Re: Re: I-D Action: draft-smith-6man-in-flight-eh-insertion-harmful-00.txt
Mark Smith <markzzzsmith@gmail.com> Mon, 14 October 2019 06:19 UTC
Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20BE1120099 for <ipv6@ietfa.amsl.com>; Sun, 13 Oct 2019 23:19:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.503
X-Spam-Level:
X-Spam-Status: No, score=0.503 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wqto4lbcnu_3 for <ipv6@ietfa.amsl.com>; Sun, 13 Oct 2019 23:18:59 -0700 (PDT)
Received: from mail-ot1-x332.google.com (mail-ot1-x332.google.com [IPv6:2607:f8b0:4864:20::332]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17F51120041 for <ipv6@ietf.org>; Sun, 13 Oct 2019 23:18:59 -0700 (PDT)
Received: by mail-ot1-x332.google.com with SMTP id o44so12837914ota.10 for <ipv6@ietf.org>; Sun, 13 Oct 2019 23:18:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vEzMFV9p5jYtMAswIP3vTZ3tR8i9Zmxg/ckyA0eMPE0=; b=lxYX4Y+wOEflwLRPaB/5opKGfee5J9fK6tnxzm+IGuOd4Ye/j0Sg+rXvJll7zQi+n6 MsgJto0FFK8KN6250u0qrFLYFlmnSh/Gyk+7ZRpdLQwzx1NYeFavoY1dVt0NXfU/8nQa v/FfwIafoLUefZs1NM8BDEe6vHLvtVzR9BAxnxYyntFi5CjBFWqT/apek7ysT8iY3qQl 58HbutzB4ZFMLZtv/+o41bSN0L98U8BKFQ1/FfNYgeKqosHCZS5ImeeFMwKzRwvKPA0J UX//squLve+eDLSFdlU+Ajp9XAWOmr9W/1b/BsdWmSpTeMNgG+qOh1KofDEC9DC5cKgE bFfQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vEzMFV9p5jYtMAswIP3vTZ3tR8i9Zmxg/ckyA0eMPE0=; b=sdSndktm7A1QgVHumNTP5Ey4VHDiuzye2KvbFtzhYIY9jjbvRqwPmfhOqUo32nGIUm t9Y1wcn4G2m5HX/1Yf+xb5WQWPGllYeeZGRYmZYN1REG6JxuYLPXMJFSnex5M72vvOxc KX+Dh6DM1djNZ1O1Ji+8RHRrbvRs83DcIhVjTZ9/MlBH8KHP4ulQhg9mheJ9F6osaxXR LrkO39US+4xpZmlfyJdK4vlXvcX8p2iq8s62b4/7dK8bNxFtDtSYHl5urwRN3xzluoka ko19EWteo9joUKf3Nlv7GQMigS4+zqs4ob9BkMjBkKH8AyNNE02TjJMGFcoaz8SMtzdf luTw==
X-Gm-Message-State: APjAAAVvmehC7Pimp+Hl12j2Y9hxfv3juFS2U6A3E4UHoLP0VWLoQSMB /LFq9p02s2ijKA0KgPwdE9Sf68MnI11gDdwE5fU=
X-Google-Smtp-Source: APXvYqwB9sOPDtEs9ZQtSaXqu1+0wISpk+8h/wfCV8NMaUmMYDUY2fESVclZfGhxa5rE4pKgcDtM0MaIPBXiQd2UepM=
X-Received: by 2002:a9d:5544:: with SMTP id h4mr10266147oti.94.1571033938399; Sun, 13 Oct 2019 23:18:58 -0700 (PDT)
MIME-Version: 1.0
References: <79F13DA9-2B14-4885-B0E4-272EFB0E25FC@gmail.com> <HK0PR03MB4066B72F338821CD93E6ADD7FC900@HK0PR03MB4066.apcprd03.prod.outlook.com>
In-Reply-To: <HK0PR03MB4066B72F338821CD93E6ADD7FC900@HK0PR03MB4066.apcprd03.prod.outlook.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Mon, 14 Oct 2019 17:18:46 +1100
Message-ID: <CAO42Z2xFk7cJOP2-AuFhZWN7LY6nphnqarv5s26ae-oM=_e5xA@mail.gmail.com>
Subject: Re: Re: I-D Action: draft-smith-6man-in-flight-eh-insertion-harmful-00.txt
To: li zhenqiang <li_zhenqiang@hotmail.com>
Cc: Gyan Mishra <hayabusagsm@gmail.com>, 6man WG <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d414090594d8d703"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/RVgra4Rza4o6-Wa7ByVfK1vX-70>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Oct 2019 06:19:01 -0000
On Mon, 14 Oct 2019, 13:05 li zhenqiang, <li_zhenqiang@hotmail.com> wrote: > Hi Gyan, > > In my understanding, MPLS Label insertion is more like encapsulation, > because the outer header is handled, one more label is added at the top. > For SRv6 SRH insertion, the outer IPv6 header is still used, only > destination address is updated when SRH is inserted. > So the SA of this packet is now a lie. > In your exmaple, if P2 performs SRv6 Ti-LFA by adding one more outer IPv6 > header, this is similar to MPLS label insertion. > There is no such thing as label insertion in MPLS. > Best Regards, > Zhenqiang