Re: [Bier] Questions regarding <draft-zhang-bier-bierin6-03>

"Jeffrey (Zhaohui) Zhang" <zzhang@juniper.net> Fri, 12 July 2019 14:27 UTC

Return-Path: <zzhang@juniper.net>
X-Original-To: bier@ietfa.amsl.com
Delivered-To: bier@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E4DC12022C; Fri, 12 Jul 2019 07:27:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iSakpI42IOQT; Fri, 12 Jul 2019 07:27:33 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB787120220; Fri, 12 Jul 2019 07:27:32 -0700 (PDT)
Received: from pps.filterd (m0108160.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x6CEJipS003065; Fri, 12 Jul 2019 07:27:21 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=cDKMlQxL23dn8A6mWffQAn/U5um4Qr8XqcZINfDptn8=; b=2Na0p1oDPabIXjeDtstjwWfmUU0CLe0lq7Gh/PXogIzr7G1i1W4Vr/uUk14IwJ/oCwKo aWhY8lgGA3M/e9g39LLqTlImjc+yDZouM3sHsppK6aRLPlzonshxrTGAtDOyCJM31ifU sQwUL640sP38zjPznljfk0XJO5SDPPXFi4sheYBT4BUQFyVvAIdjyDoJ+hy8kUXvniKE gVJOuFCDjPZumGIRsM9U8zjqdd+AbLcxa1m0+l6kI50bf+s1ac1t89vgNRwriDAlUjka tTEVn+AjCJrGxGHsPVzwOpdCr1ec+fKHm7YwourUp0q8FQGlzvBB8cyOwpaEke7th2bk dQ==
Received: from nam02-bl2-obe.outbound.protection.outlook.com (mail-bl2nam02lp2057.outbound.protection.outlook.com [104.47.38.57]) by mx0b-00273201.pphosted.com with ESMTP id 2tpqkbreks-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 12 Jul 2019 07:27:21 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JNdQFolARMhh6/d0cXtHoUycPpyVApGR5lWlqH0LUszX+33JwrEYBPufj2xfqp/adIzvkxbuKjdwe1Bvb0HV1mepxC6g2sf2LR8RtLsxKfN9LsazJwJEHss0wlYn/XwX3Gjm7n2Uza8CidTNMCmIfg+dxce5vPOSkrOTWdj5xzkCp2XcrrfppO7M3RDWR2ofZ3ipAB6fiLbJbf6+dZNZ9gtlbVc6QGJnyBjgbJyCaJ/H9q4Q6Cbk7Y/1hwDaXX68AXd3oPoRsmSelpe9peJUN4uiA6DqZh8vyoFTtkXpOiScbXrtv69qO4nMRpn9JtQ8kvL3AqStDUBzjBVRQzBc3A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cDKMlQxL23dn8A6mWffQAn/U5um4Qr8XqcZINfDptn8=; b=CM3dV3yRAG5xw/vAzPL1+gygBiX0rDVIugVEtktrvXYxZOAGdrm2PBkT8OiDUJq6nX4iDVO7Q8O/Mz6NvUDEzNXLYP7ae2kKHjtJZtIdHs03FgDBV7sHhYuQdkW0Azbqx7JDDkho6WJeExe5usaUt/3/DZs8iTXOxlArb9aI0E2B/zO4Zn5xiC0RkfsFwmDgt8N4owMgETY1vjoKbtOdzDvBIE0cZuEte6hHBhEmWwdwiyWyLwDbAa/wuo+0t2g5fDCdKIOA3YAPjl95qwAeGqTdyVToiGhOt+KFZOBgqQwPBr5nqsvvL5PnyHncRt5sXAb+hfMA09Vt8vADBeG7PQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=juniper.net;dmarc=pass action=none header.from=juniper.net;dkim=pass header.d=juniper.net;arc=none
Received: from DM5PR05MB3548.namprd05.prod.outlook.com (10.174.242.153) by DM5PR05MB2810.namprd05.prod.outlook.com (10.168.177.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.6; Fri, 12 Jul 2019 14:27:18 +0000
Received: from DM5PR05MB3548.namprd05.prod.outlook.com ([fe80::c890:e1c9:8d87:8d5f]) by DM5PR05MB3548.namprd05.prod.outlook.com ([fe80::c890:e1c9:8d87:8d5f%6]) with mapi id 15.20.2073.008; Fri, 12 Jul 2019 14:27:18 +0000
From: "Jeffrey (Zhaohui) Zhang" <zzhang@juniper.net>
To: Xiejingrong <xiejingrong@huawei.com>, Antoni Przygienda <prz@juniper.net>, "draft-zhang-bier-bierin6@ietf.org" <draft-zhang-bier-bierin6@ietf.org>, BIER WG <bier@ietf.org>
Thread-Topic: Questions regarding <draft-zhang-bier-bierin6-03>
Thread-Index: AdU2IrLV6PANcPQ8TJ2wzjJsYLxNqQAHa6GgAHBJYdsAJ5LssAAG4U8g
Content-Class:
Date: Fri, 12 Jul 2019 14:27:18 +0000
Message-ID: <DM5PR05MB3548F4EFF3EFC0CCDA3FDE73D4F20@DM5PR05MB3548.namprd05.prod.outlook.com>
References: <16253F7987E4F346823E305D08F9115AAB8DC468@nkgeml514-mbx.china.huawei.com>, <DM5PR05MB3548E853C20E03CC58C7956BD4F10@DM5PR05MB3548.namprd05.prod.outlook.com> <MWHPR05MB32792FD6E09E4444B8DF45C3ACF30@MWHPR05MB3279.namprd05.prod.outlook.com> <16253F7987E4F346823E305D08F9115AAB8DD5B0@nkgeml514-mbx.china.huawei.com>
