One document matched: draft-ietf-conex-destopt-06.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY rfc2119 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml'>
<!ENTITY rfc2460 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2460.xml'>
<!ENTITY rfc6789 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.6789.xml'>
]>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<?rfc toc="yes"?>
<?rfc symrefs="yes"?>
<?rfc compact="yes"?>
<?rfc sortrefs="yes"?>
<?rfc iprnotified="no"?>
<?rfc strict="yes"?>
<rfc category="std" ipr="trust200902" docName="draft-ietf-conex-destopt-06">
<front>
<title abbrev="ConEx Destination Option">IPv6 Destination Option for ConEx</title>
<author initials="S.K." surname="Krishnan" fullname="Suresh Krishnan"><organization>Ericsson</organization><address>
<postal>
<street>8400 Blvd Decarie</street><city>Town of Mount Royal</city><region>Quebec</region><country>Canada</country></postal>
<email>suresh.krishnan@ericsson.com</email></address>
</author>
<author initials="M.K." surname="Kuehlewind" fullname="Mirja Kuehlewind"><organization>IKR University of Stuttgart</organization><address>
<email>mirja.kuehlewind@ikr.uni-stuttgart.de</email></address>
</author>
<author initials="C.R.U." surname="Ucendo" fullname="Carlos Ralli Ucendo"><organization>Telefonica</organization><address>
<email>ralli@tid.es</email></address>
</author>
<date/><area>Transport</area><workgroup>ConEx Working Group</workgroup>
<abstract><t>ConEx is a mechanism by which senders inform the network about the congestion encountered by packets earlier in the same flow. This document specifies an IPv6 destination option that is capable of carrying ConEx markings in IPv6 datagrams.</t>
</abstract>
</front>
<middle>
<section anchor="intro" title="Introduction">
<t>ConEx <xref target="CAM"/> is a mechanism by which senders inform the network about the congestion encountered by packets earlier in the same flow. This document specifies an IPv6 destination option <xref target="RFC2460"/> that can be used for performing ConEx markings in IPv6 datagrams.</t>
<t>The ConEx information can be used by any network element on the path to e.g. do traffic management or egress policing. Additionally this information will potentially be used by an audit function that checks the integrity of the sender's signaling.</t>
</section>
<section title="Conventions used in this document">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL","SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in <xref target='RFC2119' />.</t>
</section>
<!--<section anchor="background" title="Background">
<t>The ConEx working group came up with a list of requirements that had to be met by any ConEx coding. It then considered several alternative mechanisms in Ipv6 and evaluated their suitability for ConEx marking. There were no mechanisms found that were completely suitable, but the only mechanism that came close to meeting the requirements was IPv6 destination options. The analysis of the different alternatives can be found in [draft-krishnan-conex-ipv6].
</t>
</section>-->
<section title="Requirements for the coding of ConEx in IPv6">
<t>R-1: The marking mechanism needs to be visible to all ConEx-capable
nodes on the path.</t>
<t>R-2: The mechanism needs to be able to traverse nodes that do not
understand the markings. This is required to ensure that ConEx can
be incrementally deployed over the Internet.</t>
<t>R-3: The presence of the marking mechanism should not significantly
alter the processing of the packet. This is required to ensure that
ConEx marked packets do not face any undue delays or drops due to a
badly chosen mechanism.</t>
<t>R-4: The markings should be immutable once set by the sender. At the
very least, any tampering should be detectable.</t>
<t> Based on these requirements four solutions to implement the ConEx
information in the IPv6 header have been investigated: hop-by-hop options,
destination options, using IPv6 header bits (from the flow label), and new
extension headers. After evaluating the different solutions, the wg concluded
that only the use of a destination option would fulfil the requirements.</t>
</section>
<section title="ConEx Destination Option (CDO)">
<t>The ConEx Destination Option (CDO) is a destination option that can be
included in IPv6 datagrams that are sent by ConEx-aware senders in order to
inform ConEx-aware nodes on the path about the congestion encountered by
packets earlier in the same flow. The CDO has an alignment requirement of (none).
</t>
<figure title="ConEx Destination Option Layout" anchor="cdo_layout">
<artwork>
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Option Type | Option Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|X|L|E|C| Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
</artwork>
</figure>
<figure>
<artwork>
Option Type
8-bit identifier of the type of option. The option identifier
for the ConEx destination option will be allocated by the IANA.
Option Length
8-bit unsigned integer. The length of the option (excluding
the Option Type and Option Length fields). This field MUST be
set to the value 4.
X Bit
When this bit is set, the transport sender is using ConEx with
this packet. If it is not set, the sender is not using ConEx with
this packet.
L Bit
When this bit is set, the transport sender has experienced a loss.
