Slides

IPv6 Extension Headers
on the Public Internet Study
Mehdi Kouhen, Ecole Polytechnique (Paris), [email protected]
February 2016
Introduction

Extension Headers are not only for “extensions” to IPv6

EHs are important for core IPv6 functionality, like fragmentation

According to the specifications (RFCs 2460 and 7045), “extension headers are
not examined or processed by any node along a packet's delivery path” (with
the exception of Hop-by-Hop Header)

However, experience and preliminary research show that packets containing
Extension Headers are often dropped before reaching their destination

How much ? Where ? Why ?
© 2016 Cisco and/or its affiliates. All rights reserved.
Cisco Public
2
Introduction

draft-gont-v6ops-ipv6-ehs-in-real-world
 About 20-40% of packets with Ext Hdr are dropped over the Internet

Packets are dropped by the destination AS:
➜ An organization is free to firewall its own network
➜ May be OK

Packets are dropped in transit
➜ Against spec : legitimate packets may not reach destination
Source: Paul Townsend, Flickr
➜ Problem
© 2016 Cisco and/or its affiliates. All rights reserved.
Cisco Public
3
Previous Extension Headers Research by Others

IETF-88, Nov-2013, fgont-iepg-ietf88-ipv6-frag-and-eh.pdf
“Fragmentation and Extension Header Support in the IPv6 Internet”
 Single origin, destination = Alexa top web sites (883 unique addr)


Ext header size: 8 bytes and 1024 bytes

Failure rate: 45%

IETF-89, with Tim Chown: 60% packet drops

IETF-90, Jul-2014, iepg-ietf90-ipv6-ehs-in-the-real-world-v2.0.pdf
“IPv6 Extension Headers in the Real World v2.0”
 Origin: RIPE Atlas probes, destination = Alexa again

Ext header size: 8, 256, 512 and 1024 bytes
 Failure rate: between 60% and 90%

© 2016 Cisco and/or its affiliates. All rights reserved.
Cisco Public
4
Issues with Previous Experiments

Destination: big web sites (Alexa)

It is expected that destination drops what is unexpected

Outdated by 9 months in early 2015

Not testing about Routing Header (for segment routing)

Not matching other empirical tests
© 2016 Cisco and/or its affiliates. All rights reserved.
Cisco Public
5
Methodology of our study
1.
2.
Determine a set of IPv6 addresses to test :

From Alexa’s Top 1 Million list

From IPv6 BGP-advertised prefixes
TCP Traceroute without EHs :

3.
TCP Traceroute with EHs:

4.
Send v6 packets with TCP payload to port 80 of the destination with varying TTL =>
Routers in the path answer with ICMPv6 Time Exceeded
Same thing but adding an Extension Header before the TCP payload
Analysing the traceroutes
© 2016 Cisco and/or its affiliates. All rights reserved.
Cisco Public
6
Methodology of our research :
Step 1) Determining a set of IPv6 addresses to test

From Alexa’s Top 1 Million list :
Take those that have a AAAA record
 … with a reachable IPv6 address in the AAAA record


From BGP-advertised IPv6 prefixes
Address = [prefix]::1
 Doesn’t exist ? No problem, we are supposed to reach the AS -> Enough

© 2016 Cisco and/or its affiliates. All rights reserved.
Cisco Public
7
Methodology of our research May 2015 :
2) TCP Traceroute without EHs

Send v6 packets with TCP payload to port 80 of the destination, using scapy

With varying TTL : from 2 to 30 (enough)

At the same time (performance reasons)

Routers in the path answer with ICMPv6 Time Exceeded when TTL=0

We have the path !

Thanks to Sander Steffann for providing the VM
© 2016 Cisco and/or its affiliates. All rights reserved.
Cisco Public
8
Methodology of our research May 2015 :
3) TCP Traceroute with EHs
Exactly the same methodology,
But with Extension Headers between IPv6 Header and TCP payload
EH set :
EHs blocked by our ISP (so no result) :

Destination Option Header
16, 256, 512 bytes

Hop-by-Hop Header
256, 512 bytes

Hop-by-Hop Header
16 bytes

Routing Header type 0 (deprecated)

DO 16B + HbH 16B

Routing Header type 4 (expected for SR)

Fragment Header
Normal and Atomic
© 2016 Cisco and/or its affiliates. All rights reserved.
Cisco Public
9
Methodology of our study :
Analysing the traceroutes

Alexa’s : Success if packet reaches the address in the AAAA record

BGP : Success if
normal traceroute reaches destination AS
 traceroute with EH reaches last responding router in normal traceroute


Last responding router : M => Dropping router : M+1
© 2016 Cisco and/or its affiliates. All rights reserved.
Cisco Public
10
Methodology of our study :
Analysing the traceroutes

Is it a problem ? Depends where it was dropped !
If dropped by the destination organization (host or same AS): Not a problem !
 If dropped in transit: not cool…


Where is the dropping node ?
If IP corresponds to some major IXPs, we look up the corresponding ASN by
knowing the addressing logic, or in a database
 Otherwise, MaxMind ASN lookup

© 2016 Cisco and/or its affiliates. All rights reserved.
Cisco Public
11
Results and analysis

Drop rates depend on the Extension Header
D.O. 16B
© 2016 Cisco and/or its affiliates. All rights reserved.
HbH 16B
For Alexa
Cisco Public
12
Transit Drop rates
60
50
40
30
20
10
Alexa
BGP
0
© 2016 Cisco and/or its affiliates. All rights reserved.
Cisco Public
13
Things Keeps Improving Though
• Current research by Polytechnique Paris and Cisco (Eric Vyncke)
•
More encouraging results
•
But still (lots of) room for improvement
• Still work on how routers should handle Ehs : [draft-baker-6man-hbh-header-handling]
• http://btv6.vyncke.org/exthdr/index.php?ds=bgp&t=fh
© 2016 Cisco and/or its affiliates. All rights reserved.
(work in progress!)
Cisco Public
14
Thank you.
Best of DNS AAAA records : Hall of Shame
192:192:168:168:1:1:1:1
1:1:1:1:1:1:1:1
a03:6f00:1::bce1:108c
::ffff:205.217.188.3
::ce98:c108:0:0:d598:c108
6:2001:67c:2070::112
6718:5c99::
64:ff9c::36fe:8e4a
64:ff9b::ca98:e052
6489:d5ae:656c:6c75:74:61:2800:0
616e:6261:6e6b:2e6e:6574:2e69:6e00:100
3ffe:3218:6::ca76:42d7
© 2016 Cisco and/or its affiliates. All rights reserved.
Cisco Public
16