Internet Engineering Task Force 110, 9 Mar 2021

Previous Meeting Next Meeting

⏯

youtube image

►

From YouTube: IETF110-V6OPS-20210309-1600

Description

V6OPS meeting session at IETF110
2021/03/09 1600

https://datatracker.ietf.org/meeting/110/proceedings/

A

Yeah we should start um it's now, the top of the hour and.

A

Welcome to v6 ops, so ron is displaying the note well, and so, if you, if this is new to you, please note. Well, we have a uh a note taker, that's chuping uh and thank you shipping for for taking notes for us. We don't have a jabber scribe and I note that there's at least one person who's uh following us by jabber.

A

So um if somebody would please open, jabber and and act as a jabber scribe, I'd appreciate that, but we have at least two on java, okay, so now moving ahead uh ron, you want to show the.

A

A

A

A

Okay, there we go okay, so we have um a relatively short agenda this time uh compared to some that we've had um the iatf 109 meeting was pretty well jammed, um which was unfortunate, but so ron- and I have a few comments on chatter, regarding ipv6 in the itf and then we have four talks.

A

The first one um relates to a hop by hop options, header which is being discussed in six man. The question there is basically whether uh v6 ops has any uh input to six man that that that might be useful. um We have a talk on deployment status, um a talk basically imported from tcpm.

A

They would like to talk about something that linux is doing with the tcpm float. Labels are the flow label, ipv6 flow labels in a linux environment, and then fernando is going to talk about the addressing considerations document that he's got up and which has been under discussion um so ron uh could could we look at the chairs comments slides here?

A

We go okay, so ron- and I were talking over the weekend and um had a few thoughts on the chatter about ipv6 that we hear in the ietf and which, which is frankly kind of disturbing, um especially in the context of deployment in the great wide world, the world outside of uh europe and north america.

A

um When we had a talk at itf 109 from reliance giles or from a gentleman from reliance giles, and he came back to ron and I after the thing was over and said, could we please just take all of the class e space and make it available as ipv4, because I need it um that has been discussed before and actually there is a current discussion of that going on on nano for those of you that are on the nano list?

A

um Okay, so ron, I had a slide. Please.

A

Okay, if we look at ipv6 demand, um there's a lot of demand and we're essentially out of addresses- um and we see proposals like the one- that's being discussed on nanog right now um and also frequently frequent proposals to take space that was allocated to uh us military or other people in the distant past and which is not advertised on the internet and you know, could we please use that as uh private space or reallocate it to somebody and the problem with both of those ideas is- and we had this we've had this discussion before and let me just repeat it that it's a band-aid, it solves the current problem in the sense of extending the life of ipv4 for a week a month, uh basically until it gets gets used up, but it doesn't really address exhaustion next slide.

A

A

Okay, now, if I look at ipv6 traffic and in in this I'm using a tool that was put up by eric bank and in this particular case uses google data, you can also get the ap nec and akamai data and there's other people that put data about internet accesses on the web.

A

um I made this slide yesterday, so this is, as of yesterday, um google indicates that 77 countries are using native ipv6 for greater than five percent of their accesses to google services. um Now. Obviously, that means that there are some that are kind of just getting started.

A

uh There are a few that uh google actually sees more ipv6 than it sees ipv4, um and you know, and and the vast number in between um in doing this, I there's I don't know an interesting um difference between uh sources, google and akamai.

A

If you ask them what they see, they're talking primarily about accesses to their cdms, if you ask ap nick you're talking about traffic that actually went over the internet backbone.

A

So when somebody uses ipv4 or ipv6 to communicate what that means is that both they and the entire path of equipment in between the two endpoints are running ipv6, and this tells me tells me that we have actually pretty wide deployment next slide. Please.

A

Now this is a slide that I pulled out of a deck that that I built two years ago, so the numbers are a little bit out of date, uh but a uh a central american country wanted to build a greenfield network, basically as an enron, um and they had a proposal. They had multiple proposals to build it using ipv4 and they had at least one proposal uh to build it as an ipv6 network um and in looking at the cost of doing those.

A

You know, quite apart from equipment and software and actual services of running wires around or fiber or whatever would be involved.

A

Looking just at the cost of the addresses.

A

Building that network using ipv4 would cost them multiple tens of millions of dollars, uh building it out of ipv6 cost twenty one hundred dollars annually as of two years ago. It may have changed since then um and point being that uh you know I went whenever I'm talking with somebody about ipv sex. They say, what's the business case to me, uh this looks amazingly like a business case. uh It costs less money. You can save an awful lot of money by running ipv6 next slide.

A

In the ietf, the chatter isn't about uh using ipv6 in networks. The chatter primarily seems to be about using it as an underlay technology, a drop-in replacement for for mpls.

A

We don't hear too much in the ipv6 about using in the ietf about using ipv6 as an overlay technology as uh communication between endpoints, um it's mentioned in internet drafts and in some cases under duress, but uh the big chatter seems to be about source routing, srv sex.

A

A

So ron and I have a question um kind of about ietf discussions and the chatter.

A

Ipv6 in the overlay was uh instituted in the early 1990s to address address shortage, in fact that there aren't enough addresses around in ipv4 to do the job.

A

Now we see ipv6 and the overlay in isp, residential and other networks, and we see its utility in some applications like web browsers and such we don't usually see it in enterprise networks and.

A

It isn't universally in uh applications, and it's not obvious how ipv6 in the underlay addresses the problem of address-based scarcity for developing countries for people that are looking for address space, um and so the question that ron and I found ourselves asking ourselves is: are we collectively doing something wrong?

A

um Now, I'm not going to throw open the floor to uh discussion primarily because I think a lot of this will come up about two talks from now uh and we can discuss it on the web on the mailing list as well. um But something I would like us to think about is: are we the ietf doing something wrong in our discussion of ipv sex and ipv6 deployment.

A

So so ron, let's move to the first talk.

A

Vector meeting materials.

B

B

I mean what, if you go to pt and then like, if the insurance companies would say the pt people would never stand.

B

C

I had to go down.

A

um Okay and uh gyan mishra, I believe you were going to present on this.

D

Yes, yeah hi, so this is uh gion mishra with verizon, so I will be presenting a processing of popeye hop options. Header next.

D

Slide all right, thank you, so motivations, so the hph options. Header is a valuable container, facilitating new services. um So the hop I have uh processing behavior is very it's very desirable. It's something! That's you know that I think overall, I think in the industry and we're seeing a lot more. I think new features uh such as second routing and others that are now starting, you know or other I guess flavors.

D

I guess a web and others all mark pm2d that are wanting to look at using um and taking advantage of the extension header capabilities with a you know and utilizing hbh options um and then the power behind that with ipv6.

D

So with with that, so the one big issue- I guess- and that's uh that's- really been industry-wide. I guess related to hbhs the hp options. Header has been rarely utilizing.

D

Current operator, networks and and the problem is, uh operators have have been really reluctant to actually allow hph into the network, and just just with with that um of separation, of control, plane and data plane and having uh traffic that should be processed in the forwarding path having to be punted to the control plane and that impact of of of traffic you know being forwarded and having to get rate limited or pushed down to the control plane, uh possibly impacting the management plane. So that has been a worry for operators.

D

You know just historically, it had just been an overall really historical problem. That's existed, that's really prevented uh hbh options and even uh destination. You know header options from really getting off the ground just due to that possible impact.

D

So the main purpose here is uh breaking the endless cycle. That's resulted in the hbas, you know really becoming a dos vector so that that's an area where you have you have h. You have an hbh header, you know valid, you know uh options, you know that are that are in a packet with valid hph options, but now because the hph is, is a dos vector, um most operators.

D

Being reluctant and afraid of that cross communication from you know something that should be an affordable plan now being put into the control plane and impacting the management plan, so that that's just been a really historical uh issue and now uh being able to develop and being able to use the um uh hbh header. It's really impacted that uh development.

D

um So now so now what the goal is enabling the hp caption center to be utilized in a safe and secure way without impacting the management plan ease of deployment of new hph based network services in multi-vendor operator network scenarios that can now be deployed without operational impact. Next.

D

Slide so so our mod are not router architectures so um with our modern router architectures, so they maintain a strict separation of control, the control plane and the forwarding engine, the control plane, realizing software in historically general purpose, processors, vulnerable to ddos attacks, the forwarding plane, realizing hardware, flexible high performance software, programmable mpus, capable capable of handling very high package rates and for performing complex tasks such as hpg processing, the interface between the control, plane and forwarding plane generally, there's a rate limiting mechanism that allows the implementer to protect the control plane against the ghost attacks.

