IETF Logo Mail Archive

Re: What if? [was Re: Extension Header Insertion]

Fernando Gont <fernando@gont.com.ar> Tue, 10 December 2019 08:23 UTC

Return-Path: <fernando@gont.com.ar>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8766B120033 for <ipv6@ietfa.amsl.com>; Tue, 10 Dec 2019 00:23:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8ONt6BC4vBfo for <ipv6@ietfa.amsl.com>; Tue, 10 Dec 2019 00:23:41 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81D3D120108 for <6man@ietf.org>; Tue, 10 Dec 2019 00:23:41 -0800 (PST)
Received: from [192.168.1.7] (unknown [181.113.147.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 4990A853EC; Tue, 10 Dec 2019 09:23:37 +0100 (CET)
Subject: Re: What if? [was Re: Extension Header Insertion]
To: Gyan Mishra <hayabusagsm@gmail.com>, Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, 6man <6man@ietf.org>
References: <BN7PR05MB5699D9BA988F96E2F41CD390AE580@BN7PR05MB5699.namprd05.prod.outlook.com> <00dc01d5ae73$c361b450$4a251cf0$@olddog.co.uk> <dbcdeb1a-0091-da2b-20df-d991e6c06091@gmail.com> <9bc47200-4fea-37ce-0ede-cbf6a5f70ea9@gmail.com> <CABNhwV0ePOEpT57jksKTJf==N0rwnuV5U-xJ4xM9gQGR_GPx=w@mail.gmail.com>
From: Fernando Gont <fernando@gont.com.ar>
Autocrypt: addr=fernando@gont.com.ar; prefer-encrypt=mutual; keydata= mQINBE5so2gBEACzBQBLUy8nzgAzSZn6ViXT6TmZBFNYNqTpPRvTVtUqF6+tkI+IEd9N2E8p pXUXCd0W4dkxz6o7pagnK63m4QSueggvp881RVVHOF8oTSHOdnGxLfLeLNJFKE1FOutU3vod GK/wG/Fwzkv9MebdXpMlLV8nnJuAt66XGl/lU1JrNfrKO4SoYQi4TsB/waUQcygh7OR/PEO0 EttiU8kZUbZNv58WH+PAj/rdZCrgUSiGXiWUQQKShqKnJxLuAcTcg5YRwL8se/V6ciW0QR9i /sr52gSmLLbW5N3hAoO+nv1V/9SjJAUvzXu43k8sua/XlCXkqU7uLj41CRR72JeUZ4DQsYfP LfNPC98ZGTVxbWbFtLXxpzzDDT8i3uo7w1LJ2Ij/d5ezcARqw01HGljWWxnidUrjbTpxkJ9X EllcsH94mer728j/HKzC9OcTuz6WUBP3Crgl6Q47gY5ZIiF0lsmd9/wxbaq5NiJ+lGuBRZrD v0dQx9KmyI0/pH2AF8cW897/6ypvcyD/1/11CJcN+uAGIrklwJlVpRSbKbFtGC6In592lhu7 wnK8cgyP5cTU+vva9+g6P1wehi4bylXdlKc6mMphbtSA+T3WBNP557+mh3L62l4pGaEGidcZ DLYT2Ud18eAJmxU3HnM8P3iZZgeoK7oqgb53/eg96vkONXNIOwARAQABtCVGZXJuYW5kbyBH b250IDxmZ29udEBzaTZuZXR3b3Jrcy5jb20+iQJBBBMBAgArAhsjBQkSzAMABgsJCAcDAgYV CAIJCgsEFgIDAQIeAQIXgAUCTmylpQIZAQAKCRCuJQ1VHU50kv7wD/9fuNtTfxSLk3B3Hs3p ixTy8YXVjdkVwWlnJjFd7BOWmg7sI+LDhpjGfT6+ddOiwkumnvUZpObodj4ysH0i8c7P4C5t F9yu7WjklSlrB5Rth2CGChg5bKt541z2WHkFFxys9qBLmCSYDeKQkzLqhCjIUJizY2kOJ2GI MnSFDzJjhSFEh//oW830Y8fel1xnf/NVF+lBVtRMtMOfoWUqDjvP3sJ1G4zgkDCnF0CfncLx +hq2Mv26Uq9OTzvLH9aSQQ/f067BOkKAJKsfHdborX4E96ISTz57/4xECRSMr5dVsKVm4Y// uVIsb+L5z+a32FaiBZIAKDgnJO7Z8j6CV5e5yfuBTtX52Yi9HjYYqnYJGSDxYd6igD4bWu+7 xmJPHjkdqZgGV6dQIgiUfqkU+s5Cv350vK48CMaT/ZLo2BdsMhWsmaHmb+waePUMyq6E4E9x 9Js+EJb9ZiCfxS9exgieZQpet1L36IvhiwByvkQM009ywfa30JeMOltUtfLi5V06WQWsTzPL 5C+4cpkguSuAJVDTctjCA0moIeVDOpJ8WH9voQ4IeWapQnX35OIoj1jGJqqYdx65gc1ygbyx b8vw+pJ9E5GLse5TQnYifOWpXzX9053dtbwp/2OVhU4KLlzfCPCEsoTyfu9nIZxdI2PMwiL5 M85BfjX4NmwBLmPGoLkCDQRObKNoARAAqqXCkr250BchRDmi+05F5UQFgylUh10XTAJxBeaQ UNtdxZiZRm6jgomSrqeYtricM9t9K0qb4X2ZXmAMW8o8AYW3RrQHTjcBwMnAKzUIEXXWaLfG cid/ygmvWzIHgMDQKP+MUq1AGQrnvt/MRLvZLyczAV1RTXS58qNaxtaSpc3K/yrDozh/a4pu WcUsVvIkzyx43sqcwamDSBb6U8JFoZizuLXiARLLASgyHrrCedNIZdWSx0z0iHEpZIelA2ih AGLiSMtmtikVEyrJICgO81DkKNCbBbPg+7fi23V6M24+3syHk3IdQibTtBMxinIPyLFF0byJ aGm0fmjefhnmVJyCIl/FDkCHprVhTme57G2/WdoGnUvnT7mcwDRb8XY5nNRkOJsqqLPemKjz kx8mXdQbunXtX9bKyVgd1gIl+LLsxbdzRCch773UBVoortPdK3kMyLtZ4uMeDX3comjx+6VL bztUdJ1Zc9/njwVG8fgmQ+0Kj5+bzQfUY+MmX0HTXIx3B4R1I1a8QoOwi1N+iZNdewV5Zfq+ 29NlQLnVPjCRCKbaz9k6RJ2oIti55YUI6zSsL3lmlOXsRbXN5bRswFczkNSCJxJMlDiyAUIC WOay7ymzvgzPa+BY/mYn94vRaurDQ4/ljOfj6oqgfjts+dJev4Jj89vp8MQI3KJpZPEAEQEA AYkCJQQYAQIADwUCTmyjaAIbDAUJEswDAAAKCRCuJQ1VHU50km4xEACho45PZrUjY4Zl2opR DFNo5a6roTOPpgwO9PcBb3I5F8yX2Dnew+9OhgWXbBhAFq4DCx+9Gjs43Bn60qbZTDbLGJ/m 8N4PwEiq0e5MKceYcbetEdEUWhm5L6psU9ZZ82GR3UGxPXYe+oifEoJjOXQ39avf9S8p3yKP Diil0E79rn7LbJjMcgMLyjFg9SDoJ6pHLtniJoDhEAaSSgeV7Y745+gyMIdtQmrFHfqrFdjq D6G0HE+Z68ywc5KN67YxhvhBmSycs1ZSKAXv1zLDlXdmjHDHkU3xMcB+RkuiTba8yRFYwb/n j62CC4NhFTuIKOc4ta3dJsyXTGh/hO9UjWUnmAGfd0fnzTBZF8Qlnw/8ftx5lt4/O+eqY1EN RITScnPzXE/wMOlTtdkddQ+QN6xt6jyR2XtAIi7aAFHypIqA3lLI9hF9x+lj4UQ2yA9LqpoX 6URpPOd13JhAyDe47cwsP1u9Y+OBvQTVLSvw7Liu2b4KjqL4lx++VdBi7dXsjJ6kjIRjI6Lb WVpxe8LumMCuVDepTafBZ49gr7Fgc4F9ZSCo6ChgQNLn6WDzIkqFX+42KuHz90AHWhuW+KZR 1aJylERWeTcMCGUSBptd48KniWmD6kPKpzwoMkJtEXTuO2lVuborxzwuqOTNuYg9lWDl7zKt wPI9brGzquUHy4qRrA==
Message-ID: <58fb8886-ba8d-fd5e-e250-baee164cae2d@gont.com.ar>
Date: Tue, 10 Dec 2019 03:21:14 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1
MIME-Version: 1.0
In-Reply-To: <CABNhwV0ePOEpT57jksKTJf==N0rwnuV5U-xJ4xM9gQGR_GPx=w@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/5ZEQlTyc4QmYiqpyJDoSBoi9tIc>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Dec 2019 08:23:45 -0000

