IETF Logo Mail Archive

Re: [Technical Errata Reported] RFC8200 (5933)

Alexandre Petrescu <alexandre.petrescu@gmail.com> Fri, 13 December 2019 09:21 UTC

Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A35C11201EA for <ipv6@ietfa.amsl.com>; Fri, 13 Dec 2019 01:21:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.632
X-Spam-Level:
X-Spam-Status: No, score=-2.632 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FP3ICQRMiDhJ for <ipv6@ietfa.amsl.com>; Fri, 13 Dec 2019 01:21:00 -0800 (PST)
Received: from oxalide-smtp-out.extra.cea.fr (oxalide-smtp-out.extra.cea.fr [132.168.224.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43D18120115 for <ipv6@ietf.org>; Fri, 13 Dec 2019 01:21:00 -0800 (PST)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by oxalide-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id xBD9KujZ020502; Fri, 13 Dec 2019 10:20:56 +0100
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id B8BFE202C88; Fri, 13 Dec 2019 10:20:56 +0100 (CET)
Received: from muguet1-smtp-out.intra.cea.fr (muguet1-smtp-out.intra.cea.fr [132.166.192.12]) by pisaure.intra.cea.fr (Postfix) with ESMTP id A67B8200BEC; Fri, 13 Dec 2019 10:20:56 +0100 (CET)
Received: from [10.8.35.150] (is154594.intra.cea.fr [10.8.35.150]) by muguet1-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id xBD9KurD008884; Fri, 13 Dec 2019 10:20:56 +0100
Subject: Re: [Technical Errata Reported] RFC8200 (5933)
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, Fernando Gont <fgont@si6networks.com>, Tom Herbert <tom@herbertland.com>
Cc: 6man <ipv6@ietf.org>
References: <20191211032724.46F77F406F3@rfc-editor.org> <468d4c89-d71f-5c7d-6929-8b1a88000df5@gmail.com> <CALx6S376jNUDDSQnguAAa_qZGQNzt=eQ_pnTH7V6U8d+cFFsTw@mail.gmail.com> <f82bdfbf-1ded-9d3f-2d12-53357324b693@gmail.com> <f74d86bd-ee03-05e6-cc1d-d97cf895173f@si6networks.com> <ff12c1b4-f4e5-3e5e-51e2-937c0ef35d72@gmail.com>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <6f77d2a3-eb63-7c3c-bc18-bf7237e8585c@gmail.com>
Date: Fri, 13 Dec 2019 10:20:56 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.3.0
MIME-Version: 1.0
In-Reply-To: <ff12c1b4-f4e5-3e5e-51e2-937c0ef35d72@gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Rik1m9lwaFl4lGRd_8SRnbemq9o>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Dec 2019 09:21:02 -0000


Le 12/12/2019 à 20:32, Brian E Carpenter a écrit :
> On 13-Dec-19 06:38, Fernando Gont wrote:
>> On 12/12/19 05:12, Alexandre Petrescu wrote: [....]
>>>>> 
>>>>> This final destination is somehow a strange concept.  It can
>>>>> be a computer node that owns several addresses.  But this is
>>>>> difficult with virtualization.  Owning one address is
>>>>> difficult to prove as well.
>>>>> 
>>>> Agreed. This could also be contorted to mean that the lower
>>>> part of the stack in final destination node might be allowed to
>>>> insert extension headers in a packet before delivering to the
>>>> application.
>>> 
>>> Right.
>>> 
>>> That means that a new item could be part of the list of limited
>>> domains (currently Enterprise and Computer Farm).
>> 
>> THere's no IETF consensus for limited domains.
> 
> Correct, but they do exist in the real world ;-)
> 
>> SO I have no idea how that could/should influence RFC8200.
> 
> Actually there are a lot of IETF standards with explicit support for
> local features, and there are a lot of uses of locally significant
> parameter values. So IPv6 *could have been* specified to support
> local features, but it wasn't. That's where we are.

I agree IPv6 could have been specified to support local features, and
that's where we are.  It is a positive note.

I would like to extend it with another positive note.

RH0 (Routing Header type 0) was mandated in RFC2460.  It was
subsequently used in other specs and implementations, like Mobile IPv6.
  It hurt to see it disappear in RFC8200, but there must be reasons for
that.  These reasons seem important.

Other spec and implementation trying variations of routing headers is
RPL.  It is today in the same state: no widespread deployment, has
security issues, but is rather ok in a limited domain.

I now wonder whether the SRH concepts take these reasons into account
(RFC5095ish on security of Routing Header), and lack of deployment on a
wide scale.

If not, then we risk arriving at the same situation as with RH0: spec
it, implement it, realize its lack of security and deployment, and then
get rid of it.  I do not know what are the encouraging things about SRH
such as to hope it will be better than RH0 and will not lead to an
RFC15095ish that deprecates SRH.

The idea to remove Segments Left altogether from RFC8200 is something
that could be considered.

Alex


> 
> Brian
> 
>> 
>> 
>> 
>> [....]
>>>> I think it's more direct to simply say that inserting or
>>>> removing extension headers is not allowed at any node.
>>> 
>>> I agree.
>> 
>> We could do that, and then only comment on the "processing" bit for
>> the various Extension Headers.
>> 
>> 
>>> 
>>>> A source node creates packet with them, it doesn't insert
>>>> them. Similarly, the final destination discards extension
>>>> headers after processing them as part of the normal terminal
>>>> processing of the packet, it doesn't remove them.
>>>> 
>>>> I suggest this text:
>>>> 
>>>> "The source node of a packet, identified by the source address,
>>>> may include extension headers in a packet when it is created.
>>>> Extension headers must not be inserted or removed, and the
>>>> length of any extension header must not be changed, by any node
>>>> for the lifetime of
>>> ^^ other: any _other_ node
>>>> the IPv6 packet. Note that it follows from these requirements
>>>> that the length of an IPv6 packet cannot change once the packet
>>>> has been created by the source node.
>>> 
>>> I agree.  That is a typical requirement following from the Smart
>>> End Dumb Network principle.  It is also told as "packets are not
>>> modified en-route, with the only exceptions of decrementing the
>>> Hop Limit field, and the Segments Left field if present".
>>> 
>>> One example that modifies packets en-route is the modification of
>>> the src address.  This is forbidden.
>> 
>> HOw is this related to what we're discussing?
>> 
>> 
>> 
>> 
>>> Another example that does not modify packets en-route, but
>>> creates other packets by incorporating the untouched orignal is
>>> the ESP encapsulation of VPN Gateways.  This is allowed.
>> 
>> That's encapsulation. We're talking about EH 
>> insertion7removal/processing here.
>> 
>> Thanks,
>> 
>

v2.23.0 | Report a Bug | By Email