Re: [Idr] locator length : draft-li-idr-flowspec-srv6

Gyan Mishra <hayabusagsm@gmail.com> Mon, 15 March 2021 19:57 UTC

Return-Path: <hayabusagsm@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E72A93A0C80 for <idr@ietfa.amsl.com>; Mon, 15 Mar 2021 12:57:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M4L14VAaOv0x for <idr@ietfa.amsl.com>; Mon, 15 Mar 2021 12:57:37 -0700 (PDT)
Received: from mail-pg1-x531.google.com (mail-pg1-x531.google.com [IPv6:2607:f8b0:4864:20::531]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D4363A0C82 for <idr@ietf.org>; Mon, 15 Mar 2021 12:57:37 -0700 (PDT)
Received: by mail-pg1-x531.google.com with SMTP id n9so20142249pgi.7 for <idr@ietf.org>; Mon, 15 Mar 2021 12:57:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=sMRj0GrGETb1u1tVUefgt8XhAV7AMZqnTAEh6gsMxr4=; b=FQnjz5SZKOit7EO3Jeq1azVkERz72hd0I2z0YIoV8aRGGF6mhN7PfZ7mPMwLepbmxX x7BfTjMvOmTsWGXwQDBMK1rI8v2URtJhbYjqrRXzaqvUP5J5feIQnjCjcv/LK7rSAd3K SV2nqLt1/QKWB2KTa1IGUe/CIOImrInVW2RZ0iiuj8MIrRvlJ8g97BH+rvuZjSLHCWWI sy2txxHdeebhq3VtlDTvBKyXCWhKyDCAT2TcjB6ztX84EikFgO6ZV1XGZEuy7S/j032R m3l/ZOxO1bzVyHKXwSmCHraMJIiTcpq9Fcyn5sTbMYprXrBjPAbnKIQQGtp8E/LxWK+q QcPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=sMRj0GrGETb1u1tVUefgt8XhAV7AMZqnTAEh6gsMxr4=; b=Npwa0MklSajMbwEa/HeDR7iwXLbKYSbxvQPo2ErzabJg4jFumOZx5ikLpeTNtODani ETacyhlk8sV6FNvocH510xYJX6/QQXVAGmcVl1E2ghrGiY5+aAkrEB75plEt1FDvlyGT 4KHJfllTfRPh8HIAvZOjLp3vSMBGEyDfPlDxtQNtjsMQ8a0fzPWyU4U1GdDreMyEaO/V 8bkhcOuXli4RjFTrLfm2FoSw8IpDl47ra/wEVg9Vs46mZeW6XUcRuiWBgLBlVwAt/FU6 R9xLQLbyJ/KnxX1vpD4d6Hkh9zsdvqvTcMcAw3xJcF7TVIFQUXjjrqqfIr7sv9a+HgFA Qlug==
X-Gm-Message-State: AOAM5303/YEfGX8n2vjhLQxeK5jOIZCpmqPsni+8jQGmur1K8p3FmBkZ WILvFLtmjpxglf1qsuoP/ImlXO+5jZfjuxqwQ7s=
X-Google-Smtp-Source: ABdhPJwx8DKXZJz3qjyqQUAAxCn1DZktyD00l6hnuguiyGYUnum9I8C27rzDn4oS7WIxOfPLIw/sdui54xgwAjg+leU=
X-Received: by 2002:a63:eb53:: with SMTP id b19mr637387pgk.383.1615838255736; Mon, 15 Mar 2021 12:57:35 -0700 (PDT)
MIME-Version: 1.0
References: <MN2PR13MB40876899246382264C393D06F26F9@MN2PR13MB4087.namprd13.prod.outlook.com> <89430d8e-58c1-7854-27a5-b01a4cf9c43f@joelhalpern.com> <MN2PR13MB4087266ED6ECE72F5F281E86F26F9@MN2PR13MB4087.namprd13.prod.outlook.com> <41feb923-eeba-d7db-a048-1b335bf8f92b@joelhalpern.com> <MN2PR13MB40874FC93A03CCDE2A012ECBF26F9@MN2PR13MB4087.namprd13.prod.outlook.com> <ad81e08a-09ab-ef9a-3295-ab3cf58b740d@joelhalpern.com> <CABNhwV3PR_u2jG6Eo2uRwK0XRSemZJ006RdeuGG6_jyJnaZoAg@mail.gmail.com> <MN2PR13MB408793C3C9D5398C13BA0DDAF26C9@MN2PR13MB4087.namprd13.prod.outlook.com> <be57d874-8e7e-1ff6-cb64-4660476f82ce@joelhalpern.com>
In-Reply-To: <be57d874-8e7e-1ff6-cb64-4660476f82ce@joelhalpern.com>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Mon, 15 Mar 2021 15:57:25 -0400
Message-ID: <CABNhwV1E6LTifyJHqx_j2Pvd5CEppeinqh=-nMw2GLqXFkPaPw@mail.gmail.com>
To: Joel Halpern Direct <jmh.direct@joelhalpern.com>
Cc: Huaimo Chen <huaimo.chen@futurewei.com>, "idr@ietf.org" <idr@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003f6aac05bd98a965"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/NaC01xKpgAjApELBOJqy6gINAmU>
Subject: Re: [Idr] locator length : draft-li-idr-flowspec-srv6
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Mar 2021 19:57:41 -0000

