Re: [Int-area] Start of WGLC for draft-ietf-intarea-gre-ipv6

[Stewart Bryant]

Isn't systematic rather than random corruption more likely?

Stewart

On 31/03/2015 23:04, Ronald Bonica wrote:

Lucy, David,

The proposed text says that outcome 3c) is unacceptable but highly unlikely. For example, assume the following:

-That an IPv6 address is assigned to every milligram of matter on earth, including every drop of water. (2**95 IPv6 addresses are assigned)

-That every minute, the destination address on a delivery packet is corrupted

-The pattern of corruption is random

Every time a destination address is corrupted, the odds are 1 / 8,589,934,592 that the result will be an assigned address. This should happen one ever 16, 331 years.

Now, assume that only 1% of those of those 2**95 IPv6 addresses are configured on devices that de-encapsulate GRE. In this case, outcomes 3a), 3b) and 3c) will occur only once every 1,633,100 years!

So, practically speaking, we don’t have much to worry about. But for the purposes of the pedantry, we may need to say that GRE over IPv6 is only practical when operators can deal with that risk.

David, what is the minimum text that we can import to satisfy the requirement.

Ron

*From:* Lucy yong [mailto:lucy.y...@huawei.com]
*Sent:* Tuesday, March 31, 2015 3:21 PM
*To:* Ronald Bonica; Black, David; int-area@ietf.org; i...@ietf.org
*Cc:* draft-ietf-intarea-gre-i...@tools.ietf.org; intarea-cha...@ietf.org
*Subject:* RE: Start of WGLC for draft-ietf-intarea-gre-ipv6

Hi Ron,

3c) may happen for a VPN or non-VPN case. The payload can be in non-IPv6 space. Is “Outcome 3c) is not acceptable, but it extremely unlikely.” for particular network/usage in your mind?

Is the goal here to prove such corruption is acceptable or extreme unlikely?

Regards,

Lucy

*From:*Int-area [mailto:int-area-boun...@ietf.org] *On Behalf Of *Ronald Bonica

*Sent:* Tuesday, March 31, 2015 1:43 PM

*To:* Black, David; int-area@ietf.org <mailto:int-area@ietf.org>; i...@ietf.org <mailto:i...@ietf.org> *Cc:* draft-ietf-intarea-gre-i...@tools.ietf.org <mailto:draft-ietf-intarea-gre-i...@tools.ietf.org>; intarea-cha...@ietf.org <mailto:intarea-cha...@ietf.org>

*Subject:* Re: [Int-area] Start of WGLC for draft-ietf-intarea-gre-ipv6

Resend…

*From:* Ronald Bonica
*Sent:* Tuesday, March 31, 2015 2:23 PM

*To:* 'Black, David'; int-area@ietf.org <mailto:int-area@ietf.org>; i...@ietf.org <mailto:i...@ietf.org> *Cc:* draft-ietf-intarea-gre-i...@tools.ietf.org <mailto:draft-ietf-intarea-gre-i...@tools.ietf.org>; intarea-cha...@ietf.org <mailto:intarea-cha...@ietf.org>

*Subject:* RE: Start of WGLC for draft-ietf-intarea-gre-ipv6

David, Lucy,

You are correct.  Maybe the following text will address the issue:

OLD>

   Because the IPv6 delivery header does not include a checksum of its

   own, it is subject to corruption.  However, even if the delivery

   header is corrupted, to likelihood of that corruption resulting in

misdelivery of the payload is extremely low.

<OLD

NEW>

   Because the IPv6 delivery header does not include a checksum of its

   own,  the destination address in the delivery header is subject to

corruption. If the destination address in the deliver header is corrupted,

   the following outcomes are possible:

1)The delivery packet is dropped because the new destination address is unreachable

2)The delivery packet is dropped because the new destination address is reachable, but that node is not configured to process GRE delivery packets from the ingress

3)The delivery packet is processed by a GRE egress other than that which was originally specified by the GRE ingress. Processing options are:

a.The payload packet is dropped because the payload destination is unreachable from the node that processed the delivery packet

b.The payload packet is delivered to its intended destination

c.The payload packet is erroneously delivered to a node other than its intended destination. The intended destination and the node to which the payload is actually delivered are numbered identically, but reside in different VPNs.

Outcomes 1), 2), 3a) and 3b) are acceptable. Outcome 3c) is not acceptable, but it extremely unlikely. Because IPv6 address space is so large and so sparsely populated, outcome 1) is by far the most probable. Therefore, the combined likelihood of all acceptable outcomes by far exceeds the likelihood of the one unacceptable outcome.

Furthermore, even if the payload is erroneously delivered to a node other than its intended destination, that node will discard the packet if the payload is also corrupted or if there are no applications waiting to consume the packet.

<NEW

Ron

*From:* Black, David [mailto:david.bl...@emc.com]
*Sent:* Monday, March 30, 2015 7:48 PM

*To:* Ronald Bonica; int-area@ietf.org <mailto:int-area@ietf.org>; i...@ietf.org <mailto:i...@ietf.org> *Cc:* draft-ietf-intarea-gre-i...@tools.ietf.org <mailto:draft-ietf-intarea-gre-i...@tools.ietf.org>; intarea-cha...@ietf.org <mailto:intarea-cha...@ietf.org>; Black, David

*Subject:* RE: Start of WGLC for draft-ietf-intarea-gre-ipv6

> Also, why would you object to 3b? The packet ends up at the right node, just via an unexpected route.

That assertion is based on the assumption that the payload destination address is worldwide unique.

There are lots of counterexamples that void the assumption, e.g., 10.0.0.0/8.

Thanks,
--David



_______________________________________________
Int-area mailing list
Int-area@ietf.org
https://www.ietf.org/mailman/listinfo/int-area

--
For corporate legal information go to:

http://www.cisco.com/web/about/doing_business/legal/cri/index.html


_______________________________________________
Int-area mailing list
Int-area@ietf.org
https://www.ietf.org/mailman/listinfo/int-area