> [Senthil] In order to get to the port numbers you would still have to > traverse the extension headers and in the process you would identify the > protocol too, isnt that right?
Oh my yes! How embarassing, but it makes the problem even worse. Regards Brian Carpenter On 2010-04-15 10:42, Senthil Sivakumar (ssenthil) wrote: > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Brian E Carpenter > Sent: Wednesday, April 14, 2010 6:26 PM > To: 6man > Cc: Nevil Brownlee > Subject: Extracting the 5-tuple from IPv6 packets > > Hi, > > Common practice in network monitoring and in QoS technologies is to > identify a flow of packets by the 5-tuple {source address, dest address, > source port, dest port, protocol #}. > This is relatively trivial at line speed in IPv4 since these things are > at fixed locations in the header. But in IPv6, the protocol number is at > the end of a linked list of "next headers." Even if the normal case is > only one item in the linked list, any implementation (hardware or > software) that extracts the 5-tuple has to follow the linked list to the > end. > > As Mark Smith said in relation to draft-carpenter-6man-flow-update-02 > >>> Secondly, for IPv6 packets with a number of extension headers before >>> the transport layer header, I think this rule could impact forwarding > >>> performance. While I'm not sure if it is that practical, however it'd > >>> be good if flow classification could be done using only fixed headers > >>> in the IPv6 packet, or a fixed portion of the fixed header bits. > > The problem is, only the protocol number is diagnostic of an individual > flow. The earlier next headers are not guaranteed to be the same for all > packets in a transport session, and they might be the same for packets > in different transport sessions between the same two hosts. > > So it seems to me that we are stuck with identifying IPv6 flows by the > 5-tuple, even though it means following the linked list to the end. Or > we can forget about identifying individual transport flows, and identify > all traffic between the same two hosts via the 4-tuple {source address, > dest address, source port, dest port}. > > [Senthil] In order to get to the port numbers you would still have to > traverse the extension headers and in the process you would identify the > protocol too, isnt that right? > > Or we can strongly recommend that all hosts set the flow label, so that > we can use the 3-tuple {source address, dest address, flow label}. > > [Senthil] That would be very useful if we can achieve that. > > Senthil > > What do people think? > > -- > Regards > Brian Carpenter > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > [email protected] > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
