IETF Logo Mail Archive

RE: [spring] Beyond SRv6.

Ron Bonica <rbonica@juniper.net> Thu, 12 September 2019 14:58 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A12A5120123; Thu, 12 Sep 2019 07:58:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mhL3x838In89; Thu, 12 Sep 2019 07:58:13 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FC2A120142; Thu, 12 Sep 2019 07:58:13 -0700 (PDT)
Received: from pps.filterd (m0108163.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x8CEt0Aj003982; Thu, 12 Sep 2019 07:57:36 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=w8HXMyY5gUyFrc/wxaZU38YnpoEVxdEp8YO4o9HP220=; b=PX0X+MmXHzrgtY+S+6Oop87a72tK05At9M+g0pwsjIw2qbGENeRdJI/m0XqIeorIBdgo wkwe/GQpUNT3RkDsZmc4gC/oyAsLkDMrDw/THcKHdFvjhwsccOMNZeYRNdlBhTUJxzyg xiNqPB2qi6C2ILd8nc5dcPSxWp+oNGSNO8HNhgFeqAu3I7ki5gl7xtm6A8TXOKbPomD3 qsQDsueWClqmVEU3TKFu9AUbg/6nD/KYvZRVt98p2uXrYVd05YAw4ndEEVmAwk4Ugb/u FX2p8kQeYNAAghvlmYanrpnyTj4guNDDr6iyx1eb9KoUqXqcYlijwlPOeXbQadCqKpbV mQ==
Received: from nam02-sn1-obe.outbound.protection.outlook.com (mail-sn1nam02lp2056.outbound.protection.outlook.com [104.47.36.56]) by mx0b-00273201.pphosted.com with ESMTP id 2uyb5f9aqg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 12 Sep 2019 07:57:36 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OAJjO2WsWD7k05uZ6hLCzROPQEjuA6NUYiReYCGCGLTACgFmrXIC8LZ3PBuVmVvkdoQnrTUPufOQG9PTu3RxbK8D/q8vDSpwGAt2zsJ2VWhkEnn/rToQxTy3xxmSt5z7aCnqw6hBE7YRMUZ4bsIlz01D61x6ywPwdLTWG3IOIZ/JprtzOR/VCuZHdFbqCoLm/jaNVrjTCtH7eElib0euZt+SVHB/P0l902V5jPUkaku2IBgD9gTXAuHF5nveGaVKnvok7Gc9/vXMXeIXHQLXP5efAKol6Qu96fsoKUWwl4XPQyTLrnIJBJqpwVHm/ujVVLCuIqGSUfaO0WTcf/BqTA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=w8HXMyY5gUyFrc/wxaZU38YnpoEVxdEp8YO4o9HP220=; b=i1wd+b1wviWBV6JW3LUsKtZ3J2hynFYtC1IfqZS4lXktw8c/DHNATZJ0RrCPNzR+zJRsunrHYraiK2yI/PUDL/rqi2lDwuxwIJcDSKjY5J8Ua+fFpAAHPBTyrNsh7o/lRPRJ3gUi60uOX6cLBG/4uD+gH/PIW19vaHXgLMTKvWZ2/jWvl8xQgjEDvBMvER+N0TXeN18x45yjy2ynbxE2uV9/kH4YrpZ99atEkeCJZMvBhy3NnpqEElDuD8A9jdOrWWBzLVhZREKizjZe8Yt3N/C/6MX2rssrruUoPspj9d2xN/drtkRYi13BnQxrpLITJ2uoqSMS3Je3JcRgeMEIaQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
Received: from BYAPR05MB5463.namprd05.prod.outlook.com (20.177.185.144) by BYAPR05MB4117.namprd05.prod.outlook.com (52.135.201.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.7; Thu, 12 Sep 2019 14:57:34 +0000
Received: from BYAPR05MB5463.namprd05.prod.outlook.com ([fe80::f4f2:f284:d49a:890a]) by BYAPR05MB5463.namprd05.prod.outlook.com ([fe80::f4f2:f284:d49a:890a%4]) with mapi id 15.20.2263.018; Thu, 12 Sep 2019 14:57:34 +0000
From: Ron Bonica <rbonica@juniper.net>
To: "EXT - daniel.bernier@bell.ca" <daniel.bernier@bell.ca>, "xiechf@chinatelecom.cn" <xiechf@chinatelecom.cn>, List <spring@ietf.org>
CC: Rob Shakir <robjs@google.com>, 6man <6man@ietf.org>, Tarek Saad <tsaad.net@gmail.com>, Robert Raszuk <robert@raszuk.net>
Subject: RE: [spring] Beyond SRv6.
Thread-Topic: [spring] Beyond SRv6.
Thread-Index: AQHVSwgt98swpc9VGEiHCF6pCt7E6qcYa58AgAHuRoCAAA+hgIAD7CKAgAADCDCAAD90AIAAFqeAgAA2B4CAAADegIACr8IAgAH6W4CAA+RrgIAALYeAgACyMBA=
Content-Class:
Date: Thu, 12 Sep 2019 14:57:34 +0000
Message-ID: <BYAPR05MB54634D5414FDB0A7531EF924AEB00@BYAPR05MB5463.namprd05.prod.outlook.com>
References: <CAHd-QWtA21+2Sm616Fnw0D-eB7SNb_BeG8-A-MCLLFgTwSpOsg@mail.gmail.com>, <BYAPR05MB54632F09C712ADB30138CFA9AEBE0@BYAPR05MB5463.namprd05.prod.outlook.com>, <BYAPR19MB3415D21403394F8129A4BAD8FCB90@BYAPR19MB3415.namprd19.prod.outlook.com>, <30491F13-C652-45C3-AB2B-95F765FBB4EA@juniper.net>, <65C5CB04-3A2F-4F83-A7C8-2045154F93AE@cisco.com>, <BYAPR05MB5463EC3250F2A303A3641839AEBA0@BYAPR05MB5463.namprd05.prod.outlook.com>, <91CBADAD-EFE6-46E1-A9D3-DAA111357179@juniper.net>, <CAOj+MMGyUFRPDqCBo5SbLX486o_9GLpM6Zxf8KSt1voWiqhkGQ@mail.gmail.com>, <E8D473B5-3E8D-4339-9A79-0CAE30750A55@juniper.net>, <CAOj+MMFOy5PyTo=jPJkVrQOctdWjsTbD=7ix-2n89vodKzT3gQ@mail.gmail.com>, <2F604D74-51CF-4F2F-AEA9-1CBDEEA9B9F7@gmail.com>, <F09C2D09-D769-4817-AF73-97D6ED1BC4BF@lapishills.com>, <201909120857387140042@chinatelecom.cn> <1568259664564.62561@bell.ca>
