Re: [v6ops] Some stats on IPv6 fragments and EH filtering on the Internet
Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 19 November 2013 19:27 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F7B61AE1A9; Tue, 19 Nov 2013 11:27:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a3zn0G18T3z8; Tue, 19 Nov 2013 11:27:03 -0800 (PST)
Received: from mail-pa0-x229.google.com (mail-pa0-x229.google.com [IPv6:2607:f8b0:400e:c03::229]) by ietfa.amsl.com (Postfix) with ESMTP id 057EC1AE1A5; Tue, 19 Nov 2013 11:27:02 -0800 (PST)
Received: by mail-pa0-f41.google.com with SMTP id lf10so1552082pab.0 for <multiple recipients>; Tue, 19 Nov 2013 11:26:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=i7NSRTWRZo0HjtUiNbJ0UUOX1aiK3oypX6cQYoWXVqw=; b=Jy09ZyrZHCW98C8xeNBT2aYn/nzJtbyPd7tOHV6NjSp4A00XIbPRh1ZG9d8iVImFxW sALxv3N2AJH0Md83W/eUTBfhOJfobjJSpVFAdRbM285f6HSct4RtnSFgKx2zS+orgsbq rt99d6B+kPmM+XWIrZASPADtp+YcB8aP1PDdkRlgP+dDEYA8MjusmTCBsWSAT8Nbiq1J dvy+j/FN0wjcRREBasj4cwUDMXwbMH9IbZPVTMxzKwIg0GJL5fPe3wr6Yo8ZD802MteR THhk7ho7MOL3CI1p0LN4aTHECRKfSZyAqa6e2/TRXsNlF/SinKBttrakh2ls1C/s/HvK uQ5A==
X-Received: by 10.68.203.73 with SMTP id ko9mr2641514pbc.170.1384889217015; Tue, 19 Nov 2013 11:26:57 -0800 (PST)
Received: from [192.168.178.20] (240.200.69.111.dynamic.snap.net.nz. [111.69.200.240]) by mx.google.com with ESMTPSA id dq3sm32283058pbc.35.2013.11.19.11.26.53 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 19 Nov 2013 11:26:55 -0800 (PST)
Message-ID: <528BBB80.5010508@gmail.com>
Date: Wed, 20 Nov 2013 08:26:56 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Ronald Bonica <rbonica@juniper.net>
References: <5278275C.50206@gont.com.ar> <5a9e4532c4e14bddbd9d824133820157@CO1PR05MB442.namprd05.prod.outlook.com> <528AEA8D.1070804@gmail.com> <26b868a1fe7b45c5a1dd2f688caefc19@CO1PR05MB442.namprd05.prod.outlook.com>
In-Reply-To: <26b868a1fe7b45c5a1dd2f688caefc19@CO1PR05MB442.namprd05.prod.outlook.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: IPv6 Operations <v6ops@ietf.org>, "6man@ietf.org" <6man@ietf.org>, Fernando Gont <fernando@gont.com.ar>
Subject: Re: [v6ops] Some stats on IPv6 fragments and EH filtering on the Internet
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Nov 2013 19:27:05 -0000
On 20/11/2013 04:29, Ronald Bonica wrote: > Brian, > > I see your point. If we fix the problems associated with extension headers, people will configure their middle-boxes to allow them. So, if we repeat Fernando's experiment in a few years, we may see very different results. > > You say that there are three distinct problems. I am aware of the following: > > - the tiny fragment problem (addressed by draft-ietf-6man-oversized-header chain) > - the long header chain problem (addressed by draft-kumari-6man-long-headers) > > What is the third problem? - middleboxes that don't deal with all header types (addressed by draft-ietf-6man-ext-transmit) Brian > > Ron > > >> -----Original Message----- >> From: Brian E Carpenter [mailto:brian.e.carpenter@gmail.com] >> Sent: Monday, November 18, 2013 11:35 PM >> To: Ronald Bonica >> Cc: Fernando Gont; 6man@ietf.org; IPv6 Operations >> Subject: Re: [v6ops] Some stats on IPv6 fragments and EH filtering on >> the Internet >> >> On 19/11/2013 10:50, Ronald Bonica wrote: >>> Folks, >>> >>> Fernando presents two studies in <http://www.iepg.org/2013-11- >> ietf88/fgont-iepg-ietf88-ipv6-frag-and-eh.pdf>. The second study is >> more interesting to me, because duplicate addresses are removed. >>> The following are a few questions regarding Fernando's second study: >>> >>> 1) Fernando observes that 41% of sites discard fragmented packets. >> However, in a similar study >> (http://www.nlnetlabs.nl/downloads/publications/pmtu-black-holes-msc- >> thesis.pdf) only 10% of sites discarded fragmented packets. I wonder >> why the two studies yield such divergent results. >> >> Well, that depends on whether there are significant differences between >> the observation points and/or the set of target sites for the two >> studies. There's certainly no law of physics that prevents both >> measurements being correct. >> >>> 2) Fernando observes that 44% of sites discard packets containing an >> 8 byte destination header, while 89% of sites discard packet containing >> 1 kilobyte of extension headers. Because the first number (44%) is so >> high, can I conclude that the second (89%) is insignificant. >> >>> Could it be that extension header length is a non-issue, because so >> many sites filter packets containing extension headers, regardless of >> their length? >> >> I don't think so. We've just agreed on an update to RFC 2460 that, if >> it is adopted by middleboxes, will fix or at least clarify the issue of >> what happens to short extension headers. We need to wait a few years to >> see if that