IETF Logo Mail Archive

Re: END SID Without SRH

Tom Herbert <tom@herbertland.com> Fri, 14 June 2019 14:40 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 279621202A5 for <ipv6@ietfa.amsl.com>; Fri, 14 Jun 2019 07:40:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lQSQr6OqKDIA for <ipv6@ietfa.amsl.com>; Fri, 14 Jun 2019 07:40:09 -0700 (PDT)
Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82E8412027E for <ipv6@ietf.org>; Fri, 14 Jun 2019 07:40:08 -0700 (PDT)
Received: by mail-ed1-x52f.google.com with SMTP id k8so3828596eds.7 for <ipv6@ietf.org>; Fri, 14 Jun 2019 07:40:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=fotVzjeV2FD3N/v3oeUAM3ZhM7pdrytXMi9hbQSQqqE=; b=0uxMfHGky3U96P0YiDngKaoR6/nqq478VHTfR2NPGYZ0R3kl+nmtutu56U8TKyb0k/ KsxcSG1qzGJDwEW5xKsZ6v5mTu3wSzw22KS9RDx/572E3WnZaptHD0Fo/yOJrMHBV//f wYfX8IH0guvbYJul7oml/AsMvu8PvTdbgsuF2lttAarmk5bu2ekySfspb7ncUxAbTH58 RnbKFaF8kTx6aKhHVyXxZPOyP5sByniMRV/Sfw6ganvDS5HleBqUHLMPXw3vO783n9SX GFsyLKCg1Ktq1NgXy1nQLJpqbSDWqZtodd9b7n5e/UBwlSW6g6a4Gdosukd6Lp6ZILIS FM1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fotVzjeV2FD3N/v3oeUAM3ZhM7pdrytXMi9hbQSQqqE=; b=FWmTX5QImsqjppK633AhR79x15CwK5va+L2RW6yrXdlUeedORam5FxcZFPqnLqx6zt cIsF/9iCrfd2Vf70eIQaoJFFstveXYzKRXZakrzSrIn5Z3MTll1+VEU21tDqwjhBiof+ OdbPq4GZn0vryL7UHTk+AS1vZsVHeqkfgyPC1r9DFNKrtGqdcYJ3AO3ETJfHqHiQGsbJ pAbaBdW+/zKuUGcs1i++BGESoKE5fEUUbnmkxBn8vjqt0+NFnblGIfpW6mAFNip0bw/S dvw9QjQJVnwZ+XLFtF6jusbnF+kPcdw1U/UT/vO3I3C2QjUe53QUCgfxXw29CwbDDPok BBig==
X-Gm-Message-State: APjAAAVmaV3u+df323CV/phIoB2Ma0vaDctlcgkrgt2fAq0BYJjm6iRI Lc3TKj8ph20YYcNcsvDT+GncKdwbO/uJh1b+R+RX5w==
X-Google-Smtp-Source: APXvYqzEobHT1CrK6WAipxEF1T1kDkUzDxV0Ku8eaJ4364c9bJwn/D6A7DPB/N7hJCLDTpFA85LiZSopANg0eVo6Uq8=
X-Received: by 2002:a50:b1db:: with SMTP id n27mr56717976edd.62.1560523206659; Fri, 14 Jun 2019 07:40:06 -0700 (PDT)
MIME-Version: 1.0
References: <BYAPR05MB42456C75487CF9283A0ED1D0AE100@BYAPR05MB4245.namprd05.prod.outlook.com> <CAO42Z2y_D-xe+tX9n-KQYjnk5bkYXibO0Zs3E=JfAWWMZnJcSA@mail.gmail.com> <3030A68F-6CE1-4179-930C-D60BEB73063A@employees.org> <CAO42Z2yLkCRNXKp8KKnqh8VRRo6p1dx4h0-gyLBFZ=Jq0xQj2w@mail.gmail.com> <0C40BEFF-B050-40A1-BCB7-F76ADF18E3E0@employees.org> <BYAPR05MB42457C37AE7DC3F4CACC8FD7AEEC0@BYAPR05MB4245.namprd05.prod.outlook.com> <B254E985-A848-4FC4-868D-E2F04CF7E0DB@cisco.com> <104B106B-8130-4931-9DBF-2FE5C5633CB0@gmail.com> <B0D2092F-CC6E-4990-857B-E88229FA80AF@cisco.com> <277E6E14-8FD4-45A3-9350-E30B82C0FA86@gmail.com> <CAN-Dau1MDKpFrmmDFpj3s4cZYwFyB0KnWMrc-yjw_m5mO_8REw@mail.gmail.com> <CAO42Z2wgZ8gE1pTDy2xbxetdLqf8EWpKRmbi=n7qfgEALwVmVQ@mail.gmail.com> <BBB1A2A3-DE78-4E97-B193-9B6980B82358@employees.org> <CAO42Z2zhm_XHdt6sK23KTukOn0o2rx7O5_16C_GQ-FTwe6FJjg@mail.gmail.com>
In-Reply-To: <CAO42Z2zhm_XHdt6sK23KTukOn0o2rx7O5_16C_GQ-FTwe6FJjg@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Fri, 14 Jun 2019 07:39:55 -0700
Message-ID: <CALx6S35CErOQ1rzCADrK8FWFK7kf5WaNPx=LyijszBjmTQEoqg@mail.gmail.com>
Subject: Re: END SID Without SRH
To: Mark Smith <markzzzsmith@gmail.com>
Cc: Ole Troan <otroan@employees.org>, 6man WG <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/ZSlOTzEosPOj8nHw_u6-UjBi9So>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jun 2019 14:40:12 -0000

