Re: [IPv6] [Int-area] New Draft - ICMPv6 Loopback
Tal Mizrahi <tal.mizrahi.phd@gmail.com> Wed, 21 June 2023 04:54 UTC
Return-Path: <tal.mizrahi.phd@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A154FC14CE39; Tue, 20 Jun 2023 21:54:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.096
X-Spam-Level:
X-Spam-Status: No, score=-1.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Et11bPwrWN1H; Tue, 20 Jun 2023 21:54:05 -0700 (PDT)
Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0EE0BC14CEFA; Tue, 20 Jun 2023 21:54:05 -0700 (PDT)
Received: by mail-io1-xd32.google.com with SMTP id ca18e2360f4ac-760dff4b701so74448339f.0; Tue, 20 Jun 2023 21:54:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1687323244; x=1689915244; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=nWX6qgc+V+2Hqs9fGO4yVzbQ52/JYIijniuZfkxuGPI=; b=P/1bqIWejQgdG+pb55w/7tM+mzyhKePK26/3pvvTtyYsSTJXHDbvimQ61ekwV48m9B Ws5WZQluM3wzshp0RxP1S2y4c9YtzKt3H2iD90erco67mt22AMNDPcnrdUVKz7J08wGs VPl9q+W434Ln2JnebeVImNiAl8AlbslXNHQINJ4EogEFRSpuh4caAmCLi7mCf7oH8R1r jjDFSiGBYYVf7iWZI/jVyxswc8DS7raEPCN1DqiD7YQ1xpxmNn8HBp8jIzTuvKbjYQbm 6qG6PUdF+VMT5HRyAUYhq16LcnfGtUT2TjoTPkhsICEQ0NBQw6ShL5fArNVdUjSmUX9K px0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687323244; x=1689915244; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nWX6qgc+V+2Hqs9fGO4yVzbQ52/JYIijniuZfkxuGPI=; b=fstH18aiwuD+DwiFele27b8HryLyLeCaBYPXLKDHKFQUfI0U7o9TG7bISaeUwV8Qb8 nHzouYjkS3EyhsuHfGFG+LmEsIsY85NMqaJd3vC31KTyV2jf7JgRUsezCpbOw9hMr2NA n4ZeHPYXAThzyhKdp5BkIooLpDSIzbzJkwwGKvj4FYXAcTBiUUOyox14lDXXxssNfT0V aev09OghiIQNwGWsHXsmfrkK72zoFMWorzRvctJvSHFgSir0MhsHSnmAT+mZUIPSaaC2 KeWB5cR71aHKbZH1/f5wtY9Ks63Q9mmTwiaXJIvIepJ09KVuQ9nQrNMD6dNSy43/KUFI Ae7w==
X-Gm-Message-State: AC+VfDyPCIa99d11fgHw8WJeQ9l5aHiizoxc5nBoKveeh5OWKqnseB8x u6Aw3Zaz4xElxxqZ7bR6npewslYytStTp1PyAQ/o/X58
X-Google-Smtp-Source: ACHHUZ57BQ7mvgUbP/UChV5gBWbEwyZ7t+IEUmzlEjaa3uk5ztEeTNeUqpC5we1TZHcrB2M7alDby04pQ6ETDqTR+SU=
X-Received: by 2002:a6b:b744:0:b0:77e:23a7:c9eb with SMTP id h65-20020a6bb744000000b0077e23a7c9ebmr11754299iof.0.1687323243900; Tue, 20 Jun 2023 21:54:03 -0700 (PDT)
MIME-Version: 1.0
References: <CABUE3Xm5nT4R8wUu6FfXW0u66YoyDS45cRTuiGjRJ0CRGsevnQ@mail.gmail.com> <908A768F-F9CF-468A-A7C1-27736FE10BFE@gmail.com> <5B0C59DC-BD03-4BEE-A719-6E892F61F916@cisco.com> <CABUE3Xk--WodVbGFQtJvPTdtH154bNE6nufxoFDJuh6nVbpFRg@mail.gmail.com> <95cdc678-a7c8-078f-08aa-6aac9c053b15@gmail.com>
In-Reply-To: <95cdc678-a7c8-078f-08aa-6aac9c053b15@gmail.com>
From: Tal Mizrahi <tal.mizrahi.phd@gmail.com>
Date: Wed, 21 Jun 2023 07:53:51 +0300
Message-ID: <CABUE3Xnt+r3nWPFeui3dqQTXpTUUOudyTfkGJm=bL57ySevjLw@mail.gmail.com>
To: Valentin Heinrich <v.heinrich99@gmail.com>
Cc: int-area@ietf.org, ipv6@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/RaI-bV1yi1dX-0g8DNJgf2mQF4Q>
Subject: Re: [IPv6] [Int-area] New Draft - ICMPv6 Loopback
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jun 2023 04:54:08 -0000
