IETF Logo Mail Archive

Re: [Bier] New Version Notification for draft-pfister-bier-over-ipv6-00.txt

Eric C Rosen <erosen@juniper.net> Mon, 12 September 2016 19:35 UTC

Return-Path: <erosen@juniper.net>
X-Original-To: bier@ietfa.amsl.com
Delivered-To: bier@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D242312B0DC for <bier@ietfa.amsl.com>; Mon, 12 Sep 2016 12:35:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.922
X-Spam-Level:
X-Spam-Status: No, score=-1.922 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gOASVtVSTCu7 for <bier@ietfa.amsl.com>; Mon, 12 Sep 2016 12:35:37 -0700 (PDT)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0101.outbound.protection.outlook.com [104.47.34.101]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B91212B046 for <bier@ietf.org>; Mon, 12 Sep 2016 12:25:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=6HanBHFsCZnvy6489p8iB1tEIowBrEryMyZMABCEjAI=; b=TX0SW8dbXyPpu989vQ8KDncJt+E2fLdl2dPqcJJ8/9K7eSWy44MX91d4L50XvOAaeJ5kJybPMQERMP2BalSysNm6OBZxgVwnaNS3PYbCapkVlF9Iawmia2mdipMRM/njKx2WKa18NKIEAE6HKMis4G7kpw9DCi6E2SdeAjyJO74=
Authentication-Results: juniper.net; dkim=none (message not signed) header.d=none;juniper.net; dmarc=none action=none header.from=juniper.net;
Received: from [172.29.33.7] (66.129.241.11) by SN1PR05MB2190.namprd05.prod.outlook.com (10.169.124.138) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.609.3; Mon, 12 Sep 2016 19:25:51 +0000
To: Pierre Pfister <pierre.pfister@darou.fr>, bier@ietf.org
References: <147280131368.24750.2582129788572723864.idtracker@ietfa.amsl.com> <3C470D17-363E-4F7D-B943-19FC52052C67@darou.fr>
From: Eric C Rosen <erosen@juniper.net>
Message-ID: <d891b2b1-1419-3fdb-be95-034d91305a30@juniper.net>
Date: Mon, 12 Sep 2016 15:26:07 -0400
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <3C470D17-363E-4F7D-B943-19FC52052C67@darou.fr>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [66.129.241.11]
X-ClientProxiedBy: CY1PR18CA0027.namprd18.prod.outlook.com (10.163.31.37) To SN1PR05MB2190.namprd05.prod.outlook.com (10.169.124.138)
X-MS-Office365-Filtering-Correlation-Id: a2ca7340-7c61-4532-296b-08d3db429c50
X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB2190; 2:QU6aNVU3iJIV1iSsOJ8ovbVPkqHo9SvlidCA79iCzSM6p9q+Nre3DeIYQM73EQ5slcu8ora1jdKwT8nNx+epQZmkHYHKatcwF+w3/w8tRCr4wcEg1SS0MU0XS7BcThf7mo8M6PUhJFsdS/C1exdJ/f2j4k725x64sdu+8VwI+yhvHWnXzf2dlINnFCQolr6v; 3:4h5z4tGK3h9luBxH4gLJnmzD53STY2WNK3+FYHjZM1fX37gl2VbpfSv8wFOpivzuYj3ZWSL7I8ySd9gxye82Zu5dUG1QLE3GSXPLnQSXosW93gDkOOOLOzMFIJUGWVbb
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN1PR05MB2190;
