IETF Logo Mail Archive

Re: [IPv6] Working Group Last Call for draft-ietf-6man-comp-rtg-hdr

Antonio Cianfrani <antonio.cianfrani@uniroma1.it> Wed, 17 January 2024 22:59 UTC

Return-Path: <antonio.cianfrani@uniroma1.it>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B48A1C14F6BE for <ipv6@ietfa.amsl.com>; Wed, 17 Jan 2024 14:59:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=uniroma1.it
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c1d-xTcCD3me for <ipv6@ietfa.amsl.com>; Wed, 17 Jan 2024 14:59:53 -0800 (PST)
Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7198BC14F6B8 for <ipv6@ietf.org>; Wed, 17 Jan 2024 14:59:53 -0800 (PST)
Received: by mail-wr1-x42e.google.com with SMTP id ffacd0b85a97d-337c4f0f9daso826224f8f.2 for <ipv6@ietf.org>; Wed, 17 Jan 2024 14:59:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uniroma1.it; s=google; t=1705532391; x=1706137191; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=pc29WbbXRklz+7YJYuulQXhRfzxzddjSCuevOuXDwOs=; b=TSXKnRfSKkzxCthQTu+Ilq/e3Alzgd8YPQI5ujGTvGI9hoXc5A4vskTPq756B+EO5W Q3P3piwB7NcfWw3tOv2r8AuE+wXenEKuKjkolNLtYM0cy5QJZZg+eKcx208c+xrgDa+F 1m+GlQrXLjKVhbjdYeqgt3RXr7w0UHcTWZQ0BjSpL0IdeMZ6QOX+vfTZKlC0LXDBxGhQ NKEdGHdCskNRFoD7H0m2CYGVPc1AYnzqRwzGfeqYZeyAovf9P5khKBTwXd5+JAkQkCmi kKu81re1aoEDZV4FNAFjlmng6B01INVIjFmYBfHoeoMtb97AzCPJB+vF2pHqMVXQi8UF V48w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705532391; x=1706137191; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=pc29WbbXRklz+7YJYuulQXhRfzxzddjSCuevOuXDwOs=; b=BrM17jDNH0eCGt1Bll1utloVLyJeLzvE1d5niwivXqocOiugldSkhItbLP2+jsrcfI AMM83FuLp7J8sg9dpdqpr+FMjaSpChejoRKQv97ZOtOLmcsYyiuQsFziB8DOp29TalEL PUFvck8eMmL7L2PSszMxFtCOGnu2oRhBmoAmkkOEbPeY5xdediLaMbYOXppmH9bVtcd0 esPRm90wOHBqX5ZuukaZMLBe8eQsG+YPHzly1KYPiq1SPV5eEo3iJKm3UrrWd7T9B9Qr NgORJP9Q+24Snp9o29/uN/R+Az1VL/jipUCZo0bLnZQZtGgG/rrwi8C5jotgz2Y0slBU PAVA==
X-Gm-Message-State: AOJu0YwWx4iGsRIrWZ5sq6D8cgSCC02gqQ1jAcSuvNZzX406YSzseiB4 tZMA8g+a2BGo2khLFuHHxIIDOKwQpmaeyKVevD2/fIDM7OH3qA==
X-Google-Smtp-Source: AGHT+IGuXHDVKmuCCjxOitWrunvkYniaInlYdAbmFL6xCcDoBMJ+zBXPmJVs3jwHhm9HYA4/E+j6rnWjm3hYjAPXOwU=
X-Received: by 2002:a5d:4e01:0:b0:337:9b5d:4c68 with SMTP id p1-20020a5d4e01000000b003379b5d4c68mr4043669wrt.127.1705532390817; Wed, 17 Jan 2024 14:59:50 -0800 (PST)
MIME-Version: 1.0
References: <CAFU7BATiUtHmtbhtrWSPDR4c2Eb+XQXFdvU2-V=TVLGb+W6hnA@mail.gmail.com> <CALx6S34CWX_1imdUtK1EHcVUEMfhWPm8Uj+JRHiqxMUz5fvH5Q@mail.gmail.com> <BL0PR05MB5316352E89869C176CCF6F50AE652@BL0PR05MB5316.namprd05.prod.outlook.com> <CALx6S37iKMXJ6hiqGvfDk6OtkDWsctGb2t-0GwGtciHxV4-thg@mail.gmail.com> <BL0PR05MB53165DBB635661F9D9B22B66AE652@BL0PR05MB5316.namprd05.prod.outlook.com> <CALx6S36R+5dMx=eUXrV4ofqzGMXujrYaFqWhFOAk5HJP300p4Q@mail.gmail.com> <BL0PR05MB53169283FCEA26B5FB002931AE652@BL0PR05MB5316.namprd05.prod.outlook.com>
In-Reply-To: <BL0PR05MB53169283FCEA26B5FB002931AE652@BL0PR05MB5316.namprd05.prod.outlook.com>
From: Antonio Cianfrani <antonio.cianfrani@uniroma1.it>
Date: Wed, 17 Jan 2024 23:59:39 +0100
Message-ID: <CAK2kPv+q-D5yyF_r3PqsjKCRxBu25JcPgS3zUmBfB8PP8mpohg@mail.gmail.com>
To: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>
Cc: Tom Herbert <tom@herbertland.com>, draft-ietf-6man-comp-rtg-hdr@ietf.org, 6man <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004edf03060f2c34ba"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/eozkLlqX4okt3C5g0Sy_ildSguw>
Subject: Re: [IPv6] Working Group Last Call for draft-ietf-6man-comp-rtg-hdr
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jan 2024 22:59:57 -0000

