IETF Logo Mail Archive

Re: 6man w.g. last call for <draft-ietf-6man-segment-routing-header-19.txt>

"Joel M. Halpern" <jmh@joelhalpern.com> Thu, 23 May 2019 16:59 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDC93120152 for <ipv6@ietfa.amsl.com>; Thu, 23 May 2019 09:59:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v7k2MZVp6XbC for <ipv6@ietfa.amsl.com>; Thu, 23 May 2019 09:59:06 -0700 (PDT)
Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C34AB120173 for <ipv6@ietf.org>; Thu, 23 May 2019 09:59:02 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id 458wh56Hw2zdj7V; Thu, 23 May 2019 09:59:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1558630741; bh=CSAlH+Ghs9gfSx3k4swjo9bcYQrelv1Rd8ybExERPcU=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=c/LHvEPLqMqlyq9ty710SDodG+zDqhEaYiNdfFH+ljMhSGGmUZNX3zLa7YMpkJgQm u249Ln2uw/SGMib2HpNatm3y8R21V4AjIukOpJrQfnjztHMSEl1p96onkoe+p8utW/ a5u3ZGKd/rFZKJcF7zjpkqOksBxpBOAiutFmdYWg=
X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net
Received: from Joels-MacBook-Pro.local (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 458wh46Ytszdj7W; Thu, 23 May 2019 09:59:00 -0700 (PDT)
Subject: Re: 6man w.g. last call for <draft-ietf-6man-segment-routing-header-19.txt>
To: Tom Herbert <tom@herbertland.com>, "Darren Dukes (ddukes)" <ddukes@cisco.com>
Cc: IPv6 List <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
References: <20160428004904.25189.43047.idtracker@ietfa.amsl.com> <588C586F-C303-418E-8D26-477C4B37CF92@gmail.com> <BYAPR05MB4245494B7E35A4F30797A084AE000@BYAPR05MB4245.namprd05.prod.outlook.com> <3ED15D0E-EFAF-4991-89B6-C55DA439C0C0@cisco.com> <BYAPR05MB42453B5AA1E9F4AA523E189CAE000@BYAPR05MB4245.namprd05.prod.outlook.com> <BD45BC11-B857-4A1D-8694-C1875BF4F845@gmail.com> <BYAPR05MB42459DB5F93B9C3C444BAA66AE010@BYAPR05MB4245.namprd05.prod.outlook.com> <75A91680-2051-47E6-9E58-1990396BB044@gmail.com> <BYAPR05MB424536306A3635D73B40158CAE010@BYAPR05MB4245.namprd05.prod.outlook.com> <E22E6013-DFC1-4878-8AEE-3F4C947E9FAF@cisco.com> <CALx6S36f7TtgHPJNO4b+Jz2eYEeXmaz8iFTgTF55WoOseAJy-A@mail.gmail.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <92149649-84b7-5600-c22a-4aba56e4738c@joelhalpern.com>
Date: Thu, 23 May 2019 12:58:59 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <CALx6S36f7TtgHPJNO4b+Jz2eYEeXmaz8iFTgTF55WoOseAJy-A@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/YiXBUMnr9f9Yo55Ac52Xnlu5dn0>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 May 2019 16:59:11 -0000

Let me try rephraising Tom's question, since I think I share his 
concern.  (Apologies Tom if I ask something else.)

The mutability constraints for SRH are described in teh document as 
depending upon the SID type.
These mutability requirements affect validation of an AH header.
This seems to raise several problems.

1) When the AH is being verified at someplace other than the current SRH 
SID enadpoint, there is no reason to expect the verifier to know the SID 
type.  So how can it verify the AH?

2) More importantly, consider the case where there are several SIDs in 
the SID list.  Suppose SID 2 has more generous mutability than SID 3. 
So the endpoint identified by SID 2 modifies some of the SRH according 
to the SID2 rules.  Then changes the destination to SID 3.  Now the 
packet arrives at SID 3 and he wants to verify the AH.  But the SRH has 
been modified in accordance with the SID2 rules.  Which SID3 does not 
even know about.  How is this supposed to work?

Yours,
Joel

PS: The wording on the mutability is unclear as to whether what can be 
changed is just the TLV content, or the type value itself.  If you can, 
please clarify.