Li > ------------------------------ > li_zhenqiang@hotmail.com > > > *From:* Gyan Mishra <hayabusagsm@gmail.com> > *Date:* 2019-10-14 00:03 > *To:* Gyan Mishra <hayabusagsm@gmail.com> > *CC:* 6man <ipv6@ietf.org> > *Subject:* Re: I-D Action: > draft-smith-6man-in-flight-eh-insertion-harmful-00.txt > > Mark > > In tried to add this comment in-line but does not look like it came > through. > > See below > > Comparing MPLS in flight label insertion to SRv6 in flight EH insertion > below: > > We will use the Service Provider scenario for SRv6 to compare apples to > apples use case since SRv6 has a much wider scope as it pertains to IPv6 > data plane traffic engineering capabilities. > > Typical SP mpls core / SRv6 core with L3 VPN services CEs attached. > > So for both scenarios the the packet originates from the customer network. > > CE - customer edge originating packet > PE1 - ingress PE device performing label imposition or EH insertion for > SRH header > P2 - LDP Remote LFA PLR node/path protection > Performs LDP tunneling to PQ node by inserting MPLS label for FRR link and > node protection. For SRv6 Ti-LFA PLR node performs EH SRH header insertion > for the “LFA” backup protected path during a link or node failure > P3 - PQ node tunnel for R-LFA > P4 - egress P performing MPLS PHP pop implicit null value 3 or SRv6 PSP > SRH segment pop and removal of SRH EH header type 4 > PE2 - egress PE label disposition of bottom of stack L3 VPN labels for > MPLS use case > > CE - PE1 - P1 - P2 - P3 - P4 - PE2 - CE > > So in both cases the MPLS LDP or SRv6 domain the MPLS PE does in flight > label imposition similar to SRv6 on the same ingress PE SRv6 does in flight > SRv6 EH SRH Routing header type 4 insertion. > > So in both cases the MPLS LDP or SRv6 domain the MPLS P2 “IP FRR PLR node” > does in flight label imposition similar to SRv6 on the same P2 node SRv6 > does in flight SRv6 EH SRH Routing header type 4 insertion as well for > Ti-LFA 50ms FRR link and node protection. > > So basically both MPLS and SRv6 perform in flight insertion of a header > mpls 4 byte shim for mpls scenario and SRv6 EH SRH Routing header type 4 > influencing the packet. > > The major difference with mpls and why that in flight label insertion has > never been an issue is that MPLS is considered “Layer 2 1/2” due to the > label stack being placed between the L2 link layer header and the L3 > header. So impact to routing related to mpls shim not being removed or > security implications don’t exist since in the mpls core you are not IP > routing you are “label switching” so forwarding plane is at that “layer 2 > 1/2” swapping the local label with remote label along the LSP path to FEC > destination. > > With SRv6 since the EH headers are all inserted after the IPv6 header and > before the transport header their are MAJOR security implications with EH > headers not being removed as the EH headers are part of the L3 routing > functionality. > > One other major impact to EH insertion in flight with IPv6 is that SRv6 > can be used ubiquitously in almost any scenario where traffic engineering > is required. > > With mpls the downside but from a security perspective upside as why mpls > label imposition insertion in flight is not impacting is that with mpls > state has to be maintained hop by hop for mpls data plane forwarding plane > with either LDP or TE topmost label so mpls forwarding plane due to this > “mpls state” LFIB dependency cannot exist outside of the