IETF Logo Mail Archive

Re: [IPv6] Routing Headers and limited domains (Was Re: Adoption call for draft-bonica-6man-comp-rtg-hdr

Ron Bonica <rbonica@juniper.net> Wed, 15 November 2023 21:58 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F415C14CF13; Wed, 15 Nov 2023 13:58:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b="QjS3kCu4"; dkim=pass (1024-bit key) header.d=juniper.net header.b="SgAW6AgX"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hKXlQJXl51pp; Wed, 15 Nov 2023 13:58:15 -0800 (PST)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 591CBC151543; Wed, 15 Nov 2023 13:58:15 -0800 (PST)
Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3AFLY5On004012; Wed, 15 Nov 2023 13:58:13 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=PPS1017; bh=Op9GRPAkIYoXMeM4zeqDgwJmIHVO+hcIeWIxa3qgiA0=; b=QjS3kCu4Afz2GUp7FqHb39cE9DkV5KH2dHIdPQd3ahxJ0FwDohnKwonWUceEZ3ApTxdm FG+/ylNdeqzrr5cYxRpTd7pHlXQ7hkTz5nzGSvy1t8C1DS6DUBzZetNjOgVjVRHHGsFa JXXoMck87THhaPy+uYyEfP3ep3E97zq3zK/5pQplyoVRymfJzgGsQvvtDeXZ6hzlLR7b kO0rNEa0XIsCtpZWYLCGpFBWC65htN0UUGDG0ByZvIGPiCrtSC4zgnKjmRX3LQ/xrkIY USwC9ErEMJqVK/nNPE0pWkl4GQfJiliCmW95ewd29Zih+9aOpdKfIJryUgC/g0HZrtKa Ww==
Received: from cy4pr02cu007.outbound.protection.outlook.com (mail-westcentralusazlp17011018.outbound.protection.outlook.com [40.93.6.18]) by mx0a-00273201.pphosted.com (PPS) with ESMTPS id 3ucub99ff9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 15 Nov 2023 13:58:12 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ds6XW7XUUs2q4NjSDsEx1zsQGwYNwTTvlv5IS6LbYnI7smYoGLM+2IGh6RnuOEIVtg6BjUHSqhhheSM6exp5p/cfDfiMiFdQTwEqiwucCAvJdCX/07NxwGPnc2H2t04M0CxelV8Z+3yHyCvzr+ju5Zw+TWe45wwF38ilXO7qrZ/ybavvJmY6+5ClrmtWw6Tcd8cKYfIxoEeefxz0qrkIi1cXpRzsghMA9FVp140AuBcq0jWw7IcwNbNlyZxCYB2/Z9kh5H61CZIs35yYna7qNJYnZOjCiPI1XyWtp4ng1en5qvgKfRm6JJtCPVEXPv1PjjmXY3waAaykE9FCtHPfhw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Op9GRPAkIYoXMeM4zeqDgwJmIHVO+hcIeWIxa3qgiA0=; b=DLBT0QKR5ZTnqHgYkzqJcbn5rWIIeQ/QxUsIzE+ESTn0gz0os/uwdZBO9aOobhKszCDWZ5oNMC5oMWJ6/Hh+SER5ZnbSdWi5Fn0WTqPS9hkQWTtLSXOEWLrmcenITonP/35D2VZOc7qzgv2dlkU+fJXTxVIsVfx5O5KpK1fkv5+YwmE261DJEQNXIKlRODzMk63aSFNitqImgbjFb0X51BIwLXYQFF/cg1D1+EKpVcrhKgU9HvV1II2GB9O8geNHKRVpAQcViN6Jrf8dTqlshicQXWUyOwW5BxMYUuluMpY24BotaqNNF32fBmBlLDu/RMkw8RqoQLqMzjkVsvaJww==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Op9GRPAkIYoXMeM4zeqDgwJmIHVO+hcIeWIxa3qgiA0=; b=SgAW6AgXS8d+Rnd0lYf1PG58w042zVO5dGeuyrwP0oaMFPLhOgCLNNUPvfzTwD7I+0VUNkImQNjh/UDgzqAlJfZ4Sg3iYiFS6AZZCfblynjpkWLt1Ayl7KBX5XN/insw1loygHonyCeM0ITI5LwWAzM8gQJKHH0p3abuxQZ92Qg=
