IETF Logo Mail Archive

Re: [IPv6] Working Group Last Call for draft-ietf-6man-comp-rtg-hdr

Ron Bonica <rbonica@juniper.net> Sat, 06 January 2024 00:35 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 570E5C1DF553; Fri, 5 Jan 2024 16:35:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.806
X-Spam-Level:
X-Spam-Status: No, score=-2.806 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b="ludbfUNK"; dkim=pass (1024-bit key) header.d=juniper.net header.b="S+Yzu1Wt"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x7-b0OztbYiv; Fri, 5 Jan 2024 16:35:52 -0800 (PST)
Received: from mx0b-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C56BC14F5F3; Fri, 5 Jan 2024 16:35:52 -0800 (PST)
Received: from pps.filterd (m0108157.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 405Gnkoi024108; Fri, 5 Jan 2024 16:35:50 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:content-transfer-encoding:mime-version; s=PPS1017; bh=vNVFh6N05zqrScQozAwLIXPbKvWd4bCiYfMlSHn2T3E=; b=ludbfUNKvaXy Wnt5TeDk/e099hZrv6BDH222Im/QUZM+nSuybwG0bEQg8NCykwZch53kkcdbnfFl LzWmKZsrzUKUKxCMuaQO+zuQj2of7jBMMiRc0RkBnmhwZ0yVQq4Mcgswf9iv3RYf FVQxpYIOg8Tm2SklBqldtfJkLxWtu96/Lwpf++doHh2Z60NIXxAiNLfVIJXH+huT YLYXQwg2YR5gshrjNTHJwzJ8D4xIsf39qE0kt489z4fEyjEl7ckFO2bzD65Ir1Tv Va9KtBSvhDmg5jq6cTegBATBOnhnDMX/iTa+8rSr6xf8Qjm7KtabryiR+ZWorrni 6PE4LrDvBA==
Received: from dm4pr02cu002.outbound.protection.outlook.com (mail-centralusazlp17013023.outbound.protection.outlook.com [40.93.13.23]) by mx0a-00273201.pphosted.com (PPS) with ESMTPS id 3ve90kt4dt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 05 Jan 2024 16:35:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=S3JpxkwwKcFG7WGBvPHaBmV3fhMaNKBoKHRFo+Zc4iJyRhDwL6sD5pQLVxZwa6CBzskNMk6lKechnAo2+KpyjSfpiQl0fTU3bj5P0Ft3AOEnNyL/xbNCnF9WmAz6NmVfTAdH3hmOSXBEDoZr6IGNaRdJ9zUmhWyj0i2Lp7gxdgrfITc2T+qHxW7DHjmV9QezH4nV23d6zv2FdKNLP/DTY4BRjdErZfSB9cSu3oG/850F+qH7Mw0PURpJ0oUkoGTEkFX3ENMyIR9SvGjLyvmqUr4a5gwObY0caWZZJJ1jOGJ54Q/vLD7Clo/yUOhhKMoNsjtoILytD4CB61SjBIKveQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vNVFh6N05zqrScQozAwLIXPbKvWd4bCiYfMlSHn2T3E=; b=aT9di5a5wJfCR7MPYRIuE6rHotGsMjjpQ8El5um6RqZkz8Xi1IxYIlshv4e3To/uT48iurKkp0mIxha9yLnO+5QGPdqR+Eug79bEW8Xp8uHzrnciLoP7FSXbYxq2gylOqp+aQupq6yOmwdQ9wDjpNp7x2eynIQjwNrKtFqDVIqlCMHhVJfsQ3lPnb+vwdQELUGob0+7fA1mrt6KJjjxWDWmP+AUKWnEogvz7KAYieIfiN2rrz7rwXFt4UuG1d+dlf/Qq/ZyPD07YO/atLsgj6N3WO9z6AOsBU2iQ3st35JTM45vgYxKd65YGOTyLJwb+dQDKjxsYWaPfYxbNIINmsQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vNVFh6N05zqrScQozAwLIXPbKvWd4bCiYfMlSHn2T3E=; b=S+Yzu1WtqPu2tgMY9Ybn2mxyn/wmWzwR/MqVvpCtG7AxNIoJJDPAm/9ZeIudWQvYAoot4/umzD4rIFNNS7DCHGzIkEy2twuzjGmdM37MoDXY0J88eEJefIpWOW5zy6Qh7NcK9X1/o8ocvgbrK48jRddMXZdlsT/BRei+B94HR5U=
Received: from BL0PR05MB5316.namprd05.prod.outlook.com (2603:10b6:208:2f::25) by IA1PR05MB9959.namprd05.prod.outlook.com (2603:10b6:208:3f9::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.15; Sat, 6 Jan 2024 00:35:46 +0000