Hello, Gyan,

Is it me, or somehow when asked a simple question this results in
complexity explosion -- not unusually diverting the attention elsewhere
(where intentionally or unintentionally)?

Let's make things simple:

1) The SRH draft draft-ietf-6man-segment-routing-header talks about
encapsulating an incoming packet into a new header, that incorporates a
SRH. Of course, this is encapsulation/tunneling, so this does not result
in header insertion.

2) Things like TI-LFA have been implemented by inserting a new SRH n
flight, leasing to the situation described by Brian (and  going against
the recommendation in RFC8200)

3) Penultimate Segment Popping results in the SRH being removed
in-flight, violating RFC8200.


Going back to #2, the scenario raised by Brian: from a semantical point
of view, a packet containing two SRH does not make any sense.

Thanks,
Fernando




On 10/12/19 00:28, Gyan Mishra wrote:
> 
> Brian 
> 
> 
> I would like to put this into proper context for SRv6 and how it would
> be deployed in a real world scenario so we can fully connect all the
> dots of this puzzle.
> 
> So with SRv6 the 1st SRH eh insertion would never be in flight eh
> insertion in the middle of the network.  
> 
> Providing some context below.
> 
> The topology is identical to a typical service provider MPLS core where
> you have a PE-CE link to customers.  So in the MPLS scenario the Ingress
> PE would add L3 VPN MBGP bottom of stack label for the customer VRF
> PE-CE attachment circuit.
> 
> With SRv6 the L3 VPN MBGP is encapsulated in IPv6 and sits in the
> overlay as the inner header payload since now with SRv6 we have an IPv6
> data plane as our underlay 6in6 outer header instead of MPLS ldp topmost
> label.  Essentially we are swapping MPLS ldp topmost label for SRv6 IPv6
> data plane underlay with all BGP services overlay remaining as-is intact
> AFI/SAFI riding on top of SRv6 sitting in the 6in6 payload.
> 
> The SRv6 source node ingress PE of the SR domain would now encapsulate
> the SRv6 L3 services TLV and at the same time inserts SRH header routing
> type 4 for the hop by hop traffic engineering of the flow through the
> controlled SRv6 operators domain.
> 
> So from the big picture standpoint the 1st SRH eh insertion is most
> definitely not in the middle of the network and not in flight eh
> insertion since the BGP services TLV originating from the external CE
> edge is tunneled over the SRv6 IPv6 data plane controlled operator domain.
> 
> BESS WG draft depicts the L3 vpn services TLV that is 6in6 tunneled sits
> in the overlay.
> 
> https://tools.ietf.org/html/draft-dawra-bess-srv6-services-02
> 
> 
> 2
> <https://tools.ietf.org/html/draft-dawra-bess-srv6-services-02#section-2>.
> SRv6 Services TLVs
> 
>    This document extends the BGP Prefix-SID attribute
>    [I-D.ietf-idr-bgp-prefix-sid <https://tools.ietf.org/html/draft-dawra-bess-srv6-services-02#ref-I-D.ietf-idr-bgp-prefix-sid>] to carry SRv6 SIDs and associated
>    information.
> 
>    The SRv6 Service TLVs are defined as two new TLVs of the BGP Prefix-
>    SID Attribute to achieve signaling of SRv6 SIDs for L3 and L2
>    services.
> 
>    o  SRv6 L3 Service TLV: This TLV encodes Service SID information for
>       SRv6 based L3 services.  It corresponds to the equivalent
>       functionality provided by an MPLS Label when received with a Layer
