IETF Logo Mail Archive

Re: Other use cases for header insertion (was Re: Header Insertion and TI-FA)

Mark Smith <markzzzsmith@gmail.com> Tue, 12 May 2020 21:44 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 563273A0C1E for <ipv6@ietfa.amsl.com>; Tue, 12 May 2020 14:44:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.597
X-Spam-Level:
X-Spam-Status: No, score=-0.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J7OJErOe3qkc for <ipv6@ietfa.amsl.com>; Tue, 12 May 2020 14:44:02 -0700 (PDT)
Received: from mail-oi1-x229.google.com (mail-oi1-x229.google.com [IPv6:2607:f8b0:4864:20::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8A3F3A0C1B for <6man@ietf.org>; Tue, 12 May 2020 14:44:01 -0700 (PDT)
Received: by mail-oi1-x229.google.com with SMTP id i22so3018672oik.10 for <6man@ietf.org>; Tue, 12 May 2020 14:44:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3kToPp/5zZSjimJtq8TcovYORGgtN60BMH+Q2oTt2Ac=; b=rZnNvforNGuTOHNuSY5mKX1BFa4jOJQHKsOD34nYHCUz1SFwUHDVsW3y9joSppC9mn 002cF237vBh0TxCtR5czf14QZGauatFgPdL/9qmS2NZAHjXUEpoYWMP5C6z5sLw7ecR1 cbuuCPOD4ptYX+ZmPJp0y5fApZ/j+ePgqj24ujndyHvTmJyaadkCMaIK0917h2/4lwdN ItS+FFjl46MAYXeFHcXqT6BkGSNvEh5FpM9IrACTCRB3QWFoRnDJ6UnBGVfjdePQlq9p GfM8mbGOplyvSpJPfprP7ls2+Iv1TGlJo7+ToZFpzTJ7mZJN1HBqFt8KfkTLhlAGYTb9 n61A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3kToPp/5zZSjimJtq8TcovYORGgtN60BMH+Q2oTt2Ac=; b=XegiRzROAboXApTtrI0d16f00kxjCGsJC76Q1OqLLxTaotVDrXUhhriRJY6W8EHLyH VUXYYgI7gjYvURMJIjrBnJC/bgiAyZn3eF8iJNxTR19dhgVOwnqXoDjFkvtc73kW3Jau /64zxYainuVYQIR0/5CT7jEvyfQ7t3Gdt6CWY0s2l54mZ9ZQpr3l74LTTz13c2GD/nZY ao7H+RF/R4Gl3/2syAKg9/Dv+yhsn4tszZa5ur/709jZ6OdQn/fPJbDWXVFfyqadU9BT ZP3Vz9mK/5/rtit5Q5fB8jZRneuSUcErYRPHQEN+vmzwta9m7VsratMIgI8MmkEDeV+N Svvg==
X-Gm-Message-State: AGi0PuY9uUKCQ/BswsMIQhTrvtzvYk2A039Yu07zUPoe8DVLbcPVd02m qjKS+JMCowMGr/8Udah2c8WrFkkPDz3X6yLfPN8uodWf
X-Google-Smtp-Source: APiQypIeWcYmuPiyEKsqhKugNPIGPfWSqdpdBGOjLnzaujDnJc0AsmDgBU61QQfXOzhm0H4LmDX/BXMKQQEvE8jiw/0=
X-Received: by 2002:aca:6508:: with SMTP id m8mr25260567oim.54.1589319840726; Tue, 12 May 2020 14:44:00 -0700 (PDT)
MIME-Version: 1.0
References: <DM6PR05MB6348FA1FC00258ACE4FDE444AEA10@DM6PR05MB6348.namprd05.prod.outlook.com> <CALx6S35EncqhfBCP0aZHqBQ2MBT1VSxpRUB59dOTBpP4wwFsjg@mail.gmail.com> <CAO42Z2yXxZCddqrWv5Ycpi8R9YcvGj-=3o+a65LyKJnf38T7KQ@mail.gmail.com> <CALx6S34=a6gcLYLi+ksFnw2ETUper3ZMog7BUz2+o64-SU0_5Q@mail.gmail.com>
In-Reply-To: <CALx6S34=a6gcLYLi+ksFnw2ETUper3ZMog7BUz2+o64-SU0_5Q@mail.gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Wed, 13 May 2020 07:43:34 +1000
Message-ID: <CAO42Z2yrfL0fHyF=sC0gK-wDgBSOYGiRMaATXHdJj3JkNryg8Q@mail.gmail.com>
Subject: Re: Other use cases for header insertion (was Re: Header Insertion and TI-FA)
To: Tom Herbert <tom@herbertland.com>
Cc: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, 6man <6man@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008a846c05a57a5cef"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/s2hHdqRXfq866lEW8NaUMlIMuhw>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 May 2020 21:44:05 -0000

Hi Tom,

On Tue, 12 May 2020, 10:27 Tom Herbert, <tom@herbertland.com> wrote:

> On Mon, May 11, 2020 at 1:37 PM Mark Smith <markzzzsmith@gmail.com> wrote:
> >
> >
> >
> > On Tue, 12 May 2020, 00:50 Tom Herbert, <tom@herbertland.com> wrote:
> >>
> >> On Mon, May 11, 2020 at 5:58 AM Ron Bonica
> >> <rbonica=40juniper.net@dmarc.ietf.org> wrote:
> >> >
> >> > Folks,
> >> >
> >> >
> >> >
> >> > Happy Monday!
> >> >
> >> >
> >> >
> >> > As I was painting this weekend, I remembered that the use-case for
> IPv6 Header insertion is TI-LFA. This made the following questions come to
> mind:
> >> >
> >>
> >> Ron,
> >>
> >> There is at least one other use case for IPv6 Header insertion, that
> >> being IOAM. For example, an operator may wish to collect per packet
> >> statistics as packets traverse its network. An ingress router would
> >> insert headers containing IOAM, routers would annotate the
> >> information, and the egress router is expected to consume and remove
> >> the headers.
> >
> >
> >
> > Have a review of this draft. EH insertion is not proposed for IOAM.
> >
> > Deployment Considerations for In-situ OAM with IPv6 Options
> >
> https://tools.ietf.org/html/draft-ioametal-ippm-6man-ioam-ipv6-deployment-02
> >
> Mark,
>
> For IOAM the assumption is that not all packets are necessarily
> annotated for measurement and that both annotated and non-annotated
> packets need to follow the same path in order for the the measurements
> to be useful.



