[IPv6]Re: Fwd: New Version Notification for draft-iurman-6man-eh-occurrences-00.txt
Sebastian Moeller <moeller0@gmx.de> Sun, 28 December 2025 12:32 UTC
Return-Path: <moeller0@gmx.de>
X-Original-To: ipv6@mail2.ietf.org
Delivered-To: ipv6@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 723079FFE4DB for <ipv6@mail2.ietf.org>; Sun, 28 Dec 2025 04:32:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.547
X-Spam-Level:
X-Spam-Status: No, score=-1.547 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.de
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o_iGLxT4IIsc for <ipv6@mail2.ietf.org>; Sun, 28 Dec 2025 04:32:45 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 447F59FFE4D4 for <6man@ietf.org>; Sun, 28 Dec 2025 04:32:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de; s=s31663417; t=1766925164; x=1767529964; i=moeller0@gmx.de; bh=3iXdX4XdnnFO9cu5qby3qH0weClIq7vRSrwx3k/x7NQ=; h=X-UI-Sender-Class:Content-Type:Mime-Version:Subject:From: In-Reply-To:Date:Cc:Content-Transfer-Encoding:Message-Id: References:To:cc:content-transfer-encoding:content-type:date:from: message-id:mime-version:reply-to:subject:to; b=VrdHynF7ZpdooNu1G8kBgu+EroUPYemJkKy+hJaeG+gzku8STrt52GHYP63y8ZxK WtI48zMrvORm2Vv4MuoEJLnX7rLbbwDmC89mLr8N5AMmr+sG2M8T400fBvHGL70FL HEl8iy2DLQ8tgf7Rfuic3py71oQE7ZPbALtoBef0FwBAYLMI3BWlsaWyAY0JyW24t f9IxPw4Bcw8L2HLKbGJEeZlVDjME553Z/CXZtxgoBgVg3QenbOvI3cjIDPiU1Lc0N 9afKgIFPPJ0Mb7vtrc63wLiWvjthPaGMocAm/DDJh04cgp5q854oxZokoCQJe96j9 qp3MLAmA8Am2JlxuQA==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from smtpclient.apple ([95.112.118.142]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MNbp3-1vGP7g3N8d-00L9SA; Sun, 28 Dec 2025 13:32:43 +0100
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.700.81.1.4\))
From: Sebastian Moeller <moeller0@gmx.de>
In-Reply-To: <fae71be6-bc9c-4e00-8353-ca415aab25b0@gmail.com>
Date: Sun, 28 Dec 2025 13:32:33 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <E007DE34-D170-45FF-B165-86780D6F4F89@gmx.de>
References: <176651727681.861963.1665571528282296202@dt-datatracker-5656579b89-p6k4r> <af5fd42c-fbb9-4606-a8c6-208a7ff6bc6f@gmail.com> <188944cc-7d9e-b305-d55a-4ff6b20bf639@foobar.org> <72123110-66aa-4881-a0e3-280b7db8eef6@gmail.com> <c8dcb888-b905-884a-c18b-6186b917e551@foobar.org> <8f09955e-f428-4e19-b55e-65d028ea7f16@gmail.com> <CALx6S352meOyrUo4zncmpuCMawuveixKjTMtAWVyjcK2z6dBMA@mail.gmail.com> <cc5975d2-3a11-47cf-82c3-65de53947e2a@gmail.com> <CALx6S35238NYQm6hPGjp4JeKj+--odrDCfoDMjgj_jiqO7uDUw@mail.gmail.com> <a77e8700-a022-4ab0-a2a0-9d317ae900dc@gmail.com> <CALx6S35NhbyA_Le54UFNC_Z=-GErYhyvN2drVVrD+_=TKddFWg@mail.gmail.com> <9c998c2d-8bec-4460-9515-e3a8ce12b37e@gmail.com> <CALx6S37011yzwxxYS9Nt_UGZ19nwv5W8HksD0ZsMFzF4n-sGPw@mail.gmail.com> <fc03708a-ca0e-4a61-8eea-e3838444b880@gmail.com> <CALx6S379Yc_R54+M6L2cgRj8WmLB+PsOi+AhCPsBq4GgEZU0fQ@mail.gmail.com> <fae71be6-bc9c-4e00-8353-ca415aab25b0@gmail.com>
To: Justin Iurman <justin.iurman@gmail.com>
X-Mailer: Apple Mail (2.3826.700.81.1.4)
X-Provags-ID: V03:K1:DmGszkV2hJkwA+17FcZWMpFKXU1/gWpG5a38vSE9FU+2vvrNd3c T8h6q3H7kMDIoftg0I2xAnia1EAjfpoTeWWFc5YIYIiOpyzUTuDx60onbgc6H0+q2agYgsU YTo2xlyzPyq8fOKHcRwWH8bBQWljhaBLchdLdPxrSx24GaW8NBzpN/Tyag9droTp6LQPBGC HViLoVFzaI0CcA5+CBCfg==
