IETF Logo Mail Archive

Re: [spring] L4 Checksum and draft-ietf-6man-segment-routing-header

Tom Herbert <tom@herbertland.com> Mon, 16 May 2016 17:15 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDD5212D83B for <ipv6@ietfa.amsl.com>; Mon, 16 May 2016 10:15:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3_g_FXXe2mEQ for <ipv6@ietfa.amsl.com>; Mon, 16 May 2016 10:15:26 -0700 (PDT)
Received: from mail-io0-x234.google.com (mail-io0-x234.google.com [IPv6:2607:f8b0:4001:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE7BC12D806 for <ipv6@ietf.org>; Mon, 16 May 2016 10:10:04 -0700 (PDT)
Received: by mail-io0-x234.google.com with SMTP id f89so217336348ioi.0 for <ipv6@ietf.org>; Mon, 16 May 2016 10:10:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-transfer-encoding; bh=xwuMD+np3FVbrp3l1WmZQ0xoky7QCFAh5pwGFBvtGRM=; b=SF2wFEgQKVzb8Y4sdlG0CbOp8y67h3uvkc/efX/j9l4ePvYpnD96nLNXNY2vbPSi37 Op3hpMNe2n7N9/uZFulxh5vl421gR+TzPKDcEVsguxu7NS2d7AxegG7lBQzD9F1oy24J 6aATdS5WkGegdIzCVhMAA4bUgCJ/d00Gbn+/0uutXfpxHT1yBsSSsvp1peqdhDWdqfc8 5VCGx+J0N97JJ6AUj9Rlo6SZriQvV9vbPiF8LfbcwEyNWyDIodLcG6eZ33Vvz3LkepxG 9Rqfsls9p/2z1DKK4jrJcaHt90csBcr/we6x5NeNfPwBzj7W2mjTXdCjyoHF+EJX+9qZ uBeg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-transfer-encoding; bh=xwuMD+np3FVbrp3l1WmZQ0xoky7QCFAh5pwGFBvtGRM=; b=fZN9DM3GIGhAUw7KtnBeSbSbEE8lc4MezECVSTTrYlrMKmjtSb//35zpF2bNMXLmNO MHZjBs9T7jAq0fFcy1TFTrVWHZCk8QAbW7DbdeuFxYtJLeGt968CBqMgmhoUt3ThkNSu QnYcQCMM3xRHTLLngniQseaz7xLA65+J/mHJAzh1thJP95ZyAL6qjsoB9BZ/LqVpcxwy 7eMKqga3M/EQobvV3ktY+XRkHN6/fDdpwvf6BZ+SUDGK3njxwcUXh+yYFXHKHizobo4Y TfNDtctY3+podleKwU2v08mxZnlNIu7crCZL1qVMGziK2EKhHShpzQnw0UvKu9xNVizg 5Rtw==
X-Gm-Message-State: AOPr4FU5QbCidgRtsv4jPyJGHesIIBiH5MlX3BKTmaUGeHm2Csf0CejQAfeJoxhWXhoo8A8o9ccQ+C8letp3Cw==
MIME-Version: 1.0
X-Received: by 10.36.110.143 with SMTP id w137mr10638294itc.37.1463418604053; Mon, 16 May 2016 10:10:04 -0700 (PDT)
Received: by 10.107.56.67 with HTTP; Mon, 16 May 2016 10:10:03 -0700 (PDT)
In-Reply-To: <5d889e7013b44b27ae1e75cf7ea2dd22@IL-EXCH02.marvell.com>
References: <eaf5cad817624c7a8758758aa058399b@IL-EXCH02.marvell.com> <AD825FC8-E5AB-437D-992B-F5900B67EFA7@employees.org> <ECB16B90-392C-4C98-B3EA-86050AE2BEBA@cisco.com> <5dc56935eba94c2390120244564f9b21@IL-EXCH02.marvell.com> <A5EFDE4C-BE25-4F5C-B176-E63740E94F4B@cisco.com> <ed76a19f5995465e8f4eddcba5d0c95c@IL-EXCH02.marvell.com> <0551686F-F1D2-4C34-81C8-530F1BEE1BDF@cisco.com> <5d889e7013b44b27ae1e75cf7ea2dd22@IL-EXCH02.marvell.com>
Date: Mon, 16 May 2016 10:10:03 -0700
Message-ID: <CALx6S35iChUWbF_Qp6Sf2s5ipPDqkNfVB1k0i=45Nq5q4OnS_w@mail.gmail.com>
Subject: Re: [spring] L4 Checksum and draft-ietf-6man-segment-routing-header
From: Tom Herbert <tom@herbertland.com>
To: Tal Mizrahi <talmi@marvell.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/gDoVy0ttN8X0_WDmEHTUoGgWSbo>
Cc: "spring@ietf.org" <spring@ietf.org>, 6man WG <ipv6@ietf.org>, "draft-ietf-6man-segment-routing-header@tools.ietf.org" <draft-ietf-6man-segment-routing-header@tools.ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 May 2016 17:15:28 -0000

