Re: [Int-dir] Intdir telechat review of draft-ietf-spring-srv6-network-programming-18

"Pablo Camarillo (pcamaril)" <pcamaril@cisco.com> Thu, 17 September 2020 16:29 UTC

Return-Path: <pcamaril@cisco.com>
X-Original-To: int-dir@ietfa.amsl.com
Delivered-To: int-dir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C96613A0DE0; Thu, 17 Sep 2020 09:29:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.61
X-Spam-Level:
X-Spam-Status: No, score=-9.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=aEkSGhnz; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=c6qcO4bR
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bz_eXp5e87tm; Thu, 17 Sep 2020 09:29:18 -0700 (PDT)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F7413A0DDF; Thu, 17 Sep 2020 09:29:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10518; q=dns/txt; s=iport; t=1600360158; x=1601569758; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=u198mI2AiyG5AkWlaGdLamRISwVrzIZ2xByEYOrvoos=; b=aEkSGhnz8L8SdANwn5xZnu2RTykquGUbF6QxNYXoDNuPsoaM7kCclzFg V4e+JYcsQLph2NkQ//yC+/mDcM/rgXlF+53Jxy66SE84XKMwyYdmr1xxd 2CCv9QO/IDu0KWdbZPOqmv2aDuJXofgqup5bn7WpVRMnAWx1v34O+f0Di E=;
X-IPAS-Result: =?us-ascii?q?A0AKAgA6jmNf/4UNJK1VCh0BAQEBCQESAQUFAUCBPgUBC?= =?us-ascii?q?wGBUVEHgUkvLAqEL4NGA410mHOCUwNVCwEBAQ0BAS0CBAEBhEsCF4IPAiQ3B?= =?us-ascii?q?g4CAwEBAQMCAwEBAQEFAQEBAgEGBG2FXAyFcgEBAQEDEhERDAEBMAcBCwQCA?= =?us-ascii?q?QgRBAEBAwImAgICMBUICAIEAQ0FCBqFUAMuAQOqcQKBOYhhdoEygwEBAQWFI?= =?us-ascii?q?hiCEAmBDioBgnCDaYZSG4FBP4ERQ4JNPoQQBSoFM4JdM4Itky+jfAqCZ5VFh?= =?us-ascii?q?SWDCYl6k3qSdZ94AgQCBAUCDgEBBYFqJIFXcBU7gmlQFwINjh8MF4NOilZ0N?= =?us-ascii?q?wIGAQkBAQMJfIsegTQBgRABAQ?=
IronPort-PHdr: =?us-ascii?q?9a23=3ALOfgGRJHcRvnjip7A9mcpTVXNCE6p7X5OBIU4Z?= =?us-ascii?q?M7irVIN76u5InmIFeGvqk/jVnPWpvS9/NDjfHSuqqmX2Ecst6Ns3EHJZpLUR?= =?us-ascii?q?JNycAbhBcpD8PND0rnZOXrYCo3EIUnNhdl8ni3PFITFJP4YFvf8Xy06zkMEw?= =?us-ascii?q?n+MgxuIu3/XIjfk5f/2+W74ZaGZQJOiXK0aq9zKxPjqwLXu6x0yYtvI6o80F?= =?us-ascii?q?3HuHxNLu9X3mhvY1mUmkXx?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.77,271,1596499200"; d="scan'208";a="535641894"
Received: from alln-core-11.cisco.com ([173.36.13.133]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 17 Sep 2020 16:29:17 +0000
Received: from XCH-ALN-005.cisco.com (xch-aln-005.cisco.com [173.36.7.15]) by alln-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id 08HGTHYj009523 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 17 Sep 2020 16:29:17 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-ALN-005.cisco.com (173.36.7.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 17 Sep 2020 11:29:16 -0500
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 17 Sep 2020 12:29:14 -0400
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 17 Sep 2020 12:29:14 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=loV1HvbAAGKg4+reAGEQtc6Uzzo8ZtKdJOL+2F5aAlZPF1COD0Uv3Vqm24dG7BAijx55pSE21EJujuTuxow14vATS6UntZrnp3jFT+wQSFdBFP3RERlzQcr/PXM5KDQuP1uo+AeCFN3l4yiKrQzqyjeHG1HVgqIrpa7qzNTa6n6eYDzc1oJjlyvjbo7tAAqfCUgEuBjFppJnn+v6SHGZ/V3KLRgyfFK9+MPUEpDhOnH095mWKeGYXq2NK5sd+NxAt8OiXV98JOVSXfRQ1SjMvKU09Ky/2QY20A6VGKn/njhdaPH026p1aw7M+aBawDg+Xw1epPg7ulj/7hnbiRcgtg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=u198mI2AiyG5AkWlaGdLamRISwVrzIZ2xByEYOrvoos=; b=IhpSbmlY8ww3rfxvnOWBRVLO2oK8Pw1muz/QsSFL5TgWgv6w5bSWcWITcfG1DiEYddXbQOuCpfUldU3OYMuW/Oatb8hmJhmtOdP9X+izPoYFYinX7P3z8DXtniB/Qxi0NFZp49w84LF48uCTrVibzrLovgS7NdYM3eZ/eZws7ufEx1Ri386zqn9Fra0s2ilBAMyFmvmqxFL/GgybMVHHvJo6oSj1GsVdyBkO7jxraSuqLJnVf+wWp111lskeCGBsAGqRmxIOtUNNhY0Qv72qW++x08DOJ4YvfuHoOrd9c02OUyJBVvXLGOULF3GMKIGovfX3OMi7flAMfD4j+n9P4g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=u198mI2AiyG5AkWlaGdLamRISwVrzIZ2xByEYOrvoos=; b=c6qcO4bR2QoMNzrcoUZllcxPuKepf5P94iW255X2EEdT5o50YMDZeoAOmBahL2BNb4Wh6rHssdREBtPoscNHTfL0ZkyemY2gvvj+0siFIT7YY27znK2MnWgyrh/5K7r/iwZUfgnt/5EIsh6TVTtSB0JkNHqy7LyHFpu9l4PbwNs=
Received: from MWHPR11MB1374.namprd11.prod.outlook.com (2603:10b6:300:24::8) by MWHPR11MB1264.namprd11.prod.outlook.com (2603:10b6:300:27::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.16; Thu, 17 Sep 2020 16:29:13 +0000
