Re: [Idr] locator length : draft-li-idr-flowspec-srv6

Huaimo Chen <huaimo.chen@futurewei.com> Fri, 12 March 2021 20:19 UTC

Return-Path: <huaimo.chen@futurewei.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BB243A10EC for <idr@ietfa.amsl.com>; Fri, 12 Mar 2021 12:19:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.089
X-Spam-Level:
X-Spam-Status: No, score=-2.089 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QyfXprwXS36C for <idr@ietfa.amsl.com>; Fri, 12 Mar 2021 12:19:34 -0800 (PST)
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2098.outbound.protection.outlook.com [40.107.244.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB3B53A10E7 for <idr@ietf.org>; Fri, 12 Mar 2021 12:19:33 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=R7TAreN52vlCVmXuYVa3xGc8PAeVtjgpTXjLnTPEvNvp5H6IRg3lWr+ZCnRyiqfblfF7RdPSk7djuhU5IWt2a9yRMzXfbxHMJ8gWXgusNAHnVBbTMYjyMuT/JigP7U/z8lUT8mbG9ShT5gl5pw9G7ISfhTldqPpYsOCCsvRikTUhHKG7U6KGo24LWOtMhxZIeegb3dLK3MOA3hjcnem0Ys4r9y2hxIqPiEgoTVZOSV/uzaTKdBFGaiX6GCkLQVGMMZ0n2N/7b665ewilZQrEuHNmFSgNTGPyKrauo7k7eN+ZmtWaRLmr7QRHo/TD3b7C+oI/TBbA8xEJe1cNd2/36g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ciBC4AXGvW8tkTLTKeJI7sDmPYFr9o+WMXfax6iB7eE=; b=iN0pOZ4NESD4j5CV7hIM1/H8TnEwDefA2azX0UF2DTC8+pDdoC2/Gx4XT7LdCFnoz5pN3Ap1DpFTqnBM3U9tKSimAkExUhG7QagfILiwJrsy+uIksGuaMgV9FrssNWAO0TelYrANn25rKwJJrbGN2KL1ahg6Rwh2HfLponBKN5Hqj6315/93mH4tp0hryWkwxThQwCFoZw1EFG7PLuLVEQB7G88aYhu7MRaMWR6ffEUxsLHQ6ru5d8nCElfZofhaB/TuWdgwZ/f6oVrPOPVu20gQkoW2A7DMj1SEDmn/ge5iuZdlVvU7f5MR1wElhg4Bea6Qhrzy96PWocR3ROUrhg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ciBC4AXGvW8tkTLTKeJI7sDmPYFr9o+WMXfax6iB7eE=; b=W5+VSTn7KXhQTPO3jgqbggSPEwhxZNnGZcNkoJB5BrLIY7jiOnbRZvgn7GWQnD+B2JY0A9aTNUsiwUWYqsLdNIU50NZwRX+pbzYNanYRqfIlYBpWZ4zIQZghX1rQhnHx/35esMCnLix+9W34YoUucAoPZ8aKbVoK9AhdmMrM3fg=
Received: from MN2PR13MB4087.namprd13.prod.outlook.com (2603:10b6:208:263::16) by MN2PR13MB3805.namprd13.prod.outlook.com (2603:10b6:208:1f0::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.14; Fri, 12 Mar 2021 20:19:30 +0000
Received: from MN2PR13MB4087.namprd13.prod.outlook.com ([fe80::14ed:3768:8b86:be32]) by MN2PR13MB4087.namprd13.prod.outlook.com ([fe80::14ed:3768:8b86:be32%9]) with mapi id 15.20.3933.016; Fri, 12 Mar 2021 20:19:30 +0000
From: Huaimo Chen <huaimo.chen@futurewei.com>
To: Joel Halpern Direct <jmh.direct@joelhalpern.com>
