RE: Extension header order in draft-leddy-6man-truncate-04
Ron Bonica <rbonica@juniper.net> Wed, 11 July 2018 20:06 UTC
Return-Path: <rbonica@juniper.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 301031277BB for <ipv6@ietfa.amsl.com>; Wed, 11 Jul 2018 13:06:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NYMFwF94ldAc for <ipv6@ietfa.amsl.com>; Wed, 11 Jul 2018 13:06:12 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA875124C04 for <ipv6@ietf.org>; Wed, 11 Jul 2018 13:06:11 -0700 (PDT)
Received: from pps.filterd (m0108162.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w6BK3lHD023500; Wed, 11 Jul 2018 13:06:11 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=t/WE0UiRTTl7p6ajSpKyv1vVGFtpk178dg1gv4kwjlI=; b=sTD7lCJQoHB0Adn4FEMt3k0TUAQQ95C3dfSpmI0EIMSHfuHtSbjnM/RNmAm8f2YTidZW 1HbS2jZ/Tx5atY5tYoameFc2zkhqnpNBxgqGFng3jk0oFm5PY8dhpfLnp2f7mnDceMq6 QR+deM9PyB0IpokaDtbco1smuMxowSJXVTvSvvJzsfnhnWBLFo67TdijYJdvA73+7INT I/Jm7NcWbWo6+AVyq33/9LNKPmrSPpyjTFcZcAyteo9idAo5TZq692icvCDxYO8gzKMs cz8JVufI73fcu2r2K7xkIFoYrXC4InZvHJd8SXqzH5jS5jbOkcuDR7IG5pJ02HC0wUGg yg==
Received: from nam04-co1-obe.outbound.protection.outlook.com (mail-co1nam04lp0054.outbound.protection.outlook.com [216.32.181.54]) by mx0b-00273201.pphosted.com with ESMTP id 2k5mksrt6n-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 11 Jul 2018 13:06:10 -0700
Received: from CO1PR05MB443.namprd05.prod.outlook.com (10.141.73.152) by CO1PR05MB346.namprd05.prod.outlook.com (10.141.52.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.952.12; Wed, 11 Jul 2018 20:06:07 +0000
Received: from CO1PR05MB443.namprd05.prod.outlook.com ([fe80::312a:3c1:f69:c7fb]) by CO1PR05MB443.namprd05.prod.outlook.com ([fe80::312a:3c1:f69:c7fb%13]) with mapi id 15.20.0952.017; Wed, 11 Jul 2018 20:06:07 +0000
From: Ron Bonica <rbonica@juniper.net>
To: "C. M. Heard" <heard@pobox.com>
CC: 6man <ipv6@ietf.org>
Subject: RE: Extension header order in draft-leddy-6man-truncate-04
Thread-Topic: Extension header order in draft-leddy-6man-truncate-04
Thread-Index: AQHUEK4mv7SfDM73i0OMcJOephDk+KSCkCQQgABDN4CAAMxkIIAAVzyAgAaL+eA=
Date: Wed, 11 Jul 2018 20:06:07 +0000
Message-ID: <CO1PR05MB4438A5B8B2F940C4C9BDD4BAE5A0@CO1PR05MB443.namprd05.prod.outlook.com>
References: <CACL_3VEWyZ5=peCfFG0swEN5gDktFEEwwSycOHTAc9x6QG4WzA@mail.gmail.com> <DM2PR05MB4483C1E48F6D713533310BCAE470@DM2PR05MB448.namprd05.prod.outlook.com> <CACL_3VHeDbgp4R1D+To=++zHWjUTwd2v9k8Ps45ZRHShs1A9pQ@mail.gmail.com> <CO1PR05MB443EB8F38E114C7FEBE4D27AE460@CO1PR05MB443.namprd05.prod.outlook.com> <CACL_3VG1Q6w9ASyfjiQmuiPnkLOTQ0iaveRsV7E8=ZKxJPqE-g@mail.gmail.com>
In-Reply-To: <CACL_3VG1Q6w9ASyfjiQmuiPnkLOTQ0iaveRsV7E8=ZKxJPqE-g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.0.300.84
dlp-reaction: no-action
x-originating-ip: [108.48.24.39]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CO1PR05MB346; 7:HiNFN70dpUTOW+cB0tUcNAZlEVyNsrDL18CjVUsZwyrEp4U/PR3bYWDT5iNkC9Ww/Idc5ftOWHGCucl+hATYAlO5YfJnNpfNo/tF8QWB3CMz6OHlxCBfq9X2wWctZSm02l9UFtemarMoGj6+NM42ndNOOIQCGsrVer+3qPTrpspPNuDlOprzbKpM49B8sryuuudVnK1lnselNRHckgYZP3PJ1X6BSxhOGgsz7HdFy20PU9sPjh+CY93AvshWjTIg
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: f346f539-f99e-4aeb-d214-08d5e769bd32
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600053)(711020)(48565401081)(2017052603328)(7153060)(7193020); SRVR:CO1PR05MB346;
x-ms-traffictypediagnostic: CO1PR05MB346:
