IETF Logo Mail Archive

Re: I-D Action: draft-voyer-6man-extension-header-insertion-02.txt

Mark Smith <markzzzsmith@gmail.com> Sat, 02 December 2017 00:50 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 526A8126C25; Fri, 1 Dec 2017 16:50:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.497
X-Spam-Level:
X-Spam-Status: No, score=-1.497 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HcTGN5x6vmGb; Fri, 1 Dec 2017 16:50:30 -0800 (PST)
Received: from mail-ua0-x22f.google.com (mail-ua0-x22f.google.com [IPv6:2607:f8b0:400c:c08::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6A6A126C26; Fri, 1 Dec 2017 16:50:29 -0800 (PST)
Received: by mail-ua0-x22f.google.com with SMTP id e10so9129863uah.10; Fri, 01 Dec 2017 16:50:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=OrCihBXELXXOpEob6QiYJb59Aqh6fg7XmRSjv/zlKc8=; b=gvFiIZ7jLOQwY8cZIZWsdCDz6TeB8J6lV6VOnNhx8MJ4vRAPO+RcHvEbJ+q3zSAveH SbtYy7QAo25o6P1CWKQdLZ+zkodD4PWAF6zeCLMfzKjYl4NtT5ixMJutQIBoFDyAwOVP sGERDjLCxEJv3gWDOG+zHgMx/uadf+WE5N7I4db6+01O7RRfVTsm7pR6mKesJncWXYr6 FYOrtHBxHC04KzLcAlg6lkMZWd1/7wRUgFq3KC+QL9ZDAEm9Pp8UowZMEbNQWIKuoVDP qDNe+UwObHqqnGUq9rMbXcyUtCL4fooU4LqQgebCK8tEzutJch3WDR/4F238IVd0HZDb XkkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=OrCihBXELXXOpEob6QiYJb59Aqh6fg7XmRSjv/zlKc8=; b=P04dCXVavYnIJibRzfkcnoEUTMnIBQ1hlNX6BFyPZzZ2Jwwx+SSuV6S/0hd3L0p1oC Le50ePJDQ/GEHi7opVqbJi/R438cC6JpHTOgtSGavRRkPR41rqCYhF4WupzERhUVUuPh RD9bXcRW0BhogVojxENx7JjwowcnAPnL10qJHFjHY9OI0Tog1P50JlWJpc7hOVxkvwZF hZDrIr0R0GzYuTSru0g0gfqvYaO4UnwPGgAvVK0KephYD9WRjWUj5v5ZFEfsVfH3kPxa 4hVYsvc1wBb4n0GixDXBJxbv0C7g/oEmE1huoOelmb6APApfwgQ1l6YOqT2T3FhRktr0 oGtA==
X-Gm-Message-State: AKGB3mKngDZcfO3/3mruZK5oCEHyGlDh2+9kZ1jLd4A5lZaSu3nD+fF1 njzxxKVrVyFdei8Ynm3EOYvvMfYF1Z9+VGBN7go=
X-Google-Smtp-Source: AGs4zMaJNlLLqF3XQeoSSbXT4UrJGcvuJrOzCvqLzvsT35b1ImriqL4skAinrukOtHppBeOqvNAllrw2HQuZ4ZozPUY=
X-Received: by 10.176.78.17 with SMTP id g17mr6099898uah.169.1512175828482; Fri, 01 Dec 2017 16:50:28 -0800 (PST)
MIME-Version: 1.0
Received: by 10.176.16.129 with HTTP; Fri, 1 Dec 2017 16:49:57 -0800 (PST)
In-Reply-To: <CA+b+ERmxW9fwYx1nn1am=qdsROxX6nmnd_7vFRV9d2cZpeVrZw@mail.gmail.com>
References: <151120281628.21912.1099097760493570225@ietfa.amsl.com> <4ca3fd6b-4cd6-f6ac-ce03-415c2c9a4c3c@gmail.com> <f4425076-2f76-5713-2819-9d26671d56bb@si6networks.com> <4E92F160-C586-4C7B-BAEF-97C204856A8A@employees.org> <bc9d7f57-8687-7f85-8ac3-49751683232b@si6networks.com> <CA+b+ERnKbRXgFycgKd7EXMVvS1Mu_RTC5tfPbNE781TDZ49rYA@mail.gmail.com> <CALx6S34XAA7Fo96Es9z1Yz+Eo9XdWvPHXmCAcw_WSzP8JNjKuQ@mail.gmail.com> <CA+b+ER=6AJAKY-7YREQXv6VQ7XSAQrpDd-=bcqA2hLUXSKq_Mg@mail.gmail.com> <CALx6S37MuMUbL+JBrBEeqrwX_A7+3UX4YcHs011GjuEqWQ4q9w@mail.gmail.com> <CA+b+ERmxW9fwYx1nn1am=qdsROxX6nmnd_7vFRV9d2cZpeVrZw@mail.gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Sat, 02 Dec 2017 11:49:57 +1100
Message-ID: <CAO42Z2w5GUZnR29dtdW0FSq-ziKCO3fx1WWh1HhfR=LhdXwdgw@mail.gmail.com>
Subject: Re: I-D Action: draft-voyer-6man-extension-header-insertion-02.txt
To: Robert Raszuk <robert@raszuk.net>
Cc: Tom Herbert <tom@herbertland.com>, Fernando Gont <fgont@si6networks.com>, draft-voyer-6man-extension-header-insertion@ietf.org, 6man WG <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/QMCDJGohJO0NomCsO0FzzkeH4VI>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Dec 2017 00:50:32 -0000

On 1 December 2017 at 09:07, Robert Raszuk <robert@raszuk.net> wrote:
> Tom,
>
> The biggest advantage of SRv6 in contrast to SR-MPLS is that the SRH (one or
> more) are not modified through the SR applicability of the packets.
>

I'd have thought the biggest advantage and actual motivation for using
IPv6 for this was to leverage IPv6's near and definite future
commodity. MPLS required forklift upgrades to networks, if you use
IPv6 per RFC8200 (and its predecessors), the majority of existing IPv6
networking devices will work and can continue to be used without
change. and only those that are doing something special need to be
changed.

