Re: Header Insertion and TI-FA
Gyan Mishra <hayabusagsm@gmail.com> Mon, 11 May 2020 21:39 UTC
Return-Path: <hayabusagsm@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E55CA3A0B99 for <ipv6@ietfa.amsl.com>; Mon, 11 May 2020 14:39:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FcRKkYRY_l8Z for <ipv6@ietfa.amsl.com>; Mon, 11 May 2020 14:39:07 -0700 (PDT)
Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9FE33A0BB5 for <6man@ietf.org>; Mon, 11 May 2020 14:39:07 -0700 (PDT)
Received: by mail-io1-xd2e.google.com with SMTP id k18so2575417ion.0 for <6man@ietf.org>; Mon, 11 May 2020 14:39:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UWMT9x6Eb3Jbj0ZpKS9FoBH8Y5LA8gLIkhDkQIGtANc=; b=JgAYBM2jm7iq2OKp4NBSbnDh+qo71Tmjtye7vlcqsU09yjsVIJj0veLId91ZGsJgq+ lMsSQGTzIEngA7ys8+dbeYQvHFlKY8WL572j096PiJrL+N7G4+R3FzN1kQY5gOerIvkP h1KLfaylHpZLkHdTbN5DAumHMnKJh8axwXWjhu9IEfesmmqC66evkRRzBb/c76xcua1E 8OmUd457HQ9WBu5hAbWtWCHEyp0pIa8SVaJL/DE/NBrXzaNSkcbJhGTbdKi04jCXJz9u sLUiJ+cjQYGPT5uzDjEwXVjjgtfELsF3cdGtfKKGvIc422nRsALSoo7i1rOtLcbTf3QG i7cQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UWMT9x6Eb3Jbj0ZpKS9FoBH8Y5LA8gLIkhDkQIGtANc=; b=oWJsd3Wk/taE6iLm4zlnlreO5/0NFsK6OzuU9KxkOCAY3qY2gwrW2XPZrhhA8lxpoC GI3pcJkrZxSgl7VBwEvns2moeM77C7BJJyWHmW/HjedJGHtRsJf0laV+E1mcBUbJfGHf H/PUB3TVxFm476tB2OZ31/J4CAgKsAL8Pho3spx54TgstVYhnRcuySTce2sHQwsQ+qH1 BRG0VXMLdTbbCNbEZxIoK3jXTcto3b3Bj+CWTxqKZQov2MqYfgoK6UsygkTcl/KXaZWu 86icRxipBKspkeeGgyL/o4JIW+kgY7CFsyYYxyUVgXhaWZDosumuUl8lmLhAhJR6Gq0Q va9w==
X-Gm-Message-State: AGi0PuaT9uDQEoewX9JVUn0hwbG0xXyEftt1G9M+pRVVJOisIW7XfHAf HzGsUcSk5ArjFTzXwUoB3uhzDfNmUmW3BMDddsPSNhNFGVA=
X-Google-Smtp-Source: APiQypI5IOeOD0HIVE5tatOwKr9uQJYl/sQWOou0qxlqdTS5Ek86Swoup4Gbhxr07UF5LJLdr1ydFQSqyd/p8VW684Q=
X-Received: by 2002:a05:6602:192:: with SMTP id m18mr17318536ioo.141.1589233146436; Mon, 11 May 2020 14:39:06 -0700 (PDT)
MIME-Version: 1.0
References: <DM6PR05MB6348FA1FC00258ACE4FDE444AEA10@DM6PR05MB6348.namprd05.prod.outlook.com> <CABNhwV3-dMPg6SAAEz+uWre-rj6j5=1JgyyQyKyz_qn7f7mJwQ@mail.gmail.com> <DM6PR05MB634848D379A428372C166DD4AEA10@DM6PR05MB6348.namprd05.prod.outlook.com> <CAOj+MMEBVA+yK9cFXSe=GVUeH01ipi++nwCRQU_nQCxsKhyvRg@mail.gmail.com> <1B1A2C98-20F0-43F8-A299-C839D14A245C@gmail.com> <CABNhwV3m+2+Wt2CHRRhznEvTZ5KQdounv0e=icfbs4VOcoU0Rw@mail.gmail.com> <MWHPR11MB13740F8547CF700EC38CE4F5C9A10@MWHPR11MB1374.namprd11.prod.outlook.com> <25749431-314A-49D5-9861-C80F82E992BE@liquidtelecom.com>
In-Reply-To: <25749431-314A-49D5-9861-C80F82E992BE@liquidtelecom.com>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Mon, 11 May 2020 17:38:55 -0400
Message-ID: <CABNhwV1iMmmHv_YqLB53gcU4VFwWkDGebh1OqiRb_nFp1w-96Q@mail.gmail.com>
Subject: Re: Header Insertion and TI-FA
To: Andrew Alston <Andrew.Alston@liquidtelecom.com>
Cc: "6man@ietf.org" <6man@ietf.org>, "Pablo Camarillo (pcamaril)" <pcamaril=40cisco.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="00000000000028a24205a5662d3a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/iIpoy39XcafjUi8UsLSma6sDFpg>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 May 2020 21:39:10 -0000
Andrew I believe how we get around AH issue from a customer endpoint flow is that the customer flow is tunneled, h.encap, so sits in the payloadend to end customer packet remains unaltered so their is no impact to end to end customer flows if AH is used by any endpoint customer cuz. As far as the outer header H.encap that happens on the SR source or TI-LFA merge point the closer domain intra or inter domain SRv6 comes into play and if the operator tries to use AH instead of ESP the operator that would be broken. The operator would have to aware to not try to use AH and to use ESP instead. In SRH section 5 intra SR https://tools.ietf.org/html/rfc8754 An operator of an SR domain may choose to delegate SRH addition to a host node within the SR domain and delegate