Received: from MWHPR11MB1374.namprd11.prod.outlook.com ([fe80::91c6:cab8:6b42:58ca]) by MWHPR11MB1374.namprd11.prod.outlook.com ([fe80::91c6:cab8:6b42:58ca%3]) with mapi id 15.20.3391.014; Thu, 17 Sep 2020 16:29:13 +0000
From: "Pablo Camarillo (pcamaril)" <pcamaril@cisco.com>
To: Brian Haberman <brian@innovationslab.net>, "int-dir@ietf.org" <int-dir@ietf.org>
CC: "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-spring-srv6-network-programming.all@ietf.org" <draft-ietf-spring-srv6-network-programming.all@ietf.org>, "spring@ietf.org" <spring@ietf.org>
Thread-Topic: Intdir telechat review of draft-ietf-spring-srv6-network-programming-18
Thread-Index: AQHWisgOABNJ9LVpt0G+kbGwur3cl6ls40Tw
Date: Thu, 17 Sep 2020 16:29:12 +0000
Message-ID: <MWHPR11MB137416DA28787986131F2451C93E0@MWHPR11MB1374.namprd11.prod.outlook.com>
References: <160010944848.21991.11984187873336962718@ietfa.amsl.com>
In-Reply-To: <160010944848.21991.11984187873336962718@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: innovationslab.net; dkim=none (message not signed) header.d=none;innovationslab.net; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [212.145.226.71]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0d455374-e329-4111-fe31-08d85b26d010
x-ms-traffictypediagnostic: MWHPR11MB1264:
x-microsoft-antispam-prvs: <MWHPR11MB12640E365511102AF6A3890DC93E0@MWHPR11MB1264.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: PsnlotLySX9w4yo6kFIduHc2uxNb98ti4V25in2FBnViRwK+GW3HjlcCqFG9QXHMild4HV4C6uvgTxqiA/kDud2VzpFCpqt4aeP9UWL3tG+Otmm16mrsrStRYNYozKPheJWOGxyAPZzt13KEVLk+P8ExMrWNwfktlBfqIPVzS7+0VPX5EDPFdvaF32rSWYjV0SdDx0advtAGmTb+Tr/0u8gKx2jr6NiUm3fREi9vFmvwYBZ5snBnMEdei+0g/gSBJgIjGo9yj9j63+v1Qg+qNWnVgzUHw7rApPqSsj3VjA7nau5fu7ejTCYmBxsCOQvA32HvCmkGyPRIPuHc2vPcpg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR11MB1374.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(376002)(346002)(39860400002)(366004)(136003)(478600001)(66446008)(66476007)(4326008)(86362001)(71200400001)(76116006)(53546011)(9686003)(8936002)(8676002)(6506007)(83380400001)(7696005)(33656002)(110136005)(186003)(64756008)(316002)(66946007)(2906002)(66556008)(5660300002)(26005)(54906003)(52536014)(55016002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: DnafAVYCZ4jsZ7t6gBWvQ/IcmUYFXooHCalJSdPDZDVejuMmUjLUOJouGa3GYwPby0zhtx32z/M9McpOkGJqRhpDZklj7NRyc+AeTj4uyLsxJggAW/XORyZ26wkOQDvbZLjY1u5N4QixGtBLZ4nzJwyr1nH0qPQvMsMaVqr+nzeAfb7ShLzOKqx8o3syY4XyeuOP2ytpGtFHFUns1D3WLti40YKvR3sxgngqVsk8pIMbYD1bkc5Fu2cKkdIbQnfp9GvgWC/jIpv4dDBSrCtVOxrDqQ5mllKbLNhrkFw8Ww290IsWQesx2N449ma6NadpMi/q3ur9jlo2Xge+xcLKB6Gow30n5ACJYgwizBdmSpOtzia5MgepRV7t8UaMCUbDveSW6x60QypCOL0oCTox/RBn15bia/+Hy191S1EUtAvoEjZrStYH6dBEr4E7nsTj9TU8xVBRoL8HFmfV6P98jVrkYbjQUBbC0/lnBVyN5nKNaxxCfUlntbqcxzm02P0omBvWyQRPS6KF694SrP0Otner3r7Qxf9Q6AWpoUCVcPFhp8XyT9ySuw8CTU4eHF49Vq7Gz3dLTzktGuG0F7vSUvpSmHDzpid/39vhVGvUXRVJAtIzCSuPkzbgr0yTvEEE/Y3OEVCNb1/bYqFvN8a4EA==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MWHPR11MB1374.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0d455374-e329-4111-fe31-08d85b26d010
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Sep 2020 16:29:12.7765 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: j4tsf1F3K9IGartymgkpI9F/OQcTkOc9CkNmoh9L83s8HCf80USWiUTcZZ2du5cKS4QA3pOJTSy/Hyy+FjLBLw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1264
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.15, xch-aln-005.cisco.com
X-Outbound-Node: alln-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-dir/nkapsdWrss8VpbrrjEaBoRUuKoo>
Subject: Re: [Int-dir] Intdir telechat review of draft-ietf-spring-srv6-network-programming-18
X-BeenThere: int-dir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This list is for discussion between the members of the Internet Area directorate." <int-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-dir>, <mailto:int-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-dir/>
List-Post: <mailto:int-dir@ietf.org>
List-Help: <mailto:int-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-dir>, <mailto:int-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2020 16:29:21 -0000