In-Reply-To: <16253F7987E4F346823E305D08F9115AAB8DD5B0@nkgeml514-mbx.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.2.0.14
dlp-reaction: no-action
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=True; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Owner=zzhang@juniper.net; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2019-07-12T14:27:15.1569585Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=Juniper Business Use Only; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Application=Microsoft Azure Information Protection; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=819f8f4b-5355-41aa-870d-84298cabc552; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Extended_MSFT_Method=Automatic
x-originating-ip: [66.129.241.11]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 53cd1db7-8605-4958-555e-08d706d50b54
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM5PR05MB2810;
x-ms-traffictypediagnostic: DM5PR05MB2810:
x-microsoft-antispam-prvs: <DM5PR05MB2810582AF68AEDDC493D6C83D4F20@DM5PR05MB2810.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 00963989E5
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(346002)(39860400002)(136003)(376002)(396003)(366004)(199004)(189003)(53936002)(53946003)(99286004)(9686003)(86362001)(229853002)(14454004)(19627235002)(33656002)(8676002)(81166006)(256004)(7696005)(74316002)(8936002)(3846002)(2501003)(81156014)(110136005)(6116002)(7736002)(305945005)(6246003)(102836004)(52536014)(2906002)(76176011)(6506007)(26005)(316002)(5660300002)(186003)(76116006)(6306002)(55016002)(64756008)(66066001)(966005)(6436002)(25786009)(66574012)(30864003)(68736007)(478600001)(71190400001)(71200400001)(476003)(66556008)(446003)(486006)(66476007)(1941001)(66946007)(11346002)(66446008)(21314003); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR05MB2810; H:DM5PR05MB3548.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 08vF5jkecRTzwflWLeKSvkBIs4kOWJz9yYzFz9YqnwDu9dmZ3OjR5U/ISPVpuiNPpOZaBiwU2/Kre3FK1gSouOKbnjLFdjoiiaxvj4CR7fdgu9p87bk50uaScBqGI2E0LoMTUACLM/XgM4Evm0VyxhzmpYfGHSlMkHkkwed0kl7J8in73f1fNF+EmDQ5wJGwO6B3kfeDT5rg2jq9F103AKYCZZv2aRp6JvcQhZ7MlNqjpkDS/Zn5c8k38BFH54E4ingc43wgfdQ8+6tqXaOreQgPBjoKiuV1qISvBNZN6gGnfVCeMmHzqfI/i2bM/dgvwvrt2C8AdSPYhXAokhp87voLHW8A9lUsFe5ARpQCMvqN+Bh6ggPIKtNn7n/Kglp2ntkUnmvKkcuIz8bWRV1iPtX5aRtoXB3R9XzRt4qPWCY=
Content-Type: multipart/alternative; boundary="_000_DM5PR05MB3548F4EFF3EFC0CCDA3FDE73D4F20DM5PR05MB3548namp_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 53cd1db7-8605-4958-555e-08d706d50b54
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jul 2019 14:27:18.3182 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: zzhang@juniper.net
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR05MB2810
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-07-12_04:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1907120156
Archived-At: <https://mailarchive.ietf.org/arch/msg/bier/G7FEnyd1MiVS2PVBzmSXMvWLlWA>
Subject: Re: [Bier] Questions regarding <draft-zhang-bier-bierin6-03>
X-BeenThere: bier@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "\"Bit Indexed Explicit Replication discussion list\"" <bier.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bier>, <mailto:bier-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bier/>
List-Post: <mailto:bier@ietf.org>
List-Help: <mailto:bier-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bier>, <mailto:bier-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jul 2019 14:27:36 -0000

