Re: [Bier] BIER v6 requirements draft comments: draft-ietf-bier-ipv6-requirements ...
"Xiejingrong (Jingrong)" <xiejingrong@huawei.com> Wed, 11 December 2019 09:17 UTC
Return-Path: <xiejingrong@huawei.com>
X-Original-To: bier@ietfa.amsl.com
Delivered-To: bier@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C177112086F; Wed, 11 Dec 2019 01:17:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j_F7dC-G-6nJ; Wed, 11 Dec 2019 01:17:56 -0800 (PST)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C350C120108; Wed, 11 Dec 2019 01:17:55 -0800 (PST)
Received: from lhreml701-cah.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id 69C24ECF9F91755E83C3; Wed, 11 Dec 2019 09:17:54 +0000 (GMT)
Received: from NKGEML411-HUB.china.huawei.com (10.98.56.70) by lhreml701-cah.china.huawei.com (10.201.108.42) with Microsoft SMTP Server (TLS) id 14.3.408.0; Wed, 11 Dec 2019 09:17:53 +0000
Received: from NKGEML514-MBX.china.huawei.com ([fe80::40a8:f0d:c0f3:2ca5]) by nkgeml411-hub.china.huawei.com ([10.98.56.70]) with mapi id 14.03.0439.000; Wed, 11 Dec 2019 17:17:43 +0800
From: "Xiejingrong (Jingrong)" <xiejingrong@huawei.com>
To: Antoni Przygienda <prz=40juniper.net@dmarc.ietf.org>, "bier@ietf.org" <bier@ietf.org>
CC: "gjshep@gmail.com" <gjshep@gmail.com>, "Bidgoli, Hooman (Nokia - CA/Ottawa)" <hooman.bidgoli@nokia.com>, "ice@cisco.com" <ice@cisco.com>, "draft-ietf-bier-ipv6-requirements@ietf.org" <draft-ietf-bier-ipv6-requirements@ietf.org>
Thread-Topic: BIER v6 requirements draft comments: draft-ietf-bier-ipv6-requirements ...
Thread-Index: AQHVnp1Mgwwp4iu3RkeLcJpFC8FV+Ke0xSfQ
Date: Wed, 11 Dec 2019 09:17:42 +0000
Message-ID: <16253F7987E4F346823E305D08F9115AABAEB6B9@nkgeml514-mbx.china.huawei.com>
References: <24BB25FC-F19D-4CE2-B5AB-2BF1F844546E@juniper.net>
In-Reply-To: <24BB25FC-F19D-4CE2-B5AB-2BF1F844546E@juniper.net>
Accept-Language: en-US, zh-CN
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.111.217.214]
Content-Type: multipart/alternative; boundary="_000_16253F7987E4F346823E305D08F9115AABAEB6B9nkgeml514mbxchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/bier/vMq7tDXIF33LPSeqGQg7MBuK0fs>
Subject: Re: [Bier] BIER v6 requirements draft comments: draft-ietf-bier-ipv6-requirements ...
X-BeenThere: bier@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "\"Bit Indexed Explicit Replication discussion list\"" <bier.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bier>, <mailto:bier-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bier/>
List-Post: <mailto:bier@ietf.org>
List-Help: <mailto:bier-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bier>, <mailto:bier-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Dec 2019 09:17:58 -0000
Hi Tony, Greg, Hooman, and folks who concerned about BIER IPv6 security: We have just posted the rev-04 of bier-ipv6-encapsulation, with the only updated section is chapter 5 “security considerations”, to focus on this single point. Please read and see if your concern about security is addressed, or what’s the problem(s) still not addressed if any. URL: https://www.ietf.org/internet-drafts/draft-xie-bier-ipv6-encapsulation-04.txt Status: https://datatracker.ietf.org/doc/draft-xie-bier-ipv6-encapsulation/ Thanks Jingrong From: BIER [mailto:bier-bounces@ietf.org] On Behalf Of Antoni Przygienda Sent: Tuesday, November 19, 2019 1:51 PM To: bier@ietf.org Subject: [Bier] BIER v6 requirements draft comments: draft-ietf-bier-ipv6-requirements ... Finally getting to fire off some comments on draft-ietf-bier-ipv6-requirements draft 3.4: I see NO requirements to do anything with SR or SRv6 in BIER WG charter so I am not sure how it ended up so prominently in the draft. And BIER is a hop-by-hop technology, it already includes provisions to transition non-BIER nodes via correct algorithms so not sure how SRv6 is of any use or relevance here. Of course BIER could be tunneled with SRv6 but then a BIER frame should be carried natively inside a SRv6 frame. Comingling two level layer 2.5 transport technologies into a single layer format as the draft seems to imply is unnecessary and a bad idea since there will be resulting cross-talk. 4.2: completely disagreed. BIER is a hop-by-hop layer 2.5 technology. Modifying IP options is arguably far more expensive than next-protocol frame. 4.3: · fragmentation will only play in IPv6 case if the frame is longer than IPv6 max frame size - BML roughly. No matter _where_ we stick the mask we face the same problem until we start to do BIER fragmentation and reassembly · Again, SRv6 is neither in the charter nor an issue since BIER is a L2.5 hop-by-hop technology and not, as the authors want it, all of a sudden an implicit tunneling or multi-hop technology 4.11: and again BIER is hop-by-hop and it will rely on higher layers to re-assemble just like MPLS does. I-D.xie-bier-ipv6-encapsulatio: yes, IPv6 architecture has the loophole for in flight modification of hop-by-hop header options but it does not mean it’s a good idea Last, major objection is that by opening any IPv6 destination address to receive BIER frames from multiple hops away we are opening a completely security nightmare and argumenting that whole BIER layer has to be IPSEC’ed to close that hole is simply going into a seriously wrong direction IMO. --- tony
- [Bier] BIER v6 requirements draft comments: draft… Antoni Przygienda
- Re: [Bier] BIER v6 requirements draft comments: d… Robert Raszuk
- Re: [Bier] BIER v6 requirements draft comments: d… Mike McBride
- Re: [Bier] BIER v6 requirements draft comments: d… Rajiv Asati (rajiva)
- Re: [Bier] BIER v6 requirements draft comments: d… Xiejingrong (Jingrong)
- Re: [Bier] BIER v6 requirements draft comments: d… Xiejingrong (Jingrong)
- Re: [Bier] BIER v6 requirements draft comments:dr… zhang.zheng
- Re: [Bier] BIER v6 requirements draft comments:dr… Xiejingrong (Jingrong)
- Re: [Bier] BIER v6 requirements draftcomments:dra… zhang.zheng
- Re: [Bier] BIER v6 requirements draftcomments:dra… Xiejingrong (Jingrong)
- Re: [Bier] BIER v6 requirementsdraftcomments:draf… zhang.zheng