IETF Logo Mail Archive

Re: END SID Without SRH

"Darren Dukes (ddukes)" <ddukes@cisco.com> Thu, 13 June 2019 16:34 UTC

Return-Path: <ddukes@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18DB2120118 for <ipv6@ietfa.amsl.com>; Thu, 13 Jun 2019 09:34:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=HlHF1AaS; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=B6e/GU9i
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MVsEOyf5hE4I for <ipv6@ietfa.amsl.com>; Thu, 13 Jun 2019 09:34:56 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8EAE1120047 for <ipv6@ietf.org>; Thu, 13 Jun 2019 09:34:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4730; q=dns/txt; s=iport; t=1560443696; x=1561653296; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=QotJExavQa0aiZVYs4kXyTcxSFfz6sioXlmoNeu3PJE=; b=HlHF1AaSsdxPDalXVcUnK0IPnGg2RExTnBa2ETYGHTcmPq+KHJoxpieV Dd7zPpDmO6/M1hwGUmDziSkTbfUJKXurLRWV1ZBeGjmKXLSR038Nka8u5 Ses0HIO7ah2kftM6bo3SMYVNk2qZ3fHdn3amMSvUirp0zZDvC8PiGXos6 E=;
IronPort-PHdr: 9a23:2SOjux2ePlS5Ys0VsmDT+zVfbzU7u7jyIg8e44YmjLQLaKm44pD+JxGOt+51ggrPWoPWo7JfhuzavrqoeFRI4I3J8RVgOIdJSwdDjMwXmwI6B8vQBUHmL/PxRyc7B89FElRi+iLzPA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0A1AADweQJd/5RdJa1lGwEBAQEDAQEBBwMBAQGBUwQBAQELAYE9UANqVSAECygKhAyDRwOOYoIyJYlDjXCBLhSBEANUCQEBAQwBARgLCgIBAYRAAheCMiM2Bw4BAwEBBAEBAgEEbRwMhUoBAQEBAgEBARAREQwBASwLAQQLAgEIGAICJgICAh8GCxUQAgQOBSKDAAGBagMODwECAQufbgKBOIhfcYExgnkBAQWFAQ0Lgg8DBoEMKAGEb4ZtF4FAP4ERJwwTgkw+ghpHAQGBLgESAR+DCjKCJotrgkqaXT4JAoIQjxNOg2sbgiYviluJfJYcjVECBAIEBQIOAQEFgVYELWdxcBU7KgGCQYIPDBeDTYUUhT9ygSmNSYEiAYEgAQE
X-IronPort-AV: E=Sophos;i="5.63,369,1557187200"; d="scan'208";a="562004917"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 13 Jun 2019 16:34:52 +0000
Received: from XCH-ALN-017.cisco.com (xch-aln-017.cisco.com [173.36.7.27]) by rcdn-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id x5DGYqsp006098 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 13 Jun 2019 16:34:52 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-ALN-017.cisco.com (173.36.7.27) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 13 Jun 2019 11:34:51 -0500
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 13 Jun 2019 11:34:51 -0500
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 13 Jun 2019 12:34:51 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QotJExavQa0aiZVYs4kXyTcxSFfz6sioXlmoNeu3PJE=; b=B6e/GU9iNFd/bgMHbIR9YCEldVd2jZWnEaS8kYxZpPsbi34X4wZCw49U1yB6tDjK21dQqSwuYX61M2KA4qfhnmuyTvgj6rmm5E2PA8OmDe5gcNFTxWcBeLexpWrptGvjrQjZGq2YnEEsXVRz3elHIRVG06lIMVXK/8AB+CPTh40=
Received: from DM6PR11MB3516.namprd11.prod.outlook.com (20.177.220.141) by DM6PR11MB2620.namprd11.prod.outlook.com (20.176.99.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1987.11; Thu, 13 Jun 2019 16:34:49 +0000
Received: from DM6PR11MB3516.namprd11.prod.outlook.com ([fe80::d59f:9fbe:1f8b:bac7]) by DM6PR11MB3516.namprd11.prod.outlook.com ([fe80::d59f:9fbe:1f8b:bac7%7]) with mapi id 15.20.1987.013; Thu, 13 Jun 2019 16:34:49 +0000
From: "Darren Dukes (ddukes)" <ddukes@cisco.com>
To: Tom Herbert <tom@herbertland.com>
CC: Mark Smith <markzzzsmith@gmail.com>, Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, 6man WG <ipv6@ietf.org>
Subject: Re: END SID Without SRH
