IETF Logo Mail Archive

Re: Comments on draft-herbert-ipv6-update-dest-ops

Tom Herbert <tom@herbertland.com> Mon, 20 August 2018 17:16 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A28D7130E6F for <ipv6@ietfa.amsl.com>; Mon, 20 Aug 2018 10:16:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HWD-1WhyCTcB for <ipv6@ietfa.amsl.com>; Mon, 20 Aug 2018 10:16:08 -0700 (PDT)
Received: from mail-qt0-x22f.google.com (mail-qt0-x22f.google.com [IPv6:2607:f8b0:400d:c0d::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18E9B130E6D for <ipv6@ietf.org>; Mon, 20 Aug 2018 10:16:08 -0700 (PDT)
Received: by mail-qt0-x22f.google.com with SMTP id o15-v6so11019823qtk.6 for <ipv6@ietf.org>; Mon, 20 Aug 2018 10:16:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=+2g0N0Jl6p5s/xFTmGcj/Kj6UIsnVVxuO3z4xW0dNhA=; b=WH/Ioyoiy/8m2WZbAkPolp0KyirT+XJ2AmKY5sl0xGqiKf4pA4eGF1tqNtlsi/ug6k ms6KpfTnUIneWjRfHLRubiWklMxtl2yEaUw9GbSH7LBm7BUyDCQS+ROIJd3z6c9QSBXx U6baNfb3QbKWatpCJ4wjeJwbFOno5FtY+XyYogOP4pMlFJIlZDq/0PV4xB8K6wLBEXDX sMIKCIge3nsvK5myFi+PsiorLb6xpTfd5nEQOvPlkJnm4zE4qIdFPMpet8dr2ae0U2cd TwU0KibeZ6JLLBoQDccl3jCCOlmQOJBf0ah84oSnQYi49OogSNBcbtFv6o3ki4APcQ7y Lozw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=+2g0N0Jl6p5s/xFTmGcj/Kj6UIsnVVxuO3z4xW0dNhA=; b=sJ/JGzgwZnTT84EEdojRMVVN3ndlWxlNXOIOt40GpCouLuUt0doXrocVZDG6Fx6VHJ NLKRzTHIjH0Zef56XPCQXUWoBHhiPLCxxRNXRWT4DL1idKa4O9jSmhbUBhAF5M9GGH8I y9YWZIbqaxWFirkr75GgRYX8RN+E6Be3E9S9C5ox1NIukvF+d5IV7OUYi4f7wv/lMPrL zVwGUV0/5rX6uJdz1CGWeA7t+sgL2Tu0o1TvBJ+hhkgwQfiAynCmFq3+vQ9vhJaFEMDr VXUBGuGvoooOksDX+JzfR+vwR+ZX2nI+j8L97iex2DhGVvBI441S9YocWzbsCcsg18MZ zd/Q==
X-Gm-Message-State: AOUpUlEeIed4deUSquFPKgfjeFmRpTTt1hBrI6+Y85wfPFG6NOHjjd+P CZSxuJvzorYRN88a1nwaWn16btJgLD3cIteR6pGX+vMc
X-Google-Smtp-Source: AA+uWPxj+ldF0MYPeZLe6enj0921OgDbB9lnTVgTnISYBZ0zmqwORhrnk/+HqQtWi65fRVMmdIv+DlJpXd4bpHdiPyY=
X-Received: by 2002:ac8:7412:: with SMTP id p18-v6mr11022169qtq.400.1534785367036; Mon, 20 Aug 2018 10:16:07 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:ac8:3312:0:0:0:0:0 with HTTP; Mon, 20 Aug 2018 10:16:06 -0700 (PDT)
In-Reply-To: <EDE97FE5-B72A-4ED5-A4B0-F143A0F23C3A@employees.org>
References: <CACL_3VF+EoKOEF-TkB3179UsmN_Yhaqt60jh_h2d2GLnE0EWDA@mail.gmail.com> <CALx6S356TVnbnZ_zp5+aK_x-DmMJUTidw0Wzbc3Tn=cscTd7VA@mail.gmail.com> <CACL_3VGUUs1FS4Qog6pzJ2WZyir2-keEVZTU6opzXQ4t0M-XUw@mail.gmail.com> <CALx6S35q5EqZt26KSPTGHBXZpzaNYyFBO9UxVNsi4is1BxUHrQ@mail.gmail.com> <CACL_3VGfMj6DjAWsxib6Hw_x=5X3CWASKU1oiGqvFdksDuFXDw@mail.gmail.com> <CALx6S37c_WCa+A3aD7X-rq-kj_RTGfGur8HVekt_LWTg6Os18g@mail.gmail.com> <F01E55CE-0E88-47BF-A30B-B83A0B7F5F0F@employees.org> <CALx6S35mAnjCw=0Jmz7Niacobw2QmKkUxNJPJ-CNVok_4dAOeQ@mail.gmail.com> <EDE97FE5-B72A-4ED5-A4B0-F143A0F23C3A@employees.org>
From: Tom Herbert <tom@herbertland.com>
Date: Mon, 20 Aug 2018 10:16:06 -0700
Message-ID: <CALx6S35mZQ1HyDS3EWLZXJtT0ViXNJt1L_v3QqrKH9n7zDOM1g@mail.gmail.com>
Subject: Re: Comments on draft-herbert-ipv6-update-dest-ops
To: Ole Troan <otroan@employees.org>
Cc: "C. M. Heard" <heard@pobox.com>, 6man WG <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/VmnBCTNJ1rgYHwODmYGrhol5XVQ>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Aug 2018 17:16:12 -0000