Received: from BL0PR05MB5316.namprd05.prod.outlook.com (2603:10b6:208:2f::25) by DM4PR05MB9063.namprd05.prod.outlook.com (2603:10b6:8:b7::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6977.31; Wed, 15 Nov 2023 21:58:10 +0000
Received: from BL0PR05MB5316.namprd05.prod.outlook.com ([fe80::2a85:2cc9:eaa7:389d]) by BL0PR05MB5316.namprd05.prod.outlook.com ([fe80::2a85:2cc9:eaa7:389d%4]) with mapi id 15.20.6977.029; Wed, 15 Nov 2023 21:58:09 +0000
From: Ron Bonica <rbonica@juniper.net>
To: Tom Herbert <tom@herbertland.com>
CC: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, Tony Przygienda <tonysietf@gmail.com>, Joel Halpern <jmh@joelhalpern.com>, 6man <ipv6@ietf.org>, "draft-bonica-6man-comp-rtg-hdr.authors@ietf.org" <draft-bonica-6man-comp-rtg-hdr.authors@ietf.org>
Thread-Topic: [IPv6] Routing Headers and limited domains (Was Re: Adoption call for draft-bonica-6man-comp-rtg-hdr
Thread-Index: AQHaDDQTZegG2gp+jk6HBf6jcNIOg7BmJ2sQgAA9CgCAApmI8IART76AgAG3EXA=
Date: Wed, 15 Nov 2023 21:58:09 +0000
Message-ID: <BL0PR05MB53169A0B356C9B09106529D3AEB1A@BL0PR05MB5316.namprd05.prod.outlook.com>
References: <CAFU7BARQLAS+w7kKUPSBgFacc5GXNAaJ97qkJg9VyjbhoNibcQ@mail.gmail.com> <CAMMESsysV1Oc3JyU058GRbUFfs18WEz16GKLcZX-waFo+hoN0w@mail.gmail.com> <BL0PR05MB5316B366B7B4A3C1D4AF4686AEA3A@BL0PR05MB5316.namprd05.prod.outlook.com> <CAMMESsxQj9hRS2HxHWK67EkR-=s-3Qor88+qGRzYFMnrJOR_qQ@mail.gmail.com> <BL0PR05MB53166A455E68541ED2586EC5AEA2A@BL0PR05MB5316.namprd05.prod.outlook.com> <CACMsEX-juiW5uOHze3j4zRnrG_Djn4S99hB=TJi3OgEiQz6QxA@mail.gmail.com> <CAO42Z2yR9Y_MszPuia3eS6zv2WJFiqb07juatp99bhbDO0kbxA@mail.gmail.com> <CAO42Z2y8e46hv0Cf49gHJnEimjrOg1dOwa2x36Zu77vBWzvdKw@mail.gmail.com> <f2150c48-480b-45a7-98a6-b2893ead8065@joelhalpern.com> <CALx6S37_2SAfOPsyKcXa6qKinAw_8tf7W_d5i8G86R2QEdck6Q@mail.gmail.com> <108bd733-5c66-4fb5-8224-fb2a1898ecc9@joelhalpern.com> <CALx6S37eJDJ1HpWrQOasOGqnVZyEDQYkmQxxjfpcHhykSUA1Bw@mail.gmail.com> <e45743ed-67bf-45a7-a60c-9dba2bb5de32@joelhalpern.com> <CALx6S374WuKBHodNCuPpZLe0g3BRLWsE9dANLDvidZPUca5C+w@mail.gmail.com> <744cd045-ee48-4829-bc6c-b36467c2acfd@joelhalpern.com> <CALx6S37SHG4Ut+8gsZW1UE-ykKpkj-wA8W1uiQEqFmdoqrkWAQ@mail.gmail.com> <CA+wi2hMzdxBr+_cX1ZQ_KTh9+5Y8990yKaFpCYBBzM3MR=WD+g@mail.gmail.com> <BYAPR05MB5318CBA978CB534F732A2F75AEA6A@BYAPR05MB5318.namprd05.prod.outlook.com> <CALx6S34gwEzVORC5tzD5vqQtooeBdm-LLAVnZxAPupH1Zo9_fQ@mail.gmail.com> <BL0PR05MB5316996FF10790A4BBCF15EFAEA5A@BL0PR05MB5316.namprd05.prod.outlook.com> <CALx6S35Di3CNg8EXNJGEO-sAYB3Y9_nAnrMUNAKjsBocom1P+g@mail.gmail.com>