Hi Joel

Please see section 3 and 5 of SRv6 BGP overlay draft below.

t is my understanding that the 20 byte VPN service label MPLS  bottom of
stack label is encoded into the function portion or the SRv6 service SID.

https://datatracker.ietf.org/doc/html/draft-ietf-bess-srv6-services-06

Section 2

   o  SRv6 L3 Service TLV: This TLV encodes Service SID information for
      SRv6 based L3 services.  It corresponds to the equivalent
      functionality provided by an MPLS Label when received with a Layer
      3 service route as defined in [RFC4364
<https://datatracker.ietf.org/doc/html/rfc4364>] [RFC4659
<https://datatracker.ietf.org/doc/html/rfc4659>] [RFC8950
<https://datatracker.ietf.org/doc/html/rfc8950>]
      [I-D.ietf-bess-evpn-prefix-advertisement
<https://datatracker.ietf.org/doc/html/draft-ietf-bess-srv6-services-06#ref-I-D.ietf-bess-evpn-prefix-advertisement>].
Some behaviors which
      MAY be encoded, but not limited to, are End.DX4, End.DT4, End.DX6,
      End.DT6, etc.


Section 6


5.1 <https://datatracker.ietf.org/doc/html/draft-ietf-bess-srv6-services-06#section-5.1>.
IPv4 VPN Over SRv6 Core

   The MP_REACH_NLRI over SRv6 core is encoded according to IPv4 VPN
   Over IPv6 Core defined in [RFC8950
<https://datatracker.ietf.org/doc/html/rfc8950>].

   Label field of IPv4-VPN NLRI is encoded as specified in [RFC8277
<https://datatracker.ietf.org/doc/html/rfc8277>]
   with the Label Value set to the Function part of the SRv6 SID when
   the Transposition Scheme of encoding (Section 4
<https://datatracker.ietf.org/doc/html/draft-ietf-bess-srv6-services-06#section-4>)
is used and
   otherwise set to Implicit NULL.

   SRv6 Service SID is encoded as part of the SRv6 L3 Service TLV.  The
   behavior of the SRv6 SID is entirely up to the originator of the
   advertisement.  In practice, the behavior is End.DX4 or End.DT4.



5.2 <https://datatracker.ietf.org/doc/html/draft-ietf-bess-srv6-services-06#section-5.2>.
IPv6 VPN Over SRv6 Core

   The MP_REACH_NLRI over SRv6 core is encoded according to IPv6 VPN
   over IPv6 Core is defined in [RFC4659
<https://datatracker.ietf.org/doc/html/rfc4659>].

   Label field of the IPv6-VPN NLRI is encoded as specified in
[RFC8277 <https://datatracker.ietf.org/doc/html/rfc8277>]
   with the Label Value set to the Function part of the SRv6 SID when
   the Transposition Scheme of encoding (Section 4
<https://datatracker.ietf.org/doc/html/draft-ietf-bess-srv6-services-06#section-4>)
is used and
   otherwise set to Implicit NULL.