Dear Authors,
in my opinion there are some open issues that should be clarified:
- it seems that the solution is implemented on a single vendor devices:
maybe an interoperability test with other vendors is necessary.
- open source implementations are reported in the paper but no reference is
provided (and I couldn’t find it on the web).
Best regards,
Antonio

Il Sab 6 Gen 2024, 22:40 Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>
ha scritto:

> Fair enough.
>
>
>
>                       Ron
>
>
>
>
>
> Juniper Business Use Only
>
> *From:* Tom Herbert <tom@herbertland.com>
> *Sent:* Saturday, January 6, 2024 4:22 PM
> *To:* Ron Bonica <rbonica@juniper.net>
> *Cc:* Jen Linkova <furry13@gmail.com>; 6man <ipv6@ietf.org>;
> draft-ietf-6man-comp-rtg-hdr@ietf.org
> *Subject:* Re: [IPv6] Working Group Last Call for
> draft-ietf-6man-comp-rtg-hdr
>
>
>
> *[External Email. Be cautious of content]*
>
>
>
>
>
> On Sat, Jan 6, 2024, 12:57 PM Ron Bonica <rbonica@juniper.net> wrote:
>
> Tom,
>
>
>
> Revealing the ultimate destination address to intermediate nodes has never
> been an explicitly stated requirement of the IPv6 Routing header.
> Therefore, it is beyond the scope of the current experiment.
>
> Ron,
>
>
>
> It may not be an explicit protocol requirement, but as I pointed out it
> may be an implicit operational requirement at least in some networks. Even
> if there's not a solution in this draft, I think it's worth mentioning in
> the draft the loss of visibility of the final destination and potential
> ramifications.
>
>
>
> Tom
>
>
>
>
>
> However, that doesn’t close the door to subsequent experiments. Please
> feel free to post a follow up draft.
>
>
>
>
> Ron
>
>
>
>
>
>
>
> Juniper Business Use Only
>
> *From:* Tom Herbert <tom@herbertland.com>
> *Sent:* Saturday, January 6, 2024 11:19 AM
> *To:* Ron Bonica <rbonica@juniper.net>
> *Cc:* Jen Linkova <furry13@gmail.com>; 6man <ipv6@ietf.org>;
> draft-ietf-6man-comp-rtg-hdr@ietf.org
> *Subject:* Re: [IPv6] Working Group Last Call for
> draft-ietf-6man-comp-rtg-hdr
>
>
>
> *[External Email. Be cautious of content]*
>
>
>
>
>
> On Fri, Jan 5, 2024, 4:35 PM Ron Bonica <rbonica@juniper.net> wrote:
>
> Hi Tom,
>
> I believe that we have discussed this topic before, but it may have been
> off-list. So, I will repeat my argument on list.
>
> When considering your objection, we must consider:
>
> - its scope
> - the cost / benefit trade-off
>
> Regarding scope, you comment applies to many routing header compression
> scheme's not only the CRH. So, we should search for a solution that
> addresses all routing header compression schemes, not just the CRH.
>
>
>
> Hi Ron,
>
>
>
> Agreed.
>
>
>
>
> Regarding the cost / benefit trade-off, some operators may be concerned
> about the issue that you raise. They would be willing to sacrifice a few
> bytes of overhead for the additional functionality that you propose. Other
> operators, not so much.
>
>
>
> Yes, this trade-off could be one of the questions answered in the
> experiment.
>
>
> So, it seems that we should look for a solution that a) is applicable to
> many routing header compression scheme's and b) is optional. Clause a)
> precludes a solution that is embedded in the CRH.
>
>
> What do you think of a HBH Option that displays the ultimate destination.
> This can apply to any routing header compression scheme. It is also
> optional. If you like the idea, I would support a draft.
>
>
>
> No, I suspect a new HBH option for this would be overkill.
>
>
>
> Since this is experiment, how about defining two routing header types for
> CRH where last SID is compressed, and one where it's not. The additional