Hi Valentin, Thanks for this valuable data. Based on your findings, the good news is that new codes will most likely traverse NATs, and the bad news is that most hosts will respond according to the "old" behavior without checking the code value. In light of the latter observation, I would say that new behavior *from the responder* requires a new ICMP type. However, more feedback about this assessment is welcome. Cheers, Tal. On Tue, Jun 20, 2023 at 8:45 PM Valentin Heinrich <v.heinrich99@gmail.com> wrote: > > we had similar questions when working on reverse traceroute > (https://datatracker.ietf.org/doc/html/draft-heiwin-intarea-reverse-traceroute). > Should we use new ICMP types or extend existing ones with a new code? > > We actually conducted measurements to test deployability of those two > choices. > One of the big question marks was whether new ICMP messages using a new > type are able to traverse common NAT middleboxes. > Unfortunately, as one would probably expect, new ICMP types are most > commonly filtered (or they just bypass the NAT, which is just as bad as > they are forwarded untranslated into the public internet). > We then sent ICMP Echo requests with the new codes 1 and 2 through those > same NAT boxes. > Only a single NAT box (out of 12) dropped the corresponding Echo > response message and in all other cases both requests and replies > correctly traversed the NAT. > In this regard, our measurements showed that extending existing ICMP > Echo messages with new codes is the way to go if immediate deployability > is the goal. > > We then also performed a measurement to assess the deployment of ICMP > Echo messages with new codes on the public Internet. > We probed over a million hosts that correctly responded to regular ICMP > Echo requests (code 0) with ICMP Echo responses. > To each of those hosts we sent ICMP Echo requests with code 1. Over 92% > of the probed hosts responded with an ICMP Echo response and reflected > the new code back in their response. > The fact that we received that many "reflective" responses shows us, > that ICMP Echo messages (both request and response) with a new code make > it through the Internet unfiltered and unaltered in the vast majority of > cases. About 3% of the probes were answered with a regular ICMP Echo > response (code 0), thus not reflecting the request's code back. > > For more details of the measurement study, you can have a look at this > talk: https://youtu.be/Y7NtqLEtfgjU?t=63 > > Or listen to this episode of the Ping Podcast: > https://blubrry.com/ping_podcast/94883480/reverse-traceroute-its-just-traceroute-but-the-other-direction/ > > > One caveat is however that we conducted these measurements only on IPv4. > Results might or might not differ for IPv6. > For reverse traceroute, which itself implements both ICMP and ICMPv6, we > have however successfully tested our implementation across the public > internet. > > I hope this data point helps in this discussion. > > On 07.06.23 06:30, Tal Mizrahi wrote: > > Bob, Eric, > > > > Thanks for the feedback. > > Defining a new code for ICMPv6 Echo rather than defining a new type > > may be the right way to go. > > Our main concern with this is that RFC 4443 defines what to do with an > > unknown type, but does not define what to do with an unknown code. It > > is not clear what existing implementations do when receiving an Echo > > Request with an unknown code. That is why the current draft calls for > > a new type. However, we are open to more feedback about this, and it > > may end up being just a new code. > > > > Cheers, > > Tal. > > > > On Tue, Jun 6, 2023 at 8:33 PM Eric Vyncke (evyncke) <evyncke@cisco.com> wrote: > >> Without any hat, I agree with Bob. > >> > >> This I-D should eventually go to 6MAN WG though (with my AD hat) > >> > >> -éric > >> > >> On 06/06/2023, 08:34, "Int-area on behalf of Bob