Re: [ippm] Comment on draft-ietf-ippm-ioam-ipv6-options-00
Tom Herbert <tom@quantonium.net> Tue, 19 November 2019 04:24 UTC
Return-Path: <tom@quantonium.net>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B51BC120823 for <ippm@ietfa.amsl.com>; Mon, 18 Nov 2019 20:24:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=quantonium-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tZ3H584sgudH for <ippm@ietfa.amsl.com>; Mon, 18 Nov 2019 20:24:02 -0800 (PST)
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 876EF12081B for <ippm@ietf.org>; Mon, 18 Nov 2019 20:24:02 -0800 (PST)
Received: by mail-ed1-x533.google.com with SMTP id l25so15875511edt.6 for <ippm@ietf.org>; Mon, 18 Nov 2019 20:24:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quantonium-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Y2iXcL8/8WdIcqsSnlbLMx8nK9/RdHCktXDPvNGSQ5M=; b=XuijjVRnMJNBJ+QKwcTdAeuLMl/C6rX4UhF5Z7Pq+RbioqabhhqxJFwjEYyHtJOgRZ k7LNmuXRgrHhgnLFdZ5AqgVupI+Jx9/cbAb13YiAbO6jKCRKat7r6enc61HAESzgcDf+ S74jmNukNFtLEt78ZraLhIqQhPp355xFIam8zWIDSGM9aeif2+0ev+S1g0098SV37GVy 84yhOUz/M0rGBKxLmm28yn9QVdItSkEAmxNShlC+ka77gXmgjath5ZpT7zFLxmEIiQlD mIvsWW3kcFj7tiTIRNBSmhlP1EWLuNW3vmGTl5OGADlmJWL/v3/TJQWAwjRaCAGt+Mk2 Nidg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Y2iXcL8/8WdIcqsSnlbLMx8nK9/RdHCktXDPvNGSQ5M=; b=qi2u7N42iNibzRXRCWcvPh/lI/h9rMTURN03s/jH6mKIH2iShGRnVZ4+DTwrq/1/NR QTUMpOG8rzl08tSzVAvaWjRFbR7YmXREnvRaCzy6kDwtZluLImXeyN7Vjge+N3g3/SI5 HFfj0SQ4TWu9k/rNo8ltKikrk/qPYPsHaiQrGC12Q7agfPls6AQ78tRCcgrQYB9SXRgO 83SBSZr/K+w8zINNLUVF8n67plqECRRBpdR+cWawQwb3W4LMoCCQZmnOZwNJwVLY5cQR z8xmQGiXhrBX25UTB/tiynFXUxojPuzk76LcjZZ49RQfYlwT8HBn8e/FRIBfEuiBbZHQ 28ew==
X-Gm-Message-State: APjAAAXEQU7ayPlze0iqqnibWstRcx2EI1i++/KXIbV22DYGy/wCI8aT EA6ObUcAV5h/j1svJhkKedBp04jw/p/lkMidpKpsNg==
X-Google-Smtp-Source: APXvYqz6nOBcFcllarxruCAbsVsghGnqHmYOpgkEUF/TcayEFpNBb6GHzX6qWgzzxxageG99zl+En8vX8wKyoh+4ARo=
X-Received: by 2002:a17:907:2070:: with SMTP id qp16mr32207995ejb.115.1574137440862; Mon, 18 Nov 2019 20:24:00 -0800 (PST)
MIME-Version: 1.0
References: <201911181318081812271@zte.com.cn> <BYAPR11MB2584C26544D5CC6DEE766FC7DA4C0@BYAPR11MB2584.namprd11.prod.outlook.com>
In-Reply-To: <BYAPR11MB2584C26544D5CC6DEE766FC7DA4C0@BYAPR11MB2584.namprd11.prod.outlook.com>
From: Tom Herbert <tom@quantonium.net>
Date: Mon, 18 Nov 2019 20:23:49 -0800
Message-ID: <CAPDqMeqzB-PzHJM3MDH9oubpo3f23T7+ZGqv3daezxCq5c941A@mail.gmail.com>
To: "Frank Brockners (fbrockne)" <fbrockne@cisco.com>
Cc: "xiao.min2@zte.com.cn" <xiao.min2@zte.com.cn>, "ippm@ietf.org" <ippm@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/wIFyRXZKhL8C20Q442x_RiIhm24>
Subject: Re: [ippm] Comment on draft-ietf-ippm-ioam-ipv6-options-00
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Nov 2019 04:24:08 -0000