>       3 service route.  Some behaviors which MAY be encoded, but not
>       limited to, are End.DX4, End.DT4, End.DX6, End.DT6, etc.
> 
>    o  SRv6 L2 Service TLV: This TLV encodes Service SID information for
>       SRv6 based L2 services.  It corresponds to the equivalent
>       functionality provided by an MPLS Label1 for EVPN Route-Types as
>       defined in[RFC7432].  Some behaviors which MAY be encoded, but not
>       limited to, are End.DX2, End.DX2V, End.DT2U, End.DT2M etc.
> 
>    When an egress PE is enabled for BGP Services over SRv6 data-plane,
>    it MUST signal one or more SRv6 Service SIDs enclosed in SRv6 Service
>    TLV(s) within the BGP Prefix-SID Attribute attached to MP-BGP NLRIs
>    defined in [RFC4760 <https://tools.ietf.org/html/rfc4760>][RFC4659][RFC5549 <https://tools.ietf.org/html/rfc5549>][RFC7432][RFC4364 <https://tools.ietf.org/html/rfc4364>] where
>    applicable as described in section 3 <https://tools.ietf.org/html/draft-dawra-bess-srv6-services-02#section-3> and 4.
> 
>    The 2nd SRH EH insertion with TI-LFA occurs at the PLR point of local
> 
> Repair node to the loop free PQ node. 
> 
> 
> So this addition SRH header is only inserted and   removed during a failure fast reroute.  I believe  but not sure if TI-LFA behaves the same as MPLS ldp 
> 
> Remote LFA where a MPLS label is added at the PLR 
> 
> Node and tunneled to the PQ node.  I am still      researching that one.
> 
> 
> With SRv6 the use cases are for wherever you use mpls public internet or
> private or enterprise scenario so you would always have the same SR
> source PE encapsulation of the edge CE L3 services TLV and so in any of
> those use cases would not be a middle of the network in flight EH
> insertion which is a violation of RFC 8200.
> 
> Gyan
> 
> On Mon, Dec 9, 2019 at 8:21 PM Brian E Carpenter
> <brian.e.carpenter@gmail.com <mailto:brian.e.carpenter@gmail.com>> wrote:
> 
>     So, let's assume that two consecutive SRH headers are allowed in the
>     same packet.
> 
>     So the first one (an example from
>     draft-ietf-6man-segment-routing-header-26) is:
> 
>            Segments Left=2
>            Last Entry=2
>            Flags=0
>            Tag=0
>            Segment List[0]=S3
>            Segment List[1]=S2
>            Segment List[2]=S1
> 
>     and the second one is
> 
>            Segments Left=1
>            Last Entry=1
>            Flags=0
>            Tag=0
>            Segment List[0]=S4
>            Segment List[1]=S5
> 
>     I made that up and it's obviously nonsense, but if this is allowed
>     why aren't the rules for processing conflicting SRHs described in
>     draft-ietf-6man-segment-routing-header-26? Do we need to recall it
>     from the RFC Editor queue to be fixed?
> 
>     Regards
>        Brian Carpenter
> 
>     On 10-Dec-19 14:02, Brian E Carpenter wrote:
>     > On 09-Dec-19 22:33, Adrian Farrel wrote:
>     >> Hi Ron,
>     >>
>     >> I think we can jump to a quick answer on this because
>     draft-ietf-spring-srv6-network-programming-05 says:
>     >>
>     >>    We assume that the SRH may
>     >>    be present multiple times inside each packet.
>     >>
>     >> Thus we may assume that the proponents of Extension Header
>     insertion do think that it is acceptable to insert a second routing
>     header into a packet that already has one.
>     >>