X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB2190; 25:HIZp1OmH/YZ5yPiuvIF0jyf1h90+6Xz3r5dsHV8Eo7/1EVomyUVfXMJRkVFiBqJ1Y5zfPno1LGshAcHKOg/qp2+NV+qXjshqHEPNiUuTY15WMqhrQhH2tdA7MeBFh34tbbaV8ak5rGeuwCRpoqKyjP/k6N9DTK+3R4iy+l25vU5LG1F/AK71fzMtj54HZ5huwzc6DPWWelkL/S9nyA+YinTYWL96XjvEeIkFNcv8WEzzFDLb3lv7UL+F5r+I8W4wMYznhmX1C1T+us3++s/g6I2E2CQvg6O9A5StqbCC82Zo57CL7ZC35xNtW8bct7YEx7ol2WwdHVHvBSQi+tcZ6x/iAK44in4HTZYSm9LzpAHt3ef4M6yoW1mTndb/IvUs+nDC7VbZqw9wT08C7QY41ktqGu2/eWaYiIZ5Zay6RHijyIbiCE70zlokYP8Ex20/Vkb2WiHrXJNtLhaBz7PFZSPA5iEEfQuXKRXcPDTJoWuUG2FKErH5io+DznV2SF0VIzNCT7uYDbn5f/82/hD70wcaND3LKAf/olb8pneEJlSet4c8KdWX6Qa3QNnfS9sHBaSDB0JrafCICDTYLyqDOCNpNBC288p68fU5z1U0l7b14k4kOt3TwshKV3oPJpY1Zw81jBbi/OwY108XiJo8PZ7BI/pd5iq6FAHCD/3Tr2A+zd+bYsF7t2dbd56w88fCtBdFHcYD6iwyUPMF85YrCYpfdZf/yxZG2Q7dop+K8SynGWwVmjUGZ3yy21GAUl3kk6NRz3dh3Kag5TNcfbmZcA==
X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB2190; 31:3ke8QENswAaFqsDnv6foS7MUSDWRcmA3fzCeSKN4IYCsZCuMvGPHSxRtTPATliIl94HoG2Fyh5u0AvSnPi4tstPUDIF4Cc9tIKNRmksJJK2KRyzYSO6TYC0bCv9R8bQJEHgpkPZsBwr2Ehm1he+1/KJnsgDyXQaUNHs084G/sH+8NRIiFN/b1qnFUozDA5NQaE+LXRsFWDzn+/A0q4h6BvMrcApmuidE+X+qYnpNVNQ=; 20:k3EmoHNV93ZNwj40yBjH9Kh/GAp8uHKqw+O2FFLXfoez6wyI4QXNO1F6nMY10dunYMwRaKDKzUa+QaY/reUotMP6oTJ9/8yCMTaGhGl0goGZZtcCAJbxwlLqLBvPNRadXhdMpLSshS4/gJoh/U85GByGBDGYtaZdCuwS91A1n7s4BCsgtauahdOz/LwkVSD0pO5PSfXIFjkv1bnxOWgnQ/z6PvQDJPlamG43BGPbS+/l0qM7c9HrRrx4JPvPBK6NUTyxbkvFCMmZ5yoBb7qZM73Tl/pOcevR2MRWpcBHj4r4Q1bC0VcXLYRJkEMIuSSkUXtq4dARRrKxgTjp3v26gwPCEettZcWv6ZtBJwc72iyXSshDdhJBOfULwuyZTdjTU3sAdgI68iarOhkio6fFSVd5lH+2oS7Q0BdB1kC1hArymfOHKs+QSc3e3Cm6/PPBymQVO4PvZeVMsz27PJjQ0veml6UXw5UxQVUqgtfWVLF+MKoqnuZWBUs7LXG+3tam
X-Microsoft-Antispam-PRVS: <SN1PR05MB219091C600288A4620FB7C18D4FF0@SN1PR05MB2190.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026); SRVR:SN1PR05MB2190; BCL:0; PCL:0; RULEID:(304825118); SRVR:SN1PR05MB2190;
X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB2190; 4:gm0dyRcthuFqLs8ey+Y2mGYRycP9uR0bzfGzDxfOtlJGyFPZD9YHUd5hn6PWr59Ek/5bOqJUG11CTlugy6TutzmD34R7VtrmPZkb6iZl1D1XH8nogYQBDTCpHo7jPHxzRkAWw+HzGyPpYK7TmvrnrPbzKoGRNk5hpzJyFcl9Q+ZLbWp1saIZWfrbt3aESYNhJ/Eq0Cdt6R9RV0BtStKHzQcTa9WDVDWwXbXcyQ66STd+c5udmQwXVzypEHQiUtwZdubTOmrv7lviHsINJKpimnwcjQ59krozHImQgocjZS7qgQYO6wOp8n5lqgnaur70J5jbb6Mfs0HPy6K8GJdWUBEHXh0NDmVA0ZFRfdYyMm847GhB6I68x/ffLapS3p4fzXbvl6tiGZANy1wsuqlR4Enk7+9mDdKelR6s/0EdAwGZy4M57MNsOq/BVb0q/r7tl+VrRmfSyrn5rsmrXSFHMw==
X-Forefront-PRVS: 006339698F
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(6049001)(6009001)(7916002)(6116002)(230700001)(3846002)(586003)(23746002)(2950100001)(31696002)(77096005)(76176999)(50986999)(54356999)(64126003)(230783001)(83506001)(65956001)(65806001)(5004840100003)(66066001)(50466002)(47776003)(561944003)(7736002)(7846002)(4326007)(4001350100001)(92566002)(86362001)(87386001)(31686004)(42186005)(8676002)(5660300001)(81166006)(15650500001)(4001520100001)(5001770100001)(36756003)(305945005)(65826007)(33646002)(2906002)(189998001); DIR:OUT; SFP:1102; SCL:1; SRVR:SN1PR05MB2190; H:[172.29.33.7]; FPR:; SPF:None; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB2190; 