IETF Logo Mail Archive

Re: CRH and RH0

Tom Herbert <tom@herbertland.com> Wed, 13 May 2020 16:29 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F86C3A0B78 for <ipv6@ietfa.amsl.com>; Wed, 13 May 2020 09:29:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vefXyVwvh6ko for <ipv6@ietfa.amsl.com>; Wed, 13 May 2020 09:29:49 -0700 (PDT)
Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 239DC3A0CCB for <6man@ietf.org>; Wed, 13 May 2020 09:29:38 -0700 (PDT)
Received: by mail-ej1-x635.google.com with SMTP id s9so66326eju.1 for <6man@ietf.org>; Wed, 13 May 2020 09:29:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=TZdIgVzYCX6ZAqtleU1ABERDD1GqdQu9nZ+YmHI+ITs=; b=Lr9ijTqj5vDrHFfs93oM2lAmMweLAGgcBiXrfsU62iBI58HUED02uBmB1vYYdPLqhV Rrezq0jQWOWZ/6J65o0cWudal+PcEnm94t9YLZx+ryLjdTTU/98hyMUtfDQ7S8ykseJY PQAPvalV/NksxB0zaT8vEvsPyQYF6i33T+vetQnO7CCY1KAyUXisxKbn86r1MuJOhM/h Uf0FwHfDI6eD4zq+pDuDNR+Sa5seJxnNZT4vSdNoaFBkyPNIJKDRi0VCdVOhgKfUdmD6 ftnr9CAZaxbECg86mZdSOA5n01ZruoBdjX5mv0omKTus7YuwZ6QhWAQ8Dujdir02QziR 05Hg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=TZdIgVzYCX6ZAqtleU1ABERDD1GqdQu9nZ+YmHI+ITs=; b=nkywnG1jPuMIjGE/zKAmxB4icPaELF//sv1YGZow/OZHWx+9X2J0fSgs6PpOCVrbTP hwDPIyIHhY8VZgzgeQNRHX/Q/RllEwQS/qLwShTo97Zk3eqHhDbxDKiQ8PGYsfvO/f1p JGMGSYFZclEqw+tdlkYwfZAlNIhK+ggu9JU1CxZ9klnIyPcZUlfHCvlhWQViUW3qpiOh rQ5Jq6c7n7IeUSKnF49xOHAbqkj85LEnxUdtiQKiS193afthiVtdfm6LPoB6IIlIInEb m6PSkC6zJx6gAbI9BTTIM0lBdYG+RHNmDuPz0W+bpZhmVMRcPxLhT+0l4NwD6GXhoDuH 7jGw==
X-Gm-Message-State: AGi0Pubv2IYM5Z1PREK7MelswnQlzcS+PEBtMXZzCzq1IgGxYNqphjYp kVcu0RjodzXTYp5ljDdsEC3lPGZfwXxtbcdpRPdF6a9T
X-Google-Smtp-Source: APiQypIfgImnJcX8ZE86LhnhSyfmSKI6RUpROUmAeregnh+mmGloRQwKgXkRpz5EXvniHNx7eB6/I9CGUkeYhF/13Ms=
X-Received: by 2002:a17:907:7210:: with SMTP id dr16mr22552435ejc.197.1589387376448; Wed, 13 May 2020 09:29:36 -0700 (PDT)
MIME-Version: 1.0
References: <4EDFE9A2-A69C-4434-BB0A-960C2453250F@cisco.com> <DM6PR05MB6348FE6E3A45320C2A47EB66AEBE0@DM6PR05MB6348.namprd05.prod.outlook.com> <8068EBE1-38DD-411E-A896-EB79084BBCC4@cisco.com> <DM6PR05MB6348326B0F72A009DB4F7746AEBE0@DM6PR05MB6348.namprd05.prod.outlook.com> <942AF8C7-079E-4C81-95AB-F07A182E8F19@employees.org> <DM6PR05MB63483621F4AD3DEACA6FAF35AEBE0@DM6PR05MB6348.namprd05.prod.outlook.com> <CALx6S35h261urCC8scgLP2mks_kZCf9Ov2oHsTK+wLqas0KXng@mail.gmail.com> <DM6PR05MB6348A8585DFA7CC2C8DED99AAEBF0@DM6PR05MB6348.namprd05.prod.outlook.com>
In-Reply-To: <DM6PR05MB6348A8585DFA7CC2C8DED99AAEBF0@DM6PR05MB6348.namprd05.prod.outlook.com>
From: Tom Herbert <tom@herbertland.com>
Date: Wed, 13 May 2020 09:29:25 -0700
Message-ID: <CALx6S35Z7C6wr9XXg5n2O2+rDbQD5JCxJu2Wo2L5KFgB6PQHNQ@mail.gmail.com>
Subject: Re: CRH and RH0
To: Ron Bonica <rbonica@juniper.net>
Cc: "otroan@employees.org" <otroan@employees.org>, 6man <6man@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/DQrEBAoLv89IwxzXD5ChK77sXYA>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 May 2020 16:29:53 -0000

On Wed, May 13, 2020 at 8:35 AM Ron Bonica <rbonica@juniper.net> wrote:
>
> Tom,
>
> CRH is unique in that it requires a CRH-FIB. However, it doesn't require an special control plane support. The CRH-FIB can be created:
>
> - by configuration (CLI)
> - by a controller
> - by a IGP
>

Ron

Each of those are examples of additional control plane functionality
that creates state that has to be disseminated through the network. In
contrast, if RFC6554 is used then the route list just expands to
simple IP addresses that can be routed using the normal FIB. If all
the user wants to do is route their packets through specific nodes in
the network then this seems like a perfectly good solution. If they
want to perform "network programming" then I suppose they might need
the additional complexity of SIDs.

