Independent Submission                                             Q. Hu
Internet-Draft                                              B. Carpenter
Intended status: Informational                         Univ. of Auckland
Expires: February 19, 2011                               August 18, 2010


          Survey of proposed use cases for the IPv6 flow label
                      draft-hu-flow-label-cases-01

Abstract

   The IPv6 protocol includes a flow label in every packet header, but
   it is not used in practice.  This paper describes the flow label
   standard and discusses the implementation issues that it raises.  It
   then describes various published proposals for using the flow label,
   and shows that most of them are inconsistent with the standard.
   Methods to address this problem are briefly reviewed.  We also
   question whether the standard should be revised.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on February 19, 2011.

Copyright Notice

   Copyright (c) 2010 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of



Hu & Carpenter          Expires February 19, 2011               [Page 1]


Internet-Draft            Flow label use cases               August 2010


   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Flow label definition and issues . . . . . . . . . . . . . . .  4
     2.1.  Flow label properties  . . . . . . . . . . . . . . . . . .  4
     2.2.  Dependency prohibition . . . . . . . . . . . . . . . . . .  5
     2.3.  Other issues . . . . . . . . . . . . . . . . . . . . . . .  5
   3.  Documented proposals for the flow label  . . . . . . . . . . .  6
     3.1.  Specify the flow label as a pseudo-random value  . . . . .  7
     3.2.  Specify QoS parameters in the flow label . . . . . . . . .  8
     3.3.  Use flow label to control switching  . . . . . . . . . . .  9
     3.4.  Diffserv use of IPv6 flow label  . . . . . . . . . . . . . 10
     3.5.  Other uses . . . . . . . . . . . . . . . . . . . . . . . . 11
   4.  Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . 11
   5.  Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 13
   6.  Security Considerations  . . . . . . . . . . . . . . . . . . . 13
   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 13
   8.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 14
   9.  Change log . . . . . . . . . . . . . . . . . . . . . . . . . . 14
   10. Informative References . . . . . . . . . . . . . . . . . . . . 14
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17


























Hu & Carpenter          Expires February 19, 2011               [Page 2]


Internet-Draft            Flow label use cases               August 2010


1.  Introduction

   For many years it has been recognized that real-time Internet traffic
   requires a different quality of service from general data traffic,
   and this remains true in the era of network neutrality.  Thus an
   alternative to uniform best-effort service is needed, requiring
   packets to be classified as belonging to a particular class of
   service or flow.  Currently, this leads to a layer violation problem,
   since a 5-tuple is often used to classify each packet.  The 5-tuple
   includes source and destination addresses, port numbers, and the
   transport protocol type, so when we want to forward or process
   packets, we need to extract information from the layer above IP.
   This may be impossible when packets are encrypted such that port
   numbers are hidden, or when packets are fragmented, so the layer
   violation is not an academic concern.

   IPv6 will progressively replace the current IPv4 protocol.  This will
   solve the Internet's address shortage, but it also offers a new
   feature to resolve the above difficulty, i.e., the flow label field
   in the IPv6 packet header.  The flow label is not encrypted by IPsec,
   and is present in all fragments.  It was reserved in the IPv6 packet
   header in 1995 [RFC1883], and general rules governing its use were
   defined in 2004 [RFC3697], but it is still rarely set in IPv6
   packets.  This paper reviews the syntax and semantics of the flow
   label, and then describes various proposals that have been made for
   its use.

   The original proposal for a random flow label has been attributed to
   Dave Clark [Deering].  A flow label field was included in the IPv6
   packet header during the preliminary design of IPv6, which followed
   an intense period of debate about several competing proposals.  The
   final choice was made in 1994 [RFC1752].  In particular, the IETF
   rejected a proposal known as CATNIP [RFC1707], which included so-
   called 'cache handles' to identify the next hop in high performance
   routers.  We recognize this today as a precursor of the MPLS label,
   and it introduced the notion of a header field that would be shared
   by all packets belonging to a flow, on a hop-by-hop basis.  The IETF
   decided instead to develop a proposal known as SIPP into IP version
   6.  SIPP included "labeling of packets belonging to particular
   traffic 'flows' for which the sender requests special handling, such
   as non-default quality of service or 'real-time' service" [RFC1710].
   In 1994, this was a 28-bit flow label field.  In 1995 it was down to
   24 bits [RFC1883] and it was finally reduced to 20 bits [RFC2460] to
   accommodate the IPv6 Traffic Class, which is fully compatible with
   the IPv4 Type of Service byte.

