Message ID | 1577400698-4836-1-git-send-email-tom@herbertland.com |
---|---|
Headers | show |
Series | ipv6: Extension header infrastructure | expand |
From: Tom Herbert <tom@herbertland.com> Date: Thu, 26 Dec 2019 14:51:29 -0800 > The fundamental rationale here is to make various TLVs, in particular > Hop-by-Hop and Destination options, usable, robust, scalable, and > extensible to support emerging functionality. So, patch #1 is fine and it seems to structure the code to more easily enable support for: https://tools.ietf.org/html/draft-ietf-6man-icmp-limits-07 (I'll note in passing how frustrating it is that, based upon your handling of things in that past, I know that I have to go out and explicitly look for draft RFCs containing your name in order to figure out what your overall long term agenda actually is. You should be stating these kinds of things in your commit messages) But as for the rest of the patch series, what are these "emerging functionalities" you are talking about? I've heard some noises about people wanting to do some kind of "kerberos for packets". Or even just plain putting app + user ID information into options. Is that where this is going? I have no idea, because you won't say. And honestly, this stuff sounds so easy to misuse by governments and other entities. It could also be used to allow ISPs to limit users in very undesirable and unfair ways. And honestly, surveilance and limiting are the most likely uses for such a facility. I can't see it legitimately being promoted as a "security" feature, really. I think the whole TX socket option can wait. And because of that the whole consolidation and cleanup of the option handling code is untenable, because without a use case all it does is make -stable backports insanely painful.
On Thu, Jan 2, 2020 at 1:41 PM David Miller <davem@davemloft.net> wrote: > > From: Tom Herbert <tom@herbertland.com> > Date: Thu, 26 Dec 2019 14:51:29 -0800 > > > The fundamental rationale here is to make various TLVs, in particular > > Hop-by-Hop and Destination options, usable, robust, scalable, and > > extensible to support emerging functionality. > > So, patch #1 is fine and it seems to structure the code to more easily > enable support for: > > https://tools.ietf.org/html/draft-ietf-6man-icmp-limits-07 > > (I'll note in passing how frustrating it is that, based upon your > handling of things in that past, I know that I have to go out and > explicitly look for draft RFCs containing your name in order to figure > out what your overall long term agenda actually is. You should be > stating these kinds of things in your commit messages) > > But as for the rest of the patch series, what are these "emerging > functionalities" you are talking about? > > I've heard some noises about people wanting to do some kind of "kerberos > for packets". Or even just plain putting app + user ID information into > options. > > Is that where this is going? I have no idea, because you won't say. > Yes, there is some of that. Here are some of the use cases for HBH options: PMTU option: draft-ietf-6man-mtu-option-01. There is a P4 implementation as well as Linux PoC for this that was demonstated @IETF103 hackathon. IOAM option: https://tools.ietf.org/html/draft-ietf-ippm-ioam-ipv6-options-00. There is also P4 implementation and Linux router support demonstrated at IETF104 hackathon. INT is a related technology that would also use this. FAST option: https://datatracker.ietf.org/doc/draft-herbert-fast/. I have PoC for this. There are some other protocol proposals in the is are (I know Huawei has something to describe the QoS that should be applied). There are others including the whole space especially as a real solution for host to networking signaling gets fleshed out. There's also the whole world of segment routing options and where that's going. > And honestly, this stuff sounds so easy to misuse by governments and > other entities. It could also be used to allow ISPs to limit users > in very undesirable and unfair ways. And honestly, surveilance and > limiting are the most likely uses for such a facility. I can't see > it legitimately being promoted as a "security" feature, really. > Yes, but the problem isn't unique to IPv6 options nor would abuse be prevented by not implementing them in Linux. Router vendors will happily provide the necessary support to allow abuse :-) AH is the prescribed way to prevent this sort of abuse (aside from encrypting everything that isn't necessary to route packets, but that's another story). AH is fully supported by Linux, good luck finding a router vendor that cares about it :-) > I think the whole TX socket option can wait. > > And because of that the whole consolidation and cleanup of the option > handling code is untenable, because without a use case all it does is > make -stable backports insanely painful. The problem with "wait and see" approach is that Linux is not the only game in town. There are other players that are pursuing this area (Cisco and Huawei in particular). They are able to implement protocols more to appease their short term marketing requirements with little regard for what is best for the community. This is why Linux is so critical to networking, it is the only open forum where real scrutiny is applied to how protocols are implemented. If the alternatives are given free to lead then it's very likely we'll end up being stuck with what they do and probably have to follow their lead regardless of how miserable they make the protocols. We've already seen this in segment routing, their attempts to kill IP fragmentation, and all the other examples of protocol ossification that unnecessarily restrict what hosts are allowed to send in the network and hence reduce the utility and security we are able to offer the user. The other data point I will offer is that the current Linux implementation of IPv6 destination and hop-by-hop options in the kernel is next to useless. Nobody is using the ones that have been implemented, and adding support for a new is a major pain-- the ability for modules to register support for an option seems like an obvious feature to me. Similarly, the restriction that only admin can set options is overly restrictive-- allowing to non-privileged users to send options under tightly controlled constraints set by the admin also seems reasonable to me. Tom
Tom, Happy new year!! I believe that these patches cost you great effort. However, we would like to see the 6-10 subsequent patch set to be really able to understand where are you going with these ones. At some point you mentioned that router vendors make protocol in miserable way. Do you believe the right way is that every individual defines the protocol the way he wants in a single authored IETF draft ? Regarding 10) Support IPv4 extension headers. I see that your drafts describing the idea are expired [1][2]. Do you plan to add to the kernel the implementation of expired contents ? or did you abandoned these drafts and described the idea somewhere else that I’m not aware of ? [1] https://tools.ietf.org/html/draft-herbert-ipv4-udpencap-eh-01 [2] https://tools.ietf.org/html/draft-herbert-ipv4-eh-01 Ahmed On Thu, 2 Jan 2020 16:42:24 -0800 Tom Herbert <tom@herbertland.com> wrote: > On Thu, Jan 2, 2020 at 1:41 PM David Miller <davem@davemloft.net> wrote: > > > > From: Tom Herbert <tom@herbertland.com> > > Date: Thu, 26 Dec 2019 14:51:29 -0800 > > > > > The fundamental rationale here is to make various TLVs, in particular > > > Hop-by-Hop and Destination options, usable, robust, scalable, and > > > extensible to support emerging functionality. > > > > So, patch #1 is fine and it seems to structure the code to more easily > > enable support for: > > > > https://tools.ietf.org/html/draft-ietf-6man-icmp-limits-07 > > > > (I'll note in passing how frustrating it is that, based upon your > > handling of things in that past, I know that I have to go out and > > explicitly look for draft RFCs containing your name in order to figure > > out what your overall long term agenda actually is. You should be > > stating these kinds of things in your commit messages) > > > > But as for the rest of the patch series, what are these "emerging > > functionalities" you are talking about? > > > > I've heard some noises about people wanting to do some kind of "kerberos > > for packets". Or even just plain putting app + user ID information into > > options. > > > > Is that where this is going? I have no idea, because you won't say. > > > Yes, there is some of that. Here are some of the use cases for HBH options: > > PMTU option: draft-ietf-6man-mtu-option-01. There is a P4 > implementation as well as Linux PoC for this that was demonstated > @IETF103 hackathon. > IOAM option: https://tools.ietf.org/html/draft-ietf-ippm-ioam-ipv6-options-00. > There is also P4 implementation and Linux router support demonstrated > at IETF104 hackathon. INT is a related technology that would also use > this. > FAST option: https://datatracker.ietf.org/doc/draft-herbert-fast/. I > have PoC for this. There are some other protocol proposals in the is > are (I know Huawei has something to describe the QoS that should be > applied). > > There are others including the whole space especially as a real > solution for host to networking signaling gets fleshed out. There's > also the whole world of segment routing options and where that's > going. > > > And honestly, this stuff sounds so easy to misuse by governments and > > other entities. It could also be used to allow ISPs to limit users > > in very undesirable and unfair ways. And honestly, surveilance and > > limiting are the most likely uses for such a facility. I can't see > > it legitimately being promoted as a "security" feature, really. > > > Yes, but the problem isn't unique to IPv6 options nor would abuse be > prevented by not implementing them in Linux. Router vendors will > happily provide the necessary support to allow abuse :-) AH is the > prescribed way to prevent this sort of abuse (aside from encrypting > everything that isn't necessary to route packets, but that's another > story). AH is fully supported by Linux, good luck finding a router > vendor that cares about it :-) > > > I think the whole TX socket option can wait. > > > > And because of that the whole consolidation and cleanup of the option > > handling code is untenable, because without a use case all it does is > > make -stable backports insanely painful. > > The problem with "wait and see" approach is that Linux is not the only > game in town. There are other players that are pursuing this area > (Cisco and Huawei in particular). They are able to implement protocols > more to appease their short term marketing requirements with little > regard for what is best for the community. This is why Linux is so > critical to networking, it is the only open forum where real scrutiny > is applied to how protocols are implemented. If the alternatives are > given free to lead then it's very likely we'll end up being stuck with > what they do and probably have to follow their lead regardless of how > miserable they make the protocols. We've already seen this in segment > routing, their attempts to kill IP fragmentation, and all the other > examples of protocol ossification that unnecessarily restrict what > hosts are allowed to send in the network and hence reduce the utility > and security we are able to offer the user. > > The other data point I will offer is that the current Linux > implementation of IPv6 destination and hop-by-hop options in the > kernel is next to useless. Nobody is using the ones that have been > implemented, and adding support for a new is a major pain-- the > ability for modules to register support for an option seems like an > obvious feature to me. Similarly, the restriction that only admin can > set options is overly restrictive-- allowing to non-privileged users > to send options under tightly controlled constraints set by the admin > also seems reasonable to me. > > Tom
