IETF Logo Mail Archive

Re: [v6ops] Call for adoption: draft-peng-v6ops-hbh

Gyan Mishra <hayabusagsm@gmail.com> Sat, 11 September 2021 02:30 UTC

Return-Path: <hayabusagsm@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60A5B3A2B9D for <v6ops@ietfa.amsl.com>; Fri, 10 Sep 2021 19:30:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id joNPCwhtx1q6 for <v6ops@ietfa.amsl.com>; Fri, 10 Sep 2021 19:30:16 -0700 (PDT)
Received: from mail-pf1-x433.google.com (mail-pf1-x433.google.com [IPv6:2607:f8b0:4864:20::433]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B70863A2B9A for <v6ops@ietf.org>; Fri, 10 Sep 2021 19:30:16 -0700 (PDT)
Received: by mail-pf1-x433.google.com with SMTP id g14so3554826pfm.1 for <v6ops@ietf.org>; Fri, 10 Sep 2021 19:30:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mrBxaYJjzPSbOGUNLZDDkEwmh58W/6kKm9JtpyEiJZA=; b=RemwahQKMItGAXTUAx2xxKnraYr+e3OSrDaiHLaReX0Abk6tZGWakiwTYmNBrSbDlq auNIpnSwAELqKE1B14P+/1j8gu57DcbKiCsOEjivHg3EO143CuT7Pg1SWyg+wA0I1PYd EV8R2PeZlfRWTQzLkGSD3esIYNHGT4xUaGEylpnFArgWivx/y1OUpZ8wZSOzynd4H7qw zeampXnoYGPcDr8ZH/a5oSvbeavnn47LIV/PDCbgzsjAa1d+WyyUnbOhcftZyOn/pGdK rXuspx5GLTx1viFsaMKw3cJPqfErbHI+hFIvRr1gEVjblgpRgQONgMOXZd+vDacZR4wD rg+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mrBxaYJjzPSbOGUNLZDDkEwmh58W/6kKm9JtpyEiJZA=; b=KqLrE6vO4x4xe5aFBrhheuUgrFeB9e8trR7pyiVhMI25iHL1v1TaSnPt2OkJrjnfXt VgdBlYZFMUTDBLMS0BcZLaZchxboC8AC+x5JxG6s33vQMxOETV9TCLTcuSqiBqRxmpLM XRj6s1yTH8eOgA9sx9cu1Rm8LAnwdiQ9mGX0HbZQLGS65X/br+NG+NORsSIZ1spKpJpv FMV6lUZnAyus1r0KokHbu5/PYx1VLbjLN6FlH2PkTbJjTfJxcjFnk0pignkMm/l/320t 8Ezq94/K0hfMU2ZMMJhhPTaGyHVtwKPnwIvF/Og22NRPUpHLFINNi7gl0DoP4O4bt199 q1+w==
X-Gm-Message-State: AOAM5336X7M4pke8bCMgBf0tBxqXez+ulV/kCOOXLAuvnnI7SsfLuL6L xTaR5KzKC12hlTkBHQLFBYEUQG16fcaf4DhUobw=
X-Google-Smtp-Source: ABdhPJzPba1dF9vzqq0jF3VP+MBCBdQ+du2fFQwachmnONY0i8rw5BoTM99mGrOSei6ROooCGhZ1ohTRTzmpYFM+Ygs=
X-Received: by 2002:a63:3c4d:: with SMTP id i13mr694061pgn.54.1631327415353; Fri, 10 Sep 2021 19:30:15 -0700 (PDT)
MIME-Version: 1.0
References: <BL0PR05MB5316375D7503A85477DF874AAED59@BL0PR05MB5316.namprd05.prod.outlook.com> <93CF6EB2-5AC0-4611-9A28-2D1AF50F2F64@gmail.com>
In-Reply-To: <93CF6EB2-5AC0-4611-9A28-2D1AF50F2F64@gmail.com>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Fri, 10 Sep 2021 22:30:04 -0400
Message-ID: <CABNhwV1Yw9N8OT40ZvzpWz7EG34OzG5vLQzZHqiccWkAdQdjSg@mail.gmail.com>
To: Bob Hinden <bob.hinden@gmail.com>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001ac34c05cbaf03fe"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/eF0vl7nOSc_EuInb08NLRboQblA>
Subject: Re: [v6ops] Call for adoption: draft-peng-v6ops-hbh
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Sep 2021 02:30:22 -0000

Hi Bob

Many thanks for your comments and feedback on this draft.

