IETF Logo Mail Archive

Re: [spring] All IPv6 fields are now mutable (Re: Typo correction Re: Question from SPRING regarding draft-filsfilscheng-spring-srv6-srh-compression)

Tom Herbert <tom@herbertland.com> Mon, 18 October 2021 00:35 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D6393A168B for <spring@ietfa.amsl.com>; Sun, 17 Oct 2021 17:35:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ekia8nMz6t69 for <spring@ietfa.amsl.com>; Sun, 17 Oct 2021 17:35:29 -0700 (PDT)
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B6103A168F for <spring@ietf.org>; Sun, 17 Oct 2021 17:35:29 -0700 (PDT)
Received: by mail-ed1-x533.google.com with SMTP id d9so63683663edh.5 for <spring@ietf.org>; Sun, 17 Oct 2021 17:35:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=x6msWSqEHZm1iXVIvu7i2VNufCSwTKUdFAJRVPoqE2U=; b=AKoXrmINUFW68wAD/2+5WMgryXu5MNZbxJJ9S2vPpEYsd0HPmqdDIIn/ZKDV3hLayx EadZO60q2LMj2bY2kTPkx9xL/h81dQSNjDCJw+wbHEkep7oN2z1SGxeEoGDDntOnFGQL qN07D2v50kIGm4FC61uNOI23fwp1XzSS7OlaVArigCXiJbJtCsGyDyw+kaBTHIcp/n0Z Fh8Z6rXWhfRlHOBNZ0zrzPFgyQsaL0z0LXg7CB9FWJ0+/uWWpM+9lGK0NkbopZiEl+lB RYV3QwNkhCA+wQ13u8V9fWEvwsjqNsfAEOO/2meKN5Lj4QuxYjCnZ+HwJ6r1t6m/TnyL lxRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=x6msWSqEHZm1iXVIvu7i2VNufCSwTKUdFAJRVPoqE2U=; b=YA2vuCqhFdV6XXmaD83m/1ngOFVKqaTLVSuz9BatVvoAflSyMx/UUxoSreYW/X6qfi QDR48Ty1Q7OzJyMtu4cKO4DHu08vlm2mAFJNNyltHLfLOzJ6QdXmNDlIjoaYTgUWHsBX b1htA8NJgP6qONbIBaqUtEHpmyITqkyb25KihHUwNyXQMKDNIwubEnIfL/vsFVxsu2kC k3w3mFuu5gEk0OVBkPrZ6g7j3AOZ/jXE/rhAvg+91A94RSHIN1BfC8H0dBcSMASlw8Iz 4pRwLGFfWnK18Pwi3/kPgk2+IUxgwStBBXCgH+0wurIQpdoWGJf3FN6OkiPugRVvngDp UEKA==
X-Gm-Message-State: AOAM5323kRfE28CDkrs+TDaE2th9CzYP3nnC+lgydrV8VfOE2bvGH0JU cLeHJ03Jht9mx05XeCMAzy38kWRRWynsq3lIiqWN8Q==
X-Google-Smtp-Source: ABdhPJxlihKOD1m7YKFIs+gxGgEp5Rdo2O7T7zy2z6SfdIfM4HXhrL7VLo5HvPPweHXJ7yfPg3nHyzjLmHXe90ROI40=
X-Received: by 2002:a17:907:3312:: with SMTP id ym18mr25076200ejb.370.1634517327163; Sun, 17 Oct 2021 17:35:27 -0700 (PDT)
MIME-Version: 1.0
References: <85fddbe9-4eb8-7d90-d246-a888fe8bdcd3@joelhalpern.com> <139d72fd-98de-f46a-767f-6a493c4facc9@joelhalpern.com> <1396_1634278622_61691CDE_1396_28_5_787AE7BB302AE849A7480A190F8B93303542C654@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CAO42Z2wvKNyYeKAZdVOh2c8G95JZuhgxumNixMWWsK9u_QDRTQ@mail.gmail.com> <1101.1634412958@localhost> <CAO42Z2yFMjPhQFrJH2eJWpYZpiM4gDS_hAEDUVj4aJO-UyTxSg@mail.gmail.com> <CALx6S34G6a1DOWNfZxZ=XjYjFxR-kOPMMMLeQ18woUhrqwLUWQ@mail.gmail.com> <5bbcf175-10a7-4839-b968-eea0a0ad8a1b@gmail.com>
In-Reply-To: <5bbcf175-10a7-4839-b968-eea0a0ad8a1b@gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Sun, 17 Oct 2021 17:35:15 -0700
Message-ID: <CALx6S35RPdDj7g+X376yHH541d1GODK4tnn9gv-ty_wsx841FA@mail.gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Mark Smith <markzzzsmith@gmail.com>, SPRING WG <spring@ietf.org>, 6man WG <ipv6@ietf.org>, Michael Richardson <mcr@sandelman.ca>
Content-Type: multipart/alternative; boundary="000000000000aa455505ce95b8d0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/YiAaPWttJPd4-ZJNknjlmo0-_SE>
Subject: Re: [spring] All IPv6 fields are now mutable (Re: Typo correction Re: Question from SPRING regarding draft-filsfilscheng-spring-srv6-srh-compression)
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Oct 2021 00:35:36 -0000

