IETF Logo Mail Archive

Re: [ippm] Comment on draft-ietf-ippm-ioam-ipv6-options-00

"Frank Brockners (fbrockne)" <fbrockne@cisco.com> Tue, 19 November 2019 04:49 UTC

Return-Path: <fbrockne@cisco.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D262612081B for <ippm@ietfa.amsl.com>; Mon, 18 Nov 2019 20:49:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=iefpU7es; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=cODVdjFm
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bvvTUf8hxtyp for <ippm@ietfa.amsl.com>; Mon, 18 Nov 2019 20:49:43 -0800 (PST)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF77812006F for <ippm@ietf.org>; Mon, 18 Nov 2019 20:49:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5050; q=dns/txt; s=iport; t=1574138983; x=1575348583; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=8cchtjipLNbPtIaG4UmWXgrdSKQ0GgNvTkP8iyglMrE=; b=iefpU7esncCAy2C4D7Vluual88etN/1c/hAxF9ItxPyqd2jELFkhuXUb /MoITMH0uZ5CBR+oZc9SPknSq7LM99zDsK7jERZKfh3WBSbC9Yop0V5ll AD/t9AU3UCC7ux8zKWuW9/gpGw0YaDp2j9KmrfGtL1GAQEIYBV2sVAdVo k=;
IronPort-PHdr: 9a23:l/t9VxSo5QMjhE4xjv4mZZM3gtpsv++ubAcI9poqja5Pea2//pPkeVbS/uhpkESXBNfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH15g640NmhA4RsuMCEn1NvnvOiIwBsNJV1lo13q6KkNSXs35Yg6arw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DfAQDXc9Nd/4sNJK1lGwEBAQEBAQEFAQEBEQEBAwMBAQGBfoFLUAVsWCAECyqEKoNGA4pzgXZomACCUgNUCQEBAQwBARgLCgIBAYRAAheCDCQ4EwIDCwEBBAEBAQIBBQRthTcMhVEBAQEBAwEBEBERDAEBKQMLAQsEAgEIEQQBAQECAhkNAgICJQsVCAgCBA4FCBqDAYJGAy4BAgylVQKBOIhgdYEygn4BAQWEfhiCFwMGgQ4ojBUYgUA/gRFGgkw+gmIBAYFjgw4ygiyQE54aCoIqhxqOUJVVhDyWBnqRUAIEAgQFAg4BAQWBaSKBWHAVO4JsUBEUkRoMF4NQhRSFP3SBKI0uAQE
X-IronPort-AV: E=Sophos;i="5.68,322,1569283200"; d="scan'208";a="375855948"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 19 Nov 2019 04:49:42 +0000
Received: from XCH-ALN-004.cisco.com (xch-aln-004.cisco.com [173.36.7.14]) by alln-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id xAJ4ngpH026632 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 19 Nov 2019 04:49:42 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 18 Nov 2019 22:49:41 -0600
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 18 Nov 2019 22:49:41 -0600
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 18 Nov 2019 22:49:41 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nI09fsogDieqk0i4IbZqpjGZgA4YQt49Mx08JzDPQKQ3giZNgp2EEk7DBz9QVeqtznP8OH1jGPTAKp+wglCCwl7U5+/o3mmbLfS5FzbnxqPfmPlptUr+ZPnr1Gd3XEuScQmOmX/HT3nUqDpxgBGLKK1vzjaHwN6F9dOQ9lERWQxIw4/I+2bC/4/tibvVJVbxol9S8cSDHX4vrojoEgKWvIEUXSXZnnptivuh+AsK9wnz0XBfLGV6bAiqupaQ+m2+NbKDt/UOPew6WwM7KdpUEYMwmKCsqAxn09AFog0Ax8saiSuIZODqjhcx9LXPXIZIcy2LcVGycbW3g4fflnAMgw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8cchtjipLNbPtIaG4UmWXgrdSKQ0GgNvTkP8iyglMrE=; b=cgdk29RWgzXWV2DqdyczA1dyzVzp4+DPBsG82ksa4xAzh5XdmIcBQsCJR0VrUMqe5pWcchjN8Vzd0Ltt/Or6c787KxDjMv07OULWQcsADHV4gfQFeq7E9AbUZXQVrQtX+b/jv4cf02ladyOhDvpb8aDvEqy5S34xpiFCDEl6oX9JotxfxsUn2lbOKjbVnrFYp6lm11D3drutaDwfC5brt/u4ixxqq7bdDPw/Ujx2ApQ2PrfGSksC47UD/WFZAsQvHQ8Qi59hw5diCbsHpOdDvkeTKjpL0t/CYBINFxN9yOO/9cbx40pmh/XMAZjxnobVF3bKyeSw2/P22exoSc8FWw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8cchtjipLNbPtIaG4UmWXgrdSKQ0GgNvTkP8iyglMrE=; b=cODVdjFmKKEFYKUAa+3BNLII/xWEUg9ihjxX7j5jsbFzJF9v4smIsyIwLcVzhUDaOcDCgJ7rxxDcA19G8yPzjXCaUkejp6R97u6XCgkrYi0oMDVjdGRuirVjAeA7+oPy3i5jcWjd+BQeCU6M1Dah3BGBomejclPkomiSW2gLtpY=