I don't have a good understanding about the writing in the latest email below, but for the following original comment that led to it:

>       [XJR Q6]: You have to walk the ext header chain and get the last NH to judge if this packet need to be discard, right? For example for an incoming packet(ipv6hdr+RoutingHeader+DestOptHdr<nh!=TBD>), you have to walk the whole extension header chain until you know the last NH, to execute the above "discard" action. Right?

What is the problem with that? This document is saying that for BIER packets, the only header that is expected is the TBD (for BIER) and otherwise you drop it. Normally, you would not have the (ipv6hdr+RoutingHeader+DestOptHdr<nh!=TBD>) situation.

If the concern is that someone could maliciously inject that kind of packets for the purpose of slowing down a targeted BFR, then any of the following situation in RFC8200, independent of BIER, will have the same effect:

   If, as a result of processing a header, the destination node is
   required to proceed to the next header but the Next Header value in
   the current header is unrecognized by the node, it should discard the
   packet and send an ICMP Parameter Problem message to the source of
   the packet, with an ICMP Code value of 1 ("unrecognized Next Header
   type encountered") and the ICMP Pointer field containing the offset
   of the unrecognized value within the original packet.  The same
   action should be taken if a node encounters a Next Header value of
   zero in any header other than an IPv6 header.

Jeffrey


From: Xiejingrong <xiejingrong@huawei.com>
Sent: Friday, July 12, 2019 7:20 AM
To: Antoni Przygienda <prz@juniper.net>et>; Jeffrey (Zhaohui) Zhang <zzhang@juniper.net>et>; draft-zhang-bier-bierin6@ietf.org; BIER WG <bier@ietf.org>
Subject: RE: Questions regarding <draft-zhang-bier-bierin6-03>

Hi Tony,

Exactly, the whole v6 extension headers(EH) and the v6 options consideration is basically a first stab!

Once a judgement is based on the "Upper-layer Protocol", the last next header of a chain, then a walk through the chain is unavoidable, to "dig out" the right format that need to be processed in fast-path.

The difficulty with a "regular" IPv6 DA is that, normal things like TCP/UDP/ICMPv6 packet must be handled without much impact on it.

Use a "XXX specific IPv6 DA" is not only the SRv6-NetworkProgramming concept, but also the ISO NSAP address as I learned from a book and found in the WIKI https://en.wikipedia.org/wiki/NSAP_address<https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_NSAP-5Faddress&d=DwMFAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=f7wsLGcfzAWDNS6XNTBZwj_OLAOsZZqdrR2IDAzeZqE&m=hKlg11Qzoo3dyO4pZGNb6wtU4M6Kb1RXIFHB6JnSl4A&s=Rh1tyYzDzhRq7ymA_JEJduNT94j_xiGhiQ-QgbwQ9L4&e=>94j_xiGhiQ-QgbwQ9L4&e=>:

The NSEL (Network-Selector) is a field in the NSAP address that identifies the network layer<https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_Network-5Flayer&d=DwMFAg&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=f7wsLGcfzAWDNS6XNTBZwj_OLAOsZZqdrR2IDAzeZqE&m=hKlg11Qzoo3dyO4pZGNb6wtU4M6Kb1RXIFHB6JnSl4A&s=CseHsrq8z_Cjx0ZsXzuYT3X9_3CMLv4SkB7Cs2nRPu0&e=> service to which a packet should be sent.

BIER forwarding seems match very much a "network layer service" in my opinion, and the "AB37" in "2019::AB37" is very similar to a NSEL too.

Thanks
Jingrong


From: Antoni Przygienda [mailto:prz@juniper.net]
Sent: Friday, July 12, 2019 12:02 AM
To: Jeffrey (Zhaohui) Zhang <zzhang@juniper.net<mailto:zzhang@juniper.net>>; Xiejingrong <xiejingrong@huawei.com<mailto:xiejingrong@huawei.com>>; draft-zhang-bier-bierin6@ietf.org<mailto:draft-zhang-bier-bierin6@ietf.org>; BIER WG <bier@ietf.org<mailto:bier@ietf.org>>
Subject: Re: Questions regarding <draft-zhang-bier-bierin6-03>


2.1.  IPv6 Options Considerations

   RFC 8200 section 4, defines the IPv6 extension headers.  Currently
   there are two defined extension headers, Hop-by-Hop and Destination
   options header, which can carry a variable number of options.  These
   extension headers are inserted by the source node.

   For directly connected BIER routers, IPv6 Hop-by-Hop or Destination
   options are irrelevant and SHOULD NOT be inserted by BFIR on the
   BIERin6 packet.  In this case IPv6 header, Next Header field should
   be set to TBD.  Any IPv6 packet arriving on BFRs and BFERs, with
   multiple extension header where the last extension header has a Next
   Header field set to TBD, SHOULD be discard and the node should
   transmit an ICMP Parameter Problem message to the source of the
   packet (BFIR) with an ICMP code value of TBD10 ('invalid options for
   BIERin6').
[XJR Q6]: You have to walk the ext header chain and get the last NH to judge if this packet need to be discard, right? For example for an incoming packet(ipv6hdr+RoutingHeader+DestOptHdr<nh!=TBD>), you have to walk the whole extension header chain until you know the last NH, to execute the above "discard" action. Right?


prz> topic for discussion. The whole v6 options consideration is basically a first stab.

   This also indicates that for disjoint BIER routers using IPv6
   encapsulation, there SHOULD NOT be any IPv6 Hop-by-Hop or Destination
   options be present in a BIERin6 packet.
[XJR Q7]: What does "disjoint BIER router" mean?

prz> non-adjacent, good catch




Juniper Business Use Only