Received: from BL0PR05MB5316.namprd05.prod.outlook.com ([fe80::ea96:ac1:f1bd:c2d7]) by BL0PR05MB5316.namprd05.prod.outlook.com ([fe80::ea96:ac1:f1bd:c2d7%4]) with mapi id 15.20.7159.015; Sat, 6 Jan 2024 00:35:46 +0000
From: Ron Bonica <rbonica@juniper.net>
To: Tom Herbert <tom@herbertland.com>, Jen Linkova <furry13@gmail.com>
CC: 6man <ipv6@ietf.org>, "draft-ietf-6man-comp-rtg-hdr@ietf.org" <draft-ietf-6man-comp-rtg-hdr@ietf.org>
Thread-Topic: [IPv6] Working Group Last Call for draft-ietf-6man-comp-rtg-hdr
Thread-Index: AQHaP1Jcq5yN6UN+vEizhMicTzAb3bDL1g2AgAAMrJA=
Date: Sat, 06 Jan 2024 00:35:46 +0000
Message-ID: <BL0PR05MB5316352E89869C176CCF6F50AE652@BL0PR05MB5316.namprd05.prod.outlook.com>
References: <CAFU7BATiUtHmtbhtrWSPDR4c2Eb+XQXFdvU2-V=TVLGb+W6hnA@mail.gmail.com> <CALx6S34CWX_1imdUtK1EHcVUEMfhWPm8Uj+JRHiqxMUz5fvH5Q@mail.gmail.com>
In-Reply-To: <CALx6S34CWX_1imdUtK1EHcVUEMfhWPm8Uj+JRHiqxMUz5fvH5Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=1ce24ab0-bd46-414e-b813-b1deb961c6be; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=0; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=0633b888-ae0d-4341-a75f-06e04137d755; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2024-01-05T23:41:19Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BL0PR05MB5316:EE_|IA1PR05MB9959:EE_
x-ms-office365-filtering-correlation-id: 465018f0-fa48-4e23-7c8b-08dc0e4f6c6e
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: cLPDdUzyNMlmZfb+V+NYszknHWfxuccdIWYWpKF4j/k9IA2wRtwqiEMHG5B79eQKuzd7xE3IRJT8re9i/AK5hdn7s0NBO32ox90MtpUpRixPtDsf/8gpucYYioDvQC/o5ClkQ780XVGZtw1qOOYQm7TuoI5B9yGRCI9Is6RJ9pAqsDu35U6JVYes9pUjcvQoxB0rkEvQai5usMgW4RXe+Uv50lsDsgTtNTEsreL+a/HFZausjXLhXuu7B13swxLUWp4CDU35480TeiHuweywOwfpaa0phJwKEFLhQo7YD9wwfqY5Nsl/JNPDU4SlmT2QcijhfpmZ5LwGsD8G5tVeEmZ/ASBDdnuxSfY6uuFDnsXRzKfLyfSN8r+XpDvELOQVPh+KY1d4ZobwymNfie9rILZIBbTfSYCxxbEBJPBlQ9IQCbvXOWEh036qv37QNo0zWFBJYHf9uStzzMwS+pvRlPph3IT43nFOqgecx5V+251o4O28lCHqP1Tk6RcRJskQOb2YIxiL+aRhPc4YF2jSNHDgmA/qBJZtQljQt3GN7It1AelFWPyjTv8J0dmCO9HXodHRYtP2mQAzSkOlQTsqfr/MEmiNYIXLDNj1eFPWYqtR2UDSXQEOmhL3rVamo2QgjGgZyKplukEjllCk85dg8c7HeXCqVQD3Ry51hH9DeOwfkGmz1oBe5NeUN/CBUwtS
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR05MB5316.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(39860400002)(396003)(366004)(376002)(346002)(136003)(230922051799003)(230173577357003)(230273577357003)(1800799012)(64100799003)(451199024)(186009)(71200400001)(6506007)(53546011)(7696005)(9686003)(478600001)(966005)(2906002)(54906003)(41300700001)(33656002)(5660300002)(110136005)(66946007)(8936002)(64756008)(52536014)(316002)(66446008)(8676002)(4326008)(76116006)(66476007)(38070700009)(66556008)(122000001)(38100700002)(86362001)(83380400001)(55016003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: CBJQ2T+Efu29KfuZ93/Vf1pYd6HoERxXLc+LLcky2v8yTCSQ5FYAybJ9Yuhyakpdybx8zQuf0ddEpZpr9BHV4TNsGPrHCu7mjrLi+gdGWWxZ3FzYF0M0R4/r0W/314M6k8mtR2aHIzpXPW868n/njk2vj5MB3ukzbr7S9XntNTJDBDTut34xnkvKffYFKRYoJW4NjXWpCwIWBIQYrmDWtifZ6T2IG1iV60r2yl5rKunsLEqlvXyblBE2yMXfX7tRZl4sSQjXwtd3jK3fx6qoepk/5aiBt16mol/xn3UAynPcdVB7ieTJQRe8Ya0D2p4cyTYwpicgUmSB8jOX935Tv470PAFy/uTRHItVxgjYCoEh/p1VGCqWauOUDBSym+hioM6DQG8EoOqanzY4PsHkZCG1p1i7Ehr2HL8uzEweFAmTjjF+75nl742st17GV47WYUKP76/z52idDZcevjKb5P6pcRhSunvCFNqIQXpvjiNbteVHu7ylDbeSVP5IO9l5fCB6LLmEgT/djoAgCk7Ekt1vdfSd6DSBqfVuUgqFAhZxG/H8a9MqzdHmTsW+IvKOviekvjFSsqxk54pSFWWfPKIriTLcDGLLaNRRm/PyhIW4WmYUxSRn8spzi7Iz7IItA4sTbhOly2w76WIvaplYUQ2xEEa8NDzjIfocqoxkMwLWPPhTnMmbMXl6QDGNXNHo/OnWIzAN6j7KOTycsYVqzmHg9L7y9Kwl2UH2hAcFRV1EW2HwbYeCUmOFIOOAV5fXR1Dcqo3TwHZ8qwaZkUadThfBh2jDN8jJYs2UotipMJHIzvzeAhpwzrnFGpfHWd3iFj+iNKYB3w8MlzsjFSjsn52/iQp+hKirs6oxY0chbEf17lcHJ2GoHfEmMR8ybkWBa08LFFYKwx7/Pfr0MsFT4t9YqWRQ5vIRS986B2Oezb3USYFvegvJFyRDql6PpoQ45XB5owM5BuXQi1qSzjXOpx4NhniYLBKisxNQgiZKaaOgiJXPQD21O+ghQRdL7AGHj1rwnJrHWvsD2+DsQYYiwwYaVIiOEBe+MxDCN6FowtXX2g6Czj1ARk2kNJo4wZLoISEGe6LTCR2kIcckdkyTrWvhJVlJ8lgfKsv156Qq0XK80uA/ueeiJV0O7UkM5jcI2oRBV21fXa63bxCUukdIOnWY9SjWCH1LBPCCK+sg7Euwp3E+7J5KQaC4L3cleX3KpehTJ2bKYVHRNuK0JZsTXVrRTaGMpCk87H8LRe+0IKTUWe3eDUsdtrjKnIR+wlrOU31erv3F6i80HvGgjnwJvt8wBGlbwjhyjTdrPfBiKXSGUUaCTG9MTp6D65EM9cbgwiWFLD/XdxKnwxt6YNNLaLNaXCjkLb+xU+SFP3vjRA7kPfZWNzHuRSLttEgkyVha+8HXC/8MpRKF4IVnN3x6QIETsL4ez77I7ZFGh15gMqyJQgcG/heZgYlyoIhmdE2Chwdif/rLEyhL/tsm1FkeAuhzFicoCrbpeqjWWU8t8iWOWUw41G0LdJxUAvQl14k2evv9qgKrnCRIlXpZvZbx7eznDlm7/BbVBt24Xti/vxKWZ+mfWi7evB+58Zfrd7+nKOZCmz7Ut/fBLKA1nEo7tQWpz5+v62XAbY9ydNJkjC0fwHfpAh2AU2mn/LNipOKz
Content-Type: text/plain; charset="utf-7"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR05MB5316.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 465018f0-fa48-4e23-7c8b-08dc0e4f6c6e
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Jan 2024 00:35:46.3877 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 0+OpaTLDyakQdmJUNduEqM20LOlx8dU1dlibOFjhOD6M9XhECkA9GXoueUQCB1lVa7dsiw4Y8ZXZJP3zSMkg6w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR05MB9959
X-Proofpoint-ORIG-GUID: 26vhdvLL1iHr3oJ4YKJWPhLeezAtFn2H
X-Proofpoint-GUID: 26vhdvLL1iHr3oJ4YKJWPhLeezAtFn2H
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-09_02,2023-12-07_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 malwarescore=0 impostorscore=0 phishscore=0 mlxlogscore=999 bulkscore=0 lowpriorityscore=0 adultscore=0 suspectscore=0 mlxscore=0 spamscore=0 priorityscore=1501 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2311290000 definitions=main-2401060001
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/UWhoNIHAVnyppRyoXP_BYkPOa84>
Subject: Re: [IPv6] Working Group Last Call for draft-ietf-6man-comp-rtg-hdr
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Jan 2024 00:35:56 -0000

