RE: IPv6 Anycast has been killed by LINUX patch in 2016 - who cares?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Jeff,

Thanks. The article is good. But the reference of Brian to RFC 7094 is better, because it is RFC (more formal). No one should assume that Flow Label would stay constant.

Hence, FlowLabel is a misleading name. It is the ”random changing seed” in reality that is enough for load equalization on the ECMP.

It could abruptly change latency by jumping to the different path.

Eduard

From: ietf [mailto:ietf-bounces@xxxxxxxx] On Behalf Of Jeff Tantsura
Sent: Wednesday, August 4, 2021 3:08 AM
To: Töma Gavrichenkov <ximaera@xxxxxxxxx>
Cc: Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx>; IETF Rinse Repeat <ietf@xxxxxxxx>
Subject: Re: IPv6 Anycast has been killed by LINUX patch in 2016 - who cares?

 

Eduard,

 

The reports about IPv6 anycast death are greatly exaggerated ;-)

 

The issue is well know, e.g. - IPv6 flow label: misuse in hashing | APNIC Blog

 

Don't forget that flow hashing is a local decision that could be influenced by configuration/capabilities.Relying on constant (sticky) hashing is unhealthy and error prone, when other keys, such as index-ingress-port are used, this is completely unpredictable.

Flow label based hashing is default by default on/off as per vendor/release.

Stateless anycast is not affected by flow label changes as well as statefull services that use OOB sync (think public cloud).

Interesting point - this could affect IPv4 in host based overlays cases. e.g. the value of UDP source port in VXLAN/Geneve header. (skb->hash used for UDP source port)

 

 

On Tue, Aug 3, 2021 at 11:56 AM Töma Gavrichenkov <ximaera@xxxxxxxxx> wrote:

Peace,

On Tue, Aug 3, 2021, 8:54 PM Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote:

It would not make me in the least bit sad if ANYCAST TCP doesn't work because I don't think it should. 

 

TCP over ANYCAST is crossing the streams. Not surprised it doesn't work and see no reason to change that.

 

Does that imply that you believe no TCP-based protocol deserves protection from DDoS attacks?  Because anycast is ultimately the one and the only basement for that protection.

 

--

Töma


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux