IETF Logo Mail Archive

Re: What is necessity for SRH, and other EH, insertion/removal?

Tom Herbert <tom@herbertland.com> Thu, 19 December 2019 18:56 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 333E2120A80 for <ipv6@ietfa.amsl.com>; Thu, 19 Dec 2019 10:56:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EkiXNxHnsTWU for <ipv6@ietfa.amsl.com>; Thu, 19 Dec 2019 10:56:04 -0800 (PST)
Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15387120AA2 for <ipv6@ietf.org>; Thu, 19 Dec 2019 10:56:04 -0800 (PST)
Received: by mail-ed1-x531.google.com with SMTP id cy15so5920428edb.4 for <ipv6@ietf.org>; Thu, 19 Dec 2019 10:56:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=8JfyQufEX37CskbP2VwosMfaD56Flj5eWuFdPqcrCvo=; b=HsC+6tfQdaQTWpyezFH/7SdKlg6WyabQ/jorPUdOINK1FhR2Ktl4DgdYDngkpz/1r3 jN/KPnGY3ThtXisFzXiaOmXMP1wc8l/xdz+827FjELT8d+n7mzjqIMRqbrSKof4FoPTO qqsC5debpAoji6mULN6y/h3rPJoBcYh+PNyxzDVNZL6jm/ELuka1PeWHoKWwKeH+bju5 Y9RVdLiQrWECy2X/+Mq3h0CdQO3B1QoHROQoSH66naFGBbt/gYmmiRNSBmuTb1/XuDCh dPFn5+SrQjmwfi+VoAn/LIWklo5QfjCe9fCZubSBnYHiFi3kCzOYHnvlMqrIiY6SldGu icsg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=8JfyQufEX37CskbP2VwosMfaD56Flj5eWuFdPqcrCvo=; b=Lh/dok9ZysdkQWwABp9d8odmtAjV1tt3dBdjEX0wAmlp7F2sFxXDvlxfXXg3imEAHv N2s++ftggTqA9exBao+3HteiVOt+9DuB3uwhLDB9vv9XzjEkHT8N2OgcKWLaRnx/d4bY 93hI5IcEWsYEr+l6/ThvZehSGfjqqGNECtL2jUnTyMaCPQW3qY0jasTXGbu1JcoNJ9ip lt1DPktbE+96E6/xyJxCA3C8hf48CzbOjbWd5mjpTOAf/W3tUof6LM0a41XkofSTyM0F Oz+RzadCiTyXytPuiP4fJLkZy8d/fmQwtPK0zDmrC4Bi1spEIFxLdhmF1tn95Gi/52M8 dtZA==
X-Gm-Message-State: APjAAAVPV4WvcXNuWUar3qmVWGmDeq9JVum3WI0LjDLK9RXvUiG5e5so m0pGnpRUbgx20/n8xKHR0ga5HCIJ02XPueTns1dbMA==
X-Google-Smtp-Source: APXvYqwB/wNxaCylsKMLOfP6PTiIiKN3Ihyb91TrpgEyXMnZrhFHPJak+vhAsf38DjsvAtdDz0LPH8mWqGuVlLyZtOE=
X-Received: by 2002:a50:fb13:: with SMTP id d19mr11027541edq.87.1576781762416; Thu, 19 Dec 2019 10:56:02 -0800 (PST)
MIME-Version: 1.0
References: <CALx6S34vG=L_5nw_FzxHBUy+7tbWH4dhOh8xodOfKf2oOdrarg@mail.gmail.com> <CALx6S36g6gDJNp=unQJaGoGoMxnRpbqGni=JHvPFJ3ovmuzO4A@mail.gmail.com> <077155a7-cd14-6b9e-eab9-0da00c234406@gmail.com>
In-Reply-To: <077155a7-cd14-6b9e-eab9-0da00c234406@gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 19 Dec 2019 10:55:51 -0800
Message-ID: <CALx6S34P+5xcsw-prqk9L8Co9aqtbfcmD_PXG1EM9hY1q02J4Q@mail.gmail.com>
Subject: Re: What is necessity for SRH, and other EH, insertion/removal?
To: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Cc: 6man <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/tNJKjcgkLZeaKdPkimcj_cCHwvY>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Dec 2019 18:56:06 -0000