UI-OutboundReport: notjunk:1;M01:P0:RL7KhCS9Ges=;013BXpn0jfLpSUgJOShCGb1MkZy VWMOR31pTDMOgN14kSysPAoPX9a2JEuY5+JZnUHYrPPhXW/rxjP7D4iciO1Abu4s2lMN5mhiD TVo4S6dinR1sRIa2IHkVoc15KK9P8Ny9aB0vCj8Kgily/brib5Vf5al99FY6aU2pt4F8sbVj2 M2Tlg/Am4SBib6TXDce3ap+YNwo8uMy4H7euPyb3l6C+bMMD+hiaj6AOKZsvLRHtP4pusgyJ0 x1sbEFb2/2kcz+ZgoxsmUa3oPGKQEVeeQ1wEepkO4F+5hOPRAWJEoAYZiGrIjw6ZAQN1TNNhA lDuLIt1pwyP8cq9zlessACrC2TbRUIbx+nnHARV3Apnhu5+VL0LKHIrEagWQdWiKDPOZWcfXu CTAeEFAEUoYfBSFJW5iSsIMDPuP4pWCtzOrvwPHp8lOe4KrQWtKjHZ8K7lgmmJxGRSpHNoka1 ZcoeVg+TZachUS/ZCGa1/u7zlkUYdGQCRUQLDKR72+CG9hJodcIlVf7LKQUh5RAsBB0qbZKd5 EPudBb1ticMksyU9NR6AAQ/D7cIqdxzb6VKjCHRBg0DkOpppH90aDGLFlb9GbT2gYTvzd8ou2 0bqzi/5xBcWYoEsGbWvsNfDTCoDTumIAVUkC9kQcEnseteTzfs7yraWC+U999955msxg/srbT UGr/7TtYr7hlMxmnFBm8l/L+HnLm7eQTPzZtZBJm07OoaBEmyc6ATjCMd6Cql8re34HSrnwPA vJc2BsxxiRH2JNnCxgmxg1ZtVK05ZYkGgHx21fGPnhiwCl1czB7iX4Me/BoMCpMIsnvTXwodm HwRz7th1UZ9goY90YHfk2mSc+tuNekXZfc5ln6M8xB0YX/q7YpIpNQ/MNPxofzV67OnhXsX0Y NWgoZ3YG19OVhAn3JdkgR5iMyiz8z5zulR/VkfVPNWwAU4oF3tB5YQP052bw9zDRCUUBBk1vF eTNw0uvTKZXAAnh2PuPmjvEHHR9ACFue1P65fR6FtsLZElu3IanMaEL0xDbfnm/upaF/01rgI DErnznBM8LSHpDPlQFcGwfKkqP3v7DfNPL7ECEF+FtaKt7z14FSRNmHe2ZRfv3t7NgB10ifBk ekUmWHCJiJvA1DOFxvimEnQaUPodBvPkIi+CMtxHpra10p5NWPvJl1WoaWLHQaJDuQ5RY6aVN V40g3IR88R5gsb/Tuxw40mbw1IQa0+7y7Jn4gMmtU//VyEP7oEWPO26NwgMYqx6Wo4kd8FybM msUEceUM5DWAflIpWeqC2QVYc8jYPMUue3CbIfCOdlB/tHe1Tk0AT8tk7ASGDHJ6H/d766jHp erUiKgeT2blv6C+kG6RoonHgYvx/39V8rzTvOJwsDY7kgmdzMPCvGMstGt9CzjrQNSPtmslt/ 5y1xr5OzTvzrTCVGJZbym+eWIixSqitX3kF0CfHwgAH02adPN/shH10pUveA7IX7eywcvVTRs YO2YuzmMW7RZUQm66b2zjtJFHELI9CpVryFV1A3POjRa6QawIq+9oP/lXFkMUapbiyk+bY4w6 SgyRXi26il7kOyYedx7hOIjzKKRA6B5x9akAyCvIHpbRkA17yurp2o6lbzKBj0AmvwuWeUqKw sRdDIFphPUySccb55lfppu4yMm4G29AbTrbQWfdIQpR+lU3bN9Q/KOC40cnRUSA9/cSxdbQrY FAHBZC/2VbcUZj+gdhQpmcUP+GRXfCKO8vdImBH2DezAkVvpVLbDej9FaF/bHTxeof09IT4hd 1r9bPw+oE3+I2XTas9Wtmq2vTccQXu1eJH+lRSPAps9KL3L8cl0tEdrfFOyO3D9OwFQYaTFcB BmhHTAKeFu1a9Kt+gfxdnNzoX+fGUIw6+Khce8nCdANdsXqKy8P2lvqm/VnAO3y87hwggVh4Z Wu9Ib+bmQjGVAzQj5RipbGaQU75YOC01Itsws6XU8yKLbeaFQx/a0k5xnVLyfM6SNIeBncvWp AAYI3mBj4smwZGiV3aGuCsgYq4GzJ71pjlufntVu3BJrVfL0PnfBnf6C77oenXW0U5TIFsv8w fYP1Po4tvJMrjuY9L8MHd9jpmgvf0NChEfsr3R2PEhYXNkhe1nvJBrbimMY9DtSA5vvIKAEai G1JCfPytsMtKNiHk446qLfygFYuxUaDY5roUtfxvpqKQ81gTbWsFyMF4rYudgX9aDQdmEsFXi SWVdKY245XwSzs5As4H1cpO8ltji24N7HIDFPtR2Kkw1vtSmVxQOqV/BOltqr2OTlZdIieQ1Z eUfIRrkQyo6Qwbl6czmMzafSce3JDTxTKMbHw5R0JrMGPu9OgK4Ltv5nReIoI1VKhqjz5afYF G/XMsr+x5Rxr67/BMmunXrhgq7xV8pgrgbe19uP5crWaenOa241ggWkMTk9l1Bt3vJe6DkIvy bThQGqohqQctvzGDjrbQe22QRtTNqD2NzTx5JmDb1MwX134IuOqsN90fujDqGHE9mRSLSzW1J v33fg8JhtITH2yK9dMig/ACVU2kfdgbcVjPROCtQBonjAC+jRY6qKQCqxoXH18c8u6FRlNVC6 NioXoxNxnSGjkr1E21hEwjevDuTzOtte0+rwSlzr6RUXduUccJHJ1C2KIWUsuUyANR3GOtdGU ydWpHNBNQHOPez8GxXQDmIqeroor1WPuHPCwbgtMJ9gs+AwRFZ/sAYLC97+JpCwWINpzKwibc 1zMsjXZ6UarxgkR3k48mHEgixq3MpLIQKGHGtgivtNPbLQ76Y0uVQ4tPRC8OnY8YFfIWnfCDR yCuSYIz8rtsFeFm9S4dNLX1ktWFvMmMvSOBBFH5e0XcKuRxLgy9LZJStGcmZVffpuTY4GQWbg 5Sr9w6i6l3i3ZcVLIxGZHRV9/6Yqu1hYKJx19z81CCt5clfJfl5yTa8YT2NOU7/denJtopwHY