E Bit
When this bit is set, the transport sender has experienced
ECN-signaled congestion.
C Bit
When this bit is set, the transport sender is building up
congestion credit in the audit.
Reserved
These bits are not used in the current specification. They
are set to zero on the sender and are ignored on the receiver.
</artwork>
</figure>
<t> All packets sent over a ConEx-capable connection MUST carry the CDO.
The CDO is immutable. Network devices SHOULD only read the flags.
IPSeC Authentication Header (AH) may be used to verify that the CDO has not been modified.
</t>
<t> If the X bit is zero all other three bits are undefined and thus should be ignored.
The X bit set to zero means that the connection is ConEx-capable but this
packet SHOULD NOT be accounted to determine ConEx information in an audit function.
This can be the case for e.g. pure control packets not carrying any user data.
As an example in TCP pure
ACKs are usually not ECN-capable and TCP does not have an mechanism to announce the lost
of a pure ACK to the sender. Thus congestion information about ACKs are not available at
the sender.
<!-- An audit function should be aware of this possibility and SHOULD ensure that not a large amount of data is sent as not-ConEx capable with a ConEx capable connection.-->
</t>
<t> If the X bit is set, all three other bit (L, E, C) MAY be set. Whenever one of these bits is set, the
number of bytes carried by this IP packet (including the IP header) SHOULD be accounted for determining
congestion or credit information. In IPv6 the number of bytes can easily
be calculated by adding the number 40 (length of the IPv6 header in bytes) to the value
present in the Payload Length field in the IPv6 header.
</t>
<t> <!--The total number of credits sent (in one connection) should always be larger than the sum of
losses and ECN marks that can be seen by an audit.-->
Credits are sent previous to the occurence of congestion (loss
or ECN-CE marks) and the amount of credits should cover the congestion risk.
Note, the maximum congestion risk is that all packets in flight get lost or ECN marked.
</t>
<t>If the L or E bit is set, a congestion signal in form of loss or, respectively, an ECN mark was previously expirienced by the same connection.
</t>
<t> In principle all of these three bits (L, E, C)
MAY be set in the same packet. In this case the packet size MUST be accounted more than once
for each respective ConEx information counter.
<!--In practice loss and ECN
marks can not occur at the same time, so there should usually be a way to signal the respective ConEx
information in different packets.-->
<!--In many cases if congestion occurs the sender will not sent additional credit, but if e.g. a sender assumes losses because of an audit function or needs to maintain a certain sending rate to make an application layer service work, the occurrence of credit bits (c) in parallel to congestion exposure bit (L, E) is reasonable.-->
<!--As new credits need to be send after the occurrence of congestion, a sender will usually set the C bit in parallel to the L or E bit.-->
<!--The C bit should be set to build up new credits
if the sending rate is larger than at any previous time of the connection or the sender
assumes a loss of audit state.-->
</t>
<t> If a network node extracts the ConEx information from a connection, this node is usually
supposed to hold this information byte-wise, e.g. comparing the total number of bytes
sent with the number of bytes sent with ConEx congestion mark (L, E) to determine the
current whole path congestion level.
For ConEx-aware node processing, the CDO MUST use the Payload length field of the
preceding IPv6 header for byte-based accounting.
When equally sized packets can be assumed, the accounting of the number of packets
(instead the number of bytes) should deliver the same result.
But a network node must be aware that this estimation can be
quite wrong, if e.g. different sized packed are send, and thus is not reliable.
</t>
<t>A ConEx sender SHOULD set the reserved bits in the CDO to zero.
Other nodes SHOULD not interpret these bits.
</t>
</section>
<section title="Implementation in the fast path of ConEx-aware routers">
<t>The ConEx information is being encoded into a destination option so
that it does not impact forwarding performance in the non-ConEx-aware
nodes on the path. Since destination options are not usually
processed by routers, the existence of the CDO does not affect the
fast path processing of the datagram on non-ConEx-aware routers. i.e.
They are not pushed into the slow path towards the control plane for
exception processing.</t>
<t>The ConEx-aware nodes still need to process the CDO without severely
affecting forwarding. For this to be possible, the ConEx-aware
routers need to quickly ascertain the presence of the CDO and process
the option if it is present. To efficiently perform this, the CDO
needs to be placed in a fairly deterministic location. In order to
facilitate forwarding on ConEx-aware routers, ConEx-aware senders who
send IPv6 datagrams with the CDO MUST place the CDO as the first
destination option in the destination options header.</t>
</section>
<section title="Compatibility with use of IPsec">
<t>In IPsec transport mode no action needs to be taken as the CDO is visible to the network.
When accounting ConEx information the size of the Authentication Header (AH) SHOULD
NOT be accounted as this information has been added later.