   SRv6 Service SID is encoded as part of the SRv6 L3 Service TLV.  The
   behavior of the SRv6 SID is entirely up to the originator of the
   advertisement.  In practice, the behavior is End.DX6 or End.DT6.



On Mon, Mar 15, 2021 at 11:54 AM Joel Halpern Direct <
jmh.direct@joelhalpern.com> wrote:

> Func / arg is not the label.  LOC+FUNC+ARG is the label.
> While I doubt the utility, I understand that flowspec allows for
> applying such comparisons to the whole prefix.  I am not asking to get
> rid of that.  But there is no need to apply a range to just the FUNC, or
> worse just the ARG part.
>
> Yours,
> Joel
>
> On 3/15/2021 11:00 AM, Huaimo Chen wrote:
> > Hi Gyan,
> >
> >      Thank you very much for your comments.
> >
> >      RFC 8956 defines (Type 13) Flow Label component containing a list of
> > {numeric_op, value} pairs that are used to match the 20-bit Flow Label.
> > The operations on the label can be lt (less than) and gt (greater than).
> >
> >      As you mentioned in your comments, MPLS VPN labels are encoded into
> > the func/arg of SRv6 SID. In this case, it seems that the operations
> > lt and gt on func/arg are the operations on label. Applying operations
> > lt and gt on func/arg (i.e., label) makes sense.
> >
> > Best Regards,
> > Huaimo
> >
> > ------------------------------------------------------------------------
> > *From:* Gyan Mishra <hayabusagsm@gmail.com>
> > *Sent:* Saturday, March 13, 2021 1:27 AM
> > *To:* Joel M. Halpern <jmh@joelhalpern.com>
> > *Cc:* Huaimo Chen <huaimo.chen@futurewei.com>om>; idr@ietf.org <
> idr@ietf.org>
> > *Subject:* Re: [Idr] locator length : draft-li-idr-flowspec-srv6
> > Huaimo
> >
> > With SRv6 BGP Service overlay the egress PE signals the SRv6 Service SID
> > in SRv6 service TLV encoded in BGP prefix SID attribute with BGP overlay
> > service route for SRv6-BE /no SRH or egress PE colors overlay service
> > route with BGP color community for SRv6-TE w/ SRH.  The SRv6 source node
> > encapsulates the PE-CE customer payload in outer “MPLS topmost transport
> > label like” IPv6 header where the destination address is the SRv6
> > Service SID provided by the egress PE.
> >
> > The SRv6 L2 L3 VPN Services TLV is encoded in the BGP prefix SID
> > attribute identical to MPLS VPN service label and thus the VPN label is
> > now encoded into the func/arg SRv6 SID signaled by the egress PE and is
> > fixed throughout the closed SR domain.
> >
> > SRv6 BGP Service overlay
> >
> > https://tools.ietf.org/html/draft-ietf-bess-srv6-services-05
> > <
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-bess-srv6-services-05&data=04%7C01%7Chuaimo.chen%40futurewei.com%7Cf35805d2e8784e5a795108d8e5e9251a%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637512136823894640%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=cIFl1GwBr%2FkLm7j%2BI5XR8CuCwPkhcZEzsK8B8S8291Q%3D&reserved=0
> >
> >
> > As SRv6 is reusing the IPv6 data plane with same L3 VPN overlay RFC
> > 4364, I don’t think any of the processes would change to carry BGP flow
> > spec RFC 8955, as the BGP vpn overlay layer remains unchanged.
> >
> > We are just swapping the underlay change from MPLS to IPv6 data plane.
> >
> >
> > Kind Regards
> >
> > Gyan
> >
> > On Fri, Mar 12, 2021 at 3:29 PM Joel M. Halpern <jmh@joelhalpern.com
> > <mailto:jmh@joelhalpern.com>> wrote:
> >
> >     I have to disagree with your basic premise.  At least for LOC and
> FUNC
> >     bits, less than and greater than are NOT meaningful comparisons.
> >
> >     Even for ARG bits, the only defined usage for the bits is such that
> >     comparisons other than equal to / not equal to are meaningless.
> >
> >     Yours,
> >     Joel
> >
> >     On 3/12/2021 3:19 PM, Huaimo Chen wrote:
> >      > Hi Joel,
> >      >
> >      >      Thanks much for your further comment.
