IETF Logo Mail Archive

Re: END SID Without SRH

Tom Herbert <tom@herbertland.com> Thu, 13 June 2019 18:06 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9050120353 for <ipv6@ietfa.amsl.com>; Thu, 13 Jun 2019 11:06:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VMjjB6SubwDW for <ipv6@ietfa.amsl.com>; Thu, 13 Jun 2019 11:06:53 -0700 (PDT)
Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04245120436 for <ipv6@ietf.org>; Thu, 13 Jun 2019 11:06:51 -0700 (PDT)
Received: by mail-ed1-x530.google.com with SMTP id w13so32513267eds.4 for <ipv6@ietf.org>; Thu, 13 Jun 2019 11:06:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=zMNXWWM2rvHe2ykk/0kA0sOexiUqSzQCeTqQ708KV7E=; b=ZMz5n85/3vv07onbuLA02nKexjiPC1BRRPb7yVlUrVewfeFXjniWFmJPy6XUhyyATK IufK+4UjgAI9fbIZyv3lvA++sVYTE/bAptNGoIB9tjVVMXuDs/SQVT991XDLf0nG3Aoz fDil73n0bnF1OfszyYfpQQUjZGRdvzW8P5QdCvUdHFAAYlkO57d5vCCiDRPn2yU5+wZ+ USOtNEgcLRULkdhYlR1IDmKqloG5a5VI2rQ7bSfMaiKrzCS1Xo2kC6TvQmHs4WpSrPvM sBhzEC0UaDSRVcgC9RgI0/DSxDaSnULMLVUwIhRXx2RXD3DWMEnHr+AoWOivZ9n9AWqZ ZbTg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=zMNXWWM2rvHe2ykk/0kA0sOexiUqSzQCeTqQ708KV7E=; b=byYFsgQAJQ9IIZIRvUs1hf6V8RbCwaQwyGCNfXMEB04e465EPvxWkCrJo7/C22CUUr EGuDDAmOJE64Qn3vSiAGA9iuateUsp1RV1CAe8E/U10a55uED0WagKEPmZNw7FSIIv8I Ce4dv2++Dg6AFMXviJd4hyQgNS/XVfKosLQKM5BBhNAsLvs4r3CO+7LiqJ9+VmAvlAnW XjgXNt9iO1aqNNO339nbVWmI1GpIie9mEiplME0OauMgCQ0QngIhodvk7PIqkAefyJcx VwNmDiredpSdxlwkBgaa9F+Z0SJ86pY/zVeU86FB+NfwLho60PKzSYWTiLi4HIdY4rCW yVuA==
X-Gm-Message-State: APjAAAUQIxqZYqjt/5diCKdYuzsv1XrDXEPu63CTaGA4Xddyn/HobVq/ 9tzd/VtG82BT7vrZ7T/ZV5eLqhIqJ6VYlqSjCqTruQ==
X-Google-Smtp-Source: APXvYqwJ/Ahkkoc/OVrC91nyJZpV7THi4vXWLhpvzdxUVEQCPXBPQY07rpoddByNhJjVEC/76hQyEAR7eXtCn1PWNg8=
X-Received: by 2002:a50:b561:: with SMTP id z30mr41540375edd.87.1560449209373; Thu, 13 Jun 2019 11:06:49 -0700 (PDT)
MIME-Version: 1.0
References: <BYAPR05MB42456C75487CF9283A0ED1D0AE100@BYAPR05MB4245.namprd05.prod.outlook.com> <CAO42Z2y_D-xe+tX9n-KQYjnk5bkYXibO0Zs3E=JfAWWMZnJcSA@mail.gmail.com> <3030A68F-6CE1-4179-930C-D60BEB73063A@employees.org> <CAO42Z2yLkCRNXKp8KKnqh8VRRo6p1dx4h0-gyLBFZ=Jq0xQj2w@mail.gmail.com> <0C40BEFF-B050-40A1-BCB7-F76ADF18E3E0@employees.org> <BYAPR05MB42457C37AE7DC3F4CACC8FD7AEEC0@BYAPR05MB4245.namprd05.prod.outlook.com> <B254E985-A848-4FC4-868D-E2F04CF7E0DB@cisco.com> <CAO42Z2wXRe9XyMMVetzPMTY4Og=B=wQLz3LUVB0DFzRLL-BPQQ@mail.gmail.com> <07B7D3ED-55AC-4698-900A-E6828A1AAC20@cisco.com> <CALx6S36Zm=EoqexPiZaeYhTmnbQ-UoE8teuTeqzw7Zc2UPN_CA@mail.gmail.com> <C0BB3D1F-8B62-4076-ADDE-B53AC129D1E2@cisco.com>
In-Reply-To: <C0BB3D1F-8B62-4076-ADDE-B53AC129D1E2@cisco.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 13 Jun 2019 11:06:37 -0700
Message-ID: <CALx6S35GHdiNkRA39fhY3rOHx-yVqwC5G4WM2qMgka2AXyYfXA@mail.gmail.com>
Subject: Re: END SID Without SRH
To: "Darren Dukes (ddukes)" <ddukes@cisco.com>
Cc: Mark Smith <markzzzsmith@gmail.com>, Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, 6man WG <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/PBpHCC0JdcB0G358TM4wqknSj8k>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jun 2019 18:07:03 -0000

