IETF Logo Mail Archive

Re: [Bier] BIER v6 requirements draft comments: draft-ietf-bier-ipv6-requirements ...

"Rajiv Asati (rajiva)" <rajiva@cisco.com> Tue, 19 November 2019 21:46 UTC

Return-Path: <rajiva@cisco.com>
X-Original-To: bier@ietfa.amsl.com
Delivered-To: bier@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 319351208E1 for <bier@ietfa.amsl.com>; Tue, 19 Nov 2019 13:46:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.165
X-Spam-Level:
X-Spam-Status: No, score=-11.165 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SBL_CSS=3.335, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=csytXl8S; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=NLlOxL4C
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id scmOigHgJL1a for <bier@ietfa.amsl.com>; Tue, 19 Nov 2019 13:46:40 -0800 (PST)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9947D1208F0 for <bier@ietf.org>; Tue, 19 Nov 2019 13:46:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7800; q=dns/txt; s=iport; t=1574200000; x=1575409600; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=6NOzBuWMlFqpzX58+WiuTwVo8BTnmEYEJmKi4z59Ou0=; b=csytXl8SENvtfA1k7GQLXardEmPeTLOlJvCxSuv/gY6X+pFR9Fqvv7AV XiKPf2y5ebQwwC0MZtrcH62ZNM/1vZhEn2KG4nXcAfzfT/9UI7sL4Qqv2 jrskWrUsj2hrF2GYTjD2p0F3Qx87Z20y+vLAdphviDscS6PTnMKtdIjsk 8=;
IronPort-PHdr: 9a23:noH/rBwtX0XPPrHXCy+N+z0EezQntrPoPwUc9psgjfdUf7+++4j5YR2N/u1j2VnOW4iTq+lJjebbqejBYSQB+t7A1RJKa5lQT1kAgMQSkRYnBZufAE/6MvfCZC0hF8MEX1hgrDm2
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CiBQAYYtRd/4wNJK1lHAEBAQEBBwEBEQEEBAEBgX6BSyQsBWxYIAQLKgqEIINGA4pzgjkliViOKIJSA1QJAQEBDAEBGAsKAgEBhEACF4IOJDgTAgMNAQEEAQEBAgEFBG2FNwyFUQEBAQECAQEBEBERDAEBJQcLAQQLAgEIEgYCAiYCAgIfBgsVAg4CBA4FGweDAAGCRgMOHwEBAgymMQKBOIhgdYEygn4BAQWCSYI/DQuCFwMGgQ4ojBUYgUA/gREnDBOCTD6CG0cBAQKBOIM3MoIskBOdWUEKgiuRN4QYG4I+h2iPa5kTjz0CBAIEBQIOAQEFgWkigVhwFTsqAYJBUBEUkRo4gzuFFIU/dAGBJ4tRgTEBgQ4BAQ
X-IronPort-AV: E=Sophos;i="5.69,219,1571702400"; d="scan'208";a="668660435"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 19 Nov 2019 21:46:38 +0000
Received: from XCH-ALN-007.cisco.com (xch-aln-007.cisco.com [173.36.7.17]) by alln-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id xAJLkcAc000930 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 19 Nov 2019 21:46:38 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-ALN-007.cisco.com (173.36.7.17) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 19 Nov 2019 15:46:37 -0600
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 19 Nov 2019 15:46:37 -0600
