IETF Logo Mail Archive

Re: [Spud] endpoint control

"Smith, Kevin, (R&D) Vodafone Group" <Kevin.Smith@vodafone.com> Thu, 30 June 2016 09:33 UTC

Return-Path: <Kevin.Smith@vodafone.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F307512D1B3 for <spud@ietfa.amsl.com>; Thu, 30 Jun 2016 02:33:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XGeKtOIfp-mq for <spud@ietfa.amsl.com>; Thu, 30 Jun 2016 02:33:38 -0700 (PDT)
Received: from mail1.bemta5.messagelabs.com (mail1.bemta5.messagelabs.com [195.245.231.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 529E612D178 for <spud@ietf.org>; Thu, 30 Jun 2016 02:33:37 -0700 (PDT)
Received: from [85.158.136.83] by server-3.bemta-5.messagelabs.com id E8/4D-01915-077E4775; Thu, 30 Jun 2016 09:33:36 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprLKsWRWlGSWpSXmKPExsVy+MWXdt385yX hBut2WVhsbHnHZrHowlNGi8uXHjFbrPszl8WBxaN37jRWjyVLfjJ57H6/lcXjyf6ZLAEsUayZ eUn5FQmsGZcWbWMrWCNa0ddr2sDYIdrFyMUhJLCXUeJ//xVGCGclo8TRz5PZIJzlTBKdtx9BZ TYxSlx+38XSxcjJwSbgKnF01x12EFtEwEHi3d6JYHFmgRiJGXMPMoHYwgIqEjMvL2OFqFGV6O +dAFUfJrHy3wpGEJsFKD5lxSqwel6BUInDu1dAbe5jlujetgisiFMgUOLo1pdgCxgFZCW+NK5 mhlgmLnHryXywZgkBAYkle84zQ9iiEi8f/wNazAFUoymxfpc+RLmixJTuh+wQuwQlTs58wjKB UXQWkkmzEDpmIemYhaRjASPLKkaN4tSistQiXUNDvaSizPSMktzEzBxdQwNTvdzU4uLE9NScx KRiveT83E2MwGhjAIIdjCvbnQ8xSnIwKYnyLnxcEi7El5SfUpmRWJwRX1Sak1p8iFGGg0NJgv fGU6CcYFFqempFWmYOMO5h0hIcPEoivL9A0rzFBYm5xZnpEKlTjIpS4rwPQBICIImM0jy4Nli qucQoKyXMywh0iBBPQWpRbmYJqvwrRnEORiVhXtFnQFN4MvNK4Ka/AlrMBLSYubQYZHFJIkJK qoGx/0lQrmK3059XotwX5E/3eutHtjU/S56sFLHbxTjpnYsmi9GujSX7DW/lh/x5UMJvPfH67 p8sohYWrxrF7H7HMfQVLz4Tz/FkxqcDsyNfyzSmRR+XXhF/7n6hTlfbzAllNSUZj/lNpgYyy4 W8WPioqagyWGHmISuTroK5wQJuX/NyXFjNLJRYijMSDbWYi4oTAZfflR8wAwAA
X-Env-Sender: Kevin.Smith@vodafone.com
X-Msg-Ref: server-4.tower-36.messagelabs.com!1467279215!42682975!1
X-Originating-IP: [195.232.244.135]
X-StarScan-Received:
X-StarScan-Version: 8.46; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 22604 invoked from network); 30 Jun 2016 09:33:35 -0000
Received: from mailout03.vodafone.com (HELO mailout03.vodafone.com) (195.232.244.135) by server-4.tower-36.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 30 Jun 2016 09:33:35 -0000
Received: from mailint02.vodafone.com (mailint02.vodafone.com [195.232.244.199]) by mailout03.vodafone.com (Postfix) with ESMTP id 3rgDqz2VHwz17HLt; Thu, 30 Jun 2016 11:33:35 +0200 (CEST)
Received: from mailint02.vodafone.com (localhost [127.0.0.1]) by mailint02.vodafone.com (Postfix) with ESMTP id 3rgDqz1Kk9zQwPd; Thu, 30 Jun 2016 11:33:35 +0200 (CEST)
Received: from VOEXC05W.internal.vodafone.com (voexc05w.dc-ratingen.de [145.230.101.25]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailint02.vodafone.com (Postfix) with ESMTPS id 3rgDqz1CVTzQr6y; Thu, 30 Jun 2016 11:33:35 +0200 (CEST)
Received: from VOEXM17W.internal.vodafone.com ([169.254.1.75]) by VOEXC05W.internal.vodafone.com ([145.230.101.25]) with mapi id 14.03.0224.002; Thu, 30 Jun 2016 11:33:34 +0200
From: "Smith, Kevin, (R&D) Vodafone Group" <Kevin.Smith@vodafone.com>
To: Tom Herbert <tom@herbertland.com>, Joe Touch <touch@isi.edu>
Thread-Topic: [Spud] endpoint control
Thread-Index: AdHRKB6Rk1yBi0AtT2GnUMPMbLGi+gAKs4sAACVbQKAAGSXEgAABTfAAAAEFXgAAFtMyoA==
Date: Thu, 30 Jun 2016 09:33:33 +0000
Message-ID: <A4BAAB326B17CE40B45830B745F70F10EE37C371@VOEXM17W.internal.vodafone.com>
References: <A4BAAB326B17CE40B45830B745F70F10EE37ACAE@VOEXM17W.internal.vodafone.com> <CALx6S35DbFk5ZXUf0ob+hziPb1d5xjZvGADP_g-rw=EYKbPOvw@mail.gmail.com> <A4BAAB326B17CE40B45830B745F70F10EE37B7F0@VOEXM17W.internal.vodafone.com> <CALx6S37xeV2Wp=Ms1bF52YPMdYytqCJ_2DMOn9JriykHegBQmw@mail.gmail.com> <577461F8.4000003@isi.edu> <CALx6S37imvOy0Ht9W0xFj1v9HkfRon0RgTH+fBNJxu-H7vmC1w@mail.gmail.com>
In-Reply-To: <CALx6S37imvOy0Ht9W0xFj1v9HkfRon0RgTH+fBNJxu-H7vmC1w@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/spud/Cg0MrgeCdOyYJwMYO6mlYWdd_4E>
Cc: "Brian Trammell (ietf@trammell.ch)" <ietf@trammell.ch>, "spud@ietf.org" <spud@ietf.org>
Subject: Re: [Spud] endpoint control
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>, <mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>, <mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jun 2016 09:33:41 -0000

