Re: [Idr] WG adoption call - draft-li-idr-flowspec-srv6-05,txt
Huaimo Chen <huaimo.chen@futurewei.com> Tue, 03 August 2021 20:58 UTC
Return-Path: <huaimo.chen@futurewei.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A39013A3294; Tue, 3 Aug 2021 13:58:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.089
X-Spam-Level:
X-Spam-Status: No, score=-2.089 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xz-pbevhlLMy; Tue, 3 Aug 2021 13:58:36 -0700 (PDT)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2138.outbound.protection.outlook.com [40.107.93.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9509E3A3293; Tue, 3 Aug 2021 13:58:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UDiZSuV15scOajR1JVBMkofeJPfL63Vpr8JpcxBl1ZKfg+8nBNPYDvGqwnUmGH2yZXKhHT7IUjeiC6yaNcpSGIt2+ah7XUFgjhh0e9ELrMf6gtNF2yMC4MiGCVrXOpEY9llLSN1D6bww7EqixDA5c9tATmfpUUS6Az+ju2GJT4gr9p7CdqwOPlivipAz4So/eVZqAX35+Mlbq5amNwrqXE9+NApYoR6C6FaJY/tLIpC9N0jvJ0JYpBkGNKexCo8RZ6F6S7hwOK06dVdQJyj2DkTLf0uyBMFnGyoZXaDk0c3uUuTuJMLDRpJMt0V60eg+lGNnV+n9mRCBbQ/oE3AH2g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MS8HhgfuJf/f32+TpSDBwtc6kciuuXaxrg076HwTYhY=; b=n0BGoglmq1FezOYb3PcaNQF77hyLmZjpVZq8MR9qOByQiPfLmFobVaouTHrDciClWxGO1Hx+avaObNlpJtcYyv4d+Q9lTemVTDyvFeN/97ahBLCWwQhEw/TA+C+0Ws/CNKaZBKjOPd7jHDzkY/dUvH8TBeXVjVuiZPZd/8WJLaOxLEDt8wLDbfzyJVbRnM5BAHsoH8J4esVNUDPm333Z+7WWn1uchGUd5QF3Vc0j7Os68erAIZfXQ5AOYjKUOZDHTb+lyslanXiN0/9xJPqdeEoZ6rWDPoaCd6ChP9jP4RZNX467DxCIIbWYs7Q+ijAeAOJGQvzipJgO9IgFMuhnrQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MS8HhgfuJf/f32+TpSDBwtc6kciuuXaxrg076HwTYhY=; b=gZouNd0vZXN+BLpRjBn9scJiX9avNyI5FlyAHCYu/TmB6jlzr8XxKF/QH88LZMC5M2ivmhSSmlImh/oLciTZZLdAd1dV7sVHPFDjnx3S6+YUk5aH0GwfDxupfjdT3OTqWqeZK+uobys9qObCmpb2d3asxnkPokYqvVErZ+XaWpA=
Received: from BY3PR13MB5044.namprd13.prod.outlook.com (2603:10b6:a03:362::22) by BY5PR13MB3873.namprd13.prod.outlook.com (2603:10b6:a03:229::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.12; Tue, 3 Aug 2021 20:58:34 +0000
Received: from BY3PR13MB5044.namprd13.prod.outlook.com ([fe80::8892:9918:1d4f:e5ca]) by BY3PR13MB5044.namprd13.prod.outlook.com ([fe80::8892:9918:1d4f:e5ca%4]) with mapi id 15.20.4394.015; Tue, 3 Aug 2021 20:58:34 +0000
From: Huaimo Chen <huaimo.chen@futurewei.com>
To: "Ketan Talaulikar (ketant)" <ketant@cisco.com>, Susan Hares <shares@ndzh.com>, "idr@ietf.org" <idr@ietf.org>, "draft-li-idr-flowspec-srv6@ietf.org" <draft-li-idr-flowspec-srv6@ietf.org>
Thread-Topic: [Idr] WG adoption call - draft-li-idr-flowspec-srv6-05,txt
Thread-Index: Add/4sY1y/C0DGrlTPWyZq9XeRllcQFV5TdAANvSyDE=
Date: Tue, 03 Aug 2021 20:58:33 +0000
Message-ID: <BY3PR13MB5044A581C1D75FB80F46C2DFF2F09@BY3PR13MB5044.namprd13.prod.outlook.com>
References: <022201d77fe3$eb9ba9b0$c2d2fd10$@ndzh.com>, <MW3PR11MB4570125E6DCFC74FAE544041C1EC9@MW3PR11MB4570.namprd11.prod.outlook.com>
