Re: I-D Action: draft-voyer-6man-extension-header-insertion-07.txt
Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 14 October 2019 19:17 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B970A120883 for <ipv6@ietfa.amsl.com>; Mon, 14 Oct 2019 12:17:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16BWJvq5x3IH for <ipv6@ietfa.amsl.com>; Mon, 14 Oct 2019 12:17:08 -0700 (PDT)
Received: from mail-pf1-x435.google.com (mail-pf1-x435.google.com [IPv6:2607:f8b0:4864:20::435]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 229E112087B for <ipv6@ietf.org>; Mon, 14 Oct 2019 12:17:08 -0700 (PDT)
Received: by mail-pf1-x435.google.com with SMTP id y5so10926765pfo.4 for <ipv6@ietf.org>; Mon, 14 Oct 2019 12:17:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=03HoKirn4jP2T3bNHZdOtVP73UzQ2H57zgaD96rr5RQ=; b=mNo2An3ffRuYeAVcc+y7lkXHrh/p3J5lo8jlPm3883VOwO4TOeR0XOtx7TjRA/6HSZ wJNcohAXnsLrTBqPrWMrIebopGoPyf6w4oagik/CZZXpnP/O2b2/sNrQNalTnq2juzD1 cbWQZQbpEOHaFWqFGpC1tXyjpj9CM9wW2EBsKYuJDGL/VgPYHinhXbmhIFbSZb5cwwLb /UyIt+xBJzKPlxqaTurBz6xaHzOABFLMpK3h63mSlFDhrbe83XAuiREZ8GLbqLL4HP/6 oy5TD9Cvk7VOWZ9Jidjl7Q9k5Ydo9EYXqbchb34FJsC9zkPcgRRKOTOa7FbYeLBkYx72 l7gw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=03HoKirn4jP2T3bNHZdOtVP73UzQ2H57zgaD96rr5RQ=; b=Ju9g4VxiEqwoEbNswCa0zj2vn/jmUtj+tQvA1OikafTP6m8myAte8KvZJSKTypdE6U 0CyG7EIx4xxcapr2LOlC3urokniHJWGmJJai5qyzQ/5PspTuLIlIp8ZoiDgYlcQiKZmX t4UK2QRYT+yXxlm2qgyp0sgt548jdDsBpHmA3Ik0U03xr+4y4K571QgMK1TOgU3SIsFV YI4ohTwEEd8ke6NeCLwg4B96oJoJe3KLCxH1ApseWpQfMTAEfRr0d3pOXtn5RVy4yJ/9 rC4hqFXkpNl+qFnEdw6nlk+j5HVsxbT98Emd5uUY6n104u9AFjTf0+ZfdcVDPEURlCev 9HZA==
X-Gm-Message-State: APjAAAX2yF1tt2upivHasYg71zfiiD1Dbzh1exHPCOW2vB5Hv4WgQ3UK 5bJJiHdM2TZmDWOBucUAee7b2olj
X-Google-Smtp-Source: APXvYqxoiqCGHv7pEyx1aSuyIdLBoWgxzzdIsWNjJ1nzuKLZS5jzoDoQjmaN+bT6YrFNovZmZaIoCA==
X-Received: by 2002:a17:90a:2710:: with SMTP id o16mr37186071pje.98.1571080626787; Mon, 14 Oct 2019 12:17:06 -0700 (PDT)
Received: from [192.168.178.30] (233.148.69.111.dynamic.snap.net.nz. [111.69.148.233]) by smtp.gmail.com with ESMTPSA id e10sm24460187pfh.77.2019.10.14.12.17.04 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 14 Oct 2019 12:17:05 -0700 (PDT)
Subject: Re: I-D Action: draft-voyer-6man-extension-header-insertion-07.txt
To: Tom Herbert <tom@herbertland.com>
Cc: 6man <ipv6@ietf.org>
References: <156903961333.5092.16807379687598480151@ietfa.amsl.com> <c9702ec2-61d9-66e4-1d2c-d462eaf00f21@gmail.com> <CALx6S37TrL_SsJ3o1FqzskZ4xqyDo8AeHDhXiKpPTd2e8vP_sw@mail.gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <0bca82dc-a82e-0763-c3b3-09ef7a115b4f@gmail.com>
Date: Tue, 15 Oct 2019 08:17:01 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <CALx6S37TrL_SsJ3o1FqzskZ4xqyDo8AeHDhXiKpPTd2e8vP_sw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/CKYtGkXUdWfRS6H9Ng2RoRKCEa8>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2019 19:17:11 -0000
Tom, > So RFC8200 is applicable in SR domains, limited domains, and > the Internet. IMO, this draft is trying to justify an exception to the > requirements and should be written as such. Absolutely; that's why I suggested a SHOULD, in fact. I didn't raise a related standards-wonk question: whether the draft should be tagged as "Updates: 8200" (or "Amends: 8200" in terms of draft-kuehlewind-update-tag). If it's going to be done, it should be explicit. Regards Brian On 15-Oct-19 04:53, Tom Herbert wrote: > On Sat, Oct 12, 2019 at 2:58 PM Brian E Carpenter > <brian.e.carpenter@gmail.com> wrote: >> >> Hi, >> >> I'd like to comment on this version. It is in fact a complete rewrite compared to >> its predecessors and I thank the authors for that. The tone is now purely technical, >> and that's a great improvement. >> >> It's also, IMHO, accurate in its statements about the relationship with RFC 8200. >> In particular: >> >>> Action 2 inserts an SRH in a packet within the SR domain at a node >>> not in the destination address, and inserts more than one SRH in a >>> packet. This does not appear to be permitted by the statements >>> quoted above from RFC8200. However, the restrictions above are not >>> applicable within the SR domain. Every source node participating in >>> the SR domain expects SRH insertion, relies on it for services >>> provided by the SR domain, correctly processes ICMP errors, and >>> according to RFC8200 must process multiple SRH in the same packet. >> >> That statement "the restrictions