idnits 2.17.1 draft-peng-v6ops-hbh-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (October 12, 2020) is 1291 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: 'RFC6564' is mentioned on line 262, but not defined ** Obsolete normative reference: RFC 2460 (Obsoleted by RFC 8200) == Outdated reference: A later version (-17) exists of draft-ietf-6man-ipv6-alt-mark-01 == Outdated reference: A later version (-15) exists of draft-ietf-6man-mtu-option-03 == Outdated reference: A later version (-17) exists of draft-ietf-ippm-ioam-data-10 == Outdated reference: A later version (-12) exists of draft-ietf-ippm-ioam-ipv6-options-03 == Outdated reference: A later version (-01) exists of draft-li-6man-hbh-fwd-hdr-00 Summary: 1 error (**), 0 flaws (~~), 8 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group S. Peng 3 Internet-Draft Z. Li 4 Intended status: Informational Huawei Technologies 5 Expires: April 15, 2021 October 12, 2020 7 Processing of the Hop-by-Hop Options Header 8 draft-peng-v6ops-hbh-00 10 Abstract 12 This document describes the processing of the Hop-by-Hop Options 13 Header in today's routers in the aspects of standards specification, 14 common implementations, and default operations. This document 15 outlines the reasons why the Hop-by-Hop Options Header is rarely 16 utilized in current networks. In addition, this document describes 17 why the HBH could be used as a powerful mechanism allowing deployment 18 and operations of new services requiring a more optimized way to 19 leverage network resources of an infrastructure. The Hop-by-Hop 20 Options Header is taken into consideration as a valuable container 21 for carrying the information facilitating the introduction of new 22 services. The desired, and proposed, processing behavior of the HBH 23 and the migration strategies towards it are also suggested. 25 Requirements Language 27 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 28 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 29 document are to be interpreted as described in RFC 2119 [RFC2119]. 31 Status of This Memo 33 This Internet-Draft is submitted in full conformance with the 34 provisions of BCP 78 and BCP 79. 36 Internet-Drafts are working documents of the Internet Engineering 37 Task Force (IETF). Note that other groups may also distribute 38 working documents as Internet-Drafts. The list of current Internet- 39 Drafts is at https://datatracker.ietf.org/drafts/current/. 41 Internet-Drafts are draft documents valid for a maximum of six months 42 and may be updated, replaced, or obsoleted by other documents at any 43 time. It is inappropriate to use Internet-Drafts as reference 44 material or to cite them other than as "work in progress." 46 This Internet-Draft will expire on April 15, 2021. 48 Copyright Notice 50 Copyright (c) 2020 IETF Trust and the persons identified as the 51 document authors. All rights reserved. 53 This document is subject to BCP 78 and the IETF Trust's Legal 54 Provisions Relating to IETF Documents 55 (https://trustee.ietf.org/license-info) in effect on the date of 56 publication of this document. Please review these documents 57 carefully, as they describe your rights and restrictions with respect 58 to this document. Code Components extracted from this document must 59 include Simplified BSD License text as described in Section 4.e of 60 the Trust Legal Provisions and are provided without warranty as 61 described in the Simplified BSD License. 63 Table of Contents 65 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 66 2. Modern Router Architecture . . . . . . . . . . . . . . . . . 3 67 3. Specification of RFC8200 . . . . . . . . . . . . . . . . . . 4 68 4. Common Implementations . . . . . . . . . . . . . . . . . . . 5 69 4.1. Historical Reasons . . . . . . . . . . . . . . . . . . . 6 70 4.2. Consequences . . . . . . . . . . . . . . . . . . . . . . 6 71 5. Operators' typical processing . . . . . . . . . . . . . . . . 6 72 6. New Services . . . . . . . . . . . . . . . . . . . . . . . . 7 73 7. The desired processing behavior . . . . . . . . . . . . . . . 7 74 8. Migration strategies . . . . . . . . . . . . . . . . . . . . 8 75 9. Security Considerations . . . . . . . . . . . . . . . . . . . 