IETF Logo Mail Archive

RE: [spring] How CRH support SFC/Segment Endpoint option?

Ron Bonica <rbonica@juniper.net> Mon, 25 May 2020 03:09 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BE713A0A29; Sun, 24 May 2020 20:09:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=HWzQUd6/; dkim=pass (1024-bit key) header.d=juniper.net header.b=XlAc5fI3
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7_xVvRVF0Usi; Sun, 24 May 2020 20:09:23 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E6343A0A1C; Sun, 24 May 2020 20:09:23 -0700 (PDT)
Received: from pps.filterd (m0108157.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 04P37HIi005469; Sun, 24 May 2020 20:09:21 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=PPS1017; bh=XqEdFcueYlY88jttykbwL/EUirSP4Oi5DPC1WVym+X8=; b=HWzQUd6/P2SW5giSKYXYjmCKsArJw8BCxn2HE5j7Opo2eUDEjftKtx2d00QnQV3N4cYm pax8QeWU/y9vZ7A5RZJXibUpaVMpgO45XfJ1crPVUvUrweIUpzOG7SXbuJ1Bb71pq165 PJp2ZEL4sKdJLrBtebMelpjo17rF7Je7Q5A+33xRWRk8bMlmVyuFadB4DtHhXXL4FGCe MbPKU1ETCdlzlWXhBXL5uIm9EvzvXuCZLrXLxsWY74OJJi5Rn/qc6ae8lKVan6QMc850 kdja2vrMx2rvWyzA3xMlzLqTpKbImjESQwxIn01QCsUfLfafPbisNcEkxM0nLic3XWi1 GQ==
Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2105.outbound.protection.outlook.com [104.47.58.105]) by mx0a-00273201.pphosted.com with ESMTP id 31733nsxq5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 24 May 2020 20:09:21 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZkKscJ/9FTkejFLnnm+L25GcSRht1SZXo9ysZAM1xiK2euuO/IeAss/crUWsZi4nUZ1YZIRURQery+tjnBbNZs2e+tFuVS834mwOFOAsaYrw7jDXjRH8R/T19/l9MIUHVNjfSkYkN/rP+lGaUVkenotaDLuRefd0jG3ZSjt9I+quC2dnR9nlaW1nI2JoRorf8QLtfAxy3l4z2lKx42EikomaMGuQoLszBh8gyMLIJPANN+mXo14V46l3iNRcR51/ANcHCsQLb4OEshH8C/QFh09fC4psgKMnb+1TIpnpJDXkp+XhERarAaMAdBzdKxF8dIhVCuOJOHxTf4PAX/kn+A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XqEdFcueYlY88jttykbwL/EUirSP4Oi5DPC1WVym+X8=; b=bmAQZNH3Q0jLiYiEOJ+Hs26IOAT7HX/t+eIZafsr1roZqAxdBfp7fHUEnAvcQzf6mtIGnW8JfejnQA+FECY2I5kPuVWZqHBqKGsmegHdnR0ZyjFA5tM6oJURMv0+LWVJBNJPUUkbFCXs3zyFNPKri/fpqwMfJ+JL3v/MzRRcaB8iPHGr0BnNi2J26YC00cH4U+8QzmzhP+TCTcQIDGBN3naWQgrpFXhXwSedBg+cIobHipyPOO6kZC1fLdrh6AvwQhTrl0Zopp8m6T1+Sn7/cyVcgsnxvitYBwSv1MSEbEnDJmT3T5dmCbpvSgcWfwj7TfPvjH/aCqurBo9gcwf6DQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XqEdFcueYlY88jttykbwL/EUirSP4Oi5DPC1WVym+X8=; b=XlAc5fI3PBtZYkljEsQ0mWhXkI26LqT2A9b9tNd7TFj2w7/r1Hu0oENeeBeDMwxQeboYBpB4vLWzlZJ0sT+GUoNdgmd5b7EptfmV+xMCGkBHc5e4X5d8/vbPkSN8eTAbvrLgRzZtmrE2d4UxV8+js2Gg8ayeelr/9iEdIddgExg=
Received: from DM6PR05MB6348.namprd05.prod.outlook.com (2603:10b6:5:122::15) by DM6PR05MB6665.namprd05.prod.outlook.com (2603:10b6:5:12d::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3045.8; Mon, 25 May 2020 03:09:19 +0000
Received: from DM6PR05MB6348.namprd05.prod.outlook.com ([fe80::c020:3bf5:7230:75e3]) by DM6PR05MB6348.namprd05.prod.outlook.com ([fe80::c020:3bf5:7230:75e3%4]) with mapi id 15.20.3045.014; Mon, 25 May 2020 03:09:19 +0000
From: Ron Bonica <rbonica@juniper.net>
To: Tom Herbert <tom@herbertland.com>, Brian E Carpenter <brian.e.carpenter@gmail.com>
CC: Robert Raszuk <robert@raszuk.net>, "spring@ietf.org" <spring@ietf.org>, 6man <6man@ietf.org>
Subject: RE: [spring] How CRH support SFC/Segment Endpoint option?
Thread-Topic: [spring] How CRH support SFC/Segment Endpoint option?
Thread-Index: AdYwBYkgTau2vInrR6WP+x+iqlpN9gAPJDmwADf+cOAAEX/LgAATRtiAABaWjIAAAXdcAAAEWnWAAAYAivA=
Date: Mon, 25 May 2020 03:09:18 +0000
Message-ID: <DM6PR05MB63484B690AF323ACE5853D79AEB30@DM6PR05MB6348.namprd05.prod.outlook.com>