   There was considerable debate in the IETF about the very purpose of
   the flow label.  Was it to be a handle for fast switching, as in



Hu & Carpenter          Expires February 19, 2011               [Page 3]


Internet-Draft            Flow label use cases               August 2010


   CATNIP, or was it to be meaningful to applications and for quality of
   service?  Must it be set by the sending host, or could it be set by
   routers?  Could it be modified en route, or must it be delivered with
   no change?  Because of these uncertainties, and more urgent work, the
   flow label was consistently ignored by implementors, and today is set
   to zero in almost every IPv6 packet.  In fact, [RFC2460] defined it
   as "experimental and subject to change."  After preliminary work such
   as [I-D.metzler-ipv6-flowlabel], [I-D.conta-ipv6-flow-label],
   [I-D.conta-diffserv-ipv6-fl-classifier] and
   [I-D.itojun-ipv6-flowlabel-api], the standard [RFC3697] intended to
   clarify this situation by providing precise boundary conditions for
   use of the flow label.

   This paper summarizes the resulting definition of the flow label and
   some open issues about its use, and then describes and analyses
   various use cases that have been proposed, before drawing conclusions
   and suggesting a strategy.


2.  Flow label definition and issues

2.1.  Flow label properties

   The flow label field occupies bits 12 through 31 of the IPv6 packet
   header, providing an easy way to mark a packet, identify a flow, and
   look up the flow state.  This field is always present, so a phrase
   such as "a packet with no flow label" refers to a packet whose flow
   label field contains 20 zero bits, i.e., a flow label whose value is
   zero.  [RFC3697] standardizes properties of the flow label,
   including:
   o  If the packets are not part of any flow, the flow label value is
      zero.
   o  The 3-tuple {source address, destination address, flow label}
      uniquely identifies which packets belong to which particular flow.
   o  Packets can receive flow-specific treatment if the node has been
      set up with flow-specific state.
   o  The flow label set by the source node must be delivered to the
      destination node.
   o  The same pair of source and destination must not use the same flow
      label value again within 120 seconds or more.

   One effect of these rules is to avoid the layer violation problem
   mentioned in Section 1.  By using the 3-tuple, we only use the IP
   layer to classify packets, without needing any transport layer
   information.  Also we can reduce the lookup time if flow-based
   treatment is required, and we can do this even with IPsec encryption
   and fragmentation.  Therefore, for traffic needing other than best-
   effort service, such as real-time applications, the flow label can be



Hu & Carpenter          Expires February 19, 2011               [Page 4]


Internet-Draft            Flow label use cases               August 2010


   set to different values to represent different flows, and each node
   may provide different flow-specific treatments by looking at the flow
   label value.  This is more fine-grained than differentiated services
   (Diffserv) [Carpenter], [RFC2474] but need not be less efficient.

2.2.  Dependency prohibition

   An additional important rule in the standard [RFC3697] effectively
   forbids any encoding of meaning in the bits of the flow label.  To be
   exact, the standard states that "IPv6 nodes MUST NOT assume any
   mathematical or other properties of the flow Label values assigned by
   source nodes."  Without this rule, if a packet with a non-zero flow
   label that is not from a source using a particular encoding method
   reaches a node that is following that method, and if by chance the
   bits in the flow label would be meaningful in that method, the
   receiver would misinterpret the flow label.

   The standard also states "Router performance SHOULD NOT be dependent
   on the distribution of the Flow Label values.  Especially, the Flow
   Label bits alone make poor material for a hash key."  The problem
   this rule is intended to avoid is that if a source uses a simple
   method of choosing flow labels (e.g., counting up from 1), any router
   that assumes pseudo-randomness, e.g., to choose alternative routes
   for load-balancing, will be misled.

   Note that there is no easy escape from the combination of these two
   prohibitions, which we will call the dependency prohibition.  Unlike
   Diffserv code points, flow labels are not locally significant within
   a single administrative domain; they must be preserved end-to-end.
   In general, a router cannot know whether a particular packet
   originated in a host supporting a specific usage of the flow label.
   Therefore, any method that breaks one or both of these rules will
   only work if there is some method for the routers concerned to
   determine at line speed which sources use the same method.

2.3.  Other issues

   How to use flow label most effectively is not discussed in [RFC3697]
   and remains the major open issue, but many researchers believe that
   it can be used with reserved bandwidth to achieve customized Quality
   of Service (QoS) provision.  Coupled with admission control at the
   edge router, this should limit congestion.  However, as we will see
   below, this is not the only use case proposed.

   We now introduce some other open issues.

   Unknown flow labels: [RFC1809] proposed that when a router receives a
   datagram with an unknown flow label, it should treat it as zero.