9 76 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 77 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 78 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 79 12.1. Normative References . . . . . . . . . . . . . . . . . . 9 80 12.2. Informative References . . . . . . . . . . . . . . . . . 10 81 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 83 1. Introduction 85 Due to the historical reasons, such as incapable ASICs, limited IPv6 86 deployments and few service requirements, the current common 87 implementation on the processing of the Hop-by-Hop Options header 88 (HBH) is that the node will directly send the IPv6 packets with the 89 Hop-by-Hop Options header to the slow path (i.e. the control plane) 90 of the node. The option type of each option carried within the Hop- 91 by-Hop Options header will not even be examined before the packet is 92 sent to the slow path. Very often, such processing behavior is the 93 default configuration or, even worse, is the only behavior of the 94 ipv6 implementation of the node. 96 Such default processing behavior of the Hop-by-Hop Options header 97 could result in various unpleasant effects such as a risk of DoS 98 attack on the router control plane and inconsistent packet drops due 99 to rate limiting on the interface between the router control plane 100 and forwarding plane, which will impact the normal end-to-end IP 101 forwarding of the network services. 103 This actually introduced a circular problem: 105 -> An implementation problem caused HBH to become a DoS vector. 107 -> Because HBH is a DoS vector, network operators deployed ACLs that 108 discard packets containing HBH. 110 -> Because network operators deployed ACLs that discard packets 111 containing HBH, network designers stopped defining new HBH Options. 113 -> Because network designers stopped defining new HBH Options, the 114 community was not motivated to fix the implementation problem that 115 cause HBH to become a DoS vector. 117 The purpose of this draft is to break the cycle described above, 118 fixing the problem that caused HBH not actually being utilized in 119 operators' networks so to allow a better leverage of the HBH 120 capability. 122 Driven by the wide deployments of IPv6 and ever-emerging new 123 services, the Hop-by-Hop Options Header is taken as a valuable 124 container for carrying the information to facilitate these new 125 services. 127 This document suggests the desired processing behavior and the 128 migration strategies towards it. 130 2. Modern Router Architecture 132 Modern router architecture design maintains a strict separation of 133 the router control plane and its forwarding plane [RFC6192], as shown 134 in Figure 1. Either the control plane or the forwarding plane is 135 composed of both software and hardware, but each plane is responsible 136 for different functionalities. 138 +----------------+ 139 | Router Control | 140 | Plane | 141 +------+-+-------+ 142 | | 143 Interface Z 144 | | 145 +------+-+-------+ 146 | Forwarding | 147 Interface X ==[ Plane ]== Interface Y 148 +----------------+ 150 Figure 1. Modern Router Architecture 152 The router control plane supports routing and management functions, 153 handling packets destined to the device as well as building and 154 sending packets originated locally on the device, and also drives the 155 programming of the forwarding plane. The router control plane is 156 generally realized in software on general-purpose processors, and its 157 hardware is usually not optimized for high-speed packet handling. 158 Because of the wide range of functionality, it is more susceptible to 159 security vulnerabilities and a more likely a target for a DoS attack. 161 The forwarding plane is typically responsible for receiving a packet 162 on an incoming interface, performing a lookup to identify the 163 packet's next hop and determine the outgoing interface towards the 164 destination, and forwarding the packet out through the appropriate 165 outgoing interface. Typically, forwarding plane functionality is 166 realized in high-performance Application Specific Integrated Circuits 167 (ASICs) or Network Processors (NPs) that are capable of handling very 168 high packet rates. 