References: <C7C2E1C43D652C4E9E49FE7517C236CB02A2CD12@dggeml529-mbx.china.huawei.com> <DM6PR05MB63482CFA4D5AB938D5A4B818AEB40@DM6PR05MB6348.namprd05.prod.outlook.com> <C7C2E1C43D652C4E9E49FE7517C236CB02A37DC6@dggeml509-mbs.china.huawei.com> <DM6PR05MB63489256A7C8357BEF526EE2AEB20@DM6PR05MB6348.namprd05.prod.outlook.com> <CAOj+MMGLj9OgFCcsB21oWXbcCqHZ7B4qTvCcrK9LXuKDYVu_vQ@mail.gmail.com> <CALx6S36yJ5CS6ykQhd_sW3T6=PjVJNOqewtg2joUtHnbsZPxSA@mail.gmail.com> <15815a80-7fe3-7d85-61a8-f7168a99cabb@gmail.com> <CALx6S35j=c9BUyyf1qs+As-51YVR6DTQAP+Xkc4zS05CGVJCHQ@mail.gmail.com>
In-Reply-To: <CALx6S35j=c9BUyyf1qs+As-51YVR6DTQAP+Xkc4zS05CGVJCHQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2020-05-25T03:09:13Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=0633b888-ae0d-4341-a75f-06e04137d755; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=9f1e7b45-9bf0-4a18-b6a4-e6a1121b1a02; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=2
dlp-product: dlpe-windows
dlp-version: 11.4.0.45
dlp-reaction: no-action
authentication-results: herbertland.com; dkim=none (message not signed) header.d=none;herbertland.com; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [108.28.233.91]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: d7372740-2b50-4520-9e59-08d8005903e8
x-ms-traffictypediagnostic: DM6PR05MB6665:
x-microsoft-antispam-prvs: <DM6PR05MB6665FA6566C2E42A1444FDEFAEB30@DM6PR05MB6665.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0414DF926F
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Gc7fUkG8i683jH/3q0Bb19thqFx1wDCzW79sqrtH8iYG7/B52ROYM4LFETITjM4w4LBXig3UORwr1QK5p+o/8g3okZ+035mdqmv6ncQKQ0rs6ALVO8cJFd+EGAydWsmGttmnNq67UwYtBqsazG+r3yCP+yteV9m9p4N2gbiSRHp6kNvaJJGBJ5nVNy1jANw5JTgSYbQjYIIt9rv/Nukwj8uzg5MihVVIWYL3Og3bGLa8l6MrzFQHpkXKScUcjgyuPXhZrdto/VeWMLeZI8qihAbLW083EYI32uSNip0Zb9cDBlXTueRn+KD1HaVXnW92aQiHhQ+dtRUcuGllSpsZ/TlV38ZTf94idDnugXR6UST9YwnwOEmR0i5Gdwd9vKPhZjsaomGTmX3Xvj6P6oxF3A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR05MB6348.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(376002)(396003)(346002)(366004)(136003)(8936002)(8676002)(53546011)(7696005)(71200400001)(26005)(6506007)(316002)(33656002)(54906003)(55016002)(2906002)(86362001)(110136005)(478600001)(66446008)(966005)(66476007)(66556008)(76116006)(66946007)(64756008)(5660300002)(9686003)(52536014)(186003)(4326008); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: zcEJNBaL06x9n9OKYc4VM8fMGmE99rxhhe5xXrPA065/my75elx0atBSREeakM1FiVTknG+YTO3eqiBet2CQgYa1jV5jkD7B2qD/dP3f/fvmDRCtO5h10HYbbUG43CnoTTTOga+h0UfSfUXn7sGApSwlP5TD7oafce2isXFD2mf7nbQRv81wOkcWifKJHCJVjTI7CgZC/XZu/Gv4PyNsxgUDX7thknw2BCmTt13D7ni1bpC4K+KtLBcRl9/Gbcy2DqbWMBFU7OY8wv/B+hiZdIq9dv99kA/qLGg2hJbNaxnoV6QyqjFESTKco0oSWEmLTGwlc8vNF9Y/xUB/59B5ZHojxzHlCD7RNjcmW5HYLRaiQslgyYLLmwEC1twUJEM1QDC+WbI8UOGHM94b7C57TG4PekyWVgLB5Wj+rhEKVdUner2IN1IYgPFE62p5REeR8Ky0PhSfPIMKQ9QECh0yI99povLZle3sxP5yn2sT7cs=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: d7372740-2b50-4520-9e59-08d8005903e8
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 May 2020 03:09:18.9151 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: U5xi5aDzrrx+YHhYTbKroPfCMGE58+BRBSbxel6tv2zzF37t9sj3YCVw00s+8M1Bn1hgtIbAlfz2sDN2GliMqg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR05MB6665
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.676 definitions=2020-05-24_11:2020-05-22, 2020-05-24 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 mlxlogscore=999 impostorscore=0 adultscore=0 priorityscore=1501 cotscore=-2147483648 mlxscore=0 spamscore=0 malwarescore=0 bulkscore=0 suspectscore=0 clxscore=1015 phishscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2005250024
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/mG5Moow6DZIUwwuT8UghhR0R9gM>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 May 2020 03:09:26 -0000

