IETF Logo Mail Archive

Re: Proposal for changing how IPv6 Hop-by-Hop Options are processed

Fernando Gont <fernando@gont.com.ar> Tue, 08 December 2020 01:10 UTC

Return-Path: <fernando@gont.com.ar>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A41A3A0DA4 for <ipv6@ietfa.amsl.com>; Mon, 7 Dec 2020 17:10:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ET_kRuZxDldF for <ipv6@ietfa.amsl.com>; Mon, 7 Dec 2020 17:10:16 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 828C53A0D4A for <ipv6@ietf.org>; Mon, 7 Dec 2020 17:10:16 -0800 (PST)
Received: from [192.168.1.5] (unknown [190.179.27.231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id DC71C284693; Tue, 8 Dec 2020 01:10:11 +0000 (UTC)
From: Fernando Gont <fernando@gont.com.ar>
Subject: Re: Proposal for changing how IPv6 Hop-by-Hop Options are processed
To: Tom Herbert <tom@herbertland.com>, Ron Bonica <rbonica@juniper.net>
Cc: Gorry Fairhurst <gorry@erg.abdn.ac.uk>, Haoyu Song <haoyu.song@futurewei.com>, Bob Hinden <bob.hinden@gmail.com>, IPv6 List <ipv6@ietf.org>
References: <160703668657.9405.8891046478566468162@ietfa.amsl.com> <C573A554-9221-49C2-94AB-E552F1BA69E4@gmail.com> <8360e9919d46478cb471ccbafe923c7a@huawei.com> <DM6PR13MB27623A5EEB29F8294C3291C89AF10@DM6PR13MB2762.namprd13.prod.outlook.com> <a6c1a352-5f31-3c4b-9b75-50a64f82c925@erg.abdn.ac.uk> <CALx6S37zOXx5T=3wACpiif91dGnpykUEcpX9DhQ9cH2zD_jGFQ@mail.gmail.com> <DM6PR05MB6348F883A7D6076685001E90AEF10@DM6PR05MB6348.namprd05.prod.outlook.com> <753bd02e-4824-0067-9a42-9b2b3de629f9@gont.com.ar> <DM6PR05MB634853D862977C930D25CDD6AECF0@DM6PR05MB6348.namprd05.prod.outlook.com> <CALx6S34F80-i6V7Cv-pzzKY9n2BxVaiVuybob=Wr-Mv5dFw=ig@mail.gmail.com>
Message-ID: <678b9929-644a-14a1-7c43-df8cc7b925d7@gont.com.ar>
Date: Mon, 07 Dec 2020 21:22:12 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <CALx6S34F80-i6V7Cv-pzzKY9n2BxVaiVuybob=Wr-Mv5dFw=ig@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/eqIdbnWKrAPoGSAdIyyWJyDN98c>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Dec 2020 01:10:24 -0000

On 7/12/20 12:54, Tom Herbert wrote:
[...]
>> My questions are:
>>
>> 1) Does the number of options really matter?
>>
> Ron,
> 
> Yes, very much so.

I'm not saying that the limit doesn't make sense -- clearly limits are 
generally a good thing, and for a software router, it's clear that some 
limit has benefits.

However, my question is whether this particular limit would make a 
difference by the devices that are currently droping packets with HbH.



>  HBH and Destination options are encoded in TLVs and
> in their nature must be serially processed, and so processing a long
> list of TLVs is expensive for any device. Consider that someone could
> put over 700 options (zero data length) into a standard 1500 MTU size
> packet. That is going to be hard for anyone to process efficiently,
> and really the only purpose of doing that is DoS. Limiting the size of
> the EH will limit the number of options; like a 128 byte limit would
> limit the number of options to 64-- however that is still many more
> than would ever seem to be ever be needed and still is hard for low
> end devices to process.

Please note that if one is to limit the number of options in a HbH, one 
should also limit the number of HbHs. Otherwise, as an attacker I could 
simply send packets with multiple HbHs, which the current standard 
recommends nodes to process.



>> 2) Regardless of your response to #1, aren't we overlooking what's probably the bigger elephant in the room, which is the overall length of the IPv6 header chain?
> 
> Yes, that is why we have that limit in addition to the number of
> options limit in RFC8504 and ICMP errors for it in RFC8883.The hard
> part here is establishing what the exact limit should be.

Right now, we have no limit, but we also don't know the least common 
denominator. If it was me, I'd say that having something along the lines 
of "MUST support IPv6 header chains of at least 64 bytes, and SHOULD 
support IPv6 header chains of up to the link MTU" or the like would be a 
good start.

  -- Yes, some could claim that requiring EH lengths of 64 bytes. OTOH, 
I'd say that getting to "hey buddies, enough is enough, you should 
really be supporting at least X" would really be a step forward.

Note: I'm not a super fan of EHs, and I'm also skeptical about the 
extent to which something like this would make a difference. But if I 
was asked to do something to help improve the current situation, that's 
probably what I'd try.



> In the UDP
> Encapsulation Design Team, we discussed this and polled various
> hardware vendors as to what the size of their parsing buffer is (i.e.
> the number of bytes of headers that a router can parse in the fast
> path). The answers we got we're all over the board, something like 64,
> 128, 256, or MTU of the packet. We didn't see consensus and didn't
> pursue trying to specify a limit at that time.

How about sticking to the least common denominator?




> I'll also point out that not all deployed routers require specialized
> hardware, in some use cases line rate can be sustained with a
> forwarding path in a commodity CPU (I imagine this is in a lot of home
> routers). Efficient processing of options is an issue for them as
> well. For such devices, the number of options to processing is a
> bigger problem than how many bytes of header there are (i.e. serial
> processing in a CPU is more expensive than a few cache misses).

Agreed on this last bit.




> Also, routers participating in segment routing need to process
> destination options before the routing header also, therefore It makes
> sense that the same limits should be applicable to destination options
> before the routing header. So routers might process both HBH and
> Destination options and destination hosts must process them, and hosts
> send them in packets. If there are to be limits, I suggest they should
> be applicable across all nodes.

FWIW, a limit on the number of EH instances of the same type should also 
be applied if we are going to go this way.

Thanks,
-- 
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

v2.23.0 | Report a Bug | By Email