Re: [v6ops] [Last-Call] Tsvart last call review of draft-ietf-v6ops-ipv6-ehs-packet-drops-05

Brian E Carpenter <> Wed, 07 April 2021 22:34 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 63CA13A2C80; Wed, 7 Apr 2021 15:34:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jBwrp8C1lvT9; Wed, 7 Apr 2021 15:34:49 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::632]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 677003A2C7F; Wed, 7 Apr 2021 15:34:48 -0700 (PDT)
Received: by with SMTP id p10so28539pld.0; Wed, 07 Apr 2021 15:34:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=subject:to:cc:references:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=Pc4k7EOm3jR46U5MZOf90W6yOV7KvPL5ls3nKG6CgsE=; b=sOjNDlOI4AVrdJviuJjFfcYaKsZKa3Mn5KpG9LvNSJUjnSymCWlnfZGJuQm4ICqj/R /H2RpkAJSeFLRPpPRcucnHm2YXVL7LAx1TQCAnetblxQnKut16Df1/m0URoLBzoUaXQ2 6o4REeVye4G+wo6c7RZQ7Je4dNFbs1u7+rDKnvK1UxaZqLMKlynsNGqgxp5nrOpo3/vE B+UpxiZFW6LRq/SMYvmejsILFq7bhRNYJvszK/XXIyHikSVPHLdBkBCVvWLu7XxCUbE3 vN2h5FoQdDq2Ry+w+EjwatR79olfeS8MZgowc/qD4tvX0aeIiNYCwW79fK1rth9srsQb qQdQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=Pc4k7EOm3jR46U5MZOf90W6yOV7KvPL5ls3nKG6CgsE=; b=CPV+cGqUFfTCVfeWsg5ULiSZ6yzQZyp8n8q+EqwmkJBOZkoyxphx/Z20zQpYlcl+N8 41ue7xswH9slOfhCrbdK8WAPXUA0yf9yu1cvZpeJrZsjuBSTWrkhHftQUlvRhgDYuTfb 9CT7GuMl/fGX8jiRpJ5ks88HVdjghpkI8sKszAuRc4Bf9/m3asqpHkiwVTvQOxKuIru1 BufILd3bX7REf7vS4g4ocG598POgI2jn8qK34VAAtSDCmbssN1hkAoIlFnxhlrVfJGUg elZq8+oyC1rcft/0n7MGEuMtG+y7WfDsZpQDoSyWM0rapwC/oL6Fr0ZsuGUtCmRqB0Iy s9Rw==
X-Gm-Message-State: AOAM532s9QagA39s23kNFiPS3U66HaxPDDzQmYqpIJ19yRqxvPCNMjaL pa2G+rYIMwiYA8IFqd2MFpY=
X-Google-Smtp-Source: ABdhPJxaw4r4aOErrkw1FWG8W30GT3QDbGAJC5p+4O/OKZ/Oy7Tu/FXA2K30jyMQWk+pakcgPWtW3w==
X-Received: by 2002:a17:902:d645:b029:e8:ec90:d097 with SMTP id y5-20020a170902d645b02900e8ec90d097mr4983421plh.47.1617834885316; Wed, 07 Apr 2021 15:34:45 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id l10sm21443845pfc.125.2021. (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Apr 2021 15:34:44 -0700 (PDT)
To: Tom Herbert <>, "Rob Wilton (rwilton)" <>
Cc: Gorry Fairhurst <>, IPv6 Operations <>, "" <>, "" <>, "" <>, Fernando Gont <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
From: Brian E Carpenter <>
Organization: University of Auckland
Message-ID: <>
Date: Thu, 8 Apr 2021 10:34:38 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [v6ops] [Last-Call] Tsvart last call review of draft-ietf-v6ops-ipv6-ehs-packet-drops-05
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 07 Apr 2021 22:34:55 -0000

On 08-Apr-21 03:20, Tom Herbert wrote:
> So my fundamental concern with this draft is that it is an entirely
> qualitative description of a well known problem, however a qualitative
> analysis is insufficient input for moving extension headers forward.
> In the draft, there are several reasons suggested as to why routers
> might drop packets, however there is no indication of the relative
> occurrence frequency of these.

