Re: Comments on draft-hinden-6man-hbh-processing-00
Tom Herbert <tom@herbertland.com> Fri, 19 March 2021 15:06 UTC
Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 574693A1822 for <ipv6@ietfa.amsl.com>; Fri, 19 Mar 2021 08:06:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Id9OOgUkHmeK for <ipv6@ietfa.amsl.com>; Fri, 19 Mar 2021 08:06:06 -0700 (PDT)
Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20F163A181C for <ipv6@ietf.org>; Fri, 19 Mar 2021 08:06:06 -0700 (PDT)
Received: by mail-ej1-x635.google.com with SMTP id kt15so775203ejb.12 for <ipv6@ietf.org>; Fri, 19 Mar 2021 08:06:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=NyqkU044D9VUAD9U2j+Qh/aaWkcQeX0nF9U486/NzHk=; b=mUCp319GD0MeU71KkGPwUZ/WR86+j7e5Quw2TWlo6BPJAlwBeOsj5If0hK+6wCdcQ+ qlOFQK2jEKFGYMRFFHDBegNpnOHRwolmWyMfj5wY8uCxujROdD2XPnfsAc0enegWsq7j BdPtr2HCq/djRmPFKhBb8zyPgd5ZYVNsfROsG4EZpbC27yY29hE6VhAxAMv9gZZuqloj s/VRXUCrOwYBfW8gWj7jfu5w55esFi087/fatTwG5nBcxeSJAxqx1wirwGQzYeEj37tE Uyb2SBT8RXLqph2SHJisXo/Kn8McozihcgpCHskCaQy1q2F9p5rNzPQMCNQljruuItsd 7f8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=NyqkU044D9VUAD9U2j+Qh/aaWkcQeX0nF9U486/NzHk=; b=HOt51QX/pa61OnfDSwSCuvLbkcN8JXzxy80nOfVywEoM3dNHu//p3Yz7h//7pKRN26 idX2/tgBeMMhSD5AtKvyNjKi5V2gnOf4qTjumyb3d1xPUYkxqkU+VbYiUuyfUzZYaowD IKrJK7ra7EBDGYyDvkkyD6xSZDAuFt/Nt9azChBNiZaKU3rQ+cmzuGw6UxGN21IIbh+R gm7LO5FgAPou1Guz+USAwebkua/jyveHCYNLNnyJiwQfJkkeYOwstsO5Ckbf/UaSrst2 mCfZhymcO28kIsF534B4D3gpHAd/9bUP7WRpxm03bgoaLxadcy4KyhK26BCIQuH+J1sc ZXLA==
X-Gm-Message-State: AOAM533oLgyAGXfNYFMJRaIvfuIX1sKU9A+vIMwOXFlmV89r90taKE2N aplwAEyxbaIe+sxYaJKtXbH+TpPUdNVgwLBPpfB37g==
X-Google-Smtp-Source: ABdhPJyLCXsueNkufA15zQe7GXPiVCNmAaIQNE4RjRAHf8He0X2PyGawFcfCC4dGl8oepzfYD55QCUi2vWyimoOYrFY=
X-Received: by 2002:a17:906:5689:: with SMTP id am9mr4688846ejc.298.1616166362500; Fri, 19 Mar 2021 08:06:02 -0700 (PDT)
MIME-Version: 1.0
References: <CACL_3VEWhSyQt+uz5HyntJ_haYadNMHuCMQCiRY8FW-ntBoLAQ@mail.gmail.com> <B2208374-C92D-46C4-8AFA-7CFAF3EFE6B8@gmail.com>
In-Reply-To: <B2208374-C92D-46C4-8AFA-7CFAF3EFE6B8@gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Fri, 19 Mar 2021 08:05:51 -0700
Message-ID: <CALx6S36J7XhcPht+xuXZd5O__e6JKOQ4QE8Z-OhHiCt=62HFpA@mail.gmail.com>
Subject: Re: Comments on draft-hinden-6man-hbh-processing-00
To: Bob Hinden <bob.hinden@gmail.com>
Cc: "C. M. Heard" <heard@pobox.com>, Gorry Fairhurst <gorry@erg.abdn.ac.uk>, IPv6 List <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/SqImKq2M2Vv1R0egigGeqMV2iQA>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Mar 2021 15:06:08 -0000
On Thu, Mar 18, 2021 at 3:54 PM Bob Hinden <bob.hinden@gmail.com> wrote: > > Mike, > > > On Mar 13, 2021, at 4:36 PM, C. M. Heard <heard@pobox.com> wrote: > > > > Greetings authors and 6man, > > > > Following IETF 110, I read the draft and reviewed both the slides and the mailing list traffic in the first half of December 2020, and I am afraid that I must echo the following comments made by Tom Herbert on Fri, 04 December 2020 01:43 UTC: > > > > I understand the motivation for this draft, but I don't believe that > > forcibly and retroactively restricting a feature in a well deployed > > protocol is the right approach to fix the problem. > > Understood, but I don’t think anything will change regarding support for HBH options unless we do something. I think there is a common quote about doing the same thing and expecting different results. > > > > > It seems to me that the draft has chosen the most disruptive possible way to restrict the number of options in the HbH header. > > Yes as compared to what was in RFC2460, but I note that RFC8200 basically said that HBH only have to be supported if a node was configured to support them. My thinking that supporting one option is much better than none. Bob, That's not entirely clear to me. The major problem with HBH options is that some intermediate devices will summarily drop packets with the HBH EH or relegate them to a slow path and in either case that makes HBH with any number of options difficult to deploy. If intermediate nodes followed the relaxed requirement of RFC8200 then that would be a major step towards making them deployable (there's also the issue of intermediate arbitrarily dropping packets because the "header chain" is too big). Assuming that this issue is overcome, then it makes sense to set some guidelines on how many HBH options should be processed, the recommendation should be something between 1 and 500 (upper limit based on a MTU sized packet filled with two byte options). Personally, I believe eight is reasonable recommendation to support and can be feasibly parsed by in hardware applying latest techniques and should allow sufficient extensibility for the next 25 years. > > > > It seems to me that the objective could be accomplished in a much less disruptive