IETF Logo Mail Archive

Re: Non-Last Small IPv6 Fragments

Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 16 January 2019 01:02 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49057130F8B for <ipv6@ietfa.amsl.com>; Tue, 15 Jan 2019 17:02:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kYoJOwnUwUOz for <ipv6@ietfa.amsl.com>; Tue, 15 Jan 2019 17:02:14 -0800 (PST)
Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CFC7130F9D for <ipv6@ietf.org>; Tue, 15 Jan 2019 17:02:11 -0800 (PST)
Received: by mail-pl1-x634.google.com with SMTP id e5so2124563plb.5 for <ipv6@ietf.org>; Tue, 15 Jan 2019 17:02:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=Lzs7Q70qTnOBaIg9lvwugl8vFtUb2jq3Tc52PUTkA7Q=; b=NUd0E+wHcU+h0PXuxlubIwv0AgenG/KqWNXb+/fROu4Xtgh4bNX+F5VsXjyOAjKrgt RmWB9vsA+VGKrAjLV1wI4M7M6+V5eVMc2a3NSEm6KpR2TOdx5uh6ipokker5k6z8atkj IF0ZIwokVhb04bBPlPdRlpOZ/ZnEvCokVCYORY4Lb9EjbyxrgNJwLl4tNrVwPn5JFiPC McAYZtxeFQZiwV1jllEEQolSqmXsZ8mh5edTkth9SgJ1GOkF26U9atPHeqMEQakptZR5 60GIayuGoTOAQIiUr1nEbVXGw1x0+r1igxsMTv7LHmWYWh+PitWfhdZqbpYIlKO9a1QD FtiA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=Lzs7Q70qTnOBaIg9lvwugl8vFtUb2jq3Tc52PUTkA7Q=; b=aabaL+iN9QCkbIlXPBVvfeyuGbJXB+Omfy82wHQja/8RArB1ch1+UnNhxai/H6YAfq BQP+JrbFIJ1O7k7zakxgKypvr7dDLEvLnOE8Fp+G9tr0NpIuKg7JMUF2N2G1+G+b4Q06 27AqflwKFYIBssPjEME69eCzSFdwawWqP74wnVsQ+n9XWqnujMw6/pmmCdJu3IH52Odx rChq2pdx0M8dJ5Z/dGOpK6nVQkd//AWIdhEsAIoacaSPWJGTFcN8Oc+gAD7rV/c+gz5t ARzvZ7t3ofSI01Vt00jf6KsnJ/qvFLwFH+Mu+oqSldsoUXmzkVmYzLmj7WF+hlE9zzNZ qxNg==
X-Gm-Message-State: AJcUukcdJic3JSuQ/YPEftlJBEHxi1OPjy8OigBUkB90FP2mrE0ZNSJk +Ph4SVmavaiK6/QEeeVEeLYzUS8J
X-Google-Smtp-Source: ALg8bN48daErJNwNNk78voF9/bVRSVwuoFxXQliSgFZND7V4I2LpkD3PTbmHXZO3pKbb/LcghQv7Eg==
X-Received: by 2002:a17:902:4464:: with SMTP id k91mr5563034pld.13.1547600530826; Tue, 15 Jan 2019 17:02:10 -0800 (PST)
Received: from [192.168.178.30] ([118.148.76.40]) by smtp.gmail.com with ESMTPSA id f67sm6131862pfc.141.2019.01.15.17.02.07 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 15 Jan 2019 17:02:09 -0800 (PST)
Subject: Re: Non-Last Small IPv6 Fragments
To: Warren Kumari <warren@kumari.net>, Fernando Gont <fgont@si6networks.com>
Cc: Bob Hinden <bob.hinden@gmail.com>, IPv6 List <ipv6@ietf.org>, Fernando Gont <fernando@gont.com.ar>, ek@loon.co
References: <CAOSSMjV0Vazum5OKztWhAhJrjLjXc5w5YGxdzHgbzi7YVSk7rg@mail.gmail.com> <CALx6S37TJr++fC=pVoeS=mrO1fHc4gL_Wtu-XkVTswzs2XxXCA@mail.gmail.com> <CALx6S36V7vrVyoTP0G6+S5XeFNB3KWS5UaNnVi20xogRERdCfg@mail.gmail.com> <973A1649-55F6-4D97-A97F-CEF555A4D397@employees.org> <CALx6S34YbBe8xBod3VsWVO33TpZcdxh2uV1vaO8Z_NKnVXp66g@mail.gmail.com> <A3C3F9C0-0A07-41AF-9671-B9E486CB8246@employees.org> <AEA47E27-C0CB-4ABE-8ADE-51E9D599EF8F@gmail.com> <6aae7888-46a4-342d-1d76-10f8b50cebc4@gmail.com> <EC9CC5FE-5215-4105-8A34-B3F123D574B9@employees.org> <4c56f504-7cd7-6323-b14a-d34050d13f4e@foobar.org> <9E6D4A6E-8ABA-4BAB-BEC5-969078323C96@employees.org> <CAAedzxpdF+yhBXfnwUcaQb-HkgdaqXRU3L+S7v8sS1F0OkwM9A@mail.gmail.com> <78a8a0e0-8808-364c-41f7-f81f90362432@gont.com.ar> <CAAedzxpjxhP0nOZVU0CTwA1u3fsPFthrJASjDEfnLcRNvr2gBQ@mail.gmail.com> <c9be798e-5a32-7c3e-a948-9ca2fab30411@si6networks.com> <CAHw9_i+M2-420pykp99LcgMNSG=eeDqsZK8+hN20t_uUdANHfA@mail.gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <d6e52c30-bbd1-1ee7-144c-fa13a9df5f38@gmail.com>
Date: Wed, 16 Jan 2019 14:02:02 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0
MIME-Version: 1.0
In-Reply-To: <CAHw9_i+M2-420pykp99LcgMNSG=eeDqsZK8+hN20t_uUdANHfA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/wCB9noBYu5_X4kOrDYLbvoi9QEU>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Jan 2019 01:02:26 -0000