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 19 Nov 2019 16:46:37 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=E7wHtQfIorUQuHbtlIfSvyUkBs608eijtaNQZZjFMtzQ2vK5SdAeeTGcgnzM19IzD5xK8vnL/1XCJhSsphjFBlUQSauCdrNadNewFZXpvyJucz9d3npGdQYjfLR/YpHeyoN6UwUSCsMgrImbWC4EhQ4PxXR415c/Xd/J7KpoqtzV8RtIWbDmML1E/ywv+k77WTSiX1oZNAEveCwZiWW7qVwV/t5fzSAlzslE8YDpv1qMseme1WYCBI6uMoDCCXEaTjo83FbtcKtnH26H3vnzlTz1/7tyGqHNyCskKM+jS1LMGnNd547nqKf090Za2jxcpOtx5QFfqp0059pF+GmNZA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6NOzBuWMlFqpzX58+WiuTwVo8BTnmEYEJmKi4z59Ou0=; b=GuUC3EzvkvBtqww8lR291oM26QzbV4p6sk7l4ShikLfAjCtfZpSX2NMZg4+n5b4r+NXU8jn6TbOKQx9zlsA/mmKIDLu9EKPvJ0L4zI1/2ny8M3hp/xiGHMVuJbPIlo9or8Zzgk0OWmr7tRCTqmjnqdnDDo2h3kG1q+FWP7biosreuGvYfZSFvF+CJWO3a/hk1PV7C6kFndBkEpbKyTIaRE92cSDD+3n5Y6mqhVKHw73VJVtApkUD0SkSiJMG7HradHdDUiUiewV+JTqUlXYj8dceo/wy4NuRAeQBgSGF50mIhyypaJ6bkptopXnNKi90G1h0k5e/abxXHgRE3qa2sA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6NOzBuWMlFqpzX58+WiuTwVo8BTnmEYEJmKi4z59Ou0=; b=NLlOxL4CTBNGo8pmz2Y+wTi2pzhU0pP54i6Q4mb+4s4gmriN9FfB6G2LRhwKC5LfXbaBgFQ1PllTx/ku+c1ZHm6ydnpdPIvvjAh2hGp0qE3yAOZ+ukrWlCosMaW/VFxVkZGvc/T1/sGvU4GoPRqY8R/MXBa3soHmZpUQ8VTjqaE=
Received: from BY5PR11MB4308.namprd11.prod.outlook.com (52.132.252.19) by BY5PR11MB3990.namprd11.prod.outlook.com (10.255.162.95) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.22; Tue, 19 Nov 2019 21:46:36 +0000
Received: from BY5PR11MB4308.namprd11.prod.outlook.com ([fe80::85d:fc8e:442f:27e8]) by BY5PR11MB4308.namprd11.prod.outlook.com ([fe80::85d:fc8e:442f:27e8%3]) with mapi id 15.20.2451.031; Tue, 19 Nov 2019 21:46:36 +0000
From: "Rajiv Asati (rajiva)" <rajiva@cisco.com>
To: Mike McBride <mmcbride7@gmail.com>
CC: Antoni Przygienda <prz=40juniper.net@dmarc.ietf.org>, "bier@ietf.org" <bier@ietf.org>
Thread-Topic: [Bier] BIER v6 requirements draft comments: draft-ietf-bier-ipv6-requirements ...
Thread-Index: AQHVnp1Mgwwp4iu3RkeLcJpFC8FV+KeSdKKAgACTxc0=
Date: Tue, 19 Nov 2019 21:46:36 +0000
Message-ID: <07709F8A-51D2-4265-8DBF-7D1B71CB545E@cisco.com>
References: <24BB25FC-F19D-4CE2-B5AB-2BF1F844546E@juniper.net>, <CAL3FGfwFJDN6WK8UdLzOdDJDxeL9Bf5P_ncGAdNQw58HEd8UNw@mail.gmail.com>
In-Reply-To: <CAL3FGfwFJDN6WK8UdLzOdDJDxeL9Bf5P_ncGAdNQw58HEd8UNw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rajiva@cisco.com;
x-originating-ip: [203.116.43.34]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e8d55d00-b732-4e28-33e7-08d76d39f3b3
