IETF Logo Mail Archive

Re: [IPv6] Removing extension headers from packets (revisited)

Mark Smith <markzzzsmith@gmail.com> Wed, 16 August 2023 00:39 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76800C15107F for <ipv6@ietfa.amsl.com>; Tue, 15 Aug 2023 17:39:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.603
X-Spam-Level:
X-Spam-Status: No, score=-1.603 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8blMylmRq9i7 for <ipv6@ietfa.amsl.com>; Tue, 15 Aug 2023 17:39:05 -0700 (PDT)
Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50865C15107C for <6man@ietf.org>; Tue, 15 Aug 2023 17:39:05 -0700 (PDT)
Received: by mail-ed1-x52f.google.com with SMTP id 4fb4d7f45d1cf-51cff235226so12492179a12.0 for <6man@ietf.org>; Tue, 15 Aug 2023 17:39:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1692146343; x=1692751143; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=THrMkCMrrDxFoyrxrt0KV/7Cvjn37ENlmhR1I8eajdM=; b=j/Sv/ARsZ10E5BHeOuB5orl95E9Qnvdlmsse9z/OZY605nfoDmTuaSD+zl3/EwWgs5 MQhBC21tJr8XSZ9uOoosAUI3k0kNy8miiwDFeP6c7C2mOHE21+VgBh+kHDrnxEgin0jw 3YcVagsIBrjpOeOzQWCBb3nF8jBBBO5GWSg2v+INij4vw8OIHj6ktXQL2QCr/oD+Uy5q lj5n8Oe+kwX0LVpVXKkELXsllnVC6ea4eehmP02cHewsbz5hvvSClEUhoVg4f0GjZZDt q9TCtIiULVhmvHVlGHsG/mufDtChlPlddi9mO4vU7ccPztvhyzJ9hBKttfFezHWGEgou OB8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692146343; x=1692751143; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=THrMkCMrrDxFoyrxrt0KV/7Cvjn37ENlmhR1I8eajdM=; b=TyOL3oY0EpzRL0tgA8tW30xzjXHLNda8jRKyErO8y6Mt8PhJF8s6w/v+RKlrxBeRzG OT/iwMgCxpdtsWae66vhuw8xmNIJsOembgXxO1t0Giq/SEx+1zzrIo+3rZFB8KlAHSJW Ys5NcncqI8vt13qkCM8pXSXsaZTFQgWqre2vvK2XqlJ9zDAZYph32qvqBZGgZG3GmDrB vv4X7S2xcrBAHmv04Gu/04FNZITlVdnPidp1HZGm9humjM0iIl5INgH8Qvyrl3K/D/Yg Bm/iiLrnWBUVqPZDaiQ/UCF8A4C48UjYYmQggUzEyL0YZREW7HaYZdYFOoIva4mVuccb f4Yg==
X-Gm-Message-State: AOJu0YxKyo9/a+7ynCpKsnzmijuezROh4RalujLmrt+w1eOO1cBH5+bJ drk2724+10fQgu7jc6dxieRK8gV/VYErjaDSNOJcxrPmyq8=
X-Google-Smtp-Source: AGHT+IEQtQ5bU6GADRO5JyncDcwrnnyEGcbe1Da55oZLldBHEm/InoRBl2RFoQMBJNfPuM63xJ7BiIe21of7uxiC7wE=
X-Received: by 2002:a05:6402:42c7:b0:525:4696:336d with SMTP id i7-20020a05640242c700b005254696336dmr3775308edc.8.1692146343399; Tue, 15 Aug 2023 17:39:03 -0700 (PDT)
MIME-Version: 1.0
References: <CALx6S36gQBgNAp-Poq3pRupGWUh0iA8M546=S=vUp5cQK_82TQ@mail.gmail.com> <CAO42Z2zAf4EAKhX1ZJC1KUk4DXcNZykA82hdUfo64h45q8DVUQ@mail.gmail.com> <CALx6S36pk0+YjdjgNvWCsAjF5NVmQLnp8pKc30uOb1DZmcfasQ@mail.gmail.com> <CAO42Z2zmxiGANzdB6RdrfgGLfH_Q-D7-U_JGJ0V++3ms8nGxOg@mail.gmail.com> <CALx6S37BYjhShGhHbg8qK4Fxeubrep7BGzRBmrHD9DcBcToxPw@mail.gmail.com> <620318f4-d6ae-3c29-c5f1-93797363d47c@joelhalpern.com> <CALx6S36RvnkZf6=dfFPJZo7MHzJTU28LOjVgV1Eq27p7iA_9-Q@mail.gmail.com> <e368a050-275a-18eb-b135-54bf4478e5bf@joelhalpern.com> <CALx6S34WTCENBtkrdR4oUGVeuaFhUb2a5veqtqNgsCHJ_3E=hA@mail.gmail.com> <52294b30-a5d9-0881-954d-0e06b3e23e75@joelhalpern.com> <CALx6S37W8ed-5qzdY-iV-awwqnUs=t1M=Jn9mO78404CyqC3wg@mail.gmail.com>
In-Reply-To: <CALx6S37W8ed-5qzdY-iV-awwqnUs=t1M=Jn9mO78404CyqC3wg@mail.gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Wed, 16 Aug 2023 10:38:36 +1000
Message-ID: <CAO42Z2xCafFK50kD0V5783g5UcA8YAsK2=b__YCbNA8MECL+Ag@mail.gmail.com>
To: Tom Herbert <tom=40herbertland.com@dmarc.ietf.org>
Cc: Joel Halpern <jmh@joelhalpern.com>, 6MAN <6man@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/aa4h9MG9nzfGkJRN522dbkGAmUk>
Subject: Re: [IPv6] Removing extension headers from packets (revisited)
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Aug 2023 00:39:07 -0000