On Thu, Jan 2, 2020 at 11:11 PM kernel Dev <ahabdels.dev@gmail.com> wrote: > > Tom, > Happy new year!! > Happy new year to you! > I believe that these patches cost you great effort. However, we would like to see the 6-10 subsequent patch set to be really able to understand where are you going with these ones. > I can post those as RFC. > At some point you mentioned that router vendors make protocol in miserable way. Do you believe the right way is that every individual defines the protocol the way he wants in a single authored IETF draft ? > No, that defies the whole purpose of standard and interoperable protocols. The problem we are finding with IETF is that it has no means to enforce conformance of the protocols it standardizes. Router vendors openly exploit this, for instance at the last IETF the Cisco engineer presenting extension header insertion (a clear violation of RFC8200) plainly said upfront that regardless of any feedback or input they will continue developing and deploying it the way they want. Note this is not an indictment of all router vendors and their engineers, there are many that are trying to do the right thing-- but it's really pretty easy for a few engineers at large vendors to cheat the system in different ways. The only pushback IETF can do is to not standardize these non-conformant quasi-proprietary protocols. The real way to combat this provide open implementation that demonstrates the correct use of the protocols and show that's more extensible and secure than these "hacks". > Regarding 10) Support IPv4 extension headers. > I see that your drafts describing the idea are expired [1][2]. > Do you plan to add to the kernel the implementation of expired contents ? or did you abandoned these drafts and described the idea somewhere else that I’m not aware of ? > > [1] https://tools.ietf.org/html/draft-herbert-ipv4-udpencap-eh-01 > [2] https://tools.ietf.org/html/draft-herbert-ipv4-eh-01 > [1] is obsoleted by [2]. I will update [2] shortly. I may also propose an IETF hackathon project to bring up IOAM over IPv4 if you are interested. Tom > Ahmed > > > On Thu, 2 Jan 2020 16:42:24 -0800 > Tom Herbert <tom@herbertland.com> wrote: > > > On Thu, Jan 2, 2020 at 1:41 PM David Miller <davem@davemloft.net> wrote: > > > > > > From: Tom Herbert <tom@herbertland.com> > > > Date: Thu, 26 Dec 2019 14:51:29 -0800 > > > > > > > The fundamental rationale here is to make various TLVs, in particular > > > > Hop-by-Hop and Destination options, usable, robust, scalable, and > > > > extensible to support emerging functionality. > > > > > > So, patch #1 is fine and it seems to structure the code to more easily > > > enable support for: > > > > > > https://tools.ietf.org/html/draft-ietf-6man-icmp-limits-07 > > > > > > (I'll note in passing how frustrating it is that, based upon your > > > handling of things in that past, I know that I have to go out and > > > explicitly look for draft RFCs containing your name in order to figure > > > out what your overall long term agenda actually is. You should be > > > stating these kinds of things in your commit messages) > > > > > > But as for the rest of the patch series, what are these "emerging > > > functionalities" you are talking about? > > > > > > I've heard some noises about people wanting to do some kind of "kerberos > > > for packets". Or even just plain putting app + user ID information into > > > options. > > > > > > Is that where this is going? I have no idea, because you won't say. > > > > > Yes, there is some of that. Here are some of the use cases for HBH options: > > > > PMTU option: draft-ietf-6man-mtu-option-01. There is a P4 > > implementation as well as Linux PoC for this that was demonstated > > @IETF103 hackathon. > > IOAM option: https://tools.ietf.org/html/draft-ietf-ippm-ioam-ipv6-options-00. > > There is also P4 implementation and Linux router support demonstrated > > at IETF104 hackathon. INT is a related technology that would also use > > this. > > FAST option: https://datatracker.ietf.org/doc/draft-herbert-fast/. I > > have PoC for this. There are some other protocol proposals in the is > > are (I know Huawei has something to describe the QoS that should be > > applied). > > > > There are others including the whole space especially as a real > > solution for host to networking signaling gets fleshed out. There's > > also the whole world of segment routing options and where that's > > going. > > > > > And honestly, this stuff sounds so easy to misuse by governments and > > > other entities. It could also be used to allow ISPs to limit users > > > in very undesirable and unfair ways. And honestly, surveilance and > > > limiting are the most likely uses for such a facility. I can't see > > > it legitimately being promoted as a "security" feature, really. > > > > > Yes, but the problem isn't unique to IPv6 options nor would abuse be > > prevented by not implementing them in Linux. Router vendors will > > happily provide the necessary support to allow abuse :-) AH is the > > prescribed way to prevent this sort of abuse (aside from encrypting > > everything that isn't necessary to route packets, but that's another > > story). AH is fully supported by Linux, good luck finding a router > > vendor that cares about it :-) > > > > > I think the whole TX socket option can wait. > > > > > > And because of that the whole consolidation and cleanup of the option > > > handling code is untenable, because without a use case all it does is > > > make -stable backports insanely painful. > > > > The problem with "wait and see" approach is that Linux is not the only > > game in town. There are other players that are pursuing this area > > (Cisco and Huawei in particular). They are able to implement protocols > > more to appease their short term marketing requirements with little > > regard for what is best for the community. This is why Linux is so > > critical to networking, it is the only open forum where real scrutiny > > is applied to how protocols are implemented. If the alternatives are > > given free to lead then it's very likely we'll end up being stuck with > > what they do and probably have to follow their lead regardless of how > > miserable they make the protocols. We've already seen this in segment > > routing, their attempts to kill IP fragmentation, and all the other > > examples of protocol ossification that unnecessarily restrict what > > hosts are allowed to send in the network and hence reduce the utility > > and security we are able to offer the user. > > > > The other data point I will offer is that the current Linux > > implementation of IPv6 destination and hop-by-hop options in the > > kernel is next to useless. Nobody is using the ones that have been > > implemented, and adding support for a new is a major pain-- the > > ability for modules to register support for an option seems like an > > obvious feature to me. Similarly, the restriction that only admin can > > set options is overly restrictive-- allowing to non-privileged users > > to send options under tightly controlled constraints set by the admin > > also seems reasonable to me. > > > > Tom > > > -- > kernel Dev <ahabdels.dev@gmail.com>
From: Tom Herbert <tom@herbertland.com> Date: Fri, 3 Jan 2020 09:35:08 -0800 > The real way to combat this provide open implementation that > demonstrates the correct use of the protocols and show that's more > extensible and secure than these "hacks". Keep dreaming, this won't stop Cisco from doing whatever it wants to do.
On Fri, Jan 3, 2020 at 12:45 PM David Miller <davem@davemloft.net> wrote: > > From: Tom Herbert <tom@herbertland.com> > Date: Fri, 3 Jan 2020 09:35:08 -0800 > > > The real way to combat this provide open implementation that > > demonstrates the correct use of the protocols and show that's more > > extensible and secure than these "hacks". > > Keep dreaming, this won't stop Cisco from doing whatever it wants to do. See QUIC. See TLS. See TCP fast open. See transport layer encryption. These are prime examples where we've steered the Internet from host protocols and implementation to successfully obsolete or at least work around protocol ossification that was perpetuated by router vendors. Cisco is not the Internet!
From: Tom Herbert <tom@herbertland.com> Date: Fri, 3 Jan 2020 14:31:58 -0800 > On Fri, Jan 3, 2020 at 12:45 PM David Miller <davem@davemloft.net> wrote: >> >> From: Tom Herbert <tom@herbertland.com> >> Date: Fri, 3 Jan 2020 09:35:08 -0800 >> >> > The real way to combat this provide open implementation that >> > demonstrates the correct use of the protocols and show that's more >> > extensible and secure than these "hacks". >> >> Keep dreaming, this won't stop Cisco from doing whatever it wants to do. > > See QUIC. See TLS. See TCP fast open. See transport layer encryption. > These are prime examples where we've steered the Internet from host > protocols and implementation to successfully obsolete or at least work > around protocol ossification that was perpetuated by router vendors. > Cisco is not the Internet! Seriously, I wish you luck stopping the SRv6 header insertion stuff. It's simply not happening, no matter what transport layer technology you throw at the situation.
