IETF Logo Mail Archive

Re: 6man w.g. last call for <draft-ietf-6man-segment-routing-header-11.txt> #24 on packet source

"Joel M. Halpern" <jmh@joelhalpern.com> Tue, 24 April 2018 17:06 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7411712E9A1 for <ipv6@ietfa.amsl.com>; Tue, 24 Apr 2018 10:06:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M_-R-MzWHNbT for <ipv6@ietfa.amsl.com>; Tue, 24 Apr 2018 10:06:27 -0700 (PDT)
Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78F9D12D7F5 for <6man@ietf.org>; Tue, 24 Apr 2018 10:06:27 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id 6271B24056D; Tue, 24 Apr 2018 10:06:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1524589587; bh=eUNXzFOUEFdLejmIC2kjy/k9Lmt/ootmE90XLN8bPnI=; h=Subject:To:References:From:Date:In-Reply-To:From; b=qOA2Ue0XzCN6WhTVKAZNPXuI/4rZ4V1eZGrBc2OYdKIptYvDaFChpNcQ1CLksFyPo zMMDHdVjIrBwFx/3+5V16QeoEhnij5GgOq57f6rAVMXltTJgMHOmv8iI453VkPxUXr jv34RgKHy3+OETWlbR+1eq+KpOmfZ5eLrobaTOOM=
X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net
Received: from Joels-MacBook-Pro.local (unknown [212.205.134.141]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 4B1E2263996; Tue, 24 Apr 2018 10:06:25 -0700 (PDT)
Subject: Re: 6man w.g. last call for <draft-ietf-6man-segment-routing-header-11.txt> #24 on packet source
To: "Darren Dukes (ddukes)" <ddukes@cisco.com>, "6man@ietf.org" <6man@ietf.org>
References: <20160428004904.25189.43047.idtracker@ietfa.amsl.com> <FB1C6E49-81F7-49DD-8E8B-2C0C4735071B@gmail.com> <523d27a3-285e-6bcf-2b07-2cd8d31b0915@joelhalpern.com> <09A9D566-35E8-41D1-A541-58CBE0F29E40@cisco.com> <cc63c53d-196e-c8c6-d75f-280c989176db@joelhalpern.com> <CFBC0B4B-7802-4203-BBB4-ED0545941DCA@cisco.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <35a9e924-50d7-33d5-42f5-590b0d107b09@joelhalpern.com>
Date: Tue, 24 Apr 2018 13:06:23 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <CFBC0B4B-7802-4203-BBB4-ED0545941DCA@cisco.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/AwRPbWu4Y_Q1s2XtWG3NPadH_hw>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Apr 2018 17:06:29 -0000

The text change Darren provided points to a clear statement that 
addresses my concern.
At this point, to argue would be a matter of personal taste in document 
layout, and that is not legitimate.  I consider the problem resolved.