Hi Brian,

Many thanks for your thorough review. Please see inline with [PC].

Cheers,
Pablo.

-----Original Message-----
From: Brian Haberman via Datatracker <noreply@ietf.org> 
Sent: lunes, 14 de septiembre de 2020 20:51
To: int-dir@ietf.org
Cc: last-call@ietf.org; draft-ietf-spring-srv6-network-programming.all@ietf.org; spring@ietf.org
Subject: Intdir telechat review of draft-ietf-spring-srv6-network-programming-18

Reviewer: Brian Haberman
Review result: On the Right Track

Section 3
- - - - - - -

The abbreviated description of the section is a bit confusing related to FIB lookup. This text:

   When an SRv6 SID is in the Destination Address field of an IPv6
   header of a packet, it is routed through an IPv6 network as an IPv6
   address.

   Its processing is defined in [RFC8754] section 4.3 and reproduced
   here as a reminder.

makes it sound like all FIB lookups are being done on SIDs whereas the text in 8754, section 4.3 is much clearer that the lookups occur on IPv6 addresses and that some may be SIDs.

[PC] Thanks for this comment, indeed the summary needs some improvement to identify that the node processing the SID is the segment endpoint node, not a transit node.  Also note that ‘SR Segment Endpoint Node’ and ‘Transit Node’ are defined in this document's terminology section.
<OLD>
When an SRv6 SID is in the Destination Address field of an IPv6
   header of a packet, it is routed through an IPv6 network as an IPv6
   address.

   Its processing is defined in [RFC8754] section 4.3 and reproduced
   here as a reminder.
</OLD>
<NEW>
When an SRv6 SID is in the Destination Address field of an IPv6
   header of a packet, it is routed through Transit Nodes in an IPv6 network as an IPv6
   address.

   Its processing at a SR Segment Endpoint Node is defined in [RFC8754] section 4.3 and reproduced
   here as a reminder.
</NEW>

Section 3.1
- - - - - -

   This document defines an SRv6 SID as consisting of LOC:FUNCT:ARG,
   where a locator (LOC) is encoded in the L most significant bits of
   the SID, followed by F bits of function (FUNCT) and A bits of
   arguments (ARG).  L, the locator length, is flexible, and an operator
   is free to use the locator length of their choice.  F and A may be
   any value as long as L+F+A <= 128.  When L+F+A is less than 128 then
   the remainder of the SID MUST be zero.