x-microsoft-antispam-prvs: <CO1PR05MB346355490EDAF0E8838840BAE5A0@CO1PR05MB346.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(10436049006162)(192374486261705)(138986009662008)(100324003535756)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(10201501046)(3002001)(3231311)(944501410)(52105095)(93006095)(93001095)(6055026)(149027)(150027)(6041310)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123564045)(20161123560045)(6072148)(201708071742011)(7699016); SRVR:CO1PR05MB346; BCL:0; PCL:0; RULEID:; SRVR:CO1PR05MB346;
x-forefront-prvs: 0730093765
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(346002)(366004)(376002)(39860400002)(396003)(51444003)(199004)(189003)(6246003)(6116002)(256004)(486006)(229853002)(81156014)(5070765005)(9326002)(3846002)(8936002)(5250100002)(2900100001)(86362001)(55016002)(7736002)(5660300001)(81166006)(6916009)(54896002)(6306002)(14444005)(6436002)(4326008)(26005)(8676002)(106356001)(102836004)(236005)(105586002)(9686003)(25786009)(7696005)(316002)(2906002)(790700001)(74316002)(93886005)(11346002)(186003)(99286004)(53936002)(606006)(14454004)(446003)(68736007)(478600001)(76176011)(53946003)(66066001)(33656002)(476003)(19609705001)(97736004)(6506007)(53546011); DIR:OUT; SFP:1102; SCL:1; SRVR:CO1PR05MB346; H:CO1PR05MB443.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: kj1t7+lytS8eAdz4eh8G69IKbWDTPYZoB2oonCXZy9v+GLrXDZht2k5kT3PfT+AEdKo6yuIkQY4sPmjU3YgJHkIqWFPTV5EqAJ9lO/vNdLG0RIE4mf5uUe263oLPG1/NlxEuuHpS3wnZg4WJx/cZYqBlAwxY+fEk7CkcJgzIDN9cQkmDp1U3Zf8mMAbzp6Riv8IglMGeJLxClwgGSjI6WTMHwpz1XMQxqxs5lLayyxsv/mUeTkosQhNs23hikit5VY+k6MHZgeouXIxoM2xslVWKa+sAj3rO5PoAoFNFp+t9BpKqCU6xW1dO4v5H786rwn5mWMowR46XzcsUE4KOxqHPXulX2Mowua58cBasMOw=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CO1PR05MB4438A5B8B2F940C4C9BDD4BAE5A0CO1PR05MB443namprd_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: f346f539-f99e-4aeb-d214-08d5e769bd32
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jul 2018 20:06:07.2099 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR05MB346
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-07-11_05:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1806210000 definitions=main-1807110212
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/V0YNk4VZ1ihJwZm9BpZGrrG3Z5Q>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jul 2018 20:06:17 -0000
Hi Mike,
Sorry for the slow response. See inline…..
Ron
From: C. M. Heard <heard@pobox.com>
Sent: Saturday, July 7, 2018 12:04 PM
To: Ron Bonica <rbonica@juniper.net>
Cc: 6man <ipv6@ietf.org>
Subject: Re: Extension header order in draft-leddy-6man-truncate-04
Ron,
I thought of a couple of issues that arise when a "Truncation Eligible" option appears before a Routing Header.
First, an intermediate hop in the source route will need to remember whether it has seen the "Truncation Eligible" option in order to correctly process the packet upon finding the Routing Header with an unexpired route, so that it can truncate the packet and change the "Truncation Eligible" option to "Truncated Packet" before forwarding. Prima facie this seems straightforward, but I would not want to bet my life on that without actually analyzing the interaction with each standardized type of Routing Header.
Second, what happens at an intermediate hop in a source route if it encounters the "Truncated Packet" option? Does it immediately send an ICMP message? Or should it continue following the header chain to see if a Routing Header is present, so that it can forward (and perhaps re-truncate) the packet?
The later
The latter is what I had in mind, but it does seem to impose complex processing requirements on nodes that can play the role of intermediate hop in a source route. A node that can play the role of endpoint only can safely ignore this subtlety.
