IETF Logo Mail Archive

Re: We don't seem to be following our processes (Re: Network Programming - Penultimate Segment Popping)

Brian E Carpenter <brian.e.carpenter@gmail.com> Fri, 06 December 2019 20:55 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92F6612006E for <ipv6@ietfa.amsl.com>; Fri, 6 Dec 2019 12:55:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JD9yoc03hv3E for <ipv6@ietfa.amsl.com>; Fri, 6 Dec 2019 12:55:28 -0800 (PST)
Received: from mail-pl1-x631.google.com (mail-pl1-x631.google.com [IPv6:2607:f8b0:4864:20::631]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62EA612006B for <ipv6@ietf.org>; Fri, 6 Dec 2019 12:55:28 -0800 (PST)
Received: by mail-pl1-x631.google.com with SMTP id k20so3210064pls.3 for <ipv6@ietf.org>; Fri, 06 Dec 2019 12:55:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=3d0z3tcg+JduyAQUNhSWizwH2l7be+VkZx7ToXcWj4s=; b=TQ356ZI97j7u+VflFK2veacNH9obd2b7FWn6ahUeNnSS448cHoafZ3NnIjhs0K+ZXr aOMduiRoJUa1vd6x9O9f1ejJtnWeslj6/xuRnYjZpTTV6+ueV5v7XSku2YAUlcCBJXyu oEhcBzZfP3KpDiSJNMvMPZYNwMMxW9k3Qj8zjaXNZ/cJHeZsp1p/0OZtlCrcg6Eiys6r SRdpIVOoxSOtO2xBfDcs6oW1WlYJPOqRX1yakzFTRDvUBR5ZSG/YiysfK5qTtkYe7cV1 //DbVLzAJn4iwc0oBN1tZ5RMtPRkaO5D0gvTdW80YnPMj6eTQP1wY0yo25WiOqQZTgVt U0Gw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=3d0z3tcg+JduyAQUNhSWizwH2l7be+VkZx7ToXcWj4s=; b=Nuly5FJYdhHXZ42WfgndqimaTBG7HYm8KI5RJYU5VL88bpSd8dq7FPjoN1MSWthTUI IQVEud3BIf9myC94YpJ62TRRYRHHXOOyU8NoyPBkXamtzmHTjb61yTmvyV8Ooie9sv55 rhrzfqtqB3gHx/bpwQzdPQ+4yrDLO2RJxqXubrWdmtrjxW7vRkAb/oitYgAK9ZWzlfv/ kkiCYS9tNifhxf8Y4pmTEvZr7R7qyKpfcVQYXO8DhAkp7V5LBk6H0eUOekiqV93aTj5w j9jz8uamROI8gg+jyePSNZl3iUaQviFOzNSPlzu/MAAqGdzcv2WqxRgR0uv5jF3Xf6o4 Zjeg==
X-Gm-Message-State: APjAAAUaJoLwgTT4/A3+Dy8KZmJD26PxCuSXmOmM2zZNq1Wi8FTdKP7d Odmo0FL+2lH/yxa9xrbwmrOa7xfW
X-Google-Smtp-Source: APXvYqxoHFa1R0/VD8Dghpie2cOgtGmXptf3rpqT/qjyk13V8i/Wo0Fw4awwu4MSeV2Hss7K5QfiCA==
X-Received: by 2002:a17:902:ba82:: with SMTP id k2mr17022590pls.238.1575665727438; Fri, 06 Dec 2019 12:55:27 -0800 (PST)
Received: from [192.168.178.30] (228.147.69.111.dynamic.snap.net.nz. [111.69.147.228]) by smtp.gmail.com with ESMTPSA id i9sm13474601pfd.166.2019.12.06.12.55.25 for <ipv6@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 06 Dec 2019 12:55:26 -0800 (PST)
Subject: Re: We don't seem to be following our processes (Re: Network Programming - Penultimate Segment Popping)
To: ipv6@ietf.org
References: <BN7PR05MB56998A05469327E759B5B671AE5D0@BN7PR05MB5699.namprd05.prod.outlook.com> <3AD3BD11-8C34-41FE-B88F-49A9F2561D78@cisco.com> <BN7PR05MB569946D6AA5C6B78AFC05F6BAE5C0@BN7PR05MB5699.namprd05.prod.outlook.com> <8DEDE597-B7B0-48F5-959E-69757315C2AC@employees.org> <BN7PR05MB56996FFC117F512EEA04AFC8AE5C0@BN7PR05MB5699.namprd05.prod.outlook.com> <4FAB68A3-C533-471D-94D0-3F6EB1F32FC1@employees.org> <1e36a492-5931-02de-cf85-63339522b13a@si6networks.com> <F6DD2C7C-DBBF-4B48-B890-3C86005FB9CF@employees.org> <bb3be82d-8ea7-6c29-ad0a-61b491ee997d@si6networks.com> <8A9BC46E-A018-41C0-BE47-4BABC30EFE79@employees.org> <20191205222740.GA9637@ernw.de> <C7BCB0CF-1CA3-4CA8-9E71-13A013955938@employees.org> <430da027-07a7-42f9-60d0-bbb3f3306222@joelhalpern.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <7c8494a7-9d3c-bd0e-953e-b6dfbb5c5512@gmail.com>
Date: Sat, 07 Dec 2019 09:55:24 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <430da027-07a7-42f9-60d0-bbb3f3306222@joelhalpern.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/H_IvY4MidGEWR6iraz77EtwwXgg>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Dec 2019 20:55:31 -0000

