IETF Logo Mail Archive

Re: [IPv6] Data for EH drops (was Re: Comments on draft-ietf-6man-hbh-processing-12)

Tom Herbert <tom@herbertland.com> Wed, 06 December 2023 16:59 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 600DBC14F74E for <ipv6@ietfa.amsl.com>; Wed, 6 Dec 2023 08:59:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J_xvIMiR_Ln6 for <ipv6@ietfa.amsl.com>; Wed, 6 Dec 2023 08:59:43 -0800 (PST)
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28276C14F60D for <ipv6@ietf.org>; Wed, 6 Dec 2023 08:59:43 -0800 (PST)
Received: by mail-ed1-x533.google.com with SMTP id 4fb4d7f45d1cf-54c671acd2eso96a12.1 for <ipv6@ietf.org>; Wed, 06 Dec 2023 08:59:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland.com; s=google; t=1701881981; x=1702486781; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=db9e17Qzou+gFz0I1SF8zKkjDGWWvf+My2RMbwZ18Ps=; b=H7G7+yNFYpPkTrBx6iahQMZAe7HMY3Tf0E6s3ikR/NffGgGMZ+ddwJJqkAeENEpmQn nSnJSSMsReWcZJDUQc0q9vgAbVhWBOx/VEXCbL0p2/6a9uckHwUrzye2wD7eOD5cWkhC a5YMe9Br+eeqblq7w5muQXAyUzuuVZ1uGPtb4kqt7Sjtmgsk7BXNXIXjStEgWYc5cH0e GD2jiK+lbe7gG5HWweg2jzqRJ+hOrcqG3gY1DPsn6435BM9FYSNAQ1oJFPGxEkA0zH9n LCAk1tegjDD3AyUFju03fexOS+tLoi3tUVcRN+r/f9elLp9QpcVp6A9djFbmBz0rmd3Z 6Gow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701881981; x=1702486781; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=db9e17Qzou+gFz0I1SF8zKkjDGWWvf+My2RMbwZ18Ps=; b=e35IgwnZmpcl02FyDo5PvL/WgghNJjXKjkpkqJ1ocvqbJjttBr6m+XzmZONgs3fEFP xzAH+5O4nU+FWfYnxpNOVegKlNpcrJzT95WtgRobZE3GyLEAiFu5NKxHJid5NDSwFxsF 1AKkMoAXcjrF+TGN4rbLdHnDIfEE6OMmV0qun+jV8dm9KXATNAnh/B7S/KCtYDcavE6A mJpVkrlXgHCY+QtWIiscDO3Qz58A3NSiX7Kxj245qei0SaUXLnToxiFQp7McFEK+m6lK ri14nrWVfXSVnEHatfzkxE7FElPD+v6fdz+GzaFV9exNsuX/EfjAtHGbN/CJ7T3vd+bx 2Prg==
X-Gm-Message-State: AOJu0YzecsI+KmeVtlTAt6MN+gJjN7yXJau8Be8s2MRX5ruCSnf7tHUD LGMba/OkGZrCa2cNN1ggCcQhiQVQnIjEwUVJ1mAKVQ==
X-Google-Smtp-Source: AGHT+IFTBDTkjFQC2vaN4NOmB+OLdC9Oig8rpnf5PveVfY4YKg17CVY2VJT8zpCcMxDvn3a3miGS8xryR1DXmLePuKo=
X-Received: by 2002:aa7:d30f:0:b0:54c:4837:93ee with SMTP id p15-20020aa7d30f000000b0054c483793eemr814924edq.53.1701881980809; Wed, 06 Dec 2023 08:59:40 -0800 (PST)
MIME-Version: 1.0
References: <f10f3392afec44fbb02be63cc87c3b9c@boeing.com> <CALx6S375Xw+w1ngWdThnacE5U9gXRoEc=gPVdNKAqHpZ3zA7Yg@mail.gmail.com> <46D42B3A-7921-445A-98E8-E1F91719E635@apnic.net> <CALx6S36EgnCJiYFypsc3__OWriLBL65LbaH5R405G0aAdvMU0w@mail.gmail.com> <1EE55DA8-79D7-44DF-91A4-2EAD073AE986@apnic.net> <2A60C348-47C5-4237-880B-23614E7AB44B@jisc.ac.uk> <PH0PR11MB4966141E18068D07361104BDA984A@PH0PR11MB4966.namprd11.prod.outlook.com> <CALx6S34S8TZx4G-RaHcXu0++dWDPzZbhXHO2DpzBrA7EfDbHJA@mail.gmail.com> <PH0PR11MB49661490BF12E1EEA508D411A984A@PH0PR11MB4966.namprd11.prod.outlook.com>
In-Reply-To: <PH0PR11MB49661490BF12E1EEA508D411A984A@PH0PR11MB4966.namprd11.prod.outlook.com>
From: Tom Herbert <tom@herbertland.com>
Date: Wed, 06 Dec 2023 08:59:29 -0800
Message-ID: <CALx6S34V3J6Qub=S71qtWt+o_=_k1gvPsqow=yaK=z=zWTCy8g@mail.gmail.com>
To: "Eric Vyncke (evyncke)" <evyncke=40cisco.com@dmarc.ietf.org>
Cc: Tom Herbert <tom=40herbertland.com@dmarc.ietf.org>, 6man <ipv6@ietf.org>, Geoff Huston <gih@apnic.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/tOoDtAApCwehg5P4iFbYil2DDmA>
Subject: Re: [IPv6] Data for EH drops (was Re: Comments on draft-ietf-6man-hbh-processing-12)
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Dec 2023 16:59:47 -0000

