On Fri, Feb 19, 2021 at 10:09 PM Fernando Gont <fgont@xxxxxxxxxxxxxxx> wrote: > > Hi, Tom, > > On 19/2/21 18:13, Tom Herbert wrote: > [....]>> xor add this: > >> > >> [RFC7098] discusses how the IPv6 FLow Label can used to enhance layer > >> 3/4 (L3/4) load distribution and balancing for large server farms. > >> > >> right after: > >> Thus, ECMP and Hash-based Load- > >> Sharing should be possible without the need to process the entire > >> IPv6 header chain to obtain upper-layer information to identify > >> flows. > >> > > I don't why this is only a "should". > > This is not a requirement. We're mostly indicating possibility. > > > > Hashing of three tuple for load > > balancing works as described as evident by the fact it is in wide > > deployment (consider it's been in Linux stack for it's internal load > > balancing for several years and there's now over a billion devices in > > the world that do this). > > LB based on the FL relies on: > * Appropriate implementation of the FL > * Use of the FL in load balancers > > There has been (and still is) an interesting mix of cases where one or > both of this simply do not happen. Fernando, On the other hand, there are use cases where it does work and is in deployment; in fact, there are use cases where it's the *only* way to do in flow classification on packets. The implicit requirement of this draft here is that packets have port numbers in plain text, however that is not possible in no-first fragments, tunnel mode IPsec, tunnling protocols the routers don't understand, etc. With regards to extension headers, the presumed problem isn't that the port numbers are present, it's that some, not all, routers have limited capabilities to parse over EHs to find the transport headers. This is reflected in the statement: "If an IPv6 header chain is sufficiently long that it exceeds the packet look-up capacity of the router, the router might be unable to determine how the packet should be handled, and thus could resort to dropping the packet." It's not to me clear what "sufficiently long" means; in particular, such a statement isn't helpful to the host stack developer trying to figure out if the packets they're creating will be properly forwarded. For the purpose of providing use guidance to the host stack developers, can you please clarify exactly what "sufficiently long" is? For instance, is it reasonable to expect that modern routers should be able forward packets that contain sixty-four bytes of Destination Options, or Routing Header, or HBH Options? Note that RFC8504 and RFC8883 do discuss processing limits being exceeded in terms of the protocol considerations (in fact, RFC8504 recommends a specific default limits on the maximum number of HBH and DestOpt options a host will process in order to mitigate the "DoS due to processing requirements" issue raised in 7.4 of this draft). Tom > > See e.g.: https://blog.apnic.net/2018/01/11/ipv6-flow-label-misuse-hashing/ > > We're just the messenger here.... > > Thanks, > -- > Fernando Gont > SI6 Networks > e-mail: fgont@xxxxxxxxxxxxxxx > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 > > > > -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