On Fri, Jun 14, 2019 at 3:19 AM Mark Smith <markzzzsmith@gmail.com> wrote:
>
> Hi Ole,
>
> On Fri, 14 Jun 2019 at 16:52, Ole Troan <otroan@employees.org> wrote:
> >
> > Mark,
> >
> > [snip]
> >
> > > pWhat's a "regular IPv6 destination"?
> > >
>
> <snip>
>
> > > It's quite a different thing to encode packet processing in the
> > > destination address that contradicts or ignores the instructions
> > > encoded in the chain of EH and upper layer headers. I think this might
> > > be a more significant change to the IPv6 packet processing model and
> > > operation than we realise.
> > >
> > > RFC 8200 is very clear and explicit on multiple occasions about
> > > following the processing encoded in the EH chain and upper layer
> > > headers when the packet arrives at the destination device that holds
> > > the matching DA:
> >
> > I think that' a way too literal interpretation of 8200.
> >
>
> I think it is the "right amount" of literal when you use RFC 8200's
> definitions of 'router' and 'host'.
>
> > Especially in the context of routers.
>
> Router as a device, or a router as a function?
>
> RFC 8200 definitions of a router and a host seem to me to be entirely
> functional.
>
>  router       a node that forwards IPv6 packets not explicitly
>                 addressed to itself.
>
> host         any node that is not a router.
>
>
> A typical router as a device implements the RFC 8200 router function
> in its forwarding plane, and the RFC 8200 host function in its control
> plane.
>
> > A remote node cannot expect that any combination of the local nodes's destination address and header chain will be processed.
>
> I agree.
>
> I think it is clear what is supposed to happen when a packet is
> received that can't be processed according to the EH / transport layer
> header chain:
>
> - the packet gets dropped
>
> - a (possibly rate limited) ICMPv6 error message is sent back to the
> source stating the drop cause
>
> There isn't supposed to be "the packet is still processed rather than
> dropped, and differently to how the packet's sender specified it to be
> processed."
>
> > A router will not process your protocol 89 packet on any DA.
>
> Agree.
>
> First thing that needs to match is the DA of the packet against the
> router (device (RFC 8200 router & host))'s local addresses or the
> device's processes' multicast addresses.
>
> Once that match occurs, then the packet gets handed up the local stack
> to the OSPF process, if it exists. If it doesn't, "Parameter Problem,
> Unrecognized Next Header type encountered".

