IETF Logo Mail Archive

Re: [v6ops] Call for adoption: draft-peng-v6ops-hbh

Bob Hinden <bob.hinden@gmail.com> Fri, 10 September 2021 23:00 UTC

Return-Path: <bob.hinden@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 023F83A2297 for <v6ops@ietfa.amsl.com>; Fri, 10 Sep 2021 16:00:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a7jl0eJ-Nw9d for <v6ops@ietfa.amsl.com>; Fri, 10 Sep 2021 16:00:24 -0700 (PDT)
Received: from mail-wm1-x336.google.com (mail-wm1-x336.google.com [IPv6:2a00:1450:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE0BC3A2296 for <v6ops@ietf.org>; Fri, 10 Sep 2021 16:00:23 -0700 (PDT)
Received: by mail-wm1-x336.google.com with SMTP id v20-20020a1cf714000000b002e71f4d2026so1830560wmh.1 for <v6ops@ietf.org>; Fri, 10 Sep 2021 16:00:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=H0SVkG/zBbr5b/tj3EJJ+CMgvJm2+ghwH3p8+DfT7WU=; b=K/MmtW2E+CEXxbQa/eVgurCXdOulx5bqowXQINagAEAJVUULY6wItUEKFUf6SpuLNY UmX5NgBhBXqR2DrzwnA934zGjVmYzjBhZMY1esNkMdTurzRvE/rFSnAYK4LDZF7yJAXl ilRPW3G4Oik+Zgu3Zco+5p27Xrmwlo0PwCse2+U2yy17xcFFiSqqhwWK1ZVVZmGz14/i hHewEPt3B52IbMMEjjDFHLU+77bAtediJQfY38AZmpj6OIcc7MarHzP4bPTc/YV4PQYQ JJCqISWmO2He99Go/OpfENHNDytzh+s/bdsoTIvkK+TQIy0FVhm/LyujBEwtbBEx4NOy /DvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=H0SVkG/zBbr5b/tj3EJJ+CMgvJm2+ghwH3p8+DfT7WU=; b=Y9qo5MGaqSj2HVUetdo444OZToiU+xcSJY3+sWYNCMtMZyLt9kq8xMB0VRAR0xQV+V jPdWd7FIv/O/gsD4vK/xZ476tc9+d8KgpJtzvZEguDJmJT+6UUZPqaqBo644kGyT13Hs IqX7iVBgnoRn2r3HzCQRcJrZY9pVLWygzhPYlHS34KHbMSQIedoJZvkWjvR61pIt6PUe 5nmnj/wQ8LcBzVVGUvxuAE8X/d0hjK6cvgTnHfF+0H7oDuL3PVjlX9sg8h6k1fKos5FR bqQhbinnYts2DFeT2WXgtJV8WaPcmsSo6lontq3FWSvJW84yzrfEXZJuU8aaBnaA7ZGa /bWg==
X-Gm-Message-State: AOAM530WdI4y3jpGFjieitcUxiseyvhbZQ/AMFcH5EpVvKxNj0FBsWwh ESh6j45CQa+jyI1uYnRGlvtCp1oElvU=
X-Google-Smtp-Source: ABdhPJy8EUYKfluO74fYvU+dAWJaLFXgM+8VoT+aTGe5lQ4bBO0mtoBwkboGUEWJb3T2tu57e+IOIQ==
X-Received: by 2002:a7b:c351:: with SMTP id l17mr17195wmj.120.1631314820822; Fri, 10 Sep 2021 16:00:20 -0700 (PDT)
Received: from ?IPv6:2601:647:5a00:659:b487:ad1c:b24e:e36c? ([2601:647:5a00:659:b487:ad1c:b24e:e36c]) by smtp.gmail.com with ESMTPSA id k6sm41633wmo.11.2021.09.10.16.00.19 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 10 Sep 2021 16:00:20 -0700 (PDT)
From: Bob Hinden <bob.hinden@gmail.com>
Message-Id: <93CF6EB2-5AC0-4611-9A28-2D1AF50F2F64@gmail.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_477C3C0D-A193-45B1-B3C5-5D51370E0D63"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Fri, 10 Sep 2021 16:00:16 -0700
In-Reply-To: <BL0PR05MB5316375D7503A85477DF874AAED59@BL0PR05MB5316.namprd05.prod.outlook.com>
To: "v6ops@ietf.org" <v6ops@ietf.org>
References: <BL0PR05MB5316375D7503A85477DF874AAED59@BL0PR05MB5316.namprd05.prod.outlook.com>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/kD9Fprg26B8tlmKpKNKs-D-XfWQ>
Subject: Re: [v6ops] Call for adoption: draft-peng-v6ops-hbh
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Sep 2021 23:00:31 -0000

