RE: Compatibility with SRH requirement (was Re: Adoption Call for "The IPv6 Compact Routing Header (CRH)")

James Guichard <james.n.guichard@futurewei.com> Sat, 30 May 2020 23:07 UTC

Return-Path: <james.n.guichard@futurewei.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CDF43A0B83 for <ipv6@ietfa.amsl.com>; Sat, 30 May 2020 16:07:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.089
X-Spam-Level:
X-Spam-Status: No, score=-2.089 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IogN7Jowl_6q for <ipv6@ietfa.amsl.com>; Sat, 30 May 2020 16:07:45 -0700 (PDT)
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2122.outbound.protection.outlook.com [40.107.237.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F39A3A08F8 for <ipv6@ietf.org>; Sat, 30 May 2020 16:07:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cfNuRgm67ZDVLDgn3LIRwIqjYfaAe4TC7e+QV5zBdkC5kz9tBVt8ztK37rLzUDnCNrvqx9Ufw/sX2W7F2L5N2u5szy2Gk+zPqAE2Cr5jnm8UKv4FKG3MZeDN578Fbz5p5a5YZme/jSj6j/g2O31nbBp8Ex9J7Sz9cCLsytgNSNWzC9NLXPigdJwSua3PFu2Mt4WJic2bH58fwoLtwuNQdsUNYp/6H1ujN0BjH4D2jsBcyGld7V8wISKiZ7SjNVHzJG1U9nvWI7ozexBwVLkcEtlL5v9umZxIKl/QTXIZIL2DDTX35DEXNzw2aQJzvQx4zSwzrl/svPxTCwWUhStmeQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=V76tszdHJfTuIeFxm95CX+Edu+aOa8yLfIeQg7eeH5Q=; b=e40TUriDT3gkAeVWbP8QpHw945o3H9hWHDBeHHxefo471x9aTgmLGFmpDdDS0q0SIstV8aykvK6gJxVUT1A2MV/kNndrp45NG0xqV4zP0tCLUmyEjKJOIDHEzGHcbEvz2nDibVkeJfLgsDzV51X/pDvj/LVnJfTMk0PCnoXNFRO47Nl55Jw1JRFPmycfIEZLbXj6Vl3eavxA17F/gKq2N6pSzvolWsJuw7HypoTfY2vlfraD+rFgf3Nthtc4R9o4s8TD66+T3oq6fXuLAJJOYz6BctrBFoxooWF4UmNQ8AgzJS8+EBXFReG8kcLhGzxcr0CVEQKfyeOFbjGhnt3DhQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=V76tszdHJfTuIeFxm95CX+Edu+aOa8yLfIeQg7eeH5Q=; b=m5jTW+dHC8E+XhTuYBmpKXxjtwGb0d4il5xkQma07knznyjhL3ec/ADuin9el2/s2bvIHhYHn6zxUMidxyHdV73swYhIdnDDIc0VduvCtPpdbb8O9jrYM/LWGqe1gmjxeHWwiZLZlogCqDOJrC3XUBbwfyGc72dFjCDLWsB0Ze4=
Received: from DM6PR13MB3066.namprd13.prod.outlook.com (2603:10b6:5:19d::18) by DM6PR13MB2972.namprd13.prod.outlook.com (2603:10b6:5:19a::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.8; Sat, 30 May 2020 23:07:42 +0000
Received: from DM6PR13MB3066.namprd13.prod.outlook.com ([fe80::a024:eb2c:7574:b7b7]) by DM6PR13MB3066.namprd13.prod.outlook.com ([fe80::a024:eb2c:7574:b7b7%7]) with mapi id 15.20.3066.010; Sat, 30 May 2020 23:07:42 +0000
From: James Guichard <james.n.guichard@futurewei.com>
To: "adrian@olddog.co.uk" <adrian@olddog.co.uk>, 'John Scudder' <jgs@juniper.net>
CC: 'Bob Hinden' <bob.hinden@gmail.com>, 'IPv6 List' <ipv6@ietf.org>
Subject: RE: Compatibility with SRH requirement (was Re: Adoption Call for "The IPv6 Compact Routing Header (CRH)")
Thread-Topic: Compatibility with SRH requirement (was Re: Adoption Call for "The IPv6 Compact Routing Header (CRH)")
Thread-Index: AQHWNfEATX3bCuA7zkOmiX+72amTKKi/kNEQgAAKSoCAAAMqUIAAEwYAgADy/aCAADa0gIAAJsBQgAAUXYCAABHLwIAAEgUAgAADyyA=
Date: Sat, 30 May 2020 23:07:42 +0000
Message-ID: <DM6PR13MB3066D9F605AE05C12B1218EBD28C0@DM6PR13MB3066.namprd13.prod.outlook.com>
References: <19D30186-B180-4F65-BF00-7AD07CEF3925@gmail.com> <C7C2E1C43D652C4E9E49FE7517C236CB02A53F3E@dggeml529-mbx.china.huawei.com> <CALx6S37UQa5rEAkz54N6S_POaduyUnS=ApN+qQGoepnm0=JdkA@mail.gmail.com> <DM6PR13MB306688749E076BDC84AB0023D28F0@DM6PR13MB3066.namprd13.prod.outlook.com> <CALx6S36stS3KSs1d+MxpPzDC4_Gb1N94NW=-gjGho-p9J_UwLw@mail.gmail.com> <DM6PR13MB3066CF17824590C766914C2ED28F0@DM6PR13MB3066.namprd13.prod.outlook.com> <CALx6S35Q7YfH-Widw1KmYv=7VzXF0FT7D=tPnW9huXOFJHEPjQ@mail.gmail.com> <DM6PR13MB30666079D88BC4A8CBF54BB1D28C0@DM6PR13MB3066.namprd13.prod.outlook.com> <CALx6S36va5ctnMi8uSwp1=e_2_jj6e8ftwPncen_EyxjYvdcCw@mail.gmail.com> <DM6PR13MB306694860DBDA60465449ACBD28C0@DM6PR13MB3066.namprd13.prod.outlook.com> <DA0B91AF-FAEB-411A-9F6B-8F84FEFE84D2@juniper.net> <DM6PR13MB30667DE45FCD26DFB9AE107FD28C0@DM6PR13MB3066.namprd13.prod.outlook.com> <006401d636d2$e7263040$b57290c0$@olddog.co.uk>