happens, of course. That seems to me to be quite disjoint >> from the issue of whether boxes that inspect extension headers have big >> enough buffers, and distinct again from whether they handle fragmented >> headers. I think there are three problems, needing three solutions. >> >> Brian >> Ron >>>> -----Original Message----- >>>> From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On Behalf >>>> Of Fernando Gont >>>> Sent: Monday, November 04, 2013 6:02 PM >>>> To: 6man@ietf.org; IPv6 Operations >>>> Subject: Some stats on IPv6 fragments and EH filtering on the >>>> Internet >>>> >>>> Folks, >>>> >>>> I did a presentation on the topic at the IEPG meeting earlier this >>>> week. >>>> It provides some concrete data regarding IPv6 fragmentation and >>>> Extension Header filtering on the Internet. >>>> >>>> The slideware is available at: >>>> <http://www.iepg.org/2013-11-ietf88/fgont-iepg-ietf88-ipv6-frag-and- >>>> eh.pdf> >>>> >>>> Certainly there's *much* more work to be done in this area, but I >>>> thought that this could be good food sfor some of the discussions >>>> that we were having on the topic. >>>> >>>> Thanks, >>>> -- >>>> Fernando Gont >>>> e-mail: fernando@gont.com.ar || fgont@si6networks.com PGP >> Fingerprint: >>>> 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 >>>> >>>> >>>> >>>> -------------------------------------------------------------------- >>>> IETF IPv6 working group mailing list >>>> ipv6@ietf.org >>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 >>>> -------------------------------------------------------------------- >>>> >>> >>> _______________________________________________ >>> v6ops mailing list >>> v6ops@ietf.org >>> https://www.ietf.org/mailman/listinfo/v6ops >>> >
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Simon Perreault
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Mark Andrews
- [v6ops] Some stats on IPv6 fragments and EH filte… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Tim Chown
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Mikael Abrahamsson
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Mikael Abrahamsson
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Templin, Fred L
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Joe Touch
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Ole Troan
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Tim Chown
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Jen Linkova
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Mikael Abrahamsson
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Tim Chown
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Ole Troan
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Templin, Fred L
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Tim Chown
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Templin, Fred L
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Jen Linkova
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Ole Troan
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Tim Chown
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Ole Troan
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Gert Doering
- Re: [v6ops] (RIPE Atlas) Some stats on IPv6 fragm… Vesna Manojlovic
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Nick Hilliard
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Nick Hilliard
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Ole Troan
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Nick Hilliard
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Brian E Carpenter
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Jared Mauch
- Re: [v6ops] Some stats on IPv6 fragments and EH f… joel jaeggli
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Nick Hilliard
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Brian E Carpenter
- Re: [v6ops] Some stats on IPv6 fragments and EH f… sthaug
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Templin, Fred L
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Simon Perreault
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Mikael Abrahamsson
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Joe Touch
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Mikael Abrahamsson
- Re: [v6ops] Some stats on IPv6 fragments and EH f… joel jaeggli
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Simon Perreault
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Pedro Torres
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Hannes Frederic Sowa
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Ronald Bonica
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Brian E Carpenter
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Ronald Bonica
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Brian E Carpenter