Re: [v6ops] [Last-Call] Tsvart last call review of draft-ietf-v6ops-ipv6-ehs-packet-drops-05

Tom Herbert <tom@herbertland.com> Thu, 08 April 2021 00:06 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66EEA3A2F7E for <v6ops@ietfa.amsl.com>; Wed, 7 Apr 2021 17:06:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aQY7uwXNjCv9 for <v6ops@ietfa.amsl.com>; Wed, 7 Apr 2021 17:06:10 -0700 (PDT)
Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC6833A2F79 for <v6ops@ietf.org>; Wed, 7 Apr 2021 17:06:09 -0700 (PDT)
Received: by mail-ed1-x52e.google.com with SMTP id w23so201769edx.7 for <v6ops@ietf.org>; Wed, 07 Apr 2021 17:06:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0tmG/3wr1doasaBxaUT+HikJxyMj/4FpWtfN7XI7LUQ=; b=KTXiqs0JD/tTNAqAyhg8SD+gwMcgOyNgeOE2W79aTlVCbyA0vlMBsWKGcum7kBx+Rn 4xJJ+bgEau5muKwe7Y4YhTZAH2iG8J7p9yebXxuH2nVciD0zM7VvFeWApfJg7o8mPH9V pZjk883Q4tgwnTWuwkt/w8ZnxLveIPHSukY2GqvXmqiCC5Uc1IRPiUdTfTj4yKa0QWvI f0QKZdzGIA0yMaElln69CwwP/LX4BSrrSdevJwu7jSsxpThgjAnH9qpGhnQKGD8g/5ut TyZGklPWpSsIcVaofZhjwQ3Zrb8HFCHNZj/XVK2wD/woZDfJq4kMnUuFitCCDU25vTc6 4ZJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0tmG/3wr1doasaBxaUT+HikJxyMj/4FpWtfN7XI7LUQ=; b=Um3/7NRDgvfN5d2tSvsXSUJaYKNMmdQ8/CVGRvnXPIFipAxVmzNMmTfnESm/bgxJJ3 d6f3S7uekF+6YavOFcYLfSbprsHCgO54GEd3YbQmX2wvTWsheTB8sz0LH5I5hCSMN2/D IwtEsZt2qMWK/xvBd+BXOS+Vd1k6maBdEZ4LCAgy3nmYlSwLCxQ5DcEi5U4l/TsDqbN7 ZbHIzrNBv5yW/Peb1ZW/u/eyl37wFY+yV36drLmME0nH7771pMCzT7VT+jFXmR859LSJ kVMoye0Rl1+UH90miclMM/0DPL5XLjsxtfJZlfHbKfFD4Uv8qqGPvVnw2CCPLFuxqsYg Vtpg==
X-Gm-Message-State: AOAM531C74+tBv9UI+ymnMDRVR2ZQ18ck8oLZ3mHOmJ1hv1T5XCsAsMA +Xpw3EiIbZMT6bUo0TvZ3mF1ZOToAEursQCn8feUIA==
X-Google-Smtp-Source: ABdhPJxciWfbK7Mbvg317nZQ6gUGkMP5GY4yvq722Jru9MEhY2LVlTUjoeuqcZarKbSXqNWAajqB32T6G2W5+F5aP5A=
X-Received: by 2002:a05:6402:1115:: with SMTP id u21mr7661565edv.383.1617840366823; Wed, 07 Apr 2021 17:06:06 -0700 (PDT)
MIME-Version: 1.0
References: <161366727749.10107.14514005068158901089@ietfa.amsl.com> <e41f3484-f816-e185-2d99-94323c8da732@si6networks.com> <CALx6S34qSxGijVcs229bAL5gMhMvMNYUXm3yEmrg6wxUiUAiaA@mail.gmail.com> <bf83d228-25bc-21bb-f984-d58ead6bf492@si6networks.com> <CALx6S35Kh-QAXJDAucuw5Wty37MBiwS=pqQknMZ+15b7D5Sn8A@mail.gmail.com> <34e78618-cb28-71a1-a9d3-7aec38032659@si6networks.com> <CAO42Z2zqD9_d2Fbr25Y2CV1GdzYKd167yf5DHeHna7V66pF65A@mail.gmail.com> <0bd316ac-1789-f4c6-d280-943ad6e60309@si6networks.com> <CALx6S34dMEEJ+OPUu_=FW1Y5AQuvAaHzBPEe448S7rfbMmHN_w@mail.gmail.com> <CEFDF511-9255-4913-840D-50CCBC2B7B17@gmail.com> <CALx6S36_w+zxyUt0DzQ9NKBs+SAPZDNhs_sqLBwi+qneOPSS5A@mail.gmail.com> <ef2bd4f5-3b1e-b88c-ec8f-dd9a2f9a60ba@si6networks.com> <CALx6S349X7fQR=9Dj+n5X7ovXsSjLYibv-C-+bL0nkWsYP5NGA@mail.gmail.com> <MN2PR11MB43668EDA6209CA6AF3BCC5EEB5759@MN2PR11MB4366.namprd11.prod.outlook.com> <CALx6S3447SJwdRPoG_BaXS=ihBe1xA84vxcCev1y2K4xqMYZaQ@mail.gmail.com> <1bd98708-0f33-13c2-6664-3553857eaad4@gmail.com>
In-Reply-To: <1bd98708-0f33-13c2-6664-3553857eaad4@gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Wed, 7 Apr 2021 17:05:55 -0700
Message-ID: <CALx6S35cj3xvKQiY236fMRBRFVhcvj7W23gmbrj-81HO9O1K7w@mail.gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: "Rob Wilton (rwilton)" <rwilton@cisco.com>, Gorry Fairhurst <gorry@erg.abdn.ac.uk>, IPv6 Operations <v6ops@ietf.org>, "draft-ietf-v6ops-ipv6-ehs-packet-drops.all@ietf.org" <draft-ietf-v6ops-ipv6-ehs-packet-drops.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "tsv-art@ietf.org" <tsv-art@ietf.org>, Fernando Gont <fgont@si6networks.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/6896cziaJ40R3ZAa7HMZSFvnNyQ>
Subject: Re: [v6ops] [Last-Call] Tsvart last call review of draft-ietf-v6ops-ipv6-ehs-packet-drops-05
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Apr 2021 00:06:14 -0000