Does a system outside of the SR Ingress Node need to discover L? If so, is it derived from seeing a FIB entry for LOC? How does the a system determine the length of F and A? By comparing FIB entries for LOC and LOC:FUNCT (that is what I infer from section 3.2)? The parsing rules seem incomplete and can lead to behavior that is non-deterministic. The same can be said for B:N.

[PC] Recall that an SR Segment Endpoint node is the only node installing FIB entries for the SIDs it instantiates. 
No Transit Node needs to discover L, in fact it does not need to know anything about the SIDs instantiated at SR segment endpoint nodes.  It only needs to be able to route packets destined to an address covered by L toward the SR Segment Endpoint node instantiating SIDs within L.  A transit node needs to discover neither F nor A for the same reason.

What are the guidelines for choosing LOC (or B)? Does this come strictly out of the unicast address space? ULA space? Does this spec support LOC being allocated out of multicast space?

[PC] Section 3.2 discusses some of these considerations that include use of both global unicast and ULA spaces. The application of source-route concept to multicast is outside the scope of RFC8402 and hence outside the scope of this document as well.

The following text seems rather limiting:

     The ARG value of a routed SID SHOULD remain constant among packets in
     a given flow.  Varying ARG values among packets in a flow may result
     in different ECMP hashing and cause re-ordering.

If ARG needs to stay constant, does this limit the types of functions that can be implemented using this technique?

[PC] I don’t think this limits the types of behaviors that can be implemented, but it calls out something that should be considered for behavior definition.  If a behavior is defined in a future document that changed ARG within a flow, then it should describe how and why that is OK.

Section 3.2
- - - - - -

The various paragraphs that describe “example deployments” really don’t belong in a standards track document. If they are needed to explain the approach, then the description of the approach is incomplete. The reader should not have to infer functionality by parsing example uses. If the examples remain, I suggest they be put in an informative appendix.

[PC] These examples were added based on specific requests received for providing illustrations (based on practical inputs from operators who have deployed SRv6) on how SID allocation and addressing may be done. We believe they bring value and hence should remain, but if IESG prefers to move it in an appendix, we will do it of course.

What constitutes a “remote node”?

[PC] Good catch, indeed, the right term in that particular text is “SR Source Node”. I’ll replace that.

Section 4
- - - - -

I would suggest either mentioning that these behaviors are managed via an IANA registry or I would add a forward pointer to the IANA Considerations section.

[PC] Good to recall on section 4. I’ll add this text.

<OLD>
Section 4.16 defines flavors of some of these behaviors.
</OLD>
<NEW>
Section 4.16 defines flavors of some of these behaviors.

Section 9.2 of this document defines the IANA Registry used to maintain all these behaviors as well as future ones defined in other documents.
</NEW>


Section 4.16.1.2
- - - - - - - -

The steps described to process the SRH (i.e., instruction S14.4) is different from the process described for SRH processing in RFC 8754,
[PC] RFC8754 (sec 4.3.1) specified a single SRv6 SID processing behavior (Code point 32767 in the table 4 of this document). This document specifies several other SRv6 SID behaviors in its Sec 4.

 Section 4.3.1.1. RFC8754 seems to only create an SRH in an encapsulating header (i.e., no SRH insertion). Why does this draft specify SRH removal?
[PC] The motivation and use-case for defining this behavior is provided in 4.16.1.3.

Section 5.1
- - - - - -

What is the relationship between node N and the address T used as the source address of the encapsulating header?
[PC] Indeed, good to call out. I propose the following diff. Does it address your concern ?

<OLD>
   N steers the transit packets P1 and P2 into an SR Policy with a
   Source Address T and a Segment list <S1, S2, S3>.
</OLD>
<NEW>
   Node N is configured with an IPv6 Address T (e.g. to its loopback interface).

   N steers the transit packets P1 and P2 into an SR Policy with a
   Source Address T and a Segment list <S1, S2, S3>.
</NEW>

Section 6
- - - - -

This section could use some introductory text to explain what is meant by an Operation.

[PC] Thanks, in fact there is no need for that section at all, so let's promote the subsections

Section 7
- - - - -

Is there a security issue if a SID is used as a source address?
[PC] This document does not specify nor discuss the use of SID as a source address; however I see no security issue if they are used that way .

Should any part of the prefix being used for SIDs be advertised to external peers/networks?
[PC] There is no requirement to advertise the prefix being used for SIDs to external peers/networks outside the SR Domain.