IETF Logo Mail Archive

Re: [IPv6] Working Group Last Call for draft-ietf-6man-comp-rtg-hdr

Tom Herbert <tom@herbertland.com> Sat, 06 January 2024 21:22 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7A23C14F618 for <ipv6@ietfa.amsl.com>; Sat, 6 Jan 2024 13:22:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CAGL354QpESa for <ipv6@ietfa.amsl.com>; Sat, 6 Jan 2024 13:22:35 -0800 (PST)
Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46492C14F616 for <ipv6@ietf.org>; Sat, 6 Jan 2024 13:22:35 -0800 (PST)
Received: by mail-wr1-x434.google.com with SMTP id ffacd0b85a97d-3368ac0f74dso627707f8f.0 for <ipv6@ietf.org>; Sat, 06 Jan 2024 13:22:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland.com; s=google; t=1704576153; x=1705180953; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=dZWHSyhNvnznzIkod2k2h9Ve2A00RDbCObed0rps8b8=; b=c5p9KQNKVZgBQYMpa0aOIQS6h7F9QYcKCNPylpSI3TxPejFRu23eCb7I4LkTtM7HH7 NaZvSW6kvUWkvMzJR+yvZDmCKcBJecqCsQA3sUn/lLqSFjXpqTBYGKM9YaUC9KSdqpKL e3wtW9qrmyBfotjSmnNIoDKq7Lj3dcZEdUdciZ2A9/bYpd/xxM3SreZiRYYbi6MgDZ1R rGAg3U79m3yNa+jo4AlveVUVSJlaFN/bwKXliXOuD1/GNMr2dgnYNdE3rmj2tOx/qxGx Actf661q3raPhIYw7MlTrY2k4pMQ/cmF+01k51a2HJMS1TZaRtZ6iXeyWyq6teZ5RaJ3 JYVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704576153; x=1705180953; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=dZWHSyhNvnznzIkod2k2h9Ve2A00RDbCObed0rps8b8=; b=Vby0fEV7F/598/gaD6ZxeZupvz9mFuh5adYCjCHXAbLm0xP6YPwKpZw2V1LHjRKiro NQkDR66sReDttUQ/y+wyCBu5OL3hp2hdq7dnfZ6zvzmxCkO9fpLSnTkndgZ2kBjzm9Bz kMCoajZP2RdGaoERE9f6T7B2U02rdc1Ln+M7JbzwIACij5M/F4Zj1aG7mSOGOoOkVrPx lGVW2VoT4ulyW4Cy/hkzUFUV9uFyExOvXg0fR6zPwgJBti7RaOCLngFl6qE8BJmK4IM2 mHdJVHMRe7yE+N3KoI6zKfwFCDzswaa854ausYGUYhXhfTsbHaKbxMAk0br6mnGNV5mI DFCg==
X-Gm-Message-State: AOJu0YxNx/m+yAnM6ynu0dR1yT/ZviPIfgUq6sydHVrnMgFR5fnsfvJG 2mH1uMU/KhAvEobRqiMAk+r1naJYiQvvaYRM1CigvCy38hQ9
X-Google-Smtp-Source: AGHT+IE/e5htywN4IO6pdKuy5NEu5aF7MSZqMuo5zNxZjtwUkCIWQBueK6n/j66UDMZco5MlXd9dbWpYDaEl+O/GB+w=
X-Received: by 2002:adf:db0a:0:b0:336:eecf:9c3 with SMTP id s10-20020adfdb0a000000b00336eecf09c3mr664741wri.63.1704576153420; Sat, 06 Jan 2024 13:22:33 -0800 (PST)
MIME-Version: 1.0
References: <CAFU7BATiUtHmtbhtrWSPDR4c2Eb+XQXFdvU2-V=TVLGb+W6hnA@mail.gmail.com> <CALx6S34CWX_1imdUtK1EHcVUEMfhWPm8Uj+JRHiqxMUz5fvH5Q@mail.gmail.com> <BL0PR05MB5316352E89869C176CCF6F50AE652@BL0PR05MB5316.namprd05.prod.outlook.com> <CALx6S37iKMXJ6hiqGvfDk6OtkDWsctGb2t-0GwGtciHxV4-thg@mail.gmail.com> <BL0PR05MB53165DBB635661F9D9B22B66AE652@BL0PR05MB5316.namprd05.prod.outlook.com>
In-Reply-To: <BL0PR05MB53165DBB635661F9D9B22B66AE652@BL0PR05MB5316.namprd05.prod.outlook.com>
From: Tom Herbert <tom@herbertland.com>
Date: Sat, 06 Jan 2024 13:22:21 -0800
Message-ID: <CALx6S36R+5dMx=eUXrV4ofqzGMXujrYaFqWhFOAk5HJP300p4Q@mail.gmail.com>
To: Ron Bonica <rbonica@juniper.net>
Cc: Jen Linkova <furry13@gmail.com>, 6man <ipv6@ietf.org>, draft-ietf-6man-comp-rtg-hdr@ietf.org
Content-Type: multipart/alternative; boundary="0000000000001e2073060e4d905c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/-DfO_n7h0QWGXHxIOq-gUjIyqFI>
Subject: Re: [IPv6] Working Group Last Call for draft-ietf-6man-comp-rtg-hdr
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Jan 2024 21:22:40 -0000