Received: from BYAPR11MB2584.namprd11.prod.outlook.com (52.135.228.31) by BYAPR11MB2726.namprd11.prod.outlook.com (52.135.223.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.29; Tue, 19 Nov 2019 04:49:40 +0000
Received: from BYAPR11MB2584.namprd11.prod.outlook.com ([fe80::854c:63ec:ff6f:7e8a]) by BYAPR11MB2584.namprd11.prod.outlook.com ([fe80::854c:63ec:ff6f:7e8a%6]) with mapi id 15.20.2451.029; Tue, 19 Nov 2019 04:49:40 +0000
From: "Frank Brockners (fbrockne)" <fbrockne@cisco.com>
To: Tom Herbert <tom@quantonium.net>
CC: "xiao.min2@zte.com.cn" <xiao.min2@zte.com.cn>, "ippm@ietf.org" <ippm@ietf.org>
Thread-Topic: [ippm] Comment on draft-ietf-ippm-ioam-ipv6-options-00
Thread-Index: AQHVnc+mkUUodDJUYkqiPluxlzl7UaeR2DNAgAAOdYCAAAZMkA==
Date: Tue, 19 Nov 2019 04:49:40 +0000
Message-ID: <BYAPR11MB258404FD5756841E455C13D4DA4C0@BYAPR11MB2584.namprd11.prod.outlook.com>
References: <201911181318081812271@zte.com.cn> <BYAPR11MB2584C26544D5CC6DEE766FC7DA4C0@BYAPR11MB2584.namprd11.prod.outlook.com> <CAPDqMeqzB-PzHJM3MDH9oubpo3f23T7+ZGqv3daezxCq5c941A@mail.gmail.com>
In-Reply-To: <CAPDqMeqzB-PzHJM3MDH9oubpo3f23T7+ZGqv3daezxCq5c941A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=fbrockne@cisco.com;
x-originating-ip: [2001:420:c0c0:1005::5a]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: cd8091b2-6690-4bae-1e4c-08d76cabe336
x-ms-traffictypediagnostic: BYAPR11MB2726:
x-microsoft-antispam-prvs: <BYAPR11MB2726453F8BFDE8C96B4A045DDA4C0@BYAPR11MB2726.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 022649CC2C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(366004)(136003)(376002)(39860400002)(346002)(13464003)(199004)(189003)(14454004)(66574012)(4326008)(55016002)(5660300002)(6916009)(52536014)(81166006)(86362001)(81156014)(316002)(54906003)(99286004)(229853002)(8676002)(476003)(256004)(66946007)(66446008)(6506007)(478600001)(6306002)(71200400001)(71190400001)(102836004)(305945005)(8936002)(25786009)(6436002)(53546011)(66476007)(66556008)(64756008)(9686003)(2906002)(46003)(486006)(6246003)(74316002)(11346002)(7736002)(446003)(966005)(76116006)(7696005)(6116002)(33656002)(186003)(76176011); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR11MB2726; H:BYAPR11MB2584.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: qBN2y79bk48sVLmsvPrbnmMUCCMBq3vQ0e/t8IL9o485xylLw+CmN2pj3BYcq8eUaqzsAB1YIWkVAhFgPUQjhyAQA/o3z1D3hi2h21HIragZZHjrG3OE84pmEPFuEOQjRMs6ZOcsPJ+ia0GBU2xGrGCaq6XmV1dnbJIuibBsrmy6513Wafejq+hzafTE7luR5OQsKjvDDMA7oXhJvPAqjVys4XgX5I5DZRxIO24AOcaI73ASUg9APQd3nwCbgZSZWEyYVJd9NPqVzHHbUEaSrVQqJTtLf54xUt2FRy/Tc+36LLSb6uGAx8h/p/dA6vUJiXZdMZqA6Jxp8coTJHKOnfClldbQd0MTGE84YmlJh7WfwczHSazRgg6DsYV+3JRqXgRh+dBZcrEtEZzjvOXSqSNUa0hSbc5hCFwRPsiQxKdtpdOIkrcwBeRFM/deGEXN
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: cd8091b2-6690-4bae-1e4c-08d76cabe336
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Nov 2019 04:49:40.2557 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Bw0afWX0pQBZtoeVnOdZkNOX6s6jTWgfp1DRPOWppF4P+CG+ltQSTVXBYmJu/P8hS7ncLMOM3thtYULki5zMeA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR11MB2726
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.14, xch-aln-004.cisco.com
X-Outbound-Node: alln-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/o6FDwYvyveVQyJWiYwG_gDUroQ8>
Subject: Re: [ippm] Comment on draft-ietf-ippm-ioam-ipv6-options-00
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Nov 2019 04:49:48 -0000