validation of the contents of any SRH to a more trusted router or switch attached to the host. Consider a top-of-rack switch T connected to host H via interface I. H receives an SRH (SRH1) with a computed HMAC via some SDN method outside the scope of this document. H classifies traffic it sources and adds SRH1 to traffic requiring a specific Service Level Agreement (SLA). T is configured with an IACL on I requiring verification of the SRH for any packet destined to the SID block of the SR domain (S/s). T checks and verifies that SRH1 is valid and contains an HMAC TLV; T then verifies the HMAC. An operator of the SR domain may choose to have all segments in the SR domain verify the HMAC. This mechanism would verify that the SRH Segment List is not modified while traversing the SR domain. Since the 6in6 encapsulation outer header that is prepended at the PLR node is completely removed along with the EH SRH inserted by the merge point along the FRR bypass path. >From what I can tell TI-LFA if implemented per the PGM draft should be in compliance with RFC 8200. I believe I have a capture where EH SRH header is inserted - will try to dig up. There is a concept called BE L3VPN and with that configuration SRH is not present. I believe one of the benefits of SRv6 is being able to support on hardware that is not SRv6 capable on any node even the Ingress and egress PEs and just use the standard IPv6 data plane. I believe the BE L3VPN feature is enabled default so no SRH is present. This may vary from vendor to vendor. https://datatracker.ietf.org/doc/html/draft-ietf-bess-srv6-services-02 Kind regards Gyan On Mon, May 11, 2020 at 3:35 PM Andrew Alston < Andrew.Alston@liquidtelecom.com> wrote: > Correct me if I am wrong β but β removal is still in there β which > violates exactly the same section of text and breaks things like the AH? > > > > Or are we saying β its ok to only half violate the text? π > > > > Andrew > > > > > > *From: *ipv6 <ipv6-bounces@ietf.org> on behalf of "Pablo Camarillo > (pcamaril)" <pcamaril=40cisco.com@dmarc.ietf.org> > *Date: *Monday, 11 May 2020 at 20:13 > *To: *Gyan Mishra <hayabusagsm@gmail.com> > *Cc: *"6man@ietf.org" <6man@ietf.org> > *Subject: *RE: Header Insertion and TI-FA > > > > Gyan, > > > > SRH insertion is NOT part of draft-ietf-spring-srv6-network-programming-15. > > (SRH insertion is documented in > draft-filsfils-spring-srv6-net-pgm-insertion-02 with a normative reference > to draft-voyer-6man-extension-header-insertion-08). > > > > > Spring - Please provide section within PGM that has the verbiage of the > 6in6 encapsulation > > > > This is already in the net-pgm draft (since rev 00). Please see > https://tools.ietf.org/html/draft-ietf-spring-srv6-network-programming-15#section-5 > . > > > > Thanks, > > Pablo. > > > > *From:* ipv6 <ipv6-bounces@ietf.org> *On Behalf Of *Gyan Mishra > *Sent:* lunes, 11 de mayo de 2020 18:02 > *To:* Krzysztof Szarkowicz <kszarkowicz@gmail.com> > *Cc:* Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>; 6man < > 6man@ietf.org> > *Subject:* Re: Header Insertion and TI-FA > > > > > > Krzysztof > > > > So you agree with what I stated as the workaround. > > > > Please read through exactly what I stated as the complete workaround. > > > > If we are all in agreement with the prepend (6in6) encap) workaround can > we have the PGM draft updated to reflect. > > > > All > > > > With regards to the 6MAN appeal, the issues were PSP and this issue with > TI-LFA from what I recall. > > > > Was their any other issue outside of these two mentioned in the appeal > that we need to address and come up with a workaround? > > > > Thank you > > > > Gyan > > > > On Mon, May 11, 2020 at 11:09 AM Krzysztof Szarkowicz < > kszarkowicz@gmail.com> wrote: > > Hi Robert, > > If we have prepend, why bother with insertion at all? Prepend (6in6 encap) > is much