IETF Logo Mail Archive

Re: [v6ops] WG Doc? draft-gont-v6ops-ipv6-ehs-packet-drops

Mark Smith <markzzzsmith@gmail.com> Tue, 29 March 2016 20:31 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FC3C12DD8D for <v6ops@ietfa.amsl.com>; Tue, 29 Mar 2016 13:31:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.199
X-Spam-Level:
X-Spam-Status: No, score=-1.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IbQ7fMEXMMBT for <v6ops@ietfa.amsl.com>; Tue, 29 Mar 2016 13:31:08 -0700 (PDT)
Received: from mail-vk0-x22c.google.com (mail-vk0-x22c.google.com [IPv6:2607:f8b0:400c:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4136C12E08C for <v6ops@ietf.org>; Tue, 29 Mar 2016 12:54:16 -0700 (PDT)
Received: by mail-vk0-x22c.google.com with SMTP id k1so33662587vkb.0 for <v6ops@ietf.org>; Tue, 29 Mar 2016 12:54:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=rjf66xQ8wePjhmI3d0MYd7a/9HQOb6HmrW4wXRAnqHw=; b=t29suolQVPZLQPFkTXi2O1rf26rIl6XPdNH4wUm4CJ+egyY+LaFfK9O6gli89Ud5J5 RfPWbLTeW60wrt7uuEsV8Lj0Dj973VoQtdQoKJRyfEOHYUcH+H/hpoSyXevnUy27xP3T Er/Jg6ReQORxusMfTnuKKzPEiMB6b5SZ8zLTFmZK7rQqxrpm1u+tty4tgr8BoOrya3yc bIYS4Rz62VCMGs49/w9GYGVYk+hg3qUVAlJxNuaivmm03Dv/dOxfAXXQ1vh75q6WxgW4 HnvtjH+DnK3rKqlucPjrdC3cvzG31449coWFpiPrhtv8wfe+fOb8rLGUq+klSycszjZG 9u0Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=rjf66xQ8wePjhmI3d0MYd7a/9HQOb6HmrW4wXRAnqHw=; b=Eetsrrt3W3mfHxuiiYHUdcJG9H1PBmyRXNSrYxziUj9JbWdCi7XGh/F8dJHQJqEWZ7 G0INGyXlO9yZ7DA6eX0x3yu/rw6rsNb+YLWszWfSYQxblOjtS8nLpwgkxx9ZVLcue1bl OYBVi5ctwByYHVgEjeuLflQxzEI2ka9HgdOqztKB3N+esIUY1UNP3U7YviKOe3rIvBkV EkeRlw9SwO9co9SfFgr3FnBwUdJ49jgkwaRAPruwrltZpbwGrjt4e1FuSr7puPLzlqgE KHf2gFU+HZsGRQVNE9jFxhR7/vfeAkhJ2kY+SYYVv6j1cn/1bjHntMap1AGQfm7BJOCR ov+Q==
X-Gm-Message-State: AD7BkJKw6p6f7vfMMJlgQNmAh3k+6J2tRF7ygXLOpQVZyNo4VLEQ1dAYSpw/ddmX/Ha1zvmwyE//ZEPbYRF+vA==
X-Received: by 10.176.2.49 with SMTP id 46mr2683218uas.39.1459281255374; Tue, 29 Mar 2016 12:54:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.159.32.228 with HTTP; Tue, 29 Mar 2016 12:53:45 -0700 (PDT)
In-Reply-To: <56FAA2B0.3030608@isi.edu>
References: <CAHw9_iLbqEvsw0x4dDcA3Zy3SXKUROcQuy5nSynsL9Xi+xrZLg@mail.gmail.com> <566C93D0-62FF-4700-BC05-7F9AF12AF1BD@employees.org> <56E892B8.9030902@foobar.org> <394925FE-FAB1-4FFC-B1CF-4F64CC58F613@employees.org> <56E94275.20700@foobar.org> <3AE1DE20-D735-4262-A3FB-7C01F30BAFA2@employees.org> <56E96F74.7000206@foobar.org> <CALx6S37zP4UvCtBJsvnPN6OmDB0OQDMfRrJNy1XF0t4COStUjQ@mail.gmail.com> <56E98086.5040209@foobar.org> <EE17974D-EDA4-4732-B29E-B2B3BC36DB86@employees.org> <20160328183844.GR62900@Space.Net> <56F9A22B.2030301@isi.edu> <5E619124-0A60-45BB-86AA-7F7D5CC614AD@cisco.com> <56F9AE53.8060903@gmail.com> <56F9BEA3.9050409@isi.edu> <4542AA33-F4FA-4F52-B5FE-9ABF2627CD5E@cisco.com> <56F9C856.2030403@gmail.com> <56F9C915.9070408@isi.edu> <E2C0BF9F-806C-4ACC-86CE-1B678628E687@employees.org> <CAO42Z2z2R9N4b1Y=zQCuw2niwYzaRtten+8mDHpsjfYXSh8pJQ@mail.gmail.com> <56FAA2B0.3030608@isi.edu>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Wed, 30 Mar 2016 06:53:45 +1100
Message-ID: <CAO42Z2yzDm2NhxouKEP9_0XGzU8i8Zmy1FiDnXZJN5QOXbhrLg@mail.gmail.com>
To: Joe Touch <touch@isi.edu>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/gGFDslCxMlh7eWzKOQRx0LiiOhI>
Cc: v6ops list <v6ops@ietf.org>
Subject: Re: [v6ops] WG Doc? draft-gont-v6ops-ipv6-ehs-packet-drops
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Mar 2016 20:31:10 -0000