> processing and implementation complexity for the handling two variants
> shouldn't be very significant, and both could be deployed side-by-side. It
> would allow us to get feedback from real use cases, particularly on rather
> a FIB containing all possible final destinations is scalable.
>
>
>
> Tom
>
>
>
>
>
>
>                                                                         Ron
>
>
>
> Juniper Business Use Only
> -----Original Message-----
> From: Tom Herbert <tom@herbertland.com>
> Sent: Friday, January 5, 2024 5:56 PM
> To: Jen Linkova <furry13@gmail.com>
> Cc: 6man <ipv6@ietf.org>; draft-ietf-6man-comp-rtg-hdr@ietf.org
> Subject: Re: [IPv6] Working Group Last Call for
> draft-ietf-6man-comp-rtg-hdr
>
> [External Email. Be cautious of content]
>
>
> Hi,
>
> I have a concern with this proposal. As I understand it, the addresses of
> all intermediate destinations and the final destination can only be
> correctly deduced with access to the external state (the CRH-FIB). In
> particular, the final destination address can no longer be deduced by
> simple inspection of the packet contents. I think it may have ramifications
> on debugging and security. I suspect this also would be a concern for SR
> CRH.
>
> This will make much hardware to track and diagnose flows in the network.
> Also, if the destination is obfuscated the TCP and UDP checksum cannot be
> validated in the network (strictly not needed, however it is done when
> debugging corrupted checksums. Even if the diagnostic tools do have access
> to the FIB, it has to be the correct FIB in time. So to do post mortem
> analysis on a flow could only be done if the correct state is accessed for
> when the packet was accessed.
>
> Security may be a problem due to the potential of misdelivery. Correct
> delivery depends on FIB state being correct and synchronized between nodes.
> Presumably, misdelivery would be detected by transport layer checksum with
> pseudo header, however not all protocols have a checksum, and RFC6936
> allows UDPv6 to be sent with a zero checksum in the case of tunnels.
>
> To avoid ambiguity and misinterpretation, I suggest that the final address
> in the SIDs should be sent uncompressed as a plain address or compressed
> using some stateless method. I think this also could reduce the size of the
> FIB table since final destinations are likely to be hosts and there may be
> an order of magnitude more hosts than routers in the network.
>
> Tom
>
> On Thu, Jan 4, 2024 at 1:09 PM Jen Linkova <furry13@gmail.com> wrote:
> >
> > This message starts a new two week 6MAN Working Group Last Call on
> > advancing "The IPv6 Compact Routing Header (CRH)" document
> > (https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ie
> <https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-ie>
> >
> tf-6man-comp-rtg-hdr/__;!!NEt6yMaO-gk!CWvVGIuSGSWauTRliWk7FJg8VvZNfVPLMcMeOdaUrfqmrfb7flEI0bndmOe3UuwngN0gXiuPTOerJkI$
> ) as an Experimental document.
> >
> > Substantive comments and statements of support for publishing this
> > document should be directed to the ipv6@ietf.org mailing list.
> > Editorial suggestions can be sent to the authors.  This last call will
> > end on Jan 21 2024, 23:59:59 UTC.
> >
> > --
> > Cheers, Jen Linkova on behalf of 6MAN chairs
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests:
> > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/ipv6
> <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/ipv6>
> > __;!!NEt6yMaO-gk!CWvVGIuSGSWauTRliWk7FJg8VvZNfVPLMcMeOdaUrfqmrfb7flEI0
> > bndmOe3UuwngN0gXiuPTMIkwPI$
> > --------------------------------------------------------------------
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email