On 5/23/19 12:12 PM, Tom Herbert wrote:
> On Thu, May 23, 2019 at 8:23 AM Darren Dukes (ddukes) <ddukes@cisco.com> wrote:
>>
>> Ron and Bob, this is not complicated.
>>
>> This document refers to "the SID type defined in section 4.3.1” vs calling it END.
>> Other documents will refer to it as “the SID type defined in section 4.3.1 of draft-ietf-6man-segment-routing-header”.
>> This is simple and all we need to be concerned with for draft-ietf-6man-segment-routing-header-19.
> 
> Darren,
> 
> I don't know what a "SID type" is, so it's hard to understand the
> requirements reference SID types. Please provide a normative
> definition for this term or a reference to the document containing the
> definition of this term. And if multiple SID types are allowed then
> obious question becomes how are different SID types distinguished from
> one another in the protocol.
> 
> Tom
> 
>>
>> The second part of this thread is about draft-ietf-spring-network-programming.
>> It defines a set of additional functions that can be associated with a SID and names them End, End.X, End.T, End.DX2, etc.
>> It defines a registry to assign each of these SID types a number.
>> This is how protocols (ISIS, OSPF, BGP, etc) distributing SIDs and identify their type for use at SR Source nodes.
>> As mentioned on the SPRING alias, the definition of End in draft-ietf-spring-network-programming will get updated to better align with section 4.3.1 of draft-ietf-6man-segment-routing-header.
>>
>> Darren
>>
>>
>>> On May 22, 2019, at 9:58 PM, Ron Bonica <rbonica@juniper.net> wrote:
>>>
>>> Works for me!
>>>
>>>
>>> Juniper Internal
>>>
>>> -----Original Message-----
>>> From: Bob Hinden <bob.hinden@gmail.com>
>>> Sent: Wednesday, May 22, 2019 9:34 PM
>>> To: Ron Bonica <rbonica@juniper.net>
>>> Cc: Bob Hinden <bob.hinden@gmail.com>; Darren Dukes (ddukes) <ddukes@cisco.com>; IPv6 List <ipv6@ietf.org>
>>> Subject: Re: 6man w.g. last call for <draft-ietf-6man-segment-routing-header-19.txt>
>>>
>>> Ron,
>>>
>>>> On May 22, 2019, at 8:25 PM, Ron Bonica <rbonica@juniper.net> wrote:
>>>>
>>>> Bob,
>>>>
>>>> All of the SID in draft-ietf-spring-srv6-nework-programming begin with the word "END". The following are examples:
>>>>
>>>> - END
>>>> - END.X
>>>> - END.DT4
>>>>
>>>> So, you are correct in saying that the word "END" doesn't do much to distinguish one SID from another. Maybe the naming convention should be:
>>>>
>>>> - SID
>>>> - SID.X
>>>> - SID.DT4
>>>> - etc
>>>
>>> I think that would be better.
>>>
>>>>
>>>> As long as we are consistent throughout the network programming draft, I am OK with the change.
>>>>
>>>> Also, we need a good collective noun for SIDs of all types. Neither SID nor SRv6 SID work well. If we use the word "SID", it becomes overloaded. The term "SRv6 SID" is a little too close to "SID" to prevent confusion.
>>>
>>> Perhaps when meaning all SIDs, just say “all SIDs”.  When one specific SID, by it’s name SID, SID.X, etc.
>>>
>>> Bob
>>>
>>>
>>>>
>>>>                                                                                                         Ron
>>>>
>>>>
>>>> Juniper Internal
>>>>
>>>> -----Original Message-----
>>>> From: Bob Hinden <bob.hinden@gmail.com>
>>>> Sent: Wednesday, May 22, 2019 7:29 PM
>>>> To: Ron Bonica <rbonica@juniper.net>
>>>> Cc: Bob Hinden <bob.hinden@gmail.com>; Darren Dukes (ddukes) <ddukes@cisco.com>; IPv6 List <ipv6@ietf.org>
>>>> Subject: Re: 6man w.g. last call for <draft-ietf-6man-segment-routing-header-19.txt>
>>>>
>>>> Ron,
>>>>
>>>>> On May 22, 2019, at 1:06 PM, Ron Bonica <rbonica@juniper.net> wrote:
>>>>>
>>>>> Darren,
>>>>>
>>>>> We may have made life more difficult for the following reasons:
>>>>
>>>> How can anything be more difficult than it already is :-)
>>>>
>>>>>
>>>>> - Customers are already talking about "The END SID”.
>>>>> - At least two other drafts refer to "The END SID".  In the future, will they refer to "the otherwise nameless SID defined in draft-ietf-6man-segment-routing-header”.
>>>>> - The naming conventions that the chairs suggest introduces ambiguity. Does the term "SID" refer to all SIDs (END.X, END.DT4, etc.) collectively? Or does the term "SID" refer to one particular SID that is defined in draft-ietf-6man-segment-routing-header.
>>>>
>>>> SID would refer to the SID defined in the SRH draft.   I note that in RFC 8402, this appears to be called SRv6 SID.  That seems to be consistent.
>>>>
>>>> When we reviewed the changes in what became the -19 draft, we found the use of “END SID” confusing.  We went back to see if there were other kinds of SIDs defined (for example is there a START SID, MIDDLE SID, etc.), but there isn’t.   We thought it would be better to just say SID.   If new SIDs are later defined elsewhere they can have different names that distinguish them from the SID defined in the SRH draft.
>>>>
>>>>> If the chairs insist on changing the name of the END SID, let's at least give it a new name.
>>>>
>>>> To be clear, we didn’t insist, we made a suggestion that Darren adopted:
>>>>
>>>> “We think calling it “END SID” makes it harder to understand, we had to go back to see if there were other SIDs defined that would have different behavior.   Since there is only one kind of SID defined, like FIRST SID.  We wonder if it can be just called “SID” and if in the future other SIDs are defined they can be called something else, for example "FOO SID”, or "SID 2”.  This is not a showstopper, but might make the document clearer.”
>>>>
>>>> Bob
>>>>
>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email