In-Reply-To: <1568259664564.62561@bell.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=True; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Owner=rbonica@juniper.net; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2019-09-12T14:57:32.1391660Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=Juniper Business Use Only; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Application=Microsoft Azure Information Protection; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=1d7a6823-c142-4dba-8ef1-cf507dc74268; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Extended_MSFT_Method=Automatic
dlp-product: dlpe-windows
dlp-version: 11.2.0.14
dlp-reaction: no-action
x-originating-ip: [66.129.241.13]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2e1daa77-1e0b-4705-f07f-08d737918b52
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:BYAPR05MB4117;
x-ms-traffictypediagnostic: BYAPR05MB4117:
x-ms-exchange-purlcount: 3
x-ld-processed: bea78b3c-4cdb-4130-854a-1d193232e5f4,ExtAddr
x-microsoft-antispam-prvs: <BYAPR05MB4117161B3FF62BB64F0C3C4AAEB00@BYAPR05MB4117.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 01583E185C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(346002)(366004)(376002)(136003)(396003)(39860400002)(199004)(189003)(54906003)(2906002)(33656002)(6116002)(966005)(229853002)(71190400001)(81156014)(3846002)(86362001)(8936002)(6306002)(66066001)(55016002)(81166006)(25786009)(9686003)(478600001)(74316002)(6246003)(7736002)(8676002)(14444005)(606006)(6506007)(4326008)(256004)(2501003)(54896002)(236005)(71200400001)(53546011)(6436002)(186003)(102836004)(53936002)(14454004)(486006)(476003)(790700001)(66946007)(66574012)(446003)(11346002)(316002)(76116006)(26005)(66446008)(66556008)(99286004)(64756008)(52536014)(110136005)(66476007)(5660300002)(76176011)(7696005); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR05MB4117; H:BYAPR05MB5463.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: T2V6qwo6EOluz4ZmkwQbq/OMI2I8WPcivRVIv6K5p/yGhBlT7pDqP5hSbRu69F13kXPJd2AgBl1l8U1SzqsaYTJcJD+MJxuWUQN+/4WPLSkqvM3L6tIUZQpLBzBHK7x7NffKbs5jD2L72mJHHU/cA+UwloSc+2u1d7wwyvoGzaqdrYUrgPOM/yR8bEpDRfkvtExf6G0G+1WpT73jlLMQWYQMU7IiXCAIDdgs0duy+LiIlwIvL1ijaAxI3PZzImpXXHyWxNBtR5Lmx81ZN5xdnGEoKymZ+QN3oUyzcXwsOL85gfmPIn4ZAoGTBQvjlM/3o2QNyRDYcze4n2Q9vl74oKWUllFgD7zw7zNeJlA+9RiTzG+5zD44wtdqfBrckOwREyOP+WpOR2/VdagYa3X76lmPUg2HK7HvWOpcoK3hC8Q=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BYAPR05MB54634D5414FDB0A7531EF924AEB00BYAPR05MB5463namp_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 2e1daa77-1e0b-4705-f07f-08d737918b52
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Sep 2019 14:57:34.2229 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: +cf9Y3RuNj+KMcymyX5OG5RQwP3oVaLiZPIlPWHbCSP+iQn3q7SSjE3QYM29UQKSqKknieOzqiI0PftxkNZ6Gw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB4117
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.70,1.0.8 definitions=2019-09-12_08:2019-09-11,2019-09-12 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 phishscore=0 priorityscore=1501 suspectscore=0 spamscore=0 mlxscore=0 malwarescore=0 clxscore=1011 impostorscore=0 bulkscore=0 lowpriorityscore=0 adultscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1906280000 definitions=main-1909120153
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Bf6Pm94lr33WC15E3EvbsWiLO0c>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Sep 2019 14:58:20 -0000