On Mon, May 16, 2016 at 4:32 AM, Tal Mizrahi <talmi@marvell.com> wrote:
>>it’s all about IP, not layer-2.
>>
>>s.
>
> Right. However, it appears that at least in some cases a VXLAN VTEP will use SR. It certainly may be the case in SFC use cases (see Section 2.3 in draft-ietf-spring-ipv6-use-cases).
>

draft-ietf-6man-segment-routing-header mentions that the packet is
encapsulated, but I don't think it is explicit as to exact
encapsulation format (I suppose simple ip6ip6 is implied). But, it
seems like any of several encapsulation techniques could work (VXLAN,
GRE/IP, ESP/IP, GUE, foo over UDP, etc.) and if a device that wants to
do SR is already doing tunneling it seems reasonable to me to only
have one layer of encapsulation. Maybe this should be clarified in the
draft?

Tom

>
>
>>-----Original Message-----
>>From: Stefano Previdi (sprevidi) [mailto:sprevidi@cisco.com]
>>Sent: Monday, May 16, 2016 2:24 PM
>>To: Tal Mizrahi
>>Cc: Ole Trøan; draft-ietf-6man-segment-routing-header@tools.ietf.org;
>>spring@ietf.org; 6man WG
>>Subject: Re: [spring] L4 Checksum and draft-ietf-6man-segment-routing-
>>header
>>
>>
>>> On May 16, 2016, at 1:19 PM, Tal Mizrahi <talmi@marvell.com> wrote:
>>>
>>> Hi Stefano,
>>>
>>> Thanks again for the prompt response.
>>>
>>>> 2. the SRH is originated by the ingress node of the SR domain.
>>>>  This is done by encapsulating the packet into a outer
>>>>  (additional) ipv6 header followed by an SRH. This is L3
>>>> encapsulation and no L4 checksum is involved. When the  packet leaves
>>>> the SR tunnel the outer encapsulation  (including the SRH) is removed
>>>> and the packet continues  its journey like nothing happened.
>>>
>>> So VXLAN is off the table?
>>
>>
>>it’s all about IP, not layer-2.
>>
>>s.
>>
>>
>>> It would be worthwhile to clarify this in the draft. If you have a specific
>>encapsulation in mind, it would be great if the draft would specify it.
>>>
>>> Thanks,
>>> Tal.
>>>
>>>
>>>> -----Original Message-----
>>>> From: Stefano Previdi (sprevidi) [mailto:sprevidi@cisco.com]
>>>> Sent: Monday, May 16, 2016 2:13 PM
>>>> To: Tal Mizrahi
>>>> Cc: Ole Trøan; draft-ietf-6man-segment-routing-header@tools.ietf.org;
>>>> spring@ietf.org; 6man WG
>>>> Subject: Re: [spring] L4 Checksum and
>>>> draft-ietf-6man-segment-routing- header
>>>>
>>>> Hi,
>>>>
>>>> On May 16, 2016, at 11:04 AM, Tal Mizrahi <talmi@marvell.com> wrote:
>>>>>
>>>>> Hi Stefano,
>>>>>
>>>>> Thanks for the responses.
>>>>>
>>>>>> exactly.
>>>>>>
>>>>>> Moreover, draft-ietf-6man-segment-routing-header assumes
>>>>>> encapsulation so clearly there’s no L4 involved here.
>>>>>>
>>>>>> s.
>>>>>
>>>>> Two questions:
>>>>> 1. What if the encapsulation is VXLAN? L4 would still be involved, right?
>>>>
>>>>
>>>> See below.
>>>>
>>>>
>>>>> 2. When you say 'assumes encapsulation', does it mean that a host
>>>>> cannot
>>>> send an IPv6 packet with an SRH? The current draft says:
>>>>>