In-Reply-To: <006401d636d2$e7263040$b57290c0$@olddog.co.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: olddog.co.uk; dkim=none (message not signed) header.d=none; olddog.co.uk; dmarc=none action=none header.from=futurewei.com;
x-originating-ip: [47.14.47.233]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 370daec9-7b4a-4a7f-531f-08d804ee41ee
x-ms-traffictypediagnostic: DM6PR13MB2972:
x-microsoft-antispam-prvs: <DM6PR13MB29725191C6D474F256462EBED28C0@DM6PR13MB2972.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 041963B986
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: slRpT/H9x0hLVDoDlqQcJRR3Ot5YnuKlyN4XxpQQnC4GFRrVs67ECD4j/E4T3VmT82uMaTqNNaHSu0qOcxfa5a2v6OP5gAqjPkXwqUJ3hTNthxmzlXU0ZOULmIMW7RQlHK46ZphWXexypWq9LbdT5kS91ZumNkNtQ2Eyd28YOx1UTsjE+gVl5pCPamlMQi44mbKzoLvwQ6G3eHSzjh/Qbkx+rTEayPNWwg/svd3nr0uSyuZwUrXKws7VZGocu7p1t2k9LJ+YxUVhpHGF/TqCzuPwDEKc6mczziMChYkOLWT4tDOG8MrdleaGXnrja4itHAHMpYmNOyggKGRK9orW1g==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR13MB3066.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(346002)(376002)(366004)(136003)(39830400003)(396003)(6506007)(7696005)(83380400001)(55016002)(33656002)(8676002)(26005)(186003)(478600001)(66574014)(66946007)(316002)(71200400001)(9686003)(2906002)(53546011)(52536014)(5660300002)(76116006)(54906003)(64756008)(66446008)(9326002)(66476007)(86362001)(8936002)(66556008)(4326008)(110136005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: Ds12hyFNTb7LDKnydP0u23tCWAu39BkUdkDVKaIU1dTfPz5pQlTjbMQVZtHnersjuSG4CT4pHbCx4qQY9VR0Oj9jmu6ByUw3pStY+M3gnhTaqawlj1OM9Tc6RUgxnzXmEruv5zeY4FFUoytWI9moEIh9B3H8jephUr5kq2Qmjgyym0Vo4YkYlDkQ8rcffdetScOCqrKprh9lL/SZVAFOIZjOTo6nVwGZ+gQcmKhEkR6KL2jRW07iMrKIcGItD9AbzpxafT6ejNv4TNYSTcGOHommIX6g1Tiiq7dU7LLy3Yfr0KO5o5RlEJqTD8aS5e7eYcI4v+2ZMU29r8eESSeAh/xEmvbKFAqT3ucyRUyropdytSfSu1Cu9BY4jDJ92y5HVCNJcWd+XWPpTbMLyVQEa06HJ4DujixDG8oEkFvj/jIlRT6LHrGlCzs0mJKamLU8rw2XcDN7OAOIxqD6sl0IqLY8C30XKPvZxK4tqmoFFuY=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM6PR13MB3066D9F605AE05C12B1218EBD28C0DM6PR13MB3066namp_"
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 370daec9-7b4a-4a7f-531f-08d804ee41ee
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 May 2020 23:07:42.6161 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IXXroWcgTJs0K4yWvi1DqBqJHZLtgjLcoCU7E9xYbzBMDAKOFu4B7bjZfiR1y8nGJZIFi/7FyQSy+NHI36tnlQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR13MB2972
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/wFj9fpgvXXJaTm1dDpIEeQCJfYQ>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 May 2020 23:07:48 -0000

Hi Adrian,

Yes, it is the same argument. In the case that Tom described I was trying to show that of course undesirable things will happen if you send a G-SRH to a node that does not support compression but this should not happen if the policy is updated correctly to remove the downgraded node as it can no longer support the policy requirements. It is true that there is a timing window if you rely solely on the routing convergence. I suppose theoretically it is possible to downgrade the node and reboot it before everyone has had time to converge and remove the nodes compression capability state,  but you would have to be pretty darn nimble to beat the convergence time 8^); besides I would expect that like any maintenance task you would first want to take the node out of any existing policy *before* you downgraded it to not support compression.