Dan,

Both good questions !!!

In Ole’s example, a segment endpoint that is not the SR egress node executes a service instruction. In SRv6+, this kind of service instruction is called a Per Segment Service Instruction (PSSI). It is encoded in a Destination Options header that precedes the Routing header. Because IPv6 processes extension header in the order that they appear in the packet, this Destination Options header is processed by each segment endpoint, including the SR Path egress node.

The Destination Options header includes one or more options. Options are processed in the order that they appear in the header. Each option has a unique type and the first two bits of the type identifier determine how the processing node will behave if it does not recognize the option.

SRv6+ defines a new IPv6 Option, called the PSSI option. The first two bits of its type identifier are 00. So, if the processing node does not recognize the option, or is not configured to process the option, it skips over the option and continues to process the packet. Typically, core routers won’t execute Per Segment Service Instructions. So, by default, they will be configured to skip over the PSSI option. However, devices that provide per segment services (e.g., firewall services , DPI services) will process the PSSI.

The PSSI by no means attempts to replace the NSH.

In SRv6+, service instructions that are executed by the SR path egress node only are called Per Path Service Instructions (PPSI). These instructions are encoded in another Destination Options header that precedes the upper layer header. This Destination Options header is processed by the SR path egress node only.

SRv6+ defines another new IPv6 Option, called the PSSI option. The first two bits of its type identifier are 10. So, if the processing node does not recognize the option, it discards the packet and sends an ICMP message to the packet source.

The benefit of separating the Routing Header from the PPSI are as follows:


  *   An AH or ESP header can be interposed between the Routing Header and the Destination Options header.  The AH or ESP can be used to protect PPSI.
  *   The Routing header isn’t bloated with PPSI information. Therefore, ASIC based intermediate nodes don’t have to load PPSI information into on chip memory
  *   That there is no need to define a myriad of SID’s, some of which are valid only when SL is equal to 0 and others that are valid when SL > 0. If an instruction is valid only when SL = 0, it isn’t a SID. It is a PPSI.

                                                                                 Ron







Juniper Business Use Only
From: spring <spring-bounces@ietf.org> On Behalf Of Bernier, Daniel
Sent: Wednesday, September 11, 2019 11:41 PM
To: xiechf@chinatelecom.cn; List <spring@ietf.org>
Cc: Rob Shakir <robjs@google.com>; 6man <6man@ietf.org>; Tarek Saad <tsaad.net@gmail.com>; Robert Raszuk <robert@raszuk.net>
Subject: Re: [spring] Beyond SRv6.


+1



The ability of using a single SRH to convey behaviour information wether they are per-segment or per-path has proven to be very simple and quick to define in various data plane targets.



At first analysis, trying to replicate with CRH + DOH variants, the logic required for service programs is more com​plex.



What happens if I need TLVs mid-point in a path but not at its end (e.g. referring to the Ole's ACME analogy) ? Would they now be defined in a seg-end-opt or a vpn-dest-opt ? If seg-end-opt then it means non-interested midpoint devices will have to lookup beyond the TLVs to get to CRH for next segment ?



