Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-world: clarification text
"Eric Vyncke (evyncke)" <evyncke@cisco.com> Sat, 18 April 2015 05:57 UTC
Return-Path: <evyncke@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB7601AC408 for <v6ops@ietfa.amsl.com>; Fri, 17 Apr 2015 22:57:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iZrnW6u5yuZl for <v6ops@ietfa.amsl.com>; Fri, 17 Apr 2015 22:57:42 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 073BD1AC409 for <v6ops@ietf.org>; Fri, 17 Apr 2015 22:57:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3018; q=dns/txt; s=iport; t=1429336662; x=1430546262; h=from:to:cc:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=zCCaVUiJeVDpGbZ9Q3bXZNsgDGHsm600gmDoGCeQ3eI=; b=AVYTYYOIj8u6g3fNy20bfg+2zIhwWExHhx5bmMkVwmxUC9LqS5znFjUD BDoe+IAsiSM62DvbQhxkBfqRkX9akGMM2ubhQymgm5HSxI+LYY53Joy8u 17+13S9avecQg9F7HDxf8f2y8LGT7Nzp4i8VW3Cq+J8nyrW/S/nGlVCJU 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BfBAD/8TFV/4wNJK1dgwyBIgwFgxLDFwmHUh6BHzgUAQEBAQEBAX2EIQEBAwEjETEUEgEIGgImAgQwFRIEDgWIIwiyYZRgAQEBAQEBAQEBAQEBAQEBARyBIYoIhEkYG4JvgUUFkSOKIIEekCGDTiKCBR2BUW+BRIEAAQEB
X-IronPort-AV: E=Sophos;i="5.11,598,1422921600"; d="scan'208";a="142367964"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by alln-iport-5.cisco.com with ESMTP; 18 Apr 2015 05:57:19 +0000
Received: from xhc-rcd-x14.cisco.com (xhc-rcd-x14.cisco.com [173.37.183.88]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id t3I5vIl7029050 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sat, 18 Apr 2015 05:57:19 GMT
Received: from xmb-aln-x02.cisco.com ([169.254.5.188]) by xhc-rcd-x14.cisco.com ([173.37.183.88]) with mapi id 14.03.0195.001; Sat, 18 Apr 2015 00:57:18 -0500
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: "Fred Baker (fred)" <fred@cisco.com>
Thread-Topic: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-world: clarification text
Thread-Index: AQHQeZyH8RTkhzTRMEKrqyhyQ/fbUw==
Date: Sat, 18 Apr 2015 05:58:22 +0000
Message-ID: <D157BDE1.44CEE%evyncke@cisco.com>
Accept-Language: fr-FR, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.6.141106
x-originating-ip: [10.55.185.71]
Content-Type: text/plain; charset="utf-8"
Content-ID: <8FB234FAFCB9D64D8CF01DCB695AB993@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/eoGSpti0kgRkbL0Mmp1ligCyWMU>
Cc: Fernando Gont <fgont@si6networks.com>, "v6ops@ietf.org" <v6ops@ietf.org>, Merike Kaeo <merike@doubleshotsecurity.com>, "draft-gont-v6ops-ipv6-ehs-in-real-world@tools.ietf.org" <draft-gont-v6ops-ipv6-ehs-in-real-world@tools.ietf.org>
Subject: Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-world: clarification text
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Apr 2015 05:57:43 -0000
Fred, The performance impact/network health issues are mainly related to hop-by-hop which is per RFC 2460 inspected by every router on the path. This EH should be ignore IMHO by all routers over the Internet (private networks may still inspect/act on it for RSVP for examine). If for some reasons, a router in the middle needs access to layer-4 information (IPFIX? DDoS mitigation? ... ?), then the EH chain must be parsed which can cause a performance impact. Do not take me wrong: beside ignoring HbH, I really hope that routers on the paths simply look at layer-3 header and do nothing else. But, for this I-D, I want to be sure to cover all aspects, hence the modified sentence -éric On 18/04/15 03:46, "Fred Baker (fred)" <fred@cisco.com> wrote: > >> On Apr 17, 2015, at 3:17 PM, Eric Vyncke (evyncke) <evyncke@cisco.com> >>wrote: >> >> Your proposal is fine for me, but, I would suggest a slightly stronger >> text: >> "The results presented in this document indicate that in the scenarios >> where the corresponding measurements were performed, the use of IPv6 >> extension headers can lead to packet drops. We note that >> packet drops occurring at transit networks is undesirable >> and it is hoped and expected that this situation will improve over >>time." >> >> Should we say something around the lines of "... Undesirable except when >> Those packets cannot be forwarded without impacting the performance and >> the health of the network devices" ? > >Well, question for you. If we follow RFC 2460, the router in the middle >doesn’t know whether the header is there or not. The only systems that >should have a performance impact are systems that parse to them or >interpret them. I personally would like to believe that we aren’t making >*other* systems more complex to save them. If this is being done in a >firewall or load balancer, the limitations of the device aren’t primary, >the correct operation of the protocol is. Would we be saying that it’s OK >for a firewall to drop a packet because it doesn’t feel like dealing with >it that day? > >What specific devices did you have in mind? What would the argument be?
- [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-world: … Fernando Gont
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Brian E Carpenter
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Fernando Gont
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Eric Vyncke (evyncke)
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Fernando Gont
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Fred Baker (fred)
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Eric Vyncke (evyncke)
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Nick Hilliard
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Brian E Carpenter
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… C. M. Heard
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Mark ZZZ Smith
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Nick Hilliard
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Mark ZZZ Smith
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Joe Touch
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Joe Touch
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Gert Doering
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Joe Touch
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Mark ZZZ Smith
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Gert Doering
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Mark ZZZ Smith
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Gert Doering
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Joe Touch
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Nick Hilliard
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Joe Touch
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… sthaug
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Warren Kumari
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Joe Touch
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Joel M. Halpern
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Joe Touch
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Mark ZZZ Smith
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… joel jaeggli
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… sthaug
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Havard Eidnes
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Mark ZZZ Smith
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… sthaug
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Jeroen Massar
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Ole Troan
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… sthaug
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Jeroen Massar
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Gert Doering
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Ray Hunter
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Mark ZZZ Smith
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… sthaug
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Gert Doering
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Nick Hilliard
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Joe Touch
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Templin, Fred L
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Gert Doering
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Joe Touch
- Re: [v6ops] draft-gont-v6ops-ipv6-ehs-in-real-wor… Brian E Carpenter