Re: IPv6 Anycast has been killed by LINUX patch in 2016 - who cares?
Gyan Mishra <hayabusagsm@gmail.com> Tue, 10 August 2021 06:29 UTC
Return-Path: <hayabusagsm@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F7133A2948; Mon, 9 Aug 2021 23:29:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.086
X-Spam-Level:
X-Spam-Status: No, score=-2.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id syOwsbyf0x9H; Mon, 9 Aug 2021 23:29:25 -0700 (PDT)
Received: from mail-pj1-x102e.google.com (mail-pj1-x102e.google.com [IPv6:2607:f8b0:4864:20::102e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D60583A2990; Mon, 9 Aug 2021 23:29:24 -0700 (PDT)
Received: by mail-pj1-x102e.google.com with SMTP id mq2-20020a17090b3802b0290178911d298bso3833729pjb.1; Mon, 09 Aug 2021 23:29:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=iGdpWngDYSCeLDOQfmoclv+Fv06ogoV8NUEjTJizQgw=; b=OG+prGLng50W+rNI0KLc0O8brT1R9NbDn5KgUzS//bDzYt5T+6RRZEtEoIjBW3QsoE 1kVOkAY06r/X46qzvWR8MkOI0Od19xMDmHLexN6pnw7mBt469ozJd5RfXiPUsJKsdX70 QaK0YPDCxIllCiRDoi7Ofmy9lXjRqH6lPwpzI3yBEG4PG4e4XR5ogbKiRC76xcwdJUte VD7aFUzpFPfdNfJXiNsGBA5rMy1sgFBUByq8Yg611rpOj6bCYD3oQkUdQMwojHOammwK KuRG4bksgwH3n3zVep1zqJT6XUS/cUFRB3RLESbYxVkOayzyirgl8YO4OiwOGzMfBqc/ jPPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=iGdpWngDYSCeLDOQfmoclv+Fv06ogoV8NUEjTJizQgw=; b=MXh5S2UhS/CGZxU3jFwosLMNzIL3HMyKIKCMaAUaeK1La/Z/pvK6UpvnxVJthgo+nt LckqXZf/AtyVUhgWHUztdAzNyJCiGnvEvDW7BZ4ppsLE4dDCqLDCme2eHXKke2SaOx3/ AllqnQqiArBVH7C83Ojo1BButTdJCAKCr/1J0ZsRb2ZW+OEkp9KC6aGaOC9zaS5250tx PpgkvXHPX9SAqmegMw8DdA/FQ8bhO1IbkhtS7JDVNG2gaugOqcBhjAQFs70IABrWRr67 XAmtQlIwHwImOTCWeDx60E0hu3p1wgSmaTT4XVjoPNbnCrBoriSQtgsFK278PjZu64N6 KGmw==
X-Gm-Message-State: AOAM533R/a9mlWNA2hyg7Tf79MNevqNBMEIzwaJxQirZcqBQG5KQezR9 SS4TvcAHyFJPid+4vHTMUauz2GZA/SJO8jOP0E0=
X-Google-Smtp-Source: ABdhPJyPllI8MVY3pMYnYlIxhIDwnpTvTBluzvLSbXaBbONtZyudVtW9TAZNzxi5NLlwEZzzZUupC+LdfNV3fNV/yzQ=
X-Received: by 2002:a63:504a:: with SMTP id q10mr239564pgl.383.1628576963194; Mon, 09 Aug 2021 23:29:23 -0700 (PDT)
MIME-Version: 1.0
References: <CALZ3u+aP=v_1=w1xqfEKof7Cc6Ba3pwOYV3O=0b=NxS4hRWhiA@mail.gmail.com> <YRBdZrKV+MrrhUCG@mit.edu> <CALZ3u+aBdE3Bw3_ry+CuV4tS016c4mWewJFpr0aCbBnwj70Vzg@mail.gmail.com> <a3833e04-c123-ef52-95f9-cae80a1390e7@foobar.org> <CAMm+LwiAbiK618+kY9JTLr7_mQd-E5TKyNsGqOLrGQoLzjJo=A@mail.gmail.com> <CALZ3u+bLVUZf1fTHQvAVzOnToiPcsXEyTNt56hNAXz4=-G5-6w@mail.gmail.com> <CAHw9_i+k9x1g3bcst6rHcXpesEVwnPtV6DzsFAxi8dC6CRMZPw@mail.gmail.com> <CALx6S346mqNaE+s1DH7S7RutTpzfrC5oX1No5Jb72sTvVQjtpQ@mail.gmail.com> <CAHw9_i+ELJS_xqcEHM4raq+f=PZ5yw1ptfG3a6VypZmWTo11-A@mail.gmail.com> <CAOj+MMGzWq1OrwBQW_Mz4gB+z9wJSdQnFCkTmWiHi_Tm3ty47g@mail.gmail.com> <YRHx4c8/nOh5aXN1@mit.edu>
In-Reply-To: <YRHx4c8/nOh5aXN1@mit.edu>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Tue, 10 Aug 2021 02:29:11 -0400
Message-ID: <CABNhwV1HdSrzHDLhuSMaWY+9UaHnFYaYo75fN3+JMgMnf+Pnhw@mail.gmail.com>
Subject: Re: IPv6 Anycast has been killed by LINUX patch in 2016 - who cares?