That seems to call for a fairly major measurement project by an
organisation like CAIDA or RIPE Labs, with collaborative ISPs.
While that is a perfectly good idea, it would presumably take
a couple of years to get data. I personally don't see it as a
valid reason to hold up this draft. Maybe the authors should
add a note about the need for data.

> Also, there are parameterizations
> mentioned such as in the state that routers might drop if the chain is
> "too long", there is no analysis on exactly what "too long" commonly
> is (a couple of sizes for parsing buffers are mentioned but without
> reference which is another frustration of mine with this draft). A
> quantified analysis of the problem would delve into implementations
> and deployment thereby providing actionable data. Note this is not the
> same as making recommendations, I am just asking for the operational
> data as part of the analysis from which we could derive guidance or
> new protocol requirements.

Again, I don't see how that can be done without a major and organised
effort. The issue of buffer sizes may also involve proprietary
information, which is another difficulty. Again, it is neither quick
nor easy to get data.


> Tom
> Tom
>> Regards,
>> Rob
>>> -----Original Message-----
>>> From: v6ops <> On Behalf Of Tom Herbert
>>> Sent: 10 March 2021 02:03
>>> To: Fernando Gont <>
>>> Cc: Gorry Fairhurst <>uk>; IPv6 Operations
>>> <>rg>;;
>>> Subject: Re: [v6ops] [Last-Call] Tsvart last call review of draft-ietf-
>>> v6ops-ipv6-ehs-packet-drops-05
>>> On Tue, Mar 9, 2021 at 4:03 PM Fernando Gont <>
>>> wrote:
>>>> On 9/3/21 19:07, Tom Herbert wrote:
>>>> [...]
>>>>> Yes, ACLs on transport layer ports are common requirements, however
>>>>> the problem arises from related requirements that arise due to the
>>>>> limitations of routers to be able to locate the transport layer
>>>>> information in a packet. An example of such an implied requirement
>>>>> from this draft is "don't send packets with IPv6 header chains that
>>>>> are too long because some routers can't parse deep enough into packets
>>>>> to find the transport layer ports due to implementation constraints
>>>>> (like limited size parsing buffer)".
>>>> You seem to be reading more from the document than what we actually said
>>>> in the document.
>>>> There are no requirements in this document. We simply explain things
>>>> operators need to do, what are the associated limitations in real-world
>>>> devices, and what's the likely outcome.
>>>> That's not an implied requirement, but simply a description of facts.
>>> It's obvious that the implied or at least inferred requirement is that
>>> if a host wants to increase the probability of packets making it to
>>> the destination then they should not make header chains too long. This
>>> would also be an obvious interoperability requirement, i.e. if I make
>>> my header chains too long then packets will be dropped and my host
>>> stack is not interoperable with some elements in the network.
>>>>> While the rationale for the
>>>>> requirement may make sense, the problem, at least from the host stack
>>>>> perspective of trying to send packets with low probability they'll be
>>>>> dropped, is that a requirement that "don't IPv6 header chains that are
>>>>> too long" is is useless without any quantification as exactly to what
>>>>> "too long" might be.
>>>> "too long" for the processing device(s). You don't know what devices
>>>> will process your packets, hence cannot even guess what "too long" might
>>>> mean.
>>>> What you know for sure is that the longer the chain, the lower the
>>>> chances of your packets surviving -- as per RFC7872.
>>> That seems to me more like an assumption than a proven fact. To prove
>>> it we'd need the data that correlates the length of the chain with
>>> probability of drop, or alternatively, one could survey common router
>>> implementations' capabilities and similarly extrapolate the
>>> correlation. If we had this data then we could derive a meaningful
>>> quantified requirement for both what routers are expected to process
>>> and what hosts can expect. RFC7872 doesn't really have sufficient data
>>> to make this correlation, and besides that it is not current.
>>> In any case, this draft qualitatively describes why routers are
>>> droppings. Which I suppose is good, but, given that information, I
>>> don't see much that helps host developers that are sending packets in
>>> the network and are trying to go beyond sending packets that conform
>>> to the least common denominator of plain TCP/IP.
>>> Tom
>>>> Thanks,
>>>> --
>>>> Fernando Gont
>>>> SI6 Networks
>>>> e-mail:
>>>> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>>> _______________________________________________
>>> v6ops mailing list
> _______________________________________________
> v6ops mailing list