Tom,


> -----Original Message-----
> From: Tom Herbert <tom@quantonium.net>
> Sent: Dienstag, 19. November 2019 12:24
> To: Frank Brockners (fbrockne) <fbrockne@cisco.com>
> Cc: xiao.min2@zte.com.cn; ippm@ietf.org
> Subject: Re: [ippm] Comment on draft-ietf-ippm-ioam-ipv6-options-00
> 
> On Mon, Nov 18, 2019 at 7:47 PM Frank Brockners (fbrockne)
> <fbrockne@cisco.com> wrote:
> >
> > Hi Xiao,
> >
> >
> >
> > thanks for following up. Apparently the behavior described in
> > draft-ietf-ippm-ioam-ipv6-options-00 isn’t a bug – as we speculated in
> > the IPPM WG meeting yesterday, but the desired behavior that we
> > arrived at after WG discussions in 6man and with several IPv6 experts.
> > See
> > https://github.com/inband-
> oam/ietf/commit/48175cf89de6369a4d01017ec80c
> > 07b34f57f17c#diff-803b63dbe26303f504708318e255d884 (“Don't forward an
> > IOAM packet unless configured to do so.”)
> >
> > This behavior for IPv6 is to ensure that packets with IOAM do not accidentally
> leak from a domain that employs IPv6.
> >
> > This also means for IPv6, things are more constrained than what is stated in
> the more generic draft-ietf-ippm-ioam-data-08.
> >
> Frank,
> 
> Per the draft-ietf-ippm-ioam-ipv6-options-00 the act bits are 00 which means
> "skip over this option and continue processing the header". So if a router doesn't
> support IOAM, I believe other act bits like maybe
> 01 would be necessary to enforce the rule of “Don't forward an IOAM packet
> unless configured to do so.” Of course, nodes may also ignore HBH options
> completely per RFC8200 which means even such packets might be forwarded
> out of the domain anyway. 

...  the current text is a for a more specific case, i.e. you have a router that *does* understand IOAM and receives a packet with IOAM on an interface that is not configured for IOAM. 
The conclusion from earlier discussions was to drop the packet - per the current text. This leaves default processing of unknown option types untouched - i.e. processing would happen per RFC 8200.

Frank


So trying to guarantee packets won't be forwarded
> out of the domain at all edge routers may be a futile effort. An alternative would
> be that the source SHOULD only use IOAM when it knows the destination is in
> the domain, and a firewall MAY be applied at the domain edge to drop packets
> with IOAM.
> 
> Tom
> 
> >
> >
> > Cheers, Frank
> >
> >
> >
> >
> >
> >
> >
> > From: ippm <ippm-bounces@ietf.org> On Behalf Of xiao.min2@zte.com.cn
> > Sent: Montag, 18. November 2019 13:18
> > To: ippm@ietf.org
> > Subject: [ippm] Comment on draft-ietf-ippm-ioam-ipv6-options-00
> >
> >
> >
> > Hi Frank,
> >
> >
> >
> > Repeat what I said on the mic this morning as below.
> >
> >
> >
> > In section 3 of draft-ietf-ippm-ioam-ipv6-options-00 it says:
> >
> > "Unless a particular interface is explicitly enabled (i.e. explicitly   configured)
> for IOAM, a router MUST drop packets which contain extension headers carrying
> IOAM data-fields."
> >
> > But in section 4.4 of draft-ietf-ippm-ioam-data-08 it says:
> >
> > "If not all nodes within a domain are IOAM capable, IOAM tracing information
> (i.e., node data, see below) will only be collected on those nodes which are
> IOAM capable.  Nodes which are not IOAM capable will forward the packet
> without any changes to the IOAM-Data-Fields."
> >
> > It seems they're not in alignment.
> >
> >
> >
> > Best Regards,
> >
> > Xiao Min
> >
> > _______________________________________________
> > ippm mailing list
> > ippm@ietf.org
> > https://www.ietf.org/mailman/listinfo/ippm

v2.23.0 | Report a Bug | By Email