IETF Logo Mail Archive

Re: [v6ops] IPv6 Extension Headers in the Real World

Tim Chown <tjc@ecs.soton.ac.uk> Sun, 05 October 2014 13:02 UTC

Return-Path: <tjc@ecs.soton.ac.uk>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 704541A0252 for <v6ops@ietfa.amsl.com>; Sun, 5 Oct 2014 06:02:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.607
X-Spam-Level:
X-Spam-Status: No, score=-0.607 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.786, SPF_NEUTRAL=0.779] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VNsyLD6CT_-a for <v6ops@ietfa.amsl.com>; Sun, 5 Oct 2014 06:02:52 -0700 (PDT)
Received: from falcon.ecs.soton.ac.uk (falcon.ecs.soton.ac.uk [IPv6:2001:630:d0:f102::25e]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50EE01A02D4 for <v6ops@ietf.org>; Sun, 5 Oct 2014 06:02:52 -0700 (PDT)
Received: from falcon.ecs.soton.ac.uk (localhost.ecs.soton.ac.uk [127.0.0.1]) by falcon.ecs.soton.ac.uk (8.13.8/8.13.8) with ESMTP id s95D2eMu010532; Sun, 5 Oct 2014 14:02:40 +0100
X-DKIM: Sendmail DKIM Filter v2.8.2 falcon.ecs.soton.ac.uk s95D2eMu010532
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=ecs.soton.ac.uk; s=201304; t=1412514162; bh=IY80+cN2vIzLGlu84oE1xI6eDR0=; h=Mime-Version:Subject:From:In-Reply-To:Date:Cc:References:To; b=283f+PDjXkQrM8ELwidqh0e7doTqfgYUfR0YZZlizXgmXJx5Ea7GeHAk+J2w1cJF9 mbUtCN0sxu8/pF3D7EZiR2MTvntKbtDYZX397crGBxwSGhm2qO46V+vJBm0TLoar5A cxu+Le1hSChLJk5yZhXoqdlTsqRAxJCzj6trPdew=
Received: from gander.ecs.soton.ac.uk (gander.ecs.soton.ac.uk [2001:630:d0:f102::25d]) by falcon.ecs.soton.ac.uk (falcon.ecs.soton.ac.uk [2001:630:d0:f102::25e]) envelope-from <tjc@ecs.soton.ac.uk> with ESMTP (valid=N/A) id q94E2e0169101780Uy ret-id none; Sun, 05 Oct 2014 14:02:42 +0100
Received: from [192.168.1.108] (host213-123-213-183.in-addr.btopenworld.com [213.123.213.183]) (authenticated bits=0) by gander.ecs.soton.ac.uk (8.13.8/8.13.8) with ESMTP id s95D1KQS019989 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Sun, 5 Oct 2014 14:01:21 +0100
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Tim Chown <tjc@ecs.soton.ac.uk>
In-Reply-To: <542EF0BA.2070604@isi.edu>
Date: Sun, 05 Oct 2014 14:01:19 +0100
Content-Transfer-Encoding: quoted-printable
Message-ID: <EMEW3|fba318d9629281f51901ef8c456d7f83q94E2e03tjc|ecs.soton.ac.uk|08B266AA-2C78-4C21-BF76-F4B64C9B56CC@ecs.soton.ac.uk>
References: <542A36AC.9030203@gont.com.ar> <542C81B7.10601@isi.edu> <99A3738D-954C-4A75-8055-E30D0D73DD80@ecs.soton.ac.uk> <EMEW3|fe883999a173b6d6b6b574badb6ebb53q90Niq03tjc|ecs.soton.ac.uk|99A3738D-954C-4A75-8055-E30D0D73DD80@ecs.soton.ac.uk> <542C8595.6080809@isi.edu> <CAKD1Yr2JB6V61D+JcUR2qj6-AGEAQr+Jn0eOUPSLEOKXZ1cEqw@mail.gmail.com> <9062DD5BB047BF4C96BCE0CB9DA96D1B4DE1C0C7@ITSNT440.iowa.uiowa.edu> <E69F8B2A-C8F9-4978-B2F8-0F6C74619BA0@ecs.soton.ac.uk> <EMEW3|0e9b5822392d744642b47f8f3cb94f76q91ED603tjc|ecs.soton.ac.uk|E69F8B2A-C8F9-4978-B2F8-0F6C74619BA0@ecs.soton.ac.uk> <542D695A.3070506@isi.edu> <9062DD5BB047BF4C96BCE0CB9DA96D1B4DE22159@ITSNT440.iowa.uiowa.edu> <542EAFEF.30607@gont.com.ar> <542EF0BA.2070604@isi.edu> <08B266AA-2C78-4C21-BF76-F4B64C9B56CC@ecs.soton.ac.uk>
To: Joe Touch <touch@isi.edu>
X-Mailer: Apple Mail (2.1878.6)
X-ECS-MailScanner: Found to be clean, Found to be clean
X-smtpf-Report: sid=q94E2e016910178000; tid=q94E2e0169101780Uy; client=relay,ipv6; mail=; rcpt=; nrcpt=7:0; fails=0
X-ECS-MailScanner-Information: Please contact the ISP for more information
X-ECS-MailScanner-ID: s95D2eMu010532
X-ECS-MailScanner-From: tjc@ecs.soton.ac.uk
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/CY0KVzo4y6r3jYG9r1oUbm1J3mY
Cc: IPv6 Operations <v6ops@ietf.org>, Fernando Gont <fernando@gont.com.ar>, "draft-gont-v6ops-ipv6-ehs-in-real-world@tools.ietf.org" <draft-gont-v6ops-ipv6-ehs-in-real-world@tools.ietf.org>, V6ops Chairs <v6ops-chairs@tools.ietf.org>
Subject: Re: [v6ops] IPv6 Extension Headers in the Real World
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Oct 2014 13:02:56 -0000

