Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-ehs-packet-drops-00 - Admin Policy

Fernando Gont <fernando@gont.com.ar> Mon, 03 August 2020 10:26 UTC

Return-Path: <fernando@gont.com.ar>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF6B63A0DCA for <v6ops@ietfa.amsl.com>; Mon, 3 Aug 2020 03:26:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.725
X-Spam-Level:
X-Spam-Status: No, score=-0.725 tagged_above=-999 required=5 tests=[KHOP_HELO_FCRDNS=0.212, NICE_REPLY_A=-0.949, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pyv3dCSS8u2h for <v6ops@ietfa.amsl.com>; Mon, 3 Aug 2020 03:26:25 -0700 (PDT)
Received: from tools.si6networks.com (v6toolkit.go6lab.si [91.239.96.57]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42B013A0DC9 for <v6ops@ietf.org>; Mon, 3 Aug 2020 03:26:23 -0700 (PDT)
Received: from [IPv6:2800:810:464:1f7:10e9:dc78:74f7:a148] (unknown [IPv6:2800:810:464:1f7:10e9:dc78:74f7:a148]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by tools.si6networks.com (Postfix) with ESMTPSA id B7B8740021; Mon, 3 Aug 2020 12:26:20 +0200 (CEST)
To: Vasilenko Eduard <vasilenko.eduard@huawei.com>, "v6ops@ietf.org" <v6ops@ietf.org>
References: <6c0e835ccaa04813a3c37a1df1fe0c40@huawei.com>
From: Fernando Gont <fernando@gont.com.ar>
Message-ID: <44b593ec-d87a-d4d9-96b1-888abea77e25@gont.com.ar>
Date: Mon, 3 Aug 2020 07:16:31 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <6c0e835ccaa04813a3c37a1df1fe0c40@huawei.com>
Content-Type: text/plain; charset=koi8-r; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/7rV_vf1EcVrZTHNjteQk51AKdIo>
Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-ehs-packet-drops-00 - Admin Policy
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Aug 2020 10:26:27 -0000

Hello, Eduard,

On 1/8/20 14:02, Vasilenko Eduard wrote:
> I know from discussion with some carriers that some of them filter out EHs intentionally
> To avoid any problems discussed in this draft.
> It is definitely the reason for EHs drops, but non-technical. It is probably "Absence of use case".

Ultimately, there are technical reasons behind such drops: i.e., any of 
the subsections from Section 6.

Most likely, if EHs were innocuous, even if there wasn't a use case, 
folks could let them through.

While it is true that there are not many use cases for EHs, there are at 
least to important ones: fragmentation and IPsec's ESP. And these two 
get dropped, too.



> Additional risk and additional processing capacity should have the reward. It is just business.

Indeed.

As noted, even for cases where there's a use case (e.g. IPsec ESP), or 
fragmentation (see the numbers for fragment drops for the case of DNS 
servers), packets with EHs are still dropped.

(me thinking out loud, and asking for more thoughts, if you wish)

Thanks,
-- 
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1