XyhnfAEr2H7rBR3bT0Y1hTceC0zj2rckUa65tpoVDtY/qx15PouQtTdSmXOMBd4dJSP8uK0bF 7tVArw7cDKeH6hYT2g5tBUsaRGmxhah2FhFxNIHOZ7ZgN7nEI4fj3ZA+n6hc5mg5LebASwhX+ dVeydZiz5cwT9txH8AGrEsfavTvQbiWQNqIwoLiZUB1a9ZcQKdg4jX9zxHW5/xBrmTMUHe+tn YM9b77kMK7e83HlQl80mDt8Oz2X45HMiPxGJTlcu2+xelzEvVK8EpBf4iAY3GWdSdpmaLTT1I XmgFqvdk4O22kYYdGiaIvAK5AjPZAQdFjXtYZjnrEwe4exJMhypYQ7TipEhhbnzZWXBvTVlGl hYSgsAIySMdODfEpxHwARUFaVHaTi7V+6y4w+ks2WKjqyXeF0U6nTzVhAzY/tCLJpYJoB+4Ln eC+kAMc5wIh26M8/l1mJSIhC3/xziHqC4bOjz/gYncVNnpC6Fbyf+UOLX+tj083ku2WLLp7F4 brgLcUK7mGs//pi3OTUPDChosJVlztHFEQH8MOg8yUdvUEg+70+lpsbPSGTYWYvAaudCxwi3b jeUe+64qqA+T4jGH1UVOII8WC7Gd2wkFWltY1zCPs5ilIPZK9c2lBtPqJTBWqqqntmg8+EH5d 4zj7b+uLdGrZypI22cMYbQEo+igM9Ipe3zKWwVLSi01oNh2RX5jSGkAAzbVrgb3Iq17/cCLgp Z8plZnFL1vL3nxVer53T+k/7jFcGPzCQHvayEChN5iNuVDEtkP7536Be5JJPC8kPIZ20tjzxf z/LuwYaBDuGRW98KXIqrl2dXGTJsCneThMbqQGJ2Bhx2TrC6ljXG/OqhGY8wsLhBkajfsMXtU D0nGgRNvf1HYeh522+qYnzcbVLfmS/0JJga8I54Qki/7Z/pHJvGTRdxQVkFBZ872PBvVpH2gx vfM1fOcCUWunf0pKiPMHmRutfGbg8f+ZqfpBOjOjsvSyKXqPUTb46+2FBlyoCCLBL+XChrzhj oHixcnV0O/p3Hfsrp+By5mhpL5yErCRMmB3LjCJIfilaMxcHeaPfjKCpvTMEBrciF1KIj4s4l Ea6SZxz64lhDlzQaSfaH373JlbszlLI6M6hV6C7W27ePDcEy8/wBhQ0EdFXh+ZEFYzVLhzVC+ 90hjOieACXg4cqkB4TSAlwZT+bPJkv8yaYIB27877SbhFcSR0AAOq0nvgQpxWBixfkh/23jnC 5LgPMawPl1nBRhZAPpsOK6K8nZW/MeVx6XFHwZYDaQ4zC+Ri4LkPClQgGNjyLjcU36IgSwEZq wtZzpHjxyu5dR9zr3sHOBj3x1DzdRglpm4BteQhDxG4KwiGjlFe5PNnMjHNfqivleMMR6b4/X INSOTqX6/WydxAkkPJjQ3V1grm0lB22lL9kNIQd43JWbNnPiVAVufZKz7yr5FYgMztrMkhO/I zSPrwn5Fx2rmt2yPo4qshMUNZXjG16w5slk+arRQiy/iSRBfUZh1+L/U/FC1gzrDxWPL7MY+P 2JVCh7GLyZp2Rz0tLTxP9YVpATGrPdBn3y0jWUKRLxTw/tGmbwk58GQCVq7OwlzoNb4vduiOe 2B7Es7EJLTGZzhGLJfsnR/JaZjdv9uFE2knZ6XpEa2H0gt0HTmDxt/751vg/B3qHeRSzlq+Bl A21Gl20z9K9etGhBRNWAZ2rYx0zA2/dStFkbhpdt49KrdKy4niN56jQnQ48SccIE1wx/LwbS1 0Iu1BjFNKXNyVANbxDJam4PceSRV0Vx7VFytdqjz2VXrljg5pPo6GgvGOJzMkobn2nm6BP2NT jjq0pfospmysLqlkEvw08eQ2/jBeV7mX/Wj2mF5H5j1CZeRtdjhy/bvjenoE9rIa3AEUaF/rj JV9PyI2r2FxXC2pjiSLDi7Zuyzaff77c/DHY/7ve9kysTEb2qgIK4/0WFZQIRj3PmcHqvwZQ1 qMdwyzF2E37PiPa9IzJVqbGFSr5jGGaw75zFiYis8wEsOWBLj+RpMDYC1glBip0NCi9KQyrUb TFO8FSDneuieYObQRBu7OyPexac5xy+NnXOki4EeeHUzXIMG5aKM1aBA3Ipy2v/Ix4t7CSKLn CRuhBGkg+ZbKqFa/TxVvkcuQ6K682/JOmK/U75S0nnaq5YhZbUM55UWj43teiXfWhzLl6wfVB 2pqu7/hoShq+nwh9rS5SNqdUfcvKSLfpFec/DdvASAQfv2EMPl0HBHtcfHb4msM5S2f0odpph 0Rkw9D0iuSlcZHEEMyvr/KFkS5RngGgqVvZv0zNA+nF8NjpS+JfvFokUD+ZwiCyyXUFBR01ws uRVI8iAmyOORtUog3gA9gXB8VorF2VC/6wZd37pmhLSzNWrjSqQ==
Message-ID-Hash: TAW76DBL7VF24F2DQZO6PMBJ7AMEIMKS
X-Message-ID-Hash: TAW76DBL7VF24F2DQZO6PMBJ7AMEIMKS
X-MailFrom: moeller0@gmx.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ipv6.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: 6MAN <6man@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [IPv6]Re: Fwd: New Version Notification for draft-iurman-6man-eh-occurrences-00.txt
List-Id: "IPv6 Maintenance Working Group (6man)" <ipv6.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/_1LAemxJQ1aVUxc8OOmVBBKnvwU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Owner: <mailto:ipv6-owner@ietf.org>
List-Post: <mailto:ipv6@ietf.org>
List-Subscribe: <mailto:ipv6-join@ietf.org>
