Re: [v6ops] [Last-Call] Tsvart last call review of draft-ietf-v6ops-ipv6-ehs-packet-drops-05

Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 07 April 2021 22:34 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63CA13A2C80; Wed, 7 Apr 2021 15:34:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jBwrp8C1lvT9; Wed, 7 Apr 2021 15:34:49 -0700 (PDT)
Received: from mail-pl1-x632.google.com (mail-pl1-x632.google.com [IPv6:2607:f8b0:4864:20::632]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 677003A2C7F; Wed, 7 Apr 2021 15:34:48 -0700 (PDT)
Received: by mail-pl1-x632.google.com with SMTP id p10so28539pld.0; Wed, 07 Apr 2021 15:34:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=Pc4k7EOm3jR46U5MZOf90W6yOV7KvPL5ls3nKG6CgsE=; b=sOjNDlOI4AVrdJviuJjFfcYaKsZKa3Mn5KpG9LvNSJUjnSymCWlnfZGJuQm4ICqj/R /H2RpkAJSeFLRPpPRcucnHm2YXVL7LAx1TQCAnetblxQnKut16Df1/m0URoLBzoUaXQ2 6o4REeVye4G+wo6c7RZQ7Je4dNFbs1u7+rDKnvK1UxaZqLMKlynsNGqgxp5nrOpo3/vE B+UpxiZFW6LRq/SMYvmejsILFq7bhRNYJvszK/XXIyHikSVPHLdBkBCVvWLu7XxCUbE3 vN2h5FoQdDq2Ry+w+EjwatR79olfeS8MZgowc/qD4tvX0aeIiNYCwW79fK1rth9srsQb qQdQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=Pc4k7EOm3jR46U5MZOf90W6yOV7KvPL5ls3nKG6CgsE=; b=CPV+cGqUFfTCVfeWsg5ULiSZ6yzQZyp8n8q+EqwmkJBOZkoyxphx/Z20zQpYlcl+N8 41ue7xswH9slOfhCrbdK8WAPXUA0yf9yu1cvZpeJrZsjuBSTWrkhHftQUlvRhgDYuTfb 9CT7GuMl/fGX8jiRpJ5ks88HVdjghpkI8sKszAuRc4Bf9/m3asqpHkiwVTvQOxKuIru1 BufILd3bX7REf7vS4g4ocG598POgI2jn8qK34VAAtSDCmbssN1hkAoIlFnxhlrVfJGUg elZq8+oyC1rcft/0n7MGEuMtG+y7WfDsZpQDoSyWM0rapwC/oL6Fr0ZsuGUtCmRqB0Iy s9Rw==
X-Gm-Message-State: AOAM532s9QagA39s23kNFiPS3U66HaxPDDzQmYqpIJ19yRqxvPCNMjaL pa2G+rYIMwiYA8IFqd2MFpY=
X-Google-Smtp-Source: ABdhPJxaw4r4aOErrkw1FWG8W30GT3QDbGAJC5p+4O/OKZ/Oy7Tu/FXA2K30jyMQWk+pakcgPWtW3w==
X-Received: by 2002:a17:902:d645:b029:e8:ec90:d097 with SMTP id y5-20020a170902d645b02900e8ec90d097mr4983421plh.47.1617834885316; Wed, 07 Apr 2021 15:34:45 -0700 (PDT)
Received: from [130.216.38.19] (sc-cs-567-laptop.uoa.auckland.ac.nz. [130.216.38.19]) by smtp.gmail.com with ESMTPSA id l10sm21443845pfc.125.2021.04.07.15.34.41 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Apr 2021 15:34:44 -0700 (PDT)
To: Tom Herbert <tom@herbertland.com>, "Rob Wilton (rwilton)" <rwilton@cisco.com>
Cc: Gorry Fairhurst <gorry@erg.abdn.ac.uk>, IPv6 Operations <v6ops@ietf.org>, "draft-ietf-v6ops-ipv6-ehs-packet-drops.all@ietf.org" <draft-ietf-v6ops-ipv6-ehs-packet-drops.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "tsv-art@ietf.org" <tsv-art@ietf.org>, Fernando Gont <fgont@si6networks.com>
References: <161366727749.10107.14514005068158901089@ietfa.amsl.com> <e41f3484-f816-e185-2d99-94323c8da732@si6networks.com> <CALx6S34qSxGijVcs229bAL5gMhMvMNYUXm3yEmrg6wxUiUAiaA@mail.gmail.com> <bf83d228-25bc-21bb-f984-d58ead6bf492@si6networks.com> <CALx6S35Kh-QAXJDAucuw5Wty37MBiwS=pqQknMZ+15b7D5Sn8A@mail.gmail.com> <34e78618-cb28-71a1-a9d3-7aec38032659@si6networks.com> <CAO42Z2zqD9_d2Fbr25Y2CV1GdzYKd167yf5DHeHna7V66pF65A@mail.gmail.com> <0bd316ac-1789-f4c6-d280-943ad6e60309@si6networks.com> <CALx6S34dMEEJ+OPUu_=FW1Y5AQuvAaHzBPEe448S7rfbMmHN_w@mail.gmail.com> <CEFDF511-9255-4913-840D-50CCBC2B7B17@gmail.com> <CALx6S36_w+zxyUt0DzQ9NKBs+SAPZDNhs_sqLBwi+qneOPSS5A@mail.gmail.com> <ef2bd4f5-3b1e-b88c-ec8f-dd9a2f9a60ba@si6networks.com> <CALx6S349X7fQR=9Dj+n5X7ovXsSjLYibv-C-+bL0nkWsYP5NGA@mail.gmail.com> <MN2PR11MB43668EDA6209CA6AF3BCC5EEB5759@MN2PR11MB4366.namprd11.prod.outlook.com> <CALx6S3447SJwdRPoG_BaXS=ihBe1xA84vxcCev1y2K4xqMYZaQ@mail.gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <1bd98708-0f33-13c2-6664-3553857eaad4@gmail.com>
Date: Thu, 8 Apr 2021 10:34:38 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <CALx6S3447SJwdRPoG_BaXS=ihBe1xA84vxcCev1y2K4xqMYZaQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/fTgt5yqPSInkL-meuH5JlW5J7iI>
Subject: Re: [v6ops] [Last-Call] Tsvart last call review of draft-ietf-v6ops-ipv6-ehs-packet-drops-05
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Apr 2021 22:34:55 -0000