To: Theodore Ts'o <tytso@mit.edu>
Cc: 6man WG <ipv6@ietf.org>, IETF discussion list <ietf@ietf.org>, Phillip Hallam-Baker <phill@hallambaker.com>, Robert Raszuk <robert@raszuk.net>
Content-Type: multipart/alternative; boundary="0000000000006174a405c92e9f02"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/VfaqXM3n2eLSFMmpN5FuyELYTZg>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Aug 2021 06:29:31 -0000
Forgive me for top posting - as this thread has forked into many different topics I try will hit a few of the topics including the subject heading that started the thread …here goes!! Starting with the subject heading .. “ Anycast has been killed by LINUX patch in 2016” Tom Herbert -> This is mid way through the thread in response to Brian and I guess basically this solves this hashing patch backs out the 2016 patch making less aggressive hash so not recompute hash on each RTO but only after a threshold of RTOs - problem solved?? Tom Herbert-> “That's true, however we, Linux developers, certainly value the input and discussion on IETF lists. IMO, the later patch that started to recompute the hash on each RTO probably is too aggressive to be the default behavior on the Internet. I plan to post a patch that makes default less aggressive by restoring the original default behavior to recompute hash only after multiple RTOs. The rehash behavior will be configurable by sysctl and also I'll add a socket option to allow the application to control the behavior per connection thereby resolving Brian's concern” Just so I and others understand - the main issue that sparked this thread is the RFC 7098 use of flow label for TCP application load balancing? In the thread we transformed the topic into IPV6 flow label TCP Anycast load balancing, but the original issue was the Linux patch that changed the hashing for application IPv6 flow label hash for TCP server load balancing to aggressive each RTO which Tom is changing Default back to multiple RTOs? Is that correct ?? RFC 7098 talks about the use of flow label for TCP flow server application load balancing. Most load balancing vendors that I know of have their own variety of methods of load balancing such as round-Robin w/ w/o sticky Session option, source based load balancing and GEO load balancing based on an application Geo datatabase which I know of Citrix is which uses MEP Media Exchange protocol for DNS intercept, GSLB sub domain to be able to provide DNS reply from GEO application database based on client source address. Few other points I will try to address related to ECMP load balancing as that topic came up in relation to RFC 6437 flow label. Some general rules and history on L3 router ECMP IGP or EGP load balancing -: well as other data plane as well in relation to load balancing: The concept of ECMP load balancing historically has been based on vendor specific proprietary algorithm ASIC or NPU based and had been flow or session based load balancing for IPv4 using basic source and destination IP as input keys to a hashing function. For any load balancing to work input key needs to be generated from information called keys within a packet done on a per packet basis, so that these keys within the packet can ensure that the packet gets hashed to the same path to avoid out of order packets. So the per packet input keys in the case of 5-tuple header hash is SA, DA, SP, DP, Protocol is used to generate a 20 bit “entropy” label as an input to a hashing function to provide uniform 50/50 load balancing. This basic “entropy” label principle is applied to MPLS data plane RFC 6790 SR data plane RFC 8662 and NVO3 VXLAN RFC 7348 source port entropy label same 5-tuple header hash key info generated random source port and now the same 5-tuple L3/L4 header hash keys generates the 20 bit flow label input key to a hashing function to provide uniform 50/50 load balancing. Most all modern routers support RFC 6437 stateless uniform load balancing vendor links below of incumbent