IETF Logo Mail Archive

Net-PGM does NOT contain insertion behavior : was: - Re: some feedback on feedback on draft-bonica-6man-ext-hdr-update-03

"Zafar Ali (zali)" <zali@cisco.com> Sat, 09 May 2020 13:21 UTC

Return-Path: <zali@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10E7A3A0A9D for <ipv6@ietfa.amsl.com>; Sat, 9 May 2020 06:21:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.597
X-Spam-Level:
X-Spam-Status: No, score=-9.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=BRDHhKfv; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=STI+JXo3
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h05MI6OhJiyB for <ipv6@ietfa.amsl.com>; Sat, 9 May 2020 06:21:32 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F055A3A0A9C for <ipv6@ietf.org>; Sat, 9 May 2020 06:21:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=46979; q=dns/txt; s=iport; t=1589030491; x=1590240091; h=from:to:cc:subject:date:message-id:mime-version; bh=Pvr4EhnNpjFdNYJwjcf1aGnkZLz376gC9CT5PRw+DO4=; b=BRDHhKfvu19zbD+8Zhd8z0Q/CeQtU3/UNrun4DiGcezVuLfu5NuVknfL vF1YWAPdgoU2Zf0zuP2aLFgQHIrpgKHLghY4rRnB2O8LMnObDihQR7rLr tFQ4t4cAMwKJUaLSfTgWayIfaFdFaZWsG8M4OvngdGcwGeQ3BD5z2IG6/ k=;
IronPort-PHdr: 9a23:vwCNMhUO6LNDxU/3I2x5/v19/5bV8LGuZFwc94YnhrRSc6+q45XlOgnF6O5wiEPSBN+FufBDhu7WuqT4VHYGp52GtSNKfJ9NUkoDjsMb10wlDdWeAEL2ZPjtc2QhHctEWVMkmhPzMUVcFMvkIVGHpHq04G0QHRj7NQNxPunvHMjZiMHkn+y38ofYNgNPgjf1aLhuLRKw+APWsMRegYZrJqsrjBXTpX4dcOVNzmQuLlWWzBs=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0B9AQDcrbZe/5NdJa1iAxwBAQEBAQEHAQESAQEEBAEBgXYEAQELAYEkLyQtBW9YLywKhBqDRgONHYofjj2BQoEQA1AECwEBAQwBARgBDAgCBAEBhEQCF4F3JDcGDgIDAQELAQEFAQEBAgEFBG2FVgyFcQECAQEDARARHQEBJQcLAQ0EARkDAQIhAQIEAwIEGQYGCxQJCgQBDQUigwQBgX5NAy4BAgyjYQKBOYhhdoEygwEBAQWBNgIOQYMkDQuCDgMGBYEzAYJiiWEagUE/gRABJwwQgwuCHkkBAQEBAQGBKAQBEgEnEQkBBQcJEYJNM4ItjkqDCIYeim+PRkoKgkqIG4s7hFIdglyIZ5F3hHGGL4R9gViIAoJHkQkCBAIEBQIOAQEFgWgjZnBwFTsqAYI+UBgNkEAMBRIVgzqFFIVCdAIyAwIGAQcBAQMJfIp3gTUBgQ8BAQ
X-IronPort-AV: E=Sophos;i="5.73,371,1583193600"; d="scan'208,217";a="503372658"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 09 May 2020 13:21:27 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by rcdn-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id 049DLRbq011440 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Sat, 9 May 2020 13:21:27 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sat, 9 May 2020 08:21:27 -0500
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sat, 9 May 2020 09:21:25 -0400
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Sat, 9 May 2020 09:21:25 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PFgRhRje21W+tfBrfesBTSFyz4S6uUgclBKFhFPrVGDzCkP4QNjwDkEWTtxQRmvT+OLWWmArv/aRSOrA1rGEjJmGtGTxPJGbm6v0M66jGKWAsgjkU8uxPoROzbmXWkHKOgup8or6FxBUP9ZHQvLGELb+xbDg+ufUgQ+vd9BFoeFKAmgbek4y2l4Ay6Xj4QcrWHYV3t7J06q321nCTP6X+x2r7vmvCmbWTp+/l+qOP6d2FH34rJVFquk8o4UHYWd38Dy5nP1to5tzsVu22a2pcESwD2KZXkhmVwccfd0soSekiYvcsEV35CUDEcK0zqJ0DJiS4mg1bSfpDAULn4JH2g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Pvr4EhnNpjFdNYJwjcf1aGnkZLz376gC9CT5PRw+DO4=; b=Fy9/HCXh2kUX1U3WtEWG7yvSkHcVBHwOpYylou2kZc0RF4lRc/iUAy3bTMCqSRpbKRFih2wr9oqsE/HpEKI2TKdqkPIltE1gnOWHQlp2dmMrNIFU+S+Q+Z7ORc70HKJfLpamYiBGAMrTTcOqeuqU/wIcJs6Q7CSFOo0C9YC7mQHXMo0uc2PCh8RFAfCP6ZrThtlFPVO9bBmlZFwfKAVtDlPw3LE3RyqpU/oQZP0atHt0Bjf3USOWtdVYBI5FsaBgGPo09dIHwazuVxj2pyVzBusPMoJ2qwabRLN5Pu8ZBFYHV/9C8yakyEEgqaUzmLPTGbPb6fuIg4fZOK9qx152tQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Pvr4EhnNpjFdNYJwjcf1aGnkZLz376gC9CT5PRw+DO4=; b=STI+JXo3bYDZnQJqzg0NWdeOtyo9IInDeNSY7irjOE2+QVQXT7+Mv2QPQL2fWVX8JCn0fIz7ZvJE1YeuY9Y6HC+HnZ8NOE8jdg8EoSLJ2rGE5F6ka3/OViBiqkOYeYQEGdSKdonKBmwK7bOC6MvrLXY/YNNSVigf8DnIC5zQafw=
Received: from DM6PR11MB4692.namprd11.prod.outlook.com (2603:10b6:5:2aa::11) by DM6PR11MB2907.namprd11.prod.outlook.com (2603:10b6:5:64::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.26; Sat, 9 May 2020 13:21:24 +0000