In-Reply-To: <MW3PR11MB4570125E6DCFC74FAE544041C1EC9@MW3PR11MB4570.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: cisco.com; dkim=none (message not signed) header.d=none;cisco.com; dmarc=none action=none header.from=futurewei.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0f129778-f835-4ba3-7622-08d956c1750c
x-ms-traffictypediagnostic: BY5PR13MB3873:
x-microsoft-antispam-prvs: <BY5PR13MB3873F0620079A485633ADB09F2F09@BY5PR13MB3873.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: dyUqDphhvDlrVkFBSnonc0DYP4tFz5Rk3t4BQgLRDKqNkRR3Gj3hJmfKQE6pKT/sV3AbcUiVpkwl6nyXxqmPQzrDbxV8jhoV9jIe5Rdka2d9YCIYV4nJYTvHzYh0oyopNjKnd90caCCLyEZ0EVITHcXlPZyyUWhOrnMjx8p8/yyFNdiKXtgKORaQAm2Ha4FN+d9Ktum6lz/qEUPqk4NK4amwj8pBKwZyi/40V2ej4uz/xkXEp9o6X9mGeCASlfqSvZRoMOu+P3B9eLHpJ2xyaFDaCLBiiFDpm/pqHg/3sMNlJMkb7LrYe6lZcE5WDzJNodQ2huCEzqyXHl0u4nsAqMeKLEQvj6JFv2QjcPZkgNSk+/Vt+S8XcTrNAAO8kH4S7uWpgYZ4taDBbSNT4a36pFPZI4F7Iw5FW+FLyebQhMdGvkQuhQvu8C1wNbBvUwZMuGgZ0I2gDw7E6GPY2PbGmTJzoUdXeZC5bK4JfG8nZc5zeMgUdkhepbvBxjBzAa88wik8llo+PSm5+XWup5w3XK9DZFCZ0FZ7eIxZj54sKu29TXS7IaFypS0nKd7IlAx394MF/I7H4ngP9BWPvk0JheND4AmjpZoRQOPtnS4r50DjEt6M5hnSV1/JTte2SxBIIRYptrhgLKgDDGz3lzZh34oRcrjjEwa2q/GxlKYWEyQIG7MKsmckcxVbd/Yd5CAlhMSJpj284Okw00rDqkf/jAOH0roJPB/1nyML+tacif6fxYQdfPyCsT0UMG+hu8cvwp9x6NCz0uVaAlyzG8gM2/AIRWy4LAOAYC9l0E/02j4=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY3PR13MB5044.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(136003)(346002)(39840400004)(396003)(366004)(71200400001)(966005)(83380400001)(478600001)(166002)(2906002)(5660300002)(45080400002)(86362001)(8676002)(19627405001)(55016002)(110136005)(66574015)(9686003)(64756008)(66476007)(91956017)(33656002)(66946007)(76116006)(44832011)(53546011)(66556008)(66446008)(186003)(6506007)(316002)(38070700005)(38100700002)(52536014)(122000001)(7696005)(8936002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: j9bj08FDgwxOWYIlX5zF8DJCpKjYheCItgU8Xkfj7r4fERnXpL9BrJIKsSJS/3bg/DQxh1Hj98Cr4oa+EqsxKOixB1TKVgfEjVykV9zJdq6HFmhadF+mdPkjnMAdxKSc8rLaapO7s9XwKCv8S0fbDg0cvGRMQeoNQeEsk4yhqqcnUcVxgCkVFoM2aHbeBkAu+Hvr6negmGAfsxZevGSCnTL/ubpYASl0AINXs3GeUAd8ZC+t4JTWhwrq5EFQxiuMO+UMFb1TkdIp1PqS3YPpR9p0LI6J9FZikGpJMVIVDoLb685WiFRw6cE9PgPfYSoakY+S1mzKt8GABE8d+N1QrX9Za24a7uGMEhzGC+e/8FJ4hLPPUd6Y4nT4rjNqVLpyn4Rstwkayd4FoeBKdp9dnKp/Jw0dnViB093/4dDQDJgIuizcQDMIVfE0eklkCexkaHF6fmDN+ub2M8pJAl0bFUzblflfmrmGRRxTcwPdt+g0XdSGwivGiY+Jqi6QrgzzquoU3qkjhtLU3jSxRg4Dths3GnvOhOXaZfTXlwU9fNyaDvRQQDeAmEkQX+S2YxXfLCnZmeQTALj/omcDtuXUMGjZ2Lowcl9ja9Z2YQSfuTSXmboUREhsuqY++4EZwhtlEeEPW5E4CZLDRvjeAMrTrE604QDFSq81lNPqYs138fcLDBNZbzQCiFs3fylEhSK0+PHx9vVWk99loJoYZP3BalKjJfoHg/PudyCirsCvDMen0ovJwYWWWtYLd6pSwonPDN56nQ+UkZNSXW/qu2OdYpg7M55FlFp8HgtzYQcFhIbUYwz3vDLqyEPTGEblYmCvXMjcsxPmnkb4OZXhsuFT5GSr9jY15iiyj6MUbRgSjAc/CwwYShs73cTNfL+qZKRjq8ylSr+AINaxvWLObAtzX5ZGtEI0okQ6mCEOH3Cl3XsHuySi0tA97