IETF Logo Mail Archive

Re: [IPv6] Subject: Mandating SRH when using C-SIDs (draft-ietf-spring-srv6-srh-compression)

Tom Herbert <tom@herbertland.com> Thu, 04 April 2024 15:00 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AD82C14CE40 for <ipv6@ietfa.amsl.com>; Thu, 4 Apr 2024 08:00:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fRE5gCQLiIaW for <ipv6@ietfa.amsl.com>; Thu, 4 Apr 2024 08:00:18 -0700 (PDT)
Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03390C15155B for <ipv6@ietf.org>; Thu, 4 Apr 2024 08:00:14 -0700 (PDT)
Received: by mail-lf1-x131.google.com with SMTP id 2adb3069b0e04-516bf5a145aso1372159e87.1 for <ipv6@ietf.org>; Thu, 04 Apr 2024 08:00:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland.com; s=google; t=1712242812; x=1712847612; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=RsIcUE8m0Ce7DtXh09E9Lji4+7u6NdF368UUtWzprE0=; b=IuyPQSj7+87iv4noNVvjmM7mRsVfrChWae8sgTkSLzm2clFcFhrhGZtYu6BvC94AXT NFPk/O6OuIc2vn/tdcMfk8o/1uKhKGaB/2UTG+es2PqbUuOusUma4LEqWOzphY4nA02H oM1K8N2es1+DOuAwIaxkMUthgghzoO9PhvzbYDMMnEiqruN5DfAtruzpftPAgd7Rynp9 UfchNSf0m+HG+8YkZEW2czcWN2Yww3FuibEUFrQDZv0z4hJ6DxAtmSrTL/cGcr46Z9LW f3bRc5oYbEX0GW8VjYhT+F9hE8Lz1ATemA/DsObBI6edRXFn/LYGZZ44liEXTSjEF0Kw OuEg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712242812; x=1712847612; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=RsIcUE8m0Ce7DtXh09E9Lji4+7u6NdF368UUtWzprE0=; b=m/WXrkyNgoChwGknPVntiHD+ItRHK5fl7ieQSnNmicfsJUKp+4ke3KUnioXDeDvXFs Qj2b0DaaIMmldZPmKoe9LGvOGLzgTTTlrhGsbbC4+uCloInBj+6f7jLIZzP8xkqACoik lkvrVPGFL4Is2prjQ/dfd5gxM/VrcdVcuI0JTPGrrRYE+j3rgwp0n8qhZ4OOoUWFvlES 31Udt4BWenjwY63OYelYKWF8zjQgL/6pBoMMUhDkWkbHK1JLQYF9GhFXD8aa9fk7eeUe FTbtOrSrPzyTZ+xmM4CaB5Lct7gcYRYYwNs19P3DrZHRGeShC0f3r3g4i2JKtO/EPHJB Gtxw==
X-Forwarded-Encrypted: i=1; AJvYcCW4gknwXVP53Zz7fq+XKSbzRsJl3tEZMqBmog7ma97YC3kugo0n/zALzQ1CFSsg3UrZTT7KoWW38oOr51wo
X-Gm-Message-State: AOJu0YzoQxB7NkoOZPsbFmxcB3iWDAcvnPkG4MDI3ti84bteWLkG3pX5 bNo9/4KS2lw39dsflH9/HwB3zbOwP5hAcUPuBsTknFdBVmwUPRz2l3AeyDcPHBhZFrU8bTcNOWA oa4+j06jQYTQDlsCyngS6EEhYwXvvBtZ1defi
X-Google-Smtp-Source: AGHT+IGqMMLE6BRUr0RY4w4CpaAmUAfI6NdB3dTeZBhJc3VbIEvJuZ24yYbAOJ7BPYJ1urfKNdqJpcjrxz2lbPiU3DA=
X-Received: by 2002:ac2:59dc:0:b0:516:be3e:57a1 with SMTP id x28-20020ac259dc000000b00516be3e57a1mr1903947lfn.66.1712242812107; Thu, 04 Apr 2024 08:00:12 -0700 (PDT)
MIME-Version: 1.0
References: <CAMMESszUUdDw-xnDtZKqz75g6SXZ+7mXtZujBKwN+hxypC-Kuw@mail.gmail.com> <CAMMESswF_NnpK7_xk9OXmmocU8P7pne0gmPjCkapXEQVfQA2zQ@mail.gmail.com> <CAHT6gR--Qw7W0ZqyfdEupTpLAjeJ5OLTTjzM6NvQ87zdizgb8Q@mail.gmail.com> <CAO42Z2xHNgzhmgC6mPrauSQZ6Q4mcgD_FOp_uWqRpz=pFwa7_w@mail.gmail.com> <CAHT6gR-q9B60fcvT7nTfErS8M+hUm+x8zoez0KkYiPtTthaYYg@mail.gmail.com>
In-Reply-To: <CAHT6gR-q9B60fcvT7nTfErS8M+hUm+x8zoez0KkYiPtTthaYYg@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 04 Apr 2024 10:59:59 -0400
Message-ID: <CALx6S348-_7Xx8VsbdMpK3WLhprCWzx_hs-MQEPFdKtY8MMhrQ@mail.gmail.com>
To: Francois Clad <fclad.ietf@gmail.com>
Cc: Mark Smith <markzzzsmith@gmail.com>, spring-chairs@ietf.org, SPRING WG List <spring@ietf.org>, 6man <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000095e6410615469883"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/ITrWCunrZ-1hfBgQzVPhBJJb7fM>
Subject: Re: [IPv6] Subject: Mandating SRH when using C-SIDs (draft-ietf-spring-srv6-srh-compression)
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2024 15:00:21 -0000

