IETF Logo Mail Archive

Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06

Stewart Bryant <stewart.bryant@gmail.com> Tue, 27 November 2018 10:10 UTC

Return-Path: <stewart.bryant@gmail.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3A0D130E14; Tue, 27 Nov 2018 02:10:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2FWz1nkthtKv; Tue, 27 Nov 2018 02:10:18 -0800 (PST)
Received: from mail-wm1-x32c.google.com (mail-wm1-x32c.google.com [IPv6:2a00:1450:4864:20::32c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46409130DF9; Tue, 27 Nov 2018 02:10:18 -0800 (PST)
Received: by mail-wm1-x32c.google.com with SMTP id k198so21602976wmd.3; Tue, 27 Nov 2018 02:10:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=0wUuE/ImMUYx4d3jyw0ITs5YFdSgdv2zo3JJDOwA9Ok=; b=nhLzcpOskmWUOLh3Ybcmq1+VVP9UxvUAzbV8Ma1mnE3PZgAcQHMhEoRZ2lIU1cupDs xb7NFFdQ5x5N3+1/7SEm/dZ0M30SBesxnY1T0C2KKeuoS/B0mFxDqJ8EqEHa6tsjSfLP ZCOnvWUhippNLo2CU6GDIemha05BOc7Q+pH64iRCQ2uw6FYUQwKVaFYrkQmyimKpqDef l5zcpmmL9yLFtTzgE0fsX1haGecanO5j85Wm/3VYhar6ekezasDsP4fXKS7mE7eSDRR7 7efrtuVodkBUyX+fM8+nvGWw52ZjBIqKI114m3zw73miQA2uBjucuVeKvH7S2i/QfM3V 2yNA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=0wUuE/ImMUYx4d3jyw0ITs5YFdSgdv2zo3JJDOwA9Ok=; b=OJZtNsOiHLuLZHVqN06KUa3jDXRkvTIVJKLk1bAc0m+zvMx1vH6B571k8thdAbWsoq WxbnjUd2jEAyHV/6wkiY5xoHT/OICdcX+OfYn5EEbgwI5oHMG7ESRkIMh/56eAxP2zIn Jr9DqEF7R/kvysZtIxb95qmhEA7LX1+AKaYhntRBrqEa5eotFP7KR05Oa+fGE0qdKNRx Fvfu+5wZq5gNyBK52uV6hFkPE0o5ExlDYnICFL07O4iGaGp28WCI4olW0BvL249QeWOW n7evR4sPn09Dp8xiy39YOtH2meQR25WbqB2heYfAEielL/Fi1dnxUb9URUIx4AY8bzwY THIQ==
X-Gm-Message-State: AA+aEWb8PUV+SQcwX9rtYhXgdsGyNXVK0Y4Ah9rLY3sVI3sMbNk/B7h/ n1YQRBCKvISB4HNK2iiKzEb/FfYY
X-Google-Smtp-Source: AFSGD/Vk6BPK1Ww/3iznZQyptv7xLYWxS7L6e96NndMQRM9uUp9nqkdr4EmOcRrdfOnbDa8e831ckQ==
X-Received: by 2002:a1c:7209:: with SMTP id n9mr26078933wmc.5.1543313416375; Tue, 27 Nov 2018 02:10:16 -0800 (PST)
Received: from [192.168.2.198] (host213-123-124-182.in-addr.btopenworld.com. [213.123.124.182]) by smtp.gmail.com with ESMTPSA id e16sm3289717wrn.72.2018.11.27.02.10.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Nov 2018 02:10:15 -0800 (PST)
To: Joe Touch <touch@strayalpha.com>, Gert Doering <gert@space.net>
Cc: ietf <ietf@ietf.org>, draft-ietf-opsec-ipv6-eh-filtering.all@ietf.org, OPSEC <opsec@ietf.org>, Christian Huitema <huitema@huitema.net>, tsv-art <tsv-art@ietf.org>
References: <977CA53D-7F72-4443-9DE2-F75F7A7C1569@strayalpha.com> <d6deb7af-99dd-9013-2722-8ebbe00c0b37@si6networks.com> <1CB13135-D87A-4100-8668-D761058E1388@strayalpha.com> <0f56c25d-7ac7-e534-4e2c-cc09f5154e77@foobar.org> <28EDE667-457E-4AED-8480-F27ECAA8E985@strayalpha.com> <6bd1ec94-f420-1f4c-9254-941814704dbb@gmail.com> <6be84ccf-9a72-2694-e19d-fa19043a0cb1@huitema.net> <4C249487-BD58-41BB-B8B6-081323E29F6C@strayalpha.com> <20181126075746.GO72840@Space.Net> <6C50775C-EB67-4236-93B8-DF0259E04167@strayalpha.com> <20181126175336.GW72840@Space.Net> <c959d8cb6f6a04a8da8318cfa89da341@strayalpha.com>
From: Stewart Bryant <stewart.bryant@gmail.com>
Message-ID: <30b55539-3765-3f60-057c-728e2f3e6751@gmail.com>
Date: Tue, 27 Nov 2018 10:10:15 +0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <c959d8cb6f6a04a8da8318cfa89da341@strayalpha.com>
Content-Type: multipart/alternative; boundary="------------88C0DBCC63058A5436FD4E8B"
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/oPU9RYUPkFmXdH1dGo-pyrgrP_g>
Subject: Re: [Tsv-art] [OPSEC] Tsvart last call review of draft-ietf-opsec-ipv6-eh-filtering-06
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Nov 2018 10:10:20 -0000


On 26/11/2018 21:59, Joe Touch wrote:
>
>
>
> On 2018-11-26 09:53, Gert Doering wrote:
>
>> Hi,
>>
>> ...
>> As people have explained in great detail, there's work that the routers
>> are built to do, where the number of packets they can handle is nearly
>> arbitrarily high.
>>
>> Then there's packets that are seen as an exception, and handled in a
>> not-as-powerful path.  Back then, when the Internet was new, these
>> exceptional packets were considered "something we'll handle when the
>> need arises", and it mostly worked.
> Translation - "we cheated", and that's not working anymore. Agreed.

Fundamentally it is about economics.

Doing complex processing in the fast path is expensive. It is expensive 
to have the cycles
available. In designs that use fixed logic assistance it is pretty much 
infeasible to cope with
multiple options as the combinatorial complexity explodes on you.

As the packet size increases this is also expensive in terms of the fast 
packet caching memory
needed.

In the days when the fast path/slow path decision was first taken, there 
were also fundamental
limits on what could be implemented at any price thus pushing the cost 
from equipment
to physical infrastructure. There are some use cases that say that we 
need to get 1Tb/s
to the host for some applications, so we cannot be sure that the 
fundamental parsing limit
problem will not re-occur.

In any case, fast feature = silicon = cost and whilst you can or at 
least could ride More's law,
at the end of the day you have to trade features against port density 
against power against
capex against opex. ... and all this is without the issue of the 
internet carbon footprint
coming under scrutiny.

So what this came down to at the time the feature split was taken was a 
decision on economics,
i.e. is the cost of the additional feature worth the price paid? That is 
still true and  I think that
we need to remember that as we add non-optional features into the fast 
path.

- Stewart

v2.23.0 | Report a Bug | By Email