In the IPsec Tunnel model the CDO SHOULD be copied to the outer IP header as this
information is end-to-end. Only the payload of the outer IP header minus the AH
SHOULD be accounted.
</t>
<t>If the transport network can not be trusted authentication SHOULD be used to ensure integrity
of the ConEx information. If an attacker would be able to remove the ConEx marks, this could
cause an audit device to penalize the respective connection, while the sender cannot easily
detect that ConEx information is missing.
</t>
</section>
<section title="DDoS mitigation by using preferential drop ">
<t>If a router queue experiences very high load so that it has
to drop arriving packets, it MAY preferentially drop packets within the same
Diffserv PHB using the preference order given in <xref target="Tab1"/> (1 means drop first).
Additionally, if a router implements preferential drop it SHOULD also support ECN-marking.
Preferential dropping can be difficult to implement on some hardware,
but if feasible it would discriminate against attack traffic
if done as part of the overall policing framework as described in
<xref target="RFC6789"/>. If nowhere else, routers at the egress of
a network SHOULD implement preferential drop (stronger than the MAY above).
</t>
<texttable anchor="Tab1" align="center" title="Drop preference for ConEx packets">
<ttcol align="left"></ttcol> <ttcol align="center">Preference</ttcol>
<c>Not-ConEx or no CDO</c> <c>1 (drop first)</c>
<c>X (but not L,E or C)</c> <c>2</c>
<c>X and L,E or C</c> <c>3</c>
</texttable>
<t> A flooding attack is inherently about congestion of a resource.
<!--Because ConEx policing ensures the sources causing network congestion
experience the cost of their own actions, it acts as a first line of
defence against DDoS.-->
As load focuses on a victim, upstream queues
grow, requiring honest sources to pre-load packets with a higher
fraction of ConEx-marks.
</t>
<t>If ECN marking is supported by the downstream queues preferential dropping
provides the most benefits because if the queue is so congested
that it drops traffic, it will be CE-marking 100% of the forwarded traffic.
Honest sources will therefore be sending 100% ConEx E-marked packets
(and therefore being rate-limited at an ingress policer).
Senders under malicious control can either do the same as honest
sources, and be rate-limited at ingress, or they can understate
congestion. If the preferential drop ranking is implemented on
queues, these queues will preserve E/L-marked
traffic until last. So, the traffic from malicious sources
will all be automatically dropped first. Either way, the malicious
sources cannot send more than honest sources.
</t>
</section>
<section title="Acknowledgements">
<t>The authors would like to thank Marcelo Bagnulo, Bob Briscoe, Ingemar Johansson, Joel Halpern
and John Leslie for the discussions that led to this document.
</t>
<t>Special thanks to Bob Briscoe who contributed text and analysis work on preferential dropping.
</t>
</section>
<section anchor="security" title="Security Considerations">
<t>This document does not bring up any new security issues. </t>
</section>
<section title="IANA Considerations">
<t>
This document defines a new IPv6 destination option for carrying ConEx
markings. IANA is requested to assign a new destination option
type in the Destination Options registry maintained at
http://www.iana.org/assignments/ipv6-parameters
<TBA1> ConEx Destination Option [RFCXXXX]
The act bits for this option need to be 10 and the chg bit needs to
be 0.
</t>
</section>
</middle>
<back>
<references title="Normative References">
&rfc2119;&rfc2460;&rfc6789;
<reference anchor="CAM">
<front>
<title>Congestion Exposure (ConEx) Concepts and Abstract Mechanism</title>
<author initials="M" surname="Mathis" fullname="Matt Mathis">
<organization />
</author>
<author initials="B" surname="Briscoe" fullname="Bob Briscoe">
<organization />
</author>
<date month="July" day="15" year="2011" />
<abstract>
<t>This document describes an abstract mechanism by which senders inform
the network about the congestion encountered by packets earlier in
the same flow. Today, network elements at any layer may signal
congestion to the receiver by dropping packets or by ECN markings,
and the receiver passes this information back to the sender in
transport-layer feedback. The mechanism described here enables the
sender to also relay this congestion information back into the
network in-band at the IP layer, such that the total amount of
congestion from all elements on the path is revealed to all IP
elements along the path, where it could, for example, be used to
provide input to traffic management. This mechanism is called
congestion exposure or ConEx. The companion document "ConEx Concepts
and Use Cases" provides the entry-point to the set of ConEx
documentation.</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-ietf-ConEx-abstract-mech-05" />
<format type="TXT" target="http://www.ietf.org/internet-drafts/draft-ietf-ConEx-abstract-mech-05.txt" />
</reference>
</references>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-23 09:26:54 |