IETF Logo Mail Archive

Re: 6man w.g. last call for <draft-ietf-6man-segment-routing-header-11.txt> - #22 & #23ECMP

"Darren Dukes (ddukes)" <ddukes@cisco.com> Tue, 24 April 2018 15:50 UTC

Return-Path: <ddukes@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8962812EA55 for <ipv6@ietfa.amsl.com>; Tue, 24 Apr 2018 08:50:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YOjUG0YBleul for <ipv6@ietfa.amsl.com>; Tue, 24 Apr 2018 08:50:02 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35AF612D779 for <ipv6@ietf.org>; Tue, 24 Apr 2018 08:50:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11808; q=dns/txt; s=iport; t=1524585002; x=1525794602; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=owE9JMnsNzYbURdZdWk176ZKbWXu5O5iLJQWTIYUS1c=; b=RYE8GfG+MIcSzyegN5Cp8jW780DMRguIdL8ZSPZ+r0wBjJ+QpEowfmTJ VjLZM7EXdSlhltBdPMWH2jHCwWwj4ezOoDsPONXG/qL5OTHrsQicvTbQ3 PVlyPpiPw0w17vN4+RO6UgxOpDkJChDX+jClTPwuz02LVowsZKoUaOZ2r E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AzAwDzUd9a/4QNJK1cGQEBAQEBAQEBAQEBAQcBAQEBAYMUL2F6KAqDYIgCjHyBUyGBD5MDFIFkCxgLCYNDAXwCGoJeITQYAQIBAQEBAQECbBwMhSIBAQEBAgEBARsGEToLBQsCAQgYAgIjAwICAiULFAEQAgQOBYUHCA+kbIEgghyIQII0BYEJhwOBVD+BDyMMglyDEQEBA4EgHQEBDoMQMIIkAocxiT2HDwgChVyCUIYUCoEqg1+CW4RiiTiGUwIREwGBJAEcOIFScBUaISoBghiCHwEXEYhIhT0BbwGBFI0yDRcHgQEBgRcBAQ
X-IronPort-AV: E=Sophos;i="5.49,323,1520899200"; d="scan'208";a="103763725"
Received: from alln-core-10.cisco.com ([173.36.13.132]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 24 Apr 2018 15:50:00 +0000
Received: from XCH-ALN-017.cisco.com (xch-aln-017.cisco.com [173.36.7.27]) by alln-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id w3OFo0Ko018913 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 24 Apr 2018 15:50:00 GMT
Received: from xch-aln-017.cisco.com (173.36.7.27) by XCH-ALN-017.cisco.com (173.36.7.27) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Tue, 24 Apr 2018 10:50:00 -0500
Received: from xch-aln-017.cisco.com ([173.36.7.27]) by XCH-ALN-017.cisco.com ([173.36.7.27]) with mapi id 15.00.1320.000; Tue, 24 Apr 2018 10:50:00 -0500
From: "Darren Dukes (ddukes)" <ddukes@cisco.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
CC: IPv6 List <ipv6@ietf.org>
Subject: Re: 6man w.g. last call for <draft-ietf-6man-segment-routing-header-11.txt> - #22 & #23ECMP
Thread-Topic: 6man w.g. last call for <draft-ietf-6man-segment-routing-header-11.txt> - #22 & #23ECMP
Thread-Index: AQHT27q6VUP+3GBIvUSiiFHXQvQ1R6QQTDAAgAACWQCAAArLAIAAASEAgAAJsYA=
Date: Tue, 24 Apr 2018 15:50:00 +0000
Message-ID: <E4BFB856-2751-4DC0-A05A-6E0349996D3B@cisco.com>
References: <20160428004904.25189.43047.idtracker@ietfa.amsl.com> <FB1C6E49-81F7-49DD-8E8B-2C0C4735071B@gmail.com> <523d27a3-285e-6bcf-2b07-2cd8d31b0915@joelhalpern.com> <09A9D566-35E8-41D1-A541-58CBE0F29E40@cisco.com> <56ee68c8-7b44-ea35-f790-98d718e63c79@joelhalpern.com> <0CB84A8C-7176-412B-91C0-46477964469D@cisco.com> <0b1c98ae-e56d-fdca-95ab-6cd116f4189b@joelhalpern.com> <37B889A0-0D9D-4F21-987E-5706A3C70CA4@cisco.com> <d7fe017d-03f4-c56b-1c6c-846e068117dd@joelhalpern.com>
In-Reply-To: <d7fe017d-03f4-c56b-1c6c-846e068117dd@joelhalpern.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [161.44.212.109]
Content-Type: text/plain; charset="utf-8"
Content-ID: <69342C54FBFCE24DA484516939814B8E@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/V_jN6lAmJr1F1A_Jb8FTIYSDEJA>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Apr 2018 15:50:12 -0000

Thanks Joel.

