IETF Logo Mail Archive

Re: [v6ops] WG Doc? draft-gont-v6ops-ipv6-ehs-packet-drops

Tom Herbert <tom@herbertland.com> Sun, 13 March 2016 20:59 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF98212D804 for <v6ops@ietfa.amsl.com>; Sun, 13 Mar 2016 13:59:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h81EhpTiYEQ0 for <v6ops@ietfa.amsl.com>; Sun, 13 Mar 2016 13:59:11 -0700 (PDT)
Received: from mail-io0-x230.google.com (mail-io0-x230.google.com [IPv6:2607:f8b0:4001:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A8CF12D81F for <v6ops@ietf.org>; Sun, 13 Mar 2016 13:59:10 -0700 (PDT)
Received: by mail-io0-x230.google.com with SMTP id m184so202067033iof.1 for <v6ops@ietf.org>; Sun, 13 Mar 2016 13:59:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=12baghABN9VttuCinXyu/PfXljskPINZoqqyhP+dHuc=; b=Yzq1Pf9gw0I1s22gP+7hD6X2UFlZkqZmRfy+LJKc2CEJHodpbA/9o98JeU5QgpYWpC 257ymQVluF2ctqI99sQGthmvOn5cQGeJtyZ13FtaM/pKN9EPqtbizKVk/i9iz+Ekittx 8Nrc1z35SOx8zZt5EkwcP4sBBaPHacoMPj1QvCzoVRcYXKeceMKGFLd7y7Wg66fOnufc ZBGkmbn/XcSPC2DBJVesT87CslZRcxmjyAGO8b2twzxTBfLMYVJCurNZjAskeQh2xkND Kh509vpHuGeqtMqos38BGw+DBJtmle5/tMxJXqTDr9it+mTHOoLa40HjqiY/hrtN8ccG LIoQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=12baghABN9VttuCinXyu/PfXljskPINZoqqyhP+dHuc=; b=XFO8N/bk5A81L+4xqnpc0l1lArUKD3kKT4hn9oE7TqIcfTXOWdn5aUR2VCHLKmsfjy m68aj5D7ogFNo/zzkyn4ilrprFpYhhxXRJwv7P2VZIdTU5hoCKfTqQeHSwdHry23CJVx 7+ldHDlbCm9wGmn5q4JhbtbsTzDG3L6g0T1jMANf+8rmY/C6bvc85mBopbwD2ibWO78u 9PWTdMGtTjKPmK1kID0Kx7Qh7rZn9yMJWy3l4aHopEYx3RN7rULsjFFeh5WhnvDqpFAe pUfxfqgWMKtT99bz4w9y0VbZEtgx/EYrRSSC5v5VXN5cLf+rh60Xg6k23pfYIC+c0hCX aVyg==
X-Gm-Message-State: AD7BkJIbjm7rgYJndbsax0TrEsDgHLsqoJAycAXEaYK28GoT5J8HCNvoOPEUEDz+jRrFdf6ERW7NyszjhIuyTQ==
MIME-Version: 1.0
X-Received: by 10.107.158.12 with SMTP id h12mr23129786ioe.107.1457902750341; Sun, 13 Mar 2016 13:59:10 -0700 (PDT)
Received: by 10.107.160.203 with HTTP; Sun, 13 Mar 2016 13:59:10 -0700 (PDT)
In-Reply-To: <1BB37194-0F5B-45C1-9DFA-87B1C28264D2@employees.org>
References: <A277BE71-BD70-4AFE-97DA-F224D7DBBCB8@cisco.com> <BDA56C2D-788D-421C-B44A-1A29578F0F78@employees.org> <56E318C7.5020200@gmail.com> <F57DFD38-FC99-45AE-B41D-51B0565148B1@employees.org> <CALx6S37vNXk-g=W4n_Qvd2J=7xkgydvGEUwrhu8pRQig0hoqLg@mail.gmail.com> <1BB37194-0F5B-45C1-9DFA-87B1C28264D2@employees.org>
Date: Sun, 13 Mar 2016 13:59:10 -0700
Message-ID: <CALx6S37vfDcchTa5Tch+BS8rQAGgPP_EeYbVz19WBchSHTqExg@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
To: otroan@employees.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/uvAbzEDErQ8NK_Pj6u1fy8g_Tis>
Cc: "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] WG Doc? draft-gont-v6ops-ipv6-ehs-packet-drops
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Mar 2016 20:59:14 -0000

