Re: [v6ops] [Last-Call] Tsvart last call review of draft-ietf-v6ops-ipv6-ehs-packet-drops-05

Tom Herbert <> Thu, 08 April 2021 00:31 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 76F873A304E for <>; Wed, 7 Apr 2021 17:31:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 8828PlPHskfp for <>; Wed, 7 Apr 2021 17:31:12 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::635]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CE9803A3050 for <>; Wed, 7 Apr 2021 17:31:11 -0700 (PDT)
Received: by with SMTP id hq27so49641ejc.9 for <>; Wed, 07 Apr 2021 17:31:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=kqwLglt8pscW0tztezNklRrKZkuXJ0pbueZqtANcx5E=; b=kqGODvL8zxjNYBeDyFtIgwNVTAU1CPmHarM0p6YUupdqGLotDXeByPIpOaRuUGxMVw T7Qj5N75Tf+Y8x/8lyRnqbuaL8MlcjWe0GnJT1u7eIZrPen1wzQQqGnUnVyUSmrV89Sp ZORWi9NYZ2Qi+FVFKj0mN3oxQJZGdAPd/sGehT1q3Xc+SsrAp0GdCs+wio6/TbabfoJm u203/UUvOBpT3Zu7Ws+a/LexpZXKz3O8dJbD0oyGrt081/+3lDNoZTC4iVjIFs/dgyvd lrMz4pcL9iB8pL49UKJ6HImJzL71/A9tfapCV+/BP7mnICPVkHfUUrto7P9TTuQTeYHU pM9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=kqwLglt8pscW0tztezNklRrKZkuXJ0pbueZqtANcx5E=; b=JjEPMfp+gItTJeYC+6o3ux0QgpdUze77WYkDn4P225nN11sHZt6MXuVpwXVJwZ4dQR zWIDW4GG8CQuh2VlX5unsro9Xs/QuvZXN8xW8Roe6oA6zEOnW+iNHrRC2XotM3pcOhG6 uOwlybkrun4vp4Cmfte9WjROfqaVfYhjWxOQmMjNJNOsB2bpzBN1V4ozGyrrPFJVzvd7 lDl2GzKTKpO3Pq85jXC05bYZD3aMg8LGl1l0VO4/eWuPcfnrMAzio8xkYP8grnuK7dxC VZstO+yXuLZe/B/FpL9nsh/fEuidNpR10y6oH3B+bYqaMgXgEaNQ58EH5BfddfvtsJS0 1nQA==
X-Gm-Message-State: AOAM5301t9Z+3Ht6ePoQU5fndQgFbsfIJfB2AskmLWPyHllfwLN6Ec7+ L0hu2TQu/zirgGNENByQ5+GjikTHqpT76TE6qQJI0g==
X-Google-Smtp-Source: ABdhPJyXurI38yu9o1Wtu1fpmXNBhDxLma50Ac1HL1ZrhpWMwmZn29sA1RZMkHFoNVEthxSIjmhFFc8uskZysRScU/Q=
X-Received: by 2002:a17:907:3e93:: with SMTP id hs19mr7158901ejc.272.1617841868767; Wed, 07 Apr 2021 17:31:08 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
From: Tom Herbert <>
Date: Wed, 7 Apr 2021 17:30:57 -0700
Message-ID: <>
To: Fernando Gont <>
Cc: "Rob Wilton (rwilton)" <>, Gorry Fairhurst <>, IPv6 Operations <>, "" <>, "" <>, "" <>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [v6ops] [Last-Call] Tsvart last call review of draft-ietf-v6ops-ipv6-ehs-packet-drops-05
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 08 Apr 2021 00:31:17 -0000

On Wed, Apr 7, 2021 at 5:03 PM Fernando Gont <> wrote:
> Hi, Tom,
> On 7/4/21 12:20, Tom Herbert wrote:
> [....]
> > Given that hosts are the ones creating extensions headers and other
> > packet formats, hosts have a vested interest in how routers are
> > dealing with their packets. Even before this document was created, we
> > have long known that extensions headers might be dropped and have been
> > working on mitigations to reduce the number of drops which are already
> > addressing some of the reasons that packets with EH. For instance,
> > consider draft-hinden-6man-hbh-processing-00; this is a proposal to
> > limit the number of HBH options to exactly one. The idea is that
> > routers will make it feasible for routers packets that have HBH
> > options, with the trade off of specifically limiting the extensibility
> > of the protocol. The problem is there is no data that indicates this
> > proposal would have the desired effect; we don't if routers would
> > start accepting packets that are limited to one HBH option.
> What does that proposal have to do with this document?

Because that proposal is ostensibly addressing a perceived reason for
packets being dropped. If it's not really a problem, then by all means
please chime in on 6man list where the draft is under discussion.

> > So my fundamental concern with this draft is that it is an entirely
> > qualitative description of a well known problem, however a qualitative
> No. It is not a well known problem. If you look at
> draft-hinden-6man-hbh-processing, itś clear that their assumption is
> that limiting the number of EHs or options solves the problem. Whereas
> our document essentially notes that to a large extent the problem has to

What exactly does "large extent " mean? Does that mean that at least
50% or some greater than that percentage of drops of packets with EH
were dropped precisely because the header chains were too long?

> do with the overall EH-chain length -- it doesn't matter if the
> EH-chain: it doesn matter whether you have one long EH, multiple small
> ones, one large EH with one large option, one large EH with many small
> options, or any combination of them.

Perhaps, but again I ask for either data or references from vendors to
verify that supposition.

> The fact that youŕe raising this issue and that thereś a belief that
> there'ś a clear and easy way to make EHs work probes that itś certainly
> not a well known problem.
That is not the only issue that is being addressed. There are also the
suggested limits in RFC8504 for host processing, the mitigation in
RFC8200 to allow intermediate nodes to ignore HBH options, and ICMP
errors in RFC8883 that intermediate nodes drop packets including if
header chains are too long.

> I can also say that I have consulted for different operators, and they
> were not even aware about this issue.
> > analysis is insufficient input for moving extension headers forward.
> Please read the Abstract:
>     This document summarizes the operational implications of IPv6
>     extension headers specified in the IPv6 protocol specification
>     (RFC8200), and attempts to analyze reasons why packets with IPv6
>     extension headers are often dropped in the public Internet.
> and the disclaimer:
> 2.  Disclaimer
>     This document analyzes the operational challenges represented by
>     packets that employ IPv6 Extension Headers, and documents some of the
>     operational reasons why these packets are often dropped in the public
>     Internet.  This document is not a recommendation to drop such
>     packets, but rather an analysis of why they are dropped.
> If you want to embark in the project of "moving Ehs forward", getting
> whatever data you need for that, etc., thatś totally fine.
> > In the draft, there are several reasons suggested as to why routers
> > might drop packets, however there is no indication of the relative
> > occurrence frequency of these. Also, there are parameterizations
> > mentioned such as in the state that routers might drop if the chain is
> > "too long", there is no analysis on exactly what "too long" commonly
> We discussed this one to death: Thatś impossible to tell. Itś
> implementation dependent, and the information may not even be public.
> > and deployment thereby providing actionable data. Note this is not the
> > same as making recommendations, I am just asking for the operational
> > data as part of the analysis from which we could derive guidance or
> > new protocol requirements.
> You are asking for a different document. If you want that data, I
> encourage you to start the experiment, and submit an I-D with the results.
> Some of us did that homework for the data that we considered useful, and
> provided it to the community in RFC7872. If that data is not enough, I
> certainly encourage you to work on that. But thatś a project thatś
> totally unrelated to this document.
> Thanks,
> --
> Fernando Gont
> e-mail:
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492