On Fri, Jan 3, 2020 at 2:57 PM David Miller <davem@davemloft.net> wrote: > > From: Tom Herbert <tom@herbertland.com> > Date: Fri, 3 Jan 2020 14:31:58 -0800 > > > On Fri, Jan 3, 2020 at 12:45 PM David Miller <davem@davemloft.net> wrote: > >> > >> From: Tom Herbert <tom@herbertland.com> > >> Date: Fri, 3 Jan 2020 09:35:08 -0800 > >> > >> > The real way to combat this provide open implementation that > >> > demonstrates the correct use of the protocols and show that's more > >> > extensible and secure than these "hacks". > >> > >> Keep dreaming, this won't stop Cisco from doing whatever it wants to do. > > > > See QUIC. See TLS. See TCP fast open. See transport layer encryption. > > These are prime examples where we've steered the Internet from host > > protocols and implementation to successfully obsolete or at least work > > around protocol ossification that was perpetuated by router vendors. > > Cisco is not the Internet! > > Seriously, I wish you luck stopping the SRv6 header insertion stuff. > Dave, I agree we can't stop it, but maybe we can steer it to be at least palatable. There are valid use cases for extension header insertion. Ironically, SRv6 header insertion isn't one of them; the proponents have failed to offer even a single reason why the alternative of IPv6 encapsulation isn't sufficient (believe me, we've asked _many_ times for some justification and only get hand waving!). There are, however, some interesting uses cases like in IOAM where the operator would like to annotate packets as they traverse the network. Encapsulation is insufficient if they don't know what the end point would be or they don't want the annotation to change the path the packets take (versus those that aren't annotated). The salient problem with extension header insertion is lost of attribution. It is fundamental in the IP protocol that the contents of a packet are attributed to the source host identified by the source address. If some intermediate node inserts an extension header that subsequently breaks the packet downstream then there is no obvious way to debug this. If an ICMP message is sent because of the receiving data, then receiving host can't do much with it; it's not the source of the data in error and nothing in the packet tells who the culprit is. The Cisco guys have at least conceded one point on SRv6 insertion due to pushback on this, their latest draft only does SRv6 insertion on packets that have already been encapsulated in IPIP on ingress into the domain. This is intended to at least restrict the modified packets to a controlled domain (I'm note sure if any implementations enforce this though). My proposal is to require an "attribution" HBH option that would clearly identify inserted data put in a packet by middleboxes (draft-herbert-6man-eh-attrib-00). This is a tradeoff to allow extension header insertion, but require protocol to give attribution and make it at least somewhat robust and manageable. Tom
On Fri, 3 Jan 2020 at 15:49, Tom Herbert <tom@herbertland.com> wrote: > > On Fri, Jan 3, 2020 at 2:57 PM David Miller <davem@davemloft.net> wrote: > > > > From: Tom Herbert <tom@herbertland.com> > > Date: Fri, 3 Jan 2020 14:31:58 -0800 > > > > > On Fri, Jan 3, 2020 at 12:45 PM David Miller <davem@davemloft.net> wrote: > > >> > > >> From: Tom Herbert <tom@herbertland.com> > > >> Date: Fri, 3 Jan 2020 09:35:08 -0800 > > >> > > >> > The real way to combat this provide open implementation that > > >> > demonstrates the correct use of the protocols and show that's more > > >> > extensible and secure than these "hacks". > > >> > > >> Keep dreaming, this won't stop Cisco from doing whatever it wants to do. > > > > > > See QUIC. See TLS. See TCP fast open. See transport layer encryption. > > > These are prime examples where we've steered the Internet from host > > > protocols and implementation to successfully obsolete or at least work > > > around protocol ossification that was perpetuated by router vendors. > > > Cisco is not the Internet! > > > > Seriously, I wish you luck stopping the SRv6 header insertion stuff. > > > Dave, > > I agree we can't stop it, but maybe we can steer it to be at least > palatable. There are valid use cases for extension header insertion. > Ironically, SRv6 header insertion isn't one of them; the proponents > have failed to offer even a single reason why the alternative of IPv6 > encapsulation isn't sufficient (believe me, we've asked _many_ times > for some justification and only get hand waving!). There are, however, > some interesting uses cases like in IOAM where the operator would like > to annotate packets as they traverse the network. Encapsulation is > insufficient if they don't know what the end point would be or they > don't want the annotation to change the path the packets take (versus > those that aren't annotated). > > The salient problem with extension header insertion is lost of And the problems that can be introduced by changing the effective path MTU... > attribution. It is fundamental in the IP protocol that the contents of > a packet are attributed to the source host identified by the source > address. If some intermediate node inserts an extension header that > subsequently breaks the packet downstream then there is no obvious way > to debug this. If an ICMP message is sent because of the receiving > data, then receiving host can't do much with it; it's not the source > of the data in error and nothing in the packet tells who the culprit > is. The Cisco guys have at least conceded one point on SRv6 insertion > due to pushback on this, their latest draft only does SRv6 insertion > on packets that have already been encapsulated in IPIP on ingress into > the domain. This is intended to at least restrict the modified packets > to a controlled domain (I'm note sure if any implementations enforce > this though). My proposal is to require an "attribution" HBH option > that would clearly identify inserted data put in a packet by > middleboxes (draft-herbert-6man-eh-attrib-00). This is a tradeoff to > allow extension header insertion, but require protocol to give > attribution and make it at least somewhat robust and manageable. > > Tom FWIW the SRv6 header insertion stuff is still under discussion in spring wg (last I knew). I proposed one option that could be used to avoid insertion (allow for extra scratch space https://mailarchive.ietf.org/arch/msg/spring/UhThRTNxbHWNiMGgRi3U0SqLaDA), but nothing has been conclusively resolved last I checked. As everyone probably knows, the draft-ietf-* documents are working-group-adopted documents (though final publication is never guaranteed). My current reading of 6man tea leaves is that neither "ICMP limits" and "MTU option" docs were terribly contentious. Whether code reorg is important for implementing these I'm not competent enough to say.
On Fri, Jan 3, 2020 at 3:53 PM Erik Kline <ek@loon.com> wrote: > > On Fri, 3 Jan 2020 at 15:49, Tom Herbert <tom@herbertland.com> wrote: > > > > On Fri, Jan 3, 2020 at 2:57 PM David Miller <davem@davemloft.net> wrote: > > > > > > From: Tom Herbert <tom@herbertland.com> > > > Date: Fri, 3 Jan 2020 14:31:58 -0800 > > > > > > > On Fri, Jan 3, 2020 at 12:45 PM David Miller <davem@davemloft.net> wrote: > > > >> > > > >> From: Tom Herbert <tom@herbertland.com> > > > >> Date: Fri, 3 Jan 2020 09:35:08 -0800 > > > >> > > > >> > The real way to combat this provide open implementation that > > > >> > demonstrates the correct use of the protocols and show that's more > > > >> > extensible and secure than these "hacks". > > > >> > > > >> Keep dreaming, this won't stop Cisco from doing whatever it wants to do. > > > > > > > > See QUIC. See TLS. See TCP fast open. See transport layer encryption. > > > > These are prime examples where we've steered the Internet from host > > > > protocols and implementation to successfully obsolete or at least work > > > > around protocol ossification that was perpetuated by router vendors. > > > > Cisco is not the Internet! > > > > > > Seriously, I wish you luck stopping the SRv6 header insertion stuff. > > > > > Dave, > > > > I agree we can't stop it, but maybe we can steer it to be at least > > palatable. There are valid use cases for extension header insertion. > > Ironically, SRv6 header insertion isn't one of them; the proponents > > have failed to offer even a single reason why the alternative of IPv6 > > encapsulation isn't sufficient (believe me, we've asked _many_ times > > for some justification and only get hand waving!). There are, however, > > some interesting uses cases like in IOAM where the operator would like > > to annotate packets as they traverse the network. Encapsulation is > > insufficient if they don't know what the end point would be or they > > don't want the annotation to change the path the packets take (versus > > those that aren't annotated). > > > > The salient problem with extension header insertion is lost of > > And the problems that can be introduced by changing the effective path MTU... > Eric, Yep, increasing the size of packet in transit potentially wreaks havoc on PMTU discovery, however I personally think that the issue might be overblown. We already have the same problem when tunneling is done in the network since most tunneling implementations and deployments just assume the operator has set large enough MTUs. As long as all the overhead inserted into the packet doesn't reduce the end host PMTU below 1280, PMTU discovery and probably even PTB for a packet with inserted headers still has right effect. > > attribution. It is fundamental in the IP protocol that the contents of > > a packet are attributed to the source host identified by the source > > address. If some intermediate node inserts an extension header that > > subsequently breaks the packet downstream then there is no obvious way > > to debug this. If an ICMP message is sent because of the receiving > > data, then receiving host can't do much with it; it's not the source > > of the data in error and nothing in the packet tells who the culprit > > is. The Cisco guys have at least conceded one point on SRv6 insertion > > due to pushback on this, their latest draft only does SRv6 insertion > > on packets that have already been encapsulated in IPIP on ingress into > > the domain. This is intended to at least restrict the modified packets > > to a controlled domain (I'm note sure if any implementations enforce > > this though). My proposal is to require an "attribution" HBH option > > that would clearly identify inserted data put in a packet by > > middleboxes (draft-herbert-6man-eh-attrib-00). This is a tradeoff to > > allow extension header insertion, but require protocol to give > > attribution and make it at least somewhat robust and manageable. > > > > Tom > > FWIW the SRv6 header insertion stuff is still under discussion in > spring wg (last I knew). I proposed one option that could be used to It's also under discussion in 6man. > avoid insertion (allow for extra scratch space > https://mailarchive.ietf.org/arch/msg/spring/UhThRTNxbHWNiMGgRi3U0SqLaDA), > but nothing has been conclusively resolved last I checked. > I saw your proposal. It's a good idea from POV to be conformant with RFC8200 and avoid the PMTU problems, but the header insertion proponents aren't going to like it at all. First, it means that the source is in control of the insertion policy and host is required to change-- no way they'll buy into that ;-). Secondly, if the scratch space isn't used they'll undoubtedly claim that is unnecessary overhead. Tom > As everyone probably knows, the draft-ietf-* documents are > working-group-adopted documents (though final publication is never > guaranteed). My current reading of 6man tea leaves is that neither > "ICMP limits" and "MTU option" docs were terribly contentious. > Whether code reorg is important for implementing these I'm not > competent enough to say.
