IETF Logo Mail Archive

Re: [Idr] Éric Vyncke's Discuss on draft-ietf-idr-flow-spec-v6-19: (with DISCUSS and COMMENT)

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Thu, 05 November 2020 14:00 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97EC53A11A6; Thu, 5 Nov 2020 06:00:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=QmsVGmgG; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=GEFqaSFW
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xPGVnQhRZLmV; Thu, 5 Nov 2020 06:00:53 -0800 (PST)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 204C53A119D; Thu, 5 Nov 2020 06:00:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7534; q=dns/txt; s=iport; t=1604584853; x=1605794453; h=from:to:cc:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=DRh5G/8pKKClFN7M0O5x4AXgWHZHZh6wQSYoU23Kfkg=; b=QmsVGmgGKgaUSzjIoxGSnJJGUO0e0Np1B5DMsSk0LUn1L8IZXkEjRodJ DMBJqryi6T6cJMOQz8TbYtGTsYvsTXFVqq28WAXdHb5b4C+jnDy8X5MtF NTvBfAHJe6+r3oH/E+iBa2G0wjlnKAR/wkb8swFEAW+c+k4nBVREEkDrc o=;
IronPort-PHdr: 9a23:qEDu7B1T8Eq6stj7smDT+zVfbzU7u7jyIg8e44YmjLQLaKm44pD+JxWGv6drgE3JG47c7qEMh+nXtvXmXmoNqdaEvWsZeZNBHxkClY0NngMmDcLEbC+zLPPjYyEgWsgXUlhj8iK9PVpVXs35Yg6arni79zVHHBL5OEJ8Lfj0HYiHicOx2qiy9pTfbh8OiiC6ZOZ5LQ69qkPascxFjA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0C4CgBHBaRf/4MNJK1iHgEBCxIMQIMhUQdwWS8uhD2DSQONKyaBBJd7gUKBEQNUCwEBAQ0BASUIAgQBAYRKAheBdgIlOBMCAwEBCwEBBQEBAQIBBgRxhWEMhXIBAQEEEhERDAEBNwELBgEIDgMDAQEBAwIREgMCBDAUAQUDCgQBDQUigwQBgksDLgEOpRoCgTuIaHaBMoMEAQEFhQcYghADBoEOKoJyg3GCKYQuG4FBP4ERJwwQgho1PoJdAoEYHmiCWDOCLIofhk+COAE9oz6BAwqCbYkKkX8DFgmDGIoSlEOEXY5winiVTAIEAgQFAg4BAQWBayOBV3AVGksBggoBATJQFwINjh83gzqFFIVEdDgCBgEJAQEDCQF7iwaCRgEB
X-IronPort-AV: E=Sophos;i="5.77,453,1596499200"; d="scan'208";a="596260669"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 05 Nov 2020 14:00:28 +0000
Received: from XCH-RCD-002.cisco.com (xch-rcd-002.cisco.com [173.37.102.12]) by alln-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 0A5E05lm014767 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 5 Nov 2020 14:00:28 GMT
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by XCH-RCD-002.cisco.com (173.37.102.12) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 5 Nov 2020 08:00:10 -0600
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 5 Nov 2020 08:00:09 -0600
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 5 Nov 2020 08:00:09 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CCatnzEnLSYKkLqHOPL7Pth8iGyDd56/LlcqdC6w3SFgLnEayo3dDA/njCbivBQtA+ttqrbpEfpQMhSI9UTV2n0k5Q8aAehagaMgy3IcnZOM6IS6tvrUq3yeWBsH171EcKAFVsMDfLqZNAa/ohnF9IgmF3aS/0huavSGghdCLPvhd5yByQAtJfjwUPf39MJ1nCZgUKbPu3vClMWC13X8anu9o+HpM6uNRL/F7EIemgNFVGFXYbPj/ATEoZF1H/W9tB0WaPwQHPmiaKzPxaBVXkBMs8NsQSm9HGEebcfD2LY+2VgsKkTYxdV5FTrlQaeeCnZtGPpZk7aqCLMWfrsmyQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DRh5G/8pKKClFN7M0O5x4AXgWHZHZh6wQSYoU23Kfkg=; b=fqzo9WOkXvp5KXvhpW4xIqqyoXIwbEgk473pcVm4nldspQDQuUy6hrUaWYaL0SpydCLkmLKEoI1y30FI0+SArqY8Sadu2YouSq7tyDi5Q83lelL9/FjGIoN0/7bh8wN3BvVmJ8xpkE9kCZA2lc7bBpSLyFglc2Slh6w2ddPPWhpWPAql+smZcBuAl9AA/OUyCzlvkES3kUCji3qi+GKg+w8R3vY7pi1fvIw9pOggb2kpW8P9PTxDEi0hAQvu4YzgtBfVh94WPi/mgccQiW/ouvlQGuukWg2EyJFfybKoenEvkYiyKGYQFWI64KGYMfU3JPPX0ojIEV75aPyKqgPSZg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DRh5G/8pKKClFN7M0O5x4AXgWHZHZh6wQSYoU23Kfkg=; b=GEFqaSFW4uBljR+Q/QQYSuqSyW9QkU47b4OjdKsCJVUfHgSsKPTZ16dqjyGy6IE/NNhnykxVKQg6kXO2yizstwaHTj81n9hrEZko2EFmfseazJ9AakzF4KlVVgCTA6hpVPDtgOTz/2VoMhrHwDVtzJ+tRmHfmzXcG0hJ6wqVSWI=
