Comments on Nalini et al's IPv6 EHs presentation

Fernando Gont fgont at si6networks.com
Tue Jul 26 13:10:57 UTC 2022 

Hi,

On 26/7/22 09:22, Ana C. Custura wrote:
> Hi,
> 
> Adding to Fernando's comments, as I've also done my fair share of IPv6 extension header measurements:
> 
> On Tue, Jul 26, 2022, at 4:25 AM, Fernando Gont wrote:
> 
>>
>> * Nalini et al's measurements seem to be from one specific point in the
>>     network topology, to a very small subset of destination endpoints.
>>     If anything, the results may indicate that EHs do work on some
>>     specific paths (we knew they do), but certainly is not an indication
>>     that they are usable on the public Internet -- i.e., think of
>>     statistical significance of the measurements, so to speak.
> 
> The measurements done in 2020 at the University of Aberdeen agree with Nalini's data.
> For Destination options, we found  50% of destinations (authoritative NS servers for the Alexa Top 1M domain) respond to a DNS query sent using an IPv6 Destination option, and where they don't, the drops happen close to the destination network and *not* in the Internet core - this was for 20K targets * 4 vantage points.

But, IIRC, Nalini's results were way more optimistic than that!

OTOH, the numbers you refer to seem to be in line with those in RFC7872....


>> * Not sure why Nalini refers to other measurements employing "fake
>>     data"/crafted packets. At the end of the day, From the pov of the
>>     network, PDM option looks probably like an unsupported option anyway.
>>     Whereas, on the other hand, we (RFC7872) employed PadN, which is way
>>     more likely t be supported than PDM.
> 
> +1  - in our measurements we use PadN options, which indeed we craft then add to a raw socket expecting the correct type of header -  the resulting packets are valid PadN, recongnised by wireshark etc. In fact, this approach is flexible as it also allows you to send intentionally malformed packets to infer which fields are inspected by routers on the path.
> What we found is that an unrecognized option (i.e., using the option defined in https://datatracker.ietf.org/doc/draft-ietf-6man-mtu-option/) has, for Destination Options, the same traversability as PadN. However, using an invalid length for the header will result in very high drops.

Same for longer headers --- i.e., the longer the IPv6  header chain, the 
higher the drop probability.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

More information about the Iepg mailing list