Tom, I will not go into whether Tom or router vendors is right from IETF perspective as here is not the place to discuss. But it seems to me that the motivation behind these patches is just to pushback on the current IETF proposals. The patches timeline is completely aligned with when IETF threads get into tough discussions (May 2019, August 2019, and now). I’m not the one to decide, but IMO people should not add stuff to the kernel just to enforce their opinions on other mailers. On Fri, 3 Jan 2020 16:37:33 -0800 Tom Herbert <tom@herbertland.com> wrote: > On Fri, Jan 3, 2020 at 3:53 PM Erik Kline <ek@loon.com> wrote: > > > > On Fri, 3 Jan 2020 at 15:49, Tom Herbert <tom@herbertland.com> wrote: > > > > > > On Fri, Jan 3, 2020 at 2:57 PM David Miller <davem@davemloft.net> wrote: > > > > > > > > From: Tom Herbert <tom@herbertland.com> > > > > Date: Fri, 3 Jan 2020 14:31:58 -0800 > > > > > > > > > On Fri, Jan 3, 2020 at 12:45 PM David Miller <davem@davemloft.net> wrote: > > > > >> > > > > >> From: Tom Herbert <tom@herbertland.com> > > > > >> Date: Fri, 3 Jan 2020 09:35:08 -0800 > > > > >> > > > > >> > The real way to combat this provide open implementation that > > > > >> > demonstrates the correct use of the protocols and show that's more > > > > >> > extensible and secure than these "hacks". > > > > >> > > > > >> Keep dreaming, this won't stop Cisco from doing whatever it wants to do. > > > > > > > > > > See QUIC. See TLS. See TCP fast open. See transport layer encryption. > > > > > These are prime examples where we've steered the Internet from host > > > > > protocols and implementation to successfully obsolete or at least work > > > > > around protocol ossification that was perpetuated by router vendors. > > > > > Cisco is not the Internet! > > > > > > > > Seriously, I wish you luck stopping the SRv6 header insertion stuff. > > > > > > > Dave, > > > > > > I agree we can't stop it, but maybe we can steer it to be at least > > > palatable. There are valid use cases for extension header insertion. > > > Ironically, SRv6 header insertion isn't one of them; the proponents > > > have failed to offer even a single reason why the alternative of IPv6 > > > encapsulation isn't sufficient (believe me, we've asked _many_ times > > > for some justification and only get hand waving!). There are, however, > > > some interesting uses cases like in IOAM where the operator would like > > > to annotate packets as they traverse the network. Encapsulation is > > > insufficient if they don't know what the end point would be or they > > > don't want the annotation to change the path the packets take (versus > > > those that aren't annotated). > > > > > > The salient problem with extension header insertion is lost of > > > > And the problems that can be introduced by changing the effective path MTU... > > > Eric, > > Yep, increasing the size of packet in transit potentially wreaks havoc > on PMTU discovery, however I personally think that the issue might be > overblown. We already have the same problem when tunneling is done in > the network since most tunneling implementations and deployments just > assume the operator has set large enough MTUs. As long as all the > overhead inserted into the packet doesn't reduce the end host PMTU > below 1280, PMTU discovery and probably even PTB for a packet with > inserted headers still has right effect. > > > > attribution. It is fundamental in the IP protocol that the contents of > > > a packet are attributed to the source host identified by the source > > > address. If some intermediate node inserts an extension header that > > > subsequently breaks the packet downstream then there is no obvious way > > > to debug this. If an ICMP message is sent because of the receiving > > > data, then receiving host can't do much with it; it's not the source > > > of the data in error and nothing in the packet tells who the culprit > > > is. The Cisco guys have at least conceded one point on SRv6 insertion > > > due to pushback on this, their latest draft only does SRv6 insertion > > > on packets that have already been encapsulated in IPIP on ingress into > > > the domain. This is intended to at least restrict the modified packets > > > to a controlled domain (I'm note sure if any implementations enforce > > > this though). My proposal is to require an "attribution" HBH option > > > that would clearly identify inserted data put in a packet by > > > middleboxes (draft-herbert-6man-eh-attrib-00). This is a tradeoff to > > > allow extension header insertion, but require protocol to give > > > attribution and make it at least somewhat robust and manageable. > > > > > > Tom > > > > FWIW the SRv6 header insertion stuff is still under discussion in > > spring wg (last I knew). I proposed one option that could be used to > > It's also under discussion in 6man. > > > avoid insertion (allow for extra scratch space > > https://mailarchive.ietf.org/arch/msg/spring/UhThRTNxbHWNiMGgRi3U0SqLaDA), > > but nothing has been conclusively resolved last I checked. > > > > I saw your proposal. It's a good idea from POV to be conformant with > RFC8200 and avoid the PMTU problems, but the header insertion > proponents aren't going to like it at all. First, it means that the > source is in control of the insertion policy and host is required to > change-- no way they'll buy into that ;-). Secondly, if the scratch > space isn't used they'll undoubtedly claim that is unnecessary > overhead. > > Tom > > > As everyone probably knows, the draft-ietf-* documents are > > working-group-adopted documents (though final publication is never > > guaranteed). My current reading of 6man tea leaves is that neither > > "ICMP limits" and "MTU option" docs were terribly contentious. > > Whether code reorg is important for implementing these I'm not > > competent enough to say. --
On Sat, Jan 4, 2020 at 12:05 AM kernel Dev <ahabdels.dev@gmail.com> wrote: > > Tom, > > I will not go into whether Tom or router vendors is right from IETF perspective as here is not the place to discuss. > > But it seems to me that the motivation behind these patches is just to pushback on the current IETF proposals. > Sorry, but that is completely untrue. The patches are a general improvement. The ability to allow modules to register handlers for options code points has nothing to do with "pushback on the current IETF protocols". This sort of registration is a mechanism used all over the place. Similarly, allowing non-priveledged users to send options is not for any specific protocol-- it is a *general* mechanism. > The patches timeline is completely aligned with when IETF threads get into tough discussions (May 2019, August 2019, and now). > Yes, discussion about new protocols in IETF tends to correlate with development and implementation of the protocols. That shouldn't surprise anyone. SRv6 for instance was highly controversial in IETF and yet the patches went in. > I’m not the one to decide, but IMO people should not add stuff to the kernel just to enforce their opinions on other mailers. I take exception with your insinuation. Seeing as how you might be new to Linux kernel development I will ignore it. But, in the future, I strongly suggest you be careful about accusing people about their motivations based solely on one interaction. Tom > > > On Fri, 3 Jan 2020 16:37:33 -0800 > Tom Herbert <tom@herbertland.com> wrote: > > > On Fri, Jan 3, 2020 at 3:53 PM Erik Kline <ek@loon.com> wrote: > > > > > > On Fri, 3 Jan 2020 at 15:49, Tom Herbert <tom@herbertland.com> wrote: > > > > > > > > On Fri, Jan 3, 2020 at 2:57 PM David Miller <davem@davemloft.net> wrote: > > > > > > > > > > From: Tom Herbert <tom@herbertland.com> > > > > > Date: Fri, 3 Jan 2020 14:31:58 -0800 > > > > > > > > > > > On Fri, Jan 3, 2020 at 12:45 PM David Miller <davem@davemloft.net> wrote: > > > > > >> > > > > > >> From: Tom Herbert <tom@herbertland.com> > > > > > >> Date: Fri, 3 Jan 2020 09:35:08 -0800 > > > > > >> > > > > > >> > The real way to combat this provide open implementation that > > > > > >> > demonstrates the correct use of the protocols and show that's more > > > > > >> > extensible and secure than these "hacks". > > > > > >> > > > > > >> Keep dreaming, this won't stop Cisco from doing whatever it wants to do. > > > > > > > > > > > > See QUIC. See TLS. See TCP fast open. See transport layer encryption. > > > > > > These are prime examples where we've steered the Internet from host > > > > > > protocols and implementation to successfully obsolete or at least work > > > > > > around protocol ossification that was perpetuated by router vendors. > > > > > > Cisco is not the Internet! > > > > > > > > > > Seriously, I wish you luck stopping the SRv6 header insertion stuff. > > > > > > > > > Dave, > > > > > > > > I agree we can't stop it, but maybe we can steer it to be at least > > > > palatable. There are valid use cases for extension header insertion. > > > > Ironically, SRv6 header insertion isn't one of them; the proponents > > > > have failed to offer even a single reason why the alternative of IPv6 > > > > encapsulation isn't sufficient (believe me, we've asked _many_ times > > > > for some justification and only get hand waving!). There are, however, > > > > some interesting uses cases like in IOAM where the operator would like > > > > to annotate packets as they traverse the network. Encapsulation is > > > > insufficient if they don't know what the end point would be or they > > > > don't want the annotation to change the path the packets take (versus > > > > those that aren't annotated). > > > > > > > > The salient problem with extension header insertion is lost of > > > > > > And the problems that can be introduced by changing the effective path MTU... > > > > > Eric, > > > > Yep, increasing the size of packet in transit potentially