23:gjoGPxkyauj6xOz7aArm8QN60h+Gqluq2nDucPu9NaDM2gYmVqt/jaWWHLNJCvOMMCdOBsuW85P5tV7mbDoJC4+0d6/F6juc4ZpbWR0doCKEWVQb3deFDD5wCbGZ46wZfjSdHUTYTGtNLEo/i4nW9Cok/jJ6Pfup/D+DhhnOBjYn5UR0VPetCSGE/OwMMns6OZ5Fa28ROiR6/41VogEkwzkbHy96dgGFnTCby3EuWv6vdqqBrxm4gsq6gvIcjlBo37J/TnVeeLdkuqdiJuVR9wJzSnS6EWRZmuaFOZc4cBAYKHgZLep7b+wiCjMcyGr2yXMjyHz/YVldIp8XhCcv2gw1YA5F+gPvuzQSlvsqYWgKRoloFqzPQRF1kD6bkPjNe/bFsk7KhujBUFqKWpg6S1+l4kuR6dIVHUkY8YDPI4p7aUzz8xlilcV68V37V2GC17eHyzbtPC7DhyBv7FnE7Mm7Mbbp4RvAJgzKqSppgkMqV1dLWuKYD+Vmd+QTQJCSGoYx7iuu/zyp247tA+jK5EYyoWMfLaJYgME8vOSCQXORDys642YDW7U8trCLp8lFSVyHPyBz+VwFYpozLWsi2og2ueo438cuClWIWUpmTcYSo540swrQfSHCfENFkMpYXmmnTOfXPvnHiOX8yopEPfl3R76J1Udmi2q694wBZbgLTSxt5mrUOhYPYMyNOm0G2xfRatPqdQUD3NlXfcXZUmUWLCXjuAFxqYmeQG7TXZUOoKdr0vWgFvyMkiy62eoQH0u+81EpdUUQLJkCZ6bVrm8hhldtf6588ukmQY+G3Sk6LaaWH1hEOjS4huU8wkKOO79WMPKg8OISUvvCVAnb/Rqyrn986ZlxqZAke+OkYKyBDJB4L0rZkdbHWKqWWP82v9kMZyljc+4vZv2XVin/VhvT5KE/RULn2X7G35KHwPPCrnZIu3SMpNTQFExYB3MgT5Yu+s5UIFc9ZN8pf7CC8zWDvC2XETckp5CZLrXp9tTt5ViDZFOXPF39Gh51ZhGFeuBlQkbZW6btRTj5kcDSilWuJNP1iwAfz53s2Vva2IS727j23omK7+ydfkqU81qqHPYudJ2oQLdeIgBVrjRx0TDCubsCQZ/ktku4AdG9zYXKafwlmFysJ9KYqNECUDRJMjHI3CORbHVj5USWl/Paqw==
X-Microsoft-Exchange-Diagnostics: 1; SN1PR05MB2190; 6:uj5PvG9kp+Vac11mhGb3Azj5P/oXdaCk1gv1iWCQpaH4ewUYdPHnNYLo0VFnhoRENy9qN81baCADZWhxwdcfgEI84icOsysEfegv0FxbF+jwa5boQwsSzk2i2P7j+lzeIZ1J52dZGk2SyPtdc/y3w13sBLTnMqaC3kfsiuLADs6/siBSyFPGJodCXM3m/YNdTs5G3k2uxiasGYzfTTNxNoQTL9Njq20n52laGBTzZX0kWrWO8qm04WeiIp7kx6T2eQZJ3NBAs0LSeYP4bu39+GJsTxwpW9OEFS9iSw1SG1YfHiSy9z1zvtw/QtCGFKqj1sMmoilwyWEXwtFQ8v76aw==; 5:rUlYw+b3Y7NydObFdBZNuBciXJxNbwVkeIlF1OGbNTxuj8INqeRF/K1k8qAFe67cFJyVvmsmjYtTi7qviiggbVtiZvGlkqQ9KcAVBDM4DOK/cGgTHffM7XIy1XJOcO1H05PFFbCSRgUQ7BxFO5unGSu9W3UJr7JfCX7UETnhfjk=; 24:Wk/FqEixv17KaaqNIyI5uHRabWmSn7ikvxx4YH33kqQ2P3JI6/flGFbK1ttm0vUiEgL6QZUUFNkmZTJUSR1TWOpEV9toOgy9Bs8kapqTzT0=; 7:l71PLq0/ZrUTL8EDUUYsirNAAlJAwJeZ77QIxGKFJQmluUlV2NhDDv4AxfRixi1kzqdwCZEuy441Htoly0JuOTVUFddaO4vWI7p8aPE1KNRNPVzndhLkfFqgZUgjCDnFLUDbETxW17GMvrfooFqr865bhyC0GuofXxoix9Stln53FYroAvs7YfT1YHGnN/eW9Qrli3ExEvsDVlWBHCAt4okSoRuaXf7LRtR9Vk9qHvr41ui7pVENCNpLTVoP1EHB
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2016 19:25:51.8098 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR05MB2190
Archived-At: <https://mailarchive.ietf.org/arch/msg/bier/XmqxNYKNS7wOqC3ttGxfPI6FjvY>
Cc: IJsbrand Wijnands <ice@cisco.com>
Subject: Re: [Bier] New Version Notification for draft-pfister-bier-over-ipv6-00.txt
X-BeenThere: bier@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "\"Bit Indexed Explicit Replication discussion list\"" <bier.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bier>, <mailto:bier-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bier/>
List-Post: <mailto:bier@ietf.org>
List-Help: <mailto:bier-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bier>, <mailto:bier-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Sep 2016 19:35:38 -0000

