IETF Logo Mail Archive

Re: Segment Routing Drafts

Brian E Carpenter <brian.e.carpenter@gmail.com> Sat, 02 March 2019 00:23 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59F32130FBA for <ipv6@ietfa.amsl.com>; Fri, 1 Mar 2019 16:23:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JM1jQzLV8tRm for <ipv6@ietfa.amsl.com>; Fri, 1 Mar 2019 16:23:13 -0800 (PST)
Received: from mail-pg1-x52e.google.com (mail-pg1-x52e.google.com [IPv6:2607:f8b0:4864:20::52e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA672130E7A for <ipv6@ietf.org>; Fri, 1 Mar 2019 16:23:13 -0800 (PST)
Received: by mail-pg1-x52e.google.com with SMTP id h8so11684521pgp.6 for <ipv6@ietf.org>; Fri, 01 Mar 2019 16:23:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=qwMGMrkMPLD8L3uOM+0qPKKuK0JrCbpzzq2x8rxn6rQ=; b=AadCszkGD/8eJuSAhTYBDhTr8q3XHDEHTDQEBj4xFst+MMkFdmXq/eyF7vdqlr1G2l bziE/uxWUmgKf+tMt2X9kpzX5iN6uWl4jj/Lmq1NNrE/YWiv7yAtwlmi4+X6REELbYZ1 4Z9W6b1rKNPdVuykrl1B1/ChCrqzUKj7McXwmKzNiT76nuw/PCaJmEG8r+h0/t5vyGtR 4HphaZb30qPc84pezaoDZf7OiEYWAhzpGpgL95V7RNFRLLiw+Si8BfZhmBX32eoFOzIK 2cEmbffBnRgTZN+G5Wcz/VWalGfYMJ+gU0nxkd7mi0wBTkDG2Cgxxv97+VyeYCLkL+iD U0RQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=qwMGMrkMPLD8L3uOM+0qPKKuK0JrCbpzzq2x8rxn6rQ=; b=rRZGXVxITDka42gxtQad1UAX+93+Z5C8i8j5s75KO9WmGGvJJpZTE6HpdAnaWatvQt HIfZdcUiFbVETt8ufXJ6RaKIFGrLtKphueybbaslj0JnnUc1g8XT1XjWpMLwVXLX/OvY 5hendq4sjSA4YE+nmNgLxYCWefS1kDP+HyIIt90ZMDfEvW+GCBU1jtRfLIsz5FZsEW7C 4PWeDhxIRoipvKvINb+5Pgut0y1hwC0XPkQ9nhoc98zxxro8+hK5a7+nkEiuo3GcdSyo eA090Rf9r4sjWPtEv+gj9o97RvCeZi7AnJvNHNs11U9rmdXxoWSfcGGFD1dwgHr0rqyk yI+A==
X-Gm-Message-State: APjAAAV+47y+u+5BZ5F6K4igMhdev+OSuGwApsfFKbcpvg2iBkmUvrdC 2U7ceF4amiJqdrYrNycXaA5S+/nU
X-Google-Smtp-Source: APXvYqw/lyTJChqILuMlsdlCxBxiY7Iq2Pp/KvSQALzF/uEfhhlRpjqdjk7ReiwDkWFctQFis1b7iQ==
X-Received: by 2002:a63:3648:: with SMTP id d69mr7642087pga.314.1551486192664; Fri, 01 Mar 2019 16:23:12 -0800 (PST)
Received: from [192.168.178.30] ([118.148.79.176]) by smtp.gmail.com with ESMTPSA id y133sm36181532pfb.107.2019.03.01.16.23.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 01 Mar 2019 16:23:11 -0800 (PST)
Subject: Re: Segment Routing Drafts
To: Fred Baker <fredbaker.ietf@gmail.com>, Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>
Cc: IPv6 List <ipv6@ietf.org>
References: <BYAPR05MB424560001F76E403A33B94E7AE750@BYAPR05MB4245.namprd05.prod.outlook.com> <341A6C5C-3670-4C8F-A8CA-C80182AC1F3C@gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <7dffddcd-a810-764e-3929-01d7b400c410@gmail.com>
Date: Sat, 02 Mar 2019 13:23:08 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1
MIME-Version: 1.0
In-Reply-To: <341A6C5C-3670-4C8F-A8CA-C80182AC1F3C@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/LvCjBAKJB46msorWx3kk5zR5ElQ>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Mar 2019 00:23:15 -0000

On 02-Mar-19 11:25, Fred Baker wrote:
> 
> 
>> On Feb 27, 2019, at 8:22 PM, Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org> wrote:
>> - https://datatracker.ietf.org/doc/draft-bonica-6man-oam/
> 
> I read this draft, and was immediately puzzled. The OAM option is useful if and only if it is implemented and configured, and (per the security considerations) is a reason the packet should not be permitted to enter aa subsequent network. 

The text is confusing. It says:

   Network operators should block packets containing these extension
   headers at their boundary.

I hope that that is meant to say:

   Network operators should block packets containing the OAM option
   at their boundary.

Because clearly it is way out of scope for this draft to address
firewall recommendations in general (which anyway are covered by
draft-ietf-opsec-ipv6-eh-filtering, currently "Waiting_for_AD_Go-Ahead").

> As such, it is only useful on a small subset of the systems it encounters, and only in the originating network.
> 
> Am I reading this correctly?

Well, if it is intended as part of the segment routing specs,
that needs to be stated in the draft. If so, it presumably inherits
the property of segment routing that it only works within a Segment
Routing Domain (https://tools.ietf.org/html/rfc8402#page-6)
and the OAM option would be blocked at the domain boundary.

Which is one of the motivations for draft-carpenter-limited-domains,
of course.

    Brian

v2.23.0 | Report a Bug | By Email