IETF Logo Mail Archive

Re: [v6ops] Operational Implications of IPv6 Packets with Extension Headers - Load Balancer

Vasilenko Eduard <vasilenko.eduard@huawei.com> Mon, 27 July 2020 18:05 UTC

Return-Path: <vasilenko.eduard@huawei.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 734643A1B7E; Mon, 27 Jul 2020 11:05:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9mlT2nLOGxWg; Mon, 27 Jul 2020 11:05:47 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54D1E3A1CFE; Mon, 27 Jul 2020 11:05:20 -0700 (PDT)
Received: from lhreml711-chm.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id BDF5AADCF141CD3596F1; Mon, 27 Jul 2020 19:05:17 +0100 (IST)
Received: from msceml704-chm.china.huawei.com (10.219.141.143) by lhreml711-chm.china.huawei.com (10.201.108.62) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Mon, 27 Jul 2020 19:05:17 +0100
Received: from msceml703-chm.china.huawei.com (10.219.141.161) by msceml704-chm.china.huawei.com (10.219.141.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Mon, 27 Jul 2020 21:05:16 +0300
Received: from msceml703-chm.china.huawei.com ([10.219.141.161]) by msceml703-chm.china.huawei.com ([10.219.141.161]) with mapi id 15.01.1913.007; Mon, 27 Jul 2020 21:05:16 +0300
From: Vasilenko Eduard <vasilenko.eduard@huawei.com>
To: Tom Herbert <tom@herbertland.com>
CC: Fernando Gont <fgont@si6networks.com>, IPv6 Operations <v6ops@ietf.org>, "draft-gont-v6ops-ipv6-ehs-packet-drops@ietf.org" <draft-gont-v6ops-ipv6-ehs-packet-drops@ietf.org>
Thread-Topic: [v6ops] Operational Implications of IPv6 Packets with Extension Headers - Load Balancer
Thread-Index: AQHWZCBNgvrnr0hITbeSprlQeXLX06kbuR9A
Date: Mon, 27 Jul 2020 18:05:16 +0000
Message-ID: <6439ceb9d73b435d950e73a7a2d68fc7@huawei.com>
References: <b380408712364589a45ab9f39ab6f764@huawei.com> <CALx6S35rkA5nVPm6C6MToUdHKFmcAabGfMN9prTiUfWr+GKwCA@mail.gmail.com>
In-Reply-To: <CALx6S35rkA5nVPm6C6MToUdHKFmcAabGfMN9prTiUfWr+GKwCA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.47.199.194]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/JVhpJY9Xm1Li2YOT2EDwXcyMiX0>
Subject: Re: [v6ops] Operational Implications of IPv6 Packets with Extension Headers - Load Balancer
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jul 2020 18:05:50 -0000

Hi Tom,
I believe that risk still exist that some application would no use flow label properly.
Hence, it is better on LB to deep dive into UDP/TCP. More predictable/reliable result.
Eduard
-----Original Message-----
From: Tom Herbert [mailto:tom@herbertland.com] 
Sent: 27 июля 2020 г. 17:15
To: Vasilenko Eduard <vasilenko.eduard@huawei.com>
Cc: Fernando Gont <fgont@si6networks.com>; IPv6 Operations <v6ops@ietf.org>; draft-gont-v6ops-ipv6-ehs-packet-drops@ietf.org
Subject: Re: [v6ops] Operational Implications of IPv6 Packets with Extension Headers - Load Balancer

On Mon, Jul 27, 2020 at 2:08 AM Vasilenko Eduard <vasilenko.eduard@huawei.com> wrote:
>
> Hi Fernando,
> Hence again, following the logic of this draft (the level of detalization that you have given to 5.1) - may be you need additional section 5.1.x: Load Balancer have to look into TCP/UDP ports. Moreover, it could not trust "Flow label" - it is not reliable practice for LB.

Eduard,

What exactly does "not reliable practice for LB" mean.? If this means that the flow label might change during the flow's lifetime then I will point out that UDP is equally unreliable for that reason (i.e.
the UDP ports for a QUIC connection can change during the connection's lifetime). For that matter, a TCP header might be encrypted or in an encapsulation that the LB doesn't understand so the LB can't access the TCP ports at all-- in the this case the flow label is actually more reliable than TCP since it's never encrypted and is purposely designed to be consumed by intermediate nodes without the need for expensive DPI.

Tom
> Or alternatively you could say something about LB in section 5.1.2, 
> but because it is a little special case - may be better to have 
> separate 5.1.x
>
> Eduard
> -----Original Message-----
> From: v6ops [mailto:v6ops-bounces@ietf.org] On Behalf Of Fernando Gont
> Sent: 26 июля 2020 г. 8:46
> To: IPv6 Operations <v6ops@ietf.org>
> Cc: draft-gont-v6ops-ipv6-ehs-packet-drops@ietf.org
> Subject: [v6ops] Operational Implications of IPv6 Packets with 
> Extension Headers (Fwd: New Version Notification for 
> draft-gont-v6ops-ipv6-ehs-packet-drops-04.txt)
>
> Folks,
>
> We have posted a rev of our IETF I-D "Operational Implications of IPv6 Packets with Extension Headers".
>
> The I-D is available at:
> https://www.ietf.org/internet-drafts/draft-gont-v6ops-ipv6-ehs-packet-
> drops-04.txt
>
> Your feedback will be appreciated.
>
> Thanks!
>
> Cheers,
> Fernando
>
>
>
>
> -------- Forwarded Message --------
> Subject: New Version Notification for
> draft-gont-v6ops-ipv6-ehs-packet-drops-04.txt
> Date: Sat, 25 Jul 2020 22:28:50 -0700
> From: internet-drafts@ietf.org
> To: Fernando Gont <fgont@si6networks.com>, Gert Doering 
> <gert@space.net>, Geoff Huston <gih@apnic.net>, Warren Kumari 
> <warren@kumari.net>, Nick Hilliard <nick@inex.ie>
>
>
> A new version of I-D, draft-gont-v6ops-ipv6-ehs-packet-drops-04.txt
> has been successfully submitted by Fernando Gont and posted to the IETF repository.
>
> Name:           draft-gont-v6ops-ipv6-ehs-packet-drops
> Revision:       04
> Title:          Operational Implications of IPv6 Packets with Extension Headers
> Document date:  2020-07-25
> Group:          Individual Submission
> Pages:          15
> URL:
> https://www.ietf.org/internet-drafts/draft-gont-v6ops-ipv6-ehs-packet-
> drops-04.txt
> Status:
> https://datatracker.ietf.org/doc/draft-gont-v6ops-ipv6-ehs-packet-drop
> s/
> Htmlized:
> https://tools.ietf.org/html/draft-gont-v6ops-ipv6-ehs-packet-drops-04
> Htmlized:
> https://datatracker.ietf.org/doc/html/draft-gont-v6ops-ipv6-ehs-packet
> -drops
> Diff:
> https://www.ietf.org/rfcdiff?url2=draft-gont-v6ops-ipv6-ehs-packet-dro
> ps-04
>
> Abstract:
>     This document summarizes the security and operational implications of
>     IPv6 extension headers, and attempts to analyze reasons why packets
>     with IPv6 extension headers may be dropped in the public Internet.
>
>
>
>
> Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF Secretariat
>
>
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email