IETF Logo Mail Archive

Re: New Version Notification for draft-voyer-6man-extension-header-insertion-07.txt

Mark Smith <markzzzsmith@gmail.com> Mon, 23 September 2019 07:09 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3C9512011A; Mon, 23 Sep 2019 00:09:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.499
X-Spam-Level:
X-Spam-Status: No, score=-0.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kl7bHPlt6nub; Mon, 23 Sep 2019 00:09:11 -0700 (PDT)
Received: from mail-ot1-x336.google.com (mail-ot1-x336.google.com [IPv6:2607:f8b0:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAC13120114; Mon, 23 Sep 2019 00:09:11 -0700 (PDT)
Received: by mail-ot1-x336.google.com with SMTP id z6so11204643otb.2; Mon, 23 Sep 2019 00:09:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=tbUAiMyKC5JYJSCwCDRRrOzmwaj4lNdx7f8gDYWd+4U=; b=HI27HbU0rSi8op75SaweiCgVnIAMG5FclZEAlumBNMNXKfBoy1rzVamC4784uY3ZPH pqspr81ijWXTXPo/hrAIk3iU+1eyxMdQVxkGEz4YKwCnnFG1LmClbrQVMcU+Ti5vm6J8 OPsTXV1iO7wDPbIC3cFCTH3E+tR0TpCz7FQQNF/IpcNXSq8zA2NiUsluQY0CMZ+tyAGp 2B8bNOgOgdnqzhPtZXyEGNUPb/YZi7zPyNXMBKOIVeiW7sHHsqX2NOBvT5Awc4H5MnzK S6IPJWSQnmbFpDgGum61OD/+QTVJM/XfHGF56M2mRlOCHOU5EQld0Xn8/hY8SQFKsIXf maqw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=tbUAiMyKC5JYJSCwCDRRrOzmwaj4lNdx7f8gDYWd+4U=; b=cqmo+8n13Tc/L38WawGBVOVDwmAtzZ3tE+xLBGvN/eadQ/XPI07vIg2CGAutjd9/dv TxLq4NlOmwoPxkK1EgwzyxhR0zgVZV+ypIZsAyULFT/Q6H5//XgDgBPXPpiFhX38oqn1 KR3HBMGccpTNvMvlitrXSioCkTlmmfixErjy0mWU40Tsz6atClC/dNbPW4mutf/Yp0FD hKUzd+Ba3x+vQT7HeK9lkQR0ghagT8PwqrbGLJ0/8I8OxctWjBnuevLiInxmcKR8qlMt upmRDp9CBvqrdKxyHgPPeyy3LRV8+Q3jQzEkoWGNX3gLNJMQdhO3JIgZs4WpKyC0FqF1 rACQ==
X-Gm-Message-State: APjAAAXllNN5Y/WVPM65t5rLMoULZQiKlSaE/ofSHAb7//U6MEW5mKcg HKKPKXvE84IfEclZ7ikvJ1WFdhQ8DxRWntlMJCo=
X-Google-Smtp-Source: APXvYqwC/rtOk+E1HGynoTCcE6jf3RgJlj/AFLnssAnwiQT8aIRkv48O3MWBN8ylNTfWP3i1IcRfj4OgtlPf+t8/yc4=
X-Received: by 2002:a05:6830:18b:: with SMTP id q11mr20801853ota.94.1569222550945; Mon, 23 Sep 2019 00:09:10 -0700 (PDT)
MIME-Version: 1.0
References: <156903961357.5092.16907354634703727132.idtracker@ietfa.amsl.com> <21D937AA-0B27-4E8D-BB6E-99452F72AC30@cisco.com> <CALx6S35Mehd_LUMt_gL=nr_B29vTND4KfYjjiiPtBaj_JjyWFQ@mail.gmail.com> <CAO42Z2wncc3Gtgeb1cWJ-kqDHJVdsf7vR+_BH3tXXjw0ZPR=ZA@mail.gmail.com> <CA+b+ERkv6dEpCHKMnVrk=u82ZQjm5roBrJY+5qYRUad46-gGkw@mail.gmail.com>
In-Reply-To: <CA+b+ERkv6dEpCHKMnVrk=u82ZQjm5roBrJY+5qYRUad46-gGkw@mail.gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Mon, 23 Sep 2019 17:08:44 +1000
Message-ID: <CAO42Z2y60ot4nXfuKdGTYU6fDD184Vma5j8X2k=MgdawE_mYvw@mail.gmail.com>
Subject: Re: New Version Notification for draft-voyer-6man-extension-header-insertion-07.txt
To: Robert Raszuk <rraszuk@gmail.com>
Cc: Tom Herbert <tom@herbertland.com>, SPRING WG <spring@ietf.org>, 6man <6man@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/DfzGXwyRp5APaVBhiPooGr6B0-I>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Sep 2019 07:09:13 -0000