List-Unsubscribe: <mailto:ipv6-leave@ietf.org>
Hi Justin, > On 28. Dec 2025, at 13:01, Justin Iurman <justin.iurman@gmail.com> wrote: > > On 12/24/25 17:28, Tom Herbert wrote: >> On Wed, Dec 24, 2025 at 2:19 AM Justin Iurman <justin.iurman@gmail.com> wrote: >>> >>> On 12/24/25 01:07, Tom Herbert wrote: >>>> On Tue, Dec 23, 2025 at 3:58 PM Justin Iurman <justin.iurman@gmail.com> wrote: >>>>> >>>>> On 12/24/25 00:48, Tom Herbert wrote: >>>>>> On Tue, Dec 23, 2025, 3:28 PM Justin Iurman <justin.iurman@gmail.com> wrote: >>>>>>> >>>>>>> On 12/24/25 00:15, Tom Herbert wrote: >>>>>>>> >>>>>>>> >>>>>>>> On Tue, Dec 23, 2025, 3:06 PM Justin Iurman <justin.iurman@gmail.com >>>>>>>> <mailto:justin.iurman@gmail.com>> wrote: >>>>>>>> >>>>>>>> On 12/24/25 00:00, Tom Herbert wrote: >>>>>>>> > >>>>>>>> > >>>>>>>> > On Tue, Dec 23, 2025, 2:54 PM Justin Iurman >>>>>>>> <justin.iurman@gmail.com <mailto:justin.iurman@gmail.com> >>>>>>>> > <mailto:justin.iurman@gmail.com >>>>>>>> <mailto:justin.iurman@gmail.com>>> wrote: >>>>>>>> > >>>>>>>> > Hi Nick, >>>>>>>> > >>>>>>>> > On 12/23/25 23:29, Nick Hilliard wrote: >>>>>>>> > > Hi Justin, >>>>>>>> > > >>>>>>>> > > Justin Iurman wrote on 23/12/2025 21:10: >>>>>>>> > >> The change proposed in the draft not only enforces the >>>>>>>> rule for >>>>>>>> > >> senders, but is also allows receivers to discard packets with >>>>>>>> > >> extension headers exceeding their number of occurrences. >>>>>>>> Right now, >>>>>>>> > >> RFC 8200 assumes that a receiving node should process EHs >>>>>>>> > regardless >>>>>>>> > >> of the number of occurrences. >>>>>>>> > > >>>>>>>> > > yes, but this misses the point. >>>>>>>> > > >>>>>>>> > > Your draft allows a receiving node to drop multiple >>>>>>>> occurrences >>>>>>>> > of the >>>>>>>> > > same type (nb: at the cost of maintaining a count or index >>>>>>>> for each >>>>>>>> > > type, which is a significant state overhead when handling >>>>>>>> packet >>>>>>>> > > forwarding), but the point is that in order to do this, the >>>>>>>> > receiving - >>>>>>>> > > or intermediate node - needs to parse the entire header >>>>>>>> chain to >>>>>>>> > find >>>>>>>> > > out which EHs to drop. The requirement to parse >>>>>>>> excessively long EH >>>>>>>> > > chains is the root cause of the problems identified in >>>>>>>> rfc9098. >>>>>>>> > > >>>>>>>> > > You can't address the problems in rfc9098 by setting rules of >>>>>>>> > engagement >>>>>>>> > > at the sending side. You can only deal with them on >>>>>>>> receiving / >>>>>>>> > > intermediate nodes by putting an upper bound on the "overall >>>>>>>> > quantity" >>>>>>>> > > of EHs in the packet. >>>>>>>> > > >>>>>>>> > > I'm using the vague term "overall quantity" because some >>>>>>>> hardware >>>>>>>> > craps >>>>>>>> > > out on parsing due to fixed buffer lengths and other hardware >>>>>>>> > craps out >>>>>>>> > > after a specific number of headers. So any draft aimed at >>>>>>>> > addressing >>>>>>>> > > this problem needs to acknowledge both situations when >>>>>>>> specifying >>>>>>>> > what >>>>>>>> > > limits a receiving or intermediate node should implement >>>>>>>> in order to >>>>>>>> > > protect