>     >> And 8200 is clear when it says:
>     >>    Each extension header should occur at most once, except for the
>     >>    Destination Options header, which should occur at most twice (once
>     >>    before a Routing header and once before the upper-layer header).
>     >
>     > That's "should", which in a non-RFC2119 document like RFC 8200,
>     means "should".
>     > It's not "must". So while I would prefer that the relevant SRH
>     document justifies
>     > the exception, there isn't a breach of a mandatory requirement.
>     >   
>     >> So draft-ietf-spring-srv6-network-programming-05 includes a false
>     assumption which need to be either removed or secured through an
>     update to 8200.
>     >> 
>     >> Ideally, I suppose, draft-ietf-6man-segment-routing-header would
>     have contained the clarification that the SRH could be present
>     multiple times
>     >
>     > Yes
>     >
>     >> (updating 8200 as it went).
>     >
>     > Unnecessary, IMHO.
>     >
>     >     Brian
>     >
>     >>
>     >>  
>     >>
>     >> Cheers,
>     >>
>     >> Adrian
>     >>
>     >>  
>     >>
>     >> *From:*ipv6 <ipv6-bounces@ietf.org
>     <mailto:ipv6-bounces@ietf.org>> *On Behalf Of *Ron Bonica
>     >> *Sent:* 09 December 2019 03:04
>     >> *To:* 6man <6man@ietf.org <mailto:6man@ietf.org>>
>     >> *Subject:* Extension Header Insertion
>     >>
>     >>  
>     >>
>     >> Folks,
>     >>
>     >>  
>     >>
>     >> This question is posed primarily to the proponents of Extension
>     Header insertion.
>     >>
>     >>  
>     >>
>     >> Do you think that it is acceptable to insert a second routing
>     header into a packet that already has one, so the resulting packet
>     looks like the following:
>     >>
>     >>  
>     >>
>     >>   * IPv6 header
>     >>   * SRH
>     >>   * SRH
>     >>   * Upper-layer header
>     >>
>     >>  
>     >>
>     >> Would this be common in TI-LFA?
>     >>
>     >>  
>     >>
>     >>
>                                                                           Ron
>     >>
>     >>  
>     >>
>     >>  
>     >>
>     >> Juniper Business Use Only
>     >>
>     >>
>     >> --------------------------------------------------------------------
>     >> IETF IPv6 working group mailing list
>     >> ipv6@ietf.org <mailto:ipv6@ietf.org>
>     >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>     >> --------------------------------------------------------------------
>     >>
>     >
> 
>     --------------------------------------------------------------------
>     IETF IPv6 working group mailing list
>     ipv6@ietf.org <mailto:ipv6@ietf.org>
>     Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>     --------------------------------------------------------------------
> 
> -- 
> 
> Gyan S. Mishra
> 
> IT Network Engineering & Technology 
> 
> Verizon Communications Inc. (VZ)
> 
> 13101 Columbia Pike FDC1 3rd Floor
> 
> Silver Spring, MD 20904
> 
> United States
> 
> Phone: 301 502-1347
> 
> Email: gyan.s.mishra@verizon.com <mailto:gyan.s.mishra@verizon.com>
> 
> www.linkedin.com/in/networking-technologies-consultant
> <http://www.linkedin.com/in/networking-technologies-consultant>
> 
> 
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
> 


-- 
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

v2.23.0 | Report a Bug | By Email