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by PH0PR11MB4837.namprd11.prod.outlook.com (2603:10b6:510:41::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.21; Thu, 5 Nov 2020 14:00:09 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::453b:b2f5:ec29:410d]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::453b:b2f5:ec29:410d%7]) with mapi id 15.20.3499.032; Thu, 5 Nov 2020 14:00:08 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Susan Hares <shares@ndzh.com>, 'Christoph Loibl' <c@tix.at>
CC: "draft-ietf-idr-flow-spec-v6@ietf.org" <draft-ietf-idr-flow-spec-v6@ietf.org>, "idr@ietf.org" <idr@ietf.org>, "idr-chairs@ietf.org" <idr-chairs@ietf.org>, 'The IESG' <iesg@ietf.org>, Donald Eastlake <d3e3e3@gmail.com>
Thread-Topic: Éric Vyncke's Discuss on draft-ietf-idr-flow-spec-v6-19: (with DISCUSS and COMMENT)
Thread-Index: AQHWs3v4FWrE/UVsok6PnHS3e9NsRA==
Date: Thu, 05 Nov 2020 14:00:08 +0000
Message-ID: <E0B2560A-F9B2-4663-89AE-1C64F996C79F@cisco.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.42.20101102
authentication-results: ndzh.com; dkim=none (message not signed) header.d=none;ndzh.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2001:420:c0c1:36:cd9a:7e0a:28a7:cddb]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 815f0530-0df1-4d22-9ac9-08d881931b3a
x-ms-traffictypediagnostic: PH0PR11MB4837:
x-microsoft-antispam-prvs: <PH0PR11MB4837041FDE029FC3241D5440A9EE0@PH0PR11MB4837.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: AobYsUMiuWpM+1Kat38cYnYq9bA0mVFZ+XA+sEotZbdb/joXPZaHHoig2pZThT4Myn3YPPj9TKOWFSoXyW2AQH+eAbHulddWjq56VfAZcOSJt1t7dccsbqFL+Rr7Cj7907k10h+0AjpBUsySVF1PTqQW+0r3N9GRDMSSBHszyaTdszTphs7jmgvJvr1pIkCKFqx+eUEz6DqxWDIdIyGUomA7nUg2Cbc4jGCQqjHisfafuBqYRuSwzMnUh326BtLQslUo117jLpdqDsYC+Qz4360coYlaxibe+d3h+h2dmdnVPqbwBSsnoWgCNDpAQ2gs3FigCThND7Bgh9/LSJHSNctPXeq//bOKSF+V/CJXgcFLuueV/s58FfSdOvNNJ/dWM7JjqsS93bCv5PYl6n5ClIhP4/mIo9M2D0NAIDL2RPFfXniq7c/dAkm2JH6vmGJ1
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(39860400002)(376002)(396003)(346002)(136003)(83380400001)(2616005)(71200400001)(36756003)(66574015)(33656002)(316002)(91956017)(4326008)(76116006)(6506007)(53546011)(186003)(86362001)(66556008)(8936002)(2906002)(110136005)(66446008)(66476007)(64756008)(966005)(224303003)(5660300002)(6486002)(66946007)(6512007)(54906003)(478600001)(781001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: KF62hyV4sZg/sQDea8ijacKfNV8daOO4S//r8Ha15lnyQpceJKSoeQYl4xEXpX6nwfL/HDPChlYkqMZAZ3xSZFy3I4HIwjT1xHrYWAVLamEsnJMH1pzjm3kOSzA1mQ0YY7y/8/sJ1vVFJ0utyCIYcbP3/ZHvRDUSLAHqy3K02/6NKs5CytbSBhJkSm15xfyoxwBC0ytyw0YRAn1hHqzOBq030JqvuOQb8/+hnfRhAQN//78865aN1L2TA154PfQd4VWonQFUCpRuBKDhBnXcHWO3i/akC4qN60q9gP6HJBKYxCy+gvhb9jtRVN6G9pDjFqWojHtJbb8X3zVG/0+CLTcte4f94C3uD5FX+HsOiuZAb0tazBnHqYGwEQ0yb8wwNgKJm9dksMq/LOSBNSd9ZnbzGRqybWeicb2L2DN+NuwRYNV4ZNeZAbt5febQ4yempTE8uLCYavkVeoMd4ae5tkvAwOyjWS/kknn8tlaPO5SU0s9HysoIiwRwrYx4s2aS/+OGPwTHn6M5rluj2s/dCA2LEFTMZZN3TLV7KvmGtdgPFc2sQQqRhSQ96vwSRKCAAe7zaIi15di0fJP6yl1EaxUMYgtntEFfS3BHxuU7Xef4sPN7+mZV9LpQyW0wTz48tz1lsXLHLPdC8y6eBzXR3q4bDmXujFSsQrrk4+e6vjPl3L7d81wdPM9fHmKI77wBjDojq+OV2tuoN4aLsr8elA==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <1E45312FBBE23849BC779E8179F84B15@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 815f0530-0df1-4d22-9ac9-08d881931b3a
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Nov 2020 14:00:08.9099 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: eqirOmkoEsAzMOEjH3WdLJFIF4zEuEu5ajCWikZ0ZBNG0xZ1FOet6GSNcL16iS6ae1yhMhajWRzoWzbpLzR4QA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4837
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.12, xch-rcd-002.cisco.com
X-Outbound-Node: alln-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/7b19j96h3h9tj0_sRafpCAfru38>
Subject: Re: [Idr] Éric Vyncke's Discuss on draft-ietf-idr-flow-spec-v6-19: (with DISCUSS and COMMENT)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Nov 2020 14:00:56 -0000