On Sun, Oct 17, 2021, 3:22 PM Brian E Carpenter <brian.e.carpenter@gmail.com>
wrote:

> On 18-Oct-21 09:39, Tom Herbert wrote:
> > On Sat, Oct 16, 2021 at 4:59 PM Mark Smith <markzzzsmith@gmail.com>
> wrote:
> >>
> >> On Sun, 17 Oct 2021, 06:36 Michael Richardson, <mcr@sandelman.ca>
> wrote:
> >>>
> >>> Mark Smith <markzzzsmith@gmail.com> wrote:
> >>>     > In fight changing DAs also will break AH protection of the IPv6
> header.
> >>>
> >>> AH is dead. It's been dead for decades.
> >>> I say this as an IPsec enthusiast who wishes this wasn't true.
> >>> But it is.
> >>
> >>
> >> Then all IPv6 field immutability while the packet is in flight is also
> dead.
> >>
> >> "Controlled domain" == redefine any field, field semantics, and field
> >> processing we like in an existing protocol, yet claim we're still
> >> using the original protocol.
> >>
> >> That has been tacitly endorsed via standards track RFC8986. The Next
> >> Header field is not supposed to be modified in flight per internet
> >> standard RFC8200, yet standards track RFC8986 specifies the behaviour
> >> via PSP.
> >>
> >> This SRH compression ID is redefining the IPv6 DA field semantics. It
> >> encodes multiple network hop destinations in the single IPv6
> >> destination address field.
> >>
> >> Structured Flow Label -
> >>
> https://datatracker.ietf.org/doc/draft-filsfils-6man-structured-flow-label/
> >> is redefining the IPv6 flow label field.
> >>
> >> This will be an operational nightmare in the future, when there are
> >> multiple applicable RFCs that conflict with each other. I don't want
> >> to have to spend time getting into arguments with vendors about which
> >> protocol variant RFC their implementation should or shouldn't have to
> >> comply with while I have 1000s, 10s or 100s of 1000s of customers
> >> off-line.
> >
> > Mark,
> >
> > I think you might be lumping together several disparate proposals in
> > your general claim that "IPv6 field immutability while the packet is
> > in flight is also dead".
> >
> > When SRH was under discussion in 6man there was a lot of work to
> > define which fields were immutable and that is described in RFC8754.
> > Those definitions are sufficient to specify proper interaction between
> > SRH and AH, however RFC8754 knowingly breaks AH as that handling was
> > not specified. Some of us did object to that, but I suppose expediency
> > to publish the protocol won out. Nevertheless, there is nothing that
> > prevents someone from properly defining AH usage with SRH.
> >
> > As for the IPv6 destination address, it was never defined to be an
> > immutable field inflight. In fact, the core operation of a routing
> > header is to overwrite the destination address at each intermediate
> > destination. NAT also changes the DA in flight, but there is a
> > significant difference between NAT and the routing header header
> > operation: when a routing header is set in a packet the sender knows
> > and indicates the destination address. For the purposes of AH or
> > transport checksum, both the sender and final receiver use this
> > address-- there is no ambiguity and the fact that the destination
> > address is mutable in flight doesn't adversely impact end to end
> > protocol operations that operate on the addresses.
> >
> > We have seen various proposals to steal bits or redefine flow label
> > fields, but IMO it's unlikely any of those will ever get consensus.
> > Hosts routinely set the flow label as an unstructured value, and
> > redefining flow label semantics would be a massive retroactive change
> > in deployment. I would point out though, that the flow label is
> > technically not immutable in flight, RFC6437 allows it to be modified
> > by intermediate nodes for "only for compelling operational security
> > reasons".
>
> Correct, because it was very clear that some firewalls were going to
> clobber it whatever we wrote. So we tried to describe behaviour
> that would not nullify the usefulness of the field for stateless
> load balancing.
>

Brian,

Thanks for the explanation concerning why the exception was created. For
the concern that the flow label could be used a a covert channel, was this
a hypothetical possibility or in response to some real events (sending
twenty bits at a time doesn't seem like a very effective covert channel
compared to other methods :-) )

Tom


> As for draft-filsfils-6man-structured-flow-label, the problems in
> https://mailarchive.ietf.org/arch/browse/ipv6/?gbt=1&index=qrTou1rjtNDDchE5yFfSN31pkMc
> remain unsolved.
>
>    Brian
>

v2.23.0 | Report a Bug | By Email