IETF Logo Mail Archive

Re: [IPv6] These problems aren't new, they've been in IPv4 for 40+ years / IPv6 layer probing (Re: Best Source / Destination address pair [WAS: Best Address type (assuming God's view)])

Brian E Carpenter <brian.e.carpenter@gmail.com> Fri, 08 September 2023 21:06 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAB05C15154D for <ipv6@ietfa.amsl.com>; Fri, 8 Sep 2023 14:06:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.196
X-Spam-Level:
X-Spam-Status: No, score=-2.196 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.091, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ogUFd70mqEzU for <ipv6@ietfa.amsl.com>; Fri, 8 Sep 2023 14:06:15 -0700 (PDT)
Received: from mail-pf1-x42d.google.com (mail-pf1-x42d.google.com [IPv6:2607:f8b0:4864:20::42d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB93DC15153D for <ipv6@ietf.org>; Fri, 8 Sep 2023 14:06:15 -0700 (PDT)
Received: by mail-pf1-x42d.google.com with SMTP id d2e1a72fcca58-68bed2c786eso2176638b3a.0 for <ipv6@ietf.org>; Fri, 08 Sep 2023 14:06:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1694207175; x=1694811975; darn=ietf.org; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=IQOCF6eXMWWeQQlFR1qpXFBYV6fTgO4m+mWOJjHXrPo=; b=hR+V6bWq7XFh+tYXMQmqMwQ+lX0vW2Kh2NRjG9/2bOYQ7im8C//MC8hXblY3bX98JK YdhcXG/H8+CLMWHSXNsOYQ3Ini+GswYRKNqqnukclIiXMLGClEFIMPSwxau6TjkVdOmL UAXGapQoCH7Zkok9lvp8eDDSiHONj3bzjpSNlvL8D8e69K5ahs5lGcF6HSyu9y+eFK4g SmE7yq1Y9MTdZ7iy7iPF6jmuF+2DNR83roh6T5RYN4lh+vCzG3kRKIC2zWKz2ljszS35 c0yOZQKUHAzsMz5flI2Jss1aYH6ajgd1xpZgZkKEPD9yeu3Y/t3SZonbuRIEq/1O9V8h PjZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694207175; x=1694811975; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=IQOCF6eXMWWeQQlFR1qpXFBYV6fTgO4m+mWOJjHXrPo=; b=KZg5QLMp0TDJiluhNhYuQ4atIgvvBEx3czdSVXL0j3clLZVxEsGaC8k4nogdkAnU/M QFmWA6gBAELK/HczeROMBNXxJjbr/4/Rf0bTvLZ/8KSc2tYJWvCVUNE13DrF81NRu1fk xCfAY5/5a5aEBVKUWs2Es8jXkvnIbSYNm3pgIGNlBP5mwMFMIEWeJgXLfvZNOieBQ+3G SIp9TRYO8kqqfYSuZMFvoG40rfrw/4x6dFI1pMfSHAVyViMwnJoX5PH7ta2TQjzMgt8b EqIW15GTRyLo+KJS8v3D91UtX3+/RCmk7KyQ5FDwvpBTnFMg+ndUMiQfXBqJmGtnkX9O hRMQ==
X-Gm-Message-State: AOJu0YyzqUJwLG2ljgffyxR9BXSi3L5vGBmVhH7+TAl6NonZiYqQMzWW RBCyBK8ZEFujakos7tmAEAM=
X-Google-Smtp-Source: AGHT+IHAv883/8B/a0vVB0YvmsIYU3vZXuH4pfCSX64pSQEzf35UR4QTbNs3tntPFvZp14YokVPqaQ==
X-Received: by 2002:a05:6a20:5608:b0:138:60e:9c4 with SMTP id ir8-20020a056a20560800b00138060e09c4mr3781611pzc.23.1694207175066; Fri, 08 Sep 2023 14:06:15 -0700 (PDT)
Received: from ?IPV6:2406:e003:110d:5301:8cb6:a2c:7461:4047? ([2406:e003:110d:5301:8cb6:a2c:7461:4047]) by smtp.gmail.com with ESMTPSA id y17-20020a62b511000000b0068e12e6954csm1682403pfe.36.2023.09.08.14.06.13 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 08 Sep 2023 14:06:14 -0700 (PDT)
Message-ID: <6e24ef7f-0cfd-e83c-d16f-0762cc45f7f7@gmail.com>
Date: Sat, 09 Sep 2023 09:06:10 +1200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0
Content-Language: en-US
To: Mark Smith <markzzzsmith@gmail.com>
Cc: Ole Troan <otroan@employees.org>, 6man WG <ipv6@ietf.org>
References: <639c79cd-028b-9bf6-a0fb-d0e9694252dd@gmail.com> <40392258-8E8E-4B30-99C4-5F5653D34A6A@employees.org> <f9a12ba8836447f9a645487626feac64@huawei.com> <8A9ACC83-9F09-442E-AF11-E7392D9C9503@employees.org> <320e1d1fff984c74967c8cff071e0821@huawei.com> <CE5D0D35-BBBF-4A83-9BD4-643DF1DB3322@employees.org> <f01249f8-2875-67b8-1742-eb6c91c4fed4@gmail.com> <CAO42Z2z4iB8vVy3xWNu1xOu6GMs5AuuPZD5+jQf0MjGLbSdYLQ@mail.gmail.com> <99007aaa-76aa-5489-4bc6-f7bd7cf08fa8@gmail.com> <CAO42Z2z8nn5z6FooWqcVVSAF4fhT+GRDPZEWdy2GE=ySdCLY4A@mail.gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
In-Reply-To: <CAO42Z2z8nn5z6FooWqcVVSAF4fhT+GRDPZEWdy2GE=ySdCLY4A@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/qAevB6wzboTQ-Ex4YJlBV0JoP-U>
Subject: Re: [IPv6] These problems aren't new, they've been in IPv4 for 40+ years / IPv6 layer probing (Re: Best Source / Destination address pair [WAS: Best Address type (assuming God's view)])
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Sep 2023 21:06:20 -0000

