On 2018-12-07 11:02, Nick Hilliard wrote:
> Brian E Carpenter wrote on 06/12/2018 20:35:
>> But there's a preliminary question: how widely is the flow label set
>> by sending hosts? The answer is: widely, by modern o/s releases. But not
>> much, by legacy o/s releases.
>
> more to the point, if you were going to implement a forwarding device,
> do you depend solely on the flow label?
>
> This gives end-user device control over the hashing path on a purely
> discretionary basis. I.e. and end user can change the flow label and
> consequently make their own decisions about which network path to use,
> without affecting any other transmission characteristic of the network
> flow, e.g. port numbers, IP addresses, etc.
Well, ECMP would be based on the {dest, srce, flow_label} 3-tuple so
it's only the layer 4+ info that's missing. That will be missing anyway
when encryption takes over. And any source that plays silly games
with the flow label will damage its own users more than it damages
the network.
> Operationally, flow labels can cause grief. APNIC had a blog posting on
> this a while back
>
> https://blog.apnic.net/2018/01/11/ipv6-flow-label-misuse-hashing/
By Joel J, who generally knows what he's talking about.
"By in large, this flow label changing behaviour has been traced to IPv6 supporting CPE/firewalls, which change the flow label between the initial syn and the ack."
Broken middleboxes can prevent anything from working properly.
> Most devices allow the operator to selectively use flow labels as an
> entropy source for hashing.
And that's progress. Again, the flow label is a long-term play that
will become more important as encryption becomes more of a factor.
Brian