On Mon, Nov 18, 2019 at 7:47 PM Frank Brockners (fbrockne) <fbrockne@cisco.com> wrote: > > Hi Xiao, > > > > thanks for following up. Apparently the behavior described in draft-ietf-ippm-ioam-ipv6-options-00 isn’t a bug – as we speculated in the IPPM WG meeting yesterday, but the desired behavior that we arrived at after WG discussions in 6man and with several IPv6 experts. See https://github.com/inband-oam/ietf/commit/48175cf89de6369a4d01017ec80c07b34f57f17c#diff-803b63dbe26303f504708318e255d884 (“Don't forward an IOAM packet unless configured to do so.”) > > This behavior for IPv6 is to ensure that packets with IOAM do not accidentally leak from a domain that employs IPv6. > > This also means for IPv6, things are more constrained than what is stated in the more generic draft-ietf-ippm-ioam-data-08. > Frank, Per the draft-ietf-ippm-ioam-ipv6-options-00 the act bits are 00 which means "skip over this option and continue processing the header". So if a router doesn't support IOAM, I believe other act bits like maybe 01 would be necessary to enforce the rule of “Don't forward an IOAM packet unless configured to do so.” Of course, nodes may also ignore HBH options completely per RFC8200 which means even such packets might be forwarded out of the domain anyway. So trying to guarantee packets won't be forwarded out of the domain at all edge routers may be a futile effort. An alternative would be that the source SHOULD only use IOAM when it knows the destination is in the domain, and a firewall MAY be applied at the domain edge to drop packets with IOAM. Tom > > > Cheers, Frank > > > > > > > > From: ippm <ippm-bounces@ietf.org> On Behalf Of xiao.min2@zte.com.cn > Sent: Montag, 18. November 2019 13:18 > To: ippm@ietf.org > Subject: [ippm] Comment on draft-ietf-ippm-ioam-ipv6-options-00 > > > > Hi Frank, > > > > Repeat what I said on the mic this morning as below. > > > > In section 3 of draft-ietf-ippm-ioam-ipv6-options-00 it says: > > "Unless a particular interface is explicitly enabled (i.e. explicitly configured) for IOAM, a router MUST drop packets which contain extension headers carrying IOAM data-fields." > > But in section 4.4 of draft-ietf-ippm-ioam-data-08 it says: > > "If not all nodes within a domain are IOAM capable, IOAM tracing information (i.e., node data, see below) will only be collected on those nodes which are IOAM capable. Nodes which are not IOAM capable will forward the packet without any changes to the IOAM-Data-Fields." > > It seems they're not in alignment. > > > > Best Regards, > > Xiao Min > > _______________________________________________ > ippm mailing list > ippm@ietf.org > https://www.ietf.org/mailman/listinfo/ippm
- [ippm] Comment on draft-ietf-ippm-ioam-ipv6-optio… xiao.min2
- Re: [ippm] Comment on draft-ietf-ippm-ioam-ipv6-o… Frank Brockners (fbrockne)
- Re: [ippm] Comment on draft-ietf-ippm-ioam-ipv6-o… Tom Herbert
- Re: [ippm] Comment on draft-ietf-ippm-ioam-ipv6-o… Frank Brockners (fbrockne)
- Re: [ippm] Comment on draft-ietf-ippm-ioam-ipv6-o… Tom Herbert
- Re: [ippm] Comment on draft-ietf-ippm-ioam-ipv6-o… Frank Brockners (fbrockne)
- Re: [ippm] Comment on draft-ietf-ippm-ioam-ipv6-o… Tom Herbert
- Re: [ippm] Comment on draft-ietf-ippm-ioam-ipv6-o… xiao.min2
- Re: [ippm] Comment on draft-ietf-ippm-ioam-ipv6-o… Frank Brockners (fbrockne)