Hu & Carpenter          Expires February 19, 2011               [Page 5]


Internet-Draft            Flow label use cases               August 2010


   However, the standard [RFC3697] is silent on this issue.  Indeed,
   some methods of flow state establishment might choose to use an
   unknown label as the trigger for creating flow state.

   Deleting old flow labels: When a flow finishes, how does the router
   know the flow label has expired?  Should this be based on a timeout,
   on observation of the transport layer, or on explicit signalling?
   The standard defines a timeout (120 seconds) after which a receiving
   node should discard a previously recorded flow label if there is no
   more traffic.  However, this will be unsatisfactory in the case of a
   very intermittent flow.  In contrast,
   [I-D.banerjee-flowlabel-ipv6-qos] suggested that a router should send
   an ICMP message to the source to delete a particular label.  The
   source node can then either send a KEEPALIVE message to the router,
   or it can allow the router to release that label.

   Choosing when to set the flow label: For what kinds of application
   should we set up non-zero flow labels?  [RFC1809] suggested not
   setting it for short flows containing few bytes, but using it for
   long TCP connections and some real-time applications.  However, this
   does not really define clear use cases.

   Can we modify the flow label?  [RFC3697] states that the flow label
   must be delivered unchanged.  There are several advantages of non-
   mutable flow labels, apart from respecting the standard: the rule is
   easy to understand, does not require extra processing in routers or a
   signalling protocol, and allows for very simple host implementations.
   Also, it is straightforward for hosts and routers to simply ignore
   the flow label.  However, this rule does appear to exclude any MPLS-
   like or CATNIP-like use for optimized packet switching.  Some authors
   have objected to this feature, suggesting that switches should change
   the flow label for routing purposes.  We will describe these and
   other proposed mechanisms in next section, and we will discuss their
   advantages and disadvantages.


3.  Documented proposals for the flow label

   In the following, we do not intend to recommend or criticise various
   proposals.  The intention is only to show the variety of proposals
   that have been published, and how they relate to the standard.  We
   consider that published proposals for the flow label fall into three
   broad categories, i.e., (1) improve routing performance by using
   random flow label values; (2) define a QoS requirement in the flow
   label field; (3) use the flow label to extend existing QoS
   architectures such as Diffserv.  Across these categories, we observe
   various options to set up the flow label value.




Hu & Carpenter          Expires February 19, 2011               [Page 6]


Internet-Draft            Flow label use cases               August 2010


3.1.  Specify the flow label as a pseudo-random value

   For example, [LinTseng] specifies a 17-bit pseudo-random value.  The
   following figure shows the proposed flow label structure, which
   assumes that routers can support flow label and DiffServ
   architectures.
   o  The Label Flag (LF) bit: 1 means this type of flow label is
      present.  We note that this encoding breaks the dependency
      prohibition in [RFC3697], since a source that does not use this
      method may also set the LF bit.
   o  The Label type (LT): 2 bits which describe the type of packet.
   o  The Label Number (LN): which is randomly generated by the source
      node.

   [LinTseng] also describes a signalling process between source,
   routing and destination nodes based on this label structure and on
   the IPv6 Traffic Class byte, in order to reserve and release router
   resources for a given flow within a given class of traffic.  The
   pseudo-random LN value is used to uniquely identify a given flow.

   Flow Label Specification (figure simplified from [LinTseng])


         +--+----+-----------------------------+
         | 1| 2  |              17 bits        |
         +--+----+-----------------------------+
         |LF| LT |              LN             |
         +--+----+-----------------------------+

   LF   0  Disable
        1  Enable
   LT  00  Flow label requested by source
       01  Flow label returned by destination
       10  Flow label for data delivery
       11  Flow label terminates connection
   LN      Random number created by source


   [I-D.blake-ipv6-flow-label-nonce] states that off-path spoofing
   attacks have become a big issue for TCP and other transport-layer
   applications, and proposes that in IPv6 we should set a random value
   in the flow label to make the packet header more complex and less
   easy for the attacker to guess.  The two ends of the session will
   agree on flow label values during the SYN/ACK exchange, but off-path
   attackers will be unlikely to guess the agreed value.  Naturally, on-
   path attackers who can observe the flow labels in use can trivially
   defeat this protection.




Hu & Carpenter          Expires February 19, 2011               [Page 7]


Internet-Draft            Flow label use cases               August 2010


   There have been numerous informal discussions of using random flow
   labels to allow load-balancing or at least load-sharing.  However,
   concerns about the dependency prohibition have generally prevented
   such proposals from being written up until recently
   [I-D.carpenter-flow-ecmp].

3.2.  Specify QoS parameters in the flow label

   [Prakash] proposes to utilize the flow label to indicate required QoS
   parameters in detail.  It uses the first few bits of the flow label
   field as codes to support different approaches, as summarized in
   following table.  Again, this breaks the dependency prohibition in
   [RFC3697], since a source that does not use this method may also set
   the first two bits to non-zero.