Similar question would be on how would we implement proxy behaviours either dynamic or static ? If I read https://tools.ietf.org/html/draft-bonica-6man-seg-end-opt-04<https://urldefense.com/v3/__https:/tools.ietf.org/html/draft-bonica-6man-seg-end-opt-04__;!8WoA6RjC81c!X44n64pmIbfHbV6M9TDLFFeeQIEn4zROUOebJ7V5MYncIU31g1sgm7aA1kXfbfNt$> correctly, we then need NSH for richer service chains constructs (think Gi-LAN). This means I need CRH, some variants of DOH + NSH​.



I fail to see the simplicity there.



Dan B

________________________________
From: spring <spring-bounces@ietf.org<mailto:spring-bounces@ietf.org>> on behalf of xiechf@chinatelecom.cn<mailto:xiechf@chinatelecom.cn> <xiechf@chinatelecom.cn<mailto:xiechf@chinatelecom.cn>>
Sent: Wednesday, September 11, 2019 8:57 PM
To: List
Cc: Rob Shakir; 6man; Tarek Saad; Robert Raszuk
Subject: [EXT]Re: [spring] Beyond SRv6.


Hi, folks,
Last year China Telecom begun to implement SRv6 trial in Sichun province for the bearing and interconnection of video platforms which are  located in different cities, service agilities,secure sepertion, traffic steering and other features of SRv6 have been demonstrated in this trial. Based on this, SRv6 will be implementated in larger-scale in CT.
No technologies is 100% perfect,I agree that compression mechanism is needed to reduce the the overhead of long SID in the long term, but it is better to be compatible withe SRH, instead of designing a complete new one. CRH is a complete new design, it move the complexities from SRH to DOH.
Moreover, I hope more efforts of SRv6 should be given on how to support new services,for instance, Application-aware network (APN). Meanwhile, we should consider more on how to implmement smooth transition and protect the network assetof carriers.

Best regards
Chongfeng


From: Dirk Steinberg<mailto:dirk@lapishills.com>
Date: 2019-09-09 21:31
To: Gyan Mishra<mailto:hayabusagsm@gmail.com>
CC: SPRING WG List<mailto:spring@ietf.org>; 6man@ietf.org<mailto:6man@ietf.org>; Robert Raszuk<mailto:robert@raszuk.net>; Rob Shakir<mailto:robjs@google.com>; Tarek Saad<mailto:tsaad.net@gmail.com>
Subject: Re: [spring] Beyond SRv6.
There seems to be some confusion regarding TI-LFA.
A couple of comments:

- Remote LFA tunnel is not used with SR, only TI-LFA which
  only operates on the node that is the PLR (point of local repair).

- Any encapsulation on the ingress PE with or without EH has nothing
  to do with TI-LFA except for the special case where the ingress PE
  itself is the PLR.

- TI-LFA is not an IGP extension and does not require one.
  It is a purely local computation based on IGP topology.

- The PLR for TI-LFA may need to insert some SIDs into the SID
  list to steer the packet around the failure. For the LFA base case
  no SIDs are needed at all. If SID insertion is needed, the PLR
  will push the required number of labels in the MPLS case.

  For SRv6, the equivalent operation to the label push is to
  insert an EH with the required SID list. The packet will already
  have been encapsulated on the ingress PE and in the most
  common Internet or VPN base use case it will not even have
  an EH so that this EH insertion will result only in a single EH.

  Alternatively, the PLR could also be configured to perform
  encapsulation with a new IPv6 header using the repair SID
  as IPv6 destination address, without needing any EH.
  This will work for the vast majority of cases.
  Remember that one 128-bit SID in SRv6 is in most cases
  equivalent to 2 MPLS labels, i.e. a node label plus an
  adjacency SID can be encoded in a single SRv6 SID.

  Only in extreme cases would the PLR need to add an
  EH to the new IPv6 header with more SIDs.

- EH insertion for TI-LFA has nothing to do with stitching SRv6 domains.

Hope it helps.

Cheers
Dirk

Am 08.09.2019 um 09:19 schrieb Gyan Mishra <hayabusagsm@gmail.com<mailto:hayabusagsm@gmail.com>>:

From reading through all the discussion threads the SR insertion is two fold one being for FRR capabilities using Ti-LFA or remote LFA tunnel so end up requiring double EH insertions on the Ingress PE tunnel head end SRv6 source node and then second scenario being a possible EH insertions occurrence on intermediate nodes.  I have not read through the drafts or RFC regarding Ti-LFA with SR but since that is an IGP extension I am guessing an opaque LSA and is not the traditional MPLS FRR link/node/path protection that adds an additional mpls shim so not sure why an EH insertion needs to occur for Ti-LFA.  Can someone clarify that use case for me.  Also the EH insertion on intermediate node what is the use case or reason for that.  My guess is it’s for special use case of stitching SRv6 domains together.  Please clarify..

v2.23.0 | Report a Bug | By Email