IETF Logo Mail Archive

Re: Usable extension headers [Re: New Version Notification for draft-voyer-6man-extension-header-insertion-08.txt]

Ole Troan <otroan@employees.org> Thu, 28 November 2019 14:04 UTC

Return-Path: <otroan@employees.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7F0A12087A for <ipv6@ietfa.amsl.com>; Thu, 28 Nov 2019 06:04:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RTUbHqb5OWBh for <ipv6@ietfa.amsl.com>; Thu, 28 Nov 2019 06:04:49 -0800 (PST)
Received: from clarinet.employees.org (clarinet.employees.org [IPv6:2607:7c80:54:3::74]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 320901200C4 for <6man@ietf.org>; Thu, 28 Nov 2019 06:04:49 -0800 (PST)
Received: from astfgl.hanazo.no (246.51-175-81.customer.lyse.net [51.175.81.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by clarinet.employees.org (Postfix) with ESMTPSA id 7F2E74E11B79; Thu, 28 Nov 2019 14:04:48 +0000 (UTC)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by astfgl.hanazo.no (Postfix) with ESMTP id 69F77240D76C; Thu, 28 Nov 2019 15:04:45 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3601.0.10\))
Subject: Re: Usable extension headers [Re: New Version Notification for draft-voyer-6man-extension-header-insertion-08.txt]
From: Ole Troan <otroan@employees.org>
In-Reply-To: <20191128133739.GB83199@ernw.de>
Date: Thu, 28 Nov 2019 15:04:45 +0100
Cc: 6man@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <0DBC1A8B-BFA3-41E4-BD36-41B190F413F7@employees.org>
References: <CALx6S353m9b9b2b+Yt3x-g=BZuE6vwcOoGGfq4BPONVscnQ=xg@mail.gmail.com> <d9c2e11b-53b4-e281-e869-28802a76c72f@gmail.com> <CALx6S346p=M09ZPY_xM2X3gkPp_0KUVZU_u4UeLUagomRnjhPw@mail.gmail.com> <79d22e5a-0145-9ad9-e965-d3744b58c3bf@gmail.com> <d791c9eee34c4e019292fc74d629217c@boeing.com> <5d2af468-be61-d2ca-5bf0-35d5f71fdb6c@gmail.com> <6A41AB04-F56B-46E1-8B8B-3E24B928A042@jisc.ac.uk> <1B629A88-AE10-4F65-8D3D-FD2702B6D63D@employees.org> <363DE16C-20CD-485C-9846-437984E7600E@jisc.ac.uk> <7405ECF9-2736-4DB5-BA5E-F1F0149A3DC8@employees.org> <20191128133739.GB83199@ernw.de>
To: Enno Rey <erey@ernw.de>
X-Mailer: Apple Mail (2.3601.0.10)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/bF-vMh_s4PQCjqilA0SD0fkGxGA>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Nov 2019 14:04:51 -0000

>>> No, but it makes it clear the tests are run across the Internet and transit ASes, and has some methodology to try to detect where the drops are happening.   Readers can draw their own conclusions.  The measurements showed clear issues in transit networks.  Specific / limited domains can of course to some extent do as they please; the issue is if such behaviour leaks.
>> 
>> The way the numbers are represented in that document, makes it way too easy for a casual reader to draw the wrong conclusions.
> 
> The document documents real-world results from real-world measurements. This shouldn't leave much room for conclusions, as in "it it what it is" (measured by experiment and documented here). Packets with extension headers get dropped in real-life and at least I for one assume this happens for a reason. I generally assume operators and sysadmins have a clue, and reasons for their actions. I for one also don't assume clueless readers who easily take wrong conclusions.

Which I think only proves that one should be very careful about using the incarnation the "real-world". Or pretend that one has the true interpretation of what actully does happen in the "real world", as if there is ever a single answer to that.

Testing methodology and interpretation of the results is hard. If we are not careful this doesn't amount to more than anecdotal data.
If Andrew had read that document before running his SR/CRH experiment, he would have probably not bothered trying.

There is a chicken and egg issue with regards to EHs. And there is a difference in how they are handled, and should be handled by the network versus the end-host/service.
We'd expect the transit network, with the exception of HBH to pass the EHs through unharmed. The network edge might be assumed to know more about what services is available on the inside, and might filter.
E.g. a TCP based service clamped to MSS 1240. Why would you think that should accept packets with the FH?
Or in general, if you send a set of DH options to a host, why do you think it should blindly process those packets?
Until there are actual deployed services using those, and they are explicitly enabled on the hosts, then you will get a lot of false negatives with the sort of testing that was done in this document.

Ole

v2.23.0 | Report a Bug | By Email