Re: [v6ops] Some stats on IPv6 fragments and EH filtering on the Internet

Fernando Gont <fgont@si6networks.com> Tue, 05 November 2013 03:00 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32E7311E80F5 for <v6ops@ietfa.amsl.com>; Mon, 4 Nov 2013 19:00:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.562
X-Spam-Level:
X-Spam-Status: No, score=-2.562 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eT703WM0CYiQ for <v6ops@ietfa.amsl.com>; Mon, 4 Nov 2013 19:00:37 -0800 (PST)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:d10:2000:e::3]) by ietfa.amsl.com (Postfix) with ESMTP id 1119E21E82F9 for <v6ops@ietf.org>; Mon, 4 Nov 2013 19:00:26 -0800 (PST)
Received: from [2001:67c:370:160:517b:6f2e:1bc7:1d4a] by web01.jbserver.net with esmtpsa (TLSv1:DHE-RSA-CAMELLIA256-SHA:256) (Exim 4.80.1) (envelope-from <fgont@si6networks.com>) id 1VdWsD-0007NV-6b; Tue, 05 Nov 2013 04:00:09 +0100
Message-ID: <52785F34.6020606@si6networks.com>
Date: Mon, 04 Nov 2013 19:00:04 -0800
From: Fernando Gont <fgont@si6networks.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: Ole Troan <otroan@employees.org>, Fernando Gont <fernando@gont.com.ar>
References: <5278275C.50206@gont.com.ar> <alpine.DEB.2.02.1311050028410.26054@uplift.swm.pp.se> <52783535.9030200@si6networks.com> <20131105001243.53E28985D0D@rock.dv.isc.org> <527839C6.3000805@viagenie.ca> <2134F8430051B64F815C691A62D98318148100@XCH-BLV-504.nw.nos.boeing.com> <F4AB804C-2C8E-40EF-ACE9-0A901E4F5122@employees.org> <52784DD1.7020106@gont.com.ar> <BD308F06-C9E2-42EB-9D23-CFD3432F1A1D@employees.org>
In-Reply-To: <BD308F06-C9E2-42EB-9D23-CFD3432F1A1D@employees.org>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] Some stats on IPv6 fragments and EH filtering on the Internet
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Nov 2013 03:00:38 -0000

On 11/04/2013 06:23 PM, Ole Troan wrote:
>> 
>> In any case, the interesting (and unfortunate) data if the
>> chances of success when you use extension headers or
>> fragmentation are in the scale of "unlikely". :-(
> 
> I'm not sure you can draw that conclusion without knowing where
> the fragments are dropped.
> 
> e.g. you are not saying that fragmented packets will be dropped 
> anywhere on the link between your home and mine, are you?

I'm certainly not. All tests were against web servers.


> I'm for example not concerned about a web server or load balancer 
> that sets TCP MSS to 1220 and then drop fragments.

Certainly, there's much more testing to be done (this is even stated in
the slideware :-) ). That said, you might still be concerned about the
case you meantion -- at least in theory, that case might arise in a
NAT64 (?) case.

Also, one of the main points of this slideware is that its not just
fragments that are dropped, but extension headers in general.

In any case, my goal of sharing the results is to trigger discussion
and encourage further testing, rather than coming up with scary or
bold statements.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492