Re: [v6ops] Some stats on IPv6 fragments and EH filtering on the Internet

Pedro Torres <torres@pop-pr.rnp.br> Tue, 05 November 2013 01:53 UTC

Return-Path: <backup2.torres@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04E9E11E8349; Mon, 4 Nov 2013 17:53:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X85V0tfnCBZL; Mon, 4 Nov 2013 17:53:41 -0800 (PST)
Received: from mail-oa0-x22e.google.com (mail-oa0-x22e.google.com [IPv6:2607:f8b0:4003:c02::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 287B411E81D3; Mon, 4 Nov 2013 17:53:39 -0800 (PST)
Received: by mail-oa0-f46.google.com with SMTP id g12so8015066oah.19 for <multiple recipients>; Mon, 04 Nov 2013 17:53:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=amvnVD84Wa/j6Gm/HQz/fFHixLOnW1AAUgfSb0Dx1nA=; b=tQ7RLXlv7zC4ejhHKODDfe/sSFoizqjBdXco1fNnJYRd8/jL8MbEhbKcgqdAjTB23+ 4vrXKNS6QWF+9qtrknmsnfmO5ipEUZgocIDZFpxzhRRpXmA2F3U1GaB6FfiH/8bJfkTU Q7H7iBGC3kwBcnqx7wK9ihDl2WJIvwNOajBS0YMN6Z5xuh3eozeHaoF/k9Ia9VbaaEzw MSQ1jDfEEbERPjkk4QxUuySm8GLQZkSGz36PyHix6oPqJq892JZe6p/3IDuF8LOwgs/m D22vGaq9bAdfijK3FdeXGLrcIjGGvRTJWrdPseZqG4tABa1yixhtxm/L+PxEa2Cd8dYW d9tQ==
MIME-Version: 1.0
X-Received: by 10.182.66.164 with SMTP id g4mr4239051obt.47.1383616418590; Mon, 04 Nov 2013 17:53:38 -0800 (PST)
Sender: backup2.torres@gmail.com
Received: by 10.60.25.6 with HTTP; Mon, 4 Nov 2013 17:53:38 -0800 (PST)
In-Reply-To: <EMEW3|dedd4c8528278c035fade0cbf2a8cb74pA3NRi03tjc|ecs.soton.ac.uk|AA811674-7409-437A-B181-B226F81C381A@ecs.soton.ac.uk>
References: <AA811674-7409-437A-B181-B226F81C381A@ecs.soton.ac.uk> <5278275C.50206@gont.com.ar> <EMEW3|dedd4c8528278c035fade0cbf2a8cb74pA3NRi03tjc|ecs.soton.ac.uk|AA811674-7409-437A-B181-B226F81C381A@ecs.soton.ac.uk>
Date: Mon, 4 Nov 2013 23:53:38 -0200
X-Google-Sender-Auth: s83HzSnZ8voQ-H2eglDnc0SRCm4
Message-ID: <CAPfnYRgTio5ajooEBnSU7C03ObGrPaezjjKOYs2u=msMjR0C2w@mail.gmail.com>
From: Pedro Torres <torres@pop-pr.rnp.br>
To: Tim Chown <tjc@ecs.soton.ac.uk>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Sun, 10 Nov 2013 09:25:12 -0800
Cc: IPv6 Operations <v6ops@ietf.org>, "6man@ietf.org" <6man@ietf.org>
Subject: Re: [v6ops] Some stats on IPv6 fragments and EH filtering on the Internet
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Nov 2013 01:53:42 -0000

Tim/Fernando,

Wow! I'm scared of these results!
(If that was the intention, it worked!)

--
Pedro

On Mon, Nov 4, 2013 at 9:27 PM, Tim Chown <tjc@ecs.soton.ac.uk> wrote:
> Hi,
>
> Also as per the IEPG discussion, the results I had in conjunction with a summer MSc project student can be summarised as follows.
>
> The headline is that he saw a 37.7% failure rate for the Fragmentation Header (alone), a bit better than Fernando’s results, but still not good.
>
> He tested the top 1,000 IPv6-enabled Alexa sites.
> He used the scapy toolkit which supports the four main extension header types (routing, fragmentation, destination and hop-by-hop)
> He tested
> a) valid combinations of those 4 extension headers as per RFC 2460
> b) other non-valid combinations
> c) duplicated extension headers
> d) fragmentation header
> Primarily TCP tests, doing HTTP GET requests.
>
> For single extension headers, acceptance was
> Routing header 63.9%
> Frag header 62.3%
> Hop by hop header 60%
> Destination option header 15.8%
> When using no extension headers, success rate was 100%
> When using multiple headers, the rates fall markedly, not dissimilar with Fernando’s numbers for longer headers.
>
> About 120 sites accept all four types of extension headers.
>
> A small number of sites accepted illegal combinations/ordering of extension headers.
>
> A more detailed set of results is being pushed to a conference paper.
>
> I now have another student taking this further, and validating the above results, so feel free to contact me off-list if you’re interested.
>
> Tim
>
> On 4 Nov 2013, at 23:01, Fernando Gont <fernando@gont.com.ar> wrote:
>
>> Folks,
>>
>> I did a presentation on the topic at the IEPG meeting earlier this week.
>> It provides some concrete data regarding IPv6 fragmentation and
>> Extension Header filtering on the Internet.
>>
>> The slideware is available at:
>> <http://www.iepg.org/2013-11-ietf88/fgont-iepg-ietf88-ipv6-frag-and-eh.pdf>
>>
>> Certainly there's *much* more work to be done in this area, but I
>> thought that this could be good food sfor some of the discussions that
>> we were having on the topic.
>>
>> Thanks,
>> --
>> Fernando Gont
>> e-mail: fernando@gont.com.ar || fgont@si6networks.com
>> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
>>
>>
>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------