For my comment, search for "Aaargh"

On 2019-01-16 13:31, Warren Kumari wrote:
> 
> 
> On Mon, Jan 14, 2019 at 5:19 PM Fernando Gont <fgont@si6networks.com <mailto:fgont@si6networks.com>> wrote:
> 
>     On 14/1/19 17:40, Erik Kline wrote:
>     >
>     >> If you really mean that the FH contains the L4 header, then:
>     >>
>     >> * There's the issue of EHs in the fragmentable part
>     >
>     > That would be addressed in an associated L4 doc, and it would probably
>     > say to ignore non-transport headers.
> 
>     In that case, we should be removing EHs in the fragmentable part (not
>     that it would be a a big deal.. just pointing it out).
> 
> 
> 
>     >>> This increases the overhead in a given fragment, but also helps to
>     >>> ensure that (eventually) intermediate systems can examine this field and
>     >>> preemptively make a drop/no-drop decision.
> 
>     Agreed.
> 
> 
> 
>     >>
>     >> Then we're back on draft-gont-v6ops-ipv6-ehs-packet-drops
>     >
>     > Understood, but any L3 solution is going to necessitate running into
>     > this.  UDP trailers is certainly cute (and +1 from me), but every
>     > transport will have to have some similar fix (or applications will
>     > have to consider rfc8085#section-3.2 type guidelines).  If there's to
>     > be an L3 solution to this L3 problem it will face some deployment
>     > issues but if its usefulness is sufficiently attractive it could find
>     > reasonably wide-spread support in due time (in the absence of ipng-ng,
>     > IPv6 is it for the long haul).
> 
>     Certainly what you describe is better than what we have -- still, I'd
>     say not good enough for fragments to survive (e.g. cases where they need
>     to be reassembled at high speed) -- and there's still the fundamental
>     problem of processing EHs.
> 
> 
>     >
>     > [Silly Idea #1]
>     >
>     > (/me thinks back to spud bof)
>     >
>     > Here's another random suggestion that maybe belongs in panrg or (more
>     > likely) the dumpster:
>     >
>     > A new hop-by-hop header under "00 1", i.e.
>     >
>     >     00 - skip over this option and continue processing the header
>     >
>     >     1 - Option Data may change en route
>     >
>     > of the form, for example, Option Type 00 1 00001, Opt Data Len 2,
>     > Option Data == MTU.  Here, the observation is that the main thing we
>     > have experience with "working" (for the most generous definition of
>     > "works") in this problemspace in the internet today is TCP MSS
>     > Clamping.  So let's have an MTU (or MSS) HbH option that can be
>     > revised monotonically downwards but never lower than 1280.  If it
>     > helps pad to 8 byte alignment we can have a 2nd 2-byte field that is
>     > untouched representing the sender's original MTU/MSS.
>     >
>     > In this way, a sender could include an HbH with either:
>     >
>     >     [HbH | 0 | 0x0202 | 2 | (1500=0x5dc) | Pad1 | Pad1]
> 
>     You mean as a kind of PMTUD?
> 
> 
> 
>     > [Silly Idea #2]
>     > Separate, even sillier idea: everyone converges on using 16 bits of
>     > the flow ID to encode the lowest MTU encountered along the path.  Here
>     > again, TCP MSS clamping style behaviour would be applied to this
> 
> 
> https://media.giphy.com/media/3o6ZthnDqxfAOFIhdC/giphy.gif
> Because there are deployed systems already, I don't think that this can be deployed **and fully relied upon**, but Ido think that it might actually be really useful. If the first 2 bits of the flow label are '11' or '10' or something, then it could mean that the next N (13?) bits of the flow label contain the minimum MTU along the path. 

