Re: [OPSEC] ECMP [Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06]
Wes Hardaker <wjhns1@hardakers.net> Tue, 11 December 2018 20:06 UTC
Return-Path: <wjhns1@hardakers.net>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB20D130F55; Tue, 11 Dec 2018 12:06:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FMfFcVrtF3wO; Tue, 11 Dec 2018 12:06:43 -0800 (PST)
Received: from mail.hardakers.net (mail.hardakers.net [168.150.192.181]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCB93130F5B; Tue, 11 Dec 2018 12:06:43 -0800 (PST)
Received: from localhost (unknown [10.0.0.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.hardakers.net (Postfix) with ESMTPSA id 0585621DCE; Tue, 11 Dec 2018 12:06:42 -0800 (PST)
From: Wes Hardaker <wjhns1@hardakers.net>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Nick Hilliard <nick@foobar.org>, tsv-art <tsv-art@ietf.org>, OPSEC <opsec@ietf.org>, IETF-Discussion Discussion <ietf@ietf.org>, draft-ietf-opsec-ipv6-eh-filtering.all@ietf.org
References: <CAL9jLaYHVdHr+rVoWeNtXTXgLxbTaX8V9gn3424tvsLW60Kvow@mail.gmail.com> <5E70C208-0B31-4333-BB8C-4D45E678E878@isc.org> <CAN-Dau0go6_Puf0A9e7KBpk0ApJBUvcxYtezxnwNc-8pKJ3PwQ@mail.gmail.com> <4D69FA8E-FB8A-4A16-9CA6-690D8AE33C9E@strayalpha.com> <20181205122142.GJ1543@Space.Net> <F17C4944-09EC-4AAC-84A0-B660E36AAE89@strayalpha.com> <20181205133821.GL1543@Space.Net> <B6280E0C-6B20-43C1-BB34-170FB06F1EF7@strayalpha.com> <20181205135723.GN1543@Space.Net> <54C715AE-8931-4FA9-AA01-2311EB0055F0@employees.org> <20181205164558.GQ1543@Space.Net> <CCFEFC5B-53AE-4079-B64A-A72A71274FAD@employees.org> <cda0e10e-a56d-4598-dcd4-eabeeac52fb0@gmail.com> <a1b478a7-4396-3d9e-0282-c8c66250526c@gmail.com> <f86a07c8-c421-56db-005c-4db3ce4f3fe0@gmail.com> <3744b28c-3a5a-1ce4-9ff7-5374804d332e@gmail.com> <35277330-4743-4690-8ae0-9a9ab7e34f05@foobar.org> <3a182a82-b933-2d9b-52a8-24805717879b@gmail.com>
Date: Tue, 11 Dec 2018 12:06:41 -0800
In-Reply-To: <3a182a82-b933-2d9b-52a8-24805717879b@gmail.com> (Brian E. Carpenter's message of "Fri, 7 Dec 2018 11:16:25 +1300")
Message-ID: <ybl4lbjsu9a.fsf@w7.hardakers.net>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/PUErqmgPrIlToCemDOgLzfl0MNk>
Subject: Re: [OPSEC] ECMP [Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06]
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Dec 2018 20:06:45 -0000
Brian E Carpenter <brian.e.carpenter@gmail.com> writes: > "By in large, this flow label changing behaviour has been traced to > IPv6 supporting CPE/firewalls, which change the flow label between the > initial syn and the ack." > > Broken middleboxes can prevent anything from working properly. With my <operator> hat on, we have indeed run into a problem where a small (~ 2%) of IPv6 TCP sessions to us were failing due to FlowLabels being used in ECMP hashing. We had to turn off the usage of FlowLabel in the hashing because of even a small real world impact to end-users. -- Wes Hardaker USC/ISI
- [OPSEC] Tsvart last call review of draft-ietf-ops… Michael Scharf
- Re: [OPSEC] Tsvart last call review of draft-ietf… Joe Touch
- Re: [OPSEC] Tsvart last call review of draft-ietf… Brian E Carpenter
- Re: [OPSEC] Tsvart last call review of draft-ietf… Joe Touch
- Re: [OPSEC] Tsvart last call review of draft-ietf… Fernando Gont
- Re: [OPSEC] Tsvart last call review of draft-ietf… Fernando Gont
- Re: [OPSEC] Tsvart last call review of draft-ietf… Joe Touch
- Re: [OPSEC] Tsvart last call review of draft-ietf… Nick Hilliard
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Brian E Carpenter
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Christian Huitema
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Nick Hilliard
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Brian E Carpenter
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Christian Huitema
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Fernando Gont
- Re: [OPSEC] Tsvart last call review of draft-ietf… Fernando Gont
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] Tsvart last call review of draft-ietf… Joe Touch
- Re: [OPSEC] Tsvart last call review of draft-ietf… Eric Rescorla
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Ole Troan
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Benjamin Kaduk
- Re: [OPSEC] Tsvart last call review of draft-ietf… Mark Andrews
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Brian E Carpenter
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Nick Hilliard
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Stewart Bryant
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Stewart Bryant
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Stewart Bryant
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Christopher Morrow
- Re: [OPSEC] Tsvart last call review of draft-ietf… C. M. Heard
- Re: [OPSEC] Tsvart last call review of draft-ietf… Christopher Morrow
- Re: [OPSEC] Tsvart last call review of draft-ietf… Brian E Carpenter
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] Tsvart last call review of draft-ietf… Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Brian E Carpenter
- Re: [OPSEC] Tsvart last call review of draft-ietf… Brian E Carpenter
- Re: [OPSEC] Tsvart last call review of draft-ietf… Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] Tsvart last call review of draft-ietf… Christopher Morrow
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Christopher Morrow
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Brian E Carpenter
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Christopher Morrow
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Mark Andrews
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … David Farmer
- Re: [OPSEC] Tsvart last call review of draft-ietf… Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Nick Hilliard
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Nick Hilliard
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Nick Hilliard
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Stewart Bryant
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Ole Troan