In-Reply-To: <CALx6S35Di3CNg8EXNJGEO-sAYB3Y9_nAnrMUNAKjsBocom1P+g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=55fb85c2-e993-4f38-9f0b-b75ddf46aade; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=0; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=0633b888-ae0d-4341-a75f-06e04137d755; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2023-11-15T21:56:35Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BL0PR05MB5316:EE_|DM4PR05MB9063:EE_
x-ms-office365-filtering-correlation-id: 5a3047a5-c7c8-40f5-cdf3-08dbe625f4d8
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 7oZu42GfZbhw1FvezhA0XCaOMNBlbcMrZMI1wSXqVKwRr+Chps7ahU6la4tjS0Bd/+0b0yx4t/1Pma0xezt4uACqWN8fC5kuTbHJLtOfSWw/LcEiiZjilPeu78x7FXXmvQXvHULJ0obnEqcBicFzVyxKBxMVpZMmjCJEo9wjbvzQaZI806OywWbklJyCxCeZCzGO/ipQYanjMpMq4e2bMr4d3aLf7veY1rmaxPnBc0HxdrvhY6218EiEpB+NpNdYsZ5YrbB5NyajLnWHfWdfDnfTMoYWUoLdhMpPUeS/2Y9EBCJfVZZuK4m8Ok5qdL0sU04ra4TCSzpSvwaaO3LEgrEEPb8W//c9HFFl4c8k3tW4gdi5Ni67i5yP20hQBwfuBAQDVy5UNGLqyEv58waMk/po1JEVDhsCU/t9aiFu6+qFhA5mtIhquzri/6fHtJb0snOCm3hYJHu1phP27Ydtqqpx8l1rLKjv9cDteDyGguKgZ8x+lCxMWqRpXHio5OTNOBbUuy9bNmlOa7wmDVqeb4viiz0OcbFXqyM1WtGYsgoUSF1gSZ0eORl/lFUJU7wLU98+mxt/tDh6Z3gdrt1BMnArfT2qz2egUPMGN1yIGH5w4UT17bfnAdD/K11y9uoRpb6sFbaSM3mC1RHUg2nKx4sKQcy83VX7gWdOJHgxVtDdjxn/V+oIrdn20RK0yOQQ5G6IfvsAnS8MpRwO471lZdNkQUHDpbFSGandIPyRej0=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR05MB5316.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(346002)(376002)(136003)(396003)(366004)(39860400002)(230273577357003)(230922051799003)(230173577357003)(451199024)(186009)(1800799009)(64100799003)(55016003)(83380400001)(6916009)(66556008)(66946007)(66476007)(2906002)(54906003)(38100700002)(64756008)(66446008)(38070700009)(316002)(76116006)(33656002)(41300700001)(66574015)(478600001)(5660300002)(86362001)(52536014)(122000001)(6506007)(7696005)(53546011)(71200400001)(8936002)(4326008)(9686003)(8676002)(461764006); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: rjr7f9eIz34WCNQWXF6OtRlCDposP8rA0bc0SzYi0k1ZmVZtNDDZ2zS/vXR2vDJIbgnQAfUhGcxoJmSQScSgsNGLmP+Tagx2+9dtI7ntX///voQeoRJbaUKlBvVM6VNBKzj3sO0i8/1+XQZAAVkkqiy2exx37Z9++a9m3LM2d++/cq1cqxnGC9Z/cLCJEGXe6VoDchPhwh7nNMMg/xuPN5oqq0NAfKfRetDD50VuHpwP2abgLCnpacQ+1LmkRQNc1EuZsqdA0935tgJz9HDgo/meEezTSNAndtoBDheuNPXS5GY+KARSdKW6MMnrZz27DylC7grsMmTubTzK+wl5Qva8TAjNLJcpblQKKb8uyTKQjYFZDjwkbfdRjHLHHMxBiOrXWkPGI/ZvkxgMW9CAWlbuMge0BhqW3aN/SVruhI+DAcntUWCwk1wPrcj6CLAeKRGDJb5MSaJZBrrmEmSXgsZaskyt2WT8kl+bKvpmbNZzBUVZxy+yQ9a4Dx3r/IOb0suV59Uufve4xA3m04ueGaQ2ifGhPLf5Jc2lvSRRgrwzOYCFF83lyeIGXVpWdEOpPoiS+o2OaAQ+5Q+WZUsJKcOdZOEK8CtpKP+uTh0ZZ6IetvlO2Gm+MluJJbzEOFsatCNMZvroE4FUPjQn9ucnoZFolouKtvlrB7xYpY6v9EcU5m6FD/f2hApTugMCiajYvDDXJccfY+0MqHxJdFepkTqxn5/vkNvCBp0JLwsSY4z24HtmxeRkLqBldpL0MQGI2Sq6geJd/vBqD1XCpm860Db8LV6+g+DDpbPp45+ynVubFlWzGUr0MsQ18xWZhbJdwuKSjPHZ6zjHbUKYRIjgykGIpqjOxRxd/5iWgAr3VNuyuaJuCG22YHp88A+uyFb4PG4jNz5cDX6R2hvQ3WhPFPj3eVwv97RjYxkGSgFRky5LSKK0Azig00Fk9ll/Pa1b+NQVHpoQJ0d0am1xZnQ+KRGB7qhL7g0R+OUS+U6QpuxRjOqUsng6lKCUo5V5UlksTmLSCUs+2sRyOalXJY0gg0aqTkRgKnRaEExqwQC0pQxltReWUrS4P/zyTB1/Cc/3m4hE9LpflC7vExtocZ8RI6V1DfqPQR8GzhbP+A9naDo3TboOx2yECerVVW0minTv9R0/pdY0QvZR2Cfo1CG+zv+Fv4nrBrDFuVm92jhr57fyKgoRCU8B1M15kxq+dumQIUkRkJAAwQR9BGXDCHoXAZ3zzNZR5XdoNsFzEQN94T0qSTH9uk3ABr+Pitj5rmfVYX1UyVeZ4iuFq8dw154Ewb53DoZOjQy6NneZivkYtmEwp3PqM0CnP0YzGpmrgZWQfgyJHqXLQJgxPvBqM1DBosKppcDhW2JSobLBbcL/AOMi+bwYE2v4E5GpHDiBgSuHAuukPlRaiEysKnybBcLtFAE4HTlW+YgqoRJuiZlHhN0otj1NkWt93trY+wPKNovwwSCsW86mj/4zjiQx01GFbGC1osjZbbCO7Oc2b6S3Enj4YKd8GW/3ual9oPgLayLvaE22wZIhTbrmVlifM7JMvvAsB0LPocE6rqH6dYBZVUyNIM2aQj1avMpMWAV0sJVceTyyAtYIixaP+TXH0VsGwvXbab1I92Q/XVIiy2ZSpQ7A7+qca0p5Hy7XXtNKI4k+
Content-Type: text/plain; charset="utf-7"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR05MB5316.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5a3047a5-c7c8-40f5-cdf3-08dbe625f4d8
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Nov 2023 21:58:09.8758 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: /TT8mqHQ28Wz/RUBty/XLsKHUdh59vlhq746+T/J0M7vntojNtbTiUVglEMdJM3hnKEwYSkNvGVHZaaOF1yIqw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR05MB9063
X-Proofpoint-GUID: AQmJKa0TKSLB1Qj3zy1MVYR3vdg4GeGr
X-Proofpoint-ORIG-GUID: AQmJKa0TKSLB1Qj3zy1MVYR3vdg4GeGr
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-15_20,2023-11-15_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 phishscore=0 impostorscore=0 mlxscore=0 spamscore=0 malwarescore=0 lowpriorityscore=0 clxscore=1031 priorityscore=1501 mlxlogscore=999 bulkscore=0 adultscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311060000 definitions=main-2311150172
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/id_cEoHRwZzH1j_PeDvfZnUq504>
Subject: Re: [IPv6] Routing Headers and limited domains (Was Re: Adoption call for draft-bonica-6man-comp-rtg-hdr
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Nov 2023 21:58:19 -0000