wreaks havoc > > on PMTU discovery, however I personally think that the issue might be > > overblown. We already have the same problem when tunneling is done in > > the network since most tunneling implementations and deployments just > > assume the operator has set large enough MTUs. As long as all the > > overhead inserted into the packet doesn't reduce the end host PMTU > > below 1280, PMTU discovery and probably even PTB for a packet with > > inserted headers still has right effect. > > > > > > attribution. It is fundamental in the IP protocol that the contents of > > > > a packet are attributed to the source host identified by the source > > > > address. If some intermediate node inserts an extension header that > > > > subsequently breaks the packet downstream then there is no obvious way > > > > to debug this. If an ICMP message is sent because of the receiving > > > > data, then receiving host can't do much with it; it's not the source > > > > of the data in error and nothing in the packet tells who the culprit > > > > is. The Cisco guys have at least conceded one point on SRv6 insertion > > > > due to pushback on this, their latest draft only does SRv6 insertion > > > > on packets that have already been encapsulated in IPIP on ingress into > > > > the domain. This is intended to at least restrict the modified packets > > > > to a controlled domain (I'm note sure if any implementations enforce > > > > this though). My proposal is to require an "attribution" HBH option > > > > that would clearly identify inserted data put in a packet by > > > > middleboxes (draft-herbert-6man-eh-attrib-00). This is a tradeoff to > > > > allow extension header insertion, but require protocol to give > > > > attribution and make it at least somewhat robust and manageable. > > > > > > > > Tom > > > > > > FWIW the SRv6 header insertion stuff is still under discussion in > > > spring wg (last I knew). I proposed one option that could be used to > > > > It's also under discussion in 6man. > > > > > avoid insertion (allow for extra scratch space > > > https://mailarchive.ietf.org/arch/msg/spring/UhThRTNxbHWNiMGgRi3U0SqLaDA), > > > but nothing has been conclusively resolved last I checked. > > > > > > > I saw your proposal. It's a good idea from POV to be conformant with > > RFC8200 and avoid the PMTU problems, but the header insertion > > proponents aren't going to like it at all. First, it means that the > > source is in control of the insertion policy and host is required to > > change-- no way they'll buy into that ;-). Secondly, if the scratch > > space isn't used they'll undoubtedly claim that is unnecessary > > overhead. > > > > Tom > > > > > As everyone probably knows, the draft-ietf-* documents are > > > working-group-adopted documents (though final publication is never > > > guaranteed). My current reading of 6man tea leaves is that neither > > > "ICMP limits" and "MTU option" docs were terribly contentious. > > > Whether code reorg is important for implementing these I'm not > > > competent enough to say. > > > --
Hi Tom, I wasn’t accusing anyone in my message. It is a personal opinion. If my message was misunderstood, then please accept my apologies. Also SRv6 is not highly controversial and this is proven by its adoption rate and ecosystem. I have never seen a highly controversial technology that has (in two years) at least 8 public deployments and is supported by 18 publicly known routing platforms from 8 different vendors. Also has support in the mainline of Linux kernel, FD.io VPP, Wireshark, tcpdump, iptables and nftables. If you are a network operator, would you deply a highly controversial technology in your network ? On Sat, 4 Jan 2020 09:45:59 -0800 Tom Herbert <tom@herbertland.com> wrote: > On Sat, Jan 4, 2020 at 12:05 AM kernel Dev <ahabdels.dev@gmail.com> wrote: > > > > Tom, > > > > I will not go into whether Tom or router vendors is right from IETF perspective as here is not the place to discuss. > > > > But it seems to me that the motivation behind these patches is just to pushback on the current IETF proposals. > > > Sorry, but that is completely untrue. The patches are a general > improvement. The ability to allow modules to register handlers for > options code points has nothing to do with "pushback on the current > IETF protocols". This sort of registration is a mechanism used all > over the place. Similarly, allowing non-priveledged users to send > options is not for any specific protocol-- it is a *general* > mechanism. > > > The patches timeline is completely aligned with when IETF threads get into tough discussions (May 2019, August 2019, and now). > > > Yes, discussion about new protocols in IETF tends to correlate with > development and implementation of the protocols. That shouldn't > surprise anyone. SRv6 for instance was highly controversial in IETF > and yet the patches went in. > > > I’m not the one to decide, but IMO people should not add stuff to the kernel just to enforce their opinions on other mailers. > > I take exception with your insinuation. Seeing as how you might be new > to Linux kernel development I will ignore it. But, in the future, I > strongly suggest you be careful about accusing people about their > motivations based solely on one interaction. > > Tom > > > > > > > > On Fri, 3 Jan 2020 16:37:33 -0800 > > Tom Herbert <tom@herbertland.com> wrote: > > > > > On Fri, Jan 3, 2020 at 3:53 PM Erik Kline <ek@loon.com> wrote: > > > > > > > > On Fri, 3 Jan 2020 at 15:49, Tom Herbert <tom@herbertland.com> wrote: > > > > > > > > > > On Fri, Jan 3, 2020 at 2:57 PM David Miller <davem@davemloft.net> wrote: > > > > > > > > > > > > From: Tom Herbert <tom@herbertland.com> > > > > > > Date: Fri, 3 Jan 2020 14:31:58 -0800 > > > > > > > > > > > > > On Fri, Jan 3, 2020 at 12:45 PM David Miller <davem@davemloft.net> wrote: > > > > > > >> > > > > > > >> From: Tom Herbert <tom@herbertland.com> > > > > > > >> Date: Fri, 3 Jan 2020 09:35:08 -0800 > > > > > > >> > > > > > > >> > The real way to combat this provide open implementation that > > > > > > >> > demonstrates the correct use of the protocols and show that's more > > > > > > >> > extensible and secure than these "hacks". > > > > > > >> > > > > > > >> Keep dreaming, this won't stop Cisco from doing whatever it wants to do. > > > > > > > > > > > > > > See QUIC. See TLS. See TCP fast open. See transport layer encryption. > > > > > > > These are prime examples where we've steered the Internet from host > > > > > > > protocols and implementation to successfully obsolete or at least work > > > > > > > around protocol ossification that was perpetuated by router vendors. > > > > > > > Cisco is not the Internet! > > > > > > > > > > > > Seriously, I wish you luck stopping the SRv6 header insertion stuff. > > > > > > > > > > > Dave, > > > > > > > > > > I agree we can't stop it, but maybe we can steer it to be at least > > > > > palatable. There are valid use cases for extension header insertion. > > > > > Ironically, SRv6 header insertion isn't one of them; the proponents > > > > > have failed to offer even a single reason why the alternative of IPv6 > > > > > encapsulation isn't sufficient (believe me, we've asked _many_ times > > > > > for some justification and only get hand waving!). There are, however, > > > > > some interesting uses cases like in IOAM where the operator would like > > > > > to annotate packets as they traverse the network. Encapsulation is > > > > > insufficient if they don't know what the end point would be or they > > > > > don't want the annotation to change the path the packets take (versus > > > > > those that aren't annotated). > > > > > > > > > > The salient problem with extension header insertion is lost of > > > > > > > > And the problems that can be introduced by changing the effective path MTU... > > > > > > > Eric, > > > > > > Yep, increasing the size of packet in transit potentially wreaks havoc > > > on PMTU discovery, however I personally think that the issue might be > > > overblown. We already have the same problem when tunneling is done in > > > the network since most tunneling implementations and deployments just > > > assume the operator has set large enough MTUs. As long as all the > > > overhead inserted into the packet doesn't reduce the end host PMTU > > > below 1280, PMTU discovery and probably even PTB for a packet with > > > inserted headers still has right effect. > > > > > > > > attribution. It is fundamental in the IP protocol that the contents of > > > > > a packet are attributed to the source host identified by the source > > > > > address. If some intermediate node inserts an extension header that > > > > > subsequently breaks the packet downstream then there is no obvious way > > > > > to debug this. If an ICMP message is sent because of the receiving > > > > > data, then receiving host can't do much with it; it's not the source > > > > > of the data in error and nothing in the packet tells who the culprit > > > > > is. The Cisco guys have at least conceded one point on SRv6 insertion > > > > > due to pushback on this, their latest draft only does SRv6 insertion > > > > > on packets that have already been encapsulated in IPIP on ingress into > > > > > the domain. This is intended to at least restrict the modified packets > > > > > to a controlled domain (I'm note sure if any implementations enforce > > > > > this though). My proposal is to require an "attribution" HBH option > > > > > that would clearly identify inserted data put in a packet by > > > > > middleboxes (draft-herbert-6man-eh-attrib-00). This is a tradeoff to > > > > > allow extension header insertion, but require protocol to give > > > > > attribution and make it at least somewhat robust and manageable. > > > > > > > > > > Tom > > > > > > > > FWIW the SRv6 header insertion stuff is still under discussion in > > > > spring wg (last I knew). I proposed one option that could be used to > > > > > > It's also under discussion in 6man. > > > > > > > avoid insertion (allow for extra scratch space > > > > https://mailarchive.ietf.org/arch/msg/spring/UhThRTNxbHWNiMGgRi3U0SqLaDA), > > > > but nothing has been conclusively resolved last I checked. > > > > > > > > > > I saw your proposal. It's a good idea from POV to be conformant with > > > RFC8200 and avoid the PMTU problems, but the header insertion > > > proponents aren't going to like it at all. First, it means that the > > > source is in control of the insertion policy and host is required to > > > change-- no way they'll buy into that ;-). Secondly, if the scratch > > > space isn't used they'll undoubtedly claim that is unnecessary > > > overhead. > > > > > > Tom > > > > > > > As everyone probably knows, the draft-ietf-* documents are > > > > working-group-adopted documents (though final publication is never > > > > guaranteed). My current reading of 6man tea leaves is that neither > > > > "ICMP limits" and "MTU option" docs were terribly contentious. > > > > Whether code reorg is important for implementing these I'm not > > > > competent enough to say. > > > > > > --