CC: "idr@ietf.org" <idr@ietf.org>, Lizhenbin <lizhenbin@huawei.com>
Thread-Topic: locator length : draft-li-idr-flowspec-srv6
Thread-Index: AQHXF02tikGQcIMfGU6yjuwVAdoH0KqAcZQAgAAdKIaAAAH1gIAAN6eB
Date: Fri, 12 Mar 2021 20:19:30 +0000
Message-ID: <MN2PR13MB40874FC93A03CCDE2A012ECBF26F9@MN2PR13MB4087.namprd13.prod.outlook.com>
References: <MN2PR13MB40876899246382264C393D06F26F9@MN2PR13MB4087.namprd13.prod.outlook.com> <89430d8e-58c1-7854-27a5-b01a4cf9c43f@joelhalpern.com> <MN2PR13MB4087266ED6ECE72F5F281E86F26F9@MN2PR13MB4087.namprd13.prod.outlook.com>, <41feb923-eeba-d7db-a048-1b335bf8f92b@joelhalpern.com>
In-Reply-To: <41feb923-eeba-d7db-a048-1b335bf8f92b@joelhalpern.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: joelhalpern.com; dkim=none (message not signed) header.d=none;joelhalpern.com; dmarc=none action=none header.from=futurewei.com;
x-originating-ip: [73.114.233.24]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 454f14f8-43fa-4b2f-ec2b-08d8e59424d7
x-ms-traffictypediagnostic: MN2PR13MB3805:
x-microsoft-antispam-prvs: <MN2PR13MB3805EE03BFB09C12A19560B5F26F9@MN2PR13MB3805.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6108;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: TKj8zt2b/a82N/ycXWahcbtHGb/JVR9q87a2zToonAuVx9GfQYbK53gK/BmavouKZ8oiVyGL5lLm54gb2TbGTiYj38c1JfLkQkb30R8IMlS3FWj9ip2xKSAZXjmbnznLsdpjfGoYwVbrCyc81Eflvh/LmDR+wu+s2SLqI+fIG8Ve+AKpaic9aeKoftLB6OvMjMXO6PtkeQbWgom/QPTs/hmiiErVjztrSOk8iXc4bofIsiY07J94vow0Sh2sAeCXbAmkKcj+uVdLBkPHXZWFrzdb0UnNqt0ByGxdwcRLMkkPgCqoh5TjjV6VA2xg3WuILOHqK691RJyZJJEG2aRWCGDr5f6/y1QzVnb2D71m+X8BkKU5HiqpM0QRPyDI014TC+UygdZ0FZhbMcPVmjgVOZNoqoWL6nx1SkqzQQkQyCjWL128sotynjE8t0+7hV8OPU1cpIRpRWAteTryZ+cOIgCnDrpz0QGQ0D/D4aM5KbiY8xT9abDOgXR5ZeHWSwS0+JkSaISfDbFYpCRYd3MWkzANKxdeajwP/j2I330sKdam/6dBLnX5vX3sD4Mbzk6c
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR13MB4087.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(376002)(136003)(366004)(39840400004)(346002)(4326008)(66446008)(76116006)(53546011)(33656002)(2906002)(52536014)(54906003)(478600001)(91956017)(8676002)(66556008)(55016002)(6916009)(66476007)(86362001)(186003)(5660300002)(19627405001)(7696005)(6506007)(64756008)(8936002)(9686003)(44832011)(316002)(26005)(83380400001)(71200400001)(66946007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?iso-8859-1?Q?q8rRwh0RIvNVe78fgvd7QXv2rnvYEnp9KLCkASIwQKwGLUz1V7qm5n1FSv?