   Classification for various approaches (from [Prakash])

     Bit Pattern   Approach
     ------------------------------------------------------------------
     00            No QoS requirement (Default QoS value)
     01            Pseudo-Random value used for the value of Flow-Label
     10            Support for Direct Parametric Representation
     1100          Support for the DiffServ Model
     1101          Reserved for future use
     111           Reserved for future use

   This method does allow for a pseudo-random option, but also adds
   options for a direct QoS request and for Diffserv.  In the direct QoS
   parameters approach, 18 bits are used to encode requirements for one
   way delay, IP delay variation, bandwidth and one way packet loss.
   The proposal appears to assume that RSVP [RFC2205] mechanisms are
   used to actually implement these QoS parameters.

   This proposal allows use of flow label for various important QoS
   models, so the end user and service provider can choose the most
   suitable model for their situation; [Prakash] claims that "this
   proposal is simple, scalable, modular and generic implementation to
   provide for QoS using the IPv6 flow label field".

   Similarly, [LeeKim] defines the flow label field in five parts, with
   the first 3 bits used as an approach type, because the authors have
   defined two approaches: a "random" scheme and a "hybrid" scheme.  If
   the first 3 bits equal "001", the flow label will be used as the
   random identifier of the flow, but if they equal "101", the remaining
   bits will include the hybrid QoS requirement for this packet,
   subdivided into traffic type (stringent or best effort), bandwidth,
   buffer, and delay requirements.  Once again the dependency
   prohibition in [RFC3697] is broken.  This proposal also includes



Hu & Carpenter          Expires February 19, 2011               [Page 8]


Internet-Draft            Flow label use cases               August 2010


   throughput monitoring and dynamic capacity allocation.  Effectively
   this proposal uses the flow label both to signal Intserv-like QoS
   requirements and to classify traffic into Diffserv-like virtual
   label-switched paths.  Packets with a "random" flow label are mapped
   into a generic (best effort) virtual path.

   The authors simulated this architecture for a network of fourteen
   nodes, using the NS-2 simulator with a weighted fair queueing
   extension to support the "hybrid" scheme.  Their results indicate
   that the "hybrid" scheme improves capacity utilization for QoS
   traffic and performance for real-time traffic, rather in the manner
   of differentiated services, whereas competing traffic using the
   "random" scheme simply experiences best effort service.  It must be
   considered, however, that NS-2 does not accurately simulate the
   performance of typical high-performance routers.

3.3.  Use flow label to control switching

   [I-D.chakravorty-6lsa] and [Chakravorty] describe an architectural
   framework called "IPv6 Label Switching Architecture" (6LSA).  In
   6LSA, network components identify a flow by looking at the flow label
   field in the IPv6 packet header; all packets with the same flow label
   must receive the same treatment and be sent to the same next hop.
   However, 6LSA resembles MPLS by considering that a label only has
   meaning between 6LSA routers, and setting the flow label at each hop.
   If the original source sets a non-zero flow label, there is no
   mechanism to restore it before delivery, a fundamental breach of
   [RFC3697].  The authors of [I-D.chakravorty-6lsa] did at one stage
   discuss using an IPv6 hop-by-hop option to correct this problem, but
   this has not been documented.  This is a more serious problem than
   simply breaking the dependency prohibition

   Unlike traditional routing algorithms, but like MPLS, 6LSA packets
   are classified into a Forwarding Equivalence Class (FEC), and routers
   forward packets on different paths by looking at the FEC.  Like
   previous solutions, the authors divide the flow label field into
   three parts.  The first 3 bits identify the FEC, which will help the
   router or 6LSA nodes to group the IP packets that receive the same
   forwarding treatment and forwarding them on the same virtual path.
   The following 4 bits describe the application type, and the final 13
   bits (defined by each node or a group of nodes) specify the hop-
   specific label.  From the table below, we can see the FEC has 6 major
   categories, each with up to 16 subcategories.

