From: Jakub Sitnicki <jkbs@redhat.com>
To: Tom Herbert <tom@herbertland.com>
Cc: Linux Kernel Network Developers <netdev@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
"David S. Miller" <davem@davemloft.net>,
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
James Morris <jmorris@namei.org>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
Patrick McHardy <kaber@trash.net>
Subject: Re: [PATCH net-next 5/5] ipv6: Compute multipath hash for forwarded ICMP errors from offending packet
Date: Tue, 01 Nov 2016 16:43:19 +0100 [thread overview]
Message-ID: <87a8djnr3c.fsf@redhat.com> (raw)
In-Reply-To: <CALx6S36r0gzZ7ndmivsygZD9vX+EEv2sVEP=rmhQVzGB46Rkdg@mail.gmail.com>
On Mon, Oct 31, 2016 at 07:25 PM GMT, Tom Herbert wrote:
> On Sun, Oct 30, 2016 at 6:03 AM, Jakub Sitnicki <jkbs@redhat.com> wrote:
>> On Fri, Oct 28, 2016 at 02:25 PM GMT, Tom Herbert wrote:
>>>
>>> If this patch is being done to be compatible with IPv4 I guess that's
>>> okay, but it would be false advertisement to say this makes ICMP
>>> follow the same path as the flow being targeted in an error.
>>> Fortunately, I doubt anyone can have a dependency on this for ICMP.
>>
>> I wouldn't want to propose anything that would be useless. If you think
>> that this is the case here, I would very much like to understand what
>> and why cannot work in practice.
>>
> The normal hash for TCP or UDP using ECMP is over <protocol, srcIP,
> dstIP, srcPort, dstPort>. For an ICMP packet ECMP would most likely be
> done over <protocol, srcIP, dstIP>. There really is no way to ensure
> that an ICMP packet will follow the same path as TCP or any other
> protocol. Fortunately, this is really isn't so terrible. The Internet
> has worked this way ever since routers started using ports as input to
> ECMP and that hasn't caused any major meltdown.
Ahh, I see the problem now. Thank you for clearing it up for me.
You are right, for locally generated TCP/UDP traffic we are computing an
L4 hash (over the 5-tuple that you mentioned) that drives the multipath
routing. While when sending locally generated ICMP errors we are only
computing an L3 hash (over the mentioned 3-tuple).
I believe that is a problem affects both IPv6 and IPv4, and manifests
itself only when the offending packet that triggers the error is
destined for the ECMP router.
When an ECMP router is: (i) sending an ICMP error in reaction to a
packet that was to be forwarded, or (ii) forwarding an ICMP error,
everything works as expected. That is because when forwarding traffic we
limit ourselves to computing an L3 hash so that the IP fragments are
routed together. Right?
So, my understanding is that, with these changes, things are not perfect
but we are not worse than IPv4 right now.
Would you be okay with this series if I update the patch 4/5 description
to highlight the existing problem that you point out? A fix for this
IPv4/6 common issue could follow afterwards.
Thanks,
Jakub
next prev parent reply other threads:[~2016-11-01 15:43 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-24 9:28 [PATCH net-next 0/5] Route ICMPv6 errors with the flow when ECMP in use Jakub Sitnicki
2016-10-24 9:28 ` [PATCH net-next 1/5] ipv6: Fold rt6_info_hash_nhsfn() into its only caller Jakub Sitnicki
2016-10-24 9:28 ` [PATCH net-next 2/5] net: Extend struct flowi6 with multipath hash Jakub Sitnicki
2016-10-24 9:39 ` Hannes Frederic Sowa
2016-10-24 9:28 ` [PATCH net-next 3/5] ipv6: Use multipath hash from flow info if available Jakub Sitnicki
2016-10-24 9:40 ` Hannes Frederic Sowa
2016-10-24 9:28 ` [PATCH net-next 4/5] ipv6: Compute multipath hash for sent ICMP errors from offending packet Jakub Sitnicki
2016-10-24 9:40 ` Hannes Frederic Sowa
2016-10-27 15:24 ` David Miller
2016-10-27 22:00 ` Jakub Sitnicki
2016-10-24 9:28 ` [PATCH net-next 5/5] ipv6: Compute multipath hash for forwarded " Jakub Sitnicki
2016-10-24 9:43 ` Hannes Frederic Sowa
2016-10-27 15:25 ` David Miller
2016-10-27 22:10 ` Jakub Sitnicki
2016-10-27 22:35 ` Tom Herbert
2016-10-28 8:32 ` Jakub Sitnicki
2016-10-28 14:25 ` Tom Herbert
2016-10-30 13:03 ` Jakub Sitnicki
2016-10-31 19:15 ` David Miller
2016-11-01 15:13 ` Jakub Sitnicki
2016-11-01 15:35 ` David Miller
2016-11-01 16:26 ` Jakub Sitnicki
2016-11-01 16:27 ` Hannes Frederic Sowa
2016-11-01 16:39 ` David Miller
2016-11-01 16:59 ` Hannes Frederic Sowa
2016-10-31 19:25 ` Tom Herbert
2016-11-01 15:43 ` Jakub Sitnicki [this message]
2016-11-01 16:25 ` Hannes Frederic Sowa
2016-11-01 16:39 ` Tom Herbert
2016-11-01 16:54 ` Hannes Frederic Sowa
2016-10-27 15:23 ` [PATCH net-next 0/5] Route ICMPv6 errors with the flow when ECMP in use David Miller
2016-10-27 21:54 ` Hannes Frederic Sowa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a8djnr3c.fsf@redhat.com \
--to=jkbs@redhat.com \
--cc=davem@davemloft.net \
--cc=jmorris@namei.org \
--cc=kaber@trash.net \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=tom@herbertland.com \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).