D

However, with with that, the downside, of course causing consistent packet drops and impacting normal ip40 next slide.

D

So common implementations, so the sort of here the so the value of the next header field in the ipv6 header, so the trigger for the default processing behavior of the hph. It's a common implementation. So once the device receives an ipv6 packet with this next header field set to zero, we'll direct it to the they'll, be directed to the slow path, so the option type.

D

So the option type of each option will be examined before the packet is sent to the slow path. So in most cases such processing behavior as a default configuration can't be changed. um So that's that's really good the general as soon as that that hbh headers is received with a type zero. It's generally- and this has just been a common behavior across most most asics uh fixed function, assets where, as soon as that, packet's received got that hph option zero. It's forwarded to the slow path, historical reasons uh with the with that hph absence.

D

We're not yet well really well understood uh by operators as well um and and throughout the industry and flexible, fixed function. A6 performing proprietary functions were not so capable, as they are today with modern software. Programmable mpus that can forward at line rate in the fast path and still be able to perform complex tasks such as hp, forwarding options processing without having to punch the slow path consequences.

D

All packets containing hp pack. Each speech are dispatched to the slow path, and then you get the result of dust attack on the control plane, congestion of the slow path impacting critical functions rate limiting and impacting the overall management plan. Next slide.

D

Next slide thanks, so the desired processing behavior so with the control plane um should be protected against the undesirable traffic. So with the hph options that are not supported to be processed by the control, pane should not be sent to the control plane potentially causing the dos attack. So just kind of, I guess, based on that, I guess when you think about it, you have, when you look at the hph options, there's options that that are destined for the control plane and then there's options that are destined for the forwarding plane.

D

So so the idea is behind this problem statement and then, and then also a possible solution is decoupling options that are bound for the control plane to to remain processed by the control plane, but options that are uh not destined for the forward plane. It really should stay in the forwarding plane, but not should not be processed by the control plane uh should should. I should be, should be segregated and actually treat it differently.

D

So the hph options header should not be, should not be directed sent to the control plane, but the packages from steve, since these options may not be aimed for the controller, and so that's that's really. The kind of big big concept, an idea. It's really that separation, decoupling options that are hph options that are control plane, destined versus hbh options that are really destined for the forwarding plane that could be processed in the forwarding plane uh source nodes should not enable hbh options that exceed the maximum length of hph options.

D

Headers to 2048, bytes encoding, the number of hbh options that exceed the lowest processing capability of nodes along the path encode, the number of hbh options that exceed the maximum overall length of the extended header chain.

D

So the idea is basically better to separate the two option: types that are supposed to be processed by the control, plane and forwarding plane respectively, so breaking them into two buckets uh desired. Processing behavior for the two types options are different and the options are really aimed for the control plan are better to be consumed.

D

We should to not consume forward and plain resources, and that's really the big deal that why have them uh be processed by the forwarding plane. Let them really be processed by the control plane and only have anything destined for the forwarding plane be processed at line rate by the forwarded plane. So new development should be compatible with existing deployment. So that's something that we, you know we want to be cognizant of of any solution that that uh we propose, uh since the default configuration of some devices cannot be reconfigured.

D

The update, the update of the entire network cannot be done. You know within with a date, so it would take with any solution it will. It will take time to uh to to progress and that should be able to it's. It is definitely like a period of the paradigm change, so it'll take time, even with any proposal to move from. You know what we have today to a a new solution.

D

Next next slide.

D

So migration strategy, so in order to achieve the desired processing, behavior of hph options headers and facilitate the ever-emerging new new services to be deployed in operator networks across multiple vendor devices that make great the migration can happen in three parts, as described so first, the source of the apg options, header encapsulation, the information shared in the hph options, they'd be first categorized and encapsulated into either control options or forwarding options and then encapsulated into different packets.

D

That's first step. The second is the nodes within the network, so the nodes within the network updated to the proposed behavior introducing introduced in the previous section. So that's separation of the processing behavior of um of hvh options that are destined for the forwarding plane the edge nodes on the network. In this third step, the edge node should check whether the packet contains an hph header with control or forwarding option packets with the control options may still be filtered and dropped, while the taxes and the forwarding options should be allowed by the acl.

D

It is certain that there there is no harm that could be introduced by the hph options to the nodes and services that can be done. That can also be allowed during the migration stage. The nodes that they're not yet updated will stay with their existing configuration. So um so so the overall idea is really separating into two buckets. um Anything. That's using the existing hph option would would would be the control, plane options and then anything, that's any any uh options that are destined for the forwarding plane.

D

The idea is it would they would use a new hbh extension header that would be proposed next slide.

D

Next slide, sorry, so we would like to ask for workgroup adoption we we. This is we've uh proposed this. uh You know on the last ietf uh uh by shipping, and uh we would like want to get feedback and comment from the work group, and you know, based on this concept and ideas and and thoughts and work with adoption.

D

E

Could you put me in the queue uh sure.

A

So, okay, um so we're going to q a now uh ron you're, you asked to be in the queue you're in it.

E

Okay uh guillen. Thank you for this work. It's um um parts of it, I think, are very important, but we probably need to do a little dissection on it because of working group charters.

E

There is part- um and there is part of this work that falls within v6 ops charter. That is that we have a hop by hop option. We would really like to use it and we can't for the following reasons: there are parts of this work that I think fall outside of our charter.

E

The proposal to create the proposal to divide options into two classes, control, plane and forwarding plane, and I think you talked about a proposal to take to create two, uh a new extension header type that also falls outside of icharter. So that would uh that's something um you know bob hinden would might want to comment on. I think he's in the room.

D

I understood we do have a draft, that's in the hbh4 hvh forwarding, which is the new, which is a six man. I think there's a further slide. I guess the next slide down. That has the uh proposal, which is in six man, so this this draft is actually really it's just for the problem statement um and then the concept and then and then the um the solution is the solutions draft is in the um that's. What's what six man.

E

Yeah, what happened statement totally devoid of solutions.

D

I understood understood so this problem is it is, it is devoid of solution. It's just completely problems. Yes,.

A

Okay, bob uh you're in the queue.

C

Hi um so um yeah I mean I've, read the draft and it I just first I'll disagree: it talks about two different types of options, and that is a solution, not a problem. I'm very supportive of the problem statement. Part of this. I agree that it would be much better if I hop options worked and were useful. I've proposed one for path, mtu discovery. There could be others, and I actually have a draft that will be discussed in six man on thursday.

C

That's a different approach than what this is alluding to.

C

I think that we need to make hopper hop, processing, simpler and sort of reduce, and basically they should only be processed in the fast path uh or I forget what yeah I use slightly different terminology, um and I personally think that creating well first of all, ipv6 is in well, since forever only has it's very clear: there's only one type one set of pop-up options, not two.

C

So that's a fairly big change, but I think the notion of creating another option container with hopki hop, is going to just make things more complicated and will not solve this problem. I think it's going in the wrong direction. The draft I will talk about tries to make it simpler with, but with the same goal of making hopper hub options usable in the operational internet.

C

So I I s, I'm very, very much supportive of v6 ops, doing a problem statement draft, but I, as fred said it needs to be devoid of pointing to particular solutions that that's owned by six men understood understood thanks, mom you're welcome.

A

Okay, shipping you're in the queue.

A

A

Okay, jen: um do you have something you want to think.

F

uh Yeah uh hi, uh I have a potentially very sick question, um so I I assume for some reason that this distinction, this separation between something processed and slow past and something protest in fast past. It's not a property of a package. I would assume it's the property of the router. What kind of things it could process is the slow pass, and what kind of process is the fast pass right and this could change over time?

F

So how can this drop? Do? How does rob deal with that? What's happening? If, in like two years now, we would be able to process and hardware things which we cannot process now.

D

um Yeah, that's that's a that's a good good point. I mean I think, with that it would probably it would. It would be a um evolving that that, let's say um you know, let's say new options come up that are um that should be processed in the in the uh slow path they would remain. They would remain that are control, plane options. They would remain in the slow path, but new options that do and it is.

D

I guess it would be, a never evolving change that as as new ones come up, because it's two separate buckets. So that is. That is something um that we would have to consider. I mean that's a that's a good point, um a consideration having two buckets that it's not gonna all sit in one bucket as processed by the um you know by the you know normal processing, where it's processed by this boarding plane and then and then forward it to the control plane.

D

Where now now it would now, you would have um some that are actually in the forwarding plane and some some you know, processed by the control plane. I think the one way to look one way to look at it, though, is, is that if you have um with these two buckets, if you have um options that are, let's say existing options and anything new, they would stay like stuff.