in line...

On 08-Sep-23 14:00, Mark Smith wrote:
> Hi Brian,
> 
> On Fri, 8 Sept 2023 at 09:22, Brian E Carpenter
> <brian.e.carpenter@gmail.com> wrote:
>>
>> Mark,
>> On 08-Sep-23 09:29, Mark Smith wrote:
>>> On Fri, 8 Sept 2023 at 06:51, Brian E Carpenter
>>> <brian.e.carpenter@gmail.com> wrote:
> 
> <snip>
> 
>>> Unreachable DAs are a just case of packet loss, either temporary or
>>> semi-permanent (until the bad DNS entry is fixed).
>>>
>>> Unless we're going to revise the Internet protocol model, per RFC 1122,
>>>
>>> "Internet Layer"
>>>
>>> " Thus, IP datagrams may arrive at the destination host damaged,
>>>                 duplicated, out of order, or not at all.  The layers above
>>>                 IP are responsible for reliable delivery service when it
>>>                 is required."
>>
>> I don't believe that statement was intended to cover the case where
>> there is no path between the chosen source address and the chosen
>> destination address. Multi-addressing was not a thing in 1989.
>>
> 
> Not by that name. Multi-addressing is another name for multi-homing,
> so as long as that has been supported in Pv4, it has been possible
> that there isn't a path between an SA/DA pair between a pair of
> multihomed hosts, or a single homed and multi-homed host.
> 
> This text from RFC 791, September 1981 (and in earlier versions at
> least back to IEN111), could be used exactly and literally to describe
> IPv6 multi-addressing:
> 
>      That is, provision must be made for a host to have several physical
>      interfaces to the network with each having several logical internet
>      addresses.
> 
> DNS (Sep 1983) and earlier host files can and could have provided
> unreachable DAs for a multi-homed host.
> 
> RFC1597 IPv4 private addressing created the possibility of
> specifically unreachable IPv4 DAs in global DNS, e.g DNS providing a
> globally reachable IPv4 DA as well as a globally unreachable RFC1918
> DA.

That's all true but since the driving force behind RFC1597/1918 was
address shortage, actual multi-addressing was then and always remained
a rarity and was not a real operational issue.

> 
> IPv6 has only made these issues more likely to happen since
> multi-addressing (or multi-homing) is the default (which I'm guessing
> originated from RFC 1681 by Steve Bellovin). They're not new issues in
> IPv4 at all.

It was certainly always an expectation for IPv6, although we have
failed to solve the related issues.

> 
>>> it's not the IPv6 layer's problem, it's either the transport layer's
>>> problem or the application layer's problem.
>>
>> They are certainly the victims.
> 
> <snip>
> 
>>> A getaddrpairs() call wouldn't hide it. It needs to be hidden in the
>>> transport layer.
>>
> 
> To add to this, I said this because I think that is really where the
> problem is - in the transport layer protocols.

Well, the last serious analysis put the problem exactly at the transport
layer to network layer interface, which is why we designed shim6 to sit
at that interface.
  
> TCP and similar timeouts that are not human user friendly. Per an
> article I've referenced below, human user friendly timeouts need to be
> in the order of milliseconds, up to a total response time of no more
> than 1 second, not multiple seconds.

Sure. That's well known. However, as we discovered in shim6, the
actual RTT for probes can be much longer.

> 
>> It isn't intended to hide the existence of multiple paths. It's
>> intended to avoid the upper layers being handed *non-existent*
>> paths. The current situation, with getaddrinfo() being disjoint
>> from source address selection, *guarantees* that the upper layer
>> will start with a non-existent path in some circumstances. How
>> can that be good systems design?
>>
> 
> I think the probing mechanism you're describing would effectively be a

I *did not* describe probing or any other mechanism. I said we should
have the network layer provide *address pairs* to the transport
layer rather than solo destination addresses. An implementation
might well include probing as well as static and routing information.