On Wed, Apr 7, 2021 at 3:34 PM Brian E Carpenter
<brian.e.carpenter@gmail.com> wrote:
>
> On 08-Apr-21 03:20, Tom Herbert wrote:
> ...
> > So my fundamental concern with this draft is that it is an entirely
> > qualitative description of a well known problem, however a qualitative
> > analysis is insufficient input for moving extension headers forward.
> > In the draft, there are several reasons suggested as to why routers
> > might drop packets, however there is no indication of the relative
> > occurrence frequency of these.
>
> That seems to call for a fairly major measurement project by an
> organisation like CAIDA or RIPE Labs, with collaborative ISPs.
> While that is a perfectly good idea, it would presumably take
> a couple of years to get data. I personally don't see it as a
> valid reason to hold up this draft. Maybe the authors should
> add a note about the need for data.
>
> > Also, there are parameterizations
> > mentioned such as in the state that routers might drop if the chain is
> > "too long", there is no analysis on exactly what "too long" commonly
> > is (a couple of sizes for parsing buffers are mentioned but without
> > reference which is another frustration of mine with this draft). A
> > quantified analysis of the problem would delve into implementations
> > and deployment thereby providing actionable data. Note this is not the
> > same as making recommendations, I am just asking for the operational
> > data as part of the analysis from which we could derive guidance or
> > new protocol requirements.
>
> Again, I don't see how that can be done without a major and organised
> effort. The issue of buffer sizes may also involve proprietary
> information, which is another difficulty. Again, it is neither quick
> nor easy to get data.

Brian,

Maybe so, but in the absence of meaningful data or guidance that could
be derived from such data, host stacks have to fall back to reverse
engineering what is actually implemented in the network as opposed to
getting recommendations from IETF or a consortium of vendors, which is
pretty much where we are anyway. The situation seems contradictory to
the whole intent of defining standard inoperable protocols, but I
digress...