On Mon, Aug 20, 2018 at 9:23 AM, Ole Troan <otroan@employees.org> wrote:
> Tom,
>
>>>> The negative converse also seems to be true. If an implementation does
>>>> not support parsing of Destantion Options before the Routing header,
>>>> then the node probably doesn't support parsing of any Destination
>>>> Options. This becomes an issue in router implementations that
>>>> terminate tunnels int the network with intent to and forward the
>>>> tunneled packets. For instance FD.io VPP supports VXLAN, LISP, SR-IPIP
>>>> among other encapsulations, AFAICT if the implementation receives an
>>>> encapsulated packet addressed to the node that has a Destination
>>>> Option (second type that follows any Routing header), either the
>>>> packet is either dropped or the Destination options are ignored.
>>>
>>> [wearing the VPP committer hat]
>>>
>>> VPP as a tunnel endpoint does not parse destination options. In fact at least for rfc2473 tunnels I believe it would drop packets containing one. I am not convinced you can use one implementation’s behavior to support your argument (or not). At least from a VPP perspective I would add destination option header support, as soon as there were any options that made sense to support. (And I am not convinced the tunnel encap limit option is one of them.). I certainly wouldn’t build an implementation that blindly processed destination options, if there were any to support.
>>>
>> Ole,
>>
>> What you're describing is the type of deadlock that has led to IPv6
>> options being ossified. On one side middelboxes are only going to
>> support them properly once there are "options that make sense" to
>> support, and on the other hand host developers don't want to work to
>> define ones that make sense to support since middleboxes don't support
>> options. In-situ OAM is a good example of this. The original idea was
>> to put OAM in every encapsulation protocol, however that would be much
>> better server in either Hop-by-Hop or Destination options and now at
>> least IPv6 options are being defined for that.
>>
>> Specifically in the case of VPP, I'm not sure why proper parsing of
>> Destination Options would be a be major effort. This is just software,
>> and probably just a few lines of implementation to implement the
>> parsing loop and then you'd be able to claim the VPP is protocol
>> compliant in this area. I think this will be a bigger issue for
>> hardware implementations.
>
> Absolutely. It’s quick to add. That’s the point. Which is why I’m not adding it until there is something to do with those options.
> Note in the example you cited we aren’t talking about a middlebox, but a tunnel endpoint.
> I’m not sure I can be bothered adding support for pad options.
> I don’t see the deadlock here.
>
Ole,

Consider the folling scenario:

Someone is developing a new Destination Option that might be of
interest for use with tunnels and might even become one of those
options "that makes sense to support" . Maybe it's an option for the
aforementioned insitu-OAM, or maybe a general packet CRC, etc. The
developer dutifully uses experimental option type 0x1e for the type
value of their option to test it. In particular, the action taken if
the option is unknown to a receiver is to skip over it. They made that
choice because that allows incremental deployment of the support for
the option in any combination supporting sending side or receivers. In
other words, they don't want a flag day for the option that requires
all nodes to support the new option.

Now they go to test backwards comapatbility of the option by sending
it to a node that hasn't been updated to receive it. If the receiving
node is a Linux system, then the option is ignored and the tunneled
packet is processed as before-- expected behavior per the spec.
However, if it's sent to a VPP node then the packet is dropped-- not
expected. Even if this doesn't lead to incorrectness, it does breaks
interoperability and violates "be liberal in what you receive". This
net effect is that this makes development, test, and pilot deployment
of new options really hard. Just implementing the TLV loop, even if
the implementation doesn't process any of them, would resolve this.

Tom

> Now, if you are talking about a router/middlebox not passing the options, that’s another thing.
>
> Cheers,
> Ole

v2.23.0 | Report a Bug | By Email