Re: [v6ops] Some stats on IPv6 fragments and EH filtering on the Internet
Ronald Bonica <rbonica@juniper.net> Tue, 19 November 2013 15:29 UTC
Return-Path: <rbonica@juniper.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC5D11AE02F; Tue, 19 Nov 2013 07:29:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.601
X-Spam-Level:
X-Spam-Status: No, score=-102.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CWPhjcJlbiwa; Tue, 19 Nov 2013 07:29:19 -0800 (PST)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe001.messaging.microsoft.com [216.32.180.11]) by ietfa.amsl.com (Postfix) with ESMTP id A0E7D1AE026; Tue, 19 Nov 2013 07:29:19 -0800 (PST)
Received: from mail145-va3-R.bigfish.com (10.7.14.230) by VA3EHSOBE006.bigfish.com (10.7.40.26) with Microsoft SMTP Server id 14.1.225.22; Tue, 19 Nov 2013 15:29:13 +0000
Received: from mail145-va3 (localhost [127.0.0.1]) by mail145-va3-R.bigfish.com (Postfix) with ESMTP id 76F7F1A00F9; Tue, 19 Nov 2013 15:29:13 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.56.240.101; KIP:(null); UIP:(null); IPV:NLI; H:BL2PRD0510HT004.namprd05.prod.outlook.com; RD:none; EFVD:NLI
X-SpamScore: -25
X-BigFish: VPS-25(z579ehzbb2dI62a3I98dI9371I542I1432I4015Izz1f42h2148h208ch1ee6h1de0h1fdah2073h2146h1202h1e76h1d1ah1d2ah1fc6hzz1de098h1033IL17326ah8275bh8275dh1de097h186068hz2fh109h2a8h839h93fhd24hf0ah1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh162dh1631h1758h18e1h1946h19b5h19ceh1ad9h1b0ah224fh1d07h1d0ch1d2eh1d3fh1de9h1dfeh1dffh1e1dh1fe8h1ff5h2216h9a9j1155h)
Received-SPF: pass (mail145-va3: domain of juniper.net designates 157.56.240.101 as permitted sender) client-ip=157.56.240.101; envelope-from=rbonica@juniper.net; helo=BL2PRD0510HT004.namprd05.prod.outlook.com ; .outlook.com ;
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(377454003)(199002)(189002)(164054003)(479174003)(51704005)(252514010)(24454002)(13464003)(51856001)(53806001)(49866001)(33646001)(47736001)(79102001)(76576001)(77982001)(54356001)(74706001)(56776001)(50986001)(76796001)(4396001)(59766001)(46102001)(83072001)(47976001)(74876001)(87266001)(74366001)(77096001)(56816003)(76482001)(54316002)(66066001)(81542001)(80022001)(74502001)(63696002)(81342001)(19580395003)(15975445006)(81686001)(85306002)(76786001)(69226001)(81816001)(74316001)(83322001)(80976001)(47446002)(87936001)(31966008)(65816001)(74662001)(15202345003)(2656002)(19580405001)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:CO1PR05MB443; H:CO1PR05MB442.namprd05.prod.outlook.com; CLIP:66.129.241.15; FPR:; RD:InfoNoRecords; A:1; MX:1; LANG:en;
Received: from mail145-va3 (localhost.localdomain [127.0.0.1]) by mail145-va3 (MessageSwitch) id 1384874951327190_26656; Tue, 19 Nov 2013 15:29:11 +0000 (UTC)
Received: from VA3EHSMHS022.bigfish.com (unknown [10.7.14.231]) by mail145-va3.bigfish.com (Postfix) with ESMTP id 3EE853E00C9; Tue, 19 Nov 2013 15:29:11 +0000 (UTC)
Received: from BL2PRD0510HT004.namprd05.prod.outlook.com (157.56.240.101) by VA3EHSMHS022.bigfish.com (10.7.99.32) with Microsoft SMTP Server (TLS) id 14.16.227.3; Tue, 19 Nov 2013 15:29:04 +0000
Received: from CO1PR05MB443.namprd05.prod.outlook.com (10.141.73.152) by BL2PRD0510HT004.namprd05.prod.outlook.com (10.255.100.39) with Microsoft SMTP Server (TLS) id 14.16.383.1; Tue, 19 Nov 2013 15:29:04 +0000
Received: from CO1PR05MB442.namprd05.prod.outlook.com (10.141.73.146) by CO1PR05MB443.namprd05.prod.outlook.com (10.141.73.152) with Microsoft SMTP Server (TLS) id 15.0.785.10; Tue, 19 Nov 2013 15:29:01 +0000
Received: from CO1PR05MB442.namprd05.prod.outlook.com ([169.254.13.67]) by CO1PR05MB442.namprd05.prod.outlook.com ([169.254.13.146]) with mapi id 15.00.0785.001; Tue, 19 Nov 2013 15:29:01 +0000
From: Ronald Bonica <rbonica@juniper.net>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Thread-Topic: [v6ops] Some stats on IPv6 fragments and EH filtering on the Internet
Thread-Index: AQHO2bHohYR0s3IRQE+Bh6lCddmviporl0bwgAB23YCAALUaAA==
Date: Tue, 19 Nov 2013 15:29:00 +0000
Message-ID: <26b868a1fe7b45c5a1dd2f688caefc19@CO1PR05MB442.namprd05.prod.outlook.com>
References: <5278275C.50206@gont.com.ar> <5a9e4532c4e14bddbd9d824133820157@CO1PR05MB442.namprd05.prod.outlook.com> <528AEA8D.1070804@gmail.com>
In-Reply-To: <528AEA8D.1070804@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.129.241.15]
x-forefront-prvs: 0035B15214
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
Cc: IPv6 Operations <v6ops@ietf.org>, "6man@ietf.org" <6man@ietf.org>, Fernando Gont <fernando@gont.com.ar>
Subject: Re: [v6ops] Some stats on IPv6 fragments and EH filtering on the Internet
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Nov 2013 15:29:22 -0000
Brian, I see your point. If we fix the problems associated with extension headers, people will configure their middle-boxes to allow them. So, if we repeat Fernando's experiment in a few years, we may see very different results. You say that there are three distinct problems. I am aware of the following: - the tiny fragment problem (addressed by draft-ietf-6man-oversized-header chain) - the long header chain problem (addressed by draft-kumari-6man-long-headers) What is the third problem? Ron > -----Original Message----- > From: Brian E Carpenter [mailto:brian.e.carpenter@gmail.com] > Sent: Monday, November 18, 2013 11:35 PM > To: Ronald Bonica > Cc: Fernando Gont; 6man@ietf.org; IPv6 Operations > Subject: Re: [v6ops] Some stats on IPv6 fragments and EH filtering on > the Internet > > On 19/11/2013 10:50, Ronald Bonica wrote: > > Folks, > > > > Fernando presents two studies in <http://www.iepg.org/2013-11- > ietf88/fgont-iepg-ietf88-ipv6-frag-and-eh.pdf>. The second study is > more interesting to me, because duplicate addresses are removed. > > > > The following are a few questions regarding Fernando's second study: > > > > 1) Fernando observes that 41% of sites discard fragmented packets. > However, in a similar study > (http://www.nlnetlabs.nl/downloads/publications/pmtu-black-holes-msc- > thesis.pdf) only 