D

They would state status quo that there would be no change, but what would actually change is anything new that comes about that actually requires uh line rate, processing and processing in the fast path, and that's really the idea that keep status quo, anything that requires control plane and that would be like legacy anything that exists today. That's control, plane and anything that new that comes up would stay, as is it wouldn't change.

D

It would be processed by the existing um hba cheddar, but anything new that comes up that requires the enhanced forwarding capability to be processed at line rate in the fast path um that would actually that would end up. You know, be decoupled and use the new new options better.

A

Let me make a suggestion that I think would clarify this particular discussion, and that is please ditch the words uh fast path and slow path. Because that's not the question. The question is forwarding plane versus control plane and if you make that clear, then this discussion becomes an awful lot simpler.

D

Okay, uh you know yeah, that's that's. I appreciate that that helps helps with the discussion, so control versus forward plane. Thank you, yeah.

D

You know, as far as with this draft and work group adoption, uh uh what are your? What are your thoughts as far as the problem statements as as you had stated, I think this draft really. It should be devoid of the solution. So maybe just really for this, I think discussion really focusing really just on the problem. Statement really makes sense as as this, this draft and sick and v6 ops is really the problem and understanding the problem and and um consensus that this is the problem that we want to that.

D

We want to address and and move to be able to adopt this as a um with the work by the work.

A

Well, yeah, so um looking at the charter as ron points out, uh the charter allows us to uh develop problem statements and send them off to other working groups, six men being an example and uh allows us to comment on things, uh give an operational viewpoint on things that are discussed in other working groups, and so this draft from a problem statement perspective. Does that and that's good?

A

um What I would suggest is that the the draft be reworked a bit and literally be a problem statement, and then we can discuss on the list whether it should be adopted, um but but with the the current solution stuff, that's in there, uh I don't think we would even we can't adopt it.

E

I would agree that we do have a real problem. um We have so many proposals uh in which we need a few more bits in the ipv6 header. The right way to do that is to use the hop by hop extension, but because hop by hop extension isn't a viable option, we're finding you know, ways to shoehorn it in the flow label or shoehorn it. You know someplace else, um so we do have a real problem. We really need hph back well. This is by the way, I'm speaking as an individual contributor.

E

Now speaking as a um as a chair to keep this draft within the scope of six of v6 ops, we need to make sure that what we produce is a problem statement totally devoid of solution. So it does need a little bit of scrubbing.

D

Here understood, I understood so well, so we can do that. Update, update the draft and really make it completely devoid of a solution and then and then take it to the uh mailing list to review, um and I think that's really the focus so and as far as the solutions, as you said, ron and fred, we can take that that's really on six man, but that's really. It's completely separate from really this right now.

D

Really the main focus is the problem statement, which is, it is a definitely a real real problem and being able to really leverage the hph option, which, as I got, operators and there's so many use cases that that could really take advantage of this. So it's definitely a problem that um that needs to be solved so appreciate the feedback.

A

Okay, thank you um now, shuping, uh you were in the queue and I called on you and for some reason we couldn't hear you um hello,.

G

Can you can you hear me now.

A

I can hear you now yeah so.

G

Whatever you wanted to say.

A

G

Yeah, I I think uh what I wanted to say is uh uh talked about, and I just want to confirm that we share the same goal. As bob said, we want to make the hub hub really usable for the operators and because a lot of new features really depend on it, for example, the past mtu, and currently we have two drafts, the winding six-man and the other in the v6 ops. The reason we have this draft in v6 ops is um is about we.

G

We want to to have this a problem statement, and this is what we really want and to to uh at the end of the draft. Actually, we revised it uh before and to this version, and we would like to we, we removed the solution part, and we can do it further with the help of the working group.

G

Actually, the main purpose for this draft is to state the problem, and, and also we have some requirements for uh how to precise the the harbor hub would be reasonable, and here we would like to get the help and the feedback from the working group. Thank you.

A

Thank you. Thank you. uh Warren you've got your hand up. um What do you have on your mind.

H

Thank you, yeah, um I'm not sure if the mic line was closed. If so, I will sit back down. um If not, oh speaking, with no hats um to me, it seems that once all the sort of solution is removed from this, the only thing you end up with basically reduces down to it sure would be nice if my hop options worked um and the reason that I hop options don't currently work isn't that vendors are inherently evil.

H

Although some might be um it's because it's hard to implement a lot of this in hardware, and you don't really know ahead of time what routers along the path might have done. So so there's also it's really hard without knowing all of the vendor implementation details to be able to predict what will actually work correctly in the forwarding, plane or fast path, whatever you want to call it. So I don't entirely understand how anything's going to work with this um other than saying this new thing which I'm writing.

H

I really really really want to work on the forwarding plane and I certainly hope it does. I don't think when any of the current hop by hop options were created, the desire or plan was that they don't work properly because they get bumped to the control plane. So I don't really see how this is going to change anything um other than sort of hoping or wanting a pony.

D

Thanks warren for your feedback- I you know, I think you know with this- would be problem statement. I think we're gonna. You know, as a shipping mentioned, I think, and and the feedback uh from ron and fred we'll focus on the problem statement and really the problem, which is definitely a issue to be able to use the hbh option and make it make it really viable. I think, to get from like point a to point b is not easy and it's.

D

It is fairly complicated to get there um as there are the chip, vendors and and operators and and there's a and there are a number of variables involved to be able to make hvh options really viable. um So it's it's not a uh simple as simple as that.

D

I think the solution is fairly complicated um as there are a lot of variables, but I think, as far as the problem, I think it's something that's existed for a long time, and I think this is something that we want to really address and and um and with this draft, and so it so it's um so it's made aware you know within v6 ops that we, you know that we have.

D

That said in stone that the work group and everyone agrees on the problem, then then it's really a matter of you know like, as bob has his his draft with uh you know, an idea with hbh and that you know how we can make it viable with just with a single hb option, which, which is I mean? You know, I really um you know. I mean it's great, that bob had come up with that. That idea.

I

D

Then the idea that we have with the solution trap that's another, and I think you know any one of those ideas that anything that can really make hvh viable. I mean we're all we're all for it, because it is something that really the operators within the industry really want to be able to leverage and not having a path toward the solution. I mean that that is a problem, so we're open to uh any and all solutions that can now solve the problem.

D

But at this point we're really focused and we'll we'll clean up the draft to um get it razor focused on the.

D

D

C

You I think we lost fred, should I go.

D

Ahead, oh yeah go ahead, I think I'm all set. I think if you want to move on to the next one.

C

No, no, I had another comment.

D

A

Sorry all right go ahead. Yeah yeah go ahead. Bob.

C

Yeah, so I'm I also, I agree with a lot of things that warren said um and you know so. I had two thoughts um I mean we are going to have. I mean if we get something that works and then we're going to be have to be fairly careful about what we allow to be defined for a new for new hop by hop options. I don't actually know how to do that.

C

So that's going to be because you can obviously some you know you may look at an existing one and that's possible to do in the forwarding path. Yeah I'll call it the fast path, but I could easily imagine defining new things that aren't, or at least not currently the the other thing before six man goes off and does pushes something through the process we're going to have to have.

C

I think, a lot of feedback from vendors who build this stuff and operators who deploy it, that this is something that they're going to implement and then use because otherwise it's fairly pointless, and so this we should not there's going to be, I think, a need for a lot of close coordination.

C

We can't just write a spec, standardize it throw it over the wall and hope for the best.

C

um So this can need to be a lot of, I think, collaboration with you know, people who build the the routers and the chips and so forth, and the operators who you know who run the backbone networks who would um deploy this stuff. Thank you.

A

E

Okay, thank you bob thank you. Fred may I jump in for a second sure go ahead. Okay, one quick uh last comment: uh arguing with warren a little bit a couple years ago. I would have totally agreed with what you said, but I think things have changed um two things. First, um asics have become more capable, so it will be possible to process some, but not all of the um hop by hop options we can think of. The other thing is we're seeing more and more uh requests to repurpose fields in the base. Ipv6 header.

E

We need a few more bits here and there and, as that happens sooner or later, we're going to have to break down and make hph work.

A

Okay, thank you um chopin. You came back into the queue and let me give you the last word before we go on to the deployment status discussion.

G

And um to warren and the evo isn't the operator: the evil is the about the implement implementation, but in the old times, when the hardware is not capable just as wrong uh just a comment, but the problem is when the hardware becomes capable the implementation still stays there. It's not changed.

G

Currently, there is no proper specifications to get the implementation, and that is the missing part, and I think the draft in the here- and we want to have this uh somehow it's kind of a guide to to fix that uh gap to to get the solution to be developed in the sixth man yeah. Thank.