mpls domain the > egress P must to a PHP or if Default implicit null mpls label value type 3 > is used or explicit null where the label is preserved on the egress P and > popped on the egress PE along with the entire label stack is popped “label > disposition” so the egress PE on the PE-CE link can forward as native IP > packet.. > > > RFC R-LFA used with MPLS LDP IP FRR > > https://datatracker.ietf.org/doc/rfc7490/ > > What I think needs to change and we need to discuss with Spring folks is > on the PLR node doing the 2nd EH insertion for Ti-LFA to achieve link and > node protection 50ms failover they need to do another IPV6 header > encapsulation. > > So the ingress PE in SRv6 domain would add the 1st outer layer IPv6 header > but then on the Ti-LFA node now we would require from a 6MAN RFC 8200 a 2nd > IPv6 encapsulation and the FRR steering would be done through the PQ node > via the 2nd encapsulation and and the PQ node would remove the 2nd > encapsulation which would contain the SRH Ti-LFA SID list for the traffic > engineered path. > > In the Voyer draft addressing EH insertion we should also have them make a > bore that Ti-LFA would not exist in every scenario using SRV6 due to the > ubiquitous use cases of SRv6 so that 2nd encapsulation would only be > required wherever the 2nd or I guess even 3rd or every time an EH SRH type > 4 routing header is added for that matter a IPv6 encapsulation is required > to satisfy IPv6. > > Regards > > Gyan > > > Sent from my iPhone > > On Oct 13, 2019, at 11:59 AM, Gyan Mishra <hayabusagsm@gmail.com> wrote: > > Mark > > Few comments on the draft in-line and also comparison of MPLS label > insertio= > n to SRV6 EH insertion. > > Sent from my iPhone > > On Oct 13, 2019, at 6:25 AM, Nick Hilliard <nick@foobar.org> wrote: > > =20 > > Brian E Carpenter wrote on 13/10/2019 01:36: > > The packet is too dumb to know anything ;-). My question is how each > > node it traverses knows. Indeed, Mark's draft > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- >
- Re: I-D Action: draft-smith-6man-in-flight-eh-ins… Brian E Carpenter
- Re: I-D Action: draft-smith-6man-in-flight-eh-ins… Nick Hilliard
- Re: I-D Action: draft-smith-6man-in-flight-eh-ins… Brian E Carpenter
- Re: I-D Action: draft-smith-6man-in-flight-eh-ins… Joel M. Halpern
- Re: I-D Action: draft-smith-6man-in-flight-eh-ins… Mark Smith
- Re: I-D Action: draft-smith-6man-in-flight-eh-ins… Nick Hilliard
- Re: I-D Action: draft-smith-6man-in-flight-eh-ins… Gyan Mishra
- Re: I-D Action: draft-smith-6man-in-flight-eh-ins… Gyan Mishra
- Re: I-D Action: draft-smith-6man-in-flight-eh-ins… Brian E Carpenter
- Re: I-D Action: draft-smith-6man-in-flight-eh-ins… Nick Hilliard
- Re: I-D Action: draft-smith-6man-in-flight-eh-ins… Mark Smith
- Re: I-D Action: draft-smith-6man-in-flight-eh-ins… Brian E Carpenter
- Re: Re: I-D Action: draft-smith-6man-in-flight-eh… li zhenqiang
- Re: Re: I-D Action: draft-smith-6man-in-flight-eh… Mark Smith
- Re: Re: I-D Action: draft-smith-6man-in-flight-eh… Mark Smith
- Re: Re: I-D Action: draft-smith-6man-in-flight-eh… li zhenqiang
- Re: I-D Action: draft-smith-6man-in-flight-eh-ins… Stewart Bryant
- Re: I-D Action: draft-smith-6man-in-flight-eh-ins… Mark Smith
- Re: I-D Action: draft-smith-6man-in-flight-eh-ins… Fernando Gont
- Re: I-D Action: draft-smith-6man-in-flight-eh-ins… Mark Smith
- Re: Re: I-D Action: draft-smith-6man-in-flight-eh… Gyan Mishra
- Re: I-D Action: draft-smith-6man-in-flight-eh-ins… Fernando Gont