IETF Logo Mail Archive

Re: END SID Without SRH

Mark Smith <markzzzsmith@gmail.com> Fri, 14 June 2019 10:18 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00D0612008B for <ipv6@ietfa.amsl.com>; Fri, 14 Jun 2019 03:18:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.498
X-Spam-Level:
X-Spam-Status: No, score=-0.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PYyyb6kXygJu for <ipv6@ietfa.amsl.com>; Fri, 14 Jun 2019 03:18:56 -0700 (PDT)
Received: from mail-oi1-x234.google.com (mail-oi1-x234.google.com [IPv6:2607:f8b0:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4CCFA120086 for <ipv6@ietf.org>; Fri, 14 Jun 2019 03:18:56 -0700 (PDT)
Received: by mail-oi1-x234.google.com with SMTP id w196so1569063oie.7 for <ipv6@ietf.org>; Fri, 14 Jun 2019 03:18:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pTHD4C7OE1G2npI0KdC/ciK4tUjScZZuwgNlf03z7ns=; b=iRq08t5W41PWeTVOaz9w1tj/x4Gpz8zWTVR071SvQK+4boOYdlwzE4EoerDhG5R3E7 r3z5uD9NG6MCjTDgh/RRkZsaycAkQ8SyuJ2kLexXmCQzoQZOlrcjhokGo5TJWGmqnFey mXIyQV5UfCAS+AqiH4c+qfssSZM1LKR0GJ7Sd173oLY0CgUEpj9haHhUQKpXjVq6Clds aI3lx/ke6DRBvawaOsjC276VPlwYhAisweVuqGvuZvqICD1Y5aDjh/uTdgpdlmzLGHTx AgKaQ0lmtnnJ+hFm66LzNSVVYUNp0GSOo5uj6WePJUuBX3fvdm9W3TAN0rcjCbcil7Hq ydHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pTHD4C7OE1G2npI0KdC/ciK4tUjScZZuwgNlf03z7ns=; b=JVEZb8igWVe8dqCnQ5D70IgjHv566vlFVFyliZ06E3IZd2Z3QbITfgjEWZo5sdzabO q/2inGFDequfBmqayKo0V4JyoTmFKxGIfuarUflN5Sntb1YWqM4KIRPnJ7BJziXdd8KG EKvWUTsiyT7stqxzC42rYwKFsmFL9s6dE+NWLYH9qH+CUfctRWkA+lYnVoz5uwKnnO27 /uFSmd9mmSRaT2gBkuS5OanMN7kusnoLPZoRQ58XH/sdB0GOd/xGgj88kWIlHly/51J1 JBVaeWL1wRUXVdu3rCzkYyKuccEIBabHhPc9uksabpnEkG3IY3Rdd/CTJduEr1UJcy1Q SprQ==
X-Gm-Message-State: APjAAAVLh2ylRwclt4pRdwJtJLTl0JfgbsOeYhiW/7NKLyBmitFZWTKm 7Wf5TJwhSgPnih+xgwrSFpK3bBcmOZzLv9zX+nI=
X-Google-Smtp-Source: APXvYqzAgdfpz39WuGRrbctJ/JfvqVHxYrdVrXkl8uVTj5amoX2EiZZZnbKKzyjw8tuUBtqC/qWdd+BK8N1mr/t54F8=
X-Received: by 2002:aca:4bce:: with SMTP id y197mr1375754oia.38.1560507535120; Fri, 14 Jun 2019 03:18:55 -0700 (PDT)
MIME-Version: 1.0
References: <BYAPR05MB42456C75487CF9283A0ED1D0AE100@BYAPR05MB4245.namprd05.prod.outlook.com> <CAO42Z2y_D-xe+tX9n-KQYjnk5bkYXibO0Zs3E=JfAWWMZnJcSA@mail.gmail.com> <3030A68F-6CE1-4179-930C-D60BEB73063A@employees.org> <CAO42Z2yLkCRNXKp8KKnqh8VRRo6p1dx4h0-gyLBFZ=Jq0xQj2w@mail.gmail.com> <0C40BEFF-B050-40A1-BCB7-F76ADF18E3E0@employees.org> <BYAPR05MB42457C37AE7DC3F4CACC8FD7AEEC0@BYAPR05MB4245.namprd05.prod.outlook.com> <B254E985-A848-4FC4-868D-E2F04CF7E0DB@cisco.com> <104B106B-8130-4931-9DBF-2FE5C5633CB0@gmail.com> <B0D2092F-CC6E-4990-857B-E88229FA80AF@cisco.com> <277E6E14-8FD4-45A3-9350-E30B82C0FA86@gmail.com> <CAN-Dau1MDKpFrmmDFpj3s4cZYwFyB0KnWMrc-yjw_m5mO_8REw@mail.gmail.com> <CAO42Z2wgZ8gE1pTDy2xbxetdLqf8EWpKRmbi=n7qfgEALwVmVQ@mail.gmail.com> <BBB1A2A3-DE78-4E97-B193-9B6980B82358@employees.org>
In-Reply-To: <BBB1A2A3-DE78-4E97-B193-9B6980B82358@employees.org>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Fri, 14 Jun 2019 20:18:28 +1000
Message-ID: <CAO42Z2zhm_XHdt6sK23KTukOn0o2rx7O5_16C_GQ-FTwe6FJjg@mail.gmail.com>
Subject: Re: END SID Without SRH
To: Ole Troan <otroan@employees.org>
Cc: David Farmer <farmer@umn.edu>, 6man WG <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/463KZaFYJ1sx8GLjhFsKZao3-jc>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jun 2019 10:18:58 -0000