On Wed, Dec 6, 2023 at 8:52 AM Eric Vyncke (evyncke)
<evyncke=40cisco.com@dmarc.ietf.org> wrote:
>
> Tom
>
>
>
> All the previous research papers (including draft-vyncke-james) indeed seem to *indicate* a HW limitation, but I have yet to see a lab tested measurement for the top 95% routers used in the global Internet.
>
>
>
> This is the part where I am hugely interested: actual data about devices (even if working for one such vendor)

Eric,

We have seen anecdotal data on this over the years, but I'm not sure
if there's ever been an accurate survey on vendor capabilities. I
believe the trend is newer devices are going to 256 or even 384 byte
parsing buffers, but of course we should expect a lot of variance with
legacy devices still in operation. I still belive that IETF should at
least set a feasible minimum requirement.

Tom

>
>
>
> -éric
>
>
>
> From: Tom Herbert <tom=40herbertland.com@dmarc.ietf.org>
> Date: Wednesday, 6 December 2023 at 17:38
> To: Eric Vyncke (evyncke) <evyncke@cisco.com>
> Cc: Tim Chown <Tim.Chown@jisc.ac.uk>, Geoff Huston <gih@apnic.net>, 6man <ipv6@ietf.org>
> Subject: Data for EH drops (was Re: [IPv6] Comments on draft-ietf-6man-hbh-processing-12)
>
> On Wed, Dec 6, 2023 at 6:35 AM Eric Vyncke (evyncke)
> <evyncke=40cisco.com@dmarc.ietf.org> wrote:
> >
> > Tim,
> >
> >
> >
> > *Very* interesting return of information as R&E networks are probably easier to approach with a “research” topic such as EH drops.
> >
> >
> >
> > If the R&E networks drops are not by policy, then I am afraid that either the policy is not correctly applied or there is a platform limitation (e.g., applying a L4 ACL forces line cards to parse the EH chain until either the L4 header is found or max size of EH is reached).
>
> Eric,
>
> The latter is parsing buffer limitation in hardware devices. The
> marker for this is when we see packets with small DestOpts are good,
> but larger ones are dropped.
>
> The APNIC data has numbers for the drop rates of different size
> DestOpts (https://blog.apnic.net/2022/10/13/ipv6-extension-headers-revisited/).
> Looking at the APNIC data the drop rates of DestOpts for different
> sizes are reported as 8,16 bytes->30%, 32 bytes->32%, 64 bytes->39%,
> 128->86%. Assuming that drops in the 8 byte case are because of
> policy, we can normalize to the drop rates for those devices that
> don't drop all EH by policy: 8 bytes->0%, 16 byte->3%, 64 bytes->13%,
> 128 bytes->80%. Success with 8 and 16 bytes imply at least a 96 byte
> parsing buffer, success of 16 bytes implies at least 128 byte parsing
> buffer, and 128 bytes implies a 192 byte or larger parsing buffer.
>
> Based on this analysis, the requirement specified in the
> draft-ietf-6man-eh-limits-11 draft is:
>
> "If a router needs to parse the transport layer, for instance to
> deduce the transport layer port numbers, it MUST be able to correctly
> forward packets that contain an IPv6 header chain of 104 or fewer
> bytes, or equivalently, a router MUST be able to process a packet with
> an aggregate length of extension headers less than or equal to 64
> bytes."
>
> IMO, the APNIC data implies that a 128 byte parsing buffer is
> reasonably common in deployment to justify this requirement is
> feasible. It's true that smaller parsing buffers are a bit more
> common, however a 32 byte chain length is going to be less useful than
> 64 bytes for EH.
>
> Tom
>
> >>
> >
> > -éric
> >
> >
> >
> > From: ipv6 <ipv6-bounces@ietf.org> on behalf of Tim Chown <Tim.Chown=40jisc.ac.uk@dmarc.ietf.org>
> > Date: Wednesday, 6 December 2023 at 15:02
> > To: Geoff Huston <gih@apnic.net>
> > Cc: 6man <ipv6@ietf.org>
> > Subject: Re: [IPv6] Comments on draft-ietf-6man-hbh-processing-12
> >
> > Hi,
> >
> > > In the first part of this yer, with the assistance from Gorry Fairhust and Anna Costura ot the Univ of Aberdeen we conducted a related experiment using a server located at that institution (which does NOT drop EH packets,) connected to JANET (which also  does not drop EH packets). However, we found that the major transit providers in the UK DO drop EH packets, including BT, BSKYB, Level 3, H3GUK, EE and ZEN. So we found it hard to see further afield.
> >
> > As someone who works for Jisc, who operate Janet, we noted from Gorry’s experiment that there was indeed at least one upstream transit provider we use to commercial networks who dropped packets with EHs. On contacting one they denied that such drops were configured or deliberate, despite the evidence being presented by Anna.  We found no way forward from there to determine the underlying cause.
> >
> > > Within the UK the result we found was that most transit paths encounter EH dropping at some point, and that means we can't "leap over" these obstruction points and look behind them. So I'm unable to device a broad scale  measurement that measures EH drop rates in the larger Internet.
> >
> > It would be interesting to determine the drop rates in the R&E networks. Our R&E connectivity is almost exclusively via GÉANT, who connect the European NREN backbones, save for a direct path to HEAnet in Ireland. We *think* that R&E networks don’t drop, but as yet have no evidence. I suppose you could tag the R&E networks as “limited domain” in that the new alt-mark and min mtu discovery RFCs published last year might be supported there.
> >
> > Tim
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email