IETF Logo Mail Archive

Re: SRH insertion vs SRH insertion + encapsulation

Mark Smith <markzzzsmith@gmail.com> Sat, 07 September 2019 12:01 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3B6612006D; Sat, 7 Sep 2019 05:01:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.498
X-Spam-Level:
X-Spam-Status: No, score=-0.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xliMj6teKgDi; Sat, 7 Sep 2019 05:01:32 -0700 (PDT)
Received: from mail-oi1-x22a.google.com (mail-oi1-x22a.google.com [IPv6:2607:f8b0:4864:20::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7578E12002F; Sat, 7 Sep 2019 05:01:32 -0700 (PDT)
Received: by mail-oi1-x22a.google.com with SMTP id e12so6929474oie.0; Sat, 07 Sep 2019 05:01:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=67X8/cQtKOyPHYnhEY8lKEh+xILo/n4tkUuoSaPFb+4=; b=VC7wHpv90xAV4UU4a9V3oMS1qkupacOa8qRbhgndhvjg1y4uZKx42/FWtqbK+oL5YV NmkFIXMNiXa+D/LawZHQ5zx79Q0ru8BqNboV2C/z4QemKUSYneQ/hDwGD4aDyr78WU+Z RRd6my71dsICFRwKBly8LTBq0iW4cSCNWjr/rxcYHdqsaO/iatGeVd/BR6C/AS5rmGuc 2PvU16I5tXKWA2YdnTss3vhFRnCSi77Y9VycBceEJITkjo4V3bNypiNX3sjwPzAZvrHk Mxafbs242hnVpeXsELlxGgz/4aSyEiiQMYqWIEkXuSOZdurHWNlJVwbEeCk4oCatmcAf evfw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=67X8/cQtKOyPHYnhEY8lKEh+xILo/n4tkUuoSaPFb+4=; b=H7UK4UTWkx5601wBN7TSy333ZBXUByfn3xdVFAUPTQWZvuFkVy8FALRjan9YDihuKn 2vXL+lummk5tf9dZ2/rZanrAwrwKQGL+8xWRilH5Vyhi7YRwJ3K8WqeFvJPPV7gB6HJZ 9lcLlrMNdsXSi9fDCgRq/WXM2+sXLFVzskoov8c6s4Xqi5wxmjUv5DovhFtkJ2wLYVAf vfZmFYmXu6sZOOBmBjRl28QrepLLKL6sYVsyAnU309zcp+gJFhbY9j6YUdYRAxhiqqG/ lJhYElVhr0ltsBKzfIRs6nJICSFnt9WcHzaEJ1jgcW2hckDnh1CNFEp5LoJobsNFUlhl HOTA==
X-Gm-Message-State: APjAAAWRyHIQifZKjkOzSximOchqFS1x3jGh67PxA/ydUHeFDPlp2DgU 1rbI/kNHRthQ4Cct2iFtxIr2iCQUfXEwA8zbs7U=
X-Google-Smtp-Source: APXvYqzWaIGJTidoebsT17mPRmXJyflI+zS8e9DfHSg7fc8vk3At3NlwEoCWpxCoR2zxUWoV05a9IpHEr6cTXKl/eQg=
X-Received: by 2002:aca:f3d4:: with SMTP id r203mr9740656oih.164.1567857691737; Sat, 07 Sep 2019 05:01:31 -0700 (PDT)
MIME-Version: 1.0
References: <CAOj+MMETQa=OfovZak35VfnY+T6qzU9BxAhmFMXz1b7kSppyQg@mail.gmail.com>
In-Reply-To: <CAOj+MMETQa=OfovZak35VfnY+T6qzU9BxAhmFMXz1b7kSppyQg@mail.gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Sat, 07 Sep 2019 22:01:05 +1000
Message-ID: <CAO42Z2xMWN92m7iiLiEW2AFCx0iCMGAa_BvsRwzCzb_BnuzWhA@mail.gmail.com>
Subject: Re: SRH insertion vs SRH insertion + encapsulation
To: Robert Raszuk <robert@raszuk.net>
Cc: "6man@ietf.org" <6man@ietf.org>, draft-voyer-6man-extension-header-insertion <draft-voyer-6man-extension-header-insertion@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/kurk6GcZq-akv7k-_kpWHzimejY>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Sep 2019 12:01:35 -0000

On Sat, 7 Sep 2019 at 21:09, Robert Raszuk <robert@raszuk.net> wrote:
>
> Hello,
>
> I took liberty to start a new thread to focus on hopefully technical discussion regarding the subject.
>
> For the other long thread we have had between WGs to me the conclusion and maybe even IETF rough consensus is that SRH insertion when done at the same time with IPv6 encapsulation is ok.

Yes, however I don't consider there to be any "insertion" happening at
all in that scenario, and I don't think anybody else in the IPv6 6man
WG would either.

"EH insertion" is splitting apart an existing IPv6 packet after the
IPv6 header and before the payload, inserting the EH, creating or
modifying an existing EH chain, leaving the packet's original source
and destination address as they were.

This is why EH insertion is anonymous - the source address in the
packet is not the identity of the device that inserted the EH. The EH
insertion being anonymous is what causes all the problems - breaking
PMTUD, IPsec, ICMP in general, causing problems if the EH isn't
removed when it should be, and making troubleshooting much harder.