On 08-Apr-21 03:20, Tom Herbert wrote:
...
> So my fundamental concern with this draft is that it is an entirely
> qualitative description of a well known problem, however a qualitative
> analysis is insufficient input for moving extension headers forward.
> In the draft, there are several reasons suggested as to why routers
> might drop packets, however there is no indication of the relative
> occurrence frequency of these.

That seems to call for a fairly major measurement project by an
organisation like CAIDA or RIPE Labs, with collaborative ISPs.
While that is a perfectly good idea, it would presumably take
a couple of years to get data. I personally don't see it as a
valid reason to hold up this draft. Maybe the authors should
add a note about the need for data.

> Also, there are parameterizations
> mentioned such as in the state that routers might drop if the chain is
> "too long", there is no analysis on exactly what "too long" commonly
> is (a couple of sizes for parsing buffers are mentioned but without
> reference which is another frustration of mine with this draft). A
> quantified analysis of the problem would delve into implementations
> and deployment thereby providing actionable data. Note this is not the
> same as making recommendations, I am just asking for the operational
> data as part of the analysis from which we could derive guidance or
> new protocol requirements.

Again, I don't see how that can be done without a major and organised
effort. The issue of buffer sizes may also involve proprietary
information, which is another difficulty. Again, it is neither quick
nor easy to get data.