Mark,

As understand it, a host with SID addresses only recognize IP in IP
encapsulation and no other upper layer protocols, so other protocols
are unrecognized. If such a host drops packets with unrecognized next
header, e.g. TCP, and sends "Parameter Problem, Unrecognized Next
Header type encountered" that is compliant with RFC8200.

Whether this is desirable behavior is arguable. For instance, I'd
expect the first thing that a user might do when they are see packets
with a segment list failing to be delivered is start pinging addresses
in the segment list. Getting an ICMP error instead of just an ICMP
Echo Reply from a destination doesn't seem particularly helpful to me.

Tom

>
> This is IPv6 host processing (because of packet arriving at device
> holding the matching DA) where the host doesn't support the protocol
> in the packet.
>
> >In the VPP MAP-E implementation, the BR address is a "service address", and will drop anything that isn't protocol 4 (as well as any packet with extension header).
> >
>
> And that is and would be the expected behaviour. It doesn't understand
> it so it drops it and may send an ICMPv6 error message.
>
> The ambiguity and I think non-compliance with RFC 8200 is when
> dropping isn't occurring, and how to process the packet is singularly
> encoded in the DA address. This is instead of following what is
> explicitly encoded in the following EHs and transport layer headers.
> This is contrary to IPv6 host processing of DA match -> EH processing
> -> Transport layer -> Application Layer packet processing.
>
> (I started down this path a few years ago by thinking about the
> scenario of buying a router (device) from a router vendor, and then
> running it as a BGP route reflector or server that isn't ever in the
> packet forwarding path. Is it still a "router", or is it now a host?
> Per RFC 8200, not a router, only a host, even if it still looks like a
> router (device) with a router vendor's logo on it).
>
> Best regards,
> Mark.
>
> > Best regards,
> > Ole
> >
> >
> >
> >
> >
> >
> >
> > >
> > > 4.  IPv6 Extension Headers
> > >
> > > ...
> > >
> > > "Extension headers (except for the Hop-by-Hop Options header) are not
> > >   processed, inserted, or deleted by any node along a packet's delivery
> > >   path, until the packet reaches the node (or each of the set of nodes,
> > >   in the case of multicast) identified in the Destination Address field
> > >   of the IPv6 header." (For context for the next two quotes.)
> > >
> > > ...
> > >
> > > "At the destination node, normal demultiplexing on the Next Header
> > >   field of the IPv6 header invokes the module to process the first
> > >   extension header, or the upper-layer header if no extension header is
> > >   present.  The contents and semantics of each extension header
> > >   determine whether or not to proceed to the next header. ***Therefore,
> > >   extension headers must be processed strictly in the order they appear
> > >   in the packet***; a receiver must not, for example, scan through a
> > >   packet looking for a particular kind of extension header and process
> > >   that header prior to processing all preceding ones."
> > >
> > > ...
> > >
> > > 4.1.  Extension Header Order
> > >
> > > ...
> > >
> > >  "IPv6 nodes must accept and attempt to process extension headers in
> > >   any order and occurring any number of times in the same packet,
> > >   except for the Hop-by-Hop Options header, which is restricted to
> > >   appear immediately after an IPv6 header only.  Nonetheless, it is
> > >   strongly advised that sources of IPv6 packets adhere to the above
> > >   recommended order until and unless subsequent specifications revise
> > >   that recommendation."
> > >
> > > ...
> > >
> > > Regards,
> > > Mark.
> > >
> > >
> > >
> > >> Thanks
> > >> --
> > >> ===============================================
> > >> David Farmer               Email:farmer@umn.edu
> > >> Networking & Telecommunication Services
> > >> Office of Information Technology
> > >> University of Minnesota
> > >> 2218 University Ave SE        Phone: 612-626-0815
> > >> Minneapolis, MN 55414-3029   Cell: 612-812-9952
> > >> ===============================================
> > >> --------------------------------------------------------------------
> > >> IETF IPv6 working group mailing list
> > >> ipv6@ietf.org
> > >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > >> --------------------------------------------------------------------
> > >
> > > --------------------------------------------------------------------
> > > IETF IPv6 working group mailing list
> > > ipv6@ietf.org
> > > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > > --------------------------------------------------------------------
> >
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email