170 The router control plane interfaces with its forwarding plane through 171 the Interface Z, as shown in the Figure 1, and the forwarding plane 172 connects to other network devices via Interfaces such as X and Y. 173 Since the router control plane is vulnerable to the DoS attack, 174 usually a traffic filtering mechanism is implemented on Interface Z 175 in order to block unwanted traffic. In order to protect the router 176 control plane, a rate-limit mechanism is always implemented on the 177 same interface. However, such rate limiting mechanism will always 178 cause inconsistent packet drops, which will impact the normal IP 179 forwarding. 181 3. Specification of RFC8200 183 [RFC8200] defines several IPv6 extension header types, including the 184 Hop-by-Hop (HBH) Options header. As specified in [RFC8200], the Hop- 185 by-Hop (HBH) Options header is used to carry optional information 186 that will be examined and processed by every node along a packet's 187 delivery path, and it is identified by a Next Header value of zero in 188 the IPv6 header. 190 The Hop-by-Hop (HBH) Options header contains the following fields: 192 -- Next Header: 8-bit selector, identifies the type of header 193 immediately following the Hop-by-Hop Options header. 195 -- Hdr Ext Len: 8-bit unsigned integer, the length of the Hop-by-Hop 196 Options header in 8-octet units, not including the first 8 octets. 198 -- Options: Variable-length field, of length such that the complete 199 Hop-by-Hop Options header is an integer multiple of 8 octets long. 201 The Hop-by-Hop (HBH) Options header carries a variable number of 202 "options" that are encoded in the format of type-length-value (TLV). 204 The highest-order two bits (i.e., the ACT bits) of the Option Type 205 specify the action that must be taken if the processing IPv6 node 206 does not recognize the Option Type. The third-highest-order bit 207 (i.e., the CHG bit) of the Option Type specifies whether or not the 208 Option Data of that option can change en route to the packet's final 209 destination. 211 While [RFC2460] required that all nodes must examine and process the 212 Hop-by-Hop Options header, with [RFC8200] it is expected that nodes 213 along a packet's delivery path only examine and process the Hop-by- 214 Hop Options header if explicitly configured to do so. It means that 215 the HBH processing behavior in a node depends on the configuration on 216 it. 218 However, in the current [RFC8200], there is no explicit specification 219 on the possible configurations. Therefore, the nodes may be 220 configured to ignore the Hop-by-Hop Options header, drop packets 221 containing a Hop-by-Hop Options header, or assign packets containing 222 a Hop-by-Hop Options header to a slow processing path [RFC8200]. 223 Because of these likely uncertain processing behaviors, new hop-by- 224 hop options are not recommended. 226 4. Common Implementations 228 In the current common implementations, once an IPv6 packet, with its 229 Next Header field set to 0, arrives at a node, it will be directly 230 sent to the slow path (i.e. the control plane) of the node. With 231 such implementation, the value of the Next Header field in the IPv6 232 header is the only trigger for the default processing behavior. The 233 option type of each option carried within the Hop-by-Hop Options 234 header will not even be examined before the packet is sent to the 235 slow path. 237 Very often, such processing behavior is the default configuration on 238 the node, which is embedded in the implementation and cannot be 239 changed or reconfigured. 241 4.1. Historical Reasons 243 When IPv6 was first implemented on high-speed routers, HBH options 244 were not yet well-understood and ASICs were not so capable as they 245 are today. So, early IPv6 implementations dispatched all packets 246 that contain HBH options to their slow path. 248 4.2. Consequences 250 Such implementation introduces a risk of a DoS attack on the control 251 plane of the node, and a large flow of IPv6 packets could congest the 252 slow path, causing other critical functions (incl. routing and 253 network management) that are executed on the control plane to fail. 254 Rate limiting mechanisms will cause inconsistent packet drops and 255 impact the normal end-to-end IP forwarding of the network services. 