IETF Logo Mail Archive

Re: [v6ops] Call for adoption: draft-peng-v6ops-hbh

Tom Herbert <tom@herbertland.com> Fri, 10 September 2021 23:49 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 095223A24CF for <v6ops@ietfa.amsl.com>; Fri, 10 Sep 2021 16:49:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6UNXx3GUz6oz for <v6ops@ietfa.amsl.com>; Fri, 10 Sep 2021 16:49:45 -0700 (PDT)
Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7097C3A24CD for <v6ops@ietf.org>; Fri, 10 Sep 2021 16:49:45 -0700 (PDT)
Received: by mail-ej1-x62d.google.com with SMTP id x11so7577930ejv.0 for <v6ops@ietf.org>; Fri, 10 Sep 2021 16:49:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=3mdVKVBSGVRoD4TPQunq/IZDBohYc+RTEpmDFUqAze8=; b=SmsYES/ZlFrlQ5nPT4yfFPOKUtIFBOpTZCD0bUTzSk6tA4wS+HKJwF2D3mjYP91jIK h89gfTiSJ0p0X3N8BBuKDjHL7XWr+pxM+siza8ykZkn/BDe+0aVgVFwBG7njQLiDTUw3 EQ7KDr4kGQaBcXfmjyYTNbjDWkClywToJjfvjtYdDg71oLiUjf4vo9Cb78HCuIMYcqGn Qrj0/Uvp4jTvavIK7mJsUdD6RQyfwi/m5vXQiXJUprVg9uCDDkXLLVUZq7Kl6PgI5NlB NMW5P881sLqtWuAebIKGFm0QCqkRpj/mEhYvgeVeXYVr7r1na3y0dH7EMLWVcxnuv2ML /PNQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=3mdVKVBSGVRoD4TPQunq/IZDBohYc+RTEpmDFUqAze8=; b=l5RJh7ciL365y1URBu/COZ+xAJSZ4s5C80jaf+ms46r4pLF42TWH6829IJ0+xxYwRx D8ddE17lO0QZ52FIJsn6FleTSTncwc5QsArjwrEqogfDZZadb8Aw89Pw//USjsgvCDQy 9EgKo8+UdNsA9d7yUb8cpF4khtZ8I0REnIsu/uNtFpkJ+YBnnF0/n8rt+PMqn88QDL7p O3nRFl1EbK+Ti6/j4bLdxR4Wfqbb5L7mElotCNqDFFjOKJ9xFVOLqr8jKnweUKVI1q52 v68i9rZMAcS4eEc+gj7UStZ3uMeIHsuRHzX/Jz19fOoyAinsdAOI5VjwGQoz5aNP/hc9 SqvA==
X-Gm-Message-State: AOAM5334kS5aFFCORFIvLWmijHrRFryHE8t/DpAjhh1Ru6BUtJ0RDYwH JPDhGF/Lmo/2Rjff2GJNcunBhsSag1wYQQELtmFhzw==
X-Google-Smtp-Source: ABdhPJygxX7qh93/xsPmIOL7WN/t1wTo9H/Ye+vuB3BJ58dihnzNVPA5saCIQjHtYPmqHTMwAEo6Za3l3CaDlKjGgfY=
X-Received: by 2002:a17:906:a18b:: with SMTP id s11mr158508ejy.8.1631317783014; Fri, 10 Sep 2021 16:49:43 -0700 (PDT)
MIME-Version: 1.0
References: <BL0PR05MB5316375D7503A85477DF874AAED59@BL0PR05MB5316.namprd05.prod.outlook.com> <93CF6EB2-5AC0-4611-9A28-2D1AF50F2F64@gmail.com>
In-Reply-To: <93CF6EB2-5AC0-4611-9A28-2D1AF50F2F64@gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Fri, 10 Sep 2021 16:49:32 -0700
Message-ID: <CALx6S36Wu9g=gBvQg1O=TfC=ifyc01_DM-9-7igL9SS9PbOsXw@mail.gmail.com>
To: Bob Hinden <bob.hinden@gmail.com>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/e0pBNMmDgI1KnGDenhqqh6lYU_k>
Subject: Re: [v6ops] Call for adoption: draft-peng-v6ops-hbh
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Sep 2021 23:49:51 -0000

On Fri, Sep 10, 2021 at 4:00 PM Bob Hinden <bob.hinden@gmail.com> wrote:
>
> Hi,
>
> If there is enough interest in v6ops, I generally support the V6OPS w.g. taking this on as a w.g. document.   I am a co-author of a few relevant documents in 6MAN, these are:
>
> draft-ietf-6man-mtu-option
> draft-hinden-6man-hbh-processing
>
> The second represents a proposed solution to the issues with IPv6 Hop-by-Hop options.  At the high level, I think there is general agreement that the goals of draft-peng-v6ops-hbh and draft-hinden-6man-hbh-processing are aligned.   If adopted they could reference each other.   Another relevant document presented in 6MAN is draft-herbert-6man-eh-limits.   I think this is also aligned.