> >      >
> >      >      It seems that using loc, func and args in SID is simpler
> >     than using
> >      > address prefix of SID for SRv6 flow specification. For
> >     matching/filtering
> >      > on an IP destination address prefix, it seems that there is just
> >     bitwise
> >      > pattern matching. For matching/filtering on a SID (loc, func and
> >     args in
> >      > SID),
> >      > there are a few operators such as eq, lt and gt (and combinations
> >     of them).
> >      >
> >      >      For flow specification(s) to match a range of functions such
> as
> >      > from function value F1 to F1+1, to F1+n (where n > 1) in SID,
> >      > using IP address prefix seems need (n+1) flow specifications,
> each of
> >      > which is for one function value and would have two (type 1)
> >     components:
> >      > one component for matching the locator and the other for matching
> the
> >      > function value. Using loc and func in SID needs just one flow
> >     specification
> >      > having one (type TBD) component with three <op, value> pairs. The
> >     first pair
> >      > is for matching the locator and the other two for the range.
> >      >
> >      > Best Regards,
> >      > Huaimo
> >      >
> >      >
> >
>  ------------------------------------------------------------------------
> >      > *From:* Joel Halpern Direct <jmh.direct@joelhalpern.com
> >     <mailto:jmh.direct@joelhalpern.com>>
> >      > *Sent:* Friday, March 12, 2021 11:49 AM
> >      > *To:* Huaimo Chen <huaimo.chen@futurewei.com
> >     <mailto:huaimo.chen@futurewei.com>>
> >      > *Cc:* idr@ietf.org <mailto:idr@ietf.org> <idr@ietf.org
> >     <mailto:idr@ietf.org>>; Lizhenbin <lizhenbin@huawei.com
> >     <mailto:lizhenbin@huawei.com>>
> >      > *Subject:* Re: locator length : draft-li-idr-flowspec-srv6
> >      > Given that you have to check loc before func and check loc and
> func
> >      > before arg, it would seem simpler to just use an address prefix.
> >     Gets
> >      > around all of the knowledge problems.
> >      >
> >      > Note that a UI for creating flowspec filters can allow the user to
> >      > specify it in all sorts of ways.  that does not mean we need to
> >     put all
> >      > of them in the protocol when they are equivalent.
> >      >
> >      > Yours,
> >      > Joel
> >      >
> >      > On 3/12/2021 11:44 AM, Huaimo Chen wrote:
> >      >> Hi Joel,
> >      >>
> >      >>      Thanks much for your further comment.
> >      >>
> >      >>      Just checking the FUNC bits should be limited. We will add
> some
> >      >> text to state that in order to check the FUNC bits, the LOC
> needs to
> >      >> be examined and matched first.
> >      >>
> >      >> Best Regards,
> >      >> Huaimo
> >      >>
> >      >>
> >
>  ------------------------------------------------------------------------
> >      >> *From:* Joel Halpern Direct <jmh.direct@joelhalpern.com
> >     <mailto:jmh.direct@joelhalpern.com>>
> >      >> *Sent:* Friday, March 12, 2021 9:58 AM
> >      >> *To:* Huaimo Chen <huaimo.chen@futurewei.com
> >     <mailto:huaimo.chen@futurewei.com>>; Joel M. Halpern
> >      >> <jmh@joelhalpern.com <mailto:jmh@joelhalpern.com>>
> >      >> *Cc:* idr@ietf.org <mailto:idr@ietf.org> <idr@ietf.org
> >     <mailto:idr@ietf.org>>; Lizhenbin <lizhenbin@huawei.com
> >     <mailto:lizhenbin@huawei.com>>
> >      >> *Subject:* Re: locator length : draft-li-idr-flowspec-srv6
> >      >> An operator can assign B::/48 and C::?46  for Locators.  Sure,
> >     it would
> >      >> usually be a single prefix with a single length.  But that is
> >     not required.
> >      >>
> >      >> When one is examining the LOC, sure, you can use the value
> length to
> >      >> handle it.
> >      >> But the way the mechanism is described, one could try to check