Regards
    Brian

> Tom
> 
> 
> Tom
> 
>>
>> Regards,
>> Rob
>>
>>
>>> -----Original Message-----
>>> From: v6ops <v6ops-bounces@ietf.org> On Behalf Of Tom Herbert
>>> Sent: 10 March 2021 02:03
>>> To: Fernando Gont <fgont@si6networks.com>
>>> Cc: Gorry Fairhurst <gorry@erg.abdn.ac.uk>uk>; IPv6 Operations
>>> <v6ops@ietf.org>rg>; draft-ietf-v6ops-ipv6-ehs-packet-drops.all@ietf.org;
>>> last-call@ietf.org; tsv-art@ietf.org
>>> Subject: Re: [v6ops] [Last-Call] Tsvart last call review of draft-ietf-
>>> v6ops-ipv6-ehs-packet-drops-05
>>>
>>> On Tue, Mar 9, 2021 at 4:03 PM Fernando Gont <fgont@si6networks.com>
>>> wrote:
>>>>
>>>> On 9/3/21 19:07, Tom Herbert wrote:
>>>> [...]
>>>>>
>>>>> Yes, ACLs on transport layer ports are common requirements, however
>>>>> the problem arises from related requirements that arise due to the
>>>>> limitations of routers to be able to locate the transport layer
>>>>> information in a packet. An example of such an implied requirement
>>>>> from this draft is "don't send packets with IPv6 header chains that
>>>>> are too long because some routers can't parse deep enough into packets
>>>>> to find the transport layer ports due to implementation constraints
>>>>> (like limited size parsing buffer)".
>>>>
>>>> You seem to be reading more from the document than what we actually said
>>>> in the document.
>>>>
>>>> There are no requirements in this document. We simply explain things
>>>> operators need to do, what are the associated limitations in real-world
>>>> devices, and what's the likely outcome.
>>>>
>>>> That's not an implied requirement, but simply a description of facts.
>>>>
>>> It's obvious that the implied or at least inferred requirement is that
>>> if a host wants to increase the probability of packets making it to
>>> the destination then they should not make header chains too long. This
>>> would also be an obvious interoperability requirement, i.e. if I make
>>> my header chains too long then packets will be dropped and my host
>>> stack is not interoperable with some elements in the network.
>>>
>>>>
>>>>
>>>>> While the rationale for the
>>>>> requirement may make sense, the problem, at least from the host stack
>>>>> perspective of trying to send packets with low probability they'll be
>>>>> dropped, is that a requirement that "don't IPv6 header chains that are
>>>>> too long" is is useless without any quantification as exactly to what
>>>>> "too long" might be.
>>>>
>>>> "too long" for the processing device(s). You don't know what devices
>>>> will process your packets, hence cannot even guess what "too long" might
>>>> mean.
>>>>
>>>> What you know for sure is that the longer the chain, the lower the
>>>> chances of your packets surviving -- as per RFC7872.
>>>>
>>> That seems to me more like an assumption than a proven fact. To prove
>>> it we'd need the data that correlates the length of the chain with
>>> probability of drop, or alternatively, one could survey common router
>>> implementations' capabilities and similarly extrapolate the
>>> correlation. If we had this data then we could derive a meaningful
>>> quantified requirement for both what routers are expected to process
>>> and what hosts can expect. RFC7872 doesn't really have sufficient data
>>> to make this correlation, and besides that it is not current.
>>>
>>> In any case, this draft qualitatively describes why routers are
>>> droppings. Which I suppose is good, but, given that information, I
>>> don't see much that helps host developers that are sending packets in
>>> the network and are trying to go beyond sending packets that conform
>>> to the least common denominator of plain TCP/IP.
>>>
>>> Tom
>>>
>>>> Thanks,
>>>> --
>>>> Fernando Gont
>>>> SI6 Networks
>>>> e-mail: fgont@si6networks.com
>>>> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>>>>
>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> v6ops mailing list
>>> v6ops@ietf.org
>>> https://www.ietf.org/mailman/listinfo/v6ops
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>