More specific DA text in the Routing Header section of RFC 8200

Mark Smith <markzzzsmith@gmail.com> Sat, 07 March 2020 04:28 UTC

MIME-Version: 1.0
From: Mark Smith <markzzzsmith@gmail.com>
Date: Sat, 07 Mar 2020 15:28:03 +1100
Message-ID: <CAO42Z2zbgPzMhZ0DnxZ5OsxXN3+B0d7Qxz7dK=SgAVGskvgiiQ@mail.gmail.com>
Subject: More specific DA text in the Routing Header section of RFC 8200
To: James Guichard <james.n.guichard@futurewei.com>
Cc: "bruno.decraene" <bruno.decraene@orange.com>, Fernando Gont <fgont@si6networks.com>, SPRING WG List <spring@ietf.org>, "6man@ietf.org" <6man@ietf.org>, draft-ietf-spring-srv6-network-programming <draft-ietf-spring-srv6-network-programming@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/HwsWyi1lpiV_W7gYQfDZywKaGCU>
Precedence: list

Hi Jim,

On Sat, 7 Mar 2020 at 01:31, James Guichard
<james.n.guichard@futurewei.com> wrote:
>
> Hi Mark,
>
> With all due respect, from what I have read, I do not see how SPRING, or the authors of the network programming draft are interpreting the "intent" of the text in RFC8200. The text as written is very clear; there is no interpretation needed other than reading the plain English which clearly says the node identified in the Destination Address field of the IPv6 header may process, insert, or delete Extension headers (other than Hop-by-Hop Options header).

I would agree that this text is reading as though EH processing can
occur when the packet arrives at any DA:

"Extension headers (except for the Hop-by-Hop Options header) are not
   processed, inserted, or deleted by any node along a packet's delivery
   path, until the packet reaches the node (or each of the set of nodes,
   in the case of multicast) identified in the Destination Address field
   of the IPv6 header."

However, we're also taking about a routing header, and in RFC 8200
there is a distinction between intermediate DAs and final DAs in that
section.

"The Routing header is used by an IPv6 source to list one or more
   intermediate nodes to be "visited" on the way to a packet's
   destination.  This function is very similar to IPv4's Loose Source
   and Record Route option.  The Routing header is identified by a Next
   Header value of 43 in the immediately preceding header and has the
   following format:"

If the earlier text is referring to all DAs regardless (intermediate
or final), then I think it can imply that intermediate node addresses
in an RH can be multicast DAs ("or each of the set of nodes, in the
case of multicast").

I can't think of a good use for multicast intermediate nodes in an RH,
and I think it would make the RFC5095 RH0 oscillation type of attack
worse because there is now potential multicast packet duplication
involved as well.

So if the original assumption was that intermediate node DAs were
always unicast addresses, or we came to consensus that RH Intermediate
Node DAs must be unicast addresses, then the earlier less specific DA
text, saying "(or each of the set of nodes, in the case of
multicast)", can really only be referring to the final DA, not
intermediate ones.

I appreciate people might disagree with me (although I think they're
then saying that multicast intermediate node DAs are fine), however
it's an example of where there is ambiguity that needs to be cleaned
up and where Routing Header text might be indirectly providing clarity
on where the more general EH processing text applies.

RFC 8200 probably needs a review of all uses of the term "Destination
Address" to determine and specify in each instance if it is unicast,
multicast, both and/or intermediate, final, or any DAs.

Regards,
Mark.

> It seems to me to set a very bad precedence if we now expect non-authors of an original Internet standard to have to interpret the intent of the original authors rather than simply read the text as published, especially in the case of an Internet standard.
>
> Respectfully,
>
> Jim
> -----Original Message-----
> From: ipv6 <ipv6-bounces@ietf.org> On Behalf Of Mark Smith
> Sent: Friday, March 06, 2020 1:32 AM
> To: bruno.decraene <bruno.decraene@orange.com>
> Cc: Fernando Gont <fgont@si6networks.com>; SPRING WG List <spring@ietf.org>; 6man@ietf.org; draft-ietf-spring-srv6-network-programming <draft-ietf-spring-srv6-network-programming@ietf.org>
> Subject: Who is the design ultimate authority over IPv6? (Re: [spring] WGLC - draft-ietf-spring-srv6-network-programming)
>
> On Thu, 12 Dec 2019 at 05:37, <bruno.decraene@orange.com> wrote:
> >
> > Fernando,
> <snip>
> >
> > - Read the mailing list and you will see that everyone do not share your opinion. So at least one person is wrong. I think that it would help if everyone, including you, could consider that they/you _may_ be wrong, at least to better understand the comments been made by others.  And possibly the text from RFC 8200 is not clear, but this is what we have. And this is the text to use to support the claim that this text is violated.
>
> The final interpretation and intent of text in RFC8200 should be up to 6man, not SPRING, when there is ambiguity and dispute, as 6man is the ultimate design authority for IPv6.
>
> RFC5704, "Uncoordinated Protocol Development Considered Harmful":
>
> " In particular, the
>    IAB considers it an essential principle of the protocol development
>    process that only one SDO maintains design authority for a given
>    protocol, with that SDO having ultimate authority over the allocation
>    of protocol parameter code-points and over defining the intended
>    semantics, interpretation, and actions associated with those code-
>    points."
>
> IETF WGs would qualify as standards development organisations.
>
> Those of us in 6man during the clarifications in this area of RFC8200 know the intent. It was specifically about modification of the EH chain, and was in response to the 'draft-voyer-6man-extension-header-insertion' Internet Draft.
>
>
>
>
>
>
> > - Why have _you_ filled an errata against RFC 8200, in order to change
> > the technical content of this section, if you don't agree that one may
> > red " Destination Address field of the IPv6 header" as the IPv6
> > address present in the Destination Address field of the IPv6 header
> > been received by the End node (or even sent by the source node)
> > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> > rfc-editor.org%2Ferrata%2Feid5933&amp;data=02%7C01%7Cjames.n.guichard%
> > 40futurewei.com%7C3a9e583a99324ab04a0708d7c19825be%7C0fee8ff2a3b240189
> > c753a1d5591fedc%7C1%7C0%7C637190731541021508&amp;sdata=bybICm4YFIPalNf
> > qYea%2FEGXVl5sYj6cRSd0VXZsnpww%3D&amp;reserved=0
> >
> > > > At minimum, I think that we can agree that there is another reading, as expressed by other WG participants, and hence I disagree with "of course".
> > >
> > > No, I argue that there is not.IN fact, I argue that folks have been
> > > following that strategy for way too long, and that's quite frustrating.
> > >
> > >
> > >
> > > > Personally, I understand "Destination Address" as "Destination Address field of the IPv6 header." as indicated explicitly in the text quoted.
> > >
> > > The quoted text is from RFC8200. In the context of RFC8200 the
> > > Destination Address can only contain the ultimate destination of the
> > > packet. Where's the ambiguity?
> > >
> > > And let me ask you, as chair, another question, that will lead you
> > > to the same place: is IPv6 and end to end protocol?
> >
> > That's not a question for a spring chair to answer.
> > I'm reading the sentence in RFC8200. If we can't agree on the meaning of this explicit sentence, I don't think that discussing philosophical r religious question is going to help.
> >
> > > The fact that I may claim that RFC8200 contains a receipe for BBQ
> > > does not actually mean that that's the case.
> >
> > You do realize that your above sentence also applies to yourself? So how is this helping to progress?
> > Can we please focus on the RFC8200 sentence?  I'm really trying to understand your point.
> > Let's stick to the texts of documents.
> >
> >
> > >
> > > > I'm fine with having this clarified with 6MAND chairs and AD. That been said, the Internet AD would have an opportunity to DISCUSS this.
> > >
> > > For the record, I think this is a major issue that should be cleared