D

You yeah dan. Thank you, okay. I just want to make one one point before we end so in the draft. I think one piece that we had put in there and it was it was in the update and it was just related to I think, as shipping pointed out.

D

One of the really the big problem is the chip manufacturers, but I think that they, because there's there's two categories: there's the there's a fixed function, asics which are not as flexible, and then you have your npus that are software programmable that are much more capable, but because you have these two flavors and manufacturers and based on the base of the cost and efficiency, there's so many variables that go into building the chips they choose to go with the fixed function, a6 versus npus.

D

So it is an inherent industry thing and it's really the chip manufacturers, that is the problem and they're, making the decisions on what to use. Not why? Why and their decisions on choosing to use np uh and a fixed function, asic versus an mpu.

D

I don't know how that problem would be solved, but that is definitely where the problem lies, as should be mentioned. Thank you.

A

Okay, uh we do need to move on, um so uh ron has um in that next talk under display um and now who's presenting this is this payload.

I

Hello everyone, so this is paulo volpato, I'm with the huawei europe and I'm presenting on behalf of the authors you see listed in the slide next slide. Please.

I

Okay, so, basically, for those who are not aware of our draft, let me just share some background, the information about uh what we have done um so the I would say that the goal of this draft is twofold.

I

So first is to provide an updated view of the deployment of ipv6, highlighting what it is still missing it you know to get to its full adoption.

I

On the other hand, I would like also to provide suggestions on how to improve the current ipv6 deployment strategies and for that trying to let's say, partially answered to the question posed by uh fred. At the beginning of our session, um we have inserted a part in the draft named call for action to stimulate further investigations on what are still considered the open points related to ipv6 adoption and to suggest waves to move forward.

I

Ideally, we would like to provide an updated view of the practices and the planes described in rfc 6036, that is probably more than 10 years old.

I

Some incentives are also discussed in our draft and thanks to the feedback we got from the main list. We have also started to consider, let's say adding some text. Some considerations on ipv4 exhaustion, so this is the current status we can move to the next slide, please, where we show the differences from version one. So we presented our draft before itf 109..

I

uh Since then we have to thank the people that provided feedback both in the main list, but also privately, and we added, I said, one specific section: on ipv4 exhaustion, um we introduced some considerations for the usage of ipv6 in cloud service providers networks and their data centers infrastructure.

I

We have also updated the numbers on the status of ipv6 and we have further developed. Let's say the part called call for action next slide. Please.

I

Okay, so some updated numbers on ipv6. You find all the references in our draft, but let me uh mention ethnic because we gather a lot of the pieces of information that we have reported here in our tables. So, first, where do we stand with the adoption of ipv6? The number of estimated ipv6 users reached 1.2 billion at the end of the last year, and I would say worth noticing is the compound annual growth rate, which is slightly above 40.

I

If we consider the period from end of 2016 to end of 2020., the ipv6 allocations also grew the so you see the different numbers related to the registries described in the second table um and again it's interesting to note that, despite the drop in the ripe region, which is uh described in the pen ultimate row in the second table, the ipv6 allocations have grown quite a lot. And if you compare the two address, families in the third table, ipv6 has grown more than ipv4, and this is also represented by the last table.

I

Where we see that the total number of autonomous systems capable of ipv6 has grown more than total worldwide. I think we can move to the next slide.

I

So one of the sections of our draft also discusses a short survey that we proposed to some 50 operators in europe at the end of the last year.

I

Again, all the details are described in the draft we just mentioned here that the majority of the operators we we asked the to provide an answer to the survey declared.

I

We have plans to move, adopt or, let's say, deal with ipv6. Some of them have already deployed ipv6. Some of them are in the process of moving to ipv6.

I

This is represented by the first pie and the bottom left in the middle. The other question we asked, which is the business segment where you see adoption of ipv6, and you can see that all of them are covered. We have both mobile, fixed and enterprise and are quite equally split.

I

The third pie is related to the technologies to be adopted in the mobile space, and you see that the favored technologies are mainly dual sec and the x-slot and the reason for moving to ipv6 in, I would say almost all the answers is related to the lack of ip4 addresses and I would also add, probably an increased attention to ipv4 depletion, which is a good sign. I will say next slide. Please.

I

Okay, we have also expanded in the latest version of the draft, some considerations about the adoption of ipv6 in specific domains apart from network operators, so we have added some text related to the use of ipv6 in enterprises.

I

What we can say is that in many cases, the decision, whether to go with ipv6 or not, is dependent on the service offered by the upstream provider.

I

If the connectivity provider runs ipv6, then well, I would say this is fair enough.

I

If not it's easy, that enterprises still remain with ipv4.

I

And in doing that, probably the risk that they may miss some specific deadlines or opportunities in those markets or countries that have adopted, let's say uh enforced policies in three four of ipv6.

I

Most of them have already adopted ip6 in their data center facilities or in some cases their data centers are completely based on ipv6 um industrial internet. So we consider iot industry, automation, verticals.

I

um We see there are a lot of advantages when adopting ipv6 for the connectivity um mainly related to the wide address space, but also to the let's say, characteristics.

I

The basic characteristics of the protocol, mainly associated with the ability to self-configuration or automatic configuration next slide. Please.

I

We have added a new partner dedicated to the exertion of ipv4.

I

The data comes from the registries and is also summarized in a very interesting article by dr jeff houston. That is referenced in the slide.

I

So, let's start with the number of available available ipv4 addresses in that article. This is summarized which is represented by the table on the bottom left.

I

So, looking at the table, we see that we have probably some 80 million of available ipv4 addresses, considering both the really available from the registries and the reserved addresses.

I

So apparently, if we based our assumption on the numbers represented by the table, we are approaching the the real exhaustion of the ipv4 other space.

I

There is one point, so if you have the opportunity to look at the article by dr houston, there is also another chart which is represented on the right which details the number of unadvertised addresses.

I

So looking at the numbers, uh we have probably around 50 slash 8 or 50 class, a available which are not advertised today on the internet. So there is a question here. uh What's the reason for that, on the one hand, that seems good for ipv6, probably it's good or better could be explained as a sign that since ipv6 is used more than before, that has freed up more ipv4 addresses, but look at the article.houston.

I

Also. Let's say he provides another possible explanation which could be related to an increased use of network address translation. So if so, clearly there could be an impact on the deployment of ipv6 that could be further delayed. Clearly, more investigations are needed here next slide, please, and we are approaching the section named code for action.

I

We we tried in version one of the draft, and we are still trying, in this edition of the draft to put comments and considerations with the scope of providing arguments or even actions to support ipv6.

I

um Clearly, we could look at this section as a way to try to answer to the question posed by fred for sure more needs to be done in version zero one. We touched briefly at the transition choices for service providers and enterprises, the operational aspects, something related to security.

I

We added, let's say more text for cloud providers and data centers. We have already mentioned that ipv6 is widely adopted. There is one point, though: cloud providers are also active in gathering ipv4 addresses, probably to answer their business needs to provide connectivity for enterprises, so there may be, let's say, an impact. One day the day we will approach a real exhaustion of ipv4 addresses.

I

The use of an ipv4 address for an enterprise will turn into a fee to be paid.

I

Then we have industrial internet for sure. Ipv6 is envisioned as a key foundation for connectivity.

I

Probably there is work to be done to make people more aware of the potentiality of ipv6, mainly in the application development side, and I will move to the next slide. Please.

I

Where we added some considerations for industrial iot, which is quite similar to the previous one, so once again, ipv6 could be leveraged for the characteristics to provide automated configuration or configuration less say capability.

I

But once again there are issues to be investigated, and then we have a final section on government and regulators and in dealing with this topic, we try to summarize our findings with a motto stimulate if you can and regulate. If you must uh why that, because we have looked at some countries, mainly the european union area, where we have some countries where the local authorities, the local regulators, did a good job in supporting ipv6.

I

So we have examples in belgium, france and germany, which are quite ahead of the other countries in terms of ipv6 adoption and a good example, and I'm going to close. My presentation here um comes from arsepe, which is the french national regulator that mandated the obligation for the operators awarded with a 5g license the the obligation to implement to support ipv6.

I

There are some reasons that rcep provided to, let's say, motivate this choice, but basically they pointed out that this is important not only to support future applications but also to avoid, let's say, any hurdle or barrier to new entrants in the market.

I

So something could be also taken from that. Just to elaborate, you know more actions to answer to the issue of further pushing ipv6 so that if we can move to the next slide, which is the last one of my presentation.

I

Next steps, so for sure we are open to listen to the community. If there is anything missing, we are available to consider more topics, try to put more considerations in favor of ipv6 uh for sure and I'm echoing what fred suggested at the beginning of the sessions ipv4 exhaustion could be also debated. I think it's the hot topic that we have to deal with and I'm pretty sure that more incentives could be added to the draft and more could be also included in the discussions.