On 3 Oct 2014, at 19:53, Joe Touch <touch@isi.edu> wrote:

> On 10/3/2014 7:17 AM, Fernando Gont wrote:
>> And you certainly do not want the "here's what we saw", "here's how we'd
>> like you to filter packets with EHs", "here's what the IETF should
>> consider when designing new protocols", because they tend to be rather
>> orthogonal, and also targeted at different communities.  -- the guy
>> doing the packet filtering is likely different from the guy developing
>> new protocols, etc.
> 
> The coupling of these determines how you act. It determines whether you
> can filter safely, only when under threat or in a particular
> environment, or should not filter under any circumstances.
> 
> And that's why it's dangerous to split these out. These should not be
> targeted at different communities without a single, coherent context of
> both what is known to happen, what the risks are, and the recommendations.

And I think it works the other way - it’s cleaner to express an observation or problem statement, and then leave the community to decide what action, if any, to take. At the very least here there’s a clear warning sign about expectations for the successful transport of IPv6 packets using EHs, end to end.

There’s many examples of IETF problem statements documented independently of solutions/BCP/informational guidance.

> Ultimately, we need an Internet whose behavior is coherent, not based on
> potentially interfering communities perceived as being orthogonal.

Perhaps better to say communities with different perspectives. But your choice language makes a point.

RFC7045 is good in my view, but is not yet where we are at. Part of that is a default filtering setting by the vendor community. Vendors also have a part to play in how EHs are handled in general, e.g. the observations are that longer EH chains lead to more drops.

And there is an operational community aspect from how default settings may be changed, or set in a way that may cause problems. There’s many sites who don’t follow RFC4890 for example, whatever the defaults provided by vendors might be.

And there’s a community that designs new protocols that might choose to use EHs. While the sfc WG has made it clear that any use of EHs there is within a constrained/limited environment (and not across the Internet at large), perhaps others are taking a more hopeful view…

But the point remains, documenting the observations/problem independently allows discussion in those other communities - vendors, operators and protocol designers - without trying to pre-empt that in a single document. I’m not saying there’s a right or a wrong way, but I think it’s better to be able to take stock from a clean problem statement/set of observations, than try to do everything in one go.

It’s a shame the IETF91 BoF cutoff just went by - a non WG-forming BoF might have been a good way to tease these issues out. 

Tim

v2.23.0 | Report a Bug | By Email