x-ms-traffictypediagnostic: BY5PR11MB3990:
x-microsoft-antispam-prvs: <BY5PR11MB39905441DC5E3F93E880FDE0C74C0@BY5PR11MB3990.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 022649CC2C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(396003)(366004)(39860400002)(346002)(376002)(189003)(199004)(5660300002)(6506007)(53546011)(486006)(54906003)(81156014)(86362001)(256004)(66476007)(14444005)(66446008)(64756008)(66556008)(66946007)(91956017)(6436002)(26005)(6512007)(446003)(2616005)(71190400001)(6486002)(476003)(229853002)(6916009)(71200400001)(11346002)(4326008)(2906002)(316002)(966005)(66066001)(76116006)(478600001)(81166006)(76176011)(99286004)(186003)(8676002)(25786009)(6306002)(102836004)(6246003)(33656002)(1411001)(7736002)(305945005)(6116002)(8936002)(3846002)(14454004)(36756003); DIR:OUT; SFP:1101; SCL:1; SRVR:BY5PR11MB3990; H:BY5PR11MB4308.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: htLorqewJZlyVQFclFHYD/cqUKwZZ/xuha/cFpFN1k7sZcQGNYkkPN/fk000MvhetUrYY4yJTZjP1neQ71V8QlxweJIEe8V9ZTN/B1XoE8kfl9GbRYCrqUazE7vRfuO/oQCRRB+AUXo8HLOLHCoeLc5xicVPlZDT3GDjdrUvmWFThelILl6oQFVaUP3GAeD5oW6CwPCF3AWr7mNSqA16yupPT1QNv/zVUfqnn0JmNsiXmx4tPDHKasmLCnLDN47snVsq0IWeMdG6BALOEOwCEAKl4S/zfSTHx13BJ5DfdtZfR4E83P1nGFGqJi/lxNU5acHcJyafKnbbIrZaySgdEe1PL/8q5zLX/9+yCw1v0w5Dh5zABty831Qnfx2ldAjd7MHuFFxMcz9NGti5qaujSycrXB0TqeuOz7NGJaGOsp9xdbyczS/14Is8NcjggCIh
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: e8d55d00-b732-4e28-33e7-08d76d39f3b3
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Nov 2019 21:46:36.3896 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1K/H4fVIBlkMDoEfv7o/5qmfaAQqNRL8GsKhzB7af22BZUJuQEf5cwKcLllwZBn7RzZLzQ2HpqYyMb/5UZBhfg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR11MB3990
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.17, xch-aln-007.cisco.com
X-Outbound-Node: alln-core-7.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/bier/a9bRyAytygtXzknUv-0w-XqykmI>
Subject: Re: [Bier] BIER v6 requirements draft comments: draft-ietf-bier-ipv6-requirements ...
X-BeenThere: bier@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "\"Bit Indexed Explicit Replication discussion list\"" <bier.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bier>, <mailto:bier-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bier/>
List-Post: <mailto:bier@ietf.org>
List-Help: <mailto:bier-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bier>, <mailto:bier-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Nov 2019 21:46:42 -0000