Jim



From: Adrian Farrel <adrian@olddog.co.uk>
Sent: Saturday, May 30, 2020 6:37 PM
To: James Guichard <james.n.guichard@futurewei.com>om>; 'John Scudder' <jgs@juniper.net>
Cc: 'Bob Hinden' <bob.hinden@gmail.com>om>; 'IPv6 List' <ipv6@ietf.org>
Subject: RE: Compatibility with SRH requirement (was Re: Adoption Call for "The IPv6 Compact Routing Header (CRH)")

Hi Jim,

Isn’t this the MPLS argument? If you put the wrong label on a packet (at any point in its path) or if you forward it to the wrong next hop, then all bets are off. (Well, actually, there is a pretty good bet – the packet will be misdelivered.)

You are correctly saying that placing an incorrect ‘next hop’ address on a packet will result in it being delivered to the wrong next hop, and the next lookup will give undesired results because the context for the lookup is broken.

This is, of course, a problem with overlays and private address spaces. Just imagine if the wrong VRF identifier was used (in any form of VPN), or if the packet was tunnelled to the wrong PE. But does that stop us from using VPNs? No, it makes us be more careful with how we write the code.

Best,
Adrian

From: ipv6 <ipv6-bounces@ietf.org<mailto:ipv6-bounces@ietf.org>> On Behalf Of James Guichard
Sent: 30 May 2020 23:05
To: John Scudder <jgs@juniper.net<mailto:jgs@juniper.net>>
Cc: Bob Hinden <bob.hinden@gmail.com<mailto:bob.hinden@gmail.com>>; IPv6 List <ipv6@ietf.org<mailto:ipv6@ietf.org>>
Subject: RE: Compatibility with SRH requirement (was Re: Adoption Call for "The IPv6 Compact Routing Header (CRH)")

Hi John,

Let me try to make what I said clearer as you are right, I was not saying two nodes have the same address.

I was trying to point out that with any source routed solution you quite obviously need to make sure that you send the packets to the right nodes along the path specified by your policy and those nodes must support the functionality that you require for that path. Why? Because if you send a CRH packet to the *wrong* node and that node happens to have an identifier matching the one on the packet received, then it will do a lookup on that identifier and forward to the IP address resolved from the identifier -> IPv6 address mapping and that destination might not be the one you meant to send it to next on the path. Likewise, if you send a packet to the *wrong* node with G-SRH and that node does not support compression then this would be bad as well. Moral of the story I was trying to tell is don’t do that and in fact in practice it will not happen if the policy reflects the intent which in the case Tom was talking about would mean that the original node should no longer be in the policy as the policy should have been updated when the node was lost from the topology.

Jim



From: John Scudder <jgs@juniper.net<mailto:jgs@juniper.net>>
Sent: Saturday, May 30, 2020 4:29 PM
To: James Guichard <james.n.guichard@futurewei.com<mailto:james.n.guichard@futurewei.com>>
Cc: Tom Herbert <tom@herbertland.com<mailto:tom@herbertland.com>>; Bob Hinden <bob.hinden@gmail.com<mailto:bob.hinden@gmail.com>>; IPv6 List <ipv6@ietf.org<mailto:ipv6@ietf.org>>
Subject: Re: Compatibility with SRH requirement (was Re: Adoption Call for "The IPv6 Compact Routing Header (CRH)")

Jim,

On May 30, 2020, at 3:46 PM, James Guichard <james.n.guichard@futurewei.com<mailto:james.n.guichard@futurewei.com>> wrote:

Further, in normal operation of any source routed solution you will need to make sure that packets end up at the right nodes as nasty things might happen if you don’t - this is actually especially bad with CRH as far as I can tell as if you send a packet to the wrong node and it happens to have a local identifier the same as the incoming packet its going to use that local CRH-FIB entry and send the packet to some IPv6 destination that was not the intended recipient.

I think you’re mistaken, or at least the situation you describe is far more pathological than the one Tom described and you’re dismissing. Consider that in order for what you say to happen, the incoming packet would have to have, as its destination address, an address of the “wrong node”. You can’t just send the packet out the wrong interface and have its CRH identifier misconstrued by any old router that touches it, the DA has to identify the node that receives it.

So now, by definition, you’re saying that two different nodes in the same network have the same (non link-local, also by definition) address. That’s a broken network, of course it’s doing broken things. Alternately, you didn’t mean to say that, and are mistaken about CRH processing.

—John