Aaargh. That's a gross violation of the standard for the flow label. Short form: you can't use the flow label for signaling. Long form: RFC6436, RFC6437, plus RFC6294 for a menagerie of other terrible ways to abuse the flow label.

> It doesn't matter that it cannot be relied upon, because it could simply be used as a hint to the path MTU discovery (I tried to figure out where in RFC8201 if could be tied).
> Basically, if the N bits are less than 1280, ignore them. If they are larger than the host MTU, ignore them. If they fall between 1280 and $host_mtu, guess that they might be valid and prime the path MTU discovery process with this hint.
> Initially devices along the path will a: not touch the flow ID or b: scribble all over it like they currently do. Over time, new devices could be updated to do this, and the signal would slowly become more useable. 
> 
> It *does* mean that we would be removing (by convention) some of the possible entropy in

s/some/most/

Which is serious, since the layer 4 info is decreasingly available as entropy fodder.

   Brian

> the flow ID which might make ECMP harder, and may also discourage some of the other "lets scribble marking X into this field" ideas, but that might be a feature, not a bug.
> 
> I cannot tell if I've just taken a sharp turn into crazy town, or if this really is a good idea (and I haven't thought about it in depth - this is all a knee jerk reaction to something sufficiently hacky that it entertains me...)
> 
>  
> 
>     I assume this is for PMTUD, too. This option would be way better than
>     the preovious one (node will just not process EHs), but...give the path
>     that we have followed for FL standrdization, it wouldn't be useful for
>     anything else other than random bits. One might hack some other fields
>     e.g... special value for Payload length, but.. that would certainly look
>     ugly.
> 
> 
> What if you view it as an (initially) noisy hint, becoming more believable over time? As far as I can tell, an on-path attacker could degrade service by artificially signalling a lower MTU than really exists, but an onpath attacker could already do this (and much worse!).
> W
> 
>  
> 
> 
>     -- 
>     Fernando Gont
>     SI6 Networks
>     e-mail: fgont@si6networks.com <mailto:fgont@si6networks.com>
>     PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
> 
> 
> 
> 
>     --------------------------------------------------------------------
>     IETF IPv6 working group mailing list
>     ipv6@ietf.org <mailto:ipv6@ietf.org>
>     Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>     --------------------------------------------------------------------
> 
> 
> 
> -- 
> I don't think the execution is relevant when it was obviously a bad idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants.
>    ---maf
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email