>>>>>  A Source SR Node can be any node originating an IPv6 packet with
>>>>> its
>>>>>  IPv6 and Segment Routing Headers.  This include either:
>>>>>
>>>>>     A host originating an IPv6 packet.
>>>>>
>>>>>     An SR domain ingress router encapsulating a received IPv6 packet
>>>>>     into an outer IPv6 header followed by an SRH.
>>>>>
>>>>>
>>>>>
>>>>> Will appreciate if you can clarify that.
>>>>
>>>>
>>>> ok, two cases:
>>>>
>>>> 1. the SRH is inserted at the source.
>>>>  the source originates the packet, the ipv6 header and  the SRH. The
>>>> source computes L4 checksum taking into  account the whole IPv6+SRH.
>>>> Here, theres’ nothing new  compared to rfc2460.
>>>>
>>>> 2. the SRH is originated by the ingress node of the SR domain.
>>>>  This is done by encapsulating the packet into a outer
>>>>  (additional) ipv6 header followed by an SRH. This is L3
>>>> encapsulation and no L4 checksum is involved. When the  packet leaves
>>>> the SR tunnel the outer encapsulation  (including the SRH) is removed
>>>> and the packet continues  its journey like nothing happened.
>>>>
>>>> s.
>>>>
>>>>
>>>>>
>>>>> Thanks,
>>>>> Tal.
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Stefano Previdi (sprevidi) [mailto:sprevidi@cisco.com]
>>>>>> Sent: Monday, May 16, 2016 11:59 AM
>>>>>> To: Ole Trøan; Tal Mizrahi
>>>>>> Cc: draft-ietf-6man-segment-routing-header@tools.ietf.org;
>>>>>> spring@ietf.org; 6man WG
>>>>>> Subject: Re: [spring] L4 Checksum and
>>>>>> draft-ietf-6man-segment-routing- header
>>>>>>
>>>>>>
>>>>>>> On May 15, 2016, at 8:06 PM, otroan@employees.org wrote:
>>>>>>>
>>>>>>> Tal,
>>>>>>>
>>>>>>>> [Apologies if this issue has been discussed before.]
>>>>>>>>
>>>>>>>> According to draft-ietf-6man-segment-routing-header, an ‘SR
>>>>>>>> Segment
>>>>>> Endpoint Node’ updates the Destination IP address.
>>>>>>>> Therefore, it must also update the Layer 4 Checksum, right?
>>>>>>>>
>>>>>>>> I wonder if there is an upper bound on the size of the SRH.
>>>>>>>> Otherwise, the
>>>>>> L4 Checksum may be located in a pretty deep location.
>>>>>>>> Speaking from a chip vendor’s perspective this may be a problem.
>>>>>>>
>>>>>>> From RFC2460, RH0:
>>>>>>>
>>>>>>>
>>>>>>>    o  If the IPv6 packet contains a Routing header, the Destination
>>>>>>>       Address used in the pseudo-header is that of the final
>>>>>>>       destination.  At the originating node, that address will be in
>>>>>>>       the last element of the Routing header; at the recipient(s),
>>>>>>>       that address will be in the Destination Address field of the
>>>>>>>       IPv6 header.
>>>>>>>
>>>>>>> I would expect SR would work the same.
>>>>>>
>>>>>>
>>>>>> exactly.
>>>>>>
>>>>>> Moreover, draft-ietf-6man-segment-routing-header assumes
>>>>>> encapsulation so clearly there’s no L4 involved here.
>>>>>>
>>>>>> s.
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> Cheers,
>>>>>>> Ole
>>>>>>>
>>>>>
>>>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email