Re: Last Call: <draft-ietf-6man-rfc2460bis-08.txt> (Internet Protocol, Version 6 (IPv6) Specification) to Internet Standard

Enno Rey <erey@ernw.de> Sun, 05 February 2017 01:07 UTC

Return-Path: <erey@ernw.de>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73CCB12943D for <ipv6@ietfa.amsl.com>; Sat, 4 Feb 2017 17:07:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Db-jEhf-u85L for <ipv6@ietfa.amsl.com>; Sat, 4 Feb 2017 17:07:03 -0800 (PST)
Received: from mx1.ernw.net (mx1.ernw.net [IPv6:2003:60:4010:10a0::11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 963671293DF for <ipv6@ietf.org>; Sat, 4 Feb 2017 17:07:02 -0800 (PST)
Received: from mail1.ernw.net (unknown [172.31.1.30]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail1.ernw.net", Issuer "ernw ca1" (verified OK)) by mx1.ernw.net (Postfix) with ESMTPS id 16A972730F for <ipv6@ietf.org>; Sun, 5 Feb 2017 02:07:01 +0100 (CET)
Received: from ws26.ernw.net (unknown [172.31.1.70]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "ws26.ernw.net", Issuer "ernw ca1" (verified OK)) by mail1.ernw.net (Postfix) with ESMTPS id ECF4435C4D for <ipv6@ietf.org>; Sun, 5 Feb 2017 02:07:00 +0100 (CET)
Received: by ws26.ernw.net (Postfix, from userid 1002) id C23EF39813; Sun, 5 Feb 2017 02:07:00 +0100 (CET)
Resent-From: Enno Rey <erey@ernw.de>
Resent-Date: Sun, 5 Feb 2017 02:07:00 +0100
Resent-Message-ID: <20170205010700.GB81679@ernw.de>
Resent-To: ipv6@ietf.org
Date: Sat, 4 Feb 2017 20:06:35 +0100
From: Enno Rey <erey@ernw.de>
To: draft-ietf-6man-rfc2460bis@tools.ietf.org, ietf@ietf.org, 6man-chairs@ietf.org
Subject: Re: Last Call: <draft-ietf-6man-rfc2460bis-08.txt> (Internet Protocol, Version 6 (IPv6) Specification) to Internet Standard
Message-ID: <20170204190635.GC80290@ernw.de>
References: <9c3abcb7-81f4-e23f-3b1a-3d4e97b15314@si6networks.com> <9b8383cd-f0aa-3ea2-1521-ab9cba8e50a5@si6networks.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <9b8383cd-f0aa-3ea2-1521-ab9cba8e50a5@si6networks.com>
User-Agent: Mutt/1.7.1 (2016-10-04)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/tNR24ZN6o9APFEedk1_vTJe09Mc>
Cc: fgont@si6networks.com
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Feb 2017 01:07:05 -0000

Hi,

On Sat, Feb 04, 2017 at 09:32:37AM +0100, Fernando Gont wrote:


> Everyone has agreed (including the authors of RFC2460) that EH insertion
> has never been allowed.
> [...]
> > Permitting header insertion in the sense of specifying how header
> > insertion could possibly work is of course outside the scope of
> > advancing RFC2460.
> 
> Explicitly allowing EH insertion would most likely be out of scope, too:
> It completely changes a very basic aspect of IPv6.
> 
> FWIW, I think that publishing a spec with what some have considered to
> be ambiguous text (subsequently leading to 600+ messages on the very
> group that specifies the protocol) would be a lousy job on our side.
> Either explicitly ban extension header insertion, or explicitly allow it.
> 

The first talk I gave about IPv6 was in 1999 (with an experimental IPv6 stack of Windows NT and being connected to the 6Bone). I don't remember much of it but I'm pretty sure I explained that the desire to restore the pre-middlebox, pre-NAT end-to-end character of the Internet was one of the main design drivers of IPv6 (hint: you may also look at the "Acknowledgments" section of RFC 2460).
Quite a few IPv6 books of the time (we still have them in the library, feel free to reach out for examples) explicitly mentioned end-to-end as a major property of IPv6 and many guys giving IPv6 talks & trainings since 15+ years now have it on their introductory slides. Furthermore several adjustments of the main IPv6 header (e.g. removing the checksum) and barring fragmentation performed by intermediate points clearly indicate the message: "in general we don't want devices to mangle with packets in transit".
So, from my personal perspective, it's painfully obvious that there was never any intent to allow the modification of IPv6 packets in transit (besides very specific exceptions which were clearly described), and this has been an undisputed principle of IPv6 for a long time.

