IETF Logo Mail Archive

Re: [v6ops] Some stats on IPv6 fragments and EH filtering on the Internet

Ronald Bonica <rbonica@juniper.net> Tue, 19 November 2013 15:29 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC5D11AE02F; Tue, 19 Nov 2013 07:29:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.601
X-Spam-Level:
X-Spam-Status: No, score=-102.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CWPhjcJlbiwa; Tue, 19 Nov 2013 07:29:19 -0800 (PST)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe001.messaging.microsoft.com [216.32.180.11]) by ietfa.amsl.com (Postfix) with ESMTP id A0E7D1AE026; Tue, 19 Nov 2013 07:29:19 -0800 (PST)
Received: from mail145-va3-R.bigfish.com (10.7.14.230) by VA3EHSOBE006.bigfish.com (10.7.40.26) with Microsoft SMTP Server id 14.1.225.22; Tue, 19 Nov 2013 15:29:13 +0000
Received: from mail145-va3 (localhost [127.0.0.1]) by mail145-va3-R.bigfish.com (Postfix) with ESMTP id 76F7F1A00F9; Tue, 19 Nov 2013 15:29:13 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.56.240.101; KIP:(null); UIP:(null); IPV:NLI; H:BL2PRD0510HT004.namprd05.prod.outlook.com; RD:none; EFVD:NLI
X-SpamScore: -25
X-BigFish: VPS-25(z579ehzbb2dI62a3I98dI9371I542I1432I4015Izz1f42h2148h208ch1ee6h1de0h1fdah2073h2146h1202h1e76h1d1ah1d2ah1fc6hzz1de098h1033IL17326ah8275bh8275dh1de097h186068hz2fh109h2a8h839h93fhd24hf0ah1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh162dh1631h1758h18e1h1946h19b5h19ceh1ad9h1b0ah224fh1d07h1d0ch1d2eh1d3fh1de9h1dfeh1dffh1e1dh1fe8h1ff5h2216h9a9j1155h)
Received-SPF: pass (mail145-va3: domain of juniper.net designates 157.56.240.101 as permitted sender) client-ip=157.56.240.101; envelope-from=rbonica@juniper.net; helo=BL2PRD0510HT004.namprd05.prod.outlook.com ; .outlook.com ;
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(377454003)(199002)(189002)(164054003)(479174003)(51704005)(252514010)(24454002)(13464003)(51856001)(53806001)(49866001)(33646001)(47736001)(79102001)(76576001)(77982001)(54356001)(74706001)(56776001)(50986001)(76796001)(4396001)(59766001)(46102001)(83072001)(47976001)(74876001)(87266001)(74366001)(77096001)(56816003)(76482001)(54316002)(66066001)(81542001)(80022001)(74502001)(63696002)(81342001)(19580395003)(15975445006)(81686001)(85306002)(76786001)(69226001)(81816001)(74316001)(83322001)(80976001)(47446002)(87936001)(31966008)(65816001)(74662001)(15202345003)(2656002)(19580405001)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:CO1PR05MB443; H:CO1PR05MB442.namprd05.prod.outlook.com; CLIP:66.129.241.15; FPR:; RD:InfoNoRecords; A:1; MX:1; LANG:en;
Received: from mail145-va3 (localhost.localdomain [127.0.0.1]) by mail145-va3 (MessageSwitch) id 1384874951327190_26656; Tue, 19 Nov 2013 15:29:11 +0000 (UTC)
Received: from VA3EHSMHS022.bigfish.com (unknown [10.7.14.231]) by mail145-va3.bigfish.com (Postfix) with ESMTP id 3EE853E00C9; Tue, 19 Nov 2013 15:29:11 +0000 (UTC)
Received: from BL2PRD0510HT004.namprd05.prod.outlook.com (157.56.240.101) by VA3EHSMHS022.bigfish.com (10.7.99.32) with Microsoft SMTP Server (TLS) id 14.16.227.3; Tue, 19 Nov 2013 15:29:04 +0000
Received: from CO1PR05MB443.namprd05.prod.outlook.com (10.141.73.152) by BL2PRD0510HT004.namprd05.prod.outlook.com (10.255.100.39) with Microsoft SMTP Server (TLS) id 14.16.383.1; Tue, 19 Nov 2013 15:29:04 +0000
Received: from CO1PR05MB442.namprd05.prod.outlook.com (10.141.73.146) by CO1PR05MB443.namprd05.prod.outlook.com (10.141.73.152) with Microsoft SMTP Server (TLS) id 15.0.785.10; Tue, 19 Nov 2013 15:29:01 +0000
Received: from CO1PR05MB442.namprd05.prod.outlook.com ([169.254.13.67]) by CO1PR05MB442.namprd05.prod.outlook.com ([169.254.13.146]) with mapi id 15.00.0785.001; Tue, 19 Nov 2013 15:29:01 +0000
From: Ronald Bonica <rbonica@juniper.net>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Thread-Topic: [v6ops] Some stats on IPv6 fragments and EH filtering on the Internet
Thread-Index: AQHO2bHohYR0s3IRQE+Bh6lCddmviporl0bwgAB23YCAALUaAA==
Date: Tue, 19 Nov 2013 15:29:00 +0000
Message-ID: <26b868a1fe7b45c5a1dd2f688caefc19@CO1PR05MB442.namprd05.prod.outlook.com>
References: <5278275C.50206@gont.com.ar> <5a9e4532c4e14bddbd9d824133820157@CO1PR05MB442.namprd05.prod.outlook.com> <528AEA8D.1070804@gmail.com>
In-Reply-To: <528AEA8D.1070804@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.129.241.15]
x-forefront-prvs: 0035B15214
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
Cc: IPv6 Operations <v6ops@ietf.org>, "6man@ietf.org" <6man@ietf.org>, Fernando Gont <fernando@gont.com.ar>
Subject: Re: [v6ops] Some stats on IPv6 fragments and EH filtering on the Internet
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Nov 2013 15:29:22 -0000