cleaner, IMHO. > > Regards, > Krzysztof > > > On 2020 -May-11, at 16:38, Robert Raszuk <robert@raszuk.net> wrote: > > > > Hi Ron, > > > > > normalizing header insertion for the special case where the PLR is a > segment endpoint > > > > When an operator is serious about good data plane protection with TI-LFA > all nodes in the network will be enabled for SR. The less overhead required > for the protection the better. You may just not have a room for adding > additional 40 bytes to each packet at each potential PLR without > fragmentation. > > > > Regarding all of your other TI-LFA related questions - I am sure > Krzysztof will be happy to answer them for you internally :) After all > this is what your public demo was all about .... > > > > Best, > > Robert, > > > > -------------------------------------------------------------------- > > IETF IPv6 working group mailing list > > ipv6@ietf.org > > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > > -------------------------------------------------------------------- > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > > -- > > Gyan Mishra > > Network Engineering & Technology > > Verizon > > Silver Spring, MD 20904 > > Phone: 301 502-1347 > > Email: gyan.s.mishra@verizon.com > > > > > -- Gyan Mishra Network Engineering & Technology Verizon Silver Spring, MD 20904 Phone: 301 502-1347 Email: gyan.s.mishra@verizon.com
- Header Insertion and TI-FA Ron Bonica
- Re: Header Insertion and TI-FA Gyan Mishra
- Re: Header Insertion and TI-FA Gyan Mishra
- RE: Header Insertion and TI-FA Ron Bonica
- Re: Header Insertion and TI-FA Robert Raszuk
- Other use cases for header insertion (was Re: Hea⦠Tom Herbert
- Re: Header Insertion and TI-FA Tom Herbert
- Re: Header Insertion and TI-FA Krzysztof Szarkowicz
- Re: Header Insertion and TI-FA Gyan Mishra
- RE: Header Insertion and TI-FA Pablo Camarillo (pcamaril)
- Re: Header Insertion and TI-FA Andrew Alston
- Re: Header Insertion and TI-FA Andrew Alston
- Re: Other use cases for header insertion (was Re:β¦ Brian E Carpenter
- Re: Other use cases for header insertion (was Re:β¦ Mark Smith
- Re: Other use cases for header insertion (was Re:β¦ Robert Raszuk
- Re: Header Insertion and TI-FA Gyan Mishra
- Re: Header Insertion and TI-FA Mark Smith
- Re: Other use cases for header insertion (was Re:β¦ Nick Hilliard
- Re: Other use cases for header insertion (was Re:β¦ Tom Herbert
- Re: Header Insertion and TI-FA Andrew Alston
- Re: Header Insertion and TI-FA Gyan Mishra
- RE: Other use cases for header insertion (was Re:β¦ Ron Bonica
- Re: Other use cases for header insertion (was Re:β¦ Robert Raszuk
- Re: Other use cases for header insertion (was Re:β¦ Stewart Bryant
- RE: Header Insertion and TI-FA Pablo Camarillo (pcamaril)
- RE: Header Insertion and TI-FA Pablo Camarillo (pcamaril)
- RE: Header Insertion and TI-FA Andrew Alston
- Re: Other use cases for header insertion (was Re:β¦ Toerless Eckert
- Re: Other use cases for header insertion (was Re:β¦ Robert Raszuk
- Re: Other use cases for header insertion (was Re:β¦ Brian E Carpenter
- Re: Header Insertion and TI-FA Brian E Carpenter
- Re: Other use cases for header insertion (was Re:β¦ Mark Smith
- Re: Header Insertion and TI-FA Mark Smith
- Re: Header Insertion and TI-FA Robert Raszuk
- Re: Other use cases for header insertion (was Re:β¦ S Moonesamy
- Re: Other use cases for header insertion (was Re:β¦ Stewart Bryant
- Re: Other use cases for header insertion (was Re:β¦ Robert Raszuk
- Re: Other use cases for header insertion (was Re:β¦ Stewart Bryant
- Re: Other use cases for header insertion (was Re:β¦ Tom Herbert
- Re: Other use cases for header insertion (was Re:β¦ Uma Chunduri
- Re: Other use cases for header insertion (was Re:β¦ Fernando Gont
- Re: Other use cases for header insertion (was Re:β¦ Uma Chunduri
- Re: Other use cases for header insertion (was Re:β¦ Fernando Gont