Received: from DM6PR11MB4692.namprd11.prod.outlook.com ([fe80::6c2a:f5fa:44b9:f30b]) by DM6PR11MB4692.namprd11.prod.outlook.com ([fe80::6c2a:f5fa:44b9:f30b%3]) with mapi id 15.20.2979.033; Sat, 9 May 2020 13:21:24 +0000
From: "Zafar Ali (zali)" <zali@cisco.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>, Gyan Mishra <hayabusagsm@gmail.com>
CC: "Zafar Ali (zali)" <zali@cisco.com>, 6man WG <ipv6@ietf.org>
Subject: Net-PGM does NOT contain insertion behavior : was: - Re: some feedback on feedback on draft-bonica-6man-ext-hdr-update-03
Thread-Topic: Net-PGM does NOT contain insertion behavior : was: - Re: some feedback on feedback on draft-bonica-6man-ext-hdr-update-03
Thread-Index: AQHWJgS8D4gdUY562UG6bfojU6OWVA==
Date: Sat, 09 May 2020 13:21:23 +0000
Message-ID: <95C75820-D887-4053-8FB3-AF589018658B@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.36.20041300
authentication-results: joelhalpern.com; dkim=none (message not signed) header.d=none;joelhalpern.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [47.185.212.154]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 22170b58-7933-4ecf-bd93-08d7f41bdf24
x-ms-traffictypediagnostic: DM6PR11MB2907:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DM6PR11MB290790BA5442AE16D6F1E3D5DEA30@DM6PR11MB2907.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:3173;
x-forefront-prvs: 03982FDC1D
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: NvrOepoj5IKobsRrJprZ+AKDnoIeiRwPLG6sVrPUd75LVOeRAEcxZrO3/SMkLQCFlGx4lRvKjTlAOeAudtDYs/m+Uukju1dzf9AdiMSlO9Uq65f1JJ+RfKcLnE/8yZXNYHNjyUu66RUz1+tLI9MY0ZeXlKdLiOUh0o5hs3XaSUcgZwE69Fok/opWci9Ae3+mTB5jSI+qop00isTN37vFxHiNmUQ9iK4mlo+yAfUHI5osgpAH450HkD/xqzoVZsPKrlS5FiCvQjQFyXXiLLcM5VtYFpBYRXmSrueecCh3IOMpddcLGoEc/sO61tzKfwCGPGtaHc66cMKjAqsddj0oHxijdtGWR6b0tlhRGKnTiCbazEvb8msPDT8qk5ZdWxc0yHt1vh7kVyhqN3q0MxJyWmE1Cc9qbJSKK4wncc5h270WoqT3B3zMv/4dOzpo6umYUenOHDB9+rvh4px8usFn5BqHkQRqZJMlUEb7eIIH1tIK6Jhnkc7dW9PZC/y9Yy2u+NhluxuLrd2ap5cIjrwtb1gptdqShENEkVIssaU8/OXFBG21c8nJE+EozcC6RogAO1w14+3SzB2M0QpsKiuXEBky0L9DKT1kve38oIEkAoU=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB4692.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(136003)(396003)(39860400002)(376002)(366004)(346002)(33430700001)(53546011)(110136005)(76116006)(54906003)(33440700001)(5660300002)(316002)(966005)(8936002)(8676002)(33656002)(66556008)(66946007)(64756008)(26005)(4326008)(66574014)(36756003)(86362001)(71200400001)(66446008)(186003)(6506007)(15650500001)(2906002)(2616005)(6512007)(6486002)(478600001)(166002)(66476007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: FJBVGGVH1jRNQjkERPrbMVbQ8kPFO/4nOm/K9VPB3scD8xjTEJb7Z0CEoKhxqg0vVOiMiHXgkRaF1D3qwR6i7jm73hfLr2cBz9jD4gCDe1xp70S7nS/3dzTt4Td3T2V0RXdoBOi7kxy1oq6zulkHPzw5rtmdja5Y64/d+6OeTYiB665FfjxNg12doAkAJufBAWvmZUmlPQnP7XtEpE2oZdWhZpzGhqnwS5VVtmUP1I+6nJHkqEbgsrNCwvqP3Me+b5YxsRnZdzgRgKevHTqQypfuIOImCBqBVUXucIbdvE/NdyQwAnHUaB0cDUIwsHYXIRs5k0mKnlUSU855FNtiovTvjZV6+9M9z8gPY6zt8w03dDnOB3DFqqxW/QNkkpiPiHebOuqTvHtRMdawV9RmiZcjTz2JES7ijH8VMcgkQy0s4zwLVEF8log1Hd+W7RePrVUu4UQKEIdTC1lkcwgNRbYcOpNzQ137b2cHDi1ZdmcqXaTkAUCzkNMeBXOgD0q0
Content-Type: multipart/alternative; boundary="_000_95C75820D88740538FB3AF589018658Bciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 22170b58-7933-4ecf-bd93-08d7f41bdf24
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 May 2020 13:21:24.0439 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: z1eX4A9f/GQ1G+RvGrp/dgxPF9RYRjstHjKi9es5Fnwnh3DaB3NumRopNhRX8lXx
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB2907
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.11, xch-rcd-001.cisco.com
X-Outbound-Node: rcdn-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/VUiZw_PQ2_fAmYInq9FBXlPGoWE>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 May 2020 13:21:35 -0000

