IETF Logo Mail Archive

Re: [spring] How CRH support SFC/Segment Endpoint option?

Robert Raszuk <robert@raszuk.net> Sun, 24 May 2020 21:03 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DE673A0C0D for <ipv6@ietfa.amsl.com>; Sun, 24 May 2020 14:03:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jqK0HFVx2tAz for <ipv6@ietfa.amsl.com>; Sun, 24 May 2020 14:03:15 -0700 (PDT)
Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5A613A0C17 for <6man@ietf.org>; Sun, 24 May 2020 14:03:14 -0700 (PDT)
Received: by mail-ed1-x52b.google.com with SMTP id l25so13518107edj.4 for <6man@ietf.org>; Sun, 24 May 2020 14:03:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=sviMCtRAsx8EimlpHjt1DgquUFyql4iF8AMdPC+Ayn4=; b=Nq3VF4XeAHI/1vfcItXHJTOEMfmKcHPtVRcq7g4rm6j5lrWu9c7RacEWR3N7X53nY9 YP2gJvfG8Ynbq/Bc/aLKNlc4pkkbOAxQCvgjd/BAQ/VgcLynRX8gKUXkkjkW7vxXC1SN pfFH0aUUKi1OJ+7Bc4ZVdXT9OzZDiVyE+rLki0ZV6gBx71aST04uyYANJKSe36LXN8w3 WzwoEKj9Ec/pwsDjS55sbxO3z5FhoP53/DKyIf6BkSir40b5F49lkCt9W31ja47m/NtU UBJjTAiKOv/ZTbwpLS3qnuZLpkCI6R4R+wMxy6YNkfg5YhHiOyJCJI726Ef1Upwv0ANB Vn3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=sviMCtRAsx8EimlpHjt1DgquUFyql4iF8AMdPC+Ayn4=; b=hhsLDBhy5/HGsG5zJrYHR089/Kg7BjTwCnQG/hcPugcWVqQtlcFSSqBOpV/g+BLApn 4Zg008bBhNiUFlLD+qsH1lBHx5AP2gDux5p/UhvcUrEA4VrVI2e2wK76Or7eeliQeNbX N3TCopC57CxPvDN1qjhRH8CSWtfr17HS8lwgeRea51hDwFGDCmPoAVdqQo4XGEACShto 4DLtvxTi4J6OY3pmnHFTs0R6Td0Mazii4zXJQoA7YJuvFAKA/bXlfY7wt8DobUvUPWKo MlJGiMEuA4gW4vw2RGahr3RuUtqmCa8j93/xVJg995rlzwLNi7ggKbNgFAT2R2jOiuHI PCbQ==
X-Gm-Message-State: AOAM532iK+XJ2GfypKmPFc8UbbsUUysmZmfHcFUNaqBBNslYG9esegkv Sd3pSqDCUPwkqhkwzk9g+ZPrmcVuHwMsYM9d8UsuvA==
X-Google-Smtp-Source: ABdhPJzc0IO3wyws5k1Lv8LYNQFRq0/RITDLK8eyJb6Rz7PmFj3ztl6sKVmIojK34sIUnjWWJiiC1p/CGNZ+mrTllVs=
X-Received: by 2002:aa7:d2d0:: with SMTP id k16mr12202384edr.272.1590354192495; Sun, 24 May 2020 14:03:12 -0700 (PDT)
MIME-Version: 1.0
References: <C7C2E1C43D652C4E9E49FE7517C236CB02A2CD12@dggeml529-mbx.china.huawei.com> <DM6PR05MB63482CFA4D5AB938D5A4B818AEB40@DM6PR05MB6348.namprd05.prod.outlook.com> <C7C2E1C43D652C4E9E49FE7517C236CB02A37DC6@dggeml509-mbs.china.huawei.com> <DM6PR05MB63489256A7C8357BEF526EE2AEB20@DM6PR05MB6348.namprd05.prod.outlook.com> <CAOj+MMGLj9OgFCcsB21oWXbcCqHZ7B4qTvCcrK9LXuKDYVu_vQ@mail.gmail.com> <811e0a83-6dee-5d08-2293-832d0eb6708a@gmail.com>
In-Reply-To: <811e0a83-6dee-5d08-2293-832d0eb6708a@gmail.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Sun, 24 May 2020 23:03:03 +0200
Message-ID: <CAOj+MMFom5p2YYM6==RhHEe3S-8e-dd9y16_At6-M55b9aPcOw@mail.gmail.com>
Subject: Re: [spring] How CRH support SFC/Segment Endpoint option?
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, 6man <6man@ietf.org>, "spring@ietf.org" <spring@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b6097d05a66b302f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/i--C5qSHFJSBZRQeBfq7WAcBkQk>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 May 2020 21:03:18 -0000

Hi Brian,

No playing with words intended at all.

But as you very well know half of the room read RFC8200 verbatim to what
the definition of destination node is. Clearly segment endpoint address
would be the "local" destination of the packet when it receives it.

It seems very clear that RFC8200 authors did not expect that packet may
have more then one destination in a domain :)  That seems to be a crux.

*Let's please do not restart that topic.* I asked this question as I am
curious for RbR - how to prevent midpoints to examine DOH if someone would
choose to carry VPN demux label there.

What is there in the packet when packet is received by a segment
endpoint (transit point) to tell - STOP ... this is not a packet for you -
skip DOH - but go and examine other RHs ?

Thank you,
R,









On Sun, May 24, 2020 at 10:54 PM Brian E Carpenter <
brian.e.carpenter@gmail.com> wrote:

> Hi Robert,
>
> On 24-May-20 22:22, Robert Raszuk wrote:
> > Hi Ron,
> >
> > I have one small question on the Destination Option Header you keep
> referencing to carry for example VPN demux instructions.
> >
> > As DOH follows Fragment Header it is indeed inspected before CRH.
> >
> > So please kindly clarify what is there in the IPv6 packet header which
> would stop each segment endpoint (during the transit over SR anchors)
> which destination is obviously in DA of the arriving packet not to inspect
> DOH and not trying to execute it ?
> >
> > If you could please also provide reference to RFC8200 defining it.
>
> I think you are playing with words a bit here. 8200 says:
> "The Destination Options header is used to carry optional information
> that need be examined only by a packet's destination node(s)."
>
> That clearly means that other nodes *do not need* to examine the DOH, so
> they can simply skip over it. Because it isn't encrypted, of course they
> physically can examine it if they want to waste CPU cycles, but they *do
> not need* to do so. Since they are not the destination node, obviously the
> information in the DOH is not intended for them. If it isn't obvious that
> they are not intended to act on that information, I don't know why we
> bother to write RFCs at all.
>
> Regards
>     Brian
>
>

v2.23.0 | Report a Bug | By Email