   Flow Label Specification (shortened from [I-D.chakravorty-6lsa])






Hu & Carpenter          Expires February 19, 2011               [Page 9]


Internet-Draft            Flow label use cases               August 2010


   +--------------------------+-------------+--------------------------+
   | FEC (First 3 Bits)       | Next 4 Bits | Purpose                  |
   +--------------------------+-------------+--------------------------+
   | No FEC (000)             | 0000        |                          |
   | Domain Specific (000)    | 0001 - 1111 |                          |
   | ------------------------ |             |                          |
   | VPN (001)                | 0001        | (IPSec - Tunnel Mode)    |
   |                          | 0010        | (IPSec - Transport Mode) |
   |                          | 0011        | (Special Encryption)     |
   |                          | 0100        | (VRF)                    |
   |                          | 0101        | (End Network Specific)   |
   |                          | 0110 - 1111 | (Reserved)               |
   | ------------------------ |             |                          |
   | TE Subset/               | 0001        | (DiffServ)               |
   | QoS Enhancement (010)    | 0010        | (RSVP)                   |
   . . .
   |                          | 1111        | (Reserved)               |
   | ------------------------ |             |                          |
   | Encapsulation (011)      | 0001        | (IPv6 in IPv6)           |
   |                          | 0010        | (IPv4 in IPv6)           |
   |                          | 0011        | (Other in IPv6)          |
   |                          | 0100        | (Enterprise Specific)    |
   |                          | 0101 - 1111 | (Reserved)               |
   | ------------------------ |             |                          |
   | Enterprise Specific(111) | 0000 - 1111 | (Reserved)               |
   +--------------------------+-------------+--------------------------+

   The authors claim that fast switching using 20-bit labels instead of
   128-bit IPv6 addresses will provide memory and processing savings, as
   well as network management advantages.  "It also allows a network
   management entity updating available label tables, across the network
   to reduce man-in-the-middle attacks [sic]" [I-D.chakravorty-6lsa].

   We note that a similar proposal for QoS-based switching of IPv6
   packets [I-D.roberts-inband-qos-ipv6] is designed to use a hop-by-hop
   option, which has not so far been allocated by the IETF.  Proposals
   related to this have been discussed by the Telecommunications
   Industry Association and the ITU-T
   [I-D.adams-tsvwg-flow-signalling-codepoint].

3.4.  Diffserv use of IPv6 flow label

   [I-D.banerjee-flowlabel-ipv6-qos] uses the flow label field as a
   replacement for the IPv6 Traffic Class field; this proposal suggests
   the incoming flow label can indicate the QoS requirement by matching
   a Diffserv classifier.  The authors have used the first three bits to
   indicate this, and the following 16 bits to indicate Differentiated
   Services Per-Hop Behavior Identification code (Diffserv PHB-ID)



Hu & Carpenter          Expires February 19, 2011              [Page 10]


Internet-Draft            Flow label use cases               August 2010


   [RFC3140]; the last bit is reserved for future use.  This method too
   breaks the dependency prohibition in [RFC3697].

   [I-D.martinbeckman-ietf-ipv6-fls-ipv6flowswitching] blends the flow
   label as an MPLS-like switching tag with Diffserv.  Unlike 6LSA, the
   method attempts to overcome the dependency prohibition by using one
   bit in the Diffserv Code Point [RFC2474] to indicate that the flow
   label is a switching tag.  In this way, a router can determine
   whether the flow label conforms to [RFC3697] or to
   [I-D.martinbeckman-ietf-ipv6-fls-ipv6flowswitching].  In
   [I-D.martinbeckman-ietf-ipv6-amp-ipv6hcamp], the same author proposes
   using the flow label as a way of compressing IPv6 headers by hashing
   the addresses into the flow label, again using the Diffserv Code
   Point to mark the packets accordingly.

3.5.  Other uses

   We are not aware of any proposals combining the flow label with the
   other two Internet QoS architectures (Integrated Services [RFC1633]
   and Next Steps in Signaling (NSIS) [RFC4080]), except for generic
   recognition that the flow label can be inspected by a packet
   classifier.

   [I-D.donley-softwire-dslite-flowlabel] proposes a use case whereby
   certain flows encapsulated in a particular type of IPv4-in-IPv6
   tunnel would be distinguished at the remote end of the tunnel by a
   specific flow label value.  This would allow a service provider to
   deliver a tailored quality of service.  This usage appears to be
   completely compatible with [RFC3697].

   There has been some discussion of possible flow label use in both the
   ROLL (Routing Over Low power and Lossy networks)
   [I-D.ietf-roll-rpl-07] and MEXT (Mobility EXTensions for IPv6)
   working groups of the IETF.  Such uses tend to encode specific local
   meanings or routing-related tags in the label, so they appear to
   infringe the dependency prohibition or the immutability of the flow
   label field.  The ROLL group has indeed most recently opted not to
   use the flow label field for these reasons, despite having to add the
   undesirable overhead of an IPv6 hop-by-hop option instead
   [I-D.ietf-roll-rpl].  Similarly, MEXT has defined a new mobility
   option to support flow bindings [I-D.ietf-mext-flow-binding].  It can
   be argued that ideally, the IPv6 Flow Label field should serve both
   these purposes.


