IETF Logo Mail Archive

Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-ehs-packet-drops-01.txt

"Dale W. Carder" <dwcarder@es.net> Wed, 14 October 2020 16:19 UTC

Return-Path: <dwcarder@es.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 893E23A0ECB for <v6ops@ietfa.amsl.com>; Wed, 14 Oct 2020 09:19:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=es.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aqHZYDn5oRux for <v6ops@ietfa.amsl.com>; Wed, 14 Oct 2020 09:19:49 -0700 (PDT)
Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAB843A09D9 for <v6ops@ietf.org>; Wed, 14 Oct 2020 09:19:49 -0700 (PDT)
Received: by mail-io1-xd33.google.com with SMTP id l8so5860191ioh.11 for <v6ops@ietf.org>; Wed, 14 Oct 2020 09:19:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=es.net; s=esnet-google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=Mf028mEKI77IPbRspblbg/RwCEeUbpixG4lcpVhOmBQ=; b=NQq1QZ/JzyjLmBRNw4Q/hBn5GyVt9Mv55FmxP7sINZk5qUG7WhfPOstIWt0W8cnOr/ jX65ehCny6gqE7sBlaFfCLN/Vxwqz73ED+iwfVmvEdhoLIgn5qjRRMlePCRI0pbaiTgw Y0KIIuGdpmOBaeY2xxbiF631X8tHu26qyk4xDLAinNFyl4AC1BHYnyUsd4ycR7xGo93l KdZnoIUfzxgMG9tN3eXrnV2R+XLJsDmdo7Vp5UTtyYqN/4wfV7TAoueH8kYEkWXUHt0p bNT9jQch6IhZYzIWhg1MYM3org+buOUz3HfsSy3hSxgUomKpn6P9hNldzcNiQwsbyPN5 TBRw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=Mf028mEKI77IPbRspblbg/RwCEeUbpixG4lcpVhOmBQ=; b=rwE38SbEf1cIMSmENCjwcobwzFeOV/pYToxNj1Jm48cF0dqO/01PIsTE7Yuo54mQ12 T7NfyUQGK+QgjMRdy3CHOiLY1iZp3FwWoa3eddCtnkyIJx0MI3+5wHHrIiZlBC7UNnYB IooGyNZnAbrucoMieshiZKjbUS7LYagDvuLNrzvtVSUvHepGFIt+uJUpSLW177PQuiys DEmn8i3UaSapFoKAkM/XhKhcfU+ATFjAFYiZ83mDYFMcdp1JZrvCQrthaYU3mdZbdVB6 z4r7F5N9O8Ph4oZcGMAVLMgE6Ac1ZdZlQtPy0Rs56vcf4DpjHW57E7N3JUV6l0eeIliE Z61A==
X-Gm-Message-State: AOAM5334yjq9n917gVPZVpJzG3W/WyCULCL9JgmheLx0j+qLD4TR46XO 90QHeD+ZloWVBXQaLvoZTjn27psWF9EZav2iQ5KRKP5oevhD5OXVYK2Tfq7mCt88nRea7ToqKtN PuQD5LCACXuPuXnKXYssZ9AQ2TUWowwA65eP5/BwuVWiMLc33ZWCQe+XgrA2ZOPqu+BOlTkY=
X-Google-Smtp-Source: ABdhPJyJv315VfxQ27izzEZWYAq5uGX3C7lYv03pDp+HG6d4buTKXdhI0VwgKbE63POJ1IVqRbR71Q==
X-Received: by 2002:a05:6638:974:: with SMTP id o20mr197275jaj.37.1602692388217; Wed, 14 Oct 2020 09:19:48 -0700 (PDT)
Received: from localhost ([2600:6c44:7580:4a01:b0e1:67ab:1edb:3b49]) by smtp.gmail.com with ESMTPSA id c63sm3866542ill.24.2020.10.14.09.19.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Oct 2020 09:19:47 -0700 (PDT)
Date: Wed, 14 Oct 2020 11:19:46 -0500
From: "Dale W. Carder" <dwcarder@es.net>
To: Fernando Gont <fernando@gont.com.ar>
Cc: v6ops@ietf.org
Message-ID: <20201014161946.GA65211@dwc-desktop.local>
References: <160267848680.30465.9254381369345717221@ietfa.amsl.com> <6f1419fa-19ef-173a-5095-35fa51cc4ed2@gont.com.ar>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <6f1419fa-19ef-173a-5095-35fa51cc4ed2@gont.com.ar>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/a_JChWkeyQ4tSpaOpmsghD8c3lQ>
Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-ipv6-ehs-packet-drops-01.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Oct 2020 16:19:52 -0000

Thus spake Fernando Gont (fernando@gont.com.ar) on Wed, Oct 14, 2020 at 09:37:38AM -0300:
> The rev is available at:
> https://tools.ietf.org/html/draft-ietf-v6ops-ipv6-ehs-packet-drops-01

In section 7.4, is it worth referencing covert channel risk from rfc6437's
section 6.1?

In section 7.1, I thought there was a class of devices (routers) where if
configured with a packet filter / acl that when unable to find the upper 
protocol information buried past the size of the lookup engine would actually 
forward traffic even if the policy was to deny.  I could have sworn I saw 
this topic fly by on the v6ops list, but I can't find it (thus I don't want 
to mistakenly name and shame).

I am not sure if I agree with the last paragraph of 6.1 which opines on
the low adoption of rfc6437-style flow label hash entropy.  I would 
expect that the current low adoption in ecmp implementations is a 
chicken/egg problem.  If you have a product that needs to hash and you are 
not confident there is enough adoption in host stacks, you are still forced 
to hunt for entropy from the upper-protocol protocols.  Otherwise all the 
legacy host traffic with the flow label set to 0 risks getting hashed 
entirely to one side or face reordering.

Dale

v2.23.0 | Report a Bug | By Email