On Sun, Mar 13, 2016 at 12:52 PM,  <otroan@employees.org> wrote:
> Tom,
>
>>> - Parsing EHs is and the consequence of having to walk the extension header chain is a well known problem.
>>>  If the premise is that we want this to work well for arbitrary middleboxes, the solution space is empty.
>>> - HBH headers is a well known problem. One draft in 6man as well as changes in 2460bis.
>>> - The ECMP problem is well known. We tried to solve it with flow label, in practice the IP header has evolved to be 24 / 44 bytes respectively.
>>
>> Where are these 24 / 44 byte IP headers described?
>
> in every router / middlebox on the planet. (and somewhat tangential for any RFC describing shared IPv4 addresses)
>

Ole,

This is not the way it works for *every* middlebox on the planet. For
instance, in Linux we can deduce a flow hash from ports-- not just for
TCP and UDP but for SCTP, DCCP, UDP-lite, etc.--, GRE key ID, MPLS
entropy label, IPv6 flow label, SPI in AH and ESP, parse over
extension headers, and also can parse into several encapsulation
protocols to find L4 information (GRE, IPIP, IPv6/IP). See
http://lxr.free-electrons.com/source/net/core/flow_dissector.c#L121.

Even if I accepted that we are pragmatically limited with only ever
using TCP and UDP without extensions headers on the Internet, I will
never accept these as constraints in my private networks! We are and
will using other IP protocols, encapsulation, EH, etc. IPv6 flow label
is therefore a general solution; it works with any IP protocols we
might use, extension headers, etc., it is straightforward to add into
hash computation in devices. With the flow label, none my fabric
switches need to parse beyond the 40 byte IPv6 header in order to
provide ECMP.

Most of the arguments against extension headers seem to be because
they are difficult to parse, however the point of using flow label is
that it eliminates the need to parse extension headers in the first
place for the ECMP use case. It would be nice if this benefit was and
the need for flow label support were better enunciated in the draft.
IMO any opportunity we have to get intermediate devices to do less
deep packet parsing without loss of functionality is a good thing!

Tom

> e.g (from VPP):
>
> /* Compute flow hash.  We'll use it to select which Sponge to use for this
>    flow.  And other things. */
> always_inline u32
> ip6_compute_flow_hash (ip6_header_t * ip, u32 flow_hash_config)
> {
>     tcp_header_t * tcp = (void *) (ip + 1);
>     u64 a, b, c;
>     u64 t1, t2;
>     uword is_tcp_udp = (ip->protocol == IP_PROTOCOL_TCP
>                         || ip->protocol == IP_PROTOCOL_UDP);
>
>     t1 = (ip->src_address.as_u64[0] ^ ip->src_address.as_u64[1]);
>     t1 = (flow_hash_config & IP_FLOW_HASH_SRC_ADDR) ? t1 : 0;
>
>     t2 = (ip->dst_address.as_u64[0] ^ ip->dst_address.as_u64[1]);
>     t2 = (flow_hash_config & IP_FLOW_HASH_DST_ADDR) ? t2 : 0;
>
>     a = (flow_hash_config & IP_FLOW_HASH_REVERSE_SRC_DST) ? t2 : t1;
>     b = (flow_hash_config & IP_FLOW_HASH_REVERSE_SRC_DST) ? t1 : t2;
>     b ^= (flow_hash_config & IP_FLOW_HASH_PROTO) ? ip->protocol : 0;
>
>     t1 = is_tcp_udp ? tcp->ports.src : 0;
>     t2 = is_tcp_udp ? tcp->ports.dst : 0;
>
>     t1 = (flow_hash_config & IP_FLOW_HASH_SRC_PORT) ? t1 : 0;
>     t2 = (flow_hash_config & IP_FLOW_HASH_DST_PORT) ? t2 : 0;
>
>     c = (flow_hash_config & IP_FLOW_HASH_REVERSE_SRC_DST) ?
>         ((t1<<16) | t2) : ((t2<<16) | t1);
>
>     hash_mix64 (a, b, c);
>     return (u32) c;
> }
>
> Best,
> Ole

v2.23.0 | Report a Bug | By Email