On Sun, 22 Sep 2019 at 23:52, Robert Raszuk <rraszuk@gmail.com> wrote:
>
> Hey Mark,
>
>
>>
>> The entire use of the word "insertion" is incorrect if the ID is now only proposing encapsulation/tunnelling to carry transit traffic across the SR domain.
>
>
> That is not what the discussed draft says. The draft proposes encapsulation on ingress edge of the domain, decapsulation on the egress edge of the domain AND freedom of insertion, deletion (and IMHO also it should also add modification) of any SRH(s) within the encapsulated header at any point in the domain. Yes there can be more then one SRH per current notion of the draft too during the protection.
>

Sigh, now you're inserting into the outer IPv6 packet. Still not allowed.

I'm getting off of this merry go around. I can't spend any more time on this.

This Internet Draft is a denial of service attack on the 6man working
group, exhausting resources that could be better spent elsewhere.

This ID has been submitted now 7 times, and despite how many times it
has been pointed out that EH insertion is prohibited, how RFC 8200 has
been specifically updated to be more explicit about it, how many times
I and others have pointed out the protocol, practical and operational
problems it causes, that is being ignored.

I'm not going to point out how CRH/SRv6 complies with RFC 8200. It
does, and if you don't understand how, then you'll need to read RFC
8200 more thoroughly.

>>  The new outgoing segment tunnel header would have the local device as its source address, providing attribution.
>
>
> Who told you that ?
>
> Just please read network programming draft and you see that "swapping" source address is never the case at segment end points:
>
> Quote:
>
>       Node 8 originates packets with the received SRH with HMAC TLV.
>
>    P15:(A8,S5)(A9,S6,S7,S5;SL=3;HMAC)
>
>    Node 5 receives and verifies the HMAC for the SRH, then forwards the
>    packet to the next segment
>
>    P16:(A8,S7)(A9,S6,S7,S5;SL=2;HMAC)
>
>    Node 6 receives
>
>    P17:(A8,S6)(A9,S6,S7,S5;SL=1;HMAC)
>
>    Node 9 receives
>
>    P18:(A8,A9)(A9,S6,S7,S5;SL=0;HMAC)
>
>
>
> Please notice that encapsulated packet by A8 has source address of A8. And that never changes through the entire domain !
>
>
> Are you now questioning the entire concept of SRv6 architecture ?
>
>
> Just FYI all documents describing SRv6+ architecture and CRH also do not swap source address at segment end nodes.
>
>
> Ref draft-bonica-6man-comp-rtg-hdr-07 - Appendix A where src 2001:db8::a never changes.
>
>
>> This model is entirely compliant with RFC 8200, and as tunnels end points are hosts using RFC 8200's definitions, host EHs such as Destination Option, or AH and ESP can be used in an RFC 8200 compliant manner.
>
>
> See the issue you are missing is that even if one would follow strictly to what you are recommending in SRv6 it is still not possible to enable TI-LFA with SR in the domain as you can not just treat each PLR as Segment End node.
>
> Of course I guess you can question if TI-LFA with SRv6 is something IPv6 want to support with SR - but as there is some demand I guess more rationale is required then just say "No".  And of course using SRH is one way to encode TE topology for TI-LFA. There are other options too, but for now this discussion is about use of SRv6 technology to achieve that.
>
> Kind regards,
> R.
>

v2.23.0 | Report a Bug | By Email