IETF Logo Mail Archive

RE: Per segment service instructions

Ron Bonica <rbonica@juniper.net> Fri, 13 September 2019 18:10 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 461A312011C; Fri, 13 Sep 2019 11:10:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bCHINR7sAujQ; Fri, 13 Sep 2019 11:10:10 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42F0F120110; Fri, 13 Sep 2019 11:10:10 -0700 (PDT)
Received: from pps.filterd (m0108163.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x8DHx2nl007611; Fri, 13 Sep 2019 11:10:06 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=wnvVIJQqVoj7MgU5hbGkIz0xwIObsrnWAoz81fZHT/c=; b=mkaoFdTEehhJhjbauBhumXL+hDyz9nKhBm57MOc45tStM92QEtYTw5Hnrrv/Tbf+3sXW S3lGPs4SVBxIzgWfsbs0/UH/7zmNzTr/nb7aheNSYaqpJS9CL62yGHAPrp5NeOfCHAfz Uxz4lZboUb6pUz1v8HaDEeWIhkzaRemn4LeBrMHu7cLq7WneQkJRPCSe8M8tKsb7XL9M 6muMc50u3BckkTsN4hYpkZHVq2r/5IdkOra4zl0XjywpUg2/pM7+msYU1y1lwg1JpU1j d8PwsFF0+svp9D34+SkbUkvkKUH7bUs+IyMuVFq7eIdjGCwMMm13jO1EgM+giY4BtRNg KQ==
Received: from nam04-bn3-obe.outbound.protection.outlook.com (mail-bn3nam04lp2054.outbound.protection.outlook.com [104.47.46.54]) by mx0b-00273201.pphosted.com with ESMTP id 2uytd8tasq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 13 Sep 2019 11:10:06 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=m+meBuud8h2kvGb5D4jvcUSQGGXlCiPHwnuEBYRtK0ACMi+/0We52HkTV14SBQCOtg5T+Vj6z8vIhXA6vfSQYp7FQPJr5wV9gMYBRNC2RCH4uBmrAsGac24CN4iUf5RbEd7JKNyktCb2SQdmEeJMBPhERHWqvQCOBzgtg83EQOP6e6JD9nGW79nNnzxYRUHiMLcVP5EYZa9GyAs8ytcN4R6gMPluDSorrPmLiiD6W43lEQ0K6baydPeePqmPmM+El4mYfTZtPsEonIuMQPylTvzwfKLGZZ22cvttL3HLYWDoFDTd4LJRSDAcUr6AkALfy2PyV/IAXE4k6xm1rIJqPw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wnvVIJQqVoj7MgU5hbGkIz0xwIObsrnWAoz81fZHT/c=; b=YukgpQgV2TopsfNTau/icVsetRtlLYlWUmiDLMT/TmF45VfxniICIeUxApAwrBvxRYSrDbF/kcj0x+1sZrlDNPukpj2Zy1ZIVKMukAi8avA6qQeU7eGv+UatogEMstP3duVeTI0+BHDW+vv4hq3WmPvb55kFoXwEzPpQHv0VgrIdleMuasjSUi7wwQWvF1voYU3oSjzSyNBf5jTTfNlvtdPLkYKSRVgHxyH9O9AOmZrr0huIEKUVjmpM5hmXtWfkvv+rYkrmRvqem3N+uUBcqfOcEN3c5l26CnmDwJyr/kyVsuIZbIn1Mcr7vIZKSV0Qx9oG7vWXUGiaD/2sTFqOLQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
Received: from BYAPR05MB5463.namprd05.prod.outlook.com (20.177.185.144) by BYAPR05MB5365.namprd05.prod.outlook.com (20.177.127.218) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.13; Fri, 13 Sep 2019 18:10:05 +0000
Received: from BYAPR05MB5463.namprd05.prod.outlook.com ([fe80::f4f2:f284:d49a:890a]) by BYAPR05MB5463.namprd05.prod.outlook.com ([fe80::f4f2:f284:d49a:890a%4]) with mapi id 15.20.2263.018; Fri, 13 Sep 2019 18:10:05 +0000
From: Ron Bonica <rbonica@juniper.net>
To: Robert Raszuk <robert@raszuk.net>
CC: SPRING WG <spring@ietf.org>, 6man <6man@ietf.org>
Subject: RE: Per segment service instructions
Thread-Topic: Per segment service instructions
Thread-Index: AQHVajEYS2weFKJF3EitAzpmuLLhaqcp5taw
Content-Class:
Date: Fri, 13 Sep 2019 18:10:04 +0000
Message-ID: <BYAPR05MB5463FF952118009D5A996997AEB30@BYAPR05MB5463.namprd05.prod.outlook.com>
References: <CAOj+MMG7ZavvdDN3meoxe3TbJa2BoRnQknmfoYH=416KsT-3WA@mail.gmail.com>
In-Reply-To: <CAOj+MMG7ZavvdDN3meoxe3TbJa2BoRnQknmfoYH=416KsT-3WA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=True; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Owner=rbonica@juniper.net; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2019-09-13T18:10:03.5219790Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=Juniper Business Use Only; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Application=Microsoft Azure Information Protection; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=d7004a0c-dbb1-4167-b384-eed81c48c809; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Extended_MSFT_Method=Automatic
dlp-product: dlpe-windows
dlp-version: 11.2.0.14
dlp-reaction: no-action
x-originating-ip: [66.129.241.11]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b496307c-93b2-4fa3-c04f-08d738759a82
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600166)(711020)(4605104)(1401327)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:BYAPR05MB5365;
x-ms-traffictypediagnostic: BYAPR05MB5365:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <BYAPR05MB5365320EDF43BB68CA195885AEB30@BYAPR05MB5365.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:2958;
x-forefront-prvs: 0159AC2B97
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(396003)(366004)(136003)(346002)(39860400002)(376002)(199004)(189003)(86362001)(6436002)(52536014)(54906003)(14454004)(25786009)(478600001)(4326008)(66476007)(71190400001)(316002)(66446008)(64756008)(71200400001)(66946007)(66556008)(486006)(7696005)(76176011)(99286004)(6246003)(256004)(476003)(102836004)(6506007)(11346002)(446003)(33656002)(229853002)(53546011)(26005)(74316002)(7736002)(2906002)(6916009)(81166006)(8676002)(8936002)(186003)(81156014)(6306002)(54896002)(6116002)(3846002)(9686003)(55016002)(790700001)(76116006)(5660300002)(53936002)(66066001)(3480700005); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR05MB5365; H:BYAPR05MB5463.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: drTZwNSxn6HNsfILuBBrH4eq43QKhORlG+Peb39GJWT8Bb02EygtE4c3eGw0m2I/dofs2GeZkSt8lHlOKQeWu0+zhVm1BBCqMwzqk/tXxsZXBma9VP39W7MdvGGm71Ob4zTS6/A2KzojModURgVSzfLUje9ydwIUbEhBexFl6YoIw2FK9QI/i7H7BfE8UmlFdomUJrCLQU8TZ/UB9eYbe7Hrkp+lFr/WKD5F3/sUU2WMEcAUv3em5qiJ1cFyhZOgz5IUChefINShQvpfpNOpY80AY7x40WumJAGVlYiQg40iPniJnaw53KOpDiBg48EgBPKHkGvsnqr9FbFXvMjoYjBeDe7/rAM1ChzsxyN7l9guuHygMZqHQO7gqQpRScwb7hYAF7jQRjQkIb3copNdAf175OsZFbQa3M54zoGiofg=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BYAPR05MB5463FF952118009D5A996997AEB30BYAPR05MB5463namp_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: b496307c-93b2-4fa3-c04f-08d738759a82
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Sep 2019 18:10:04.9344 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 6Q9WlHsfJI6a5EgBypIro2YbLe6TAwPEtLQelUWjGN6NLYOoa4zxLur8T/hrVNP0Leu8e5gJLiCSEGishBL5zw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB5365
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.70,1.0.8 definitions=2019-09-13_08:2019-09-11,2019-09-13 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 adultscore=0 bulkscore=0 impostorscore=0 clxscore=1015 suspectscore=0 lowpriorityscore=0 mlxlogscore=999 spamscore=0 phishscore=0 priorityscore=1501 malwarescore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1908290000 definitions=main-1909130184
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/LtA1Sy02dcvd7NjYZn5V2hG26UY>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Sep 2019 18:10:14 -0000