257 5. Operators' typical processing 259 To mitigate this DoS vulnerability, many operators deployed Access 260 Control Lists (ACLs) that discard all packets containing HBH Options. 262 [RFC6564] shows the Reports from the field indicating that some IP 263 routers deployed within the global Internet are configured either to 264 ignore or to drop packets having a hop-by-hop header. As stated in 265 [RFC7872], many network operators perceive HBH Options to be a breach 266 of the separation between the forwarding and control planes. 267 Therefore, several network operators configured their nodes so to 268 discard all packets containing the HBH Options Extension Header, 269 while others configured nodes to forward the packet but to ignore the 270 HBH Options. [RFC7045] also states that hop-by-hop options are not 271 handled by many high-speed routers or are processed only on a slow 272 path. 274 Due to such behaviors observed and described in these specifications, 275 new hop-by-hop options are not recommended in [RFC8200] hence the 276 usability of HBH options is severely limited. 278 6. New Services 280 As IPv6 is being rapidly and widely deployed worldwide, more and more 281 applications and network services are migrating to or directly 282 adopting IPv6. More and more new services that require HBH are 283 emerging and the HBH Options header is going to be utilized by the 284 new services in various scenarios. 286 In-situ OAM with IPv6 encapsulation [I-D.ietf-ippm-ioam-ipv6-options] 287 is one of the examples. IOAM in IPv6 is used to enhance diagnostics 288 of IPv6 networks and complements other mechanisms, such as the IPv6 289 Performance and Diagnostic Metrics Destination Option described in 290 [RFC8250]. The IOAM data fields are encapsulated in "option data" 291 fields of the Hop-by-Hop Options header if Pre-allocated Tracing 292 Option, Incremental Tracing Option, or Proof of Transit Option are 293 carried [I-D.ietf-ippm-ioam-data], that is, the IOAM performs per 294 hop. 296 Alternate Marking Method can be used as the passive performance 297 measurement tool in an IPv6 domain. The AltMark Option is defined as 298 a new IPv6 extension header option to encode alternate marking 299 technique and Hop-by-Hop Options Header is considered 300 [I-D.ietf-6man-ipv6-alt-mark]. 302 The Minimum Path MTU Hop-by-Hop Option is defined in 303 [I-D.ietf-6man-mtu-option] to record the minimum Path MTU along the 304 forward path between a source host to a destination host. This Hop- 305 by-Hop option is intended to be used in environments like Data 306 Centers and on paths between Data Centers as well as other 307 environments including the general Internet. It provides a useful 308 tool for allowing to better take advantage of paths able to support a 309 large Path MTU. 311 As more services start utilizing the HBH Options header, more packets 312 containing HBH Options are going to be injected into the networks. 313 According to the current common configuration in most network 314 deployments, all the packets of the new services are going to be sent 315 to the control plane of the nodes, with the possible consequence of 316 causing a DoS effect on the control plane. The packets will be 317 dropped and the normal IP forwarding may be severely impacted. The 318 deployment of new network services involving multi-vendor 319 interoperability will become impossible. 321 7. The desired processing behavior 323 The HBH Options actually contain information for the use of the 324 forwarding plane and the control plane of the nodes, respectively. 326 They can be categorized into HBH Forwarding Options and HBH Control 327 Options [I-D.li-6man-hbh-fwd-hdr]. 329 It is suggested to separate the two types of HBH options and carry 330 them in different packets since generally they serve for different 331 purposes and require different processing procedures on a node. The 332 packets carrying the HBH Forwarding Options are supposed to be 333 maintained in the forwarding plane rather than being directly sent up 334 to the control plane. While the packets carrying the HBH Control 335 Options are supposed to be sent to the control plane. 