Folks,

I think that we are all talking past one another. RFC 8200 recommends specific ordering of extension headers for a reason.

IPv6 extension header are ordered as follows:

- Headers processed at every node along the delivery path
	- Hop-by-hop
- Headers processed at every segment endpoint
	- Destination options
	- Routing header
- Headers processed at the ultimate destination only
	- Fragment header
	- Authentication header
	- ESP header
	- Destination Options header

Note that the Destination Options header is the only extension header that can appear twice in a packet. The Destination Options header must immediately precede the Routing header or the upper-0layer header.

 If a packet contains a destination options header, a routing header, a fragment header, and another destination options header:

- the destination options header that precedes the routing header appears in each fragment
- the destination options header that precedes the routing header Is processed on each segment endpoint, before the packet is reassembled
- the destination options header that precedes the upper layer header appears in the first fragment only
- the destination options header that precedes the upper layer header Is processed on the ultimate destination node, after the packet has been reassembled

                                                                      ROn


Juniper Business Use Only

-----Original Message-----
From: Tom Herbert <tom@herbertland.com> 
Sent: Sunday, May 24, 2020 7:56 PM
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Robert Raszuk <robert@raszuk.net>; Ron Bonica <rbonica@juniper.net>; spring@ietf.org; 6man <6man@ietf.org>
Subject: Re: [spring] How CRH support SFC/Segment Endpoint option?