On Thu, Jun 13, 2019 at 9:34 AM Darren Dukes (ddukes) <ddukes@cisco.com> wrote:
>
> Read the last paragraph of 4.3.1.2.
>
Darren,

That's:

"A unique error code allows an SR Source node to recognize an error in
SID processing at an endpoint."

You can call nodes that send a plain IP packets to a SID address "SR
Source nodes" if you wish, but you cannot assume that they know
anything about segment routing or participate in the protocol based on
the destination address. To a source host that doesn't understand
segment routing, getting a segment routing specific ICMP error is
nonsensical (as it would be to network monitoring of ICMP errors).
"Unrecognized next header" code makes sense to everyone, and for those
nodes that do understanding segment routing they can do additional
investigation on the destination address in the ICMP error data to see
if they had mistakingly sent to a SID.

Tom





> Darren
>
> > On Jun 13, 2019, at 4:03 PM, Tom Herbert <tom@herbertland.com> wrote:
> >
> >> On Thu, Jun 13, 2019 at 12:25 AM Darren Dukes (ddukes) <ddukes@cisco.com> wrote:
> >>
> >> Mark.
> >>
> >> You remember your SIDs in your SR domain come from a SID block you created, S/s (see section 5.1) and this destination address falls within that space.
> >>
> >> You notice the destination sending an ICMP parameter problem error with a code that says “SR Upper-layer Header Error”.
> >>
> >> This is how you tell the source is trying to talk to a destination address that doesn’t speak TCP.
> >>
> > How is that any different than sending an ICMPv6 parameter problem
> > error with code 1 that says “Unrecognized Next Header type
> > encountered”?
> >
> >> Darren
> >>
> >> On Jun 13, 2019, at 6:28 AM, Mark Smith <markzzzsmith@gmail.com> wrote:
> >>
> >>
> >>
> >>> On Thu., 13 Jun. 2019, 07:52 Darren Dukes (ddukes), <ddukes@cisco.com> wrote:
> >>>
> >>> Hello everyone.
> >>>
> >>> This document defines an SRH and a SID, and how that SID is processed.
> >>>
> >>> I expect anyone "surprised" by this fact should have read this draft at some point:
> >>> a - within the past 2 years; since this document has defined a SID and its processing.
> >>> b - within the past 13 months; since section 4.3.1 specifically described discarding the packet based on upper layer header being processed.
> >>> c - within the past 8 months; since the current version of 4.3.1.2 was updated with the new ICMP error code, published, and the WG was notified via email.
> >>>
> >>> And recall section 3.1 defines a Source SR node as
> >>>   "any node that originates an IPv6 packet with a
> >>>   segment (i.e.  SRv6 SID) in the destination address of the IPv6
> >>>   header.  The packet leaving the source SR Node may or may not contain
> >>>   an SRH."
> >>>
> >>> In other words, there is no surprise.
> >>
> >>
> >> So one of the contexts I consider is sitting in front of a packet capture tool like Wireshark, and trying to troubleshoot a fault by looking at the packet.
> >>
> >> For the packet Ron described, with no SRH header, there is nothing to distinguish it from a normal IPv6 packet. The fault would be that the packet contains a TCP header, yet TCP processing is not occurring.
> >>
> >> The DA address in the packet might actually be a SID, but if it is coming from within the existing IPv6 unicast or multicast spaces, there is no indication of that.
> >>
> >> This SR processing is failing the principle of least surprise. That failure can cause longer than necessary troubleshooting and longer customers' services impacts. A network's MTTR is negatively impacted.
> >>
> >> Mandating that all packets to be SR processed have an SRH would prevent this problem. It would also be compliant with RFC 8200, because the processing to occur on the packet when it arrives at the device with the DA is explicitly encoded in the packet.
> >>
> >> Without a formal SID address space, encoding functions to perform on a packet in addresses is ambiguous, implicit and when troubleshooting, non-obvious.
> >>
> >> Regards,
> >> Mark.
> >>
> >>>
> >>> Darren.
> >>>
> >>>
> >> --------------------------------------------------------------------
> >> IETF IPv6 working group mailing list
> >> ipv6@ietf.org
> >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> >> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email