I think that can be accommodated.

The presence of an IOAM header in a packet is the selector of whether IOAM
processing occurs, and whether an IOAM header is present when the packet
leaves the node.

i.e. for packet with IOAM header when it arrives at IOAM node.

1. packet is link-layer decapsulated (including IPv6 virtual-link layer
(tunnel) decap)
2. As packet has IOAM header, IOAM info and packet passed to IOAM function
to process/update IOAM information.
3. Once IOAM processing complete, packet's IP DA is looked up, determining
egress interface and link-layer encapsulation.
4. The packet is link-layer encapsulated (possibly in IPv6 virtual
link-layer/tunnel) with the IOAM header between the link-layer header and
the IP packet, and sent on its way.

for a non-IOAM packet, (standard IP forwarding, just showing for
completeness)

1. packet is link-layer decapsulated.
2. As packet is vanilla IP, packet bypasses the IOAM function.
3. packet's IP DA is looked up, determining egress interface and link-layer
encapsulation.
4. packet is link-layer encapsulated, and sent on its way.

The information produced by IP DA lookups in both cases is the same, so
packets with or without IOAM headers will follow the same path through the
network if they have the same DA.


> <snip>
>


> >> This use case makes me think the WG should consider how to make header
> >> insertion safe and viable.
> >
> >
> > There's a need for a layer 2.5 local networking protocol that has
> smaller headers (and smaller addressing) than IPv6, that won't cause
> problems if it leaks because it is not the Internet's protocol, because all
> this EH insertion debate and pain is caused by people wanting to use IPv6,
> but not wanting to pay the IPv6 internetworking protocol overhead. They're
> trying to have their cake and eat it too.
>
> I think we need to keep an open mind. While I agree that the SR use
> case hasn't been well explained why EH insertion is needed, I don't
> think we can preclude that there might not be other use cases where it
> makes sense.
>

I don't think it will ever make sense to me, and I've thought about the
idea of insertion verses encapsulation since the invention of 802.1Q in
around the early 2000s, verses the Eth-in-Eth tunelling pre-standard
solution Cisco I had deployed.

802.1Q violates the purpose of the FCS, which is a path integrity check
between the frame's original source and its final destination.


> >
>


> <snip>
>
> A lot of people thought NAT was a hack too :-)


It still is, and I've thought that for nearly 25 years.

Here's my 3 part, 4500 word essay, from an operators point of view, on the
trouble with NAT, based on my AusNOG presentation on that topic in the
previous year.

https://blog.apnic.net/2016/10/25/trouble-nat-part-1/
https://blog.apnic.net/2016/10/26/trouble-nat-part-2/
https://blog.apnic.net/2016/10/27/trouble-nat-part-3/

Slides if that is TL;DR:

https://www.ausnog.net/sites/default/files/ausnog-2016/presentations/1.2_Mark_Smith_AusNOG2016.pdf

Getting rid of NAT is why I've spent so much of my own time on IPv6 here in
the IETF.


My concern is if we
> dismiss protocols becasue we view them as hacks without giving serious
> consideration to how they might be made to work reasonably,



I've given it serious consideration. It's not about whether it can be made
to work, to me it is about how hard it is going to be to fix it when it
breaks.

I consider EH insertion or EH removal so bad that I would much rather
deploy IPv6 with NAT, because at least with NAT, in one of the packet
directions, the NAT device overwrites the packets' source address with its
own. I can troubleshoot broken NAT much easier than I'll be able to
troubleshoot anonymous EH insertion or removal.


perhaps in
> a limited domain, people will deploy these hacks anyway and in  fact
> may end up doing things the are far worse (like the aforemention hacks
> where intermediate nodes are mucking with TCP payload).
>

I don't think we are obligated to accommodate and facilitate special cases
that comes along, even if there is a level of popularity.

IPv6 is supposed to be the general purpose Internet and internetworking
protocol. Being general purpose means good enough for the majority of
cases, may not be good enough for special cases.

If those special cases can't compromise their requirements to suit IPv6,
then they shouldn't use IPv6. They should come up with something different
that is much more tailored and specialised that better suits their
requirements.


Regards,
Mark.


> Tom
>
> >
> > Regards,
> > Mark.
> >
> >>
> >> Tom
> >> >
> >> >
> >> > How does TI-LFA work when the original packet already contains a
> routing header? Will it insert a second, so that the packet has two routing
> headers?
> >> > How does TI-LFA work when the node directly upstream of the link
> (i.e., the PLR) is not a segment endpoint? Will it insert an routing
> header? Is that consistent with 8200?
> >> >
> >> >
> >> >
> >> >
>                                                    Ron
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > Juniper Business Use Only
> >> >
> >> > --------------------------------------------------------------------
> >> > IETF IPv6 working group mailing list
> >> > ipv6@ietf.org
> >> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> >> > --------------------------------------------------------------------
> >>
> >> --------------------------------------------------------------------
> >> IETF IPv6 working group mailing list
> >> ipv6@ietf.org
> >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> >> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email