Re: [v6ops] Some stats on IPv6 fragments and EH filtering on the Internet

Ole Troan <otroan@employees.org> Tue, 05 November 2013 02:23 UTC

Return-Path: <otroan@employees.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5495B21E838E for <v6ops@ietfa.amsl.com>; Mon, 4 Nov 2013 18:23:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.506
X-Spam-Level:
X-Spam-Status: No, score=-10.506 tagged_above=-999 required=5 tests=[AWL=0.093, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rjO8N1vWWyr0 for <v6ops@ietfa.amsl.com>; Mon, 4 Nov 2013 18:23:07 -0800 (PST)
Received: from ams-iport-2.cisco.com (ams-iport-2.cisco.com [144.254.224.141]) by ietfa.amsl.com (Postfix) with ESMTP id 62B6121E82ED for <v6ops@ietf.org>; Mon, 4 Nov 2013 18:23:07 -0800 (PST)
X-Files: signature.asc : 496
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AiMFANdVeFKQ/khR/2dsb2JhbABZgwfARoEoFnSCJQEBBAFlFBALNRFXBogOBr4/jgGBSgeDIIEOA5AumWWDJzs
X-IronPort-AV: E=Sophos; i="4.93,637,1378857600"; d="asc'?scan'208"; a="87901493"
Received: from ams-core-1.cisco.com ([144.254.72.81]) by ams-iport-2.cisco.com with ESMTP; 05 Nov 2013 02:23:06 +0000
Received: from dhcp-10-61-107-176.cisco.com (dhcp-10-61-107-176.cisco.com [10.61.107.176]) by ams-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id rA52N200014245 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 5 Nov 2013 02:23:02 GMT
Content-Type: multipart/signed; boundary="Apple-Mail=_2C0B7F3E-280A-4050-AD92-55EA5A290939"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1816\))
From: Ole Troan <otroan@employees.org>
In-Reply-To: <52784DD1.7020106@gont.com.ar>
Date: Tue, 5 Nov 2013 03:23:01 +0100
Message-Id: <BD308F06-C9E2-42EB-9D23-CFD3432F1A1D@employees.org>
References: <5278275C.50206@gont.com.ar> <alpine.DEB.2.02.1311050028410.26054@uplift.swm.pp.se> <52783535.9030200@si6networks.com> <20131105001243.53E28985D0D@rock.dv.isc.org> <527839C6.3000805@viagenie.ca> <2134F8430051B64F815C691A62D98318148100@XCH-BLV-504.nw.nos.boeing.com> <F4AB804C-2C8E-40EF-ACE9-0A901E4F5122@employees.org> <52784DD1.7020106@gont.com.ar>
To: Fernando Gont <fernando@gont.com.ar>
X-Mailer: Apple Mail (2.1816)
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] Some stats on IPv6 fragments and EH filtering on the Internet
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Nov 2013 02:23:18 -0000

Fernando,

>>> Hi, if the network is dropping fragments we are just going to
>>> have to fix it. Tunnels are an example of a packetization layer
>>> that requires fragmentation.
>> 
>> does the above results show the _network_ dropping fragments, or
>> the end host or a system closely associated with the end host
>> dropping extension headers?
> 
> So far, I have not measured that, but will do.
> 
> In any case, the interesting (and unfortunate) data if the chances of
> success when you use extension headers or fragmentation are in the
> scale of "unlikely". :-(

I'm not sure you can draw that conclusion without knowing where the fragments are dropped.

e.g. you are not saying that fragmented packets will be dropped anywhere on the link between your home and mine, are you?
I'm for example not concerned about a web server or load balancer that sets TCP MSS to 1220 and then drop fragments.

cheers,
Ole