Hi Tom,

On Tue, 15 Aug 2023 at 14:50, Tom Herbert
<tom=40herbertland.com@dmarc.ietf.org> wrote:
>
>
>

<snip>

>
> I don't think there's any reliance on this being present. If packets don't have extension headers removed then they're leaked outside of the domain and are subject to higher drop rates.
>

I think this is assuming that the adjacent and upstream domains
(networks) will never be using the same EH for their own purposes.

If this EH is useful to you locally, then you can't prohibit your
adjacent or upstream domains from using it too just because you are.


> Encapsulation requires two parties to coordinate, the encapsulator and decapsulator. So in the models discussed, either the source host needs to encapsulate and edge router decapsulates, or edge router encapsulates and the final destination host decapsulates-- in either model hosts have to change and neither set of hosts are managed by a single entity (e.g. smart phones and web servers). Removing EH at the edge has the advantage of only have to change routers under the control of a single domain.
>

What if the EH isn't actually removed, because of:

- implementation bugs

- partial node failures that might fail to remove EHs yet still forward packets

- operator device misconfiguration

?

These and other problems caused by EH removal were covered in the
"In-Flight EH Insertion Considered Harmful draft in the section about
failed EH removal.

https://datatracker.ietf.org/doc/html/draft-smith-6man-in-flight-eh-insertion-harmful-02

I presented on it at IETF 106, slide deck:

https://datatracker.ietf.org/meeting/106/materials/slides-106-6man-sessb-in-flight-ipv6-extension-header-insertion-considered-harmful-00

It was suggested that it be worked towards publishing as a 6man WG
RFC, however quite frankly, I could tell it was going to be ignored by
the SPRING working group, and it was, so I didn't bother spending any
further time on it.


Regards,
Mark.