Tom


>
> Regards
>     Brian
>
> > Tom
> >
> >
> > Tom
> >
> >>
> >> Regards,
> >> Rob
> >>
> >>
> >>> -----Original Message-----
> >>> From: v6ops <v6ops-bounces@ietf.org> On Behalf Of Tom Herbert
> >>> Sent: 10 March 2021 02:03
> >>> To: Fernando Gont <fgont@si6networks.com>
> >>> Cc: Gorry Fairhurst <gorry@erg.abdn.ac.uk>uk>; IPv6 Operations
> >>> <v6ops@ietf.org>rg>; draft-ietf-v6ops-ipv6-ehs-packet-drops.all@ietf.org;
> >>> last-call@ietf.org; tsv-art@ietf.org
> >>> Subject: Re: [v6ops] [Last-Call] Tsvart last call review of draft-ietf-
> >>> v6ops-ipv6-ehs-packet-drops-05
> >>>
> >>> On Tue, Mar 9, 2021 at 4:03 PM Fernando Gont <fgont@si6networks.com>
> >>> wrote:
> >>>>
> >>>> On 9/3/21 19:07, Tom Herbert wrote:
> >>>> [...]
> >>>>>
> >>>>> Yes, ACLs on transport layer ports are common requirements, however
> >>>>> the problem arises from related requirements that arise due to the
> >>>>> limitations of routers to be able to locate the transport layer
> >>>>> information in a packet. An example of such an implied requirement
> >>>>> from this draft is "don't send packets with IPv6 header chains that
> >>>>> are too long because some routers can't parse deep enough into packets
> >>>>> to find the transport layer ports due to implementation constraints
> >>>>> (like limited size parsing buffer)".
> >>>>
> >>>> You seem to be reading more from the document than what we actually said
> >>>> in the document.
> >>>>
> >>>> There are no requirements in this document. We simply explain things
> >>>> operators need to do, what are the associated limitations in real-world
> >>>> devices, and what's the likely outcome.
> >>>>
> >>>> That's not an implied requirement, but simply a description of facts.
> >>>>
> >>> It's obvious that the implied or at least inferred requirement is that
> >>> if a host wants to increase the probability of packets making it to
> >>> the destination then they should not make header chains too long. This
> >>> would also be an obvious interoperability requirement, i.e. if I make
> >>> my header chains too long then packets will be dropped and my host
> >>> stack is not interoperable with some elements in the network.
> >>>
> >>>>
> >>>>
> >>>>> While the rationale for the
> >>>>> requirement may make sense, the problem, at least from the host stack
> >>>>> perspective of trying to send packets with low probability they'll be
> >>>>> dropped, is that a requirement that "don't IPv6 header chains that are
> >>>>> too long" is is useless without any quantification as exactly to what
> >>>>> "too long" might be.
> >>>>
> >>>> "too long" for the processing device(s). You don't know what devices
> >>>> will process your packets, hence cannot even guess what "too long" might
> >>>> mean.
> >>>>
> >>>> What you know for sure is that the longer the chain, the lower the
> >>>> chances of your packets surviving -- as per RFC7872.
> >>>>
> >>> That seems to me more like an assumption than a proven fact. To prove
> >>> it we'd need the data that correlates the length of the chain with
> >>> probability of drop, or alternatively, one could survey common router
> >>> implementations' capabilities and similarly extrapolate the
> >>> correlation. If we had this data then we could derive a meaningful
> >>> quantified requirement for both what routers are expected to process
> >>> and what hosts can expect. RFC7872 doesn't really have sufficient data
> >>> to make this correlation, and besides that it is not current.
> >>>
> >>> In any case, this draft qualitatively describes why routers are
> >>> droppings. Which I suppose is good, but, given that information, I
> >>> don't see much that helps host developers that are sending packets in
> >>> the network and are trying to go beyond sending packets that conform
> >>> to the least common denominator of plain TCP/IP.
> >>>
> >>> Tom
> >>>
> >>>> Thanks,
> >>>> --
> >>>> Fernando Gont
> >>>> SI6 Networks
> >>>> e-mail: fgont@si6networks.com
> >>>> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
> >>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>> _______________________________________________
> >>> v6ops mailing list
> >>> v6ops@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/v6ops
> >
> > _______________________________________________
> > v6ops mailing list
> > v6ops@ietf.org
> > https://www.ietf.org/mailman/listinfo/v6ops
> >