J52usq/K/L/YVgKcHmqrboV54znSJ7LTFRWaIIJCAgYVtOvdmWzmTyxOyXBT/J7PCbULGa1veBTjkWMPyRWZPtObEX7OKLAX4vgQHZ47qbh9ERTDEYSU80YvRWJcfrxYLplOk0Eq+NeuVullmS3kKPZdxl/xFPF2KoGYUaekHIqf7yREwBI/y4Qdsg3VDHVZsUTWvkg+Jl7EVfVyvVfZxC2jvYotd7du6nLs8uh0Tl89aVBtUyo/B6jPOUnf+wAv94zXUg4e3P6Urj1IXSf1WgT8A2PTf3IJ/iAQT1XOinwMpoJrVqMyCUr37ZXav5U2b2ihYflEINhFDlDiMlr1TrBqIB2AsvAEanfghZrT1AfDZqXl9HV6loInC+X4Mt1CqW6d+lZBsUwAND5YcD0NgZGQcj5TtrlpV++Bz0fJC6OdeI2stWoEjKtK+2fevfZ4vgdXHSDL8md
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BY3PR13MB5044A581C1D75FB80F46C2DFF2F09BY3PR13MB5044namp_"
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY3PR13MB5044.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0f129778-f835-4ba3-7622-08d956c1750c
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Aug 2021 20:58:34.0062 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ThKKGrMO2auavKzDzIozTtLDZXm6egUpgQc8Gp0PNhPBNaCEiTLqfoNVUtCND4mjZpya55u0r+3L9JfEe6uQ0A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR13MB3873
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/QWztUyr9V_HqOx9wS7d3LrfpPec>
Subject: Re: [Idr] WG adoption call - draft-li-idr-flowspec-srv6-05,txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Aug 2021 20:58:43 -0000
Hi Ketan, Thank you very much for your review and 6 specific comments. My responses are inline below with [HC]. 1. FlowSpec v1 is supposed to be focussed on the DDOS use-case. I don't find any text in the draft that clarifies how/why this is related to DDOS use-case. To me, this seems like something for FlowSpec v2. Per (what I understood to be) WG consensus, this work is then perhaps deferred to v2. [HC]: This draft is for FlowSpec v2. 2. The draft proposes a new type "Whole SID". My understanding from the text is that this rule applies to the IPv6 DA and not the segments within the SRH. If so, then: * What distinguishes a SID from any other IPv6 address in the DA field? [HC]: It is a kind of post processing SRv6 PGM that we are matching on the DA after the SID has been copied from the SRH header to the DA and SL decremented SL=SL-1. * Why isn't the existing IPv6 DA type not sufficient? [HC]: It is sufficient but it is the post SRv6 processing after the SID is copied from SRH to DA when the next hop steering occurs. The new type can provide some SID specific operations. 3. The draft proposes a new type "Some bits of SID (SBoS)". Again, I believe this applies to the IPv6 DA again - so the same two Qs above apply to this type to. What prevents a router (mistakenly) applying this rule to packets with non-SRv6 SID in their DA. [HC]: Refer to the answers above to the same questions. A router MUST determine the IPv6 DA is a SID first and then applies this rule only when the IPv6 DA is a SID. This can be achieved by applying the rule as a post processing SRv6 PGM. 4. When the SBoS type is used, the SRv6 SID structure MUST be indicated as part of the rule. Then the parts of the SID of interest that need to be matched are also given in the space for the SID. Is my understanding correct? If so, the text was not very clear to me. [HC]: You are right. We will add some descriptions to make it clear. 