Hi Joel, the WG,

Changing the subject to highlight what Joel mentioned.

draft-ietf-spring-srv6-network-programming does NOT contain text related to SRH insertion.

SRH insertion in the context of network programming is an individual document (https://tools.ietf.org/html/draft-filsfils-spring-srv6-net-pgm-insertion-02), which relies on considerations described in a 6man document, https://datatracker.ietf.org/doc/draft-voyer-6man-extension-header-insertion/ (-00 was submitted in March 2017).

Thanks

Regards … Zafar


From: ipv6 <ipv6-bounces@ietf.org> on behalf of "Joel M. Halpern" <jmh@joelhalpern.com>
Date: Friday, May 8, 2020 at 7:33 PM
To: Gyan Mishra <hayabusagsm@gmail.com>
Cc: 6man WG <ipv6@ietf.org>
Subject: Re: some feedback on feedback on draft-bonica-6man-ext-hdr-update-03

The SRv6 PGM document that was approved does not do arbitrary insertion.
  It does the very specific PSP removal.  I think it inappropriate for
us to say that given that this one piece was allowed, anything and
everything should be allowed.

Also, it is normal for RFCs to be understood to be only applicable going
forward.  The most that should be said about PSP in this draft
explicitly would be a note indicating that the PSP behavior predates
this, and is not affected by it.

And even that much would wait on the resolution of the pending appeal on
the topic.