sorry forgot to add the link for the public SRv6 deployment. https://tools.ietf.org/html/draft-matsushima-spring-srv6-deployment-status-04 On Sat, 4 Jan 2020 21:02:29 +0200 kernel Dev <ahabdels.dev@gmail.com> wrote: > Hi Tom, > > I wasn’t accusing anyone in my message. It is a personal opinion. > If my message was misunderstood, then please accept my apologies. > > Also SRv6 is not highly controversial and this is proven by its adoption rate and ecosystem. > I have never seen a highly controversial technology that has (in two years) at least 8 public deployments and is supported by 18 publicly known routing platforms from 8 different vendors. Also has support in the mainline of Linux kernel, FD.io VPP, Wireshark, tcpdump, iptables and nftables. > > If you are a network operator, would you deply a highly controversial technology in your network ? > > > On Sat, 4 Jan 2020 09:45:59 -0800 > Tom Herbert <tom@herbertland.com> wrote: > > > On Sat, Jan 4, 2020 at 12:05 AM kernel Dev <ahabdels.dev@gmail.com> wrote: > > > > > > Tom, > > > > > > I will not go into whether Tom or router vendors is right from IETF perspective as here is not the place to discuss. > > > > > > But it seems to me that the motivation behind these patches is just to pushback on the current IETF proposals. > > > > > Sorry, but that is completely untrue. The patches are a general > > improvement. The ability to allow modules to register handlers for > > options code points has nothing to do with "pushback on the current > > IETF protocols". This sort of registration is a mechanism used all > > over the place. Similarly, allowing non-priveledged users to send > > options is not for any specific protocol-- it is a *general* > > mechanism. > > > > > The patches timeline is completely aligned with when IETF threads get into tough discussions (May 2019, August 2019, and now). > > > > > Yes, discussion about new protocols in IETF tends to correlate with > > development and implementation of the protocols. That shouldn't > > surprise anyone. SRv6 for instance was highly controversial in IETF > > and yet the patches went in. > > > > > I’m not the one to decide, but IMO people should not add stuff to the kernel just to enforce their opinions on other mailers. > > > > I take exception with your insinuation. Seeing as how you might be new > > to Linux kernel development I will ignore it. But, in the future, I > > strongly suggest you be careful about accusing people about their > > motivations based solely on one interaction. > > > > Tom > > > > > > > > > > > > > On Fri, 3 Jan 2020 16:37:33 -0800 > > > Tom Herbert <tom@herbertland.com> wrote: > > > > > > > On Fri, Jan 3, 2020 at 3:53 PM Erik Kline <ek@loon.com> wrote: > > > > > > > > > > On Fri, 3 Jan 2020 at 15:49, Tom Herbert <tom@herbertland.com> wrote: > > > > > > > > > > > > On Fri, Jan 3, 2020 at 2:57 PM David Miller <davem@davemloft.net> wrote: > > > > > > > > > > > > > > From: Tom Herbert <tom@herbertland.com> > > > > > > > Date: Fri, 3 Jan 2020 14:31:58 -0800 > > > > > > > > > > > > > > > On Fri, Jan 3, 2020 at 12:45 PM David Miller <davem@davemloft.net> wrote: > > > > > > > >> > > > > > > > >> From: Tom Herbert <tom@herbertland.com> > > > > > > > >> Date: Fri, 3 Jan 2020 09:35:08 -0800 > > > > > > > >> > > > > > > > >> > The real way to combat this provide open implementation that > > > > > > > >> > demonstrates the correct use of the protocols and show that's more > > > > > > > >> > extensible and secure than these "hacks". > > > > > > > >> > > > > > > > >> Keep dreaming, this won't stop Cisco from doing whatever it wants to do. > > > > > > > > > > > > > > > > See QUIC. See TLS. See TCP fast open. See transport layer encryption. > > > > > > > > These are prime examples where we've steered the Internet from host > > > > > > > > protocols and implementation to successfully obsolete or at least work > > > > > > > > around protocol ossification that was perpetuated by router vendors. > > > > > > > > Cisco is not the Internet! > > > > > > > > > > > > > > Seriously, I wish you luck stopping the SRv6 header insertion stuff. > > > > > > > > > > > > > Dave, > > > > > > > > > > > > I agree we can't stop it, but maybe we can steer it to be at least > > > > > > palatable. There are valid use cases for extension header insertion. > > > > > > Ironically, SRv6 header insertion isn't one of them; the proponents > > > > > > have failed to offer even a single reason why the alternative of IPv6 > > > > > > encapsulation isn't sufficient (believe me, we've asked _many_ times > > > > > > for some justification and only get hand waving!). There are, however, > > > > > > some interesting uses cases like in IOAM where the operator would like > > > > > > to annotate packets as they traverse the network. Encapsulation is > > > > > > insufficient if they don't know what the end point would be or they > > > > > > don't want the annotation to change the path the packets take (versus > > > > > > those that aren't annotated). > > > > > > > > > > > > The salient problem with extension header insertion is lost of > > > > > > > > > > And the problems that can be introduced by changing the effective path MTU... > > > > > > > > > Eric, > > > > > > > > Yep, increasing the size of packet in transit potentially wreaks havoc > > > > on PMTU discovery, however I personally think that the issue might be > > > > overblown. We already have the same problem when tunneling is done in > > > > the network since most tunneling implementations and deployments just > > > > assume the operator has set large enough MTUs. As long as all the > > > > overhead inserted into the packet doesn't reduce the end host PMTU > > > > below 1280, PMTU discovery and probably even PTB for a packet with > > > > inserted headers still has right effect. > > > > > > > > > > attribution. It is fundamental in the IP protocol that the contents of > > > > > > a packet are attributed to the source host identified by the source > > > > > > address. If some intermediate node inserts an extension header that > > > > > > subsequently breaks the packet downstream then there is no obvious way > > > > > > to debug this. If an ICMP message is sent because of the receiving > > > > > > data, then receiving host can't do much with it; it's not the source > > > > > > of the data in error and nothing in the packet tells who the culprit > > > > > > is. The Cisco guys have at least conceded one point on SRv6 insertion > > > > > > due to pushback on this, their latest draft only does SRv6 insertion > > > > > > on packets that have already been encapsulated in IPIP on ingress into > > > > > > the domain. This is intended to at least restrict the modified packets > > > > > > to a controlled domain (I'm note sure if any implementations enforce > > > > > > this though). My proposal is to require an "attribution" HBH option > > > > > > that would clearly identify inserted data put in a packet by > > > > > > middleboxes (draft-herbert-6man-eh-attrib-00). This is a tradeoff to > > > > > > allow extension header insertion, but require protocol to give > > > > > > attribution and make it at least somewhat robust and manageable. > > > > > > > > > > > > Tom > > > > > > > > > > FWIW the SRv6 header insertion stuff is still under discussion in > > > > > spring wg (last I knew). I proposed one option that could be used to > > > > > > > > It's also under discussion in 6man. > > > > > > > > > avoid insertion (allow for extra scratch space > > > > > https://mailarchive.ietf.org/arch/msg/spring/UhThRTNxbHWNiMGgRi3U0SqLaDA), > > > > > but nothing has been conclusively resolved last I checked. > > > > > > > > > > > > > I saw your proposal. It's a good idea from POV to be conformant with > > > > RFC8200 and avoid the PMTU problems, but the header insertion > > > > proponents aren't going to like it at all. First, it means that the > > > > source is in control of the insertion policy and host is required to > > > > change-- no way they'll buy into that ;-). Secondly, if the scratch > > > > space isn't used they'll undoubtedly claim that is unnecessary > > > > overhead. > > > > > > > > Tom > > > > > > > > > As everyone probably knows, the draft-ietf-* documents are > > > > > working-group-adopted documents (though final publication is never > > > > > guaranteed). My current reading of 6man tea leaves is that neither > > > > > "ICMP limits" and "MTU option" docs were terribly contentious. > > > > > Whether code reorg is important for implementing these I'm not > > > > > competent enough to say. > > > > > > > > > -- > > > -- > kernel Dev <ahabdels.dev@gmail.com>