Hi,

If there is enough interest in v6ops, I generally support the V6OPS w.g. taking this on as a w.g. document.   I am a co-author of a few relevant documents in 6MAN, these are:

draft-ietf-6man-mtu-option
draft-hinden-6man-hbh-processing

The second represents a proposed solution to the issues with IPv6 Hop-by-Hop options.  At the high level, I think there is general agreement that the goals of draft-peng-v6ops-hbh and draft-hinden-6man-hbh-processing are aligned.   If adopted they could reference each other.   Another relevant document presented in 6MAN is draft-herbert-6man-eh-limits.   I think this is also aligned.

While the problems with IPv6 Hop-by-Hop options are generally well known and described in IETF documents, for example <draft-ietf-v6ops-ipv6-ehs-packet-drops>, RFC9099 and RFC7872, I don’t see any harm in doing another, if it helps us to improve the situation with IPv6 Hop-by-Hop headers.  If we want to fix this, we need to work together.

I do see a number of serious issues with draft-peng-v6ops-hbh-06, even though it is much better than the earlier versions that should be fixed if adopted.  These include:

1) The current title is "Processing of the Hop-by-Hop Options Header”.   This makes it sound a lot like how routers should process IPv6 HBH headers and options, not like a description of the operational issues.   I think will cause confusion with draft-hinden-6man-hbh-processing that is titled "IPv6 Hop-by-Hop Options Processing Procedures”.   I think draft-peng-v6ops-hbh should change it’s title avoid this confusion.  Something like “Operational Issues with Processing Hop-bb-Hop Options Headers” (or something similar) would be better.

2) Section 2. "Modern Router Architecture”

This appears to be a good description of some “modern” router architectures, but I suspect there are other architectures that are different.   For example, there are still a lot (perhaps the majority of routers) of software based routers without hardware assist and differentiated control and forwarding planes.  This section needs work if it intends to describe all router architecture handling of Hop-by-Hop option headers.

3) Section 3.  Specification of RFC 8200

This section summarizes text from RFC8200.   In general it is better to quote other RFCs instead of trying to summarize them.   Summarizing tends to loose subtle differences.

4) Section 7 Requirements

This section needs a lot of work, or should be removed.   For example, looking at the the first requirement:

   *  The HBH options header MUST NOT become a possible DDoS Vector.

This has several serious issues.   The first is that any protocol mechanism can be used a a DDOS attack vector under the right circumstances.   With a MUST NOT this requirement is impossible to meet.   The use of upper case RFC8174 key words turns this into a protocol specification, I don’t think that would be in scope for V6OPS.

The next requirement:

   *  HBH options SHOULD be designed so that they don't reduce the
      probability of packet delivery.  For example, an intermediate node
      may discard a packet because it contains more HBH options than the
      node can process.

How can you design an HBH option that knows how many options an intermediate node (we usually call these routers) can process?   Again, it’s a requirement that can’t be met.

I have similar comments on the other requirements, but won’t list them here.  As I said, this section either needs a lot of work, or should be removed.

5) Section 8.  Migration Strategies

This section also has serious issues.   These include:

It talks about characterizing options into either control options or forward options.   We only have HBH Options, not two types.

It says nodes are updated to the proposed behavior introduced in the pervious section, but the previous section says requirements.

It says edge nodes (we usually call these hosts in IPv6) should check whether the packet contains an HBH header with control or forwarding options.   This isn’t a good description of how hosts actually work, nor are there control or forward options.

This section may be a remanent of an earlier version of this draft that was proposing different types of HBH options, but can’t really tell.   Might be best to remove this section.

Bob

v2.23.0 | Report a Bug | By Email