Yes, the need for extension headers is alluded to in the draft "IPv6
Extended Header limitations that need to be addressed to make HBH
processing more efficient and viable in the forwarding plane". It
might make sense to reference draft-herbert-6man-eh-limits (for
instance it addresses the 2,048 bytes in a single EH problem).

>
> While the problems with IPv6 Hop-by-Hop options are generally well known and described in IETF documents, for example <draft-ietf-v6ops-ipv6-ehs-packet-drops>, RFC9099 and RFC7872, I don’t see any harm in doing another, if it helps us to improve the situation with IPv6 Hop-by-Hop headers.  If we want to fix this, we need to work together.
>
> I do see a number of serious issues with draft-peng-v6ops-hbh-06, even though it is much better than the earlier versions that should be fixed if adopted.  These include:
>
> 1) The current title is "Processing of the Hop-by-Hop Options Header”.   This makes it sound a lot like how routers should process IPv6 HBH headers and options, not like a description of the operational issues.   I think will cause confusion with draft-hinden-6man-hbh-processing that is titled "IPv6 Hop-by-Hop Options Processing Procedures”.   I think draft-peng-v6ops-hbh should change it’s title avoid this confusion.  Something like “Operational Issues with Processing Hop-bb-Hop Options Headers” (or something similar) would be better.
>
> 2) Section 2. "Modern Router Architecture”
>
> This appears to be a good description of some “modern” router architectures, but I suspect there are other architectures that are different.   For example, there are still a lot (perhaps the majority of routers) of software based routers without hardware assist and differentiated control and forwarding planes.  This section needs work if it intends to describe all router architecture handling of Hop-by-Hop option headers.
>
> 3) Section 3.  Specification of RFC 8200
>
> This section summarizes text from RFC8200.   In general it is better to quote other RFCs instead of trying to summarize them.   Summarizing tends to loose subtle differences.
>
> 4) Section 7 Requirements
>
> This section needs a lot of work, or should be removed.   For example, looking at the the first requirement:
>
>    *  The HBH options header MUST NOT become a possible DDoS Vector.
>
> This has several serious issues.   The first is that any protocol mechanism can be used a a DDOS attack vector under the right circumstances.   With a MUST NOT this requirement is impossible to meet.   The use of upper case RFC8174 key words turns this into a protocol specification, I don’t think that would be in scope for V6OPS.
>
> The next requirement:
>
>    *  HBH options SHOULD be designed so that they don't reduce the
>       probability of packet delivery.  For example, an intermediate node
>       may discard a packet because it contains more HBH options than the
>       node can process.
>
> How can you design an HBH option that knows how many options an intermediate node (we usually call these routers) can process?   Again, it’s a requirement that can’t be met.
>
> I have similar comments on the other requirements, but won’t list them here.  As I said, this section either needs a lot of work, or should be removed.
>
> 5) Section 8.  Migration Strategies
>
> This section also has serious issues.   These include:
>
> It talks about characterizing options into either control options or forward options.   We only have HBH Options, not two types.
>
I believe this is describing that a router might choose to process
some HBH options in the forwarding fast path, and some in a software
slow path. IMO, from a host stack perspective, any HBH options being
sent should be processed in the fast path or not processed at all--
taking the slow path for some packets creates performance variances
and OOO packets.

> It says nodes are updated to the proposed behavior introduced in the pervious section, but the previous section says requirements.
>
> It says edge nodes (we usually call these hosts in IPv6) should check whether the packet contains an HBH header with control or forwarding options.   This isn’t a good description of how hosts actually work, nor are there control or forward options.
>
> This section may be a remanent of an earlier version of this draft that was proposing different types of HBH options, but can’t really tell.   Might be best to remove this section.
>
> Bob
>
>
>
>
>
>
>
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email