Thread-Topic: END SID Without SRH
Thread-Index: AdUdO5q1Xl8r4Qz1TcuQQsHzUSUW9ADfn2IAAA2gNoAAAwk/gAAAY9aAABR63GAABjnxAAAN0AwAAAYzctgADeUugAAFSf78
Date: Thu, 13 Jun 2019 16:34:49 +0000
Message-ID: <C0BB3D1F-8B62-4076-ADDE-B53AC129D1E2@cisco.com>
References: <BYAPR05MB42456C75487CF9283A0ED1D0AE100@BYAPR05MB4245.namprd05.prod.outlook.com> <CAO42Z2y_D-xe+tX9n-KQYjnk5bkYXibO0Zs3E=JfAWWMZnJcSA@mail.gmail.com> <3030A68F-6CE1-4179-930C-D60BEB73063A@employees.org> <CAO42Z2yLkCRNXKp8KKnqh8VRRo6p1dx4h0-gyLBFZ=Jq0xQj2w@mail.gmail.com> <0C40BEFF-B050-40A1-BCB7-F76ADF18E3E0@employees.org> <BYAPR05MB42457C37AE7DC3F4CACC8FD7AEEC0@BYAPR05MB4245.namprd05.prod.outlook.com> <B254E985-A848-4FC4-868D-E2F04CF7E0DB@cisco.com> <CAO42Z2wXRe9XyMMVetzPMTY4Og=B=wQLz3LUVB0DFzRLL-BPQQ@mail.gmail.com> <07B7D3ED-55AC-4698-900A-E6828A1AAC20@cisco.com>, <CALx6S36Zm=EoqexPiZaeYhTmnbQ-UoE8teuTeqzw7Zc2UPN_CA@mail.gmail.com>
In-Reply-To: <CALx6S36Zm=EoqexPiZaeYhTmnbQ-UoE8teuTeqzw7Zc2UPN_CA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-CA
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ddukes@cisco.com;
x-originating-ip: [62.119.166.9]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 56fb9db4-89e8-4456-5255-08d6f01d0de2
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:DM6PR11MB2620;
x-ms-traffictypediagnostic: DM6PR11MB2620:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <DM6PR11MB262098ECDE85E8FD83458063C8EF0@DM6PR11MB2620.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6430;
x-forefront-prvs: 0067A8BA2A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(366004)(39860400002)(136003)(376002)(396003)(199004)(53754006)(189003)(81166006)(256004)(81156014)(14444005)(8676002)(8936002)(4326008)(6246003)(68736007)(86362001)(305945005)(6116002)(7736002)(3846002)(14454004)(316002)(54906003)(66066001)(966005)(2906002)(478600001)(25786009)(6916009)(486006)(5660300002)(99286004)(102836004)(33656002)(53546011)(229853002)(6506007)(11346002)(76176011)(91956017)(76116006)(73956011)(66946007)(446003)(66476007)(66556008)(64756008)(66446008)(36756003)(476003)(2616005)(3480700005)(53936002)(71190400001)(71200400001)(6436002)(186003)(26005)(6306002)(6486002)(6512007); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR11MB2620; H:DM6PR11MB3516.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 2NsX6fzGdonF88RAEWoyH4dZHoTA3PPEgK7iR6Vg840Cj7Mgp2BzSRzSYlR1sAd1WvnaWIzIs69mimkQW+f3fcdPJZ5O6E58QhAdzfo+xwWDJU/E7GNo2wwp8wXaN5G4IkR11HOnYygLdahn3INijwArxPy7Ywus0VV+gqovHuFxlLZ75K92xpr7W5uo8XypJHsjepawZPlV8od3iTD9NRMw3QLYlYoFG+F2wTtF2iuN7k7jpgn8ROJxNo9dPpbo8o+99pxjek41FCM+Sv0fCRvzGalTFLOE91TOUtIKB94PErJz9hKsrfBbZd3ln43XKmUsgKpXZXtjWULIDPXtWC7sFPu2XJSgFfO5S9WbGG0LNgmZbU33ci2BPGYEVg0OPGcGAYWg3oukppXR+qyA1xSNpiQUMx+GmwOYXzeWNRg=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 56fb9db4-89e8-4456-5255-08d6f01d0de2
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jun 2019 16:34:49.6847 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ddukes@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB2620
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.27, xch-aln-017.cisco.com
X-Outbound-Node: rcdn-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/HJ8hrSpQPRIu-3agRcmk9693dlA>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jun 2019 16:34:59 -0000

