Re: [arch-d] Fiddling with IP packets in the network, IPv6-style (Fwd: Question about SRv6 Insert function)
Alexandre Petrescu <alexandre.petrescu@gmail.com> Thu, 05 September 2019 09:08 UTC
Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBFCA120DAD for <architecture-discuss@ietfa.amsl.com>; Thu, 5 Sep 2019 02:08:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.631
X-Spam-Level:
X-Spam-Status: No, score=-2.631 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v4i1Qtbwhxmy for <architecture-discuss@ietfa.amsl.com>; Thu, 5 Sep 2019 02:08:09 -0700 (PDT)
Received: from sainfoin-smtp-out.extra.cea.fr (sainfoin-smtp-out.extra.cea.fr [132.167.192.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 203B7120CF2 for <architecture-discuss@ietf.org>; Thu, 5 Sep 2019 02:08:08 -0700 (PDT)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by sainfoin-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id x85987IZ027102 for <architecture-discuss@ietf.org>; Thu, 5 Sep 2019 11:08:07 +0200
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 5A5092048A3 for <architecture-discuss@ietf.org>; Thu, 5 Sep 2019 11:08:07 +0200 (CEST)
Received: from muguet2-smtp-out.intra.cea.fr (muguet2-smtp-out.intra.cea.fr [132.166.192.13]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 4FCAD204897 for <architecture-discuss@ietf.org>; Thu, 5 Sep 2019 11:08:07 +0200 (CEST)
Received: from [10.8.35.150] (is154594.intra.cea.fr [10.8.35.150]) by muguet2-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id x85987De025384 for <architecture-discuss@ietf.org>; Thu, 5 Sep 2019 11:08:07 +0200
To: architecture-discuss@ietf.org
References: <a7b5255b-8570-0e4b-da17-7557e7ca18c1@si6networks.com> <e1895609-e462-e47a-b408-568a5c5363b1@si6networks.com>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <4a9df8af-c19d-42f7-0760-4e23d15d12d0@gmail.com>
Date: Thu, 05 Sep 2019 11:08:07 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <e1895609-e462-e47a-b408-568a5c5363b1@si6networks.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/O-KHRKiFmCVNc9wI9G0rp_sAAdI>
Subject: Re: [arch-d] Fiddling with IP packets in the network, IPv6-style (Fwd: Question about SRv6 Insert function)
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Sep 2019 09:08:12 -0000
Le 05/09/2019 à 02:47, Fernando Gont a écrit : > Folks, > > There seems to be ongoing working group item in the spring wg > (https://tools.ietf.org/html/draft-ietf-spring-srv6-network-programming-01) > that essentially proposes the insertion of IPv6 Extension Headers by > middle boxes in the middle of the network, which goes against a very > explicit requirement in the IPv6 spec (RFC8200) -- that notes that EHs > cannot be inserted in the middle of the network. > > This begs a number of questions (e.g., how come that one wg is working > on something that goes against a spec that is not under its charter). > > But given this is an architecture list, I wonder if anybody has a say on > the topic? (including the IAB). Is that the way IPv6 is expected to > work? What can we expect from IPv6? Can we expect IP at large to touch headers of end user packets? No. Can we expect it in a 'limited-domain'? Yes, and I'd say INFORMATIONALly. Alex > > > > -------- Forwarded Message -------- > Subject: Re: Question about SRv6 Insert function > Date: Thu, 5 Sep 2019 03:34:09 +0300 > From: Fernando Gont <fgont@si6networks.com> > To: Ole Troan <otroan@employees.org>, Fernando Gont <fernando@gont.com.ar> > CC: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, spring@ietf.org > <spring@ietf.org>, 6man@ietf.org <6man@ietf.org>, Suresh Krishnan > <suresh.krishnan@gmail.com>, draft-voyer-6man-extension-header-insertion > <draft-voyer-6man-extension-header-insertion@ietf.org>, > draft-ietf-spring-srv6-network-programming > <draft-ietf-spring-srv6-network-programming@ietf.org> > > On 4/9/19 09:58, Ole Troan wrote: >> Fernando, >> >>>>> Since there have been plenty of attempts to do EH insertion or >>>>> leave the IPv6 standard ambiguous in this respect, and the IETF has >>>>> had consensus that EH insertion is not allowed, I think it would be >>>>> bad, wastefull, tricky, and even dangerous to let a document go >>>>> through the whole publication process, and just rely on the AD to >>>>> keep the "DISCUSS" button pressed. >>>>> >>>>> Put another way: what'd be the rationale for having a draft-ietf >>>>> and have the corresponding wg ship the document with something that >>>>> clearly goes against IETF consensus, and that the relevant AD has >>>>> declared that wouldn't let pass? >>>> >>>> In short, this is not the case. I am *not* the relevant AD for the >>>> SRv6 Network Programming draft. If this document was in 6man I would >>>> have flagged it much earlier like I did for the SRH draft. >>> >>> Sorry, what I meant by "relevant AD" is: "one of the responsible ADs for >>> the spec that's being violated". >>> >>> i.e., isn't there in the IETF process -- whether formal or informal -- >>> for this sort of thing to be flagged before documents get too far in the >>> publication process? ("Hey, this document in your area is actually >>> breaking a spec of one of my wgs" sort of thing...) >> >> I would prefer that we calmed down a bit on the protocol policing. > > Sorry, but this has nothing to do with protocol policing. It has to do > with respecting the consensus this wg and the ietf as a whole had on the > topic. i.e., that EHs must not be inserted in the network. > > We'd go into an interesting path to insanity if we publish specs, and > subsequently publish conflicting specs that simply ignore previous ietf > consensus. > > If folks want to do EH insertion, the #1 step is to publish a document > that updates RFC8200 such that the "EHs must not be inserted..." is > replaced with something else or eliminated. > > > >> We know that header insertion breaks unsuspecting source hosts if done by the network. >> It breaks (at least) PMTUD, ICMP errors and AH. >> >> What we have said in the past is; explain how those issues are dealt with or do not apply to your proposal. > > That's what you and others may have said or thought. But the consensus > is what's in the standard (RFC8200). And the standard says that EHs > cannot be inserted in the network. If you want to do it, the first step > is to update RFC8200. > > > >> And some form of "doing on behalf of" is not necessarily problematic. > > It is rightaway problematic specs-wise when it violates a crystal-clear > requirement in RFC8200, that we arrived to after a very heated debate, > and lots of enegery and time from all the involved people. > > The fact that after all the long story behind publication of rfc8200 as > standard (and the ongoing srv6 document we're doing here, which was > adopted on the condition that it wouldn't do eh-insertion), we can live > with other wgs violating specs that we produced here with so much effort > and time, is kind of amusing. > > If folks want to allow EH-insertion (i.e., formally allowing middleboxes > to fiddle with packets), RFC8200 should be updated, and the work should > be done in 6man. > > I don't think it's SPRING's call how the IPv6 protocol works. > > > >> It's the "blind" "Thou shalt not do" that I object to. As opposed to arguing on technical grounds. >> >> Ensuring interoperability is our purpose. Not protect 8200 as if it's a religious text. > > My #1 concern (not that I don't have others) is one related to fairness > of the standardization process. I don't think we should simply > rubberstamp anything a big vendor wants to sell, no matter how big the > vendor is, or how much money may be involved. > > And if this working group (and the IETF as a whole) published a spec on > which there was consensus, ignoring the spec and doing whatever one > pleases is not the way to go. Firstly, make e the case for updating > RFC8200. Then come up with the proposal to fiddle with packets in the > network. > > P.S.: I've never been into the camp of protecting X (whether rfc8200 or > any other document) as if it was religious text. Quite ironically, I > have experienced such religious opposition in 6man itself (for instance, > your argument of "don't fix slaac-renumbering because ipv6 has not been > designed to support flash renumbering" seems pretty much a religious > argument against work that would not result in any major modifications > to any of the protocols involved -- as opposed to EH insertion). >
- [arch-d] Fiddling with IP packets in the network,… Fernando Gont
- Re: [arch-d] Fiddling with IP packets in the netw… Stephen Farrell
- Re: [arch-d] Fiddling with IP packets in the netw… Fernando Gont
- Re: [arch-d] Fiddling with IP packets in the netw… Tony Li
- Re: [arch-d] Fiddling with IP packets in the netw… Christian Huitema
- Re: [arch-d] Fiddling with IP packets in the netw… S. Moonesamy
- Re: [arch-d] Fiddling with IP packets in the netw… Alexandre Petrescu
- Re: [arch-d] Fiddling with IP packets in the netw… Fernando Gont
- Re: [arch-d] Fiddling with IP packets in the netw… Fernando Gont