itself against ddos threat incidents. >>>>>>>> > >>>>>>>> > Oh, got it, thanks! Would something like this address what you >>>>>>>> > described >>>>>>>> > above? >>>>>>>> > >>>>>>>> > OLD: >>>>>>>> > IPv6 nodes MAY discard a packet exceeding the number of >>>>>>>> > occurrences of >>>>>>>> > extension headers. >>>>>>>> > >>>>>>>> > NEW: >>>>>>>> > IPv6 nodes MAY discard a packet exceeding the number of >>>>>>>> occurrences >>>>>>>> > of >>>>>>>> > extension headers, provided that they can safely parse >>>>>>>> the header >>>>>>>> > chain without exceeding their processing or hardware >>>>>>>> limitations. >>>>>>>> > >>>>>>>> > >>>>>>>> > If they can't safely parse the header chain, what action is taken? >>>>>>>> >>>>>>>> None, hence "MAY". This would lead to a drop anyway, since that's the >>>>>>>> current behavior of hardware with limitations. But I expect end- >>>>>>>> hosts to >>>>>>>> implement it. >>>>>>>> >>>>>>>> >>>>>>>> Hi Justin, >>>>>>> >>>>>>> Tom, >>>>>>> >>>>>>>> What RFC gives the requirements and procedures of a router that drops >>>>>>>> packets because a hardware limitation was exceeded? That was the point >>>>>>>> of eh-limits draft I believe >>>>>>> >>>>>>> I'm not questioning the point of eh-limits, I'm more concerned (and I'm >>>>>>> not the only one) with the proposed solution. Also, correct me if I'm >>>>>>> wrong but, eh-limits specifies a 64-byte limit which at the end of the >>>>>>> day only "documents" the current (worst) state. I don't see how it helps >>>>>>> to improve the situation (how about support for more than 64 bytes of EHs?). >>>>>> >>>>>> The problem we have right now is being able to use EH of _any_ length >>>>>> greater than zero. At least a requirement to support 64 bytes would >>>>>> move the ossification point from zero to something greater than zero. >>>>>> If you want to send 1000 bytes of EH on the Internet it's never going >>>>>> to happen (notwithstanding the fact that there's no use case for >>>>>> sending 1000 bytes of EH other than DoS). >>>>> >>>>> Tom, >>>>> >>>>> If you ended up with 64 bytes, it's because it seems to be the low >>>>> limit, not zero. Also, you could theoretically send 1000 bytes of DO by >>>>> using ESP if you really want to (which would go through the "public" >>>>> Internet). Not a chance with a Hbh, though. So, there are workarounds >>>>> while the situation regarding hardware limitation improves. And recent >>>>> measurements/observations tend to suggest we're right to think it will >>>>> improve in the long term. >>>> >>>> What are these recent measurements you're referring to? >>> >>> Tom, >>> >>> We tested Cisco/Nokia/Huawei/Juniper routers, some recent and some >>> not-so-recent-but-not-that-old. We tried multiple combinations of EHs, >>> with filtering (to force a lookup) and without. None of them showed such >>> limitations, i.e., mtu-sized packets with EHs were going through without >>> problem. >>> >>> There is also draft-ouellette-v6ops-eh-router-forwarding. Kyle found a >>> router with such limitations, and it was a very very old piece of >>> (legacy) hardware according to him (no more