I

uh Clearly, we are open to contributors and, as said, we welcome any comments that could be provided. So this is all thank you.

A

Okay, thank you.

A

um Let me uh do people want to jump in the queue to say something. We have a few minutes left during this session, during which we can have a q, a.

E

Fred, could you put me in the queue yeah? Well go ahead: okay, uh no! Hats on a couple questions, um a couple things that would motivate the deployment of ipv6 is an increase in the price of ipv4 addresses and an emergence of a part of the internet that is ipv6 only have we seen a steady increase in the price of ipv4 addresses and do we see any ipv6 only islands of the internet, yet.

A

Well, the answer to both of those questions is yes. uh If you go to, I think it's ipv4 market dot com, uh they are essentially a um a. uh If addresses were real estate.

A

They would be a real estate agent, that they connect a buyer and a seller, and they have an interesting graphic in which they look at the price of an ipv4 address which, when that market first started, was around 14 or maybe 12 dollars an address and is now at about twenty dollars an address, um and you know I I would suggest you look at that uh graphic.

A

uh We have seen an increase in the price of an ipv4 address, and you know geo that spoke to us last month or at the last meeting, talked about having a number of different services up all, except one were ipv6 only so yes there's at least that one island of ipv6 only capabilities- um and I believe jen- might tell you that uh within her company at least part of it is ipv6 only that's been a big project at first and she talked about it. uh So, yes, we have some islands of ipv6 only capability.

E

So I should call my wealth advisor immediately and have him invest in ipv4 addresses just kidding.

A

Okay, any other comments.

A

Failing that, let's move on to um the discussion of the rto dependent flow label generation. Alexander, are you around.

J

A

Okay, so you're on hang on just a second.

E

E

J

J

Okay, great uh so good evening, everybody, my name, is alexander azimov. I work for yandex and today I'm going to discuss with you flow label as it's on this. As you can see it's on the slide, uh it's a relation to the tcp circuit hash and what is in the itf documents and what is really in the linux. You know so next slide. Please.

J

So if you ask data tracker about flow label, it will give you this kind of response, so these all rfcs that have flow label in its naming. Not all of these rfcs are related to flow label generation, but some of them do are related, some of them even look obsolete and I'm going to make a quick recap about uh key statements in these rfcs next slide. Please.

J

So these two documents discuss application of both stateful and stateless use. Cases on the slides there are few quotes that I'd like to highlight the first clearly states that the flow is connected, but not necessarily mapped one-to-one to transport connection.

J

uh It also states that non-zero flow label uh should not be changed by metal boxes and though the filter is unprotected, uh the flow label must not be used alone in the hash function during loud balancing.

J

The second part of this document discusses the use of the flow label as a kind of network function similar for what we really have in mpls these days. So we will have in uh a cycle six, seven plus and let's move to the next.

J

J

uh This document further discusses the use of flow label as packet classification. uh This kind of use case brings a lot of complications and technical requirements. uh It requires to keep flow label stage at the routers. It requires uh special processing of unknown flow labels. Of course, this requires a garbage, collector and also from this document. It starts uh it's of course required that flow label must be fixed for the uh transport connection.

J

So it's a slightly different in statements from the previous one and what is important that this document is 10 years old and I believe that, with high confidence we can say that there is no this kind of deployment, so nobody in a real network is using flow label uh as uh for package classification, at least I'm not aware of it. Maybe I'm wrong uh next slide.

J

Please and finally, rfc 6438.

J

Tries to put the final dot to the argument about if it's good to use a stateful or stateless flow label, and so it's clearly states that flow label should be used in status allowed distribution, and it highlights that uh you cannot rely for at flow label as end to end signal because it may be change in the path. So stateful uses of flow label are not recommended at least and next slide. Please.

J

The next document expands the use of flow label in a stateless allowed, balancing, uh uh mainly focusing uh ipv6 tunnels such as a gre or ibm in ap tunnels and uh in current world. It's also, of course, related to ipv, exactly six and next slide.

J

Please so this is the last rfc that is related to flow label generation it, and it is a bit uh out of the line in this document. It is suggested to used to use flow label in stateful loud balancing, but not at the the level of routers, but at the level of normally we call it layer, 4 loud balances,.

J

It gets the same restrictions for the flow label, so it's again asked to make it fix it for the transport connection. The purpose of this document is, it tries to address.

J

Fragmentation of course, but in.

J

Reality uh it again realize that flow label is immutable. It is not correct and it was discussed in previous documents, and these make some questions about this one, and it also uh creates a gap in this insecurity.

J

It's gives away for uh fragment or fragment floating uh so and more than this, as we will discuss further, uh if anybody have deployed such a system, they should have experienced problems with linux boxes, for, as far as I know, there is no such deployments at the moment.

J

So this is a very short uh summarize on about what is uh stated in iitf documents about flow level. Let's take a look about a linear kernel deployment related to flow label, but not limited to it next slide. Please.

J

So it was uh 2014 when the support for flow label generation uh based on the tcp hash was added in the linux kernel. It was mainly addressing the rfc 6438, so it's not about flow label. Only it's about any kind of encapsulation and we will get back to this a bit later.

J

J

But next year happens a very important change in the logic of generation, uh sp, hash and respect of the uh flow label.

J

It says that cp hash is recalculated after negative routing event. What is negative route in your end? Normally, we we.

I

J

Used to to know it as a rto timeout, and so this is very different from what is in the itf documents, so uh this makes the tcp uh hash may be changed during the lifetime of tcp connection and flow label may also be changed next slide. Please.

J

The next year, this solution is further strengthened and now the hash is recalculated upon each scene, audio or any kind of or just standard rto timeouts. So if we are losing scene packet, the hash value is changed. If we uh have rto timeout uh during lifetime of tcp session, uh hash is changed and so respectively flow label is changed.

J

Why it is that important? What is the problem that was?

J

These changes were addressing next slide. Please.

J

Imagine that you have two hots that are trying to establish uh tcp connection between between each other and, uh for example, these hosts may be in data center. They may not, but anyway, so the outage happens on one of the paths that may be used by these hosts.

J

So in this case, let's say that there is an outage on the device as one and then the scene packet that was sent from t1 to d2 was lost in this case. According to the linux kernel, uh the hash will be changed and so flow label will be changed and to redirect the second uh scene uh that will be sent from the one host to another to another path. One need only only one thing: we need to enable flow label hashing on the in in-dress device. In this case it says t1.

J

This will uh give you a chance to uh give it tcp a fantastic property, so in case of outage on one part, it will jump to another. The more alternative alternative path paths you have. The high is the chance that your services will not be affected by the network outage next, like this.

J

So this is an experiment that was run in a production network of yandex.

J

uh We took a top-of-rack switch which had four uplinks and on one of their uplinks, we created a packet loss, so it was just dropping all the traffic that was going through this link and you can see on the left side uh the the data from our uh data plane, monitoring, and it just says that we are losing twenty five percent of packets that are distance to these top of rex switch on the right side. You can see the disruption that happens to services inside this switch and just to mention it says, network ipv6.

J

Only next slide.

J

Please now we enabled a flow label uh hashing on this top of rack switch and reproduced our experiment on the left side. You can see that the data plane monitoring is just the same because it's not aware of tcp, it just sends packets, and so it's uh still sees 25 percent of packet loss, but on the right side there is no effect, so the services in inside this wreck were not aware that something bad happened to the network.

J

Of course you need to make some additional uh configurations. You need to change values of rto timeouts, but it will not be possible without these changes of a flow label during anticipation lifetime next slide. Please.

J

And as we discussed, it's not only flow label, it's a tcp hash, uh the changes and there are dependencies for for this tcp hash in a linux kernel. So it's flow label. It's and every other kind of encapsulation, for example uh upon rto it's the key fields in gerry will be changed. It will change also source port in the edp encapsulation. And if, for example, you will use any kind of ipv6 encapsulation, it will also affect the flow label of the outer header.

J

J

And by the way it's a linux default, so the default behavior is to use this kind of uh flow label generation. So uh at the moment we have some linux kernel developers that uh enriched uh tcp of ipv6. It works only on on top of ipv6. It's not working for ipv4, of course uh enriched it with self-healing capability, but if it was all that great, I would not have created these slides and you won't be suffering from my russian accent next slide. Please.

J

There is a side effect. uh The side effect happens if uh the user uh changes the flow label and on the other side, if there is a state for any cost without a sharing state.