Susan,

First of all, I would like to congratulate the IDR WG to push forward this document shortly after the 5575-bis as promised a couple of months ago. Am I reading you well when I understand that another flow spec for IPv6 is under specification right now at the IDR WG ?

I will reply separately to Christoph and Robert's replies.

But, I forgot to mention Donald Eastlake's INT review that should also be taken into account even if not entered via the Datatracker:
https://mailarchive.ietf.org/arch/msg/last-call/fzpLblnTgGu8Rh3DOYwtqgwbj3c/

Regards

-éric

-----Original Message-----
From: Susan Hares <shares@ndzh.com>
Date: Thursday, 5 November 2020 at 02:03
To: 'Christoph Loibl' <c@tix.at>, Eric Vyncke <evyncke@cisco.com>
Cc: "draft-ietf-idr-flow-spec-v6@ietf.org" <draft-ietf-idr-flow-spec-v6@ietf.org>, "idr@ietf.org" <idr@ietf.org>, "idr-chairs@ietf.org" <idr-chairs@ietf.org>, 'The IESG' <iesg@ietf.org>
Subject: RE: [Idr]  Éric Vyncke's Discuss on draft-ietf-idr-flow-spec-v6-19: (with DISCUSS and COMMENT)

    Eric:

    I want to underscore one point Christoph made for your review in the morning. 

