IETF Logo Mail Archive

Re: Turning routers into hosts (Re: Death by extension header (was:RE: New Version Notification for draft-li-6man-hbh-fwd-hdr-00.txt))

Toerless Eckert <tte@cs.fau.de> Mon, 13 July 2020 21:49 UTC

Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E16CC3A0DB7 for <ipv6@ietfa.amsl.com>; Mon, 13 Jul 2020 14:49:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BvWg7UtZ3FCE for <ipv6@ietfa.amsl.com>; Mon, 13 Jul 2020 14:49:55 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [131.188.34.40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 124663A0D06 for <6man@ietf.org>; Mon, 13 Jul 2020 14:49:54 -0700 (PDT)
Received: from faui48f.informatik.uni-erlangen.de (faui48f.informatik.uni-erlangen.de [131.188.34.52]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id D5DF1548068; Mon, 13 Jul 2020 23:49:49 +0200 (CEST)
Received: by faui48f.informatik.uni-erlangen.de (Postfix, from userid 10463) id C7830440043; Mon, 13 Jul 2020 23:49:49 +0200 (CEST)
Date: Mon, 13 Jul 2020 23:49:49 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: Mark Smith <markzzzsmith@gmail.com>
Cc: Fernando Gont <fernando@gont.com.ar>, "6man@ietf.org" <6man@ietf.org>
Subject: Re: Turning routers into hosts (Re: Death by extension header (was:RE: New Version Notification for draft-li-6man-hbh-fwd-hdr-00.txt))
Message-ID: <20200713214949.GH38490@faui48f.informatik.uni-erlangen.de>
References: <CAO42Z2zMsYm8SaZM34z7Qm+90iFx75qQMo8=67=N7woqQEvO7w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAO42Z2zMsYm8SaZM34z7Qm+90iFx75qQMo8=67=N7woqQEvO7w@mail.gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/pvu4s8Q9Mzd9Z7dBuXjZ-r3aBiA>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jul 2020 21:50:00 -0000

Thanks, Mark

Whats your opinions about functionality ? Or are you only interested in terminology ?
Terminology is always fun, but given how your interpretation differs from
RFC8200, i wonder why you're bringing it up.

Extension headers could still be encrypted if they would also be managed so
as to be decryptable by network nodes.

Cheers
    Toerless

On Tue, Jul 14, 2020 at 07:23:15AM +1000, Mark Smith wrote:
> On Tue, 14 Jul 2020 at 06:02, Toerless Eckert <tte@cs.fau.de> wrote:
> >
> > On Mon, Jul 13, 2020 at 03:00:44PM -0300, Fernando Gont wrote:
> > > On 10/7/20 15:32, Toerless Eckert wrote:
> > > > IMHO: See my email earlier in the thread about punting stuff to slow-path, especially when/before
> > > > you figure out that you should have just ignored something at linerarte.
> > > >
> > > > Aka: not sufficiently prescriptive RFCs + bad implementations == extension header based features killed in deployments.
> > >
> > > Indeed. And add to that that the EH structure itself seems to be rather
> > > unfriendly with some popular hardware architectures. (unless with "not
> > > sufficiently prescriptive RFCs" you are meaning to set the maximum EH-header
> > > chain length to some sane value that folks might agree to comply with).
> >
> > I think we might want to start with a draft collecting what we think to
> > kow about the problem and figure out if we can structure it accordingl
> > to make sense out of it to make progress that is not just incrementally fixing
> > one single bit.
> >
> 
> I think one of the first sections needs to be titled:
> 
> "Turning Routers into Hosts"
> 
> because in-flight processing of packets' EHs, payloads etc, rather
> than just dumb, fast and simple forwarding them, is host processing of
> packets.
> 
> How to tell it's host processing?
> 
> - processing of packets requires going past the IPv6 fixed header
> 
> - in-flight processing would fail if everything but the fixed header
> was encrypted
> 
> - processing beyond the fixed (forwarding) header is occuring at a
> node that *doesn't* hold the packet's destination address:
> 
> 
> RFC8200:
> 
> router       a node that forwards IPv6 packets not explicitly
>                 addressed to itself.  (See Note below.)
> 
>    host         any node that is not a router.  (See Note below.)
> 
> (Note is about a node's interfaces being forwarding or not)
> 
> 
> In this discussion and similar, people are really discussing paths
> between a packet's original source and a final destination constructed
> of a set of packet host processing hops.
> 
> 
> Regards,
> Mark.
> 
> 
> 
> > Cheers
> >     Toerless
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------

-- 
---
tte@cs.fau.de

v2.23.0 | Report a Bug | By Email