Yours,
Joel

On 5/8/2020 7:27 PM, Gyan Mishra wrote:

Given that SRv6 PGM draft has left the station awaiting publication I
think the most prudent recourse for 6MAN is to grant the exception for
SRV6 technology to allow insertion and removal on any transit node
within the carriers administrative domain.

https://datatracker.ietf.org/doc/draft-ietf-spring-srv6-network-programming/

Document      Type                      Active Internet-Draft (spring WG
<https://datatracker.ietf.org/wg/spring/><https://datatracker.ietf.org/wg/spring/%3e>)
           Last updated                      2020-04-14 (latest revision 2020-03-27)
           Replaces                              draft-filsfils-spring-srv6-network-programming
<https://datatracker.ietf.org/doc/draft-filsfils-spring-srv6-network-programming/>
           Stream                  IETF
           Intended RFC status                        Proposed Standard
           Formats                                 plain text
<https://www.ietf.org/id/draft-ietf-spring-srv6-network-programming-15.txt>
   xml
<https://www.ietf.org/id/draft-ietf-spring-srv6-network-programming-15.xml>
   pdf
<https://tools.ietf.org/pdf/draft-ietf-spring-srv6-network-programming-15.pdf> htmlized
(tools)
<https://tools.ietf.org/html/draft-ietf-spring-srv6-network-programming-15>
   htmlized
<https://datatracker.ietf.org/doc/html/draft-ietf-spring-srv6-network-programming-15> bibtex
<https://datatracker.ietf.org/doc/draft-ietf-spring-srv6-network-programming/bibtex>
Stream            WG state <https://datatracker.ietf.org/help/state/draft/ietf>
Submitted to IESG for Publication
           Document shepherd                       Bruno Decraene


In the verbiage as to reasons why this being allowed is that SRv6 would
always be used in a closed domain with standard security protection
mechanisms at ingress and egress of the domain.  Domain definition would
have to be defined as a carriers administratrative domain where the
carriers transport network could span multiple ASs that are inter
connected via SR-TE bsid or inter-as L3 vpn.

One caveat loophole does exist is that inter administrative domain
intent based SR flows would also be allowed so in theory you could have
a chain of SRV6 domains over the internet or even private inter
connected domains so then maybe not bother with the domain concept as it
really goes out the window.

So then it’s just an exception to allow SRv6 to do as they please as
impossible to control at that point so any and all use cases of SRv6
would be granted the exception.

As Robert mentioned that it’s the carriers domain so they have to take
care of any security issues related to AH on the SRv6 outer IPV6
transport header.

Also as noted by Robert that all customer traffic is kept in tact and
not altered and that no insertion or removal of any EH headers occurs to
the inner header customer payload.  So no impact to customers use of AH
etc as that is remains unaltered.

Thanks

Gyan




On Fri, May 8, 2020 at 7:06 PM Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>
<mailto:robert@raszuk.net><mailto:robert@raszuk.net%3e>> wrote:

     Hi Philip,

     Sounds very reasonable.

     IMO what is needed here is a short spec which would explicitly call
     out the case of using IPv6 as transport layer. Then it would allow
     the transport owner sufficient flexibility (insertion, modification,
     deletion) into applied by his own ingress new IPv6 header at any
     transit hop he seems required. Ultimate goal is to deliver carried
     payload (here original IPv6 or IPv4 packets) via a given network the
     best quality possible.

     Thx a lot,
     Robert.


     On Sat, May 9, 2020 at 12:42 AM Philip Homburg
     <pch-ipv6-ietf-6@u-1.phicoh.com<mailto:pch-ipv6-ietf-6@u-1.phicoh.com>
     <mailto:pch-ipv6-ietf-6@u-1.phicoh.com><mailto:pch-ipv6-ietf-6@u-1.phicoh.com%3e>> wrote:

          >Now comes the topic of an additional hander mangling even by
         nodes which
          >are not intermediate destinations, yet all within transit
         network.

         So this is the key point. RFC 8200 applies to all IPv6 packets.
         So if
         RFC 8200 allows additional header mangling, then that can happen
         in lots of
         other places as well, which is quite undesirable.

         So RFC 8200 has to state that in general this sort of thing
         cannot happen.
         Next we can update RFC 8200 with a narrowly crafted exception
         tailored to
         this use case.

         We have two possibilities:
         - either RFC 8200 allows mangling by hops in a routing header.
         In that
            case we have a problem that needs to be fixed while creating
         an exception
            for segment routing, or
         - RFC 8200 does not allow this kind of mangling and we need to
         create an
            exception for segment routing.


     --------------------------------------------------------------------
     IETF IPv6 working group mailing list
     ipv6@ietf.org<mailto:ipv6@ietf.org> <mailto:ipv6@ietf.org>
     Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
     --------------------------------------------------------------------

--

Gyan  Mishra

Network Engineering & Technology

Verizon

Silver Spring, MD 20904

Phone: 301 502-1347

Email: gyan.s.mishra@verizon.com<mailto:gyan.s.mishra@verizon.com> <mailto:gyan.s.mishra@verizon.com>




--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org<mailto:ipv6@ietf.org>
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------


--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org<mailto:ipv6@ietf.org>
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email