above are not applicable within the SR domain" >> is (it seems to me) a normative statement. It might be even clearer to state it >> as such: >> ...the restrictions above SHOULD NOT be applied within the SR domain. >> > Brian, > > Dissecting this a bit: > > "Every source node participating in the SR domain expects SRH insertion" > > That is awfully inclusive and seems to be retroactively creating a > fundamental property of SR domains. Also, no opt out form source? I > would expect that in most use cases, probably all in deployment today, > the SR EH is set at the ingress node into the SR domain and describes > the path to egress. The fact that some intermediate node might insert > an EH could conceivably be a security issue in such deployments more > than anything. IMO, if EH is allowed then source nodes should be able > to opt out, or even better EH insertion should always be opt in from > the source. If a source node wishes to enforce that no EHs are > inserted it can do that with AH (assuming that AH were properly > specified to interact with SRH).. > > The draft also states that the source and destination are required to > be in the same SR domain for EH insertion. This needs to be specified > as a MUST. The obvious question this raises is: how does an > intermediate node know that a source and destination are in the SR > domain? I would infer that the authors are probably assuming that this > can be done by specifying a prefix for the SR domain or maybe a > whitelist of addresses? This is easy enough to propose, but on a > network of even moderate scale I'm not convinced it's manageable. I > suggest an alternative is for the source node to mark packets for > which EH insertion is permissible (i.e. the opt in model). This could > be done for instance by the source setting a null SR header (no SIDs) > with a flag that indicates EH insert is permitted. > > "correctly processes ICMP errors" > > That presumes that correct processing of ICMP errors is well defined. > Consider this scenario: > > An intermediate node inserts an SRH with HMAC, a subsequent downstream > node attempts to verify the HMAC and fails to verify. The downstream > node sends an ICMP packet back to the source. What is source supposed > to do with this ICMP error? (note this is just one scenario, the > general case is how to deal with ICMP errors sent because of error in > the inserted EH). There is nothing that source host can do within the > protocol to avoid further occurrences of the error. At best they'll > log it, but since there's no attribution so now somebody someone needs > to track down who is inserting the EH-- in a complex network that may > be non-trivial. > > Attribution is critical. One obvious way to address this would be for > the node inserting the EH to put its address into the SRH, but then > that reduces the overhead savings of SR EH insertion compared to > encapsulation to be just eight bytes (destination address in > encapsulation is same as last address in insert SID list). IMO, it > would be better to just do encapsulation instead. > > Another hole is correct ICMP processing is reflected in: > > "The SR domain ingress edge processing the ICMP error SHOULD log the > error and decrement the ingress edge MTU for traffic traversing the SR > domain (if it's greater than the IPv6 minimum MTU of 1280 bytes)" > > Okay, but what if the source _is_ already at minimum MTU for PMTU? > Note that SRH can be hundreds of byte and now with insertion there can > be multiple SRHs of these is a packet, I don't think this is something > that can be easily dismissed with the typical assumption that all > networks can just set MTUs large enough. > > "However, the restrictions above are not applicable within the SR domain" > > I think the wording here is wrong for the intent of the draft. All the > normative "MUSTs" in RFC8200 and other appropriate standards are > applicable to _all_ use cases of the protocol. I see no provision in > RFC8200 that its requirements, like prohibition of EH insertion, are > conditional based on the environment in which the protocol is > deployed. So RFC8200 is applicable in SR domains, limited domains, and > the Internet. IMO, this draft is trying to justify an exception to the > requirements and should be written as such. Presumably, the exception > might be palatable if it maintains robustness, interoperability, and > spirit of requirements of