intermediate
destinations in a routing header only process headers through the
routing header, and end hosts process all options.

Tom


> Thanks,
> --
> Fernando Gont
> SI6 Networks
> e-mail: fgont@si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
>

v2.23.0 | Report a Bug | By Email