Re: Comments on draft-herbert-ipv6-update-dest-ops
"Joel M. Halpern" <jmh@joelhalpern.com> Mon, 20 August 2018 16:07 UTC
Return-Path: <jmh@joelhalpern.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 277DD130F6A for <ipv6@ietfa.amsl.com>; Mon, 20 Aug 2018 09:07:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ke15d28pl-_w for <ipv6@ietfa.amsl.com>; Mon, 20 Aug 2018 09:07:53 -0700 (PDT)
Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4C05130FD4 for <ipv6@ietf.org>; Mon, 20 Aug 2018 09:07:53 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id 9338E309A83; Mon, 20 Aug 2018 09:07:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1534781273; bh=KyHb3aGNu0Zci1kbM0LOPjhmvW7dRgXjzpQbbf8ghvA=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=nr+TIYWUi7duF/YLcbs3/9/M6Iz6hadm3HoJ9eUb6mKhY57OObp6baYLOEnVCyfrU Oe9xdosNqXkGWb9b2TkvFDGoRrEqZ+Q/lcFWbcLBWTEptKD1ts+y2NpuT3h/z4Mmjn ffwsC/ylUCFx2j3qeiifQrHv2pjekyrESOfBcg4g=
X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net
Received: from Joels-MacBook-Pro.local (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 5D8CE240AD4; Mon, 20 Aug 2018 09:07:52 -0700 (PDT)
Subject: Re: Comments on draft-herbert-ipv6-update-dest-ops
To: Ole Troan <otroan@employees.org>, Tom Herbert <tom@herbertland.com>
Cc: "C. M. Heard" <heard@pobox.com>, 6man <ipv6@ietf.org>
References: <CACL_3VF+EoKOEF-TkB3179UsmN_Yhaqt60jh_h2d2GLnE0EWDA@mail.gmail.com> <CALx6S356TVnbnZ_zp5+aK_x-DmMJUTidw0Wzbc3Tn=cscTd7VA@mail.gmail.com> <CACL_3VGUUs1FS4Qog6pzJ2WZyir2-keEVZTU6opzXQ4t0M-XUw@mail.gmail.com> <CALx6S35q5EqZt26KSPTGHBXZpzaNYyFBO9UxVNsi4is1BxUHrQ@mail.gmail.com> <CACL_3VGfMj6DjAWsxib6Hw_x=5X3CWASKU1oiGqvFdksDuFXDw@mail.gmail.com> <CALx6S37c_WCa+A3aD7X-rq-kj_RTGfGur8HVekt_LWTg6Os18g@mail.gmail.com> <F01E55CE-0E88-47BF-A30B-B83A0B7F5F0F@employees.org>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <f0be4512-b05c-0975-97e2-454a500c8c37@joelhalpern.com>
Date: Mon, 20 Aug 2018 12:07:51 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <F01E55CE-0E88-47BF-A30B-B83A0B7F5F0F@employees.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Z_pjKxZ-1UxADUl2fIZU9BvQi_g>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Aug 2018 16:08:03 -0000
I can see two sides to this. On the one hand, we want tunnel termination logic to be fast and effecient. Requiring that it have only the necessary information, and not other random things, is part of our tool kit for achieving that. On the other hand, the outer IP header, in the case of v6, is clearly destined for the tunnel terminator. And the IPv6 spec is very clear that certain kinds of processing for IPv6 destination options are mandatory at such a destination. For example, retunring an error if ther eia an unknown IPv6 destination option with the bit set to force errors. Clearly, doing the checks for that is more expensive. Equally, it seems to be clearly required by our current specs. Yours, Joel On 8/20/18 11:40 AM, Ole Troan wrote: > > >> On 20 Aug 2018, at 17:05, Tom Herbert <tom@herbertland.com> wrote: >> >> The negative converse also seems to be true. If an implementation does >> not support parsing of Destantion Options before the Routing header, >> then the node probably doesn't support parsing of any Destination >> Options. This becomes an issue in router implementations that >> terminate tunnels int the network with intent to and forward the >> tunneled packets. For instance FD.io VPP supports VXLAN, LISP, SR-IPIP >> among other encapsulations, AFAICT if the implementation receives an >> encapsulated packet addressed to the node that has a Destination >> Option (second type that follows any Routing header), either the >> packet is either dropped or the Destination options are ignored. > > [wearing the VPP committer hat] > > VPP as a tunnel endpoint does not parse destination options. In fact at least for rfc2473 tunnels I believe it would drop packets containing one. I am not convinced you can use one implementation’s behavior to support your argument (or not). At least from a VPP perspective I would add destination option header support, as soon as there were any options that made sense to support. (And I am not convinced the tunnel encap limit option is one of them.). I certainly wouldn’t build an implementation that blindly processed destination options, if there were any to support. > > Cheers > Ole > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- >
- Comments on draft-herbert-ipv6-update-dest-ops C. M. Heard
- Re: Comments on draft-herbert-ipv6-update-dest-ops Tom Herbert
- Re: Comments on draft-herbert-ipv6-update-dest-ops C. M. Heard
- Re: Comments on draft-herbert-ipv6-update-dest-ops Tom Herbert
- Re: Comments on draft-herbert-ipv6-update-dest-ops C. M. Heard
- Re: Comments on draft-herbert-ipv6-update-dest-ops Tom Herbert
- Re: Comments on draft-herbert-ipv6-update-dest-ops Ole Troan
- Re: Comments on draft-herbert-ipv6-update-dest-ops Joel M. Halpern
- Re: Comments on draft-herbert-ipv6-update-dest-ops Tom Herbert
- Re: Comments on draft-herbert-ipv6-update-dest-ops Ole Troan
- Re: Comments on draft-herbert-ipv6-update-dest-ops Ole Troan
- Re: Comments on draft-herbert-ipv6-update-dest-ops Tom Herbert
- Re: Comments on draft-herbert-ipv6-update-dest-ops Fred Baker
- Re: Comments on draft-herbert-ipv6-update-dest-ops Ole Troan
- Re: Comments on draft-herbert-ipv6-update-dest-ops Tom Herbert
- Re: Comments on draft-herbert-ipv6-update-dest-ops Tom Herbert
- Re: Comments on draft-herbert-ipv6-update-dest-ops Ole Troan
- Re: Comments on draft-herbert-ipv6-update-dest-ops Tom Herbert
- Re: Comments on draft-herbert-ipv6-update-dest-ops Ole Troan
- Re: Comments on draft-herbert-ipv6-update-dest-ops Tom Herbert
- Re: Comments on draft-herbert-ipv6-update-dest-ops Ole Troan
- Re: Comments on draft-herbert-ipv6-update-dest-ops Brian E Carpenter
- Re: Comments on draft-herbert-ipv6-update-dest-ops Tom Herbert
- Re: Comments on draft-herbert-ipv6-update-dest-ops Brian E Carpenter