IETF Logo Mail Archive

Re: 6man w.g. last call for <draft-ietf-6man-segment-routing-header-11.txt>

"Darren Dukes (ddukes)" <ddukes@cisco.com> Thu, 05 April 2018 19:39 UTC

Return-Path: <ddukes@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BFDD126CD6 for <ipv6@ietfa.amsl.com>; Thu, 5 Apr 2018 12:39:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id apbQ2z4nzUkM for <ipv6@ietfa.amsl.com>; Thu, 5 Apr 2018 12:39:01 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0949F120713 for <ipv6@ietf.org>; Thu, 5 Apr 2018 12:39:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11426; q=dns/txt; s=iport; t=1522957141; x=1524166741; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=2pdZ0Y2O+hQVMtk5WkgqD4JRmQtUU5VOk4vJI9EQplU=; b=FO17B16COezke0hPyIYHpq7QF5xz81oEjyvbBSqzN8pKO29jozoBNNW1 TK8OCgG64hF3/dmyXxoLvfF5r5jMb4PYZtVSvxBT7v6SqqoEabZ5z/3pu S3/1xHyBtOJ8BgX0yC/+QdwhrrYS+j8vR65WsmqjiZOuvJuob1ScA02xQ A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DJAAB5esZa/5JdJa1dGQEBAQEBAQEBAQEBAQcBAQEBAYNCYW8oCoNViACNCYF0gQ+GYYt0gXoLGAuEYAIagiAhNBgBAgEBAQEBAQJsHAyFIgEBAQECAQEBGwYROgsFBwQCAQgOAwQBAQECAiYCAgIfBgsVCAgCBA4FhHUDDQgPrBGCHIcLDYErgiAFgQmGYYFUP4EugmKCT0IBAYFcgwAwgiQChyWPbywIAosygn2BMosLhymCLYYGAhETAYEkARw4gVJwFToqAYIYixCFPm+MBAGBFgEB
X-IronPort-AV: E=Sophos;i="5.48,412,1517875200"; d="scan'208";a="94255645"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Apr 2018 19:39:00 +0000
Received: from XCH-RCD-020.cisco.com (xch-rcd-020.cisco.com [173.37.102.30]) by rcdn-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id w35Jd0aM007650 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 5 Apr 2018 19:39:00 GMT
Received: from xch-aln-017.cisco.com (173.36.7.27) by XCH-RCD-020.cisco.com (173.37.102.30) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 5 Apr 2018 14:38:59 -0500
Received: from xch-aln-017.cisco.com ([173.36.7.27]) by XCH-ALN-017.cisco.com ([173.36.7.27]) with mapi id 15.00.1320.000; Thu, 5 Apr 2018 14:38:59 -0500
From: "Darren Dukes (ddukes)" <ddukes@cisco.com>
To: Ron Bonica <rbonica@juniper.net>
CC: stefano previdi <stefano@previdi.net>, IPv6 List <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
Subject: Re: 6man w.g. last call for <draft-ietf-6man-segment-routing-header-11.txt>
Thread-Topic: 6man w.g. last call for <draft-ietf-6man-segment-routing-header-11.txt>
Thread-Index: AQHTzRW+Bnv5oBZzcEaU5LXabTbPYQ==
Date: Thu, 05 Apr 2018 19:38:59 +0000
Message-ID: <11D3A431-705F-49F8-8F8B-F0668B9289B8@cisco.com>
References: <20160428004904.25189.43047.idtracker@ietfa.amsl.com> <FB1C6E49-81F7-49DD-8E8B-2C0C4735071B@gmail.com> <SN6PR05MB424035B6FECB0057676067B1AEA40@SN6PR05MB4240.namprd05.prod.outlook.com> <87EAF1D7-FC8A-4661-990E-ECCF4AA7C12E@previdi.net> <SN6PR05MB42406D76603C4D7E1B3BE321AEBB0@SN6PR05MB4240.namprd05.prod.outlook.com>
In-Reply-To: <SN6PR05MB42406D76603C4D7E1B3BE321AEBB0@SN6PR05MB4240.namprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [161.44.192.95]
Content-Type: text/plain; charset="utf-8"
Content-ID: <D02F277488D6C84CB6E3DF694EB8326B@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/HoCM-npATBq_PdSlc3Asa5qTCPM>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Apr 2018 19:39:03 -0000

Hi Ron, I’m glad you’re feeling a bit better.

Your analysis of SL is not correct.  Both 2460, 8200 and SRH say the same thing for SL==0 but you’re getting stuck on what 'the index, in the Segment List, of the next segment to inspect’ means.

Using the same example from 2460 section 4.4 but modifying for the Segment List[] defined in SRH.

 As the packet travels from S to I1:
        Source Address = S                  Hdr Ext Len = 6
        Destination Address = I1            Segments Left = 3
                                            Segment List[0] = D
                                            Segment List[1] = I3
                                            Segment List[2] = I2
                                            Segment List[3] = I1
   As the packet travels from I1 to I2:
        Source Address = S                  Hdr Ext Len = 6
        Destination Address = I2            Segments Left = 2
                                            Segment List[0] = D
                                            Segment List[1] = I3
                                            Segment List[2] = I2
                                            Segment List[3] = I1
  As the packet travels from I2 to I3:
        Source Address = S                  Hdr Ext Len = 6
        Destination Address = I3            Segments Left = 1
                                            Segment List[0] = D
                                            Segment List[1] = I3
                                            Segment List[2] = I2
                                            Segment List[3] = I1
   As the packet travels from I3 to D:
        Source Address = S                  Hdr Ext Len = 6
        Destination Address = D             Segments Left = 0
                                            Segment List[0] = D
                                            Segment List[1] = I3
                                            Segment List[2] = I2
                                            Segment List[3] = I1
SL always points to the "next segment to inspect", that segment is also in the Destination Address. 
For example between I1 and I2, the next segment to inspect is I2, the SL==2 which is the index in Segment List of I2.  
The same is true for I3 to D where SL==0, the next segment to inspect is D, but the SRH need not be processed because SL==0.

