IETF Logo Mail Archive

Re: [v6ops] WG Doc? draft-gont-v6ops-ipv6-ehs-packet-drops

"Fred Baker (fred)" <fred@cisco.com> Thu, 17 March 2016 22:29 UTC

Return-Path: <fred@cisco.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90C6A12DD5E for <v6ops@ietfa.amsl.com>; Thu, 17 Mar 2016 15:29:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -114.522
X-Spam-Level:
X-Spam-Status: No, score=-114.522 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h7fqKfIxP7YN for <v6ops@ietfa.amsl.com>; Thu, 17 Mar 2016 15:29:56 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D95312DD5B for <v6ops@ietf.org>; Thu, 17 Mar 2016 15:29:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3994; q=dns/txt; s=iport; t=1458253796; x=1459463396; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=v+VGS/F+DtuDT+9PNXaZZuowB/GS8KFaw9y0V8fV56E=; b=ezNRtnOtcTz7kiaPavOUE2FHD+w6bASV6HthSomhX4LTLQNmBowmDm/i LguRxbRjLlJXcS4Zu+lrH8bYhdliAxx2Q3+lhIxXRwskqS1uCDXuUaAwi i4i/yOwR7AEclXjxlj22IFTxwgTJby+dFit5n1Mu+fBghSQ7IiO7wGboA M=;
X-Files: signature.asc : 833
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0C9AgCqL+tW/40NJK1eg0WBQQa6AQ6Bb4YNAoE6OBQBAQEBAQEBZCeEQgEBBHkQAgEIGC4yJQIEDgUOiBnBWgEBAQEBAQEBAQEBAQEBAQEBAQEBDgiIEYJRh2eBDwWFV5F9AYMbgWaGSII3jwaPAgEeAUOCCBSBSWqJZX4BAQE
X-IronPort-AV: E=Sophos;i="5.24,351,1454976000"; d="asc'?scan'208";a="250625442"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 17 Mar 2016 22:29:35 +0000
Received: from XCH-ALN-013.cisco.com (xch-aln-013.cisco.com [173.36.7.23]) by alln-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id u2HMTZKi032167 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 17 Mar 2016 22:29:35 GMT
Received: from xch-rcd-013.cisco.com (173.37.102.23) by XCH-ALN-013.cisco.com (173.36.7.23) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Thu, 17 Mar 2016 17:29:34 -0500
Received: from xch-rcd-013.cisco.com ([173.37.102.23]) by XCH-RCD-013.cisco.com ([173.37.102.23]) with mapi id 15.00.1104.009; Thu, 17 Mar 2016 17:29:34 -0500
From: "Fred Baker (fred)" <fred@cisco.com>
To: Nick Hilliard <nick@foobar.org>
Thread-Topic: [v6ops] WG Doc? draft-gont-v6ops-ipv6-ehs-packet-drops
Thread-Index: AQHRe3z+jjdZn/af1k6rS4wakEAZsw==
Date: Thu, 17 Mar 2016 22:29:34 +0000
Message-ID: <9B901C5C-6BD1-4EFE-B448-AFFE9E07F972@cisco.com>
References: <A277BE71-BD70-4AFE-97DA-F224D7DBBCB8@cisco.com> <CALx6S353ognNHWnjbNSdW5hb_e6Hv3LqLa_r+e9yEW4F=cjH=A@mail.gmail.com> <56E6FC18.1060304@foobar.org> <CALx6S35pcSj_LLnDWJ68KwSYiHeu6FwrXTaR4N2xE6aY7MRO1A@mail.gmail.com> <CAHw9_iLbqEvsw0x4dDcA3Zy3SXKUROcQuy5nSynsL9Xi+xrZLg@mail.gmail.com> <566C93D0-62FF-4700-BC05-7F9AF12AF1BD@employees.org> <56E892B8.9030902@foobar.org> <394925FE-FAB1-4FFC-B1CF-4F64CC58F613@employees.org> <56E94275.20700@foobar.org> <3AE1DE20-D735-4262-A3FB-7C01F30BAFA2@employees.org> <56E96F74.7000206@foobar.org> <CALx6S37zP4UvCtBJsvnPN6OmDB0OQDMfRrJNy1XF0t4COStUjQ@mail.gmail.com> <56E98086.504 0209@foobar.org> <EE17974D-EDA4-4732-B29E-B2B3BC36DB86@employees.org> <56E9A16B.4030605@si6networks.com> <A2634C00-EBF8-48DA-9604-790F5213F536@employees.org> <56EA93C0.104090 4@si6networks.com> <34E270CB-AEB4-4034-99B8-1E6AB528CF67@employees.org> <d6967727-1fd6-1d43-0fbb- f665ed20e101@bogus.com> <3AE9BA3C-E7B6-4C0F-B6B4-5A737485123D@employees.org> <56EB2630.2020208@foobar.org>
In-Reply-To: <56EB2630.2020208@foobar.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3112)
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.19.64.117]
Content-Type: multipart/signed; boundary="Apple-Mail=_586CF4AD-B212-4101-802C-97FDFDD976F6"; protocol="application/pgp-signature"; micalg="pgp-sha1"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/zcTi-JgHM7dgvFfoTgsmpq3_TUU>
Cc: Fernando Gont <fgont@si6networks.com>, "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] WG Doc? draft-gont-v6ops-ipv6-ehs-packet-drops
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2016 22:29:58 -0000

On Mar 17, 2016, at 2:48 PM, Nick Hilliard <nick@foobar.org> wrote:
> It's not ok for the IETF to sit on its hands and pretend that this isn't
> a protocol problem.  The EH mechanism as it stands is unworkable which
> is causing breakage on production networks.  This needs attention from
> the IETF because EHs provide core ipv6 functionality and without this
> functionality, IPv6 is crippled as a protocol.

</chair>

I'm scratching my head on both of those statements. Help me out, if you would.

In there first statement, you assert that we're looking at a protocol problem. We may be, but that's not obvious to me. There is an issue with HBH headers, or at least with their implementation, which we are looking at in draft-ietf-6man-hbh-header-handling. Nalini Elkins has a problem with the lack of a counterpart to the IPv4 ident field, which she wants to address with a Destination Option in draft-ietf-ippm-6man-pdm-option. Several folks have issues with fragmentation and reassembly (draft-bonica-6man-frag-deprecate), but that is more about security policy and perceived application designer laziness than about issues with the header; it in fact fragments and reassembles if used for that purpose, and AFAIK is widely implemented.

You go on to say that IPv6 Extension Headers implement core functionality. I'll agree that the Security Header is core; I go to work using one of a couple of VPN technologies, and packet layer encryption is central to both. I'm hard pressed to say that the other headers are core; we don't use options in IPv4, and we don't seem to need these headers to make it work. Speaking wearing my protocol-droid hat, if I walk through a list of extension headers (HBH, Routing, Fragment, Destination Options, Security) I haven't heard anyone say "the protocol is incorrect; we need to move these bits over there and add these other bits somewhere else, or define some different processing algorithm". The only one we have deprecated is RH0, and even there, the issue isn't that RH0 can't be used to implement what in IPv4 we would call a Loose Source Route and Record; it's that even in IPv4 we decided that having that option was a security nightmare.

If we're looking at a protocol problem, we should be able to describe proposed changes to the protocol to fix it. I'm not hearing such things described, apart from draft-wkumari-long-headers.

Is the issue addressed in draft-wkumari-long-headers what we're talking about? If so, can we discard the bluster in tone and say that? Is there another issue? Can we describe it?

v2.23.0 | Report a Bug | By Email