> Tom
>
>
>> Yours,
>>
>> Joel
>>
>> On 8/14/2023 10:52 PM, Tom Herbert wrote:
>>
>>
>>
>> On Mon, Aug 14, 2023, 6:12 PM Joel Halpern <jmh@joelhalpern.com> wrote:
>>>
>>> Yes, knowing what the correct egress should be is, for the general case, a harder problem.  But, the example you cited is segment routing.  If the host is trusted enough by the operator to actually provide a segment route across the operator domain, it seems necessary for the host to have enough information to properly address the egress.  Thus, for the case you chose for an example, encaps seems quite natural, efficient, and achievable.
>>
>>
>> Okay, maybe segment routing wasn't the best example :-) Consider draft-kaippallimalil-tsvwg-media- hdr-wireless. The basic idea of this draft is to let hosts annotate packets with information, signals that can be consumed by the network to provide QoS. This is for 3GPP networks, so the hosts are potentially all the mobile devices in a network. The signals are only processed by one intermediate device in the path which is the Mobile Router (basically the first hop router). After that point, the signal is no longer processed. All the mobile hosts have is a default route to their carrier and a destination address, they don't have any knowledge of whether a packet will leave a limited domain and what the egress point-- and, in fact, we don't want them to have that information since it would expose information about the internals of the provider network.
>>>
>>>
>>> There may be other cases where knowing the proper egress is harder, but it seems to me that solving the information problem is MUCH easier than solving the problem of removing bytes from the middle of a packet at wire rate at a high speed inter-operator
>>
>>
>> Functionally, it's equivalent to a decap/encap operation, or a push/pop of headers. Maybe fixed function hardware can't easily do this, but I'd be surprised if programmable devices like P4 couldn't do it. Also, like in the case of draft-kaippallimalil-tsvwg-media- hdr-wireless, the last intermediate that processes thh HBH options could also be the one that removes it from the packet.
>>
>> In any case, the points about debuggability and feasibility are well taken, but those are operational concerns. I am still wondering if removing a HBH extension header could actually break the IPv6 protocol.
>>
>> Tom
>>
>>
>>> interface.
>>>
>>> Yours,
>>>
>>> Joel
>>>
>>> On 8/14/2023 9:05 PM, Tom Herbert wrote:
>>>
>>>
>>>
>>> On Mon, Aug 14, 2023, 5:53 PM Joel Halpern <jmh@joelhalpern.com> wrote:
>>>>
>>>> Hmmm.  Trimmed to focus on a point you make.
>>>>
>>>> Comments below.
>>>>
>>>> Joel
>>>>
>>>> On 8/14/2023 8:45 PM, Tom Herbert wrote:
>>>> >
>>>> > Hi Mark,
>>>> >
>>>> > No, it's not about bandwidth. It's about survivability and
>>>> > deployability of extension headers. The current prevailing belief is
>>>> > that extension headers are not usable across the Internet since there
>>>> > is a high probability of packet drop. However, within a limited
>>>> > domain, extension headers are deployable, especially if the network
>>>> > itself is consuming them as would be the case of HBH options
>>>> > requesting QoS or segment routing headers.
>>>> >
>>>> > This presents two problems:
>>>> >
>>>> > 1) Hosts create extension headers and if extension headers are known
>>>> > to work in a limited domain then they can safely use them _if_ the
>>>> > destination is in the same domain as the source and the entire path is
>>>> > within the same limited domain. The problem is that a host wouldn't
>>>> > necessarily know which destination are in the limited domain and which
>>>> > aren't
>>>> > 2) Even if a host knows it is sending to a destination outside of the
>>>> > limited domain, it might still want to apply the packets and services
>>>> > in extension headers for the time that the packet is in the limited
>>>> > domain. For instance, segment routing might be used to route a packet
>>>> > to a specific egress node. At the egress node, the SRH is removed and
>>>> > the packet can be forwarded into the Internet (I believe this was the
>>>> > scenario that motivated removal of SRH when it was presented a while
>>>> > back)
>>>> >
>>>> > The alternative for #2 that is usually suggested is to use tunneling
>>>> > from the source to an egress, for instance the outside IP header could
>>>> > contain the extension headers and the encapsulated packet is the one
>>>> > sent one the Internet with no extensions. That might work and be
>>>> > conformant, but it's significantly more complex and probably not as
>>>> > practical as just removing extension headers at the border router
>>>> > (more decisions, we have to explicitly route to egress points, more on
>>>> > the wire overhead, tracing ICMP errors back to a connection is
>>>> > tricky). Also, troubleshooting still can be difficult because the same
>>>> > packet looks very different depending on where it's viewed (for
>>>> > instance, at one point the packet is encapsulated, at another point
>>>> > it's not).
>>>> >
>>>> > Tom
>>>> > ---------------------------------------------------
>>>>
>>>> <jmh>   You state that encaps / decaps is "significantly more complex
>>>> and probably not as practical as just removing the extension headers at
>>>> the border rotuer."  I am missing something .  As far as I can tell,
>>>> decapsulation at an addressed egress is easy to implement and widely
>>>> supported in existing hardware. Removing a set of bytes from the middle
>>>> of a packet is not widely implemented, hard to do in fast path hardware,
>>>> and prone to interesting failures all its own.   I would have exactly
>>>> reversed the comparison you make. </jmh>
>>>
>>>
>>> Joel,
>>>
>>> Easy at the decapsulation, not necessarily at the encap point. It's the same problem I mentioned before, hosts wouldn't know when a packet will be leaving the domain, and even if they did they wouldn't easily know what the endpoint address of the tunnel is should be for the real destination.
>>>
>>> Tom
>>>
>>>
>>>
>>>
>>>>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email