Please see inline,

> MM: Unless my co-authors, or anyone else, disagrees, I say we simply
> remove this section and any and all references to SRv6 if it's not
> helpful. Focus should be on IPv6 related requirements.

Agreed. 

> MM: This isn't a solutions document so whether it's a good idea or not
> can be saved for that document to justify. We will move the solutions
> overviews to an appendix.

Indeed. that helps to keep the focus on requirements. 

>> Last, major objection is that by opening any IPv6 destination address to receive BIER frames from multiple hops away we are opening a completely security nightmare and argumenting that whole BIER layer has to be IPSEC’ed to close that hole is simply going into a seriously wrong direction IMO.
> 
> MM: Which requirement are you referring to?


Perhaps, requirement 4.2 - DA modification !!!

If we continue with BIER being an L2.5 forwarding technology in IPv6 paradigm, then modifying v6 DA yields limited to no value. And tunneling would be the only sane way to accommodate non-BIER transit routers, if any. 

However, this means IPv6 being treated in a similar manner as IPv4. Just a payload. This should be debated.  

Cheers,
Rajiv  


> On Nov 19, 2019, at 8:57 PM, Mike McBride <mmcbride7@gmail.com> wrote:
> 
> Hi Tony,
> 
>> On Mon, Nov 18, 2019 at 9:51 PM Antoni Przygienda
>> <prz=40juniper.net@dmarc.ietf.org> wrote:
>> 
>> Finally getting to fire off some comments on draft-ietf-bier-ipv6-requirements draft
> 
> MM: Yay! thank you, happy we are getting some feedback.
> 
>> 3.4: I see NO requirements to do anything with SR or SRv6 in BIER WG charter so I am not sure how it ended up so prominently in the draft. And BIER is a hop-by-hop technology, it already includes provisions to transition non-BIER nodes via correct algorithms so not sure how SRv6 is of any use or relevance here. Of course BIER could be tunneled with SRv6 but then a BIER frame should be carried natively inside a SRv6 frame.  Comingling two level layer 2.5 transport technologies into a single layer format as the draft seems to imply is unnecessary and a bad idea since there will be resulting cross-talk.
> 
> MM: Unless my co-authors, or anyone else, disagrees, I say we simply
> remove this section and any and all references to SRv6 if it's not
> helpful. Focus should be on IPv6 related requirements.
> 
>> 4.2: completely disagreed. BIER is a hop-by-hop layer 2.5 technology. Modifying IP options is arguably far more expensive than next-protocol frame.
> 
> MM: You completely disagree with requirement 4.2? You believe that the
> solution _should_ require hop-by-hop modification of the IP source
> address field? Or just disagree with our explanation of it? This
> requirement came from Eric Rosen long ago. Please suggest new
> requirement wording that makes you happy.
> 
>> 4.3:
>> 
>> fragmentation will only play in IPv6 case if the frame is longer than IPv6 max frame size - BML roughly. No matter _where_ we stick the mask we face the same problem until we start to do BIER fragmentation and reassembly
> 
> MM: So the requirement "should not require the BFRs to inspect layer 4
> or require any changes to layer 4." is fine but you don't like the
> fragmentation wording? Or do you not like the requirement period? We
> can certainly re-word it or remove it if it causes heartache. Again
> this was another Rosen requirement I believe. Fragmentation is
> optional for BIER, but, from an IPv6 point of view, it is a basic
> capability and we figured we should support it. Maybe we don't but
> let's get the requirement down.
> 
>> Again, SRv6 is neither in the charter nor an issue since BIER is a L2.5 hop-by-hop technology and not, as the authors want it, all of a sudden an implicit tunneling or multi-hop technology
> 
> MM: Consider SRv6 gone from this draft since having it in there is
> causing pain.
> 
>> 4.11: and again BIER is hop-by-hop and it will rely on higher layers to re-assemble just like MPLS does.
> 
> MM: and again IPv6 does provide the fragmentation/assembly capability,
> so we figured BIER should inherit such capability but we could
> certainly be wrong. Are you in favor then of removing the 4.11
> requirement involving fragmentation? Or re-wording it?
> 
>> I-D.xie-bier-ipv6-encapsulatio: yes, IPv6 architecture has the loophole for in flight modification of hop-by-hop header options but it does not mean it’s a good idea
> 
> MM: This isn't a solutions document so whether it's a good idea or not
> can be saved for that document to justify. We will move the solutions
> overviews to an appendix.
> 
>> Last, major objection is that by opening any IPv6 destination address to receive BIER frames from multiple hops away we are opening a completely security nightmare and argumenting that whole BIER layer has to be IPSEC’ed to close that hole is simply going into a seriously wrong direction IMO.
> 
> MM: Which requirement are you referring to? Perhaps you are referring
> to requirement 4.3 involving L4 Inspection where we mention IPsec? We
> figured the IPSEC architecture should be inherited from IPv6 if we are
> considering BIER in IPv6 but it looks like you don't agree. We are
> happy to modify/add/remove any requirement just needs specifics.
> 
> thanks,
> mike
> 
>> 
>> 
>> --- tony
>> 
>> 
>> 
>> _______________________________________________
>> BIER mailing list
>> BIER@ietf.org
>> https://www.ietf.org/mailman/listinfo/bier
> 
> _______________________________________________
> BIER mailing list
> BIER@ietf.org
> https://www.ietf.org/mailman/listinfo/bier

v2.23.0 | Report a Bug | By Email