On Sat, Jan 4, 2020 at 11:02 AM kernel Dev <ahabdels.dev@gmail.com> wrote: > > Hi Tom, > > I wasn’t accusing anyone in my message. It is a personal opinion. > If my message was misunderstood, then please accept my apologies. > > Also SRv6 is not highly controversial and this is proven by its adoption rate and ecosystem. It was controversial in the five years it look to get to WGLC, and thanks to things like extension header insertion it will remain controversial. > I have never seen a highly controversial technology that has (in two years) at least 8 public deployments and is supported by 18 publicly known routing platforms from 8 different vendors. Also has support in the mainline of Linux kernel, FD.io VPP, Wireshark, tcpdump, iptables and nftables. > These support only support some subset of the protocol. For instance, SRv6 TLVs including HMAC TLV are defined in SRH, however only Linux claims to support them. However, the Linux implementation isn't protocol conformant: it doesn't support required padding options and just assumes HMAC is the one and only TLV. Previously, I've posted patches to fix that based on the generic parser in this patch set. Those original patches for fixing SRv6 would now be out of date since it was decided to change the PADN option type in SRv6 to be 5 instead of 1 thereby breaking compatibility with HBH and Destination Options. Seeing as how you seem interested in SRv6, it would be nice if you could look into fixing the SRv6 TLV implementation to be conformant (I can repost my original patches if that would help). Thanks, Tom > If you are a network operator, would you deply a highly controversial technology in your network ? > > > On Sat, 4 Jan 2020 09:45:59 -0800 > Tom Herbert <tom@herbertland.com> wrote: > > > On Sat, Jan 4, 2020 at 12:05 AM kernel Dev <ahabdels.dev@gmail.com> wrote: > > > > > > Tom, > > > > > > I will not go into whether Tom or router vendors is right from IETF perspective as here is not the place to discuss. > > > > > > But it seems to me that the motivation behind these patches is just to pushback on the current IETF proposals. > > > > > Sorry, but that is completely untrue. The patches are a general > > improvement. The ability to allow modules to register handlers for > > options code points has nothing to do with "pushback on the current > > IETF protocols". This sort of registration is a mechanism used all > > over the place. Similarly, allowing non-priveledged users to send > > options is not for any specific protocol-- it is a *general* > > mechanism. > > > > > The patches timeline is completely aligned with when IETF threads get into tough discussions (May 2019, August 2019, and now). > > > > > Yes, discussion about new protocols in IETF tends to correlate with > > development and implementation of the protocols. That shouldn't > > surprise anyone. SRv6 for instance was highly controversial in IETF > > and yet the patches went in. > > > > > I’m not the one to decide, but IMO people should not add stuff to the kernel just to enforce their opinions on other mailers. > > > > I take exception with your insinuation. Seeing as how you might be new > > to Linux kernel development I will ignore it. But, in the future, I > > strongly suggest you be careful about accusing people about their > > motivations based solely on one interaction. > > > > Tom > > > > > > > > > > > > > On Fri, 3 Jan 2020 16:37:33 -0800 > > > Tom Herbert <tom@herbertland.com> wrote: > > > > > > > On Fri, Jan 3, 2020 at 3:53 PM Erik Kline <ek@loon.com> wrote: > > > > > > > > > > On Fri, 3 Jan 2020 at 15:49, Tom Herbert <tom@herbertland.com> wrote: > > > > > > > > > > > > On Fri, Jan 3, 2020 at 2:57 PM David Miller <davem@davemloft.net> wrote: > > > > > > > > > > > > > > From: Tom Herbert <tom@herbertland.com> > > > > > > > Date: Fri, 3 Jan 2020 14:31:58 -0800 > > > > > > > > > > > > > > > On Fri, Jan 3, 2020 at 12:45 PM David Miller <davem@davemloft.net> wrote: > > > > > > > >> > > > > > > > >> From: Tom Herbert <tom@herbertland.com> > > > > > > > >> Date: Fri, 3 Jan 2020 09:35:08 -0800 > > > > > > > >> > > > > > > > >> > The real way to combat this provide open implementation that > > > > > > > >> > demonstrates the correct use of the protocols and show that's more > > > > > > > >> > extensible and secure than these "hacks". > > > > > > > >> > > > > > > > >> Keep dreaming, this won't stop Cisco from doing whatever it wants to do. > > > > > > > > > > > > > > > > See QUIC. See TLS. See TCP fast open. See transport layer encryption. > > > > > > > > These are prime examples where we've steered the Internet from host > > > > > > > > protocols and implementation to successfully obsolete or at least work > > > > > > > > around protocol ossification that was perpetuated by router vendors. > > > > > > > > Cisco is not the Internet! > > > > > > > > > > > > > > Seriously, I wish you luck stopping the SRv6 header insertion stuff. > > > > > > > > > > > > > Dave, > > > > > > > > > > > > I agree we can't stop it, but maybe we can steer it to be at least > > > > > > palatable. There are valid use cases for extension header insertion. > > > > > > Ironically, SRv6 header insertion isn't one of them; the proponents > > > > > > have failed to offer even a single reason why the alternative of IPv6 > > > > > > encapsulation isn't sufficient (believe me, we've asked _many_ times > > > > > > for some justification and only get hand waving!). There are, however, > > > > > > some interesting uses cases like in IOAM where the operator would like > > > > > > to annotate packets as they traverse the network. Encapsulation is > > > > > > insufficient if they don't know what the end point would be or they > > > > > > don't want the annotation to change the path the packets take (versus > > > > > > those that aren't annotated). > > > > > > > > > > > > The salient problem with extension header insertion is lost of > > > > > > > > > > And the problems that can be introduced by changing the effective path MTU... > > > > > > > > > Eric, > > > > > > > > Yep, increasing the size of packet in transit potentially wreaks havoc > > > > on PMTU discovery, however I personally think that the issue might be > > > > overblown. We already have the same problem when tunneling is done in > > > > the network since most tunneling implementations and deployments just > > > > assume the operator has set large enough MTUs. As long as all the > > > > overhead inserted into the packet doesn't reduce the end host PMTU > > > > below 1280, PMTU discovery and probably even PTB for a packet with > > > > inserted headers still has right effect. > > > > > > > > > > attribution. It is fundamental in the IP protocol that the contents of > > > > > > a packet are attributed to the source host identified by the source > > > > > > address. If some intermediate node inserts an extension header that > > > > > > subsequently breaks the packet downstream then there is no obvious way > > > > > > to debug this. If an ICMP message is sent because of the receiving > > > > > > data, then receiving host can't do much with it; it's not the source > > > > > > of the data in error and nothing in the packet tells who the culprit > > > > > > is. The Cisco guys have at least conceded one point on SRv6 insertion > > > > > > due to pushback on this, their latest draft only does SRv6 insertion > > > > > > on packets that have already been encapsulated in IPIP on ingress into > > > > > > the domain. This is intended to at least restrict the modified packets > > > > > > to a controlled domain (I'm note sure if any implementations enforce > > > > > > this though). My proposal is to require an "attribution" HBH option > > > > > > that would clearly identify inserted data put in a packet by > > > > > > middleboxes (draft-herbert-6man-eh-attrib-00). This is a tradeoff to > > > > > > allow extension header insertion, but require protocol to give > > > > > > attribution and make it at least somewhat robust and manageable. > > > > > > > > > > > > Tom > > > > > > > > > > FWIW the SRv6 header insertion stuff is still under discussion in > > > > > spring wg (last I knew). I proposed one option that could be used to > > > > > > > > It's also under discussion in 6man. > > > > > > > > > avoid insertion (allow for extra scratch space > > > > > https://mailarchive.ietf.org/arch/msg/spring/UhThRTNxbHWNiMGgRi3U0SqLaDA), > > > > > but nothing has been conclusively resolved last I checked. > > > > > > > > > > > > > I saw your proposal. It's a good idea from POV to be conformant with > > > > RFC8200 and avoid the PMTU problems, but the header insertion > > > > proponents aren't going to like it at all. First, it means that the > > > > source is in control of the insertion policy and host is required to > > > > change-- no way they'll buy into that ;-). Secondly, if the scratch > > > > space isn't used they'll undoubtedly claim that is unnecessary > > > > overhead. > > > > > > > > Tom > > > > > > > > > As everyone probably knows, the draft-ietf-* documents are > > > > > working-group-adopted documents (though final publication is never > > > > > guaranteed). My current reading of 6man tea leaves is that neither > > > > > "ICMP limits" and "MTU option" docs were terribly contentious. > > > > > Whether code reorg is important for implementing these I'm not > > > > > competent enough to say. > > > > > > > > > -- > > > -- > kernel Dev <ahabdels.dev@gmail.com>