Tom,

You say, " I believe for all the currently defined routing headers, including SRv6, the final destination can be derived from the routing header without requiring any external state."

Is this true of the SRH when the final element of the SRH is a uSID/CSID/GSID?

                                                                                                     Ron



Juniper Business Use Only
-----Original Message-----
From: Tom Herbert <tom@herbertland.com>
Sent: Tuesday, November 14, 2023 2:45 PM
To: Ron Bonica <rbonica@juniper.net>
Cc: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>; Tony Przygienda <tonysietf@gmail.com>; Joel Halpern <jmh@joelhalpern.com>; 6man <ipv6@ietf.org>; draft-bonica-6man-comp-rtg-hdr.authors@ietf.org
Subject: Re: [IPv6] Routing Headers and limited domains (Was Re: Adoption call for draft-bonica-6man-comp-rtg-hdr

[External Email. Be cautious of content]


On Fri, Nov 3, 2023 at 12:56 PM Ron Bonica <rbonica@juniper.net> wrote:
>
> Hi Tom,
>
> Thanks for the review. Response inline[RB].
>
>                              Ron
>
>
> Juniper Business Use Only
> -----Original Message-----
> From: Tom Herbert <tom@herbertland.com>
> Sent: Wednesday, November 1, 2023 11:41 PM
> To: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>
> Cc: Tony Przygienda <tonysietf@gmail.com>; Joel Halpern
> <jmh@joelhalpern.com>; 6man <ipv6@ietf.org>;
> draft-bonica-6man-comp-rtg-hdr.authors@ietf.org
> Subject: Re: [IPv6] Routing Headers and limited domains (Was Re:
> Adoption call for draft-bonica-6man-comp-rtg-hdr
>
> [External Email. Be cautious of content]
>
>
> On Wed, Nov 1, 2023 at 5:06 PM Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org> wrote:
> >
> > Tony,
> >
> >
> >
> > Please do not confuse the CRH with SRv6 or SR. The CRH can be used on any IPv6 packet that doesn’t include another Routing Header type. It can be used in the absence of the SR control plane.
>
> Hi Ron,
>
> Just to clarify: Is it true that CRH is only an IPv6 routing header
> and doesn't require any modifications or considerations to IPv6 or any
> other protocols,
>
> [RB] True. The CRH is just another Routing Header and it is fully compliant with RFCs 4291 and 8200.
>
>  and that CRH will not need its own EtherType (i.e.
> CRH is IPv6 and conformant with RFC8200)?
>
> [RB] CRH does not required its own Ethertype.
>
> Also, at any given point in a packet's lifetime, can the final destination address of the packet be unambiguously determined just by inspecting the packet with CRH without needing any external context?
>
> [RB] No. The CRH contains a list of 2 or 4 byte Segment Identifiers. These are not to be confused with SRv6 SIDS. They are different. The only reason they are called SIDs is because all Routing Headers contain a field called "Segments Left".
>
> [RB] The final SID references a CRH-FIB entry that needs to exist only on the node that processes that SID. The CRH-FIB entry maps the SID to a real, RFC 4291, IPv6 address.
>
> And if any intermediate node were to try to validate a transport layer checksum with a pseudo header in flight for packets with a CRH, would it yield the same result (valid/invalid csum) as the final destination will get (I assume if the final destination can be derived from the packet the answer should be yes).
>
> [RB] No, it would not. The transport layer always uses the ultimate destination address to calculate the pseudo-header checksum. Intermediate nodes would have no way to determine the ultimate destination address because a) they probably do not recognize the CRH and b) even if they do recognize the CRH, they probably wouldn’t have the CRH-FIB entry required to determine the ultimate destination address.
>
> [RB] This issue isn’t unique to the CRH. Think about any other unrecognized Routing Header type, or even the SRv6 uSID.

Hi Ron,

>From RFC8200: "If the IPv6 packet contains a Routing header, the Destination Address used in the pseudo-header is that of the final destination."

I believe for all the currently defined routing headers, including SRv6, the final destination can be derived from the routing header without requiring any external state. If someone captures a pcap file we should be able to parse the routing header to get the final destination address and use that for checksum verification. The real final destination is also needed to identify what flows packets belong to. These are useful at least for diagnostics and debugging, but could be used operationally in some scenarios.

If the last segment is a compressed SID that requires an external state like CRH-FIB to decompress then we can no longer deduce the final destination by just inspecting the packet. To me this is a loss of useful functionality. It would be nice if we could retain this.
Maybe the last entry could be compressed in such a way that it doesn't require an external state to decompress? (like RPL maybe?).

While the loss of the ability to determine the final address creates some problems, it is at least manageable since we can identify packets where the final destination cannot be deduced based on the presence of Routing Headers in the packet with certain types.  The case that a compressed SID is used in the Destination Address without a Routing Header (like in draft-ietf-spring-srv6-srh-compression) is more problematic. If this is deployed in a network then there will start to be many packets with bad checksums detected when packets are traced at routers. Since there's no routing header, there is no way to tell without external information if these are truly bad checksums or not, so debugging bad checksums in the network would be next to impossible.
A solution to that would be to update the transport layer checksum updated each time the Destination Address changes following standard procedures for NAT. That would at least address the inflight checksum verification problem, but still the final destination is obfuscated for flow identification.

