Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-world: clarification text
Nick Hilliard <nick@foobar.org> Wed, 22 April 2015 16:55 UTC
Return-Path: <nick@foobar.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1A041B3807 for <v6ops@ietfa.amsl.com>; Wed, 22 Apr 2015 09:55:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SNhU_UFuRV4q for <v6ops@ietfa.amsl.com>; Wed, 22 Apr 2015 09:55:20 -0700 (PDT)
Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E86861B380D for <v6ops@ietf.org>; Wed, 22 Apr 2015 09:55:08 -0700 (PDT)
X-Envelope-To: v6ops@ietf.org
Received: from cupcake.foobar.org ([IPv6:2001:4d68:2002:100:0:0:0:110]) (authenticated bits=0) by mail.netability.ie (8.15.1/8.14.9) with ESMTPSA id t3MGt4X5097613 (version=TLSv1.2 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 22 Apr 2015 17:55:05 +0100 (IST) (envelope-from nick@foobar.org)
X-Authentication-Warning: cheesecake.netability.ie: Host [IPv6:2001:4d68:2002:100:0:0:0:110] claimed to be cupcake.foobar.org
Message-ID: <5537D268.1010603@foobar.org>
Date: Wed, 22 Apr 2015 17:55:04 +0100
From: Nick Hilliard <nick@foobar.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Mark ZZZ Smith <markzzzsmith@yahoo.com.au>, "v6ops@ietf.org" <v6ops@ietf.org>
References: <5536814D.7030708@foobar.org> <1347296409.2158102.1429683600983.JavaMail.yahoo@mail.yahoo.com>
In-Reply-To: <1347296409.2158102.1429683600983.JavaMail.yahoo@mail.yahoo.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/IEgkWf_E6QOdteqeO8HZB-aCKYQ>
Subject: Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-world: clarification text
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Apr 2015 16:55:23 -0000
Mark, Gert and Steiner have answered many of the issues which you bring up. On 22/04/2015 07:20, Mark ZZZ Smith wrote: > So I'm going to call the emperor naked. The emperor is not naked. We live in a real world with real constraints. > What I think you and Gert actually want is for EHs to be completely > deprecated, so that the TCP and UDP headers are always in the same place in > the packet, so that hardware can look at them for the purposes of dropping > them in hardware or as inputs into LB. Is that the case? Nope, EHs cannot be removed from the spec and no-one is suggesting this. As Steiner said, we need something like: > [IPv6 Fixed Hdr] + [IPv6 EHs] + [L4 Hdr] <= hardware inspection limit I'd suggest that we need a chunk of encapsulation overhead in that equation. The hardware inspection limit will vary, but the larger it is, the more expensive both in terms of financial cost and performance. > What I'm curious about then is how do you handle DDoSes that are using IP > fragments, where there are no TCP or UDP headers ports to look at? s/rtbh or d/rtbh, depending on which looks like it will be more effective. But please don't try to imply that because something is broken in ipv4 that we should be ok if it's broken in ipv6 too. This is a unhelpful fallacy. > I'm also curious about how you LB packets (either at layer 2 or layer 3) > that don't have TCP or UDP headers, or aren't IP. I've seen LB become > completely ineffective at layer 2 because a customer was using MPLS between > two routers, so no MAC address variation, and no IP addresses and no TCP or > UDP ports to look at. tbh, with great difficulty and expense. I spend an inordinate amount of time trying to deal with this particular problem. And if it's bad for the L3 ISP stuff I do, it's far worse on an L2 IXP lan. > In fact, given the trouble LAG has caused me in the past 2 years (LAG > member links that are not current members are supposed to be considered by > the bridge as normal bridge ports, so if you want to avoid loops across the > links that are candidate members of the LAG, the IEEE expect you to be > running STP of some form across them...) yep, bridges require bridging protocols for loop avoidance. >, I'm a big fan of the quote on the > last slide of this presentation: > > "IEEE 802.3ad Link Aggregation (LAG) what it is, and what it is not" > http://www.ieee802.org/3/hssg/public/apr07/frazier_01_0407.pdf > > "LAG is good, but it’s not as good as a fatter pipe." which is fine until the point that a fatter pipe will not handle all the data you need to transfer. If I had a choice about using LAGs, I wouldn't use them. I don't have that choice. Nick
- [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-world: … Fernando Gont
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Brian E Carpenter
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Fernando Gont
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Eric Vyncke (evyncke)
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Fernando Gont
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Fred Baker (fred)
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Eric Vyncke (evyncke)
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Nick Hilliard
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Brian E Carpenter
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… C. M. Heard
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Mark ZZZ Smith
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Nick Hilliard
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Mark ZZZ Smith
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Joe Touch
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Joe Touch
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Gert Doering
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Joe Touch
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Mark ZZZ Smith
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Gert Doering
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Mark ZZZ Smith
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Gert Doering
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Joe Touch
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Nick Hilliard
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Joe Touch
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… sthaug
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Warren Kumari
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Joe Touch
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Joel M. Halpern
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Joe Touch
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Mark ZZZ Smith
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… joel jaeggli
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… sthaug
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Havard Eidnes
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Mark ZZZ Smith
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… sthaug
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Jeroen Massar
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Ole Troan
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… sthaug
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Jeroen Massar
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Gert Doering
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Ray Hunter
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Mark ZZZ Smith
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… sthaug
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Gert Doering
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Nick Hilliard
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Joe Touch
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Templin, Fred L
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Gert Doering
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Joe Touch
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Brian E Carpenter