> So node which understands SRv6 can generate ICMP to both src of the packet
> (poor host) as well as ingress node in SR domain (as it is explicitly listed
> in Ingress Node TLV of first SRH). Node which does not understand SRv6 will
> likely only send it to original src .. but this is a feature not a bug. This
> is how traceroute works.

No, it is not the same as traceroute operation.

Traceroute works on the assumption that the packet headers in the ICMP
response payload match those of the packet that triggered the ICMP
message. That is how the host running traceroute knows which
traceroute process to send the API error message to that then
generates the traceroute hop output.

If the traceroute source host sends IP/UDP or IP/ICMP to trigger the
ICMP messages for tracerouting, yet receives in the ICMP payload
"IP/SRH/UDP" or "IP/SRH/ICMP", and doesn't understand the SRH header
or isn't enabled to understand the SRH header and read past it (which
is probably going to be all end-user hosts), how can the receiving
host know which traceroute process to send the API error to?
Traceroute won't report the hop because it won't receive the sockets
API error message that reports it.

It isn't just traceroute that relies on this, it is all of ICMP. EH
insertion violates that assumption, which is why EH insertion can or
may cause many unexpected ICMP protocol and operational failures.
PMTUD is one of the main examples.

>
> If you do encap how will host now see all the nodes on the way traceroute or
> tracepath ?

They don't see link-layer hops today. An IPv6-in-IPv6 tunnel is using
IPv6 as a link-layer. That's the point of an IPv6-in-IPv6 tunnel - to
make an IPv6 network appear as a single link-layer hop.

> Do you think that hosts admins will be happy to be blinded by
> 6man ?
>

Host admins aren't the actual audience for traceroute, network
operators troubleshooting networks are. We're well familiar with
troubleshooting virtual links that may or may not hide the actual
physical topology and infrastructure, because we configure and operate
it. Ideally host admins should never need to run traceroute because
the network is designed and being operated well enough that paths that
hosts use over it are predictable and testable within the network.

> Btw I am not the one who ever claimed applicability to "controlled networks"
> or "wall gardens" so don't try to use that one with me :)). For me the much
> bigger question is what should go into data plane and what is better to go
> in control plane. We may end up with both and let customers/operators
> choose. But hand waving that doing innovation in data plane is scary is not
> the approach I would endorse.
>

I'll ignore the further logical fallacy appeals. However, I'll address
a point about innovation.

Innovation commonly occurs within existing constraints, to avoid
needing to "boil the ocean". All those innovative electric and self
driving cars and trucks we're hearing about daily? They don't require
that we rip up and replace all the roads, the street signs or traffic
lights, or widen the lanes. They're compatible with our existing road
infrastructure, which is one of the significant values of them as an
innovation. The required costs and resources to adopt them are far
lower because of the compatibility with the existing infrastructure.

If they required changing both the vehicle and the infrastructure they
ride on or in, they wouldn't be called cars, and would cost far more
money to develop and deploy (and would be called "Hyperloop" for
example), and need to carry far greater numbers of people at once to
justify the expense. They wouldn't be individual or small group
transport vehicles, and wouldn't be within financial reach of most
individuals.

Compatibility is one of the 5 factors that influence the adoption of
an innovation. There's a summary of all 5 in this presentation
starting at slide 8 -
http://www.users.on.net/~markachy/The_Rapid_Rise_of_the_MMHH.pdf


> We would be still doing token ring or FDDI ....
>

Another attempt to use emotional appeal rather than technical
argument. Please stop trying to use that method to argue your point,
it doesn't work.

Regards,
Mark.


> Cheers,
> R.
>
>
> On Thu, Nov 30, 2017 at 10:54 PM, Tom Herbert <tom@herbertland.com> wrote:
>>
>> On Thu, Nov 30, 2017 at 1:25 PM, Robert Raszuk <robert@raszuk.net> wrote:
>> > Tom,
>> >
>> > Imagine the case where packets are subject to go via service chains. I
>> > can
>> > steer the packet to the router which has service nodes connected to it
>> > but
>> > original src address may be used to decide which service given packet is
>> > subject to take.
>> >
>> > Sure I can impose an SR function and map it up front such that the
>> > router
>> > above would never need to inspect src address, but why to construct such
>> > architecture which only allows limited set of network programming as
>> > opposed
>> > to offer the choice on how to setup things by network operators ?
>> >
>> Robert,
>>
>> Because the architecture, or at least protocol, is not correct.
>>
>> Suppose a device inserts an EH into a packet that downstream causes
>> the packet to be dropped and generates an ICMP error which goes back
>> to the source. What is a source host supposed do with this? It might
>> be able to determine that it didn't send the EH, and if it's lucky it
>> might even be able to parse the offending EH and maybe even sees the
>> problem that caused the error. But then what? How does the host tell
>> the network to stop mucking with its packets so that they no longer
>> get dropped and the source host doesn't get blamed?
>>
>> ICMP handling is just one of several issues that needs to be
>> addressed. If the only answer is that these aren't concerns because
>> the protocol is only deployed in controlled networks, then I claim
>> that's nothing more than hand waving which is not robust and doesn't
>> scale.
>>
>> Tom
>
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email