= =?iso-8859-1?Q?1oDb7XQ8T39Jew6fIeKzvcsqiRy6nnYfZIGqZOHmK1LVeh7dM4XxYEMaV/?= =?iso-8859-1?Q?LTPNNd8m19M+xuqlU57JXstpcQJidbhnXn12SlOvYCZEd6GVT+yV+9IuYg?= =?iso-8859-1?Q?UyimuQpFxqxTBKYOLUbGziWC05O1+s4jNbNx5fHharwQ2fLPT5yTuuxN/c?= =?iso-8859-1?Q?A7VcK8+hOjgDCL8kw4v+HQyTpWVVSIfjrwPmCLyq/oRAKuztxisyG8sfiz?= =?iso-8859-1?Q?NRVeNB77BXqXlganKCn9G/A5G5TmvWMiARPiMhr1XNkQRko+HRcL8Ai5pQ?= =?iso-8859-1?Q?bs8FOrcvi9bpiRSUVxQBAFOQzWw6InniPsWfKYKfkkZQlkgw9x+VFMlBd/?= =?iso-8859-1?Q?lN5buxNcEr+zA3ZX5N3Lv0tGpqYzezzGc5+KkIGP0Hac8n0Cdm+TpDRlOL?= =?iso-8859-1?Q?phOJgoYpw4Gtbrqcg0+dtPyansa4BUago9fvQTFJhwo+a68QQErH3HZ5Z3?= =?iso-8859-1?Q?s7hPh7Qm9vNtpeKV5tdzL2CVjXi/0ihPZ96Qy9gsXxSEq3quOB8NhvbGa/?= =?iso-8859-1?Q?hu0vqN6L/oEDge0cikPGJNssSHRAxvMxMtKW2Tfej+sPvvyiFRon0A1JBp?= =?iso-8859-1?Q?66oxHPgVZfyoOKIa17DeRlCr0Mzg74aSKdXgX42ZkwHr4/ac7TuWf0DaFk?= =?iso-8859-1?Q?Vgb40CWkl40+4R0ldH5b8NfauVIxY4Cv3kYPw39d5cnLrGrmUyP3rx49R5?= =?iso-8859-1?Q?CbFIpODSlS9vLC0sDYCmpZHNbpY8NIbTRCMyTM3Qig4TRqiSQOB8J8BQAb?= =?iso-8859-1?Q?ZgVI+I8CbGdAXtyi72iSqxH/ZRD8cErywQPAXxq3cCgbo8Rn6t3U/EVZqP?= =?iso-8859-1?Q?uPoEQym8wScCa/lOG+Dq9Lj2/3GMN10seEnYQYOpSOydToVNiaWDiYQHHn?= =?iso-8859-1?Q?gIeIui2lIQl2oxgVCNgQb4nd2NnjVwZ+0wow8/SBp4BOJ1ysn6cMLZlVn5?= =?iso-8859-1?Q?akcdGsuuqUiBFAaiMkgdrtPWvKg9EoIpJmPuN6Jh01gwGlrQIspJqqgAeE?= =?iso-8859-1?Q?c2f0g3onJaFA10Q0uVG+++vgOxLJzBoFho3rXMEYe2sYI4h0OK7cxW5tWA?= =?iso-8859-1?Q?swnFz+jUeMDt0Xt8teAmm8K04KD8b3FpCj9DNh3w7T73h3FTh/Fz1uIVjb?= =?iso-8859-1?Q?mEOGwb6zEGsxXJCkRC4pyt+8QCuVadvVs5DMIq8z6PBD4kY8t1q1L6S+5/?= =?iso-8859-1?Q?zHsjQ55icfnfVaaydvV1mgMnGZaoS8NYVT5Jv2F2HeE8akW0S6wTzBS4uv?= =?iso-8859-1?Q?6JVTUWT7bUPJxrRSR1eLnwpNKh2cjJ9pIa9RIrPZy2kSWRM=3D?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR13MB40874FC93A03CCDE2A012ECBF26F9MN2PR13MB4087namp_"
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR13MB4087.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 454f14f8-43fa-4b2f-ec2b-08d8e59424d7
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Mar 2021 20:19:30.8388 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: or9+39SCyRC5iwadsDpFxGadFTJIA2iVNqecEvcc3FIfYVB19B5H3pTXJp76DZC7/duBwaivvFV86NByWSKYWA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR13MB3805
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/e__7RP8Dexm1nmFj7meRZ7LhAMo>
Subject: Re: [Idr] locator length : draft-li-idr-flowspec-srv6
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Mar 2021 20:19:37 -0000