On Sat, 4 Jan 2020 12:22:17 -0800 Tom Herbert <tom@herbertland.com> wrote: > On Sat, Jan 4, 2020 at 11:02 AM kernel Dev <ahabdels.dev@gmail.com> wrote: > > > > Hi Tom, > > > > I wasn’t accusing anyone in my message. It is a personal opinion. > > If my message was misunderstood, then please accept my apologies. > > > > Also SRv6 is not highly controversial and this is proven by its adoption rate and ecosystem. > > It was controversial in the five years it look to get to WGLC, and > thanks to things like extension header insertion it will remain > controversial. But it is not anymore :) > > > I have never seen a highly controversial technology that has (in two years) at least 8 public deployments and is supported by 18 publicly known routing platforms from 8 different vendors. Also has support in the mainline of Linux kernel, FD.io VPP, Wireshark, tcpdump, iptables and nftables. > > > > These support only support some subset of the protocol. For instance, > SRv6 TLVs including HMAC TLV are defined in SRH, however only Linux > claims to support them. However, the Linux implementation isn't > protocol conformant: it doesn't support required padding options and > just assumes HMAC is the one and only TLV. Previously, I've posted > patches to fix that based on the generic parser in this patch set. > Those original patches for fixing SRv6 would now be out of date since > it was decided to change the PADN option type in SRv6 to be 5 instead > of 1 thereby breaking compatibility with HBH and Destination Options. > Seeing as how you seem interested in SRv6, it would be nice if you > could look into fixing the SRv6 TLV implementation to be conformant (I > can repost my original patches if that would help). I’m ok and willing to contribute to add missing pieces of SRv6 to the Linux kernel. I was just not convinced with the idea of IPv4 extensions headers as we do not need to reinvent the wheel. We need IPv6 as we ran out of IPv4, and I believe SRv6 can handle most of IPv6 use-cases. > > Thanks, > Tom > > > > If you are a network operator, would you deply a highly controversial technology in your network ? > > > > > > On Sat, 4 Jan 2020 09:45:59 -0800 > > Tom Herbert <tom@herbertland.com> wrote: > > > > > On Sat, Jan 4, 2020 at 12:05 AM kernel Dev <ahabdels.dev@gmail.com> wrote: > > > > > > > > Tom, > > > > > > > > I will not go into whether Tom or router vendors is right from IETF perspective as here is not the place to discuss. > > > > > > > > But it seems to me that the motivation behind these patches is just to pushback on the current IETF proposals. > > > > > > > Sorry, but that is completely untrue. The patches are a general > > > improvement. The ability to allow modules to register handlers for > > > options code points has nothing to do with "pushback on the current > > > IETF protocols". This sort of registration is a mechanism used all > > > over the place. Similarly, allowing non-priveledged users to send > > > options is not for any specific protocol-- it is a *general* > > > mechanism. > > > > > > > The patches timeline is completely aligned with when IETF threads get into tough discussions (May 2019, August 2019, and now). > > > > > > > Yes, discussion about new protocols in IETF tends to correlate with > > > development and implementation of the protocols. That shouldn't > > > surprise anyone. SRv6 for instance was highly controversial in IETF > > > and yet the patches went in. > > > > > > > I’m not the one to decide, but IMO people should not add stuff to the kernel just to enforce their opinions on other mailers. > > > > > > I take exception with your insinuation. Seeing as how you might be new > > > to Linux kernel development I will ignore it. But, in the future, I > > > strongly suggest you be careful about accusing people about their > > > motivations based solely on one interaction. > > > > > > Tom > > > > > > > > > > > > > > > > > > On Fri, 3 Jan 2020 16:37:33 -0800 > > > > Tom Herbert <tom@herbertland.com> wrote: > > > > > > > > > On Fri, Jan 3, 2020 at 3:53 PM Erik Kline <ek@loon.com> wrote: > > > > > > > > > > > > On Fri, 3 Jan 2020 at 15:49, Tom Herbert <tom@herbertland.com> wrote: > > > > > > > > > > > > > > On Fri, Jan 3, 2020 at 2:57 PM David Miller <davem@davemloft.net> wrote: > > > > > > > > > > > > > > > > From: Tom Herbert <tom@herbertland.com> > > > > > > > > Date: Fri, 3 Jan 2020 14:31:58 -0800 > > > > > > > > > > > > > > > > > On Fri, Jan 3, 2020 at 12:45 PM David Miller <davem@davemloft.net> wrote: > > > > > > > > >> > > > > > > > > >> From: Tom Herbert <tom@herbertland.com> > > > > > > > > >> Date: Fri, 3 Jan 2020 09:35:08 -0800 > > > > > > > > >> > > > > > > > > >> > The real way to combat this provide open implementation that > > > > > > > > >> > demonstrates the correct use of the protocols and show that's more > > > > > > > > >> > extensible and secure than these "hacks". > > > > > > > > >> > > > > > > > > >> Keep dreaming, this won't stop Cisco from doing whatever it wants to do. > > > > > > > > > > > > > > > > > > See QUIC. See TLS. See TCP fast open. See transport layer encryption. > > > > > > > > > These are prime examples where we've steered the Internet from host > > > > > > > > > protocols and implementation to successfully obsolete or at least work > > > > > > > > > around protocol ossification that was perpetuated by router vendors. > > > > > > > > > Cisco is not the Internet! > > > > > > > > > > > > > > > > Seriously, I wish you luck stopping the SRv6 header insertion stuff. > > > > > > > > > > > > > > > Dave, > > > > > > > > > > > > > > I agree we can't stop it, but maybe we can steer it to be at least > > > > > > > palatable. There are valid use cases for extension header insertion. > > > > > > > Ironically, SRv6 header insertion isn't one of them; the proponents > > > > > > > have failed to offer even a single reason why the alternative of IPv6 > > > > > > > encapsulation isn't sufficient (believe me, we've asked _many_ times > > > > > > > for some justification and only get hand waving!). There are, however, > > > > > > > some interesting uses cases like in IOAM where the operator would like > > > > > > > to annotate packets as they traverse the network. Encapsulation is > > > > > > > insufficient if they don't know what the end point would be or they > > > > > > > don't want the annotation to change the path the packets take (versus > > > > > > > those that aren't annotated). > > > > > > > > > > > > > > The salient problem with extension header insertion is lost of > > > > > > > > > > > > And the problems that can be introduced by changing the effective path MTU... > > > > > > > > > > > Eric, > > > > > > > > > > Yep, increasing the size of packet in transit potentially wreaks havoc > > > > > on PMTU discovery, however I personally think that the issue might be > > > > > overblown. We already have the same problem when tunneling is done in > > > > > the network since most tunneling implementations and deployments just > > > > > assume the operator has set large enough MTUs. As long as all the > > > > > overhead inserted into the packet doesn't reduce the end host PMTU > > > > > below 1280, PMTU discovery and probably even PTB for a packet with > > > > > inserted headers still has right effect. > > > > > > > > > > > > attribution. It is fundamental in the IP protocol that the contents of > > > > > > > a packet are attributed to the source host identified by the source > > > > > > > address. If some intermediate node inserts an extension header that > > > > > > > subsequently breaks the packet downstream then there is no obvious way > > > > > > > to debug this. If an ICMP message is sent because of the receiving > > > > > > > data, then receiving host can't do much with it; it's not the source > > > > > > > of the data in error and nothing in the packet tells who the culprit > > > > > > > is. The Cisco guys have at least conceded one point on SRv6 insertion > > > > > > > due to pushback on this, their latest draft only does SRv6 insertion > > > > > > > on packets that have already been encapsulated in IPIP on ingress into > > > > > > > the domain. This is intended to at least restrict the modified packets > > > > > > > to a controlled domain (I'm note sure if any implementations enforce > > > > > > > this though). My proposal is to require an "attribution" HBH option > > > > > > > that would clearly identify inserted data put in a packet by > > > > > > > middleboxes (draft-herbert-6man-eh-attrib-00). This is a tradeoff to > > > > > > > allow extension header insertion, but require protocol to give > > > > > > > attribution and make it at least somewhat robust and manageable. > > > > > > > > > > > > > > Tom > > > > > > > > > > > > FWIW the SRv6 header insertion stuff is still under discussion in > > > > > > spring wg (last I knew). I proposed one option that could be used to > > > > > > > > > > It's also under discussion in 6man. > > > > > > > > > > > avoid insertion (allow for extra scratch space > > > > > > https://mailarchive.ietf.org/arch/msg/spring/UhThRTNxbHWNiMGgRi3U0SqLaDA), > > > > > > but nothing has been conclusively resolved last I checked. > > > > > > > > > > > > > > > > I saw your proposal. It's a good idea from POV to be conformant with > > > > > RFC8200 and avoid the PMTU problems, but the header insertion > > > > > proponents aren't going to like it at all. First, it means that the > > > > > source is in control of the insertion policy and host is required to > > > > > change-- no way they'll buy into that ;-). Secondly, if the scratch > > > > > space isn't used they'll undoubtedly claim that is unnecessary > > > > > overhead. > > > > > > > > > > Tom > > > > > > > > > > > As everyone probably knows, the draft-ietf-* documents are > > > > > > working-group-adopted documents (though final publication is never > > > > > > guaranteed). My current reading of 6man tea leaves is that neither > > > > > > "ICMP limits" and "MTU option" docs were terribly contentious. > > > > > > Whether code reorg is important for implementing these I'm not > > > > > > competent enough to say. > > > > > > > > > > > > -- > > > > > > -- > > kernel Dev <ahabdels.dev@gmail.com>