Brian,

I see your point. If we fix the problems associated with extension headers, people will configure their middle-boxes to allow them. So, if we repeat Fernando's experiment in a few years, we may see very different results. 

You say that there are three distinct problems. I am aware of the following:

- the tiny fragment problem (addressed by draft-ietf-6man-oversized-header chain)
- the long header chain problem (addressed by draft-kumari-6man-long-headers)

What is the third problem?

                                              Ron


> -----Original Message-----
> From: Brian E Carpenter [mailto:brian.e.carpenter@gmail.com]
> Sent: Monday, November 18, 2013 11:35 PM
> To: Ronald Bonica
> Cc: Fernando Gont; 6man@ietf.org; IPv6 Operations
> Subject: Re: [v6ops] Some stats on IPv6 fragments and EH filtering on
> the Internet
> 
> On 19/11/2013 10:50, Ronald Bonica wrote:
> > Folks,
> >
> > Fernando presents two studies in <http://www.iepg.org/2013-11-
> ietf88/fgont-iepg-ietf88-ipv6-frag-and-eh.pdf>. The second study is
> more interesting to me, because duplicate addresses are removed.
> >
> > The following are a few questions regarding Fernando's second study:
> >
> > 1) Fernando observes that 41% of sites discard fragmented packets.
> However, in a similar study
> (http://www.nlnetlabs.nl/downloads/publications/pmtu-black-holes-msc-
> thesis.pdf) only 10% of sites discarded fragmented packets. I wonder
> why the two studies yield such divergent results.
> 
> Well, that depends on whether there are significant differences between
> the observation points and/or the set of target sites for the two
> studies. There's certainly no law of physics that prevents both
> measurements being correct.
> 
> > 2) Fernando observes that 44% of sites discard packets containing an
> 8 byte destination header, while 89% of sites discard packet containing
> 1 kilobyte of extension headers. Because the first number (44%) is so
> high, can I conclude that the second (89%) is insignificant.
> 
> > Could it be that extension header length is a non-issue, because so
> many sites filter packets containing extension headers, regardless of
> their length?
> 
> I don't think so. We've just agreed on an update to RFC 2460 that, if
> it is adopted by middleboxes, will fix or at least clarify the issue of
> what happens to short extension headers. We need to wait a few years to
> see if that happens, of course. That seems to me to be quite disjoint
> from the issue of whether boxes that inspect extension headers have big
> enough buffers, and distinct again from whether they handle fragmented
> headers. I think there are three problems, needing three solutions.
> 
>    Brian
>                                                           Ron
> >
> >> -----Original Message-----
> >> From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On Behalf
> >> Of Fernando Gont
> >> Sent: Monday, November 04, 2013 6:02 PM
> >> To: 6man@ietf.org; IPv6 Operations
> >> Subject: Some stats on IPv6 fragments and EH filtering on the
> >> Internet
> >>
> >> Folks,
> >>
> >> I did a presentation on the topic at the IEPG meeting earlier this
> >> week.
> >> It provides some concrete data regarding IPv6 fragmentation and
> >> Extension Header filtering on the Internet.
> >>
> >> The slideware is available at:
> >> <http://www.iepg.org/2013-11-ietf88/fgont-iepg-ietf88-ipv6-frag-and-
> >> eh.pdf>
> >>
> >> Certainly there's *much* more work to be done in this area, but I
> >> thought that this could be good food sfor some of the discussions
> >> that we were having on the topic.
> >>
> >> Thanks,
> >> --
> >> Fernando Gont
> >> e-mail: fernando@gont.com.ar || fgont@si6networks.com PGP
> Fingerprint:
> >> 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
> >>
> >>
> >>
> >> --------------------------------------------------------------------
> >> IETF IPv6 working group mailing list
> >> ipv6@ietf.org
> >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> >> --------------------------------------------------------------------
> >>
> >
> >
> > _______________________________________________
> > v6ops mailing list
> > v6ops@ietf.org
> > https://www.ietf.org/mailman/listinfo/v6ops
> >
>

v2.23.0 | Report a Bug | By Email