Darren

> On Apr 24, 2018, at 11:15 AM, Joel M. Halpern <jmh@joelhalpern.com> wrote:
> 
> Thank you.  I do not know why when I went there earlier the datatracker did not offer me -12.  So it goes.
> 
> That text in section 5 is what I was looking for.  It seems quite clear and addresses what I asked for.  I am sorry I missed it.
> 
> Yours,
> Joel
> 
> On 4/24/18 11:11 AM, Darren Dukes (ddukes) wrote:
>> Hi Joel, I added the work group to the CC list, I think it was missed in your original mail.
>> Though I met the requests for #22 and #23, I wanted to point out that section 5 fully defines “source node”:
>>       A host originating an IPv6 packet.
>>       An SR domain ingress router encapsulating a received packet in an
>>       outer IPv6 header followed by an SRH.
>> Here is rev 12 of the draft https://www.ietf.org/id/draft-ietf-6man-segment-routing-header-12.txt
>> Darren
>>> On Apr 24, 2018, at 10:32 AM, Joel M. Halpern <jmh@joelhalpern.com <mailto:jmh@joelhalpern.com>> wrote:
>>> 
>>> I tried to find rev 12 to read the actual text.  I relied on the summary you put in as a comment.
>>> 
>>> The texxt you quote does help with both this issue and the encapsulation issue.
>>> I find the usage of "source node" awkward and likely to confuse readers, but I can not claim it is wrong.
>>> Similarly, the second paragraph you quote does say that flow label ECMP support has to be fully deployed.  Again, it does so in a way that I fear will confuse readers, but I can not claim it is wrong.
>>> 
>>> Net: you have formally met request.
>>> 
>>> Yours,
>>> Joel
>>> 
>>> On 4/24/18 10:24 AM, Darren Dukes (ddukes) wrote:
>>>> Hi Joel, did you read the ECMP section or revision 12?  This is pretty clear of what the source node must do when encapsulating a packet in an outer IPv6 header.
>>>> 5.4. Load Balancing and ECMP
>>>>    Within an SR domain, an SR source node encapsulates a packet in an
>>>>    outer IPv6 header for transport to an endpoint.  The SR source node
>>>>    MUST impose a Flow Label computed based on the inner packet.  The
>>>>    computation of the flow label is as recommended in [RFC6438] for the
>>>>    sending TEP.
>>>>    At any transit node within an SR domain, the flow label MUST be used
>>>>    as defined in [RFC6438] to calculate the ECMP hash toward the
>>>>    destination address.
>>>>> On Apr 24, 2018, at 6:55 AM, Joel M. Halpern <jmh@joelhalpern.com <mailto:jmh@joelhalpern.com> <mailto:jmh@joelhalpern.com>> wrote:
>>>>> 
>>>>> The comment does not seem to resolve the4 issue raised (and captured in the ticket).
>>>>> 
>>>>> The basic issue is that if flow label ECMP is not being used by the network, then the routers in the network will not be able to perform ECMP.  This will result in some form of problem (whether congestion, packet drops due to processing failure, or other misbehavior depends upon the exact equipment.)
>>>>> 
>>>>> The comment for ticket #23 seems to say that this is addressed by pointing at the RFC about flow label ECMP.  It is good that the RFC is referenced explicitly.  From what is there, this needs to be augmented with text noting that this needs to be implemented and enabled on the network in order for SRH to be used.
>>>>> 
>>>>> Yours,
>>>>> Joel
>>>>> 
>>>>> On 4/23/18 5:06 PM, Darren Dukes (ddukes) wrote:
>>>>>> Hi Joel, this mail was captured as the following tracked issues:
>>>>>> #22 <https://trac.ietf.org/trac/6man/ticket/22>, #23 <https://trac.ietf.org/trac/6man/ticket/23>, #24 <https://trac.ietf.org/trac/6man/ticket/24>, #25 <https://trac.ietf.org/trac/6man/ticket/25>, #26 <https://trac.ietf.org/trac/6man/ticket/26>
>>>>>> I’ve updated comments that all these as closed in revision 12 of the doc and some clarification in the thread.  Can you click on each and read the comments to each please, and respond to thi thread?
>>>>>> Thanks
>>>>>>   Darren
>>>>>>> On Mar 30, 2018, at 10:51 AM, Joel M. Halpern <jmh@joelhalpern.com <mailto:jmh@joelhalpern.com> <mailto:jmh@joelhalpern.com> <mailto:jmh@joelhalpern.com>> wrote:
>>>>>>> 
>>>>>>> I do not think this document is ready to be sent to the IETF and IESG for final approval.
>>>>>>> There are several kinds of problems.
>>>>>>> 