details for privacy >>> reasons). However, the said router could handle up to 176 bytes of EHs >>> (HBH or DO, in this case), which is more than the 128-byte parsing >>> buffers you announced. Other routers that were tested did not show such >>> limitations. >>> >>> I can already hear the arguments again: "these are limited >>> measurements", "it's not representative", you name it. While this is >>> true (it's difficult to get access to such routers, and even if you do, >>> you can't possibly test them all), I think we can no longer ignore the >>> fact that this trend of larger parsing buffers is very real. >>> >> Hi Justin, > > Hi Tom, > >> They're not just limited arguments, they're lab results. The only >> thing that's relevant is what's happening in real deployment. The data > > And I agree with that, no question. I just think it'd be foolish to not even consider it. After all, it's also our job to anticipate the future. [SM] Well, predictions are hard, especially those about the future... > >> from real deployment says that Extension headers are commonly dropped, >> and the data also shows strong correlation between drop rate and >> length of extension headers. In eh-limits we deduced that a reasonable >> minimal level of support is 64 bytes of EH based on the data. The >> number was not pulled out of a hat as some seem to think, it's based >> on an analysis from deployment data. > > I don't think anyone said that. The problem is the decision to limit the size of EHs in general, not the number 64 in particular (although it is small enough to limit future deployments). [SM] This IMHO is the same maximalist position that got us into the current mess*. ATM, EHs do not reliably pass the internet, period. I am all for trying to convince the industry and providers to "give" us 64 byte of EH space, and then it is up to us to make something useful out of that to convince the same stakeholders to increase the "allowance". *) Well, that and ignoring the "use it, or loose it" maxim, had we made all EHs an mandatory load bearing part of IPv6 nobody could afford to ignore them, but we did not, and there we are. > >> As for " the fact that this trend of larger parsing buffers is very >> real". Until we have data from deployment that shows an improvement >> it's not real and it's not a fact. And even if the trend were real how > > The opposite is also true. How could you quantify the number of hardware with limitation? Suppose it's <1% of the entire fleet, would you still specify these limits? Because we don't really know. It only takes one on a path to screw things up. If you have such hardware in a Tier-1 AS, then you could incriminate the entire Internet. Would this reflect reality? No. [SM] Respectfully, as an internet user pondering the question whether or not to use an EH, I could not care less about the number of affected devices I am more concerned about the number of affected paths and especially whether my desired path is affected... I guess I would want to have path-EH-capability-discovery... > >> would that turn into quantifiable requirements? If I'm a programmer >> who is considering the use of extension headers in an Internet >> application what is your guidance to me? Can I safely send 1000 bytes >> of EH? 256 bytes? 