Read the last paragraph of 4.3.1.2. 

Darren

> On Jun 13, 2019, at 4:03 PM, Tom Herbert <tom@herbertland.com> wrote:
> 
>> On Thu, Jun 13, 2019 at 12:25 AM Darren Dukes (ddukes) <ddukes@cisco.com> wrote:
>> 
>> Mark.
>> 
>> You remember your SIDs in your SR domain come from a SID block you created, S/s (see section 5.1) and this destination address falls within that space.
>> 
>> You notice the destination sending an ICMP parameter problem error with a code that says “SR Upper-layer Header Error”.
>> 
>> This is how you tell the source is trying to talk to a destination address that doesn’t speak TCP.
>> 
> How is that any different than sending an ICMPv6 parameter problem
> error with code 1 that says “Unrecognized Next Header type
> encountered”?
> 
>> Darren
>> 
>> On Jun 13, 2019, at 6:28 AM, Mark Smith <markzzzsmith@gmail.com> wrote:
>> 
>> 
>> 
>>> On Thu., 13 Jun. 2019, 07:52 Darren Dukes (ddukes), <ddukes@cisco.com> wrote:
>>> 
>>> Hello everyone.
>>> 
>>> This document defines an SRH and a SID, and how that SID is processed.
>>> 
>>> I expect anyone "surprised" by this fact should have read this draft at some point:
>>> a - within the past 2 years; since this document has defined a SID and its processing.
>>> b - within the past 13 months; since section 4.3.1 specifically described discarding the packet based on upper layer header being processed.
>>> c - within the past 8 months; since the current version of 4.3.1.2 was updated with the new ICMP error code, published, and the WG was notified via email.
>>> 
>>> And recall section 3.1 defines a Source SR node as
>>>   "any node that originates an IPv6 packet with a
>>>   segment (i.e.  SRv6 SID) in the destination address of the IPv6
>>>   header.  The packet leaving the source SR Node may or may not contain
>>>   an SRH."
>>> 
>>> In other words, there is no surprise.
>> 
>> 
>> So one of the contexts I consider is sitting in front of a packet capture tool like Wireshark, and trying to troubleshoot a fault by looking at the packet.
>> 
>> For the packet Ron described, with no SRH header, there is nothing to distinguish it from a normal IPv6 packet. The fault would be that the packet contains a TCP header, yet TCP processing is not occurring.
>> 
>> The DA address in the packet might actually be a SID, but if it is coming from within the existing IPv6 unicast or multicast spaces, there is no indication of that.
>> 
>> This SR processing is failing the principle of least surprise. That failure can cause longer than necessary troubleshooting and longer customers' services impacts. A network's MTTR is negatively impacted.
>> 
>> Mandating that all packets to be SR processed have an SRH would prevent this problem. It would also be compliant with RFC 8200, because the processing to occur on the packet when it arrives at the device with the DA is explicitly encoded in the packet.
>> 
>> Without a formal SID address space, encoding functions to perform on a packet in addresses is ambiguous, implicit and when troubleshooting, non-obvious.
>> 
>> Regards,
>> Mark.
>> 
>>> 
>>> Darren.
>>> 
>>> 
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email