4.  Discussion

   Firstly we notice that three aspects of the current standard



Hu & Carpenter          Expires February 19, 2011              [Page 11]


Internet-Draft            Flow label use cases               August 2010


   [RFC3697] have caused problems to many designers:
   1.  The non-mutability of labels
   2.  "Nodes MUST NOT assume any mathematical or other properties of
       the Flow Label"
   3.  "Router performance SHOULD NOT be dependent on the distribution
       of the Flow Label values."

   Taken together, these rules essentially forbid any encoding of the
   semantics of a flow, or of any information about its path, in the
   flow label.  This was intentional, in accordance with the stateless
   nature of the Internet architecture and with the end-to-end principle
   [Saltzer], [RFC3724].  It was also felt that QoS encoding via
   Diffserv was sufficient, and that the requirement for high-speed
   switching could be met by MPLS.  But this means that the majority of
   the proposals described above breach the standard and the intent of
   the standard.  The authors often appear to be using the flow label
   either as an MPLS-like switching handle, or as an encoded QoS signal.
   In fact, we consider that only [I-D.blake-ipv6-flow-label-nonce],
   [I-D.donley-softwire-dslite-flowlabel] (and possibly
   [I-D.martinbeckman-ietf-ipv6-fls-ipv6flowswitching] and
   [I-D.martinbeckman-ietf-ipv6-amp-ipv6hcamp]) strictly respect the
   intention of the standard.  [I-D.carpenter-flow-ecmp] is also
   intended to conform to the standard.

   What would designers need to do, if they wish to respect the
   standard?  There appear to be two choices.  One is to simply accept
   the above rules at face value, which as noted appears to be the case
   in few proposals.  This limits the application of the flow label.  It
   can be used as a nonce as in [I-D.blake-ipv6-flow-label-nonce] or as
   part of the material for a hash used to share load among alternate
   paths.  It cannot be the only material for such a hash, because of
   the dependency prohibition.  The flow label could also be used
   consistently with [RFC3697], if an application designer so chose, as
   a way to associate all packets belonging to a given application
   session between two hosts, across multiple transport sessions.  This,
   however, would presumably exclude using the flow label to govern
   routing decisions in any way, and would have widespread implications
   that have never been explored.

   The other choice, for designers who wish to use the flow label to
   control switching or QoS directly, is to bypass the rules within a
   given domain (a set of cooperating nodes) in a way that nodes outside
   the domain cannot detect.  In this case, any deviation from [RFC3697]
   has no possible effect outside the domain in question.

   For example, to emulate the non-mutability of labels, we could
   arrange that within the domain all hosts set the label to zero, the
   routers set and interpret the label in any way they wish, and the



Hu & Carpenter          Expires February 19, 2011              [Page 12]


Internet-Draft            Flow label use cases               August 2010


   last hop router always sets the label back to zero.  If a packet
   arrives from outside the domain with a non-zero label, there would
   need to be a method (such as a special Diffserv code point) to mark
   this packet so that its label would be ignored and delivered
   unchanged.  An alternative approach would be to standardize a hop-by-
   hop option to carry the original flow label across the domain, so
   that it could be changed within the domain but restored before
   forwarding the packet beyond the domain.

   Once we have bypassed non-mutability, we can safely bypass the
   dependency prohibition for labels within the domain, because it is
   now possible to ensure that the bits in the label are set according
   to defined rules.  Within the domain, we can treat the label as an
   expanded Diffserv field, or a 6LSA label, or a random value, etc.  In
   fact most of the proposed designs discussed above could be "rescued."

   Given the considerable number of designers who have proposed such
   solutions, and the almost complete lack of designs using the standard
   rules [RFC3697], it seems reasonable to ask whether the current
   standard has value.


5.  Conclusion

   As real time traffic increases, the delay and packet loss problem for
   real time streams has become too serious to be neglected, and many
   researchers have claimed that the flow label field in the IPv6 header
   would be a possible solution.  Various proposals assert that the flow
   label field will improve QoS.  However, we find that such proposals
   breach the current IETF standard for use of the flow label.  More
   work is required to find a new structure which will respect the
   standard and also provide an effective way to use the flow label.  If
   this cannot be achieved, this aspect of the IPv6 standard may need to
   be revised.


6.  Security Considerations

   The flow label is not protected in any way and can be forged by an
   on-path attacker.  Off-path attackers may be able to guess a valid
   flow label unless a pseudo-random value is used.  Specific usage
   models for the flow label need to allow for these exposures.  For
   further discussion, see [RFC3697].


7.  IANA Considerations

   This document requests no action by IANA.