>
> [RB] We also have to ask why an intermediate node might check the transport-layer checksum. A garden-variety router would not. However, some middleboxes might. Those middleboxes would break on any unrecognized Routing Header Type.

Yes, some middleboxes will try to validate transport layer checksums.
This is also needed for debugging and diagnostics. For instance, if a host is receiving packets from some destination the operator will want to identify where in the path the bad checksums are being introduced.
If we get a packet trace from some router and all the packets are reported to have a bad checksum then that's not very useful.

>
> [RB] We have observed some middleboxes that, having detected an incorrect checksum, correct it. In my opinion, this behavior is hideous. It assumes that an incorrect checksum is *never* caused by packet corruption. This is a pretty dangerous assumption.

Yes, that is bad, non-standard behavior.

Tom

>
>                                                                    Ron
>
>
> Tom
>
> >
> >
> >
> >
> > Ron
> >
> >
> >
> >
> > Juniper Business Use Only
> >
> > From: Tony Przygienda <tonysietf@gmail.com>
> > Sent: Tuesday, October 31, 2023 3:54 PM
> > To: Tom Herbert <tom=40herbertland.com@dmarc.ietf.org>
> > Cc: Joel Halpern <jmh@joelhalpern.com>; 6man <ipv6@ietf.org>;
> > draft-bonica-6man-comp-rtg-hdr.authors@ietf.org
> > Subject: Re: [IPv6] Routing Headers and limited domains (Was Re:
> > Adoption call for draft-bonica-6man-comp-rtg-hdr
> >
> >
> >
> > [External Email. Be cautious of content]
> >
> >
> >
> >
> >
> >
> >
> > On Tue, Oct 31, 2023 at 5:47 PM Tom Herbert <tom=40herbertland.com@dmarc.ietf.org> wrote:
> >
> > On Mon, Oct 30, 2023 at 6:33 PM Joel Halpern <jmh@joelhalpern.com> wrote:
> > >
> > > Maybe I am dense, but I have trouble seeing how a node could have enough information to compose a useful CRH source route, and not have enough information to know where the relevant decapsulator is.  The most obvious candidate would be simply to decapsulate at the last entry in the source route.  it doesn't matter if that is (as is likely) not actually the egress.
> >
> > Hi Joel,
> >
> > Yes, that would probably be the most obvious candidate, and it's
> > also a candidate for removing the RH. Once segments left is zero,
> > the routing header is not operationally relevant to any downstream nodes.
> >
> > But even if that were the obvious choice for an encapsulation, I
> > still don't see how the source could know when to encapsulate and
> > when not to. A possible solution might be to tunnel all packets, but
> > then that's a lot of per packet overhead especially if most packets
> > never actually leave the limited domain.
> >
> > More generally, constraining protocols like routing header to a
> > limited domain is required and it's clear that *something* needs to
> > happen at edge routers of the limited domain.
> > draft-raviolli-intarea-trusted-domain-srv6 has a good description of
> > the problem. That's focused on SR, but other routing headers like
> > CRH, and other use cases of extension headers also have similar
> > requirements-- I would hope that there might be a general solution
> > to limiting protocol to limited domains (IMO, a new Ethertype like
> > described in that draft isn't the best solution and is likely to
> > create a set of new problems)
> >
> >
> >
> > can you be more specific here? seemed to have worked for mpls like a charm, for a very long time, at a very large scale ... and to differentiate v4 from v6 and many, many other use cases where it was necessary to quickly deploy a domain boundary ...
> >
> >
> >
> > Unless we have a clear, simple demarcation on the packet we end up building basically a stateful firewall by deep inspection or state-tying-together magic. one can afford that at L4 throughputs (at high cost) but the game is very different with the L3 or L2.5 economics as they are today.  As long CRH is mandatory on _every_ SRv6 packet, ok, it's bit deep to parse into but maybe somewhat workable, without, it eludes me how to build a simple, economical, non-stateful solution to delineate a possible SRv6 injection attack surface distinguishable from normal v6 forwarding unless a new ethertype is required.
> >
> >
> >
> > -- tony
> >
> >
> >
> > --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email