IETF Logo Mail Archive

Re: [v6ops] I-D Action: draft-gont-v6ops-ipv6-ehs-packet-drops-04.txt

Tim Chown <tjc.ietf@gmail.com> Wed, 29 July 2020 08:37 UTC

Return-Path: <tjc.ietf@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A1DA3A10C7 for <v6ops@ietfa.amsl.com>; Wed, 29 Jul 2020 01:37:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TM8mwLuV-yA9 for <v6ops@ietfa.amsl.com>; Wed, 29 Jul 2020 01:37:10 -0700 (PDT)
Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BA6F3A10C5 for <v6ops@ietf.org>; Wed, 29 Jul 2020 01:37:10 -0700 (PDT)
Received: by mail-wr1-x434.google.com with SMTP id z18so17223874wrm.12 for <v6ops@ietf.org>; Wed, 29 Jul 2020 01:37:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=PcoT5GuXNlnoQAeilQah4NSxPySnb91secrE1PCZ3FY=; b=cqDBGe0dBZxJpxqH7+z+QoVLSE24hjzOY+ddJhTauMU2OMmETjZEMqBePYR1KuB7Er 9aYxK3KmnEVSh/6kGP6a7SK1b8J1rlWebIstYjX+olJuM9yy7/F3vUuOe+FOtPCeHFXb 9tImdCHP6BGp6xKkV1plzvDByTmIBKXru+gJqoXmFbYM2jm30jy8A5UdkJ/Kjnfw966t uLjSGw/zwxwo5LizjlAsdWSlOhosaduUAqFLdr8ZiOjodjytvWnUdoW4sVhnfCDymW0X 5Tg/lJ8NHP5VcGvAZoflh/YoqJ1owUspfmGQaTUSVZWutapPopjx+EmfilkqT4q3HIed XwAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=PcoT5GuXNlnoQAeilQah4NSxPySnb91secrE1PCZ3FY=; b=eA+mZyji5wUYuGsaL74nWAag+3JvU0D52tKZedGEvoX8tm4ETQmg/LxpVWXkl1zl45 n7m8Db/9I9+c5TT3EhRgueHX7k7gWdhJ8pZop4RbW8aUcN5hz35d7dqEaAzRdd7L0EHT g621+hp1IC5fHkrurJhDZWsb6piNaJbVt0d0t4AGZZ+qPwKSpPwvfQOxJji8soRaBIq7 wCmkcpMBvONoO9RGJe4FHOkX4smhE6k7OhIVKNL5j22D+VaNwlfQmJG1afnEFZlaeAAy 48H6SAdV3zw57KSSAK6+IaJ07FcHToz0KpoZm9M4cFQqrjWMM90bUrfVobHaqT/ijkyN fz8Q==
X-Gm-Message-State: AOAM533Bh1e7k9uOKWZE4JaXsLxDY6+r4lLZd22e/v0CrNLm+nqNzGZw XryOnSePk60iDjZhIhSz94Q=
X-Google-Smtp-Source: ABdhPJy53pbtp3kJME6B3JfIG6fbvZ/a1keEtBAYcbr1vgI0f4UCY7JR3xFKN2t0mQkFe2dPOXXKwg==
X-Received: by 2002:adf:97d3:: with SMTP id t19mr27021818wrb.138.1596011829048; Wed, 29 Jul 2020 01:37:09 -0700 (PDT)
Received: from [192.168.0.21] (tchowndsl.claranet.co.uk. [212.188.254.49]) by smtp.gmail.com with ESMTPSA id l67sm4017222wml.13.2020.07.29.01.37.08 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 29 Jul 2020 01:37:08 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
From: Tim Chown <tjc.ietf@gmail.com>
In-Reply-To: <e743058d-c4c1-aeac-e81e-87baea4e38e0@si6networks.com>
Date: Wed, 29 Jul 2020 09:37:07 +0100
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, IPv6 Operations <v6ops@ietf.org>, Fernando Gont <fernando@gont.com.ar>
Content-Transfer-Encoding: quoted-printable
Message-Id: <CCE66D42-84AC-440D-B7B7-CCC46EBFB67D@gmail.com>
References: <159574132870.611.12077598721404194383@ietfa.amsl.com> <cc504d98-93ad-d14d-3362-e59b323d4b90@gmail.com> <5f0f7715-ff53-e5b2-6803-df1aac573060@gont.com.ar> <53a8e94d-dfc3-23f9-2dac-b70eb4f203a8@gmail.com> <B9888B6A-B81C-4F9B-A195-420C9236E2A9@gmail.com> <e743058d-c4c1-aeac-e81e-87baea4e38e0@si6networks.com>
To: Fernando Gont <fgont@si6networks.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/bW4ZHHlr7jdw4e_DcLNE9zODOb0>
Subject: Re: [v6ops] I-D Action: draft-gont-v6ops-ipv6-ehs-packet-drops-04.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2020 08:37:12 -0000