On Sat, Jan 6, 2024, 12:57 PM Ron Bonica <rbonica@juniper.net> wrote:

> Tom,
>
>
>
> Revealing the ultimate destination address to intermediate nodes has never
> been an explicitly stated requirement of the IPv6 Routing header.
> Therefore, it is beyond the scope of the current experiment.
>
Ron,

It may not be an explicit protocol requirement, but as I pointed out it may
be an implicit operational requirement at least in some networks. Even if
there's not a solution in this draft, I think it's worth mentioning in the
draft the loss of visibility of the final destination and potential
ramifications.

Tom


>
> However, that doesn’t close the door to subsequent experiments. Please
> feel free to post a follow up draft.
>
>
>
>
> Ron
>
>
>
>
>
> Juniper Business Use Only
>
> *From:* Tom Herbert <tom@herbertland.com>
> *Sent:* Saturday, January 6, 2024 11:19 AM
> *To:* Ron Bonica <rbonica@juniper.net>
> *Cc:* Jen Linkova <furry13@gmail.com>; 6man <ipv6@ietf.org>;
> draft-ietf-6man-comp-rtg-hdr@ietf.org
> *Subject:* Re: [IPv6] Working Group Last Call for
> draft-ietf-6man-comp-rtg-hdr
>
>
>
> *[External Email. Be cautious of content]*
>
>
>
>
>
> On Fri, Jan 5, 2024, 4:35 PM Ron Bonica <rbonica@juniper.net> wrote:
>
> Hi Tom,
>
> I believe that we have discussed this topic before, but it may have been
> off-list. So, I will repeat my argument on list.
>
> When considering your objection, we must consider:
>
> - its scope
> - the cost / benefit trade-off
>
> Regarding scope, you comment applies to many routing header compression
> scheme's not only the CRH. So, we should search for a solution that
> addresses all routing header compression schemes, not just the CRH.
>
>
>
> Hi Ron,
>
>
>
> Agreed.
>
>
>
>
> Regarding the cost / benefit trade-off, some operators may be concerned
> about the issue that you raise. They would be willing to sacrifice a few
> bytes of overhead for the additional functionality that you propose. Other
> operators, not so much.
>
>
>
> Yes, this trade-off could be one of the questions answered in the
> experiment.
>
>
> So, it seems that we should look for a solution that a) is applicable to
> many routing header compression scheme's and b) is optional. Clause a)
> precludes a solution that is embedded in the CRH.
>
>
> What do you think of a HBH Option that displays the ultimate destination.
> This can apply to any routing header compression scheme. It is also
> optional. If you like the idea, I would support a draft.
>
>
>
> No, I suspect a new HBH option for this would be overkill.
>
>
>
> Since this is experiment, how about defining two routing header types for
> CRH where last SID is compressed, and one where it's not. The additional
> processing and implementation complexity for the handling two variants
> shouldn't be very significant, and both could be deployed side-by-side. It
> would allow us to get feedback from real use cases, particularly on rather
> a FIB containing all possible final destinations is scalable.
>
>
>
> Tom
>
>
>
>
>
>
>                                                                         Ron
>
>
>
> Juniper Business Use Only
> -----Original Message-----
> From: Tom Herbert <tom@herbertland.com>
