IETF Logo Mail Archive

What does a unicast source address actually indicate? (Re: RFC2460bis and draft-previdi-6man-segment-routing-header-08)

Mark Smith <markzzzsmith@gmail.com> Mon, 05 October 2015 23:05 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3232F1B2AB5 for <ipv6@ietfa.amsl.com>; Mon, 5 Oct 2015 16:05:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.499
X-Spam-Level:
X-Spam-Status: No, score=-0.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0687JuXIvAA9 for <ipv6@ietfa.amsl.com>; Mon, 5 Oct 2015 16:05:53 -0700 (PDT)
Received: from mail-vk0-x231.google.com (mail-vk0-x231.google.com [IPv6:2607:f8b0:400c:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 945E41B2AB4 for <ipv6@ietf.org>; Mon, 5 Oct 2015 16:05:49 -0700 (PDT)
Received: by vkao3 with SMTP id o3so106414749vka.2 for <ipv6@ietf.org>; Mon, 05 Oct 2015 16:05:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:cc:content-type; bh=PPOAVjHwY77GmfJdQAx0ENJ4e/KDqrrRu8wKfFyKuBs=; b=HopzU2wGSOqpJOL03rp1kFk0U5XftQlBR8375V8t9Atjtg9ynN87biCsMkyiIDDPr/ lPCXtK5UHxGnE/6MdKG/8B+/FCv9v00naCwbX0guogUW4m2TJIWuuZkodjsiWY6w6Dc1 uWF7fQz31/fYjsbwQoRKwmetT9iDe/8IEmTkcHAAAtTyulcS0xHiJTkq16ifMqcZEH0t IVVuV2lrqSS8i2+pxP2I4PRL7KOdfe5rh5M0DOieGvx+x4A/dqd1lPLhhI4dEcACiFOk ZxzC2E8syB7wa1FIUgDti5y+ujOdYTlaYAuWQVZgxSvRM4Z0WfYTWnG2qNlXzubn/LMp Lfag==
X-Received: by 10.31.33.202 with SMTP id h193mr22444121vkh.144.1444086348687; Mon, 05 Oct 2015 16:05:48 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.77.16 with HTTP; Mon, 5 Oct 2015 16:05:19 -0700 (PDT)
From: Mark Smith <markzzzsmith@gmail.com>
Date: Tue, 06 Oct 2015 10:05:19 +1100
Message-ID: <CAO42Z2yutUjcM60EFjN4eSqNNH3VvvLeqHYTfP5E6JCWTW_JvQ@mail.gmail.com>
Subject: What does a unicast source address actually indicate? (Re: RFC2460bis and draft-previdi-6man-segment-routing-header-08)
To: Ole Troan <otroan@employees.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/h5ayM4_3jzB6BnlZdQUYeol8wqM>
Cc: Erik Nordmark <nordmark@acm.org>, Bob Hinden <bob.hinden@gmail.com>, 6man WG <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2015 23:05:55 -0000

Hi,

(Generalising the topic)

On 5 October 2015 at 21:06,  <otroan@employees.org> wrote:
>>>> How about something like this:
>>>>
>>>>    Extension headers are only allowed to be added to packets at
>>>>    the source node.
>>>>
>>>> I think that was always the intent and this would be a clarification to the specification.
>>> Bob,
>>> "source node" might not be sufficiently specific in the case of tunneling, and "added" can be read as their insertion is somehow independent and we want it to be coupled with the insertion of an IPv6 header.
>>>
>>> I think what we want to say is that extension headers can only be placed in packets by the same node that is placing the base IPv6 header in the packet. Hence they can not be added unless a preceeding IPv6 header is also added.
>>
>> Good suggestion.
>
> what about:
>
>    1.  If the SRH specifies the complete path from source to
>         destination, the router places the SRH directly in the datagram
>         itself.

So if this sort of processing occurs, we now have a single packet with
parts that have been created by two different devices, with only the
identify of one of them recorded in the packet's unicast source
address.

So that means that the source address in the packet isn't really a
"unicast" source address any more, because 'uni' means one, yet this
packet actually has two sources for its different parts. Semantically
it is a multi-source packet, yet one of the sources of the part of the
packet, and what part of the packet it created, isn't recorded in the
packet.

This lack of record of all packet part sources is what causes problems
with PMTUD if the addition of headers triggers it, as the identify of
the device that caused the packet to exceed the PMTU is not available.

It also causes problems with troubleshooting, because if you look at
the packet by itself, the fundamental assumption is that the device
identified by the source address is the device that created the whole
packet. Any faults you find you can only assume can be attributed to
the device with the recorded unicast source address.

The same sorts of problems can also show up when multiple hosts are
sharing the same "unicast" address e.g., load balancer scenario, an
anycast scenario or a 1:M NAT scenario. (I'd say that the sharing of
"unicast" addresses should be for the purpose of device selection, and
then the selected device's actual unicast/unique address is used from
then on.)

So I think a unicast source address is fundamentally intended to
identify a unique and single packet source, to which the contents of
the whole packet can be attributed.

Therefore, any time "multi-sourcing" of packets occurs, mechanisms
that assume and rely on a packet's unicast source address identifying
a single and unique source may fail, due to the now ambiguous source
address in the packet.

I think this ambiguity problem is also why we don't use multicast
addresses as packet source addresses.

In this SRH case, even though it costs packet overhead, by tunnelling
the original packet inside another IPv6 header with the SRH, the
unicast source address fields in each of the packet headers
unambiguously identify which parts of the packet were created by which
individually identified device. Any mechanisms or methods which either
assume or rely on a packet's unicast source address identifying a
single and unique source for the whole of the packet will now work
successfully.


Regards,
Mark.

>
>    2.  If the SRH only specifies a subset of the path from source to
>        destination, the router uses IPv6-in-IPv6 tunneling [RFC2473] and
>        places the SRH in the outer IPv6 header.  Use of tunneling
>        ensures that the datagram is delivered unmodified and that ICMP
>        errors return to the source of the SRH rather than the source of
>        the original datagram.
>
>
> which is verbatim from RFC6554.
>
> cheers,
> Ole
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email