Inline...

> On 29 Jul 2020, at 08:58, Fernando Gont <fgont@si6networks.com> wrote:
> 
> Hi, Tim,
> 
> On 28/7/20 11:32, Tim Chown wrote:
>> Hi,
>>> On 27 Jul 2020, at 21:51, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>>> 
>>> On 27-Jul-20 18:49, Fernando Gont wrote:
>>> 
>>>> BTW... it seems that RFC7045 has not really been incorporated into
>>>> RFC8200?
>>> 
>>> Well, yes and no. Firstly the point about HbH header processing
>>> being essentially optional was adopted.  Similarly, RFC7045 says
>>> "This document updates RFC 2460 to
>>> clarify how intermediate nodes should deal with such extension
>>> headers and with any that are defined in the future."
>>> and that, I believe, is reflected in RFC8200.
>> It may be worth pointing out that RFC 7045 was included in the IPv6 Node Requirements
> 
> Maybe we can tweak the text to say something along the lines of:
> "  A number of recent RFCs have discussed issues related to IPv6
>   extension headers, specifying updates to a previous revision of the
>   IPv6 standard ([RFC2460]), most of which have now been incorporated
>   into the current IPv6 core standard ([RFC8200]) or the IPv6 Node
>   Requirements [RFC8504]).  Namely,"
> .
> .
> 
> ?

Maybe.  RFC8504 largely assembles text from elsewhere, e.g., from RFC8200, but there are some examples where it adds more that isn’t said in another RFC.

>> - bis work and thus into RFC 8504, with the “nodes SHOULD forward packets regardless of EHs present” text repeated there.
>> EH-related requirements in RFC 8504 are explicitly covered in https://tools.ietf.org/html/rfc8504#section-5.2.
> 
> By the way, our working copy says:
> 
> "[RFC8504] specifies processing rules for packets with extension headers, and also allows hosts to enforce limits on the number of options included in IPv6 EHs."
> 
> Maybe we should say s/specifies/clarifies/ ?

And this is one example of adding more.  I believe the text about such limits was put forward for section 5.3 of RFC8504 by Tom Herbert, and there was good agreement to include this text.  Ideally it might be in a separate document, to which RFC8504-bis refers one day. 

> FWIW, I don't mind noting “nodes SHOULD forward packets regardless of EHs present”, but in a way wouldn't that misrepresent both RFC8504 and RFC7045 a bit, which essentially elaborate on the caveats for the SHOULD (and hence are way more than to eartg that RFC8200).

What is included in Section 5.2 of RFC8504 on this subject is simply:

"  Further, [RFC7045] adds specific requirements for the processing of
   extension headers, in particular that any forwarding node along an
   IPv6 packet's path, which forwards the packet for any reason, SHOULD
   do so regardless of any extension headers that are present.”

The more specific notes on this are in Section 2.1 of RFC7045, so I’d point to that as the authoritative source of the "SHOULD forward regardless” guidance.   The subsequent words there about what firewalls SHOULD do perhaps flies in the face of what vendors include by default and operational practice though?

Tim

v2.23.0 | Report a Bug | By Email