> I would still argue that CRH is a "general purpose" solution because:
>
> - It is applicable in a wide variety of use-cases
> - It doesn't rely on anything other than IPv6 cannon (e.g., RFC 8200, RFC 4291) and what is specified in the CRH draft.
>
> It's just another tool in the IPv6 tool box.

I agree it's another tool in the tool box and it's a clean model, but
I still wish there was a mode where it could just work "out of the
box".

Tom

>
>                                                                                                          Ron
>
>
> Juniper Business Use Only
>
> -----Original Message-----
> From: Tom Herbert <tom@herbertland.com>
> Sent: Tuesday, May 12, 2020 10:29 PM
> To: Ron Bonica <rbonica@juniper.net>
> Cc: otroan@employees.org; 6man <6man@ietf.org>
> Subject: Re: CRH and RH0
>
> [External Email. Be cautious of content]
>
>
> On Tue, May 12, 2020 at 2:36 PM Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org> wrote:
> >
> > Ole, Darren,
> >
> > The CRH is a general purpose Routing header that operates inside of a network domain. In the sense that it is a general purpose routing header, it replaces RH0. In the sense that it is restricted to a network domain, it does not replace RH0.
>
> Ron,
>
> Not to nit-pick, but doesn't CRH require a specific control plane to be useful which would make it less than general purpose? I don't believe RH0 had such a requirement. Also there's the RH in RFC6554 that has a similar goal in compressing the addresses in the routing header, but doesn't seem to require additional control plane logic either. I think these might be worth referencing.
>
> Tom
> ..
> >
> > If adding these two sentences will cause you to support the draft, or at least not object to it, I will happily add them!
> >
> > Are these the only objections?
>
> It would seem the goals of CRH are very similar to RFC6554 in compressing the addresses in the routing header. I think this might be worth referencing.
> >
> >
> > Ron
> >
> >
> >
> > Juniper Business Use Only
> >
> > -----Original Message-----
> > From: otroan@employees.org <otroan@employees.org>
> > Sent: Tuesday, May 12, 2020 4:38 PM
> > To: Ron Bonica <rbonica@juniper.net>
> > Cc: Darren Dukes (ddukes) <ddukes@cisco.com>; 6man <6man@ietf.org>
> > Subject: Re: CRH and RH0
> >
> > [External Email. Be cautious of content]
> >
> >
> > Hi Ron,
> >
> >
> > > The answer to your question is a bit nuanced. My goals were to build a general purpose routing header that overcomes the RH0's limitations. Those being:
> > >
> > >       - Its size
> > >       - Its security issues
> > >
> > > Now, is that a replacement for RH0? In one way, yes. RH0 and CRH are both general purpose routing headers. In another sense, no. RH0 is meant to traverse network boundaries. But RFC 5095 taught us that letting routing header traverse network boundaries might not be a wonderful idea. So, CRH is restricted to a network domain.
> >
> > If CRH could be a RH0 replacement, you would have to show how the tag distribution mechanism would work across the Internet?
> > RH0 was supported in every IPv6 node, given the requirement for a tag->IPv6 address (or is it forwarding method) mapping, I can't quite see how that would be done in a general enough fashion for CRH?
> >
> > I don't think RFC5095 taught us that source routing cannot be done across the Internet.
> > In fact I don't see how the CRH draft prevents the RFC5095 attack to happen inside of the CRH limited domain.
> > Just send a packet with a list of tag#0, tag#1, tag#0, tag#1 and you have the same amplification attack.
> >
> > > And now I return to my original question. When engineering students read the CRH RFC in 25 years, will they really care what my motivation was? Why should we burden them with this detail?
> >
> > To the contrary. Take the motivations and intentions behind IPv6. We
> > have spent thousands of emails trying to decode what the original
> > intensions with EHs and their limitations were, why the minimum MTU
> > was 1280, recently I saw a thread about the reasons for why TTL/HL and
> > protocol/next header was swapped between v4 and v6. If your protocol
> > is successful, the original napkin it was designed on will become
> > legend. ;-)
> >
> > Best regards,
> > Ole
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests:
> > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/ipv6
> > __;!!NEt6yMaO-gk!VCsmnDZrlJb72chjZsxpFTzE3HDirD3f2dZKrrUJjn1YVZWUhae_u
> > jIzFjntGXzC$
> > --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email