>>>>>>> ECMP1: The document asserts that entropy information is put into the flow label.   I wish this worked.  I helped bring this idea forward years ago, independent of SRH.  Unfortunately, there are two related problems.  First, adoption appears to be low.  Second, and more important, there are reports from the field that doing thi actually breaks other things and cause packet re-ordering under some circumstances.  As a result, vendors are suggesting that people turn it off even when it is available.
>>>>>>> ECMP2: If, with suitable analysis, we decide that this is actually safe to do, then the document needs to include both that analysis and clearly spelled out requirements that operators MUST verify that all their routers support this behavior and that they have enabled this behavior before turning on SRv6 usage.
>>>>>>> 
>>>>>>> Structure: The text in section 2.3 says "It is assumed in this document that the SRH is added to the packet by its source".  This is at best disingenuous.  It is very clear that the value of this behavior lies primarily in use by the network, not by the packet sources.  Claiming otherwise results in a document with minimal utility.  Even this document itself disagrees with this assertion.  Tucked into the very next section is text saying that "outer header with an SRH applied to the incoming packet".  If this behavior were a clearly spelled out requirement, rather than a "typically" and if the text in 2.3 were replaced with something realistic, then the document would at least be itnernally consistent and match the expected usages.
>>>>>>> 
>>>>>>> Edge filtering: The text on edge filtering does not actually state that prevention of packets with SRH and a current DA of an internal node is mandatory.  Unless it is clearly stated, the security considerations text as currently written is significantly weakened.  If it is mandatory, then again the deployment section needs to note that an operator needs to verify that all of his edge devices support such filtering and have it properly enabled in order to use SRv6.
>>>>>>> 
>>>>>>> Edge Filtering and hybrids: Other documents have talked about allowing external packets with SRv6 entries pointing to internal nodes (which means the DA upon arrival at the operator edge will be an internal node as I understand it).  It the intention is to permit that with appropriate security, then the edge filtering requirements need to be clear about the requirements for cryptographic validation at the edge.
>>>>>>> 
>>>>>>> Yours,
>>>>>>> Joel
>>>>>>> 
>>>>>>> On 3/29/18 4:30 PM, Bob Hinden wrote:
>>>>>>>> This message starts a two week 6MAN Working Group Last Call on advancing:
>>>>>>>>        Title           : IPv6 Segment Routing Header (SRH)
>>>>>>>>        Authors         : Stefano Previdi
>>>>>>>>                          Clarence Filsfils
>>>>>>>>                          John Leddy
>>>>>>>>                          Satoru Matsushima
>>>>>>>>                          Daniel Voyer
>>>>>>>> Filename       : draft-ietf-6man-segment-routing-header-11.txt
>>>>>>>> Pages          : 34
>>>>>>>> Date           : 2018-03-28
>>>>>>>> https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header
>>>>>>>> as a Proposed Standard.  Substantive comments and statements of support
>>>>>>>> for publishing this document should be directed to the mailing list.
>>>>>>>> Editorial suggestions can be sent to the author.  This last call will
>>>>>>>> end on 12 April 2018.
>>>>>>>> An issue tracker will be setup to track issues raised on this document.
>>>>>>>> Thanks,
>>>>>>>> Bob & Ole
>>>>>>>> --------------------------------------------------------------------
>>>>>>>> IETF IPv6 working group mailing list
>>>>>>>> ipv6@ietf.org <mailto:ipv6@ietf.org>
>>>>>>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>>>>>>> --------------------------------------------------------------------
>>>>>>> 
>>>>>>> --------------------------------------------------------------------
>>>>>>> IETF IPv6 working group mailing list
>>>>>>> ipv6@ietf.org <mailto:ipv6@ietf.org> <mailto:ipv6@ietf.org> <mailto:ipv6@ietf.org>
>>>>>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>>>>>> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email