Robert,

In your email, you ask how I would solve a TE problem with a Per Segment Service Instruction (PSSI). In SRv6+:


  *   The CRH and the SIDs that it contains are used to solve TE problems
  *   The PSSI is used too provide non-routing services (e.g., firewalling, sampling, DPI)

This leaves the following questions to be answered:


  *   How would I solve the TE problem that you describe in your email?
  *   Given another example, explain how PSSI works?

Which question would you like me to tackle first?

                                                                    Ron


From: Robert Raszuk <robert@raszuk.net>
Sent: Friday, September 13, 2019 8:45 AM
To: Ron Bonica <rbonica@juniper.net>
Cc: SPRING WG <spring@ietf.org>; 6man <6man@ietf.org>
Subject: Per segment service instructions

Dear Ron,

I have read yet one more draft from the SRv6+ package defining another Destination Option type - this time Per Segment Service Instruction(s) described in draft-bonica-6man-seg-end-opt

I have one technical question regarding it.

Imagine I have following topology - drawing only what is relevant to the question:

PE1 - - P1 - - SE1 - - P2 - -  SE2 - - P3 - - PE2

When packet enters the network PE1 is instructed to program my flow A to execute following following functions on Segment End 1 (SE1) and Segment End 2 (SE2):

SE1 - When packet is routed out of SE1 consider only interfaces of bw 10G and up

SE2 - When packet is routed out of SE2 make sure that path to segment end node is no more then 2 hops away.

>From reading the draft I think the answer is that you mandated the segment end functions in SRv6+ to have domain-wide significance such that the function itself contains not only the instruction but also as it is of domain-wide significance the location of the instruction to execute it on.

So far so good ... Flow-A get's CRH and PSSI encoding the above requirement.

When packet enters SE1 Destination Options preceding RH is read and PSSIs are attempted to get executed ! Both instructions are tried but only one is known so only one get's executed on SE1. Same story on SE2.

Not sure if eveyone would be ok with such model to read and attempt to execute instructions which are not for a given end segment but let's assume some may accept it.

But now how unfortunate it may sound PE1 is receving the flow-B and for flow B the requirements are opposite:

SE1 - When packet is routed out of SE1 make sure that path to segment end node is no more then 2 hops away.

SE2 - When packet is routed out of SE2 consider only interfaces of bw 10G and up.

Well what do you - simple - you allocate another two domain wide functions and encode it in the packet at PSSI DOH on PE1.

But if my description matches the plan you now end up with per flow !!! state in the network which is the price to pay for splitting SIDs with its functions into completely different headers.

I don't know about others but I think we went in the past via multiple attempts to put any per flow state into the large network and it all failed when faced scale.

Also SR specifically in its architecture RFC8402 says that segment routing is "maintaining per-flow state only at the ingress node(s) to the SR domain."

Kind regards,
Robert.



Juniper Business Use Only

v2.23.0 | Report a Bug | By Email