64 bytes? or maybe I shouldn't use them at all. >> Please give _quantified_ and _actionable_ guidance. If the best IETF >> can offer is "we're hoping that someday all the problems will be fixed >> by hardware someday" then I think that is a disservice to our users. > > I thought you said there were no use cases or users anyway. Honestly, what would you use as a user on the public Internet nowadays? [SM] I keep repeating this, I want better congestion/min capacity signalling, and ECN clearly dies not cut it, especially after burning one code-point on L4S. > > Hbh? It's heavily filtered by policies already, and you can't expect people to waste cycles for you without prior agreement (which, in my books, sounds like a limited domain). Don't get me wrong, I'd love to have Hbh on the public Internet for some use cases, but operators decided otherwise and we can't blame them. When vendors choose to follow RFC9673 and make Hbh processing optional/configurable (vs. punting), things might improve, although that ship has sailed IMO. > > Frag? It's heavily filtered too, and people don't rely on it. > > RH? Nope, limited domains. > > Except for the Destination Options Header (and ESP, of course), I can't think of another that would make more sense on the public Internet. > >> In lieu of getting reasonable guidance, I think it's perfectly >> reasonable for operating systems to disable extension headers by >> default. The irony isn't lost that the naysayers who complained that >> 64 bytes would lead to protocol ossification may have inadvertently >> forced extension headers to be permanently ossified at zero. > > As written above, I don't think we should say "Extension Headers" when in reality we're talking more about the Destination Options Header in this context. Regardless, it's not ossified at zero (none of them). [SM] That heavily depends on one's definition of ossification. I am convinced that "ossification ", like "starvation" is following the "I recognise it, when I see it" kind of definition. Which is okay, I guess, but not helpful for a discussion or standardisation. Regards Sebastian > > Justin > >> Tom >>> Justin >>> >>>>> >>>>>>> >>>>>>> >>>>>>>> Also, only hosts should be allowed to drop packets because of the number >>>>>>>> of occurrences being exceeded, routers should not do that. Technically, >>>>>>>> routers are only supposed to look at HBH. The reason they look beyond >>>>>>>> that is to find L4 header, but their ability to find that is more a >>>>>>>> function of header chain length, not number of EHs or number of options. >>>>>>> >>>>>>> We're in violent agreement here, isn't it clear in the draft? >>>>>> >>>>>> From the draft: "IPv6 nodes MAY discard a packet exceeding the number >>>>>> of occurrences of extension headers." >>>>>> >>>>>> Per RFC8200, IPv6 nodes include hosts and routers, so the text would >>>>>> allow routers to drop packets because limits on # of occurrences being >>>>>> exceeded. >>>>>> >>>>>> Also, if nodes drop