Joel,

On 07-Dec-19 04:09, Joel M. Halpern wrote:
> Ole, there is no IETF accepted definition of "limited domain".
> There is no IETF rough consensus that it is sensible for us to 
> standardize things for "limtied domains".

That's correct, and that's exactly why the "limited domains" draft
was submitted to the Independent Stream. It is a fact, documented in
that draft, that quite a lot of chartered IETF work is directed at
limited domains.

> While there are standards that are designed for specific deployments, 
> they do not to date use that as an excuse to violate existing RFCs.

I'm not sure that statement is literally 100% correct, because some instances
may well have passed unnoticed or without controversy. SRH insertion
has not tried to pass unnoticed, and has become controversial.
 
> Hence, as far as I can tell, the assertion that SRv6 is for limited 
> domains does not justify or excuse violating RFC 8200.  And "I want to 
> save some bytes", while very nice, is not a sufficient reason to violate 
> an approved RFC, must less a Full Standard.

On the other hand, running code in a variety of real and deployed
products is something that we have a long tradition of documenting for
informational purposes. RFC1094 or RFC3954 for example.

Regards
   Brian

> 
> Yours,
> Joel
> 
> On 12/6/2019 3:34 AM, otroan@employees.org wrote:
>> Enno,
>>
>>>>> comply with it. The onus is on them, not on us asking folks to comply
>>>>> with existing standards.
>>>>
>>>> Yes, we have heard your position on this now.
>>>> There is of course a lot more nuance to this argument.
>>>
>>> could you please explain said 'nuance' in more detail?
>>
>> I could try, although I fear it will be a rehash of what has already been said many times already in this debate.
>>
>> The IETF and the Internet architecture has a pugnacious relationship with packet mangling in the network.
>> Steve embodied the Internet architeure principles in the IPv6 protocol suite.
>> The IPv6 architecture consists only of routers and hosts (no middleboxes).
>> Ensuring that routers would not need to process further into the packet than the IPv6 header, and ensure that extension header chains were expensive to parse in hardware. As well as requiring all implementations to support IPsec. Knowing that encryption was the only way to guarantee end to end transparency.
>>
>> Now, contrast that with the "real world", I challenge you to find a service on the Internet where the packet isn't mangled in some way between the two end-points. Be that IPv4 or IPv6.
>>
>> The problems with header insertion on the open Internet are well understood.
>>
>> That's not what is being discussed here though.
>> What is discussed here is what is acceptable to do within a limited domain.
>> To packets that _you_ own, i.e. originate and terminate within a domain where you control all devices.
>>
>> If I own and manage three routers, R1 -- R2 -- R3.
>> You are saying that if R1 sends a packet to R3, it is not allowed to off-load some functions to R2?
>> Going to be difficult to do stuff like service chaining then.
>>
>> When putting in the restrictions in RFC8200, which makes a lot of sense on the open Internet, it was always clear that there could and would be exceptions to this. Those are the ones we are discussing now.
>>
>> Conflating the two use cases and claiming that the arguments for why it's a bad idea on the open Internet also applies to a limited domain, only serves to polarise the debate.
>>
>> My suspicion is that the header insertion argument is a straw-man.
>>
>> Best regards,
>> Ole
>>
>>
>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>>
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email