> partial duplication of the upper layer connection establishment
> mechanisms that already exist e.g. TCP's 3 Way Handshake, and I'd say
> that's not good system design.

Why not? This seems like an area where layer violation may be
exactly what's needed.

> For this probing mechanism, what packets are you going to use?
> Unreliable and/or blocked ICMPv6? Spoofed application TCP
> SYN/SYN-ACKs*?

Whatever works best. The only thing that needs to be standardised
is the API.

> What timeout values are you going to use for this IPv6 reachability
> probing mechanism? TCP's?

Same answer.

> An application blocking behind a multiple second "getaddrprobe()" call

I didn't propose that. Indeed the probing mechanism, if there is one,
needs to be asynchronous. It might well be that if you call
getaddrpairs() a hundred miliiseconds later, you'd get a different
answer.

> is well above the threshold of what is considered a good human user
> experience of 1 second, which is why Happy Eyeballs and my test
> program below use time outs in the 100s of milliseconds:
> 
> "Response Times: The 3 Important Limits"
> https://www.nngroup.com/articles/response-times-3-important-limits/
> 
> TCP and similar's (i.e. MPTCP, QUIC, SCTP) connection establishment
> mechanisms actually do two things concurrently - both test
> reachability of a DA, and negotiate connection establishment if the DA
> is reachable.

And that's fine, and that's how it should be. I am not proposing to
touch that.

     Brian
> 
> Regards,
> Mark.
> 
> 
> 
> 
> 
> 
>> I think that is completely disjoint from the need to handle
>> multipath in the upper layer, which I completely agree with.
>>
>>       Brian
>>
>>> Multipath, and therefore multi addressing aware
>>> transport layer protocols can hide it. MPTCP and MPQUIC need to adopt
>>> Happy Eyeball style techniques for their connection setup, attempting
>>> to connect to the multiple IPv6 and IPv4 DAs with an amount of
>>> concurrency.
>>>
>>> For the time being of putting it in applications; current HEv2 is hard
>>> because it requires concurrent programming. It's possible to achieve a
>>> similar outcome using traditional sequential programming (contrived
>>> unreachable and unavailable DNS As and AAAAs, plus example.com's IPv4
>>> and IPv6 addresses)
>>>
>>> [mark@opex src]$ ./seqhe seqhe.nosense.org 80 "GET /"
>>> getaddrinfo(seqhe.nosense.org)
>>>           Duration 0 secs, 12 ms
>>> conntout(::1, 112 ms)
>>>           conntout() connection error
>>>           conntout() duration 0 secs, 0 ms
>>> conntout(fe80::4a12:c679:54de:64f0, 112 ms)
>>>           conntout() timeout
>>> conntout(fd68:1e02:dc1a:ffff::3, 112 ms)
>>>           conntout() connection error
>>>           conntout() duration 0 secs, 1 ms
>>> conntout(2606:2800:220:1:248:1893:25c8:1946, 112 ms)
>>>           conntout() timeout
>>> conntout(127.0.0.1, 100 ms)
>>>           conntout() connection error
>>>           conntout() duration 0 secs, 0 ms
>>> conntout(10.255.255.3, 100 ms)
>>>           conntout() timeout
>>> conntout(93.184.216.34, 100 ms)
>>>           conntout() timeout
>>> conntout(::1, 281 ms)
>>>           conntout() connection error
>>>           conntout() duration 0 secs, 0 ms
>>> conntout(fe80::4a12:c679:54de:64f0, 281 ms)
>>>           conntout() timeout
>>> conntout(fd68:1e02:dc1a:ffff::3, 281 ms)
>>>           conntout() connection error
>>>           conntout() duration 0 secs, 1 ms
>>> conntout(2606:2800:220:1:248:1893:25c8:1946, 281 ms)
>>>           conntout() connection established.
>>>           Approx. SYN/SYN-ACK RTT 0 secs, 154 ms
>>> Received 500 bytes:
>>> ---
>>> HTTP/1.0 400 Bad Request
>>> Content-Type: text/html
>>> Content-Length: 349
>>> Connection: close
>>> Date: Thu, 07 Sep 2023 21:25:58 GMT
>>> Server: ECSF (laa/7AA1)
>>>
>>> <?xml version="1.0" encoding="iso-8859-1"?>
>>> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
>>>            "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
>>> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
>>>           <head>
>>>                   <title>400 - Bad Request</title>
>>>           </head>
>>>           <body>
>>>                   <h1>400 - Bad Request</h1>
>>>           </body>
>>> </ht
>>> ---
>>>
>>> Regards,
>>> Mark.
>>>
>>>>       Brian
>>>>
>>>> --------------------------------------------------------------------
>>>> IETF IPv6 working group mailing list
>>>> ipv6@ietf.org
>>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>>> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email