packets then sending an ICMP error to that effect >>>>>> should be a MAY (see eh-limits) >>>>> >>>>> Agree. >>>>> >>>>> Justin >>>>> >>>>>> Tom >>>>>> >>>>>> >>>>>> >>>>>>> >>>>>>> >>>>>>> Justin >>>>>>> >>>>>>>> Tom >>>>>>>> >>>>>>>> >>>>>>>> > >>>>>>>> > Justin >>>>>>>> > >>>>>>>> > > Nick >>>>>>>> > >>>>>>>> > >>>>>>>> -------------------------------------------------------------------- >>>>>>>> > IETF IPv6 working group mailing list >>>>>>>> > ipv6@ietf.org <mailto:ipv6@ietf.org> <mailto:ipv6@ietf.org >>>>>>>> <mailto:ipv6@ietf.org>> >>>>>>>> > List Info: https://mailman3.ietf.org/mailman3/lists/ >>>>>>>> ipv6@ietf.org/ <https://mailman3.ietf.org/mailman3/lists/ipv6@ietf.org/> >>>>>>>> > <https://mailman3.ietf.org/mailman3/lists/ipv6@ietf.org/ >>>>>>>> <https://mailman3.ietf.org/mailman3/lists/ipv6@ietf.org/>> >>>>>>>> > >>>>>>>> -------------------------------------------------------------------- >>>>>>>> > >>>>>>>> >>>>>>> >>>>> >>> > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > List Info: https://mailman3.ietf.org/mailman3/lists/ipv6@ietf.org/ > --------------------------------------------------------------------
- [IPv6]Re: Fwd: New Version Notification for draft… Justin Iurman
- [IPv6]Fwd: New Version Notification for draft-iur… Justin Iurman
- [IPv6]Re: Fwd: New Version Notification for draft… Bob Hinden
- [IPv6]Re: Fwd: New Version Notification for draft… Tom Herbert
- [IPv6]Re: Fwd: New Version Notification for draft… Justin Iurman
- [IPv6]Re: Fwd: New Version Notification for draft… Tom Herbert
- [IPv6]Re: Fwd: New Version Notification for draft… Justin Iurman
- [IPv6]Re: Fwd: New Version Notification for draft… Sebastian Moeller
- [IPv6]Re: Fwd: New Version Notification for draft… Tom Herbert
- [IPv6]Re: Fwd: New Version Notification for draft… Justin Iurman
- [IPv6]Re: Fwd: New Version Notification for draft… Tom Herbert
- [IPv6]Re: Fwd: New Version Notification for draft… Justin Iurman
- [IPv6]Re: Fwd: New Version Notification for draft… Nick Hilliard
- [IPv6]Re: Fwd: New Version Notification for draft… Justin Iurman
- [IPv6]Re: Fwd: New Version Notification for draft… Nick Hilliard
- [IPv6]Re: Fwd: New Version Notification for draft… Justin Iurman
- [IPv6]Re: Fwd: New Version Notification for draft… Tom Herbert
- [IPv6]Re: Fwd: New Version Notification for draft… Tom Herbert
- [IPv6]Re: Fwd: New Version Notification for draft… Justin Iurman
- [IPv6]Re: Fwd: New Version Notification for draft… Justin Iurman
- [IPv6]Re: Fwd: New Version Notification for draft… Tom Herbert
- [IPv6]Re: Fwd: New Version Notification for draft… Justin Iurman
- [IPv6]Re: Fwd: New Version Notification for draft… Tom Herbert
- [IPv6]Re: Fwd: New Version Notification for draft… Justin Iurman
- [IPv6]Re: Fwd: New Version Notification for draft… Tom Herbert
- [IPv6]Re: Fwd: New Version Notification for draft… Justin Iurman
- [IPv6]Re: Fwd: New Version Notification for draft… Sebastian Moeller
- [IPv6]Re: Fwd: New Version Notification for draft… Justin Iurman
- [IPv6]Re: Fwd: New Version Notification for draft… Justin Iurman
- [IPv6]Re: Fwd: New Version Notification for draft… Nick Hilliard