10% of sites discarded fragmented packets. I wonder > why the two studies yield such divergent results. > > Well, that depends on whether there are significant differences between > the observation points and/or the set of target sites for the two > studies. There's certainly no law of physics that prevents both > measurements being correct. > > > 2) Fernando observes that 44% of sites discard packets containing an > 8 byte destination header, while 89% of sites discard packet containing > 1 kilobyte of extension headers. Because the first number (44%) is so > high, can I conclude that the second (89%) is insignificant. > > > Could it be that extension header length is a non-issue, because so > many sites filter packets containing extension headers, regardless of > their length? > > I don't think so. We've just agreed on an update to RFC 2460 that, if > it is adopted by middleboxes, will fix or at least clarify the issue of > what happens to short extension headers. We need to wait a few years to > see if that happens, of course. That seems to me to be quite disjoint > from the issue of whether boxes that inspect extension headers have big > enough buffers, and distinct again from whether they handle fragmented > headers. I think there are three problems, needing three solutions. > > Brian > Ron > > > >> -----Original Message----- > >> From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On Behalf > >> Of Fernando Gont > >> Sent: Monday, November 04, 2013 6:02 PM > >> To: 6man@ietf.org; IPv6 Operations > >> Subject: Some stats on IPv6 fragments and EH filtering on the > >> Internet > >> > >> Folks, > >> > >> I did a presentation on the topic at the IEPG meeting earlier this > >> week. > >> It provides some concrete data regarding IPv6 fragmentation and > >> Extension Header filtering on the Internet. > >> > >> The slideware is available at: > >> <http://www.iepg.org/2013-11-ietf88/fgont-iepg-ietf88-ipv6-frag-and- > >> eh.pdf> > >> > >> Certainly there's *much* more work to be done in this area, but I > >> thought that this could be good food sfor some of the discussions > >> that we were having on the topic. > >> > >> Thanks, > >> -- > >> Fernando Gont > >> e-mail: fernando@gont.com.ar || fgont@si6networks.com PGP > Fingerprint: > >> 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 > >> > >> > >> > >> -------------------------------------------------------------------- > >> IETF IPv6 working group mailing list > >> ipv6@ietf.org > >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > >> -------------------------------------------------------------------- > >> > > > > > > _______________________________________________ > > v6ops mailing list > > v6ops@ietf.org > > https://www.ietf.org/mailman/listinfo/v6ops > > >
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Simon Perreault
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Mark Andrews
- [v6ops] Some stats on IPv6 fragments and EH filte… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Tim Chown
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Mikael Abrahamsson
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Mikael Abrahamsson
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Templin, Fred L
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Joe Touch
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Ole Troan
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Tim Chown
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Jen Linkova
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Mikael Abrahamsson
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Tim Chown
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Ole Troan
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Templin, Fred L
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Tim Chown
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Templin, Fred L
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Jen Linkova
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Ole Troan
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Tim Chown
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Ole Troan
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Gert Doering
- Re: [v6ops] (RIPE Atlas) Some stats on IPv6 fragm… Vesna Manojlovic
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Nick Hilliard
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Nick Hilliard
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Ole Troan
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Nick Hilliard
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Brian E Carpenter
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Jared Mauch
- Re: [v6ops] Some stats on IPv6 fragments and EH f… joel jaeggli
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Nick Hilliard
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Brian E Carpenter
- Re: [v6ops] Some stats on IPv6 fragments and EH f… sthaug
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Templin, Fred L
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Simon Perreault
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Mikael Abrahamsson
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Joe Touch
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Fernando Gont
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Mikael Abrahamsson
- Re: [v6ops] Some stats on IPv6 fragments and EH f… joel jaeggli
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Simon Perreault
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Pedro Torres
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Hannes Frederic Sowa
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Ronald Bonica
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Brian E Carpenter
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Ronald Bonica
- Re: [v6ops] Some stats on IPv6 fragments and EH f… Brian E Carpenter