IETF Logo Mail Archive

Re: [v6ops] [Last-Call] Tsvart last call review of draft-ietf-v6ops-ipv6-ehs-packet-drops-05

Tom Herbert <tom@herbertland.com> Sat, 20 February 2021 19:46 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E38D3A0A22 for <v6ops@ietfa.amsl.com>; Sat, 20 Feb 2021 11:46:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5t203yZG_QwZ for <v6ops@ietfa.amsl.com>; Sat, 20 Feb 2021 11:46:26 -0800 (PST)
Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32D5A3A0A0B for <v6ops@ietf.org>; Sat, 20 Feb 2021 11:46:26 -0800 (PST)
Received: by mail-ej1-x636.google.com with SMTP id jt13so22409249ejb.0 for <v6ops@ietf.org>; Sat, 20 Feb 2021 11:46:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=orQMmssFBgeXTZKdVVe/L3nBQYOqF4fFKFghBxuxEmM=; b=dLU6ha2k7HowKpuKOBvfH8+orHys5lC+GJ53s48daQGHrZRNqVcL6fn05J5tJ6VoOA 31el9kyCkrUxt5yIX3a/NRR3h6xwNAb3Y7+NHn+JYDCHb4gIzmSsc6mhihvSj1W8M13R RJIa0A6bO7LIuu+nQR7Lro+p7csgYPSF5+PrSSAOrR7kvIfJZv1SX9pwHgJLeW5arNqs Y4D60xS5WTK/PCvT1pCyzxMnmN9ln0KUV/aYAbJ5uBo/JgZdj6ZB7nd4FkKVoCZ5yg0e Ab5riKimxDmtznpoRuUdq5Q1UiL49B/4ke00ztnBGsix5WKc5BMyT7j2vGUUIJzH/wBI eftA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=orQMmssFBgeXTZKdVVe/L3nBQYOqF4fFKFghBxuxEmM=; b=mqs84t1Nv3zGFAAul8hIILSg1zwLOuwekAA1PoI05fpvwMt8ZSxaJfe+qp+m3kSrKi +nH4iP320CMTlQ95T5Fxjfq1T7EvUlhn8l8KpJOZtl8+GylFvZRYJ+x8a77w+JPhzVCi 9dNxlbGwTDbKAHruuW1Um8x7Z2sgU5dBY80eSlTY/PqAwUlop0ge2NHRftgMs9egpuaB 2VmhiKtEPeGaohG6g8qHozRWouOm8opZF6Y+VSPbJtQCeAgVqA9bxR4y1QCmJjB1jkAs k7pdY6QVOhNVe/ngTWHh7+1zqNE8fqQTNkMTB3BmU9zs0GQTZKIOf1KDcPv3Nn0iQoxR rs5g==
X-Gm-Message-State: AOAM531J5T4HirfPb22PTOG6PsmgCGDWCRMUkIZzwYpLUYDhsfmXH4OX nAQmQGUVsM/BzvSAmcJO8cLVYUa/rE8xv3M+LmhmHQ==
X-Google-Smtp-Source: ABdhPJxgOIpwq1wWk+CdcLzQFKMbYkY9/wxDk1lOkNjrHvWezyCzrEs5S5Wb6vlPBcRPcAbI4kLC1/ELWKMTQ005Ysk=
X-Received: by 2002:a17:906:3915:: with SMTP id f21mr11558169eje.295.1613850384326; Sat, 20 Feb 2021 11:46:24 -0800 (PST)
MIME-Version: 1.0
References: <161366727749.10107.14514005068158901089@ietfa.amsl.com> <42668fb5-a355-e656-7d99-c40b3d33fb92@si6networks.com> <0e377231-c319-2157-30a0-759e2f96a692@gmail.com> <5f464f17-85ed-f105-35f9-02f35d04aed2@si6networks.com> <CALx6S364zGbq_HZNNVEaJHnHccuk4Zau2DXhmaVYbwnYQc-5bw@mail.gmail.com> <1847e8e3-543f-5deb-dd14-f7c7fa3677db@si6networks.com> <CALx6S34TPppMRJrOvyJ05LLeRvv+S51pQHJnzZDKk-qOdsF0AA@mail.gmail.com> <33917505-f8d0-ecce-dd3a-ef9812d62602@foobar.org>
In-Reply-To: <33917505-f8d0-ecce-dd3a-ef9812d62602@foobar.org>
From: Tom Herbert <tom@herbertland.com>
Date: Sat, 20 Feb 2021 12:46:13 -0700
Message-ID: <CALx6S34MrT=aGq3cWkGTrZsbQQJhxVGo1x6HfLP-pxKsfhYy2g@mail.gmail.com>
To: Nick Hilliard <nick@foobar.org>
Cc: Fernando Gont <fgont@si6networks.com>, Gorry Fairhurst <gorry@erg.abdn.ac.uk>, IPv6 Operations <v6ops@ietf.org>, draft-ietf-v6ops-ipv6-ehs-packet-drops.all@ietf.org, last-call@ietf.org, tsv-art@ietf.org, Brian E Carpenter <brian.e.carpenter@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/-2Bqc8h4eXGxIEnH8RI1ucaUGeQ>
Subject: Re: [v6ops] [Last-Call] Tsvart last call review of draft-ietf-v6ops-ipv6-ehs-packet-drops-05
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Feb 2021 19:46:28 -0000

On Sat, Feb 20, 2021 at 12:10 PM Nick Hilliard <nick@foobar.org> wrote:
>
> Hi Tom,
>
> Tom Herbert wrote on 20/02/2021 15:32:
> > This is reflected in the statement: "If an IPv6 header chain is
> > sufficiently long that it exceeds the packet look-up capacity of the
> > router, the router might be unable to determine how the packet should
> > be handled, and thus could resort to dropping the packet." It's not to
> > me clear what "sufficiently long" means;
>
> Is this just an issue of dialect?  The term "If an IPv6 header chain is
> sufficiently long that..." just means "If an IPv6 header chain is long
> enough that..."
>
> > in particular, such a
> > statement isn't helpful to the host stack developer trying to figure
> > out if the packets they're creating will be properly forwarded.
>
> That's something that should be addressed in a future ID.  Right now
> we're concentrating on documenting the problem.
>
Nick,

Maybe so, but without further details I believe the way the problem is
being documented is ambiguous and unenlightening. Besides, there has
already been work in this area that really could be cited here. For
instance, in RFC8883 the different ICMP errors reflect several
different ways and provide a lot more detail as to why nodes might
drop packets because headers are "too long". That RFC lists the
priority of ICMP errors as:

 1.  Existing ICMP errors defined in [RFC4443].
 2.  "Unrecognized Next Header type encountered by intermediate node"
 3.  "Extension header too big"
 4.  "Option too big" for length or number of consecutive padding
options exceeding a limit.
 5.  "Option too big" for the length of an option exceeding a limit.
 6.  "Too many options in an extension header"
 7.  "Extension header chain too long" headers exceeding a limit.
 8.  "Too many extension headers"
 9.  "Headers too long"

Numbers 3-8 represent reasons why nodes might drop a packet with
extension headers. Number 9 encompasses those cases where a node
parses beyond the IPv6 headers chains (for instance a node that parses
into GRE encapsulation).

Give that these classes are documented, then the obvious question is
what are the common limits that should work. RFC8504 does this for
some of the limits that are more apropos to the host; hopefully, an
outcome of this draft will define some practical limits for routers
and set some expectations about what should work.

Tom

> Nick

v2.23.0 | Report a Bug | By Email