J

For example, if we have a tcp proxy and the user changes a flow label from each side, it may result that the following packets will be delivered to another device that will not have uh tcp state and it will respond with a rst or you will not respond at all. So the results of this kind of situation will be as normally session timeout.

J

uh Unfortunately, we faced this kind of scenario for our users and.

J

As an ad hoc, we had to switch off flow label balancing at our board routers. Unfortunately, it was helpful only in a subset of cases. So next slide. Please.

J

The good thing that it can be fixed so.

J

Normally we have two sides of tcp session. We have client that's unseen. We have several that are responsible with synagogue, and this kind of problem can occur only uh on the side of the client, and so we can keep the behavior uh of the server as it is. It is now in the linux kernel, so the server uh can recalculate its tcp hash and thus change flow label after each rto, but on the client side each should be switched by default.

J

There must be a knob to enable it in the controlled environment because, for example, in data centers, where you know where is any cast and where is it just a unicast addresses it's safe to use it, but you should know where to use it properly.

J

Next slide. Please.

J

And as you see it's just in my last last slide and uh I'll try to summarize both current stagnation and deployment status, there are multiple rfcs related to flow label generation, though some of them look obsolete. There is a non-started behavior in the linux kernel and maybe other operation systems, I'm not aware about it.

J

That improves tcp connection stability in case of packet loss on one of the parts as for now it is deployed, at least at three hyperscale clouds. Unfortunately, it also introduced a mistake that may result in a tcp session timeout. It can be fixed and a good thing. According to the discussion in the mailing list, it will be fixed, but I believe it's also important to update related standards to reflect what is happening in the real world deployments.

J

Otherwise, there will be a growing gap between what is writing in than all 10 years old documents and real implementations.

J

That's all for me any.

J

J

Red got disconnected.

E

Okay, um I can't see if there's anyone in the queue, if I, if I have a question yeah, I don't know if you go ahead again,.

D

um Yeah, I said this was a really really good uh overview of uh flow labels. You know I wanted to uh mention. I think this is a I mean you know comparing like ipv4 to ipv6. I think that first bullet, that you I mean second bullet, you know flow leg- will actively use for state stateless load. Balancing I mean I think overall, that's that's, really a real massive gain like going from b4 to b6 so with with v4, um because there is no like there's no entropy built into the v4 packet, no flow label.

D

um You can't do uh per per flow low, balancing it's versus flow based load, balancing, so every flow you know each flow is hashed to an individual length. Let's say if you have an ecmp, so so the the really the huge gain with uh really- and it's really overall for ipv6 deployments uh for operators that, if you, if you, if you, if you move towards ipv6, being able to take advantage of that stateful load, that stateless load balancing is a real massive gain. um You know with that.

D

You know in your testing that you've done have you tested across different, like vendor boxes like uh our cisco jana per arista and whatnot, that they all support, stainless load, balancing, because that that uniform load balancing that you can get with that with the flow label. It is a massive gain for operators.

J

So, thank you very much for this very positive comment. uh Yes, we tested label balancing on different uh devices. uh There were devices that were not working properly, some of them. Some of the vendors, have already uh delivered us software updates and we are waiting for the last of threads. If there are updates from, I cannot name the vendor uh in this uh q2.

E

Okay is anyone else in the queue.

A

uh Yeah, michael is.

K

uh Yeah, so you said you, you prefer to disable this feature per default on the client side, because you may reach a gcp proxy, a different tcp proxy. So my question is: if you change the flow label of a tcp connection on the server side in the middle of a connection, how can you ensure that you are not reaching a different middle box like a firewall which sees the packets and has no states from before.

J

J

uh Speaking about uh the firewalls, uh they are not normally in any cast, so you are, they are on path, but I'm.

I

Not talking about it if.

J

You are heavily relying that all packets of the tcp connection today are coming from one path. uh Your firewall normally will not be working that good, as is this, is possible. um So if you have a symmetric path and you place uh a 5v, for example near your gateway, single gateway, everything will be perfectly fine, but uh so from the server server side, it's at least safe from the client side. It may result in a timeout. If you are uploading a lot of data for through such stateful anycast servers, it may be some proxy.

J

It may be a layer for balancer without uh consistent caching,.

K

I'm not talking about any cost, I'm talking about a unicast service. uh Fireworks are on a path and now one side changes the flow label resulting in packets, taking a different way through the network. So it might not hit the firewall anymore, so a new firewall might be hit and the connection will die.

J

So, may I ask you a question uh in the uh what happens in this scenario that you have uh described uh if uh the table is changing and the path to the client is changing? Does it result in immediate uh disposition interruption so.

K

I'm talking about the temporary problem which results in a timeout and you change the routing of the packets.

J

K

J

I'm talking about another source of uh changing path from uh content provider, for example, and the end user. So uh if you have multiple firewalls that are expected to be processing the uh tcp session with without uh traffic redirection, I think it's uh already broken without any flow label changing and by the way label is already changing. So it's not something that I suggest to introduce. It's what's happening now,.

A

Okay, um now we've only got a couple of minutes left for this, and then we have one more talk so uh luigi. You wanted to say something.

L

uh Yes, um first of all, thank you for the presentation, it's very clear and interesting.

L

um I wonder with your proposal of on safe mode, what happens if the the path is asymmetric and the problem is, in the let's say the uplink from the client to the server, and in that case you you, you don't have the simple performance you showed with this experiment where you had the 75 percent. Stop right.

L

This may happen.

J

Yeah you're correct so.

L

Did you try to do uh an experiment.

J

uh So, uh yes, we are currently running a couple of experiments and uh from the.

J

Content provider that I'm working for normally the biggest issues happening, not on the ingress side, but on the igra side, where the majority of traffic is going, it's not through the uh it's not destined to our net network.

J

It goes from our network and there are the places where, for example, congestion happens and uh this value of tcp to jump from one part to into another path because becomes that valuable, but you're right that, for example, if there is a packet loss on the forward pass from the client to the service provider, if the safe mode will limit opportunity of the client to jump from one path to another, even if it is exist.

J

uh There is a trade-off, so just be a timeout in some kind in some situations or benefits in another, the safe mode. As I say, it is a an easy fix, after that, one can think about for a kind of negotiation, negotiation between client and server that in which the server will permit client to change its flow label, for example, if the server knows that everything will be fine, okay, just do it, but safe mode is from my standpoint is something that should be deployed in first place.

L

Thank you. I have just another quick question. I hope the answer is also quick. Otherwise we take it to the list. Maybe what happens in the context of mptcp if you move past, these two connections is the same principle that that.

J

uh It's not that easy question so, of course,.

M

Okay, let's take it to the list, maybe yeah. Let's we, let's try this this one to the list. Okay,.

A

um You wanted to get in and I'll give you the last word and then we need to move on to fernando.

D

All right thanks, uh I added just another quick question. You know, because you've had seemed like a lot of uh erratic results with uh using state. You know the stateful marking of the flow label is. Is there a feature? I guess you know probably from an operator's standpoint. Maybe it makes sense to like you know, like let's say with qos, you can actually have trust to like trust.

D

The uh flow is there a way to like remark: the packets on a um on a switch, so the flow may sort of so you unmarked the packets, and so the flow label is not set. You know, let's say on the um a port connected to a host that you can. um You know, keep it untrusted or just mark it so that it does it's not used. So that's so that um hosts don't actually try to use stateful because of the erratic behavior that you can see with stateful.

J

Thank you uh I'll try to answer this question, though I can't say that I've followed it fully, but so uh we never remark flow label at the top of rack switches or in any part of the network. No part of the network keeps keeps the state of the flow level it's just in the hash function of ingress devices and the ingress device may be top of rack switch. It may be right at the entrance of a mpls cloud right.

J

So that's all I and I'm not aware of any other stateful use cases of flow label. There are quality of service. As you said, there is a place for other use cases, so there is channeling for other use cases.

D

I understood, but you know on this on this on the top of rack. Like that ingress point, could you actually just like a qos packet like the dsc toss field? Can you you know set it to everything is so that the um the field is not marked, so you don't have um erratic behavior because it does seem like when the host sets. You know and tries to use a flow label for stateful operation that it seems like from your testing.

D

You have a lot of erratic behavior, but if on that, top of rack, if you mark it so that it's not set so the flow label is not set for stateful signaling, um I don't know. If that's, if that's possible, I mean I guess it would prevent any erratic behavior. You know that could possibly happen.

J

uh Unfortunately, I can't the moment imagine the use cases for any kind of state for flow label that will be really working, but we can move this discussion to the main at least see them. Please tell me.

A

Thank you, okay, thank you. um So I need to move on to fernando's talk um so ron. You want to change the sides there.