Hi Ole,

On Fri, 14 Jun 2019 at 16:52, Ole Troan <otroan@employees.org> wrote:
>
> Mark,
>
> [snip]
>
> > pWhat's a "regular IPv6 destination"?
> >

<snip>

> > It's quite a different thing to encode packet processing in the
> > destination address that contradicts or ignores the instructions
> > encoded in the chain of EH and upper layer headers. I think this might
> > be a more significant change to the IPv6 packet processing model and
> > operation than we realise.
> >
> > RFC 8200 is very clear and explicit on multiple occasions about
> > following the processing encoded in the EH chain and upper layer
> > headers when the packet arrives at the destination device that holds
> > the matching DA:
>
> I think that' a way too literal interpretation of 8200.
>

I think it is the "right amount" of literal when you use RFC 8200's
definitions of 'router' and 'host'.

> Especially in the context of routers.

Router as a device, or a router as a function?

RFC 8200 definitions of a router and a host seem to me to be entirely
functional.

 router       a node that forwards IPv6 packets not explicitly
                addressed to itself.

host         any node that is not a router.


A typical router as a device implements the RFC 8200 router function
in its forwarding plane, and the RFC 8200 host function in its control
plane.

> A remote node cannot expect that any combination of the local nodes's destination address and header chain will be processed.

I agree.

I think it is clear what is supposed to happen when a packet is
received that can't be processed according to the EH / transport layer
header chain:

- the packet gets dropped

- a (possibly rate limited) ICMPv6 error message is sent back to the
source stating the drop cause

There isn't supposed to be "the packet is still processed rather than
dropped, and differently to how the packet's sender specified it to be
processed."

> A router will not process your protocol 89 packet on any DA.

Agree.

First thing that needs to match is the DA of the packet against the
router (device (RFC 8200 router & host))'s local addresses or the
device's processes' multicast addresses.

Once that match occurs, then the packet gets handed up the local stack
to the OSPF process, if it exists. If it doesn't, "Parameter Problem,
Unrecognized Next Header type encountered".

This is IPv6 host processing (because of packet arriving at device
holding the matching DA) where the host doesn't support the protocol
in the packet.

>In the VPP MAP-E implementation, the BR address is a "service address", and will drop anything that isn't protocol 4 (as well as any packet with extension header).
>

And that is and would be the expected behaviour. It doesn't understand
it so it drops it and may send an ICMPv6 error message.

The ambiguity and I think non-compliance with RFC 8200 is when
dropping isn't occurring, and how to process the packet is singularly
encoded in the DA address. This is instead of following what is
explicitly encoded in the following EHs and transport layer headers.
This is contrary to IPv6 host processing of DA match -> EH processing
-> Transport layer -> Application Layer packet processing.

(I started down this path a few years ago by thinking about the
scenario of buying a router (device) from a router vendor, and then
running it as a BGP route reflector or server that isn't ever in the
packet forwarding path. Is it still a "router", or is it now a host?
Per RFC 8200, not a router, only a host, even if it still looks like a
router (device) with a router vendor's logo on it).

Best regards,
Mark.

> Best regards,
> Ole
>
>
>
>
>
>
>
> >
> > 4.  IPv6 Extension Headers
> >
> > ...
> >
> > "Extension headers (except for the Hop-by-Hop Options header) are not
> >   processed, inserted, or deleted by any node along a packet's delivery
> >   path, until the packet reaches the node (or each of the set of nodes,
> >   in the case of multicast) identified in the Destination Address field
> >   of the IPv6 header." (For context for the next two quotes.)
> >
> > ...
> >
> > "At the destination node, normal demultiplexing on the Next Header
> >   field of the IPv6 header invokes the module to process the first
> >   extension header, or the upper-layer header if no extension header is
> >   present.  The contents and semantics of each extension header
> >   determine whether or not to proceed to the next header. ***Therefore,
> >   extension headers must be processed strictly in the order they appear
> >   in the packet***; a receiver must not, for example, scan through a
> >   packet looking for a particular kind of extension header and process
> >   that header prior to processing all preceding ones."
> >
> > ...
> >
> > 4.1.  Extension Header Order
> >
> > ...
> >
> >  "IPv6 nodes must accept and attempt to process extension headers in
> >   any order and occurring any number of times in the same packet,
> >   except for the Hop-by-Hop Options header, which is restricted to
> >   appear immediately after an IPv6 header only.  Nonetheless, it is
> >   strongly advised that sources of IPv6 packets adhere to the above
> >   recommended order until and unless subsequent specifications revise
> >   that recommendation."
> >
> > ...
> >
> > Regards,
> > Mark.
> >
> >
> >
> >> Thanks
> >> --
> >> ===============================================
> >> David Farmer               Email:farmer@umn.edu
> >> Networking & Telecommunication Services
> >> Office of Information Technology
> >> University of Minnesota
> >> 2218 University Ave SE        Phone: 612-626-0815
> >> Minneapolis, MN 55414-3029   Cell: 612-812-9952
> >> ===============================================
> >> --------------------------------------------------------------------
> >> IETF IPv6 working group mailing list
> >> ipv6@ietf.org
> >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> >> --------------------------------------------------------------------
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email