router / switch vendor stakeholders: IPv6 flow label RFC 6437 stateless uniform 50/50 load balancing is one business driver for operators to migrate to SRv6. Cisco XR https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r6-3/ip-addresses/configuration/guide/b-ip-addresses-configuration-guide-asr9000-63x/b-ip-addresses-configuration-guide-asr9000-63x_chapter_0100.html Juniper: https://www.juniper.net/documentation/us/en/software/junos/sampling-forwarding-monitoring/topics/concept/hash-computation-mpcs-understanding.html Nokia: https://infocenter.nokia.com/public/7750SR215R1A/index.jsp?topic=%2Fcom.nokia.Gx_AVPs_Reference_Guide_21.5.R1%2Fdita_standards.html Arista: https://eos.arista.com/ipv6-rfc-compliance/ Huawei: https://forum.huawei.com/enterprise/en/huawei/m/ViewThread.html?tid=605826&lang=en BGP convergence metrics based on advertisement and withdrawals and BFD 50ms detection time and propagation times convergence within seconds: NANOG 2013 link analysis on convergence times and route propagation benchmarks: https://archive.nanog.org/sites/default/files/monday.general.huston.BGP.21.pdf NANOG 2019 Analysis of internet traffic is 90% CDN traffic: https://pc.nanog.org/static/published/meetings/NANOG76/1972/20190610_Labovitz_Internet_Traffic_2009-2019_v1.pdf Anycast: Anycast proximity based routing has been utilized by operators and enterprises for more almost 2 decades. The initial uses of IPv4 Anycast was for DNS followed by NTP as well as other NMS monitoring services syslog, snmp, IPFIX. RFC 2526 defines IPv6 Anycast which is the last 7 bits of the IID - /121-/128 Reserved for IPv6 Anycast prefixes. As far as I know I don’t know of any implementations or operators using the reserved Anycast range for IPv6 TCP Anycast. I think most all IPv6 Anycast NMS or Application deployments of Anycast have been using IPv4 style RFC 7094 proximity routing based IPv6 Anycast. NANOG link on TCP Anycast: https://archive.nanog.org/meetings/nanog37/presentations/matt.levine.pdf As stated in the deck “don’t believe the FUD that TCP Anycast is not possible” DDOS and Anycast: Cloudfare CDN uses TCP Anycast and apparently had DDOS solution using Anycast. Makes sense. https://www.cloudflare.com/learning/cdn/glossary/anycast-network/ As it seems there are proven implementations and deployments of TCP Anycast both IPv4 application load balancing and IPv6 flow label RFC 6437 / RFC 7098 application load balancing. My guess is that it works with some caveats as revealed in the NANOG archive. I think the question came up in this thread related to L3 ECMP use of RFC 6437 for stateless uniform load balancing and also being able to use RFC 7098 application based IPv6 GUA TCP or IPv6 Anycast TCP load balancing simultaneously. I think that would work as the TCP load balancing is at L4 and L3 ECMP is at L3, and they both reference the per packet 5-tuple generated 20 bit key for both L3 and L4-7 load balancing. I think what would not work in my mind is RFC 6437 stateful signaling from a edge host for flow label value as that would get overwritten by the per packet 5-tuple stateless 20 bit input key to the 50/50 load balancing hashing function. We are thinking of using IPv6 flow label for APN edge marking, which would be stateful edge signaling from APN edge node, however that maybe difficult per above issue with stateless stepping on stateful. Kind Regards Gyan On Mon, Aug 9, 2021 at 11:28 PM Theodore Ts'o <tytso@mit.edu> wrote: > On Mon, Aug 09, 2021 at 10:04:45PM +0200, Robert Raszuk wrote: > > Hi Warren, > > > > There are dire proclamations that IPv6 TCP anycast cannot work.... > > > > > > > Maybe I missed it but I do not recall anyone said this here. > > How about the orignal message which kicked off this entire thread? > Including the hyperbolic subject line: > > *** IPv6 Anycast has been killed by LINUX patch in 2016 - who cares? *** > > - Ted > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > -- <http://www.verizon.com/> *Gyan Mishra* *Network Solutions A**rchitect * *Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>* *M 301 502-1347*