On Thu, Dec 19, 2019 at 5:05 AM Alexandre Petrescu
<alexandre.petrescu@gmail.com> wrote:
>
>
>
> Le 18/12/2019 à 23:07, Tom Herbert a écrit :
> > On Sat, Dec 7, 2019 at 9:17 AM Tom Herbert <tom@herbertland.com>
> > wrote:
> >>
> >> Pulling this out into a separate thread. Pertinent questions are:
> >>
> >> Why is extension header insertion and removal at necessary?
> >>
> >> Why isn't the proposed alternative of IPIP encapsulation
> >> sufficient? (where the encapsulating headers contain the extension
> >> headers that would otherwise be inserted)
> >>
> > I believe that inband network telemetry (INT and IOAM ) might
> > provide the best motivation for extension header insertion. One of
> > the goals is to allow network operators to perform telemetry on
> > packets as they traverse their network. A telemetry header, INT or
> > IOAM, is put into packets on ingress to the domain and removed at
> > egress, and intermediate nodes modify the packet with measurement
> > data.
> >
> > Key requirements are that not all packets for a flow need to be
> > measured, and measured packets need to follow the same path as those
> > not measured  in order for the measurements to reflect what is
> > happening for the flow. IPIP encapsulation would change the hash
> > that ECMP uses so encapsulated packets might traverse a different
> > path-- therefore it's not sufficient in this case.
>
> Why would ECMP (Equal-cost multi-path routing) be influenced by an
> addition of an IP header (IPIP encapsulation) but not influenced by the
> insertion of an extension header?
>
Alexandre,

When IP encapsulation is performed, unless the outer destination
happens to be the same as the inner destination, the destination
address will be different and hence packet can be routed over a
different path even with just simple destination based routing. The
outer source address will also presumably be different, so even if the
destination address were the same, the ECMP hash computed as routers
would still be different so packets could take a different path.

With extension header insertion, the IP addresses are not changed.
Neither is the flow label, nor any transport ports. So the network
still routes to the same destination address, and if ECMP is in use
the same hash is always produced since the inputs to the hash remain
the same after the header insertion.

> > Extension header insertion would maintain the routing in ECMP
> > (although the fact that extension headers aren't supported in IPv4
> > creates another problem).
>
> ECMP distinguishes between IP headers being extension headers vs base
> headers?  IF yes, it should be modified to work with base headers
> addition as well (encapsulation IPIP).

Some implementations might do that, but not all. In IPv6 this is
unnecessary since the flow label contains per flow information so
routers don't need to parse beyond the IPv6 header to do EMCP. Also,
packets must be routed based on (outer) destination address, ECMP is
only used to pick amongst possible paths to a destination. Even if the
EMCP hash computation is the same, the packets might still follow
different paths when destination address is different.

>
> > Some of the inband telemetry implementations are already addressing
> > this by inserting the inband telemetry headers directly into the UDP
> > or TCP payload of existing packets and removing the inserted payload
> > bytes at the egress point. Since only transport payload is being
> > modified, the packets will be routed the same way as other modified
> > packets for a flow. The obvious problem with this approach is that
> > payload is being changed by intermediate nodes such that if the end
> > host were to ever receive the modified packet this could result in
> > silent data corruption of users' data. So this protocol mechanism is
> > fundamentally not robust and probably dangerous. I think this
> > actually makes extension header insertion, where the worst case
> > scenario is probably unexplained packet loss, look palatable!
>
> Inserting data in the packets and then measuring them - isn't it an
> interference with the phenomenon to be measured?
>
Yes, there certainly is some uncertainty principle effects, however I
imagine  not measuring the "actual" path for a flow would probably be
considered as invalid results.

Tom

> Alex
>
> >
> > Tom
> >
> >> Please note, I'm asking for the technical justification of the
> >> protocol design, saying that it's necessary because it's already
> >> being deployed isn't useful in this regard.
> >>
> >> Tom
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list ipv6@ietf.org Administrative
> > Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
> >
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email