Encapsulation in another new IPv6 packet creates the option to add,
not insert, new supplementary information via EHs.

>From RFC 2473, "Generic Packet Tunneling in IPv6 Specification"

                            +----------------------------------//-----+
                            | Original |                              |
                            |          |   Original Packet Payload    |
                            | Header   |                              |
                            +----------------------------------//-----+
                             <            Original Packet            >
                                              |
                                              v
       <Tunnel IPv6 Headers> <       Original Packet                 >

      +---------+ - - - - - +-------------------------//--------------+
      | IPv6    | IPv6      |                                         |
      |         | Extension |        Original Packet                  |
      | Header  | Headers   |                                         |
      +---------+ - - - - - +-------------------------//--------------+
       <                          Tunnel IPv6 Packet                 >

                       Fig.3 Encapsulating a Packet

SRH, OAM etc. EHs that are added to the original packet would go in
the "IPv6 Extension Headers" area shown in the lower packet of that
diagram, after the new outer tunnel header.

Encapsulation/Decapsulation is an addition/subtraction operation of
new, non-original sender information. It preserves the original packet
as it was when it was originally sent.

It provides a new source address field to identify the device that
performed the encapsulation and that added the supplementary
information via the added EHs.

It provides a new destination address field to unambiguously identify
which device the added EH information is intended to be processed by.
There is no need for these EH processing devices to be looking beyond
the IPv6 fixed header to determine if there are any EHs for them to
process - if it is for them, it is a simple and IPv6 standard packet
DA to device DA match operation which answers that question. If it is
not for them, the forward it via their FIB.

Yes encapsulation adds overhead, however that overhead makes
everything compliant with existing decades old methods, models, tools,
operations and troubleshooting techniques.

Regards,
Mark.


>and if any document would like to take that path fwd there is no objections from 6man in regards to violation or not of any former 6man or IPv6 consensus.
>
> - - -
>
> So on the very topic let me summarize the observations made in various emails:
>
> #1
>
> The draft in question doesn't comment on the most basic question: why do
> you want to do EH-insertion as opposed to encap/decap into a new packet?
>
> I asked this question a number of times, and nobody answered.. Rumor on
> the corridors had it that it had to do with one specific vendors having
> issues (of some sort) with implementing this with doing encap/decap. --
>
> Looks to me like FUD at best - just suffice to read (with understanding)
>
> draft-matsushima-spring-srv6-deployment-status-01
>
> - - -
>
> #2
>
> EH insertion will increase the MTU of the packet.
>
> It sure will but as already stated this is done within a given domain so someone who is doing insertion better makes sure it is not causing packet drops. Otherwise his customers may be pretty unhappy.
>
> If you do EH insertion + encapsulation to my basic math skills it looks like you are creating even bigger packet. So you are more likely to face MTU bottleneck issues.
>
> - - -
>
> # 3
>
> I also have a nit about that draft. The very first line of the
> abstract is "The network operator and vendor community has clearly
> indicated that IPv6 header insertion is useful and required."
>
> I agree - such statements should not be in the IETF standards track document.  Such document should be judged on its technical merits not on a basis of crusade.
>
> - - -
>
> # 4
>
> The draft doesn't say why insertion is considered necessary. There is no justification presented.
>
> Well I can understand why one may say so if he does not follow years of FRR/LFA/R-LFA and now TI-LFA discussions. In a nut shell one technique of provide fast connectivity restoration is based on the fact of local repair with local bypass of the broken fragment of the network in a loop free manner. That requires some form of controlled packet steering around the failure.
>
> There are many techniques to achieve such steering SR is an elegant one for this specific application. The less bits you add to the packet the better. Usually you are fine with just one SID or in number of topologies you actually do not need any SID so just placing original dst address into SRH and applying new dst address may be all what is required.
>
> I understand that for some FRR techniques do not matter .. some may use completely different end to end techniques (I like those btw :) but for some it has been a necessity to provide best service to their customers.
>
> - - -
>
> #5
>
> There is no statement that says, "When using IPv6 tunnelling with 128 bit SIDs, the per packet overhead can become too high."
>
> The proposal to use insertion without encap saves you up front 320 bits. I think the less bits you put in *each* packet the better. As described in #4 - in vast majority of TI-LFA you only need one external anchor to safely bypass the failure so in fact no need for any SIDs as the original dst will be either in inner header or in inserted SRH. So your repair efficiency as far as extra packet size already  is more then 2 times less when doing SRH insertion vs SRH or CRH insertion with encapsulation.
>
> - - -
>
> # 6
>
> EH insertion is entirely anonymous. If something breaks, you have no
> idea of which device inserted the EH.
>
> If inserted SRH contains the routable identified of the network element which inserted the header does this address this point ?
>
>
> - - -
>
> # 7
>
> EH insertion sounds to me like it is breaking a fundamental principle
> of trying to avoid sending something unexpected and that the receiver
> will be confused by.
>
> If EH is removed within the domain it has been inserted end receiver never sees it.
>
> = = =
>
> I think I see why in general you all consider that EH insertion alone would be a bad thing. But I think here we are not talking about any insertion to be allowed. We are discussing a fixed and well defined extension which could be made sure that all valid hooks to address potential concerns are embedded in its encoding yet still maintaining forwarding efficiency.
>
>
> I think now it is up to 6man WG and chairs how they choose to continue this dialogue.
>
> Many thx,
> R.
>
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email