Section 4.1 of SRH shows this quite clearly in its description of the END function where SL is decremented then the Segment at SRH[SL] is used to update the Destination Address.
1. IF SegmentsLeft > 0 THEN
2.    decrement SL
3.    update the IPv6 DA with SRH[SL]
4.    FIB lookup on updated DA
5.    forward accordingly to the matched entry
8.  ELSE
7.    drop the packet


I hope this clears up the confusion.

Darren

> On Apr 5, 2018, at 2:44 PM, Ron Bonica <rbonica@juniper.net> wrote:
> 
> Hi Stephano,
> 
> I'm glad you asked this question. RFC 8200 and draft-ietf-6man-segment-routing-header define Segments Left (SL) differently. The difference is a bit subtle and took me a few readings to catch.
> 
> RFC 8200 defines SL as follows:
> 
> "8-bit unsigned integer.  Number of route  segments remaining, i.e., number of explicitly listed intermediate nodes still to be visited before reaching the final destination."
> 
> Therefore, if a packet arrives at a node and the following conditions are true, the node skips over the Routing Extension Header and processes the next header:
> 
> - The packets IPv6 Destination address is local to the node
> - The packet contains a Routing Extension Header
> - The SL value in the Routing Extension Header is equal to 0
> 
> In RFC 2460, Routing Extension Type RH0 was compliant with this behavior. The description of RHO (RFC 2460, Section 4.4) explains how RH0 used to process SL, offering pseudocode and an example. Between the publication of RFC 2460 and RFC 8200, RHO was deprecated for other reasons. Therefore, the detailed example of SL handling was not brought forward into RFC 8200.
> 
> But even though this example was not brought forward into RFC 8200, it explains why RFC 8200 says:
> 
> "If, while processing a received packet, a node encounters a Routing header with an unrecognized Routing Type value, the required behavior of the node depends on the value of the Segments Left field, as  follows:
> 
> If Segments Left is zero, the node must ignore the Routing header and proceed to process the next header in the packet, whose type is identified by the Next Header field in the Routing header.
> 
> If Segments Left is non-zero, the node must discard the packet and  send an ICMP Parameter Problem, Code 0, message to the packet's Source Address, pointing to the unrecognized Routing Type."
> 
> This is because an SL value of 0 means that the Routing Extension Header has already been completely processed by upstream nodes. Even if the node recognized the Routing Type, it still would skip over it.
> 
> By contrast, draft-ietf-6man-segment-routing header defines the Segments Left as follows:
> 
> "Defined in [RFC8200], it contains the index, in the Segment List, of the next segment to inspect.  Segments Left  is decremented at each segment.
> 
> Therefore, if a packet arrives at a node and the following conditions are true, the node processes Segment[0]:
> 
> - The packets IPv6 Destination address is local to the node
> - The packet contains a Routing Extension Header
> - The SL value in the Routing Extension Header is equal to 0
> 
> This is different from the behavior described in RFC 8200 and 2460. It also raises two questions:
> 
> - If the node doesn't recognize SRH, is it safe to ignore the SRH, as recommended by RFC 8200
> - If the node does recognize SRH and the segment requires decapsulation and forwarding, are Extension Headers that follow SRH (e.g. Fragment, Destination Options) ignored?
> 
>                                                             Ron
> 
> 
>> -----Original Message-----
>> From: stefano previdi <stefano@previdi.net>
>> Sent: Thursday, April 5, 2018 5:30 AM
>> To: Ron Bonica <rbonica@juniper.net>
>> Cc: Bob Hinden <bob.hinden@gmail.com>; IPv6 List <ipv6@ietf.org>
>> Subject: Re: 6man w.g. last call for <draft-ietf-6man-segment-routing-
>> header-11.txt>
>> 
>> Ron,
>> 
>> on comment 5:
>> 
>> 
>>> Section 2.2 SRv6 Segment (Comment 5)
>>> 
>>> According to RFC 8200:
>>> 
>>> "If, while processing a received packet, a node encounters a Routing
>> header with an unrecognized Routing Type value, the required behavior of
>> the node depends on the value of the Segments Left field, as follows:
>>> 
>>> -  If Segments Left is zero, the node must ignore the Routing header and
>> proceed to process the next header in the packet, whose type is identified
>> by the Next Header field in the Routing header.
>>> 
>>> -  If Segments Left is non-zero, the node must discard the packet and send
>> an ICMP Parameter Problem, Code 0, message to the packet's Source
>> Address, pointing to the unrecognized Routing Type."
>>> 
>>> This is safe, so long as all Routing Extension Types use SL == 0  to indicate
>> that the Routing Extension Header has been completely processed. It is may
>> not be safe when SL == 0 means that one more segment needs to be
>> processed.
>>> 
>>> In the SRH, SL == 0 indicates that one more segment needs to be
>> processed.
>> 
>> 
>> sorry, I don’t understand.
>> 
>> Can you point me the text in draft-ietf-6man-segment-routing-header that
>> states that ?
>> 
>> If it’s the case it should be obviously corrected.
>> 
>> SL==0 means the packet is traveling within the last segment.
>> 
>> draft-ietf-6man-segment-routing-header does not modify the semantic of
>> “Segments Left”.
>> 
>> It does modify the way segment list is encoded (that’s one of the reason it’s
>> a different routing header type) but not the "Segments Left” field semantic.
>> 
>> s.
>> 
>> 
>> 
>> 
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email