Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-ehs-packet-drops-00 - Admin Policy

Vasilenko Eduard <vasilenko.eduard@huawei.com> Mon, 03 August 2020 13:03 UTC

Return-Path: <vasilenko.eduard@huawei.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9C8C3A08FA for <v6ops@ietfa.amsl.com>; Mon, 3 Aug 2020 06:03:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 32niNdyVQmk8 for <v6ops@ietfa.amsl.com>; Mon, 3 Aug 2020 06:03:42 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10F793A08E9 for <v6ops@ietf.org>; Mon, 3 Aug 2020 06:03:42 -0700 (PDT)
Received: from lhreml712-chm.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id A6B15176099D7B2B3EC6; Mon, 3 Aug 2020 14:03:39 +0100 (IST)
Received: from msceml701-chm.china.huawei.com (10.219.141.159) by lhreml712-chm.china.huawei.com (10.201.108.63) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Mon, 3 Aug 2020 14:03:39 +0100
Received: from msceml703-chm.china.huawei.com (10.219.141.161) by msceml701-chm.china.huawei.com (10.219.141.159) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Mon, 3 Aug 2020 16:03:38 +0300
Received: from msceml703-chm.china.huawei.com ([10.219.141.161]) by msceml703-chm.china.huawei.com ([10.219.141.161]) with mapi id 15.01.1913.007; Mon, 3 Aug 2020 16:03:38 +0300
From: Vasilenko Eduard <vasilenko.eduard@huawei.com>
To: Fernando Gont <fernando@gont.com.ar>, "v6ops@ietf.org" <v6ops@ietf.org>
Thread-Topic: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-ehs-packet-drops-00 - Admin Policy
Thread-Index: AdZoJDi1DSShQSOKR127T3+c++/N/ABQcouAAAi6LXA=
Date: Mon, 3 Aug 2020 13:03:38 +0000
Message-ID: <e633a2e382464848badaf287c4c2dcf4@huawei.com>
References: <6c0e835ccaa04813a3c37a1df1fe0c40@huawei.com> <44b593ec-d87a-d4d9-96b1-888abea77e25@gont.com.ar>
In-Reply-To: <44b593ec-d87a-d4d9-96b1-888abea77e25@gont.com.ar>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.47.207.99]
Content-Type: text/plain; charset="koi8-r"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/HvlmSMWK5JOlNLTbfPOWW9D1DYI>
Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-ehs-packet-drops-00 - Admin Policy
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Aug 2020 13:03:44 -0000

Hi all,
I do not believe that EH would ever be "for free" - it would consume PFE cycles (performance, energy).
Therefore, every EH should have their own separate justification to be turned on.
If we see big drop - it means that justification has not been found yet for particular EH.
If the current situation "for no one"?

IMHO: "EH success" is the situation when small set of EHs would have low drop rate.
IPv6 Architecture should be friendly for this to happen.
Other EHs should not block "chosen" EHs.

Eduard
-----Original Message-----
From: Fernando Gont [mailto:fernando@gont.com.ar] 
Sent: 3 августа 2020 г. 13:17
To: Vasilenko Eduard <vasilenko.eduard@huawei.com>om>; v6ops@ietf.org
Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-ehs-packet-drops-00 - Admin Policy

Hello, Eduard,

On 1/8/20 14:02, Vasilenko Eduard wrote:
> I know from discussion with some carriers that some of them filter out 
> EHs intentionally To avoid any problems discussed in this draft.
> It is definitely the reason for EHs drops, but non-technical. It is probably "Absence of use case".

Ultimately, there are technical reasons behind such drops: i.e., any of the subsections from Section 6.

Most likely, if EHs were innocuous, even if there wasn't a use case, folks could let them through.

While it is true that there are not many use cases for EHs, there are at least to important ones: fragmentation and IPsec's ESP. And these two get dropped, too.



> Additional risk and additional processing capacity should have the reward. It is just business.

Indeed.

As noted, even for cases where there's a use case (e.g. IPsec ESP), or fragmentation (see the numbers for fragment drops for the case of DNS servers), packets with EHs are still dropped.

(me thinking out loud, and asking for more thoughts, if you wish)

Thanks,
--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1