Yeah, it does add a little complexity, but the benefits are worth it. The benefits are:
- The ICMP PTB is sent from the ultimate destination. Therefore, it is more likely to make it to the source
- If the packet needs to be truncated again, downstream, the source learns the PMTU in one RTT
I still don't think it's desirable to have the truncation option after the routing header, but the question is clearly more complicated than I had at first appreciated.
I still agree.
Ron
Mike Heard
On Sat, Jul 7, 2018 at 3:56 AM, Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>> wrote:
Mike,
Having thought about it for a while, you may be right. I will post an updated to the draft as soon as the submission tool reopens.
Thanks,
Ron
From: C. M. Heard <heard@pobox.com<mailto:heard@pobox.com>>
Sent: Friday, July 6, 2018 6:41 PM
To: Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>
Cc: 6man <ipv6@ietf.org<mailto:ipv6@ietf.org>>
Subject: Re: Extension header order in draft-leddy-6man-truncate-04
Ron,
We definitely disagree about case 3 (but we agree about the others).
The way you have it is truncation option appears after RH, which means either that:
(a) you do NOT want the intermediate hops singled out by the routing header to process the truncation option, or
(b) you expect all truncation-capable intermediate routers to walk the header chain past the routing header, possibly through a leading destination options header, when the packet is too big to forward.
I can't see why either of those things is desirable. What am I missing?
Mike
P.S. I missed the possibility of a second destination options header without the truncation option in cases 2-4. I would have noticed that had I done my homework, since it is right there in the ESP discussion in the draft.
On Fri, Jul 6, 2018 at 12:27 PM, Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>> wrote:
Mike,
I’m not sure that I agree. Let’s think through all of the possible cases……
R = Routing Options header is present
A = Either Authentication header or ESP header is present
Case 1) !R and !A
The new truncation options appear in the one-and-only Destination Options header
Case 2) !R and A
The new truncation options appear in a Destination Options header before the Authentication / ESP header
Another Destination Options header may appear after the Authentication / ESP header
Case 3) R and !A
The new truncation options appear in a Destination Options header after the Routing Options header
Another Destination Options header may appear before the Routing Options header
Case 4) R and A
The new truncation options appear in a Destination Options header before the Routing Options header
Another Destination Options header may appear after the Authentication / ESP header
I think that we are agreeing on cases 1,2 and 4. But we might disagree on case 3? Is this the case?
Ron
From: C. M. Heard <heard@pobox.com<mailto:heard@pobox.com>>
Sent: Saturday, June 30, 2018 4:08 PM
To: Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>
Cc: 6man <ipv6@ietf.org<mailto:ipv6@ietf.org>>
Subject: Extension header order in draft-leddy-6man-truncate-04
Hello Ron,
It occurs to me that the proper order of headers when the "Truncation Eligible" or "Truncated Packet" options appear should be:
IPv6 header
Hop-by-Hop Options header
Destination Options header ("Truncation Eligible", "Truncated Packet" , or note 1)
Routing header
Authentication header (note 2)
Encapsulating Security Payload header (note 2)
Destination Options header (note 3)
Upper-Layer header
note 1: for options to be processed by the first destination that
appears in the IPv6 Destination Address field plus
subsequent destinations listed in the Routing header.
note 2: additional recommendations regarding the relative order of
the Authentication and Encapsulating Security Payload
headers are given in [RFC4303<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc4303&d=DwMFaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=Fch9FQ82sir-BoLx84hKuKwl-AWF2EfpHcAwrDThKP8&m=KxRyHMsPmNs_kvEv0yopCbQV5aZpbkzTG9H6JXg4nfk&s=oLsNVjrXXwdW5tFsZ-9Lw-5kJqhFqyzrq0m84zbN1_8&e=>].
note 3: for options other than "Truncated Packet" that are to be
processed only by the final destination of the packet.
My reasoning is that (a) we want "Truncation Eligible" to be processed by the first destination if in the IPv6 header and subsequent destinations listed in the routing header and (b) we want Truncated Packet" to be processed before the Authentication Header (if one is present) at the final destination. Note that case (b) is necessary since the truncated packet will fail the AH integrity check. If AH were processed first, the destination node would not send the desired PTB message,
Do you agree?
Mike Heard
- RE: Extension header order in draft-leddy-6man-tr… Ron Bonica
- Re: Extension header order in draft-leddy-6man-tr… C. M. Heard
- Re: Extension header order in draft-leddy-6man-tr… C. M. Heard
- RE: Extension header order in draft-leddy-6man-tr… Ron Bonica
- Extension header order in draft-leddy-6man-trunca… C. M. Heard
- RE: Extension header order in draft-leddy-6man-tr… Ron Bonica
- RE: Extension header order in draft-leddy-6man-tr… Ron Bonica