> >     just the
> >      >> FUNC bits, without matching the LOC.
> >      >> First, that has the problem of needing exogenous information
> >     about the
> >      >> LOC length.
> >      >>
> >      >> And it is actually worse than that.  Testing the FUNC bits of the
> >      >> destination field of an IP packet without checking the LOC bits
> is
> >      >> actually meaningless.  You don't even know if the DA is an SRv6
> SID.
> >      >>
> >      >> An yet further, there is no requirement that the encoding of the
> >     FUNC in
> >      >> different SIDs uses the same value representation.  The
> standardized
> >      >> values are for advertising in routing protocols, not for the
> >     packets.
> >      >>
> >      >> Net: I don't think having the field identification works.
> >      >>
> >      >> Yours,
> >      >> Joel
> >      >>
> >      >> On 3/12/2021 9:51 AM, Huaimo Chen wrote:
> >      >>> Hi Joel,
> >      >>>
> >      >>>      Thank you very much for your comment during the IETF 110.
> >      >>>
> >      >>>      Regarding to the lengths of locator(LOC)s and
> >     function(FUNCT)s in
> >      >>> SIDs,
> >      >>> RFC8986 says that the locator length, is flexible, and an
> >     operator is free
> >      >>> to use the locator length of their choice. This seems
> >     indicating that the
> >      >>> operator can select the length for the locator. After their
> >     selection, the
> >      >>> the locator length is determined/fixed. This is illustrated by
> >     examples
> >      >>> in RFC8986.
> >      >>>
> >      >>>      One example in the beginning of section 3.2 is as follows:
> >      >>>         For example, a network operator may:
> >      >>>            Assign block B::/48 to the SR domain
> >      >>>            Assign a unique B:N::/64 block to each SRv6-enabled
> >     node in
> >      >>> the domain.
> >      >>> After this assignment, the length of the locators of the SIDs
> >     in the domain
> >      >>> is 64 bits.
> >      >>>
> >      >>>      In the end of section 3.2, the text shows the Function
> >     fields of SIDs.
> >      >>> The length of function(FUNCT)s is 16 bits.
> >      >>>
> >      >>>      When a SID is used in the domain, its locator length and
> >     function
> >      >>> length
> >      >>> should have been determined.
> >      >>>
> >      >>>      When an operator configures a SRv6 flow specification,
> >     involving
> >      >>> a SID or a group of SIDs, s/he should have known the locator
> >     length and
> >      >>> function length in the SID(s).
> >      >>>
> >      >>> Best Regards,
> >      >>> Huaimo
> >
> >     _______________________________________________
> >     Idr mailing list
> >     Idr@ietf.org <mailto:Idr@ietf.org>
> >     https://www.ietf.org/mailman/listinfo/idr
> >     <
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fidr&data=04%7C01%7Chuaimo.chen%40futurewei.com%7Cf35805d2e8784e5a795108d8e5e9251a%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637512136823904595%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=308PkYLf8wfcS9h%2BK07PUSuNMZuD%2B%2F877Xxxbo4hSDk%3D&reserved=0
> >
> >
> > --
> >
> > <
> https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.verizon.com%2F&data=04%7C01%7Chuaimo.chen%40futurewei.com%7Cf35805d2e8784e5a795108d8e5e9251a%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637512136823904595%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Gqfjp5KslpJZe%2FM1vfBPfXeX81XslNzamG5SHfrDogQ%3D&reserved=0
> >
> >
> > *Gyan Mishra*
> >
> > /Network Solutions A//rchitect /
> >
> > /M 301 502-1347
> > 13101 Columbia Pike
> > /Silver Spring, MD
> >
> >
>
-- 

<http://www.verizon.com/>

*Gyan Mishra*

*Network Solutions A**rchitect *



*M 301 502-134713101 Columbia Pike *Silver Spring, MD