Hu & Carpenter          Expires February 19, 2011              [Page 13]


Internet-Draft            Flow label use cases               August 2010


8.  Acknowledgements

   An invaluable review of this document was performed by Bob Braden.
   Helpful comments were made by Sheng Jiang.

   This document was produced using the xml2rfc tool [RFC2629].


9.  Change log

   draft-hu-flow-label-cases-00: first I-D version, 2010-04-19

   draft-hu-flow-label-cases-01: updated following review comments,
   2010-08-18


10.  Informative References

   [Carpenter]
              Carpenter, B. and K. Nichols, "Differentiated Services in
              the Internet", Proc IEEE 90 (9) 1479-1494, 2002.

   [Chakravorty]
              Chakravorty, S., "Challenges of IPv6 Flow Label
              implementation", Proc IEEE MILCOM2008 , 2008.

   [Deering]  Deering, S., "SIPP Overview and Issues", Minutes of the
              Joint Sessions of the SIP and PIP Working Groups ,
              November 1993.

   [I-D.adams-tsvwg-flow-signalling-codepoint]
              song, j., Adams, J., and J. Joung, "Progress and future
              development of Flow State Aware standards, and a  proposal
              for alerting nodes or end-systems on data related to a
              flow", draft-adams-tsvwg-flow-signalling-codepoint-00
              (work in progress), June 2008.

   [I-D.banerjee-flowlabel-ipv6-qos]
              Banerjee, R., "A Modified Specification for use of the
              IPv6 Flow Label for providing An  efficient Quality of
              Service using hybrid approach",
              draft-banerjee-flowlabel-ipv6-qos-03 (work in progress),
              April 2002.

   [I-D.blake-ipv6-flow-label-nonce]
              Blake, S., "Use of the IPv6 Flow Label as a Transport-
              Layer Nonce to Defend Against Off-Path Spoofing Attacks",
              draft-blake-ipv6-flow-label-nonce-02 (work in progress),



Hu & Carpenter          Expires February 19, 2011              [Page 14]


Internet-Draft            Flow label use cases               August 2010


              October 2009.

   [I-D.carpenter-flow-ecmp]
              Carpenter, B. and S. Amante, "Using the IPv6 flow label
              for equal cost multipath routing and link aggregation in
              tunnels", draft-carpenter-flow-ecmp-02 (work in progress),
              April 2010.

   [I-D.chakravorty-6lsa]
              Chakravorty, S., Bush, J., and J. Bound, "IPv6 Label
              Switching Architecture", draft-chakravorty-6lsa-03 (work
              in progress), July 2008.

   [I-D.conta-diffserv-ipv6-fl-classifier]
              Conta, A. and J. Rajahalme, "Amodel for Diffserv use of
              the IPv6 Flow Label Specification",
              draft-conta-diffserv-ipv6-fl-classifier-01 (work in
              progress), November 2001.

   [I-D.conta-ipv6-flow-label]
              Conta, A. and B. Carpenter, "A proposal for the IPv6 Flow
              Label Specification", draft-conta-ipv6-flow-label-02 (work
              in progress), July 2001.

   [I-D.donley-softwire-dslite-flowlabel]
              Donley, C. and K. Erichsen, "Using the Flow Label with
              Dual-Stack Lite",
              draft-donley-softwire-dslite-flowlabel-00 (work in
              progress), July 2010.

   [I-D.ietf-mext-flow-binding]
              Tsirtsis, G., Soliman, H., Montavont, N., Giaretta, G.,
              and K. Kuladinithi, "Flow Bindings in Mobile IPv6 and NEMO
              Basic Support", draft-ietf-mext-flow-binding-09 (work in
              progress), August 2010.

   [I-D.ietf-roll-rpl]
              Winter, T., Thubert, P., and R. Team, "RPL: IPv6 Routing
              Protocol for Low power and Lossy Networks",
              draft-ietf-roll-rpl-11 (work in progress), July 2010.

   [I-D.ietf-roll-rpl-07]
              Winter, T. and P. Thubert, "RPL: IPv6 Routing Protocol for
              Low power and Lossy Networks",
              draft-ietf-roll-rpl-07 (work in progress), March 2010.

   [I-D.itojun-ipv6-flowlabel-api]
              Hagino, J., "Socket API for IPv6 flow label field",



Hu & Carpenter          Expires February 19, 2011              [Page 15]


Internet-Draft            Flow label use cases               August 2010


              draft-itojun-ipv6-flowlabel-api-01 (work in progress),
              April 2001.

   [I-D.martinbeckman-ietf-ipv6-amp-ipv6hcamp]
              Beckman, M., "IPv6 Header Compression via Addressing
              Mitigation Protocol (IPv6 AMP)",
              draft-martinbeckman-ietf-ipv6-amp-ipv6hcamp-01 (work in
              progress), March 2007.