RFC8200. > > Tom > >>> the SR domain expects SRH insertion >> Clearly it's a WG question whether on not we want to put this on the standards >> track. I hope we can discuss it as a technical question. My subsidiary >> question is: does the description of an SR domain (here and in RFC8402) >> provide enough security and operational assurance that this SHOULD NOT is >> safe? >> > Hi Brain, > > > >> Regards >> Brian Carpenter >> j >> On 21-Sep-19 16:20, internet-drafts@ietf.org wrote: >>> >>> A New Internet-Draft is available from the on-line Internet-Drafts directories. >>> >>> >>> Title : Insertion of IPv6 Segment Routing Headers in a Controlled Domain >>> Authors : Daniel Voyer >>> Clarence Filsfils >>> Darren Dukes >>> Satoru Matsushima >>> John Leddy >>> Filename : draft-voyer-6man-extension-header-insertion-07.txt >>> Pages : 13 >>> Date : 2019-09-20 >>> >>> Abstract: >>> Traffic traversing an SR domain is encapsulated in an outer IPv6 >>> header for its journey through the SR domain. >>> >>> To implement transport services strictly within the SR domain, the SR >>> domain may require insertion or removal of an SRH after the outer >>> IPv6 header of the SR domain. Any segment within the SRH is strictly >>> contained within the SR domain. >>> >>> The SR domain always preserves the end-to-end integrity of traffic >>> traversing it. No extension header is manipulated, inserted or >>> removed from an inner transported packet. The packet leaving the SR >>> domain is exactly the same (except for the hop-limit update) as the >>> packet entering the SR domain. >>> >>> The SR domain is designed with link MTU sufficiently greater than the >>> MTU at the ingress edge of the SR domain. >>> >>> >>> >>> The IETF datatracker status page for this draft is: >>> https://datatracker.ietf.org/doc/draft-voyer-6man-extension-header-insertion/ >>> >>> There are also htmlized versions available at: >>> https://tools.ietf.org/html/draft-voyer-6man-extension-header-insertion-07 >>> https://datatracker.ietf.org/doc/html/draft-voyer-6man-extension-header-insertion-07 >>> >>> A diff from the previous version is available at: >>> https://www.ietf.org/rfcdiff?url2=draft-voyer-6man-extension-header-insertion-07 >>> >>> >>> Please note that it may take a couple of minutes from the time of submission >>> until the htmlized version and diff are available at tools.ietf.org. >>> >>> Internet-Drafts are also available by anonymous FTP at: >>> ftp://ftp.ietf.org/internet-drafts/ >>> >>> _______________________________________________ >>> I-D-Announce mailing list >>> I-D-Announce@ietf.org >>> https://www.ietf.org/mailman/listinfo/i-d-announce >>> Internet-Draft directories: http://www.ietf.org/shadow.html >>> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt >>> >> >> -------------------------------------------------------------------- >> IETF IPv6 working group mailing list >> ipv6@ietf.org >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 >> -------------------------------------------------------------------- >
- Re: I-D Action: draft-voyer-6man-extension-header… Brian E Carpenter
- Re: I-D Action: draft-voyer-6man-extension-header… Tom Herbert
- Re: I-D Action: draft-voyer-6man-extension-header… Brian E Carpenter
- Re: I-D Action: draft-voyer-6man-extension-header… Mark Smith
- Re: I-D Action: draft-voyer-6man-extension-header… Tom Herbert
- Re: I-D Action: draft-voyer-6man-extension-header… Fernando Gont
- Re: I-D Action: draft-voyer-6man-extension-header… Fernando Gont
- Re: I-D Action: draft-voyer-6man-extension-header… Fernando Gont
- Re: I-D Action: draft-voyer-6man-extension-header… Mark Smith
- Re: I-D Action: draft-voyer-6man-extension-header… Gyan Mishra
- Re: I-D Action: draft-voyer-6man-extension-header… Mark Smith
- Re: I-D Action: draft-voyer-6man-extension-header… Alexandre Petrescu
- Re: I-D Action: draft-voyer-6man-extension-header… Tom Herbert
- Re: I-D Action: draft-voyer-6man-extension-header… Gyan Mishra
- Re: I-D Action: draft-voyer-6man-extension-header… Gyan Mishra
- Re: I-D Action: draft-voyer-6man-extension-header… Mark Smith
- Re: I-D Action: draft-voyer-6man-extension-header… Alexandre Petrescu
- Re: I-D Action: draft-voyer-6man-extension-header… Tom Herbert
- Re: I-D Action: draft-voyer-6man-extension-header… Alexandre Petrescu
- Re: I-D Action: draft-voyer-6man-extension-header… Tom Herbert
- Re: I-D Action: draft-voyer-6man-extension-header… Gyan Mishra