> > > before it can be claimed that there is consensus to request
> > > publication of this document.
> >
> > OK, this is recorded.
> > >
> > >
> > > >
> > > >> does not specify any routing header type, and hence the meaning
> > > >> is unambiguous (there's no destination other than the final
> > > >> destination of the packet).
> > > >>
> > > >> This is of course in line with IPv6 being and end-to-end
> > > >> protocol, and crucial for other related mechanisms to work as
> > > >> expected (such as IPsec AH). Please also check: draft-smith-6man-in-flight-eh-insertion-harmful.
> > > >>
> > > >> So, in order to proceed with the document, there are multiple
> > > >> options
> > > >> forward:
> > > >>
> > > >> 1) Just remove the corresponding text/behavior
> > > >
> > > > That is indeed one option. But as of today, this is not my assumption.
> > > >
> > > >> 2) Implement a similar mechanism in an RFC8200-compliant manner
> > > >> (e.g.,
> > > >> re-encap)
> > > >
> > > > SRH insert is out of scope of this specification. So yes, IPv6 encaps is used.
> > > > We are talking SRH removal. I'm assuming that you are referring to PSP. My understanding is that this function (PSP) is to distribute the (forwarding plane) load between the PSP and the USP. In a way similar to MPLS PHP. But in all cases, this is not about SRH insertion.
> > >
> > > It's about SRH removal, which is also forbiden by RFC8200.
> > >
> > >
> > >
> > >
> > > >> 3) Do the necessary standards work to update RFC8200, such that
> > > >> it allows this sort of behavior, and only ship the
> > > >> network-programming draft for publication when at least 6man has
> > > >> consensus to proceed on that path.
> > > >
> > > > Not the preferred path as of today.
> > >
> > > Yes, it should be evident that it seems the preferred path has been
> > > (starting with EH insertion at the time) to circumvent existing
> > > specifications.
> > >
> > >
> > >
> > > >
> > > >> P.S.: I will go through the document once again... but the same
> > > >> reasoning should be applied to any EH-insertion/removal at a
> > > >> place other than the source of the packet or its final destination.
> > > >
> > > > It looks to me that SRH insertion and SRH removal are to be treated differently.
> > >
> > > I don't see how or why.
> >
> > SRH insertion is done by a node, on the path, which is not the destination of the IPv6 addresses.
> > SRH removal is done by a node which is receiving the packet because it's IPv6 address is in the destination of the IPv6 packet.
> >
> > > Both violate the same requirement in RFC8200.
> >
> > We are not having a conversation, so let's not repeats the same point again and again.
> >
> > Your opinion has been noted. So does opinions on this same point expressed by other wg participants.
> >
> > >
> > >
> > >
> > > Thanks,
> > > --
> > > Fernando Gont
> > > SI6 Networks
> > > e-mail: fgont@si6networks.com
> > > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
> > >
> > >
> > >
> > >
> >
> > ______________________________________________________________________
> > ___________________________________________________
> >
> > Ce message et ses pieces jointes peuvent contenir des informations
> > confidentielles ou privilegiees et ne doivent donc pas etre diffuses,
> > exploites ou copies sans autorisation. Si vous avez recu ce message
> > par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
> >
> > This message and its attachments may contain confidential or
> > privileged information that may be protected by law; they should not be distributed, used or copied without authorisation.
> > If you have received this email in error, please notify the sender and delete this message and its attachments.
> > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> > Thank you.
> >
> > _______________________________________________
> > spring mailing list
> > spring@ietf.org
> > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> > ietf.org%2Fmailman%2Flistinfo%2Fspring&amp;data=02%7C01%7Cjames.n.guic
> > hard%40futurewei.com%7C3a9e583a99324ab04a0708d7c19825be%7C0fee8ff2a3b2
> > 40189c753a1d5591fedc%7C1%7C0%7C637190731541021508&amp;sdata=scW9s5WS7z
> > 1ndZyX3iYNT4ktjv9HcmXOQzuS47rQCWY%3D&amp;reserved=0
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fipv6&amp;data=02%7C01%7Cjames.n.guichard%40futurewei.com%7C3a9e583a99324ab04a0708d7c19825be%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637190731541021508&amp;sdata=YfIWJd%2FvZpVd1c%2BNukB4O5YmBVZrx2oAmW1wv7JE9PE%3D&amp;reserved=0
> --------------------------------------------------------------------

More specific DA text in the Routing Header secti… Mark Smith