    The WG purpose for this version of flowspec (RFC5575-bis) was to fix existing issues (bugs, v6, within AS extension).  These fixes allow the operators to continue to have DDoW work while the IDR working group to create a second revision of flow specification.

    Sue (co-author, WG co-chair). 

    -----Original Message-----
    From: Idr [mailto:idr-bounces@ietf.org] On Behalf Of Christoph Loibl
    Sent: Wednesday, November 4, 2020 9:11 AM
    To: Éric Vyncke
    Cc: draft-ietf-idr-flow-spec-v6@ietf.org; idr@ietf.org; idr-chairs@ietf.org; The IESG
    Subject: Re: [Idr] Éric Vyncke's Discuss on draft-ietf-idr-flow-spec-v6-19: (with DISCUSS and COMMENT)

    Hi Éric,

    Thanks for your review of the document. Please see my comments inline, I think this should clear your DISCUSS. I also attached a updated document that contains changes resulting from your comments.

    Since the draft submission is closed now I will ask Alvaro to publish the changed document today.

    Cheers Christoph


    > ## DISCUSS:
    > 
    > I am puzzled by the absence of a flow spec for the first Next-Header 
    > being a specific value and by the absence of a flowspec for the 
    > occurence of any extension header in the extension header chain. 
    > Extension headers are an important difference compared to IPv4 and 
    > could be 'nasty' as well (e.g., hop-by-hop header). Why was this not 
    > considered by the authors ? Or is there another document in the WG to address this issue ?
    > 

    We discussed matching on extension headers in general. But this is a little bit of a moving target. It also seemed to have very limited advantage to match on the next-header-id values only (except for the upper-layer protocol). The flexibility to also match on the "content"/"encoding" of extension headers is not the scope of this document. Flowspec in general in its current specification (as extension of rfc5575bis) is not very extensible. The match for every new extension-header and its properties would most probably introduce a new FS component (something that is not easily possible). To overcome such limitations, there are discussions in IDR with the working title "FS 2.0" that should overcome the extensibility problem.

    > ## COMMENT:
    > == COMMENTS ==
    > 
    > -- Section 3.1 --
    > Smart idea to have an offset but I wonder whether "Offset < Length < 
    > 129" is true... Esp. with some IPv6 addresses with an embedded IPv4 
    > address (32 bit) at offset 96. Isn't "Offset + Length <= 128" better ?
    > 

    No, the Length is not the number of bits to match. The number of bits to match is Length - Offset. Length is the bitnumber in the address where matching ends.

    > -- Section 3.3 --
    > How is the upper-layer defined here? Basically, how a node can 
    > determine whether it is an extension header or an upper-layer header? 
    > While I agree that there are not too many new upper-layer protocols 
    > being specified, I would prefer to have a definition of "upper-layer" 
    > here either by listing (or referring to a IANA registry) all existing 
    > extension headers (then all 'next header' not being 'extension header' 
    > are by default 'upper layer') or vice-versa.

    This is the term used in RFC8200 for the "last" next-header. It also explains how to detect the upper-layer protocol.

    > 
    > -- Section 3.6 --
    > Just curious ;-) Why is bit 7 not used in this encoding ?

    The reason for this is to keep the flags aligned with the Fragementation-Flags in rfc5575bis (IPv4). rfc5575bis has matching on DF bit there.

    > 
    > -- Section 3.7 --
    > I share Ben Kaduk's concern about the encoding of the flow label in 
    > less than
    > 20 bits.

    I answerd this question in response on Benjamins DISCUSS. 

    > == NITS ==
    > 
    > -- Section 3.1 (and possibly others) -- Sometimes the field 'length' 
    > is all lower case and sometimes it is capitalized.
    > 

    I updated the document accordingly

    > -- Section 3.8.2 (and possibly others) -- Please use RFC 5952 to write 
    > IPv6 addresses.

    As of Benjamin's comments I also added a paragraph to explain the notation, which is needed to repress the range for the pattermatching.

v2.23.0 | Report a Bug | By Email