Re: EH end encapsulation in 2460bis
Tom Herbert <tom@herbertland.com> Thu, 14 April 2016 15:32 UTC
Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A55C912E619 for <ipv6@ietfa.amsl.com>; Thu, 14 Apr 2016 08:32:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vhh13yr5yg03 for <ipv6@ietfa.amsl.com>; Thu, 14 Apr 2016 08:32:09 -0700 (PDT)
Received: from mail-io0-x22e.google.com (mail-io0-x22e.google.com [IPv6:2607:f8b0:4001:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61A4E12E61E for <6man@ietf.org>; Thu, 14 Apr 2016 08:32:09 -0700 (PDT)
Received: by mail-io0-x22e.google.com with SMTP id u185so107106733iod.3 for <6man@ietf.org>; Thu, 14 Apr 2016 08:32:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-transfer-encoding; bh=QqiHOyPmWmzSKR5TJZPyaEYqG+CSunS+BL1hjC/WmlQ=; b=hZjnTZtWXZe7hlp/YVg/aWiEU0tVjuM+qB/BeOHSzC+l6RbKHSysgrzFxEhvyb4xGt 3cUXpUztKx8+oDFP2UjK+DnmryJCR0KCUHq9E7tLje4PY2MzwKmBh5FN9+DNT5rmjpqv 6bLWAmsVy+ST+cLZtHWnan3Q/t6bzX+BvHlPN2UJxGL6bwdVyHy+ydkTDTeNEcUF7ige 4wgeGq31OLKNAZRMqoObcvFGCG9bf/ID88lqrqWLG5cZcnFyDDk8J3rN9SxhMMrlitPW EXYyBFxTtcHfgY1ThqYOCzVooGAvHMh8VVPoQnIOElU3rJwdwq+rSrT2GWphd8J+07wS 0TSg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-transfer-encoding; bh=QqiHOyPmWmzSKR5TJZPyaEYqG+CSunS+BL1hjC/WmlQ=; b=hw8MOxh23EqCRtl7OnrffdJoK8ejhQu8M4n2GKvMVJ7Hjcw2dK1hL3A3cGAt9Cb8VA Mp7nf3peNg/LYIqvLibz+b5YD3HiZnC7HZzhUVDdtbk2qWJ7r6B/UB8+w6aIU+dq80su +LwmMwcuIogeg+WDtC+GAAQDCdR+PZMg/XTbs9FcPpLoDiJ3jtEVAK3Isw8ru7QxiO8V hLbSWtKQHCuoxpcDJphn/eqGGOhu8lNO57XGsqh4IGJ8Sjf557vz0sCD7AW4aEi4bxV2 QpbdEgkcAq8O/obIA99UESgsc0OJDkg8/1zJWXyDasgxFhjIWCoGtkLrAg410Qbt071r 4Aeg==
X-Gm-Message-State: AOPr4FXjD4YOYY4mWGUB1c8Y9SVXAy7TIGp3tABoRKBX3W/b2+7xNhEern033goDZcIqtWux9z1O/YUDwLbBtg==
MIME-Version: 1.0
X-Received: by 10.107.7.30 with SMTP id 30mr18699087ioh.107.1460647928548; Thu, 14 Apr 2016 08:32:08 -0700 (PDT)
Received: by 10.107.142.67 with HTTP; Thu, 14 Apr 2016 08:32:08 -0700 (PDT)
In-Reply-To: <A9957AF5-22BC-47A6-8D87-6E099EEEFC76@cisco.com>
References: <CALx6S37dA7RVzLe-HFy3_iUye+TVgPk3oCZaLfiHrXMua7K-FQ@mail.gmail.com> <A9957AF5-22BC-47A6-8D87-6E099EEEFC76@cisco.com>
Date: Thu, 14 Apr 2016 08:32:08 -0700
Message-ID: <CALx6S36x7yBp4g0a+z25KX3mwEnH4ARfWn2Dic5C6k9JeHm22A@mail.gmail.com>
Subject: Re: EH end encapsulation in 2460bis
From: Tom Herbert <tom@herbertland.com>
To: "Fred Baker (fred)" <fred@cisco.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/_XxyIK5AlAxtvyFJSXeX_rsKogw>
Cc: "6man@ietf.org" <6man@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Apr 2016 15:32:10 -0000
On Wed, Apr 13, 2016 at 4:59 PM, Fred Baker (fred) <fred@cisco.com> wrote: > I actually looked pretty hard at this in https://tools.ietf.org/html/draft-ietf-6man-hbh-header-handling-00. My segment-routing colleagues wanted pretty badly to insert an SR header at some point in the network, and then remove it somewhere else before delivery to the destination. > I think my real question is a bit more pedantic. Does any mitigation for the inability to insert extension headers even need to be suggested in 2460bis? It does not seem like this is normative to the protocol. Tom > Working through potential failure cases, what worried me was the security header. Suppose, for example, that the inserted SR header would have to be removed before being given to the addressed destination, but the addressed destination was an anycast address? In such a case, the system that will ultimately respond to the packet advertises itself as "a" right router capable of forwarding the packet to that address. So, fine, I give the packet to the "router", and the receiving system realizes that the destination address is one of its own, and so receives it as a message addressed to it. Oops; we tripped over an assumption. > > At IETF 94, I tried to make my SR colleague's point, and Bob Hinden told me that they had already vacated the field, leaving me with my pants around my ankles. Thanks, guys. > > But that is fundamentally the point. We need a solution that has no sticky failure cases, and delivering the actual packet sent is the only one that presents itself. Encapsulation does that. Anything else has to prove the case. > >> On Apr 13, 2016, at 4:03 PM, Tom Herbert <tom@herbertland.com> wrote: >> >> Hello, >> >>> From draft-ietf-6man-rfc2460bis-04 >> >> "Extension headers must never be inserted by any node other than the >> source of the packet. IP Encapsulation must be used to meet any >> requirement for inserting headers, for example, as defined in >> [RFC2473]." >> >> It is unclear to me how/rather IP encapsulation can meet the >> requirements or at least the intent of a node wanting to insert >> extension headers. For instance if a middlebox is presented a packet >> with EHs ABC and it wishes to insert EH X, it's intent might be to >> create a packet with EHs ABXC. I don't see how this can generally be >> expressed with encapsulation. For instance, is expected that there is >> some process of moving/copying certain of the original EHs to the >> outer headers (like HBH, routing)? >> >> Thanks, >> Tom >> >> -------------------------------------------------------------------- >> IETF IPv6 working group mailing list >> ipv6@ietf.org >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 >> -------------------------------------------------------------------- >
- EH end encapsulation in 2460bis Tom Herbert
- Re: EH end encapsulation in 2460bis Fred Baker (fred)
- Re: EH end encapsulation in 2460bis Brian E Carpenter
- Re: EH end encapsulation in 2460bis Ray Hunter (v6ops)
- Re: EH end encapsulation in 2460bis Mikael Abrahamsson
- Re: EH end encapsulation in 2460bis Stefano Previdi (sprevidi)
- Re: EH end encapsulation in 2460bis Mark Smith
- Re: EH end encapsulation in 2460bis Mikael Abrahamsson
- Re: EH end encapsulation in 2460bis Stefano Previdi (sprevidi)
- Re: EH end encapsulation in 2460bis Ray Hunter (v6ops)
- Re: EH end encapsulation in 2460bis Tom Herbert
- Re: EH end encapsulation in 2460bis Fred Baker (fred)
- Re: EH end encapsulation in 2460bis Brian E Carpenter