So one may be tempted to ask: why do we have this discussion at all?
Well I think the answer is quite simple: as so often in life, it's about agendas and politics. Before I comment on this in a bit more detail, let me add two disclaimers:

Disclaimer (1): in the following rant on how certain things are happening at the IETF I can only speak for IPv6-related stuff. 
Disclaimer (2): addressing such a rant in direct to an IETF mailing list means I will tap on the feet of many people. Feel free to personally let me know your strong opinion or just ignore me/stare into another direction from now on when we meet. There's only a small chance this will happen at an IETF meeting anyway, for reasons laid out below. 

Let's look at how the actual discussion (and subsequent specification) work is done at the IETF, similar to other voluntary organizations: on mailing lists and in (f2f) meetings. As we all know, these meetings take place three times a year, each on a different continent (yes, I'm aware of remote participation, but let's be honest: at the end of the day how much impact on specification did this have this in past, in particular in heavily old boys' clubs dominated WGs like 6man?).

Further fact is: if you look at the lists of participants of the meetings, the vast majority of it is vendor personnel. This is not surprising when reflecting on the incentives different parties may have to send people to IETF meetings. How would, say, an enterprise person argue in front of her boss to attend the 51st (!) IETF meeting since the publication of RFC 2460 (especially considerung the ongoing [non-]state of deployment in large parts of that space. it's up to the reader to connect that state with the things I describe here...)?

But it's not like vendor people don't have to justify these nice trips to their bosses. Of course they have to. 
Here's two prevalent strategies:
- "we have that new feature. let's try to push it into an RFC, as this strengthens our market position (in general and for selling the specific thing)"
- "you know, there's this future thing called IPv6. I'm in one of the working groups where we come up with lots of creative ideas how to even make it better. my name is on one of the draft documents so I'll have to be there, at the next meeting (and we, as a vendor, demonstrated our contribution also)".

For quite some of the stakeholders (namely both the vendor in question and the respective participant[s]) these are not only legitimate but fully understandable. It's just: does this drive things in the right direction of the greater good & community? Me seems we have a classic tragedy of the commons here...

I'm in the very privileged position that my employer would (and did so several times in the past) actually pay for week-long trips to nice cities and expensive hotels (and release me from other tasks contributing to short-term productivity, let alone revenue) three times per year. Still I do know many people *very* unhappy with the current state of IPv6 specs - and scratching their heads in light of the present discussion - who are not.
We/you guys don't have to care about the esteem of IPv6 community (at least the part I myself can speak for) and you might even feel obliged to ignore it ("we know better what's good for them").
But we should at least be honest as for the obvious agenda quite some vendor guys are pushing as for EH insertion (I don't have to mention SR, do I?) and you Ole, as a 6man chair, have probably noticed that there's not much support for the idea from anybody outside Cisco space (yes, I'm aware of the poll. but I followed the mailing list discussions as well).

There you have it. I don't even think that this was anything new for most of you. Still at times it helps to name the obvious.
If any socio anthropologist wanted to find a textbook example for "how voluntary bodies claiming to be open for anyone get compromised over time by vested interests" the EH insertion thing would be one.

best

Enno

For the protocol: given the fundamental role of RFC 2460 I, too, think that an implementor must be able to get a clear answer to the question "is EH insertion allowed or not?" during its lecture, without going through 600+ e-mails in an archive (just to find out that "even the experts didn't agree on that, at the time"). So I support Fernando's request of 
> Either explicitly ban extension header insertion, or explicitly allow it.




-- 
Enno Rey

ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902 

Handelsregister Mannheim: HRB 337135
Geschaeftsfuehrer: Enno Rey

=======================================================
Blog: www.insinuator.net || Conference: www.troopers.de
Twitter: @Enno_Insinuator
=======================================================