A

A

N

N

Good, can you hear me yeah? I can hear you okay, um okay, um so I'm fernando and I will be presenting this document on ipv6 addressing considerations uh next slide. Please.

N

So, what's the goal of this document, essentially, this document tries to do three different things. The first one is to perform an architectural analysis of ipv6 addresses, uh try to figure out what what are the you know, the properties that they have and what are the implications of such properties.

N

Then we try to analyze the extent to which ipv6 addressing is currently leveraged and, finally, what we do is try to do a gap analysis that is try to uh find out what what things are missing for us to be able to fully leverage ipv6 addressing uh next slide.

N

So um when analyzing uh the address properties, we came up with a you know with a few different categories. um The first one is that of scope, which is actually you know formally uh defined in the ipv6 addressing architecture. Essentially, the scope is uh the network span where another is uniquely identifies a network interface. Okay, um as a consequence of of that, you uh can say that you know the scope has an implication on reachability. Reachability will always be smaller than the scope of the address, and there are implications of the of the scope.

N

For example, um you know if you were meaning to um offer a service only on the local link, but instead of using link local addresses you use global addresses, then you know that service would be. um You know, exposed exposed to. uh You know a larger part of the network than than necessary.

N

uh It also has implications of on address uh stability, for example, for the particular case of you know global addresses, if you have provider dependent addresses, uh then you know your addresses might change over time. For example, if your app stream were numbers um second property that we discuss in the document is that of reachability, which essentially implies more than just the scope, because it also implies.

N

I mean the scope does uh imply a limit on reachability, but there are other things that affect reachability such as, uh for example, filtering policies, and the implications of reachability is, of course, of course that, of course, exposure. Okay, uh you know another is that is you know, reachable from everywhere of course means that that know that host is also reachable. You know, from everywhere, for example, for attack purposes.

N

N

Slide um other categories uh provider dependency. This is uh you know, uh provider dependency is normally analyzed in the context of uh you know. Global addresses, like you know, bi versus pa space, but in this case uh you know we we talk about this property like in a more general way, uh and essentially we refer to this property. As you know, the extent to which an address is tied to your upstream provider upstream provider could be anything could be another router in your same network and that router might be leasing. You ula prefixes, okay.

N

So the idea here is, you know if the address that you're using depends on the upstream, then it's you know dependent on the provider and if not, it's not implications of this. One of them is other stability like, for example, the work that we have done in basic subs about the flash, remembering events. So if your address depends on your provider, then if they provide the real numbers, then you know your addresses, will change and, for example, in the case of global addresses, like pei vs pa space.

N

Obviously, it has an implication on your ability to do multi-homing, okay, the final one, if I remember correctly, is that of uh stability which, as the name implies, has to do with the extent to which an address changes over time. uh You know the other exchanges uh are associated with at least two different things. uh One is the prefix stability.

N

uh That means that, if you're upstream for a number, then you may have to change your addresses whether you want it or not, and then you know the stability is also related with the address type like, for example, in two of the cases you have stable addresses that are, as the name implies expected to remain stable in the network, and you also have uh temporary addresses, which, by definition, of course, they change over time.

N

um Stability of addresses have uh you know, implications on a you know, a large number of areas, one is uh host exposure. You know the more you use. uh You know an address, the more that host will be exposed uh via that address.

N

uh It also has implications on privacy because of course, the more you use an address. You know the longer you will allow for uh network activity correlation based on the address itself. Of course, there are many ways in which you can correlate activity and finally, it also has implications on operations. Why? Because, uh for example, there are devices that might not be able to cope with. uh You know, um systems uh employing many addresses or with changing, addresses all the time all the times in some enterprise deployments, they might expect the addresses to be stable.

N

You know for correlation or login purposes, for acls too. um There were also comments on the on the v6 ops, mainly list uh regarding acls that you might even want to you know, um enforce on your cpu router. um You know, since you know, if your home network is employing global address space, it might be difficult for you to configure acls on your cpe, because if your uh you know, if your isp renumbers you, then uh you know the acls should change accordingly. So there are a number of implications associated with stability.

N

N

Slide: okay, so how are addresses currently being employed? Well, when it comes to configuration it's normally one size fits all like, for example, I use uhuntu on my laptop and I get the same kind of addresses, no matter where I connect to, uh for example, ubuntu will, if addresses are being provided with slack and the hcp it will configure addresses with both and when it comes to slack, it will configure both stable and temporary addresses and it doesn't matter what kind of network I connect to.

N

I always get the uh ubuntu has the uh at least. As far as I know, the you know the same policy for you know, configuring addresses where you might want to do something different. Okay, for example, if you were to um you, know, uh connect to your home network, you might want to do uh both stable and temporary addresses, but if, for example, you have a you know, a mobile device, you might want to use just temporary addresses.

N

Okay when it comes to usage, it's uh the same thing, uh so the approach that is normally employed is one size fits all. So when it comes to clients, uh normally, uh you know uh hosts employ the uh you know: ipv6 defaults, the default address selection. uh You know, meaning that you know you pick your source and destination addresses based on that rfc and when it comes to uh you know, servers or server like operations.

N

um You know the normal behavior is that you accept uh incoming connections on all of the configured addresses. Okay, which is um you know at the very you know at least uh sub optimal, because that means that, for example, addresses that you expose to the outside world by doing uh client-like, communications uh could also be uh leverage are used uh to actually access services that you might be providing in your local node. There are.

N

There is like a famous case of um you know, of uh host systems that they were exposing their ipv6 addresses uh when using ntp to synchronize the time, and then you know, right after you know doing ntp, they got poor scan by using the you know. The temporary address that had been employed with mtp next slide.

N

So implications some of them I discussed already um when it comes to address configuration, I would say that uh one size probably doesn't really fit all uh at times. The host expectations are different from the network expectations. uh For example, a host might want to.

N

um You know, configure many addresses, which is actually a bcp right now, but uh you know the network might not be willing to do that, or maybe the network might be willing to allow for some number of addresses you know per cause, but it's impossible for the host to know what that number is. What what's like a you know, a number of addresses that is acceptable to the network, so uh you have a case of you know different expectations from the host side and from the network side.

N

There is also the issue of uh slack and dhcp interaction. uh For example. That's the case of my own uh box. I have an ubuntu box that does uh 7217 and 4941 for configuring. The uh slack addresses that is it configures slack addresses in a way that you know you take care of security and privacy, but ubuntu by default. If addresses are also offered on dhcp, it will configure addresses with the acp too, and I happen to have you know a cpe router that uh leases ipv6 addresses using a predictable algorithm.

N

So my slack addresses are unpredictable. My my dhcp addresses are, um you know, pretty predictable and, of course, of course, the you know, the the you know the outcome of that is, uh you know at best sub optimal. When it comes to address usage. There are also implications, um for example, uh an application that expects to have a long live session, might use temporary addresses, which uh you know as a result of that results in the sessions being torn down.

N

Think, for example, about the case where you want to have a you know: long live ssh session, but ssh employs temporary addresses and, as a result of that, you know they get the the session gets, you know closed or down every time um you could also end up using, for example, global addresses for what's meant to be a service that is only provided on. The local link could be the case, for example, for multicast dns.

N

If you wish, and there's also the case that it's what happens nowadays, that you may be accepting, um you know incoming connections on all addresses, including temporary addresses, meaning that, just by you know, exposing your temporary addresses means that you're also or you might also be uh exposing services. That uh might even be meant only for uh you know the local network uh next slide.

N

So, uh let's go briefly uh through some of the gaps that we have. One is the apis. Essentially, you know. For the most part, uh we keep using the same kind of apis that uh you know do not really um you know, allow applications. uh You know to essentially signal what kind of properties uh they expect on the underlying ipv6 addresses. So, for example, for a client application.

N

uh You know the application might want to. You know signal that it wants a temporary address or, for example, that it wants the operating system to create configure a new address just to use by that application.

N

So there's a lot of properties that you know an application or abstract properties that you know an application, could specify scope, stability and so on.

N

uh There's probably also room for advice on ipv6 address usage, meaning that even if we have those apis, then you know we should provide advice to you know applications developers, you know for them. You know uh to to to be aware about both the api and what supposed to be the you know. The best way of you know leveraging ipv6 services uh next.

N

Slide other gaps. uh Well, this is related to um you know to um to the configuration issue that I mentioned before.

N

It would be great, for example, to have uh you know, profile based uh address configuration, meaning that you know if you select that uh you know, if you tell your system that a specific network is say a trusted network, you configure addresses of some sort, whereas in other cases you do a different thing, like you know, home network, okay for the home network, configure stable and privacy, but if I'm roaming, if I connect to an internet cafe, for example, I'll then use only temporary addresses there, so that means that we would switch from one size fits all to you know specific different profiles, um also, uh you know, have improvements on how to deal with many addresses.