Here are some comments and questions on draft-pfister-bier-over-ipv6.

Despite the title and abstract, the draft has nothing to do with the 
routing underlay.  It's about procedures for the BIER layer. Section 4 
is about BIER layer functions at the BFIR, and section 5 is about BIER 
layer functions at other BFRs.

The draft says in some places that BIER packets are "regular" IPv6 
packets, but it says in other places that they are not "regular" IPv6 
packets.  "Regular" is never defined, but it should be used consistently.

The term "BIER bits" occurs in contexts where it seems to mean "BIER 
BitString".  (The bits representing the SI are also "BIER bits", but 
don't seem to be included as "BIER bits" in this draft.)

The draft says that the high-order 64 ("p+i") bits of the IPv6 
destination address field are "left untouched".  But it proposes using 
the high-order 56 ("p") bits to hold a special prefix meaning "BIER", 
and it proposes using the next 8 ("i") bits to represent the SI.  That 
doesn't seem like leaving the high-order bits untouched. But perhaps 
"untouched" means "the bits are not modified by the forwarding plane" 
rather than "the functionality of the bits is not modified".

It is worth emphasizing that, unlike other proposed encapsulations, this 
encapsulation only supports BitStrings of length 64.  Well, 128-p-i.  I 
guess one could use a /40 prefix and a single SI to get a 
BitStringLength of 88 if one doesn't need any more than 88 BFR-ids in 
the domain.  It still seems rather restrictive when compared to the 
other encapsulations that have been proposed.

I don't see how the sub-domain is identified in this encapsulation.

