IETF Logo Mail Archive

Re: [v6ops] WG Doc? draft-gont-v6ops-ipv6-ehs-packet-drops

Nick Hilliard <nick@foobar.org> Sun, 13 March 2016 20:54 UTC

Return-Path: <nick@foobar.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C43612D898 for <v6ops@ietfa.amsl.com>; Sun, 13 Mar 2016 13:54:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8OwIJxrI4Z8l for <v6ops@ietfa.amsl.com>; Sun, 13 Mar 2016 13:54:50 -0700 (PDT)
Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23A1112D7F7 for <v6ops@ietf.org>; Sun, 13 Mar 2016 13:54:49 -0700 (PDT)
X-Envelope-To: v6ops@ietf.org
Received: from cupcake.foobar.org (089-101-070076.ntlworld.ie [89.101.70.76] (may be forged)) (authenticated bits=0) by mail.netability.ie (8.15.2/8.14.9) with ESMTPSA id u2DKseEu035315 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 13 Mar 2016 20:54:42 GMT (envelope-from nick@foobar.org)
X-Authentication-Warning: cheesecake.ibn.ie: Host 089-101-070076.ntlworld.ie [89.101.70.76] (may be forged) claimed to be cupcake.foobar.org
Message-ID: <56E5D38F.7080507@foobar.org>
Date: Sun, 13 Mar 2016 20:54:39 +0000
From: Nick Hilliard <nick@foobar.org>
User-Agent: Postbox 4.0.8 (Macintosh/20151105)
MIME-Version: 1.0
To: otroan@employees.org
References: <A277BE71-BD70-4AFE-97DA-F224D7DBBCB8@cisco.com> <BDA56C2D-788D-421C-B44A-1A29578F0F78@employees.org> <56E318C7.5020200@gmail.com> <F57DFD38-FC99-45AE-B41D-51B0565148B1@employees.org> <CALx6S37vNXk-g=W4n_Qvd2J=7xkgydvGEUwrhu8pRQig0hoqLg@mail.gmail.com> <1BB37194-0F5B-45C1-9DFA-87B1C28264D2@employees.org>
In-Reply-To: <1BB37194-0F5B-45C1-9DFA-87B1C28264D2@employees.org>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/UmINztCk92dbwgqXhfqRY0O_i3M>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] WG Doc? draft-gont-v6ops-ipv6-ehs-packet-drops
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Mar 2016 20:54:53 -0000

otroan@employees.org wrote:
> in every router / middlebox on the planet. (and somewhat tangential
> for any RFC describing shared IPv4 addresses)
> 
> e.g (from VPP):

i.e. when the packet processor can see the tcp/udp ports, the flow hash
generally ends up being an n-tuple similar to:

fh(flowlabel, srcip, dstip, srcport, dstport)

In this case, protocol is also added in, but this value will be tied
tightly to similar srcport and dstport values, so its overall
contribution to entropy is low.

If the packet processor can't see the tcp/udp src/dst ports due to
excessive amounts of EHs, then this n-tuple drops to:

fh(flowlabel, srcip, dstip, 0, 0)

In practice, the flow label is often set to zero, giving:

fh(0, srcip, dstip, 0, 0)

The point of the draft is to note that excessive EHs will contribute to
a deterioration of entropy in flow hash inputs and that this has
operational consequences.

Nick

> 
> /* Compute flow hash.  We'll use it to select which Sponge to use for this
>    flow.  And other things. */
> always_inline u32
> ip6_compute_flow_hash (ip6_header_t * ip, u32 flow_hash_config)
> {
>     tcp_header_t * tcp = (void *) (ip + 1);
>     u64 a, b, c;
>     u64 t1, t2;
>     uword is_tcp_udp = (ip->protocol == IP_PROTOCOL_TCP
> 			|| ip->protocol == IP_PROTOCOL_UDP);
> 
>     t1 = (ip->src_address.as_u64[0] ^ ip->src_address.as_u64[1]);
>     t1 = (flow_hash_config & IP_FLOW_HASH_SRC_ADDR) ? t1 : 0;
> 
>     t2 = (ip->dst_address.as_u64[0] ^ ip->dst_address.as_u64[1]);
>     t2 = (flow_hash_config & IP_FLOW_HASH_DST_ADDR) ? t2 : 0;
> 
>     a = (flow_hash_config & IP_FLOW_HASH_REVERSE_SRC_DST) ? t2 : t1;
>     b = (flow_hash_config & IP_FLOW_HASH_REVERSE_SRC_DST) ? t1 : t2;
>     b ^= (flow_hash_config & IP_FLOW_HASH_PROTO) ? ip->protocol : 0;
> 
>     t1 = is_tcp_udp ? tcp->ports.src : 0;
>     t2 = is_tcp_udp ? tcp->ports.dst : 0;
> 
>     t1 = (flow_hash_config & IP_FLOW_HASH_SRC_PORT) ? t1 : 0;
>     t2 = (flow_hash_config & IP_FLOW_HASH_DST_PORT) ? t2 : 0;
> 
>     c = (flow_hash_config & IP_FLOW_HASH_REVERSE_SRC_DST) ?
>         ((t1<<16) | t2) : ((t2<<16) | t1);
> 
>     hash_mix64 (a, b, c);
>     return (u32) c;
> }
> 
> Best,
> Ole
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email