IETF Logo Mail Archive

Re: Next steps on Extension Header Insertion

"Stefano Previdi (sprevidi)" <sprevidi@cisco.com> Tue, 08 November 2016 10:09 UTC

Return-Path: <sprevidi@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 771C4129736 for <ipv6@ietfa.amsl.com>; Tue, 8 Nov 2016 02:09:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.018
X-Spam-Level:
X-Spam-Status: No, score=-16.018 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M_HnGCwyunDH for <ipv6@ietfa.amsl.com>; Tue, 8 Nov 2016 02:09:54 -0800 (PST)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2B44129625 for <ipv6@ietf.org>; Tue, 8 Nov 2016 02:09:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9102; q=dns/txt; s=iport; t=1478599793; x=1479809393; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=VTHarbnGosklFgFt01xb0mQRwPGxVGErP23Hn0Nhb+4=; b=NAIreaTrkl9ouNv55aX1y4/B3XBtXLwa2bIVFeoohXwScVj586Bqg2ru RZsM5lU6yPmeXc3kqsTPof5hSi/ApJzcOye3cntmBvuET446uoJfk4mwX 3avIXt27gRYOkgCYXa6HJpswHDJLDlHCyq0Sr0/wKeK88dBu8ix7VRu7Q A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DMAgA7oyFY/4ENJK1dGQEBAQEBAQEBAQEBBwEBAQEBgy8BAQEBAR9YL1AHjTKXAodojGuCCB4LhXsCGoF4PxQBAgEBAQEBAQFiKIRhAQEBAwEBAQEgEToLBQsCAQgYAgImAgICHwYLFRACBA4FiEIDDwgOshiCQIdXDYNkAQEBAQEBAQEBAQEBAQEBAQEBAQEBFwWBCYU1gX2CWIJHgVwkF4JtLYIvBYhPkSo1AY0MgzqQFIkLhCKEBQEeN3obhQ9yAYR9gTCBDAEBAQ
X-IronPort-AV: E=Sophos;i="5.31,609,1473120000"; d="scan'208";a="171048280"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 08 Nov 2016 10:09:52 +0000
Received: from XCH-RTP-008.cisco.com (xch-rtp-008.cisco.com [64.101.220.148]) by alln-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id uA8A9qOa004672 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 8 Nov 2016 10:09:52 GMT
Received: from xch-rtp-010.cisco.com (64.101.220.150) by XCH-RTP-008.cisco.com (64.101.220.148) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 8 Nov 2016 05:09:52 -0500
Received: from xch-rtp-010.cisco.com ([64.101.220.150]) by XCH-RTP-010.cisco.com ([64.101.220.150]) with mapi id 15.00.1210.000; Tue, 8 Nov 2016 05:09:51 -0500
From: "Stefano Previdi (sprevidi)" <sprevidi@cisco.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: Re: Next steps on Extension Header Insertion
Thread-Topic: Next steps on Extension Header Insertion
Thread-Index: AQHSOTB6lAiMBxGjIkCsW/LvP66R7g==
Date: Tue, 08 Nov 2016 10:09:51 +0000
Message-ID: <1B99C40F-DAB3-4E64-9C62-ACF3E3FD6778@cisco.com>
References: <B291E9E6-A803-423F-BFA5-87A74DCFB784@gmail.com> <dfe00826-1bcd-80ae-e6dc-7763c506cbe4@si6networks.com> <9CA73891-B4FA-47DF-82E1-A4867DBC6A3F@steffann.nl> <3C56AA77-18E4-4254-BB6A-A447CE115392@employees.org> <CAO42Z2zQ9ZVR8ih9CzY=3ytpLQJ9UCp37SM9N92cLpbfb4wyTQ@mail.gmail.com> <B5CA03B6-FB25-48F4-BF48-6F4C18A96DB4@employees.org> <63d048ed-63aa-e68a-f390-b6541d42e4ac@si6networks.com> <C63B5BB5-6F7F-405A-BC25-B1C48D58F286@cisco.com> <CAO42Z2w8oA3HXztTzBUFs7KWL4T9GPV_vWbP=m2r02JdPW_kiw@mail.gmail.com> <A8E70AF3-A132-4FAB-8F69-19D39B8E98B5@cisco.com> <12618a6b-b4a0-4254-391a-a6c3ab9367ab@gmail.com>
In-Reply-To: <12618a6b-b4a0-4254-391a-a6c3ab9367ab@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.61.192.1]
Content-Type: text/plain; charset="utf-8"
Content-ID: <469826A8AAA9D8409E89F85742F1771F@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/uRJnjCjdzc2di_gO85M2HfOJwqM>
Cc: "ipv6@ietf.org" <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Nov 2016 10:09:59 -0000