Yours,
Joel

On 4/24/18 11:51 AM, Darren Dukes (ddukes) wrote:
> Off list: Can you ack this issue is closed too?  Thanks.
> 
> Darren
> 
>> On Apr 24, 2018, at 6:59 AM, Joel M. Halpern <jmh@joelhalpern.com> wrote:
>>
>> The comment says taht there is nothing that needs to be done about this issue.
>>
>> Yes, the document that the SRH is added by the "packet source".  Given that the text does in passing talk about adding the SRH at a domain edge for a packet from outside the domain, the usage of "packet source" is ambiguous.
>>
>> I would prefer that the text was explicit that
>> a) a node originating an IPv6 packet and within an SRH domain by include an SRH.
>> 2) an edge node for an SRH domain which is forwarding an IP packet and wishes to add an SRH shall encapsulate the packet, and add an IPv6 header with an SRH.
>>
>> Yours,
>> Joel
>>
>> On 4/23/18 5:06 PM, Darren Dukes (ddukes) wrote:
>>> Hi Joel, this mail was captured as the following tracked issues:
>>> #22 <https://trac.ietf.org/trac/6man/ticket/22>, #23 <https://trac.ietf.org/trac/6man/ticket/23>, #24 <https://trac.ietf.org/trac/6man/ticket/24>, #25 <https://trac.ietf.org/trac/6man/ticket/25>, #26 <https://trac.ietf.org/trac/6man/ticket/26>
>>> I’ve updated comments that all these as closed in revision 12 of the doc and some clarification in the thread.  Can you click on each and read the comments to each please, and respond to thi thread?
>>> Thanks
>>>    Darren
>>>> On Mar 30, 2018, at 10:51 AM, Joel M. Halpern <jmh@joelhalpern.com <mailto:jmh@joelhalpern.com>> wrote:
>>>>
>>>> I do not think this document is ready to be sent to the IETF and IESG for final approval.
>>>> There are several kinds of problems.
>>>>
>>>> ECMP1: The document asserts that entropy information is put into the flow label.   I wish this worked.  I helped bring this idea forward years ago, independent of SRH.  Unfortunately, there are two related problems.  First, adoption appears to be low.  Second, and more important, there are reports from the field that doing thi actually breaks other things and cause packet re-ordering under some circumstances.  As a result, vendors are suggesting that people turn it off even when it is available.
>>>> ECMP2: If, with suitable analysis, we decide that this is actually safe to do, then the document needs to include both that analysis and clearly spelled out requirements that operators MUST verify that all their routers support this behavior and that they have enabled this behavior before turning on SRv6 usage.
>>>>
>>>> Structure: The text in section 2.3 says "It is assumed in this document that the SRH is added to the packet by its source".  This is at best disingenuous.  It is very clear that the value of this behavior lies primarily in use by the network, not by the packet sources.  Claiming otherwise results in a document with minimal utility.  Even this document itself disagrees with this assertion.  Tucked into the very next section is text saying that "outer header with an SRH applied to the incoming packet".  If this behavior were a clearly spelled out requirement, rather than a "typically" and if the text in 2.3 were replaced with something realistic, then the document would at least be itnernally consistent and match the expected usages.
>>>>
>>>> Edge filtering: The text on edge filtering does not actually state that prevention of packets with SRH and a current DA of an internal node is mandatory.  Unless it is clearly stated, the security considerations text as currently written is significantly weakened.  If it is mandatory, then again the deployment section needs to note that an operator needs to verify that all of his edge devices support such filtering and have it properly enabled in order to use SRv6.
>>>>
>>>> Edge Filtering and hybrids: Other documents have talked about allowing external packets with SRv6 entries pointing to internal nodes (which means the DA upon arrival at the operator edge will be an internal node as I understand it).  It the intention is to permit that with appropriate security, then the edge filtering requirements need to be clear about the requirements for cryptographic validation at the edge.
>>>>
>>>> Yours,
>>>> Joel
>>>>
>>>> On 3/29/18 4:30 PM, Bob Hinden wrote:
>>>>> This message starts a two week 6MAN Working Group Last Call on advancing:
>>>>>         Title           : IPv6 Segment Routing Header (SRH)
>>>>>         Authors         : Stefano Previdi
>>>>>                           Clarence Filsfils
>>>>>                           John Leddy
>>>>>                           Satoru Matsushima
>>>>>                           Daniel Voyer
>>>>> Filename       : draft-ietf-6man-segment-routing-header-11.txt
>>>>> Pages          : 34
>>>>> Date           : 2018-03-28
>>>>> https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header
>>>>> as a Proposed Standard.  Substantive comments and statements of support
>>>>> for publishing this document should be directed to the mailing list.
>>>>> Editorial suggestions can be sent to the author.  This last call will
>>>>> end on 12 April 2018.
>>>>> An issue tracker will be setup to track issues raised on this document.
>>>>> Thanks,
>>>>> Bob & Ole
>>>>> --------------------------------------------------------------------
>>>>> IETF IPv6 working group mailing list
>>>>> ipv6@ietf.org <mailto:ipv6@ietf.org>
>>>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>>>> --------------------------------------------------------------------
>>>>
>>>> --------------------------------------------------------------------
>>>> IETF IPv6 working group mailing list
>>>> ipv6@ietf.org <mailto:ipv6@ietf.org>
>>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>>> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email