fashion in either of the following ways: > > > > (a) specify that nodes that process the HbH options header MAY ignore all options after the first; > > (b) specify that nodes that process the HbH options header MAY ignore all options after the first non-PAD option > > I think I would be OK with something like (a). It’s possible to do this because the HBH header has the information that would enable a node can easily skip the rest. I don’t think that (b) is that helpful, if a node can skip, it can skip PAD options too. As I mentioned, the generalization of these rules is that a node can process the partial list of consecutive options up to N of them. Assuming that processing a partial list of HBH options is viable, then the guidance would be for what N should default to (where one is a possible value and eight is another as I stated above) > > The proposal would be something like a node SHOULD process the first HBH option in the “fast path”, if there is more than one HBH option, the node MAY process or skip the remaining options. > > I note, this change would eliminate the need for 8-octet alignment and would simplify the proposal. > I think that is only a simplification if the RFC8200 requirement was changed to hosts MUST send at most one HBH option, otherwise padding is still an issue and intermediate devices. The padding options themselves could be constrained to help implementations, a requirement could be set that the amount of padding between two non-padding options could be less than eight octets in length and only one PADN or PAD1 can be set between non-padding options. > > > > Alternative (a) is somewhat simpler, but would require re-specifying any option that requires padding in front if it stands alone inside the HbH header, As best I am able to determine from a review of the existing HbH option specifications, IOAM is the only one that is so affected. > > I wasn’t aware of that. Please explain. > > > Alternative (b) would avoid even that, but it would also require a bit more work from a compliant node. > > Might be better to rework the IOAM option. > > > Either one of these alternatives keeps the specification the same EXCEPT for relaxing the minimum a node is required to meet. Nodes that can process more options would be allowed to to do. That avoids disruption of systems that are already deployed and could be useful in limited domains. I do not see what is gained by requiring nodes to enforce a one-option limit. > > I think are suggesting the proposal be written as a minimum requirement. A node could do more, but isn’t required to. > I think we also need guidance on minimum requirements of byte length of options, EH, and header chains (lest intermediate nodes drop packets with HBH for those reasons) > I think the biggest issue with anything other than only process one HBH option or any number, is how does the node creating the packets know how many to include in a packet? I don’t see much use for HBH if the sender puts in more than are likely be processed. As I said, from a host POV I'm much less worried about whether all the nodes process HBH; in fact, in some scenarios the HBH options might be more or less targeted to some subset of intermediate nodes (for instance the first upstream router that processes a FAST ticket, and that might be intentionally not processed by other nodes in the path). But, if even one node in the path drops the packet because it doesn't like HBH then the whole mechanism is usable on that path. > > I suppose, we could create an IANA registry that defines a value for the minimum number of HBH options that SHOULD be processed by all nodes. Over time if the capabilities of routers increased the number could be increased by an IETF specification. This would be for Internet wide usage, limited domains could do more with local configuration. Yes, that limit and limits on header lengths seem to be needed to move HBH forward. Tom > > Bob > > > > > > > > I note in passing that the proposal to extend RFC 8504 (IPv6 Node Requirements) to apply to intermediate systems would have the same general effect, but would put the simplicity vs capability tradeoff at a different point. > > > > Mike Heard > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > --------------------------------------------------------------------
- Comments on draft-hinden-6man-hbh-processing-00 C. M. Heard
- Re: Comments on draft-hinden-6man-hbh-processing-… Tom Herbert
- Re: Comments on draft-hinden-6man-hbh-processing-… Bob Hinden
- Re: Comments on draft-hinden-6man-hbh-processing-… C. M. Heard
- Re: Comments on draft-hinden-6man-hbh-processing-… Tom Herbert
- Re: Comments on draft-hinden-6man-hbh-processing-… Bob Hinden
- Re: Comments on draft-hinden-6man-hbh-processing-… Greg Mirsky
- Re: Comments on draft-hinden-6man-hbh-processing-… otroan