Hinden" <int-area-bounces@ietf.org <mailto:int-area-bounces@ietf.org> on behalf of bob.hinden@gmail.com <mailto:bob.hinden@gmail.com>> wrote: > >> > >> > >> Tal, > >> > >> > >> I did a quick read of your draft. > >> > >> > >> As noted in the draft this seems to be very similar to ICMPv6 Echo/Echo Reply. The change is to include the request packet in the response, not just the payload. > >> > >> > >> While I don’t have any real opinion on the need for this, I do think it would be a lot simpler if the draft just defined a new Code field value for Echo Request/Reply that specified this behavior. Currently the Code field is set to zero, another value could specify this behavior. > >> > >> > >> Deployment might be easier as I suspect ICMPv6 types other than the current definitions will be filtered in many places. > >> > >> > >> Bob > >> > >> > >> > >> > >> > >> > >>> On Jun 6, 2023, at 4:54 AM, Tal Mizrahi <tal.mizrahi.phd@gmail.com <mailto:tal.mizrahi.phd@gmail.com>> wrote: > >>> > >>> Hi, > >>> > >>> New draft: https://datatracker.ietf.org/doc/draft-mcb-intarea-icmpv6-loopback/ <https://datatracker.ietf.org/doc/draft-mcb-intarea-icmpv6-loopback/> > >>> > >>> We have posted a new draft that proposes two new ICMPv6 message types: > >>> Loopback Request and Reply. > >>> ICMPv6 Loopback is very similar to Echo, except that after a Loopback > >>> Request is sent, its corresponding Reply includes as much of the IPv6 > >>> Loopback Request packet as possible, including the IPv6 header and > >>> IPv6 extension headers and options if they are present. > >>> > >>> We believe that ICMPv6 Loopback can be very useful for returning IPv6 > >>> options that were included in Request packet back to the sender, > >>> including for example sending IOAM [RFC 9197] data from the Request > >>> back to the sender, sending the SRH [RFC 8754] of the Request back to > >>> the sender, as well as for in-progress / future protocols such as > >>> draft-filsfils-spring-path-tracing and draft-kumar-ippm-ifa. > >>> > >>> We would be happy for feedback, as well as suggestions about whether > >>> the INT-AREA WG is the right place to discuss this draft. > >>> > >>> Cheers, > >>> Tal. > >>> > >>> _______________________________________________ > >>> Int-area mailing list > >>> Int-area@ietf.org <mailto:Int-area@ietf.org> > >>> https://www.ietf.org/mailman/listinfo/int-area <https://www.ietf.org/mailman/listinfo/int-area> > >> > >> > >> > >> > > _______________________________________________ > Int-area mailing list > Int-area@ietf.org > https://www.ietf.org/mailman/listinfo/int-area
- Re: [IPv6] [Int-area] New Draft - ICMPv6 Loopback Tal Mizrahi
- Re: [IPv6] [Int-area] New Draft - ICMPv6 Loopback Erik Kline
- Re: [IPv6] [Int-area] New Draft - ICMPv6 Loopback Justin Iurman
- Re: [IPv6] [Int-area] New Draft - ICMPv6 Loopback Luigi IANNONE
- Re: [IPv6] [Int-area] New Draft - ICMPv6 Loopback Florian Obser
- Re: [IPv6] [EXTERNAL] Re: [Int-area] New Draft - … Robinson, Herbie
- Re: [IPv6] [EXTERNAL] Re: [Int-area] New Draft - … Tal Mizrahi
- Re: [IPv6] [Int-area] New Draft - ICMPv6 Loopback Michael Richardson
- Re: [IPv6] [Int-area] New Draft - ICMPv6 Loopback Tianran Zhou
- Re: [IPv6] [Int-area] New Draft - ICMPv6 Loopback Tal Mizrahi
- Re: [IPv6] [Int-area] New Draft - ICMPv6 Loopback Michael Richardson
- Re: [IPv6] [Int-area] New Draft - ICMPv6 Loopback Tal Mizrahi
- Re: [IPv6] [Int-area] New Draft - ICMPv6 Loopback waldemar