   [I-D.martinbeckman-ietf-ipv6-fls-ipv6flowswitching]
              Beckman, M., "IPv6 Dynamic Flow Label Switching (FLS)",
              draft-martinbeckman-ietf-ipv6-fls-ipv6flowswitching-03
              (work in progress), March 2007.

   [I-D.metzler-ipv6-flowlabel]
              Metzler, J. and S. Hauth, "An end-to-end usage of the IPv6
              flow label", draft-metzler-ipv6-flowlabel-00 (work in
              progress), November 2000.

   [I-D.roberts-inband-qos-ipv6]
              Roberts, L. and J. Harford, "In-Band QoS Signaling for
              IPv6", draft-roberts-inband-qos-ipv6-00 (work in
              progress), July 2005.

   [LeeKim]   Lee, I. and S. Kim, "A QoS Improvement Scheme for Real-
              Time Traffic Using IPv6 Flow Labels", Lecture Notes in
              Computer Science Vol. 3043, 2004.

   [LinTseng]
              Lin, C., Tseng, P., and W. Hwang, "End-to-End QoS
              Provisioning by Flow Label in IPv6", JCIS , 2006.

   [Prakash]  Prakash, B., "Using the 20 bit flow label field in the
              IPv6 header to indicate desirable quality of service on
              the internet", University of Colorado (M.Sc. Thesis),
              2004.

   [RFC1633]  Braden, B., Clark, D., and S. Shenker, "Integrated
              Services in the Internet Architecture: an Overview",
              RFC 1633, June 1994.

   [RFC1707]  McGovern, M. and R. Ullmann, "CATNIP: Common Architecture
              for the Internet", RFC 1707, October 1994.

   [RFC1710]  Hinden, R., "Simple Internet Protocol Plus White Paper",
              RFC 1710, October 1994.

   [RFC1752]  Bradner, S. and A. Mankin, "The Recommendation for the IP



Hu & Carpenter          Expires February 19, 2011              [Page 16]


Internet-Draft            Flow label use cases               August 2010


              Next Generation Protocol", RFC 1752, January 1995.

   [RFC1809]  Partridge, C., "Using the Flow Label Field in IPv6",
              RFC 1809, June 1995.

   [RFC1883]  Deering, S. and R. Hinden, "Internet Protocol, Version 6
              (IPv6) Specification", RFC 1883, December 1995.

   [RFC2205]  Braden, B., Zhang, L., Berson, S., Herzog, S., and S.
              Jamin, "Resource ReSerVation Protocol (RSVP) -- Version 1
              Functional Specification", RFC 2205, September 1997.

   [RFC2460]  Deering, S. and R. Hinden, "Internet Protocol, Version 6
              (IPv6) Specification", RFC 2460, December 1998.

   [RFC2474]  Nichols, K., Blake, S., Baker, F., and D. Black,
              "Definition of the Differentiated Services Field (DS
              Field) in the IPv4 and IPv6 Headers", RFC 2474,
              December 1998.

   [RFC2629]  Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629,
              June 1999.

   [RFC3140]  Black, D., Brim, S., Carpenter, B., and F. Le Faucheur,
              "Per Hop Behavior Identification Codes", RFC 3140,
              June 2001.

   [RFC3697]  Rajahalme, J., Conta, A., Carpenter, B., and S. Deering,
              "IPv6 Flow Label Specification", RFC 3697, March 2004.

   [RFC3724]  Kempf, J., Austein, R., and IAB, "The Rise of the Middle
              and the Future of End-to-End: Reflections on the Evolution
              of the Internet Architecture", RFC 3724, March 2004.

   [RFC4080]  Hancock, R., Karagiannis, G., Loughney, J., and S. Van den
              Bosch, "Next Steps in Signaling (NSIS): Framework",
              RFC 4080, June 2005.

   [Saltzer]  Saltzer, J., Reed, D., and D. Clark, "End-To-End Arguments
              in System Design", ACM TOCS 2 (4) 277-288, 1984.











Hu & Carpenter          Expires February 19, 2011              [Page 17]


Internet-Draft            Flow label use cases               August 2010


Authors' Addresses

   Qinwen Hu
   Department of Computer Science
   University of Auckland
   PB 92019
   Auckland,   1142
   New Zealand

   Email: qhu009@aucklanduni.ac.nz


   Brian Carpenter
   Department of Computer Science
   University of Auckland
   PB 92019
   Auckland,   1142
   New Zealand

   Email: brian.e.carpenter@gmail.com































Hu & Carpenter          Expires February 19, 2011              [Page 18]