Thanks for the pointers Tom and Joe - good to see more direction on HBH. I hold to my initial point for practical reasons: PLUS is a worthy research option until HBH options are respected properly, and (more importantly) operators can support HBH via IPv6 adoption.

All best,
Kevin

PS Tom's HBH thread for reference: https://www.ietf.org/mail-archive/web/ipv6/current/msg24729.html 


-----Original Message-----
From: Tom Herbert [mailto:tom@herbertland.com] 
Sent: 30 June 2016 01:33
To: Joe Touch
Cc: Smith, Kevin, (R&D) Vodafone Group; Brian Trammell (ietf@trammell.ch); spud@ietf.org
Subject: Re: [Spud] endpoint control

On Wed, Jun 29, 2016 at 5:04 PM, Joe Touch <touch@isi.edu> wrote:
>
>
> On 6/29/2016 4:26 PM, Tom Herbert wrote:
>> ...
>> Probably down to forwarding performance too, as Hop-by-Hop must be processed by all network devices. And deployability as you say; because IPv6 is unfortunately not prevalent yet in mobile core networks...
>>
>> The first problem is being relaxed in 2460bis draft. It allows HBH to 
>> be ignored by network devices, which should cover the case where 
>> there are "too many options to parse" in a DOS attack.
>
> That doc recognizes that many devices do this, not that this is OK.
>
Here is the wording that I believed was agreed on in 6man for next version of the 2460bis draft:

"NOTE: While RFC2460 required that all nodes must process the Hop-by-Hop Options header, it is now expected that nodes only process the Hop-by-Hop Options header if explicitly configured to do so. Nodes that do not process or examine the Hop-by-Hop Options header must ignore it, and it must be passed on unchanged if forwarded."

As I understand it, the use of "expected" here instead of "SHOULD" or "MAY" is necessary since 2460 is being proposed to become a full standard and the protocol behavior can't change in that process. But for all practical purposes this allows nodes to ignore HBH. Without this allowance HBH would never be deployable.

Tom

v2.23.0 | Report a Bug | By Email