> Sent: Friday, January 5, 2024 5:56 PM
> To: Jen Linkova <furry13@gmail.com>
> Cc: 6man <ipv6@ietf.org>; draft-ietf-6man-comp-rtg-hdr@ietf.org
> Subject: Re: [IPv6] Working Group Last Call for
> draft-ietf-6man-comp-rtg-hdr
>
> [External Email. Be cautious of content]
>
>
> Hi,
>
> I have a concern with this proposal. As I understand it, the addresses of
> all intermediate destinations and the final destination can only be
> correctly deduced with access to the external state (the CRH-FIB). In
> particular, the final destination address can no longer be deduced by
> simple inspection of the packet contents. I think it may have ramifications
> on debugging and security. I suspect this also would be a concern for SR
> CRH.
>
> This will make much hardware to track and diagnose flows in the network.
> Also, if the destination is obfuscated the TCP and UDP checksum cannot be
> validated in the network (strictly not needed, however it is done when
> debugging corrupted checksums. Even if the diagnostic tools do have access
> to the FIB, it has to be the correct FIB in time. So to do post mortem
> analysis on a flow could only be done if the correct state is accessed for
> when the packet was accessed.
>
> Security may be a problem due to the potential of misdelivery. Correct
> delivery depends on FIB state being correct and synchronized between nodes.
> Presumably, misdelivery would be detected by transport layer checksum with
> pseudo header, however not all protocols have a checksum, and RFC6936
> allows UDPv6 to be sent with a zero checksum in the case of tunnels.
>
> To avoid ambiguity and misinterpretation, I suggest that the final address
> in the SIDs should be sent uncompressed as a plain address or compressed
> using some stateless method. I think this also could reduce the size of the
> FIB table since final destinations are likely to be hosts and there may be
> an order of magnitude more hosts than routers in the network.
>
> Tom
>
> On Thu, Jan 4, 2024 at 1:09 PM Jen Linkova <furry13@gmail.com> wrote:
> >
> > This message starts a new two week 6MAN Working Group Last Call on
> > advancing "The IPv6 Compact Routing Header (CRH)" document
> > (https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ie
> <https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-ie>
> >
> tf-6man-comp-rtg-hdr/__;!!NEt6yMaO-gk!CWvVGIuSGSWauTRliWk7FJg8VvZNfVPLMcMeOdaUrfqmrfb7flEI0bndmOe3UuwngN0gXiuPTOerJkI$
> ) as an Experimental document.
> >
> > Substantive comments and statements of support for publishing this
> > document should be directed to the ipv6@ietf.org mailing list.
> > Editorial suggestions can be sent to the authors.  This last call will
> > end on Jan 21 2024, 23:59:59 UTC.
> >
> > --
> > Cheers, Jen Linkova on behalf of 6MAN chairs
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests:
> > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/ipv6
> <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/ipv6>
> > __;!!NEt6yMaO-gk!CWvVGIuSGSWauTRliWk7FJg8VvZNfVPLMcMeOdaUrfqmrfb7flEI0
> > bndmOe3UuwngN0gXiuPTMIkwPI$
> > --------------------------------------------------------------------
>
>

v2.23.0 | Report a Bug | By Email