5. The question of why this SBoS type is required again crops us since the base FlowSpec rule for DA does allow pattern matching on the IPv6 DA as well? Perhaps I am mistaken, and if so the document does not provide any text or justification for why these new types are required. [HC]: A SRv6 SID has a specific structure with different fields. Some fields in a SID may have some specific values. For example, VPN service labels are embedded into some fields such as Func/Arg of the SRv6 SIDs in some cases. This SBoS type can provide some specific operations on some fields in a SID. For example, the service labels in Func/Arg of SRv6 SIDs are within a given range. We may check the ranges of the values in the fields using SBoS type. We will add some text for justification. 6. Finally, there is no text related to the specific applicability scenarios for these extensions. Exactly why it is difficult to determine whether this falls under v1 or v2 scope. [HC]: We will add some examples using these extensions. Best Regards, Huaimo on behalf of co-authors ________________________________ From: Ketan Talaulikar (ketant) <ketant@cisco.com> Sent: Friday, July 30, 2021 8:18 AM To: Susan Hares <shares@ndzh.com>; idr@ietf.org <idr@ietf.org>; draft-li-idr-flowspec-srv6@ietf.org <draft-li-idr-flowspec-srv6@ietf.org> Subject: RE: [Idr] WG adoption call - draft-li-idr-flowspec-srv6-05,txt Hello, I have reviewed https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-li-idr-flowspec-srv6-05&data=04%7C01%7Chuaimo.chen%40futurewei.com%7C0b12565f359d468e7d8308d9535439c6%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C1%7C637632443513317218%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=dFhw6e%2F%2BR0%2BkDcGsjOlf2A4MmbuB080PIoBqTi99%2Bt0%3D&reserved=0 and have the following questions for the authors before we consider adoption. 1. FlowSpec v1 is supposed to be focussed on the DDOS use-case. I don't find any text in the draft that clarifies how/why this is related to DDOS use-case. To me, this seems like something for FlowSpec v2. Per (what I understood to be) WG consensus, this work is then perhaps deferred to v2. 2. The draft proposes a new type "Whole SID". My understanding from the text is that this rule applies to the IPv6 DA and not the segments within the SRH. If so, then: * What distinguishes a SID from any other IPv6 address in the DA field? * Why isn't the existing IPv6 DA type not sufficient? 