On Thu, Apr 4, 2024, 9:39 AM Francois Clad <fclad.ietf@gmail.com> wrote:

> Hi Mark,
>
> Tcpdump/wireshark decodes the IPv6 header just fine. I do not see any
> issue here.
>

Francois,

The problem is that tcpdump can't tell that a packet is an SR packet if
there's no SRH. For instance, if the checksum is not maintained to be
correct in the wire then tcpdump will show that the packet has a bad L4
checksum, but there's no way to tell if that is an SR packet or if the
checksum is actually bad. This will make debugging checksum failures in the
network much more difficult, and this affects our ability to debug all
traffic not just SR packets.

Tom


> Cheers,
> Francois
>
> On 4 Apr 2024 at 14:09:43, Mark Smith <markzzzsmith@gmail.com> wrote:
>
>>
>>
>> On Thu, 4 Apr 2024, 22:50 Francois Clad, <fclad.ietf@gmail.com> wrote:
>>
>>> Hi Alvaro, all,
>>>
>>> RFC 8754 allows the SR source node to omit the SRH when it contains
>>> redundant information with what is already carried in the base IPv6 header.
>>> Mandating its presence for C-SID does not resolve any problem because it
>>> will not provide any extra information to the nodes along the packet path.
>>>
>>
>> How are troubleshooting tools like 'tcpdump' going to know how to
>> automatically decode these packets as SRv6 packets if there is no SRH?
>>
>>
>>
>>> Specifically for the case of middleboxes attempting to verify the
>>> upper-layer checksum,
>>>
>>>    - An SRv6-unaware middlebox will not be able to verify the
>>>    upper-layer checksum of SRv6 packets in flight, regardless of whether an
>>>    SRH is present or not.
>>>    - An SRv6 and C-SID aware middlebox will be able to find the
>>>    ultimate DA and verify the upper-layer checksum in flight, regardless of
>>>    whether an SRH is present or not.
>>>
>>>
>>> Furthermore, transit nodes (e.g., middleboxes) should not attempt to
>>> identify SRv6 traffic based on the presence of the SRH, because they will
>>> miss a significant portion of it: all the best-effort or Flex-Algo traffic
>>> steered with a single segment may not include an SRH, even without C-SID.
>>> Instead, RFC 8402, 8754, and 8986 define identification rules based on the
>>> SRv6 SID block.
>>>
>>> Thanks,
>>> Francois
>>>
>>>
>>> On 2 Apr 2024 at 19:44:51, Alvaro Retana <aretana.ietf@gmail.com> wrote:
>>>
>>>> [Moving this conversation up on your mailbox. :-) ]
>>>>
>>>> [Thanks, Robert and Tom for your input!]
>>>>
>>>>
>>>> We want to hear from more of you, including the authors. Even if you
>>>> already expressed your opinion in a different thread, please chime in here.
>>>>
>>>> We will collect feedback until the end of this week.
>>>>
>>>> Thanks!
>>>>
>>>> Alvaro.
>>>>
>>>> On March 28, 2024 at 8:06:18 AM, Alvaro Retana (aretana.ietf@gmail.com)
>>>> wrote:
>>>>
>>>>
>>>> Focusing on the C-SID draft, some have suggested requiring the presence
>>>> of the SRH whenever C-SIDs are used. Please discuss whether that is the
>>>> desired behavior (or not) -- please be specific when debating the benefits
>>>> or consequences of either behavior.
>>>>
>>>> Please keep the related (but independent) discussion of requiring the
>>>> SRH whenever SRv6 is used separate. This larger topic may impact several
>>>> documents and is better handled in a different thread (with 6man and spring
>>>> included).
>>>>
>>>> Thanks!
>>>>
>>>> Alvaro
>>>> -- for spring-chairs
>>>>
>>>> --------------------------------------------------------------------
>>>> IETF IPv6 working group mailing list
>>>> ipv6@ietf.org
>>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>>> --------------------------------------------------------------------
>>>>
>>> --------------------------------------------------------------------
>>> IETF IPv6 working group mailing list
>>> ipv6@ietf.org
>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>> --------------------------------------------------------------------
>>>
>> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email