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Nick Hilliard
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Nick Hilliard
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Randy Bush
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Ole Troan
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Stewart Bryant
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Ole Troan
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Christian Huitema
- [OPSEC] HbH flags [Tsvart last call review of dra… Brian E Carpenter
- Re: [OPSEC] HbH flags [Tsvart last call review of… Joe Touch
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Joe Touch
- Re: [OPSEC] HbH flags [Tsvart last call review of… Brian E Carpenter
- [OPSEC] game over, EH [Tsvart last call review of… Brian E Carpenter
- Re: [OPSEC] HbH flags [Tsvart last call review of… Joe Touch
- [OPSEC] ECMP [Tsvart last call review of draft-ie… Brian E Carpenter
- Re: [OPSEC] HbH flags [Tsvart last call review of… Brian E Carpenter
- Re: [OPSEC] game over, EH [Tsvart last call revie… Stephen Farrell
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Brian E Carpenter
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Fernando Gont
- Re: [OPSEC] game over, EH [Tsvart last call revie… Fernando Gont
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Fernando Gont
- Re: [OPSEC] HbH flags [Tsvart last call review of… Joe Touch
- Re: [OPSEC] HbH flags [Tsvart last call review of… Christopher Morrow
- Re: [OPSEC] HbH flags [Tsvart last call review of… Joe Touch
- Re: [OPSEC] HbH flags [Tsvart last call review of… Joe Touch
- Re: [OPSEC] HbH flags [Tsvart last call review of… Christopher Morrow
- Re: [OPSEC] HbH flags [Tsvart last call review of… Christopher Morrow
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] HbH flags [Tsvart last call review of… Gert Doering
- Re: [OPSEC] game over, EH [Tsvart last call revie… Gert Doering
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Brian Trammell (IETF)
- Re: [OPSEC] game over, EH [Tsvart last call revie… Stewart Bryant
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Stewart Bryant
- Re: [OPSEC] HbH flags [Tsvart last call review of… Ole Troan
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Stewart Bryant
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Ole Troan
- Re: [OPSEC] game over, EH [Tsvart last call revie… Stewart Bryant
- Re: [OPSEC] game over, EH [Tsvart last call revie… Gert Doering
- Re: [OPSEC] HbH flags [Tsvart last call review of… Stewart Bryant
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Stewart Bryant
- Re: [OPSEC] game over, EH [Tsvart last call revie… Stewart Bryant
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Gert Doering
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Ole Troan
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Spencer Dawkins at IETF
- Re: [OPSEC] HbH flags [Tsvart last call review of… Joe Touch
- Re: [OPSEC] HbH flags [Tsvart last call review of… Joe Touch
- Re: [OPSEC] HbH flags [Tsvart last call review of… Joe Touch
- Re: [OPSEC] HbH flags [Tsvart last call review of… Joe Touch
- Re: [OPSEC] HbH flags [Tsvart last call review of… Ole Troan
- Re: [OPSEC] HbH flags [Tsvart last call review of… Stewart Bryant
- Re: [OPSEC] HbH flags [Tsvart last call review of… Joe Touch
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Fernando Gont
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Smith, Donald
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Nick Hilliard
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Ole Troan
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Fernando Gont
- Re: [OPSEC] game over, EH [Tsvart last call revie… C. M. Heard
- Re: [OPSEC] game over, EH [Tsvart last call revie… Jared Mauch
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Jared Mauch
- Re: [OPSEC] game over, EH [Tsvart last call revie… C. M. Heard
- Re: [OPSEC] game over, EH [Tsvart last call revie… Smith, Donald
- Re: [OPSEC] game over, EH [Tsvart last call revie… Gert Doering
- Re: [OPSEC] game over, EH [Tsvart last call revie… Nico Williams
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Brian E Carpenter
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Nick Hilliard
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Brian E Carpenter
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Nick Hilliard
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Brian E Carpenter
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Eric Rescorla
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Jared Mauch
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Fernando Gont
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Christopher Morrow
- Re: [OPSEC] HbH flags [Tsvart last call review of… Christopher Morrow
- Re: [OPSEC] [Tsv-art] Tsvart last call review of … Gert Doering
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Eric Rescorla
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Jared Mauch
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Eric Rescorla
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Joe Touch
- Re: [OPSEC] HbH flags [Tsvart last call review of… Pete Resnick
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Jared Mauch
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Jared Mauch
- Re: [OPSEC] HbH flags [Tsvart last call review of… Jared Mauch
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Joe Touch
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Nico Williams
- [OPSEC] OT: TCP session lifetime - Re: [Tsv-art] … Jared Mauch
- Re: [OPSEC] OT: TCP session lifetime - Re: [Tsv-a… Nico Williams
- Re: [OPSEC] [Tsv-art] game over, EH [Tsvart last … Eric Rescorla
- Re: [OPSEC] OT: TCP session lifetime - Re: [Tsv-a… Gert Doering
- [OPSEC] Engaging constructively [HbH flags [Tsvar… Alissa Cooper
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Wes Hardaker
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Brian E Carpenter
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Wes Hardaker
- Re: [OPSEC] ECMP [Tsvart last call review of draf… Fernando Gont