3. The draft proposes a new type "Some bits of SID (SBoS)". Again, I believe this applies to the IPv6 DA again - so the same two Qs above apply to this type to. What prevents a router (mistakenly) applying this rule to packets with non-SRv6 SID in their DA. 4. When the SBoS type is used, the SRv6 SID structure MUST be indicated as part of the rule. Then the parts of the SID of interest that need to be matched are also given in the space for the SID. Is my understanding correct? If so, the text was not very clear to me. 5. The question of why this SBoS type is required again crops us since the base FlowSpec rule for DA does allow pattern matching on the IPv6 DA as well? Perhaps I am mistaken, and if so the document does not provide any text or justification for why these new types are required. 6. Finally, there is no text related to the specific applicability scenarios for these extensions. Exactly why it is difficult to determine whether this falls under v1 or v2 scope. Thanks, Ketan From: Idr <idr-bounces@ietf.org> On Behalf Of Susan Hares Sent: 23 July 2021 22:28 To: idr@ietf.org; draft-li-idr-flowspec-srv6@ietf.org Subject: [Idr] WG adoption call - draft-li-idr-flowspec-srv6-05,txt This begins a 2 week WG adoption call for draft-li-idr-flowspec-srv6-05.txt
- [Idr] WG adoption call - draft-li-idr-flowspec-sr… Susan Hares
- Re: [Idr] WG adoption call - draft-li-idr-flowspe… Huaimo Chen
- Re: [Idr] WG adoption call - draft-li-idr-flowspe… Lizhenbin
- Re: [Idr] WG adoption call - draft-li-idr-flowspe… LEI LIU
- Re: [Idr] WG adoption call - draft-li-idr-flowspe… Xufeng Liu
- Re: [Idr] WG adoption call - draft-li-idr-flowspe… Linda Dunbar
- Re: [Idr] WG adoption call - draft-li-idr-flowspe… Gyan Mishra
- [Idr] 回复: WG adoption call - draft-li-idr-flowspe… zhuyq8
- Re: [Idr] WG adoption call - draft-li-idr-flowspe… Zhuangshunwan
- Re: [Idr] WG adoption call - draft-li-idr-flowspe… Chenshuanglong
- Re: [Idr] WG adoption call - draft-li-idr-flowspe… Yanhe Fan
- Re: [Idr] WG adoption call - draft-li-idr-flowspe… Yanhe Fan
- Re: [Idr] WG adoption call - draft-li-idr-flowspe… Ketan Talaulikar (ketant)
- Re: [Idr] WG adoption call - draft-li-idr-flowspe… Susan Hares
- Re: [Idr] WG adoption call - draft-li-idr-flowspe… Ketan Talaulikar (ketant)
- Re: [Idr] WG adoption call - draft-li-idr-flowspe… Susan Hares
- Re: [Idr] WG adoption call - draft-li-idr-flowspe… Susan Hares
- Re: [Idr] WG adoption call - draft-li-idr-flowspe… Huaimo Chen
- [Idr] 答复: WG adoption call - draft-li-idr-flowspe… Lilei (Lily)
- Re: [Idr] WG adoption call - draft-li-idr-flowspe… Chengli (Cheng Li)
- Re: [Idr] WG adoption call - draft-li-idr-flowspe… Donald Eastlake
- Re: [Idr] WG adoption call - draft-li-idr-flowspe… Tianran Zhou
- Re: [Idr] WG adoption call - draft-li-idr-flowspe… Yangfan (IP Standard)
- Re: [Idr] WG adoption call - draft-li-idr-flowspe… Wangyali(Yali,Data Communication Standards and Patents Dept)