Hi Tom,

I believe that we have discussed this topic before, but it may have been off-list. So, I will repeat my argument on list.

When considering your objection, we must consider:

- its scope
- the cost / benefit trade-off

Regarding scope, you comment applies to many routing header compression scheme's not only the CRH. So, we should search for a solution that addresses all routing header compression schemes, not just the CRH.

Regarding the cost / benefit trade-off, some operators may be concerned about the issue that you raise. They would be willing to sacrifice a few bytes of overhead for the additional functionality that you propose. Other operators, not so much.

So, it seems that we should look for a solution that a) is applicable to many routing header compression scheme's and b) is optional. Clause a) precludes a solution that is embedded in the CRH.

What do you think of a HBH Option that displays the ultimate destination. This can apply to any routing header compression scheme. It is also optional. If you like the idea, I would support a draft.

                                                                        Ron



Juniper Business Use Only
-----Original Message-----
From: Tom Herbert <tom@herbertland.com>
Sent: Friday, January 5, 2024 5:56 PM
To: Jen Linkova <furry13@gmail.com>
Cc: 6man <ipv6@ietf.org>; draft-ietf-6man-comp-rtg-hdr@ietf.org
Subject: Re: [IPv6] Working Group Last Call for draft-ietf-6man-comp-rtg-hdr

[External Email. Be cautious of content]


Hi,

I have a concern with this proposal. As I understand it, the addresses of all intermediate destinations and the final destination can only be correctly deduced with access to the external state (the CRH-FIB). In particular, the final destination address can no longer be deduced by simple inspection of the packet contents. I think it may have ramifications on debugging and security. I suspect this also would be a concern for SR CRH.

This will make much hardware to track and diagnose flows in the network. Also, if the destination is obfuscated the TCP and UDP checksum cannot be validated in the network (strictly not needed, however it is done when debugging corrupted checksums. Even if the diagnostic tools do have access to the FIB, it has to be the correct FIB in time. So to do post mortem analysis on a flow could only be done if the correct state is accessed for when the packet was accessed.

Security may be a problem due to the potential of misdelivery. Correct delivery depends on FIB state being correct and synchronized between nodes. Presumably, misdelivery would be detected by transport layer checksum with pseudo header, however not all protocols have a checksum, and RFC6936 allows UDPv6 to be sent with a zero checksum in the case of tunnels.

To avoid ambiguity and misinterpretation, I suggest that the final address in the SIDs should be sent uncompressed as a plain address or compressed using some stateless method. I think this also could reduce the size of the FIB table since final destinations are likely to be hosts and there may be an order of magnitude more hosts than routers in the network.

Tom

On Thu, Jan 4, 2024 at 1:09 PM Jen Linkova <furry13@gmail.com> wrote:
>
> This message starts a new two week 6MAN Working Group Last Call on
> advancing "The IPv6 Compact Routing Header (CRH)" document
> (https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ie
> tf-6man-comp-rtg-hdr/__;!!NEt6yMaO-gk!CWvVGIuSGSWauTRliWk7FJg8VvZNfVPLMcMeOdaUrfqmrfb7flEI0bndmOe3UuwngN0gXiuPTOerJkI$ ) as an Experimental document.
>
> Substantive comments and statements of support for publishing this
> document should be directed to the ipv6@ietf.org mailing list.
> Editorial suggestions can be sent to the authors.  This last call will
> end on Jan 21 2024, 23:59:59 UTC.
>
> --
> Cheers, Jen Linkova on behalf of 6MAN chairs
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests:
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/ipv6
> __;!!NEt6yMaO-gk!CWvVGIuSGSWauTRliWk7FJg8VvZNfVPLMcMeOdaUrfqmrfb7flEI0
> bndmOe3UuwngN0gXiuPTMIkwPI$
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email