Responses in-line

Kind Regards

Gyan
On Fri, Sep 10, 2021 at 7:01 PM Bob Hinden <bob.hinden@gmail.com> wrote:

> Hi,
>
> If there is enough interest in v6ops, I generally support the V6OPS w.g.
> taking this on as a w.g. document.   I am a co-author of a few relevant
> documents in 6MAN, these are:
>
> draft-ietf-6man-mtu-option
> draft-hinden-6man-hbh-processing
>
> The second represents a proposed solution to the issues with IPv6
> Hop-by-Hop options.  At the high level, I think there is general agreement
> that the goals of draft-peng-v6ops-hbh and draft-hinden-6man-hbh-processing
> are aligned.   If adopted they could reference each other.   Another
> relevant document presented in 6MAN is draft-herbert-6man-eh-limits.   I
> think this is also aligned.
>

    Gyan> Agreed

>
> While the problems with IPv6 Hop-by-Hop options are generally well known
> and described in IETF documents, for example
> <draft-ietf-v6ops-ipv6-ehs-packet-drops>, RFC9099 and RFC7872, I don’t see
> any harm in doing another, if it helps us to improve the situation with
> IPv6 Hop-by-Hop headers.  If we want to fix this, we need to work together.
>

    Gyan> Yes, we can work together on improving the situation with HBH.

>
> I do see a number of serious issues with draft-peng-v6ops-hbh-06, even
> though it is much better than the earlier versions that should be fixed if
> adopted.  These include:
>
> 1) The current title is "Processing of the Hop-by-Hop Options Header”.
>  This makes it sound a lot like how routers should process IPv6 HBH headers
> and options, not like a description of the operational issues.   I think
> will cause confusion with draft-hinden-6man-hbh-processing that is titled
> "IPv6 Hop-by-Hop Options Processing Procedures”.   I think
> draft-peng-v6ops-hbh should change it’s title avoid this confusion.
> Something like “Operational Issues with Processing Hop-bb-Hop Options
> Headers” (or something similar) would be better.
>

   Gyan> Thank you for the suggestion and we will update,

>
> 2) Section 2. "Modern Router Architecture”
>
> This appears to be a good description of some “modern” router
> architectures, but I suspect there are other architectures that are
> different.   For example, there are still a lot (perhaps the majority of
> routers) of software based routers without hardware assist and
> differentiated control and forwarding planes.  This section needs work if
> it intends to describe all router architecture handling of Hop-by-Hop
> option headers.


    Gyan> As we wanted to cover all hardware architectures we will add
software based platforms. Thanks for mentioning.

>
>
> 3) Section 3.  Specification of RFC 8200
>
> This section summarizes text from RFC8200.   In general it is better to
> quote other RFCs instead of trying to summarize them.   Summarizing tends
> to loose subtle differences.
>

     Gyan>  Understand.  We will clean up the verbiage.

>
> 4) Section 7 Requirements
>
> This section needs a lot of work, or should be removed.   For example,
> looking at the the first requirement:
>
>    *  The HBH options header MUST NOT become a possible DDoS Vector.


> This has several serious issues.   The first is that any protocol
> mechanism can be used a a DDOS attack vector under the right
> circumstances.   With a MUST NOT this requirement is impossible to meet.
>  The use of upper case RFC8174 key words turns this into a protocol
> specification, I don’t think that would be in scope for V6OPS.


Gyan> Good point.  We will reword and remove mention of DDOS vector.


>
> The next requirement:
>
>    *  HBH options SHOULD be designed so that they don't reduce the
>       probability of packet delivery.  For example, an intermediate node
>       may discard a packet because it contains more HBH options than the
>       node can process.
>
> How can you design an HBH option that knows how many options an
> intermediate node (we usually call these routers) can process?   Again,
> it’s a requirement that can’t be met.


    Gyan> Good point as well.

>
>
> I have similar comments on the other requirements, but won’t list them
> here.  As I said, this section either needs a lot of work, or should be
> removed.


    Gyan>  We will work on revamping this section.  Do you have any
requirements that you would like to add to an HBH solution?

>
>
> 5) Section 8.  Migration Strategies
>
> This section also has serious issues.   These include:
>
> It talks about characterizing options into either control options or
> forward options.   We only have HBH Options, not two types.
>
> It says nodes are updated to the proposed behavior introduced in the
> pervious section, but the previous section says requirements.
>
> It says edge nodes (we usually call these hosts in IPv6) should check
> whether the packet contains an HBH header with control or forwarding
> options.   This isn’t a good description of how hosts actually work, nor
> are there control or forward options.
>
> This section may be a remanent of an earlier version of this draft that
> was proposing different types of HBH options, but can’t really tell.
>  Might be best to remove this section.


    Gyan> We have discussed cleaning up this section or removing and now
based on feedback we are leaning towards removing.

>
>
> Bob
>
>
>
>
>
>
>
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>
-- 

<http://www.verizon.com/>

*Gyan Mishra*

*Network Solutions A**rchitect *

*Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>*



*M 301 502-1347*

v2.23.0 | Report a Bug | By Email