IETF Logo Mail Archive

Re: [v6ops] Call for adoption: draft-peng-v6ops-hbh

Bob Hinden <bob.hinden@gmail.com> Sun, 12 September 2021 16:14 UTC

Return-Path: <bob.hinden@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59AFD3A117F for <v6ops@ietfa.amsl.com>; Sun, 12 Sep 2021 09:14:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x2rhxEHtF6y1 for <v6ops@ietfa.amsl.com>; Sun, 12 Sep 2021 09:14:42 -0700 (PDT)
Received: from mail-ot1-x334.google.com (mail-ot1-x334.google.com [IPv6:2607:f8b0:4864:20::334]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E083A3A117D for <v6ops@ietf.org>; Sun, 12 Sep 2021 09:14:41 -0700 (PDT)
Received: by mail-ot1-x334.google.com with SMTP id m7-20020a9d4c87000000b0051875f56b95so9910580otf.6 for <v6ops@ietf.org>; Sun, 12 Sep 2021 09:14:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=126HSmbQ8cQKLHJYjT3dHS2spTooplOSNzP4gsIVODo=; b=C/bz7kCSBiRd0j9YfaQI2O0iakO5OJ5bVq5YHO8lJSG61CB65TpVL4AF54NCLtQiWp 4rRgnNgSBDb5mJOp9+Z9rF+walVbWDgwa85hOrpLm7Hp2G6KsG8X/PcuKIDcODvMkDmp WUs5/GIydN1FmFNCG2sOrlir241I3hn8pqSI5p3j89OnPj2RwI7gcoV97fDXt6/fUENc 9Fg+jbDZh45hCLIir3ZJGo8Tu9CQfLACazIJ1uvJ2Gk/p8NatSsQoyYe+2xBh52uhKs8 YfB2TJdXFXgmZz0suo9xUnZ+LYvf8wYgoEq1WZcRbBgHheTO6njVMSFyTuwAb5Tdva0k xM/g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=126HSmbQ8cQKLHJYjT3dHS2spTooplOSNzP4gsIVODo=; b=V6Visf0SE0gRcH/ITRi4NQTvSBotwuSVvVeKX2N3Uv8uG6gQhasRXUWKYPPGkxRbo5 SFJJtI/Y+RaMY0v9OQnp2aH3Uehc141oWZT6okyiGmaz6db6t5Dmrmi4joLwqUDPY3OA gNURZ/SiqFABbgg1CazMw3HQi4AlG0H2T/cxSTxs95SzU3XrmV+VRcTt/79ViiIkCwrn o1cDWVi7YsYOBQHIiofXFASf42WDJl175U2lsSc0YDpNWo2JXMCmGoRMrmO+id1mwbjF Ez7L6WtHzMdAjNzL10i3LCI5q8maynAMVdsRmM3yLlM/2jp76M3uCAfkobWdy/e1Tnx0 4xcg==
X-Gm-Message-State: AOAM530iSSSQumIsSJH5p40D8umx+kaBoA0hDKJEbmddcFwLh3PSd+N4 LUg6213tBC5JUQa+g0dhU9Ee9tmKB4Q=
X-Google-Smtp-Source: ABdhPJzVvMecsOl1FNG+Nj10GP4grnfMedjMQAftkQOJRpzl38WhC5BtGx5j7YDmBxXQmOoP/FCOPw==
X-Received: by 2002:a9d:7110:: with SMTP id n16mr6385051otj.94.1631463280506; Sun, 12 Sep 2021 09:14:40 -0700 (PDT)
Received: from [10.0.0.199] (c-73-223-183-113.hsd1.ca.comcast.net. [73.223.183.113]) by smtp.gmail.com with ESMTPSA id m8sm1208258otl.15.2021.09.12.09.14.39 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 12 Sep 2021 09:14:39 -0700 (PDT)
From: Bob Hinden <bob.hinden@gmail.com>
Message-Id: <8A23C4EE-EE60-4745-829E-807569B5F023@gmail.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_D6140DE8-71E9-44FB-A54C-C49F331A9FC1"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Sun, 12 Sep 2021 09:14:37 -0700
In-Reply-To: <CABNhwV1Yw9N8OT40ZvzpWz7EG34OzG5vLQzZHqiccWkAdQdjSg@mail.gmail.com>
Cc: Bob Hinden <bob.hinden@gmail.com>, "v6ops@ietf.org" <v6ops@ietf.org>
To: Gyan Mishra <hayabusagsm@gmail.com>
References: <BL0PR05MB5316375D7503A85477DF874AAED59@BL0PR05MB5316.namprd05.prod.outlook.com> <93CF6EB2-5AC0-4611-9A28-2D1AF50F2F64@gmail.com> <CABNhwV1Yw9N8OT40ZvzpWz7EG34OzG5vLQzZHqiccWkAdQdjSg@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/1yOOE-OXa_NZHz0q_gCR9ye6DkQ>
Subject: Re: [v6ops] Call for adoption: draft-peng-v6ops-hbh
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Sep 2021 16:14:48 -0000

Gyan,

Thanks, a few points below.

Bob


> On Sep 10, 2021, at 7:30 PM, Gyan Mishra <hayabusagsm@gmail.com> wrote:
> 
> 
> Hi Bob
> 
> Many thanks for your comments and feedback on this draft.
> 
> Responses in-line
> 

……..

> 
> 4) Section 7 Requirements
> 
> This section needs a lot of work, or should be removed.   For example, looking at the the first requirement:
> 
>    *  The HBH options header MUST NOT become a possible DDoS Vector.
> 
> This has several serious issues.   The first is that any protocol mechanism can be used a a DDOS attack vector under the right circumstances.   With a MUST NOT this requirement is impossible to meet.   The use of upper case RFC8174 key words turns this into a protocol specification, I don’t think that would be in scope for V6OPS.
> 
> Gyan> Good point.  We will reword and remove mention of DDOS vector.

We clearly want to reduce the possibility of the HBH option header to be used as a DDOS vector, but the way this was written it would be impossible to meet.    It’s still good to mention DDOS, but it needs better scoping.


> The next requirement:
> 
>    *  HBH options SHOULD be designed so that they don't reduce the
>       probability of packet delivery.  For example, an intermediate node
>       may discard a packet because it contains more HBH options than the
>       node can process.
> 
> How can you design an HBH option that knows how many options an intermediate node (we usually call these routers) can process?   Again, it’s a requirement that can’t be met.
> 
>     Gyan> Good point as well.
> 
> 
> I have similar comments on the other requirements, but won’t list them here.  As I said, this section either needs a lot of work, or should be removed.
> 
>     Gyan>  We will work on revamping this section.  Do you have any requirements that you would like to add to an HBH solution?

Perhaps take a look at  draft-hinden-6man-hbh-processing-01 and draft-herbert-6man-eh-limits.  These are written with solutions in mind, but they do infer requirements.

> 5) Section 8.  Migration Strategies
> 
> This section also has serious issues.   These include:
> 
> It talks about characterizing options into either control options or forward options.   We only have HBH Options, not two types.
> 
> It says nodes are updated to the proposed behavior introduced in the pervious section, but the previous section says requirements.
> 
> It says edge nodes (we usually call these hosts in IPv6) should check whether the packet contains an HBH header with control or forwarding options.   This isn’t a good description of how hosts actually work, nor are there control or forward options.
> 
> This section may be a remanent of an earlier version of this draft that was proposing different types of HBH options, but can’t really tell.   Might be best to remove this section.
> 
>     Gyan> We have discussed cleaning up this section or removing and now based on feedback we are leaning towards removing.

I would support that.

v2.23.0 | Report a Bug | By Email