[External Email. Be cautious of content]


On Sun, May 24, 2020 at 2:51 PM Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>
> On 25-May-20 09:08, Tom Herbert wrote:
> > On Sun, May 24, 2020 at 3:23 AM Robert Raszuk <robert@raszuk.net> wrote:
> >>
> >> Hi Ron,
> >>
> >> I have one small question on the Destination Option Header you keep referencing to carry for example VPN demux instructions.
> >>
> >> As DOH follows Fragment Header it is indeed inspected before CRH.
> >>
> >> So please kindly clarify what is there in the IPv6 packet header which would stop each segment endpoint (during the transit over SR anchors)  which destination is obviously in DA of the arriving packet not to inspect DOH and not trying to execute it ?
> >>
> >> If you could please also provide reference to RFC8200 defining it.
> >>
> > Robert,
> >
> > Look at Destination Options before the routing header in RFC8200.
> > These are intended to be processed at every intermediate destination 
> > in the routing header
>
> That intention is not specified in the text, and IMHO cannot be deduced from the text. Hence my comment on draft-bonica-6man-ext-hdr-update.
>
Brian,

I think it can be deduced. Extension headers need to be processed in order, so destination options before the routing header must be processed before the routing header. If the destination options before the routing were only to be processed at the final destination, then we would need to process the routing header before processing the destination options in order to determine if the destination address is indeed the final destination. More practically, if destination options were only to be processed at the final destination then it doesn't seem like there would be any material between destination options before and those after the routing header (or maybe there was some other intent to have two flavors of destination options?)..

I agree that the text could be clarified, It seems like another case of potential ambiguity in RFC8200 among the terms destination, destination address, final destination, an intermediate destination.
https://urldefense.com/v3/__https://tools.ietf.org/html/draft-herbert-ipv6-update-dest-ops-00__;!!NEt6yMaO-gk!XLLXuigXPE8uDwP4SF5HfRZ1NBlH1w24-GVBjHk_rvCmqCueDLaELLoTDx-wnEK6$  was an attempt to calirfy this, at least to clarify the significance of a modifiable destination option (before the routing header).

Tom

>    Brian
>
> > and precede any fragment header.
> >
> > Tom
> >
> >> Keep in mind that in number of networks P routers are also PE routers so executing DOH even if CRH still contains many hops to go may result in very unexpected behaviours. I am sure you recall that L3VPN labels are locally significant and there is no mechanism in place to assure uniqueness of VPN demux values across PEs..
> >>
> >> Why is this important here - because CRH by design is decoupled from any functions or network application handling.
> >>
> >> Many thx,
> >> Robert.
> >>
> >>
> >> On Sun, May 24, 2020 at 3:24 AM Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org> wrote:
> >>>
> >>> Cheng,
> >>>
> >>>
> >>>
> >>> The CRH is a building block. It has exactly one function. That is, to steer a packet along its delivery path.
> >>>
> >>>
> >>>
> >>> The CRH does not attempt to deliver parameters or metadata to service function instances. It relies on other mechanisms. One possibility is a destination options header that precedes the CRH. I am sure that there are other mechanisms. CRH should be compatible with all of them.
> >>>
> >>>
> >>>
> >>> Personally, I am not an NSH expert. Maybe someone who is can speak up..
> >>>
> >>>
> >>>
> >>>                                                                                               
> >>> Ron
> >>
> >> -------------------------------------------------------------------
> >> - IETF IPv6 working group mailing list ipv6@ietf.org Administrative 
> >> Requests: 
> >> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/i
> >> pv6__;!!NEt6yMaO-gk!XLLXuigXPE8uDwP4SF5HfRZ1NBlH1w24-GVBjHk_rvCmqCu
> >> eDLaELLoTD0hgsR60$
> >> -------------------------------------------------------------------
> >> -
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list ipv6@ietf.org Administrative 
> > Requests: 
> > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/ip
> > v6__;!!NEt6yMaO-gk!XLLXuigXPE8uDwP4SF5HfRZ1NBlH1w24-GVBjHk_rvCmqCueD
> > LaELLoTD0hgsR60$
> > --------------------------------------------------------------------
> >

v2.23.0 | Report a Bug | By Email