Hi Joel,

    Thanks much for your further comment.

    It seems that using loc, func and args in SID is simpler than using
address prefix of SID for SRv6 flow specification. For matching/filtering
on an IP destination address prefix, it seems that there is just bitwise
pattern matching. For matching/filtering on a SID (loc, func and args in SID),
there are a few operators such as eq, lt and gt (and combinations of them).

    For flow specification(s) to match a range of functions such as
from function value F1 to F1+1, to F1+n (where n > 1) in SID,
using IP address prefix seems need (n+1) flow specifications, each of
which is for one function value and would have two (type 1) components:
one component for matching the locator and the other for matching the
function value. Using loc and func in SID needs just one flow specification
having one (type TBD) component with three <op, value> pairs. The first pair
is for matching the locator and the other two for the range.

Best Regards,
Huaimo

________________________________
From: Joel Halpern Direct <jmh.direct@joelhalpern.com>
Sent: Friday, March 12, 2021 11:49 AM
To: Huaimo Chen <huaimo.chen@futurewei.com>
Cc: idr@ietf.org <idr@ietf.org>rg>; Lizhenbin <lizhenbin@huawei.com>
Subject: Re: locator length : draft-li-idr-flowspec-srv6

Given that you have to check loc before func and check loc and func
before arg, it would seem simpler to just use an address prefix.  Gets
around all of the knowledge problems.

Note that a UI for creating flowspec filters can allow the user to
specify it in all sorts of ways.  that does not mean we need to put all
of them in the protocol when they are equivalent.

Yours,
Joel

On 3/12/2021 11:44 AM, Huaimo Chen wrote:
> Hi Joel,
>
>      Thanks much for your further comment.
>
>      Just checking the FUNC bits should be limited. We will add some
> text to state that in order to check the FUNC bits, the LOC needs to
> be examined and matched first.
>
> Best Regards,
> Huaimo
>
> ------------------------------------------------------------------------
> *From:* Joel Halpern Direct <jmh.direct@joelhalpern.com>
> *Sent:* Friday, March 12, 2021 9:58 AM
> *To:* Huaimo Chen <huaimo.chen@futurewei.com>om>; Joel M. Halpern
> <jmh@joelhalpern.com>
> *Cc:* idr@ietf.org <idr@ietf.org>rg>; Lizhenbin <lizhenbin@huawei.com>
> *Subject:* Re: locator length : draft-li-idr-flowspec-srv6
> An operator can assign B::/48 and C::?46  for Locators.  Sure, it would
> usually be a single prefix with a single length.  But that is not required.
>
> When one is examining the LOC, sure, you can use the value length to
> handle it.
> But the way the mechanism is described, one could try to check just the
> FUNC bits, without matching the LOC.
> First, that has the problem of needing exogenous information about the
> LOC length.
>
> And it is actually worse than that.  Testing the FUNC bits of the
> destination field of an IP packet without checking the LOC bits is
> actually meaningless.  You don't even know if the DA is an SRv6 SID.
>
> An yet further, there is no requirement that the encoding of the FUNC in
> different SIDs uses the same value representation.  The standardized
> values are for advertising in routing protocols, not for the packets.
>
> Net: I don't think having the field identification works.
>
> Yours,
> Joel
>
> On 3/12/2021 9:51 AM, Huaimo Chen wrote:
>> Hi Joel,
>>
>>      Thank you very much for your comment during the IETF 110.
>>
>>      Regarding to the lengths of locator(LOC)s and function(FUNCT)s in
>> SIDs,
>> RFC8986 says that the locator length, is flexible, and an operator is free
>> to use the locator length of their choice. This seems indicating that the
>> operator can select the length for the locator. After their selection, the
>> the locator length is determined/fixed. This is illustrated by examples
>> in RFC8986.
>>
>>      One example in the beginning of section 3.2 is as follows:
>>         For example, a network operator may:
>>            Assign block B::/48 to the SR domain
>>            Assign a unique B:N::/64 block to each SRv6-enabled node in
>> the domain.
>> After this assignment, the length of the locators of the SIDs in the domain
>> is 64 bits.
>>
>>      In the end of section 3.2, the text shows the Function fields of SIDs.
>> The length of function(FUNCT)s is 16 bits.
>>
>>      When a SID is used in the domain, its locator length and function
>> length
>> should have been determined.
>>
>>      When an operator configures a SRv6 flow specification, involving
>> a SID or a group of SIDs, s/he should have known the locator length and
>> function length in the SID(s).
>>
>> Best Regards,
>> Huaimo