On 30 March 2016 at 02:43, Joe Touch <touch@isi.edu> wrote:
>
>
> On 3/29/2016 2:37 AM, Mark Smith wrote:
>>
>> On 29 Mar 2016 7:31 PM, <otroan@employees.org
>> <mailto:otroan@employees.org>> wrote:
>>>
>>> >> Yes. It's a bug in RFC2460 that this ambiguity arises.
>>> >
>>> > I took it as a feature. IMO, the idea of a chain enables this feature,
>>> > and I don't think it should be so quickly dismissed as potentially
>> useful.
>>> >
>>> > I appreciate that not everyone agrees, though.
>>>
>>> It does break PMTUD though.
>>>
>>
>> Which I think is because of an expectation that the device identified in
>> the packet source address (the "sender") is responsible for creating the
>> whole packet. It can't be a "unicast source address" field if there are
>> multiple sources of the information in the packet.
>>
>> It also breaks troubleshooting methods and assumptions about the source
>> address field that have been true for IPv6, IPv4 and many, if not all,
>> past layer 3 protocols.
>
> I presume then that you're then arguing that NATs shouldn't exist? (I'd
> be glad if that were the case, but it's clear it's not).
>

Yes.



>> One perspective on tunneling is that when it modifies the packet, it
>> adds another source address field to record that another device,  other
>> than the original packet source device, has made additions to the packet.
>
> Yes, but encapsulation performs a very similar function. That's why we
> try very hard to avoid cross-layer dependencies (though the idea of a
> pseudoheader in the checksum of transports breaks this) and why
> intermediate devices shouldn't be peeking past layer 3.
>

I agree that encapsulation/tunnelling is performing that function. I'm
observing that when tunnelling occurs an additional source address
field is added that records the identity of the device that added the
tunnelling encapsulation. That address and the tunnelling protocol
creates a very clear boundary between what the original host sent and
what has been added and by whom during tunnelling/encapsulation.

> So again, I'm interested to see this perspective on the "sanctity of the
> header chain" when nearly every other presumably "immutable" field of
> the header has been the subject of modification.
>

So when packets are modified while they travel through the network,
the identity of the modifier isn't recorded, which makes
troubleshooting harder if the modifications fail. So my philosophy is
that packet modification in the network should be minimised as much as
possible, even though some fields are mutable because they're not
covered by e.g, TCP or UDP pseudoheader checksums.

That really only leaves the hop count field as one that is always
going to be modified. I think Flow label and TC are the other two that
are mutable. In the case of flow label, there are fairly strict rules
on when they can be modified by the network (if FL=0). TC has no
strict rules, however within in a network the devices that may modify
TC are usually limited to the edge and are well known as performing
that role, making them easier to identify if they're broken.


Regards,
Mark.




> Joe

v2.23.0 | Report a Bug | By Email