N

This is kind of like you know. The result of conversations that we have had in six months, for example, allow the network to convey information about. You know their expectations of addresses so that you know the costs and the you know network can cooperate in a better way, whereas uh nowadays uh the host may configure many addresses, but it might hit a point where you know the network isn't happy about that. uh There have been proposals. This is obviously work.

N

Not for this exops, like you know, do work to be able to register and de-register addresses, because you know so far uh devices that maybe on the local network, they have no way of knowing you know if an address is uh still in use or not, and uh last item have support for prefix delegation, which in some cases we don't currently have that might be increased support for dhcp prefix delegation, not necessarily the whole dhcp version, 6 thing, but the specific part of perfect delegation or having something you know develop on the slack side uh next slide, and I think once we're done with it, we can switch to the discussion.

N

Finally, there's other stuff, uh one is support for firewall traversal in uh cpus. um Essentially, you know when you look that you have many cps that enforce a policy of only allowing outgoing communications. That's kind of like mimicking what we have in ipv4 as a side effect, but they don't have support for uh things like, let's say: ipv6 based universal plug and play or pcp.

N

That means that uh in many cases you might end up having uh ipv6 network where your local nodes employ global addresses, but that filtering policy of only allowing outgoing connections essentially prevents you from offering services with dhcp, which is kind of like ironic and last item, is support for multi-prefix multi-router networks. uh To put it bluntly, uh we do from my perspective, we do need mandatory support for rfc 8028.

N

uh For me, it's virtually impossible for a network to uh support uh a setup where you have. uh You know multiple routers and multiple prefixes. The uh requirement for at rfc 8028 right now is assured, but from my perspective, it's like should be a must, like you know. Definitely a must, and we also need, of course, increased support of it, because the vast majority of uh ipv6 implementations do not really support ad28 uh next slide.

N

So uh I guess it's time for some discussion and feedback.

A

Okay, jen you're first in the queue- and you want to comment.

F

Hi, fernando thanks uh very interesting documents. uh However, I have a few comments. First of all, I'm surprised with the saying that your your laptop is always configured the same way. I might be wrong, but I think network manager does allow you to have different profiles for different process ids. You can have only stable address in one advisory networks and private extensions on another and so on.

F

I think the functionality is actually already here so, and I think the document actually covers a lot of different things, because I agree with definitely leading api, so application could get better visibility to property of address temporary versus stable and so on. However, concerns that some other properties are not really property of an address.

F

It's a property of the network topology at this particular moment of time right, for example, the particular network block reuse, now might be provided by isp, but as a result of some paper work done, it might become a property of the network. So it's not pay anymore. So I'm not sure about your suggestion. Theory. How can we get that as those properties communicated in programmatical way.

N

Well, one of the options, but that's just scratching the surface, uh and, to be honest, I don't know the extent to which that is, uh you know, implemented at the time uh temporary addresses um you know were specified. There was there's actually an rfc. I don't remember the status of that rfc, but to have, for example, a socket option that allows an application to select if you want temporary addresses so one of the possible ways in which that could be exposed.

N

I'm not saying that that's the best way, I'm saying that something like that has been proposed could be by via, for example, socket options. uh I guess something like this could be uh feed to the could be fed to the tops working group. But that's me just thinking download.

N

I said as a comment. Sorry I remember I once like maybe a couple of years ago. I discussed this a little bit in you know in tabs and essentially, and it made sense like the false attacks said you know, we'd like to do something you know on the topic. That's what I remember at least, but they say. Well, we don't necessarily you know, have the the skill set and the knowledge about you know the ipv6 specifics.

N

So that means that, for example, it could be, um let's say tabs that you know: does the protocol stuff to actually you know leverage the addresses, but it might need to be some more ipv6 related working group. The the group that you know can uh you know essentially feed the ipv6 specific.

A

Parts: okay: um are you suggesting there that we change the chat taps charter that we change the taps, people that are contributing to it that we um file a bunch of drafts with caps and get them to build the expertise by didn't of being overloaded?

A

How would you approach that.

N

So, from my perspective, I would think that uh well, first of all agree on the problem, and I would say that uh you know once we we agree on the problem. um You know one possibility is to have a separate document in uh you know: basic shops that uh talks about the the properties that you know, that um about the ipv6 address properties, and you know how we think they should be exposed to, um for example, applications or you know, no matter where the home is whether that's visible, b6, b6, ops or taps.

N

Essentially, if we agree on the problem we could discuss with the tops people you know of what what is the best way in which they could eventually, you know, act on that, whether they need something on basic shops. uh You know from where they could take, and you know, do the protocol related development that might be needed, for example, all the discussion about the the other properties. What properties might make sense to be exposed to the application, and so on that should certainly come from. You know.

N

uh You know ipv6 groups, because when I discussed that with the taps, people they say well yo. That sounds interesting, but we don't necessarily have the skill set and we don't necessarily you know, know the you know the ipv6 details, so we could not really do the whole thing.

A

Well, okay, so ron- and I can talk with the cap's chairs and copy you on it and explore how to go about that.

A

I guess I don't want to import caps into v6 ops, um you know caps plugs and taps, um so we need to figure out the best way we can help them do what we want them to do. Something that might be important to them, though, could be a set of requirements. um Yes, I was trying to figure out that interface. I would want something from the application that says gee. I really wish.

A

I could tell you that I wanted a temporary address or uh whatever, um and that's that's not something that I would expect v6 hops to produce, but something from the application area, frankly or or transport.

N

Yeah one thing that you know the one one one problem with that is that the people that uh might benefit from that they don't necessarily uh you know, have the detailed knowledge about the properties that we have. So is that the guys that would use it? Maybe they are, you, know noah. They are not really aware about the details. That's why I think they're. You know some sort of coordination between you know the the b6 people and the application people might be necessary here right.

N

I don't know you know the exact way of of doing that and you know for sure. I think that you know this document is a problem statement, but for each of the things and each of the gaps that are uh you know discussed there should certainly be you know at the very least, some spin-off document that you know focuses. You know on that on on coming up with a you know, a more detailed problem statement or a solution.

A

Well, that may be, um you know once again. That would be something that I would think that uh um that ron and I could talk, including you uh with caps chairs and try to figure out where, where those requirements would come from now, I don't want to we're actually five minutes overtime uh and we've still got luigi and bob in the queue. So let me turn this to them uh luigi. What did you have to say.

L

You know it's just to thank for the presentation. Is uh it's a nice document. uh I I joined what you said about the requirements that should be written down. uh I just wanted to say to fernando that we have something related.

L

Which is a challenging scenario on internet addressing we take a more general perspective, it's not like centered but uh yeah. Maybe we can talk more offline on this because I think the two documents are related, so pretty sure. Thank you very much.

M

Okay, thank you.

A

uh Bob did you want to say something.

C

uh Yeah I'll be quick um yeah. I think there may be some things in here that are worth pursuing, but I'm not comfortable with the sort of large document that covers a whole bunch of stuff uh and, as jen said, it seems to um be a little confused about like what the properties of an address is, because, just because you get renumbered, the address is still quite stable. You just don't get to use it anymore, so I think you know I I think pull using this pulling this out.

C

Just for some specific problems we were just talking would make sense, but I'm not very comfortable with sort of the umbrella document. That's trying to cover lots of topics separately. Thank you.

O

A

um So thanks for that, um before we go, let me ask a question for the last several meetings uh ron and I have uh basically taken a week and asked the working group to uh to talk about a particular document each week. Have people found that to be useful.

A

Let's hear I guess, I should actually make this a hand, raise kind of a thing.

A

Okay, show of hands.

A

A

So, okay, I have.

A

Just put a question out and uh you guys can either raise your hand to say yes or don't raise your hand to say no.

A

So, uh if you're finding those sessions to be useful to to kind of coordinate on fine, let's talk about this document, um then I want to continue with that. If it's not useful to you, then it's something I shouldn't be doing or ron, and I shouldn't be doing um so.

A

Okay out of 47 participants at this point, I've got 11. That said, yes, it's useful to me and I guess the rest of them that didn't really find it useful um 12.

A

A

Okay, I'll tell you what we're going to uh take these, for, I guess documents and uh have that discussion.

A

And uh if people find it useful, they can comment on it and we'll see where that goes, but uh so a meta meta question is: uh do you want to do that.

A

And with that, we're at this point on nine minutes overtime and uh I tend to think we should probably close the meeting so uh consider this meeting adjourned.

E

G

M