Re: [v6ops] Some stats on IPv6 fragments and EH filtering on the Internet

Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 19 November 2013 04:35 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61AC51AEB0E; Mon, 18 Nov 2013 20:35:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NYgnLUm4nOmx; Mon, 18 Nov 2013 20:35:37 -0800 (PST)
Received: from mail-pa0-x22d.google.com (mail-pa0-x22d.google.com [IPv6:2607:f8b0:400e:c03::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 293771AE6FE; Mon, 18 Nov 2013 20:35:37 -0800 (PST)
Received: by mail-pa0-f45.google.com with SMTP id kp14so1959659pab.18 for <multiple recipients>; Mon, 18 Nov 2013 20:35:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=7j9Kaexv2KvtEj6+B4t1fLaJ4UmmycnSwLlltG/N2Qg=; b=MP47aoX/rqA11y7dA15+rdIu/5MJRboEP/rGbQZz8D2n5D53rAzPwTMPYkh+ZfyH+i 8MMktNpo8AjRpt0G6J9y1LCkK7lNB+EA45HYuumTrm/l4evTQuV6Ug17wvdAxsOrjLE2 gsRk6VRnqQI4v1hqbVxZGgA1nqeHylvD6502WQMdGlE1pmW0s1N29a7nqVDoZDW7tWDB CRwWBefON2ogPNA0nPEODyYmsBQpmSf1kAp9a03R3dQBZF2+S3btHPJFBGvPz5EpDc06 Z0qbwRx41QQsyJstedirrlhqV1ep19S01v7or6UJkC6a4xG0979R7A71LTlpk9m9a7im T8ow==
X-Received: by 10.66.154.1 with SMTP id vk1mr24806729pab.85.1384835731207; Mon, 18 Nov 2013 20:35:31 -0800 (PST)
Received: from [192.168.178.20] (200.192.69.111.dynamic.snap.net.nz. [111.69.192.200]) by mx.google.com with ESMTPSA id wp8sm27209940pbc.26.2013.11.18.20.35.28 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 18 Nov 2013 20:35:30 -0800 (PST)
Message-ID: <528AEA8D.1070804@gmail.com>
Date: Tue, 19 Nov 2013 17:35:25 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Ronald Bonica <rbonica@juniper.net>
References: <5278275C.50206@gont.com.ar> <5a9e4532c4e14bddbd9d824133820157@CO1PR05MB442.namprd05.prod.outlook.com>
In-Reply-To: <5a9e4532c4e14bddbd9d824133820157@CO1PR05MB442.namprd05.prod.outlook.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: IPv6 Operations <v6ops@ietf.org>, "6man@ietf.org" <6man@ietf.org>, Fernando Gont <fernando@gont.com.ar>
Subject: Re: [v6ops] Some stats on IPv6 fragments and EH filtering on the Internet
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Nov 2013 04:35:39 -0000

On 19/11/2013 10:50, Ronald Bonica wrote:
> Folks,
> 
> Fernando presents two studies in <http://www.iepg.org/2013-11-ietf88/fgont-iepg-ietf88-ipv6-frag-and-eh.pdf>. The second study is more interesting to me, because duplicate addresses are removed.
> 
> The following are a few questions regarding Fernando's second study:
> 
> 1) Fernando observes that 41% of sites discard fragmented packets. However, in a similar study (http://www.nlnetlabs.nl/downloads/publications/pmtu-black-holes-msc-thesis.pdf) only 10% of sites discarded fragmented packets. I wonder why the two studies yield such divergent results.

Well, that depends on whether there are significant differences between the
observation points and/or the set of target sites for the two studies. There's
certainly no law of physics that prevents both measurements being correct.

> 2) Fernando observes that 44% of sites discard packets containing an 8 byte destination header, while 89% of sites discard packet containing 1 kilobyte of extension headers. Because the first number (44%) is so high, can I conclude that the second (89%) is insignificant.

> Could it be that extension header length is a non-issue, because so many sites filter packets containing extension headers, regardless of their length?

I don't think so. We've just agreed on an update to RFC 2460 that, if it is
adopted by middleboxes, will fix or at least clarify the issue of what
happens to short extension headers. We need to wait a few years to see
if that happens, of course. That seems to me to be quite disjoint from
the issue of whether boxes that inspect extension headers have big
enough buffers, and distinct again from whether they handle fragmented
headers. I think there are three problems, needing three solutions.

   Brian
                                                          Ron
> 
>> -----Original Message-----
>> From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On Behalf Of
>> Fernando Gont
>> Sent: Monday, November 04, 2013 6:02 PM
>> To: 6man@ietf.org; IPv6 Operations
>> Subject: Some stats on IPv6 fragments and EH filtering on the Internet
>>
>> Folks,
>>
>> I did a presentation on the topic at the IEPG meeting earlier this
>> week.
>> It provides some concrete data regarding IPv6 fragmentation and
>> Extension Header filtering on the Internet.
>>
>> The slideware is available at:
>> <http://www.iepg.org/2013-11-ietf88/fgont-iepg-ietf88-ipv6-frag-and-
>> eh.pdf>
>>
>> Certainly there's *much* more work to be done in this area, but I
>> thought that this could be good food sfor some of the discussions that
>> we were having on the topic.
>>
>> Thanks,
>> --
>> Fernando Gont
>> e-mail: fernando@gont.com.ar || fgont@si6networks.com PGP Fingerprint:
>> 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
>>
>>
>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>>
> 
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>