IETF Logo Mail Archive

Re: HBH Obsolete? (was Review of draft-ietf-6man-hbh-header-handling-01)

Ronald Bonica <rbonica@juniper.net> Sun, 03 April 2016 15:04 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 813D312D564 for <ipv6@ietfa.amsl.com>; Sun, 3 Apr 2016 08:04:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.903
X-Spam-Level:
X-Spam-Status: No, score=-101.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RD200cwB1066 for <ipv6@ietfa.amsl.com>; Sun, 3 Apr 2016 08:04:32 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0131.outbound.protection.outlook.com [207.46.100.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F69512D530 for <ipv6@ietf.org>; Sun, 3 Apr 2016 08:04:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=XESJDo0oN4+KjKsh6WpuRcsvfPO9Jz1Wf2WADo21e/s=; b=k2qX82eJ+y7Gu2S1y9fiWjL+XSHib4Gh3yRqOt37ERaOzKftIBDOiuUp2+qMy2ZHKSffvVoakGZtywkxu8xgO9LmTVg1B7otB5OY/SqL0ZtAeUTAAnKOQo++FWXNvOV1jQeUSvRXgEiGitGAZhyc/ur5809cXLbZqRMs7P77XXk=
Received: from BLUPR05MB1985.namprd05.prod.outlook.com (10.162.224.27) by BLUPR05MB1988.namprd05.prod.outlook.com (10.162.224.30) with Microsoft SMTP Server (TLS) id 15.1.447.15; Sun, 3 Apr 2016 15:04:30 +0000
Received: from BLUPR05MB1985.namprd05.prod.outlook.com ([10.162.224.27]) by BLUPR05MB1985.namprd05.prod.outlook.com ([10.162.224.27]) with mapi id 15.01.0447.027; Sun, 3 Apr 2016 15:04:30 +0000
From: Ronald Bonica <rbonica@juniper.net>
To: 6man WG <ipv6@ietf.org>, Fernando Gont <fgont@si6networks.com>
Subject: Re: HBH Obsolete? (was Review of draft-ietf-6man-hbh-header-handling-01)
Thread-Topic: Re: HBH Obsolete? (was Review of draft-ietf-6man-hbh-header-handling-01)
Thread-Index: AdGNLY1ESPfeTf4OQziq6GNEc8vUog==
Date: Sun, 03 Apr 2016 15:04:30 +0000
Message-ID: <BLUPR05MB1985F075A00A13E82D53849CAE9C0@BLUPR05MB1985.namprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [66.129.241.12]
x-ms-office365-filtering-correlation-id: 52def476-5484-44f5-0426-08d35bd141f8
x-microsoft-exchange-diagnostics: 1; BLUPR05MB1988; 5:3/8DsoRDIjSRZTx+rkYBi8PuIvzhDUwa26LuTFNirz8tjX0C+utOuXZC0rT9N+m2u5uChAcEfnyRX/MZKClqOOIc7p6DZ+D9D0Eo3I+IUTcHIcqrWpslZfzpy0gyBPxbHSTy8fE4+mNuBIB30cdEdA==; 24:ZDGDuZAHtF2Ns8RVhtLSYh+mSY+OjM++SsL4RsBNTTK201C1zuIg7XSPeFScQJDS6saTFLvqC4Kz++sWxLHOh7xqNmsul86nh81pq5e5wpI=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR05MB1988;
x-microsoft-antispam-prvs: <BLUPR05MB1988135BAB907D5FD4F5E9A5AE9C0@BLUPR05MB1988.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046); SRVR:BLUPR05MB1988; BCL:0; PCL:0; RULEID:; SRVR:BLUPR05MB1988;
x-forefront-prvs: 09011458FC
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(2906002)(3280700002)(3660700001)(11100500001)(50986999)(54356999)(74316001)(5003600100002)(33656002)(189998001)(1220700001)(81166005)(92566002)(586003)(6116002)(102836003)(3846002)(87936001)(5001770100001)(1096002)(5004730100002)(230783001)(10400500002)(76576001)(99286002)(86362001)(77096005)(122556002)(5008740100001)(2900100001)(5002640100001)(107886002); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR05MB1988; H:BLUPR05MB1985.namprd05.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2016 15:04:30.1499 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR05MB1988
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/xTRothlQO85LkVjkK6Ic1WnrmhE>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Apr 2016 15:04:33 -0000

Folks,

Having read through this email thread, the following are a few observations. Again, we have three options:

1) Tighten up HBH handling (as currently proposed in draft-ietf-6man-hbh-header-handling)
2) Follow the path of RFC 7045. Repurpose draft-ietf-6man-hbh-header-handling to document the implications of that decision
3) Deprecate the HBH Options Extension Header

Nobody (including me) is crazy about Option 1. We have heard support for Options 2 and 3. So, let's consider those.

When the HBH Options Extension Header was conceived, the founding fathers couldn't foresee what kind of options would be defined in the future. Given twenty years of hindsight, we now can categorize HBH Option into the following categories:

- Forwarding plane options
- Control plane options

A forwarding plane option contains information required to forward the packet. That information can be discarded as soon as the packet has been forwarded. The Jumbogram HBH Option is an example of a forwarding plane option. 

A control plane option contains information that is used to create or destroy more persistent state on an intermediate node. The router alert option is an example of a forwarding plane option.

If we pursue Option 2, forwarding plane options will work, but applicability will be limited to the following scenarios:

- the information carried by the forwarding option is not critical. The packet can be forwarded even if the intermediate node ignores the option
- the information carried by the forwarding plane is critical. The packet cannot be forwarded if the intermediate node ignores the option. However, the sender is certain that every intermediate node that the packet traverses will process the option.

Control plane options may not have been a very good idea in the first place. As Fernando is fond of pointing out, they expose the control plane to untrusted parties, increasing the attack surface of the intermediate node. There are better ways to establish state in intermediate nodes

If we were to adopt Option 2, control plane options would work, but would be limited to the following scenarios:

- A protocol uses HBH to establish state on intermediate nodes, but that state isn't so critical that the protocol will not work unless that state is not established
- A protocol uses HBH to establish state on intermediate nodes. That state is critical and the protocol will not work unless that state is not established. However, the sending station is certain that every node along the path will process the option

The following is my personal opinion and possibly the end of rational discourse:

We should follow both options 2 and 3. For the time being, we should follow the path of RFC 7045 and repurpose draft-ietf-6man-hbh-header-handling to document the implications of that decision. We should also revisit protocols that rely on HBH, determining whether 7045 breaks any of them.

Regarding Option 3 draft-ietf-6man-hbh-header-handling should also say:

- that the IETF will never standardize another HBH Option
- that the IETF will never standardize another protocol that relies on HBH

In my mind, this is what it means to deprecate HBH.

Comments?

                            Ron Bonica

v2.23.0 | Report a Bug | By Email