The draft says: "It makes use of a typical IP longest match in order to 
decide whether a packet is a BIER packet or not, which means hardware 
and software existing solutions may be used for that purpose."  But 
existing/deployed hardware and software solutions cannot do the BIER 
forwarding!  So I don't see what advantage is being claimed here.  Or is 
this just a way of saying "at least we don't use IPv6 extension headers" ;-)

The draft seems to suggest that if the payload is an IPv6 packet, one 
can use BIER to multicast it without encapsulating the payload at all.  
Rather, all one has to do is overwrite the enduser's destination address 
with an "address" value that contains the BIER prefix, SI, and 64-bit 
BitString.  Do I understand that correctly? If so, this seems to create 
a number of issues that are not discussed.

Suppose, for example, that the original payload has an IPv6 multicast 
address in its destination address field.  If that is overwritten, then 
when the packet reaches a BFER, the BFER will have no way of knowing 
what the original destination address was.  But the multicast flow layer 
needs that information in order to further process the packet!

If an enduser's UDP packet is carried as the payload of an IPv6 BIER 
packet, and the UDP packet has non-zero checksum, then, as the draft 
says, "the UDP checksum must be recomputed when the BIER bits are 
changed."  So the BIER forwarding plane now has a new function -- it has 
to look to see what the payload is, and whether the the payload has a 
checksum that needs to be adjusted.  Does that sound like a good idea?

The draft says: "It is possible to configure a host with an address 
which corresponds to a BIER address with a single bit set.  From the 
host perspective, such address is not different from a regular IPv6 
address."  Well, what will then stop the host from using that address as 
an IPv6 source address?

Packets carrying such an IPv6 source address may get dropped for using a 
prefix that has not been delegated to the host's subnet.

If a host uses a "BIER address" as its source address in a given packet, 
and the packet doesn't get dropped, the packet may elicit responses that 
put the BIER address in their destination address fields.  This seems 
like a security issue, as it creates an attack vector that can create 64 
responses to a single probe.

Hopefully hosts will not treat the BIER prefix as a delegated prefix 
that they can use to compute their own "privacy addresses"; if any of 
those computed addresses make it to the source address field of an IPv6 
packet, and the packet does not get dropped, chaos could ensue.

The draft suggests that the BIER prefix can be treated by BFRs outside a 
given domain as a routable unicast prefix, presumably leading towards 
one or more BFRs that serve as border routers for a given BIER domain.  
(At one point, the draft even says that BIER packets are IPv6 unicast 
packets, which seems a bit misleading. ;-)) That's interesting, but 
putting this feature to use requires one to work out quite a few details 
that are not mentioned.  And I don't think it will work for non-BFRs 
within the BIER domain.  To pass BIER packet through non-BFRs within the 
destination BIER domain, one still needs additional encapsulation.

The draft talks about "configuring" a BIER router with the rules needed 
to interpret a given IPv6 destination address field.  Does this mean 
that IGP/BGP extensions for signaling BFR-ids and other BFR parameters 
will not be used?  Why?  Or is it allowable for these parameters to be 
signaled as well as configured?  And if we are going to talk about 
inter-domain BIER, how is the inter-domain signaling done?

It is not clear from the draft whether the value of i (number of bits in 
the SI field) and the set of BFR-ids is specific to a given prefix, or 
whether it is the same for all prefixes.  (Or for all prefixes 
corresponding to a given domain.  Or perhaps sub-domain?)

Section 6 gives the "advantages" of the proposal, but it is not clear 
what the proposal is being compared to.  For instance, one of the 
advantages is claimed to be that the proposal doesn't use IPv6 extension 
headers.  Is the proposal being compared to another proposal that does 
use IPv6 extension headers?  If so, where is that proposal described?  
(None of the proposals I've seen so far use IPv6 extension headers.)

Another "advantage" is that the proposal "may be used for transporting 
IP multicast packets, but also for sending IP payloads directly to 
multiple destinations".  Does this "advantage" distinguish it from some 
other proposal?  I'd have thought that any multicast encapsulation can 
cause any packet to sent to multiple destinations.

Of course, maybe the first question is whether we really have a need for 
an encapsulation that is IPv6-specific.  The draft doesn't actually seem 
to address this question.

v2.23.0 | Report a Bug | By Email