Brian, 


> On Nov 8, 2016, at 3:35 AM, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
> 
> Stefano,
> On 08/11/2016 09:05, Stefano Previdi (sprevidi) wrote:
>> 
>>> On Nov 7, 2016, at 8:52 PM, Mark Smith <markzzzsmith@gmail.com> wrote:
>>> 
>>> On 7 Nov. 2016 19:37, "Stefano Previdi (sprevidi)" <sprevidi@cisco.com> wrote:
>>>> 
>>>> 
>>>>> On Nov 7, 2016, at 2:04 AM, Fernando Gont <fgont@si6networks.com> wrote:
>>>>> 
>>>>> On 11/02/2016 05:33 PM, otroan@employees.org wrote:
>>>>>> Mark,
>>>>>> 
>>>>>>>> I'm just trying to point out that we shouldn't blow this issue out of proportion. Whatever we end up doing here, it is hard to see it being particularly important, nor have any big consequences.
>>>>>>> 
>>>>>>> I see it having big consequences and being hard to troubleshoot.
>>>>>>> 
>>>>>>> Currently, the source IP address in a packet identifies the host that
>>>>>>> is entirely responsible for the construction of the packet. The set of
>>>>>>> values in the IP packet that can be changed in the network is limited
>>>>>>> and well known (HC, TC), and the consequences of those changes failing
>>>>>>> is also limited (packet getting higher forwarding preference, being
>>>>>>> dropped or being forwarded more or less hops than it should).
>>>>>>> 
>>>>>>> Allowing EH insertion means the source IP address value isn't true
>>>>>>> anymore - its semantics have changed. It is now only the first
>>>>>>> constructor of the packet, rather than the only one, and any other
>>>>>>> constructors (the EH inserters) are not identified. It's now a
>>>>>>> "multi-source" packet where only the first source is identified.
>>>>>> 
>>>>>> Any text describing of EH insertion could possibly work or "allowing EH insertion" is far out of scope for 2460.
>>>>> 
>>>>> Any text that talks about header insertion introduces a change in
>>>>> RFC2460, because RFC2460 does not allow for header insertion.
>>>> 
>>>> 
>>>> can you point me to the section/paragraph making that statement ?
>>>> 
>>> 
>>> First sentence, second paragraph of "4. IPv6 Extension Headers".
>>> 
>>> "With one exception, extension headers are not examined or processed by any node along a packet's delivery path, until the packet reaches the node (or each of the set of nodes, in the case of multicast) identified in the Destination Address field of the IPv6 header."
>>> 
>>> The one exception is the HBH EH, which appears directly after the IPv6 header if the packet origin host puts it there.
>>> 
>>>> Also, if you think rfc2460 denies header insertion, why would you need new text ?
>>>> 
>>> 
>>> It shouldn't. It does because some people are saying the above is ambiguous.
>> 
>> 
>> Well, as far as I’m concerned, RFC2460 is good for me and I never asked to change anything regarding extension headers. 
> 
> Yes, Stefano, because you interpreted "not examined or processed" to allow insertion.
> Most people here,


I’m not sure if it's a “most” or a “many”.


> I think, interpreted it as forbdidding insertion (since that is
> a form of processing) and of course as forbidding modification. And that was clearly
> the intent when RFC1883 was written, according to the meeting minutes I dug out some
> months ago.


rfc1883 was a little while ago and reality of operational networks may have slightly changed since.

As suggested, we should carefully understand and valuate the experience of EHs prior to make definitive statements.


> So, the *fact* is that the current text is ambiguous, since it has been interpreted
> both ways. As standards writers, we should hate ambiguity.


if there aren’t issues with interoperability, ambiguity is just fine.

Thanks.
s.



> 
> Rgds
>    Brian
>> 
>> This what has been proposed during an IETF meeting (I don’t remember if it was Buenos Airs or Prague) and it is also what I reflected in my vote.
>> 
>> RFC2460 needs not to be amended.
>> 
>> 
>>>> Seriously, nothing is prohibited as long as you understand the consequences.
>>> 
>>> When it isn't allowed by the specification, claiming it is compliant with the specification is prohibited.
>> 
>> 
>> the question is not being compiant or not.
>> 
>> Over time we always see implementations that diverge from the original intend of the specification. This is obvious and natural. 
>> 
>> 
>>> Changing the specification to support a method doesn't make the problems with the method go away.
>> 
>> 
>> I agree and that’s why I do not ask to change any specification. We need more experience and more feedback on network operations. In all ways.
>> 
>> 
>>> If the problems are severe enough, and there are alterative methods that don't have those problems, the other methods should be used and possibly specified.
>> 
>> 
>> and if there are methods who violates specifications but that have the necessary safeguards, this is fine too.
>> 
>> 
>>>> 
>>> As discussed at length, the text should focus on that.
>>>> 
>>> 
>>> I don't think it makes sense to have a part of a specification prohibit something and then have other text later tacitly allow it.
>> 
>> 
>> there are examples where a specification denies something and later, under precise circumstances, another specification allows it.
>> 
>> This is part of operational experience.
>> 
>> s.
>> 
>> 
>> 
>>> 
>>> Regards,
>>> Mark.
>>> 
>>>> s.
>>>> 
>>>> 
>>>>> 
>>>>> Given the discussion, omission of the topic would be a failure on our side.
>>>>> 
>>>>> Thanks,
>>>>> --
>>>>> Fernando Gont
>>>>> SI6 Networks
>>>>> e-mail: fgont@si6networks.com
>>>>> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> --------------------------------------------------------------------
>>>>> IETF IPv6 working group mailing list
>>>>> ipv6@ietf.org
>>>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>>>> --------------------------------------------------------------------
>>>> 
>>> 
>> 
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>> 
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email