337 If the IPv6 extension header including the HBH options header of a 338 packet cannot be recognized by the node, or the option in the HBH 339 header is unknown to the node, and the node is not the destination of 340 the packet, the packet should not be dropped or sent to the control 341 plane, rather this unrecognized extension header should be skipped 342 and the rest of the packet should be processed. 344 8. Migration strategies 346 In order to achieve the desired processing behavior of the HBH 347 options header and facilitate the ever-emerging new services to be 348 deployed in operators' networks across multiple vendors' devices, the 349 migration can happen in three parts as described below: 351 1. The source of the HBH options header encapsulation. 353 The information to be carried in the HBH options header needs to be 354 first categorized and encapsulated into either control options or 355 forwarding options, and then encapsulated in different packets. 357 2. The nodes within the network. 359 The nodes are updated to the proposed behavior introduced in the 360 previous section. 362 3. The edge node of the network. 364 The edge node should check whether the packet contains a HBH header 365 with control or forwarding option. Packet with a control option may 366 still be filtered and dropped while packets with forwarding option 367 should be allowed by the ACL. 369 If it is certain that there is no harm that can be introduced by the 370 HBH options to the nodes and the services, they can also be allowed. 372 9. Security Considerations 374 It is the same as the Security Considerations in [RFC8200] for the 375 part related with the HBH Options header. 377 10. IANA Considerations 379 This document does not include an IANA request. 381 11. Acknowledgements 383 The authors would like to acknowledge Ron Bonica and Stefano Previdi 384 for their valuable review and comments. 386 12. References 388 12.1. Normative References 390 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 391 Requirement Levels", BCP 14, RFC 2119, 392 DOI 10.17487/RFC2119, March 1997, 393 . 395 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 396 (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, 397 December 1998, . 399 [RFC6192] Dugal, D., Pignataro, C., and R. Dunn, "Protecting the 400 Router Control Plane", RFC 6192, DOI 10.17487/RFC6192, 401 March 2011, . 403 [RFC7045] Carpenter, B. and S. Jiang, "Transmission and Processing 404 of IPv6 Extension Headers", RFC 7045, 405 DOI 10.17487/RFC7045, December 2013, 406 . 408 [RFC7872] Gont, F., Linkova, J., Chown, T., and W. Liu, 409 "Observations on the Dropping of Packets with IPv6 410 Extension Headers in the Real World", RFC 7872, 411 DOI 10.17487/RFC7872, June 2016, 412 . 414 [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 415 (IPv6) Specification", STD 86, RFC 8200, 416 DOI 10.17487/RFC8200, July 2017, 417 . 419 12.2. Informative References 421 [I-D.ietf-6man-ipv6-alt-mark] 422 Fioccola, G., Zhou, T., Cociglio, M., Qin, F., and R. 423 Pang, "IPv6 Application of the Alternate Marking Method", 424 draft-ietf-6man-ipv6-alt-mark-01 (work in progress), June 425 2020. 427 [I-D.ietf-6man-mtu-option] 428 Hinden, R. and G. Fairhurst, "IPv6 Minimum Path MTU Hop- 429 by-Hop Option", draft-ietf-6man-mtu-option-03 (work in 430 progress), September 2020. 432 [I-D.ietf-ippm-ioam-data] 433 Brockners, F., Bhandari, S., and T. Mizrahi, "Data Fields 434 for In-situ OAM", draft-ietf-ippm-ioam-data-10 (work in 435 progress), July 2020. 437 [I-D.ietf-ippm-ioam-ipv6-options] 438 Bhandari, S., Brockners, F., Pignataro, C., Gredler, H., 439 Leddy, J., Youell, S., Mizrahi, T., Kfir, A., Gafni, B., 440 Lapukhov, P., Spiegel, M., Krishnan, S., Asati, R., and M. 441 Smith, "In-situ OAM IPv6 Options", draft-ietf-ippm-ioam- 442 ipv6-options-03 (work in progress), September 2020. 444 [I-D.li-6man-hbh-fwd-hdr] 445 Li, Z. and S. Peng, "Hop-by-Hop Forwarding Options 446 Header", draft-li-6man-hbh-fwd-hdr-00 (work in progress), 447 July 2020. 449 [RFC8250] Elkins, N., Hamilton, R., and M. Ackermann, "IPv6 450 Performance and Diagnostic Metrics (PDM) Destination 451 Option", RFC 8250, DOI 10.17487/RFC8250, September 2017, 452 . 454 Authors' Addresses 456 Shuping Peng 457 Huawei Technologies 458 Beijing 100095 459 China 461 Email: pengshuping@huawei.com 462 Zhenbin Li 463 Huawei Technologies 464 Beijing 100095 465 China 467 Email: lizhenbin@huawei.com