- Re: IPv6 Anycast has been killed by LINUX patch i… Toerless Eckert
- Re: IPv6 Anycast has been killed by LINUX patch i… Mark Smith
- Re: IPv6 Anycast has been killed by LINUX patch i… Jeff Tantsura
- Re: IPv6 Anycast has been killed by LINUX patch i… Mark Smith
- Re: IPv6 Anycast has been killed by LINUX patch i… Toerless Eckert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Toerless Eckert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Brian E Carpenter
- Re: IPv6 Anycast has been killed by LINUX patch i… Michael Tuexen
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Robert Raszuk
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Robert Raszuk
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Robert Raszuk
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Robert Raszuk
- Re: IPv6 Anycast has been killed by LINUX patch i… Simon Hobson
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… David Farmer
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Theodore Ts'o
- Re: IPv6 Anycast has been killed by LINUX patch i… Nick Hilliard
- Re: IPv6 Anycast has been killed by LINUX patch i… Brian E Carpenter
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Jen Linkova
- Re: IPv6 Anycast has been killed by LINUX patch i… Patrik Fältström
- Re: IPv6 Anycast has been killed by LINUX patch i… Ole Troan
- Re: IPv6 Anycast has been killed by LINUX patch i… Patrik Fältström
- RE: IPv6 Anycast has been killed by LINUX patch i… Vasilenko Eduard
- RE: IPv6 Anycast has been killed by LINUX patch i… Vasilenko Eduard
- Re: IPv6 Anycast has been killed by LINUX patch i… Michael Tuexen
- Re: IPv6 Anycast has been killed by LINUX patch i… Michael Tuexen
- Re: IPv6 Anycast has been killed by LINUX patch i… Brian Carpenter
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Nick Hilliard
- Re: IPv6 Anycast has been killed by LINUX patch i… Templin (US), Fred L
- Re: IPv6 Anycast has been killed by LINUX patch i… Phillip Hallam-Baker
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- Re: IPv6 Anycast has been killed by LINUX patch i… Warren Kumari
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- RE: IPv6 Anycast has been killed by LINUX patch i… Vasilenko Eduard
- Re: IPv6 Anycast has been killed by LINUX patch i… Tom Herbert
- Re: IPv6 Anycast has been killed by LINUX patch i… Phillip Hallam-Baker
- Re: IPv6 Anycast has been killed by LINUX patch i… Phillip Hallam-Baker
- Re: IPv6 Anycast has been killed by LINUX patch i… Warren Kumari
- Re: IPv6 Anycast has been killed by LINUX patch i… Christian Huitema
- Re: IPv6 Anycast has been killed by LINUX patch i… Robert Raszuk
- Re: IPv6 Anycast has been killed by LINUX patch i… Warren Kumari
- Re: IPv6 Anycast has been killed by LINUX patch i… Warren Kumari
- Re: IPv6 Anycast has been killed by LINUX patch i… Theodore Ts'o
- Re: IPv6 Anycast has been killed by LINUX patch i… Gyan Mishra
- RE: IPv6 Anycast has been killed by LINUX patch i… Vasilenko Eduard
- Re: IPv6 Anycast has been killed by LINUX patch i… Töma Gavrichenkov
- RE: IPv6 Anycast has been killed by LINUX patch i… Vasilenko Eduard
- Re: IPv6 Anycast has been killed by LINUX patch i… Gyan Mishra
- RE: IPv6 Anycast has been killed by LINUX patch i… Vasilenko Eduard
- Re: IPv6 Anycast has been killed by LINUX patch i… Gyan Mishra
- RE: IPv6 Anycast has been killed by LINUX patch i… Vasilenko Eduard
- Re: IPv6 Anycast has been killed by LINUX patch i… Gyan Mishra
- Driver for SRV6 [Re: IPv6 Anycast has been killed… Brian E Carpenter
- Re: Driver for SRV6 [Re: IPv6 Anycast has been ki… Gyan Mishra
- RE: Driver for SRV6 [Re: IPv6 Anycast has been ki… Vasilenko Eduard
- Re: Driver for SRV6 [Re: IPv6 Anycast has been ki… Stefano Salsano
- RE: Driver for SRV6 [Re: IPv6 Anycast has been ki… Vasilenko Eduard
- Re: Driver for SRV6 [Re: IPv6 Anycast has been ki… Gyan Mishra