IETF Logo Mail Archive

Re: 6man w.g. last call for <draft-ietf-6man-segment-routing-header-11.txt>

Brian E Carpenter <brian.e.carpenter@gmail.com> Wed, 04 April 2018 20:30 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D40412DB70 for <ipv6@ietfa.amsl.com>; Wed, 4 Apr 2018 13:30:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7_GE92_H9GhI for <ipv6@ietfa.amsl.com>; Wed, 4 Apr 2018 13:30:41 -0700 (PDT)
Received: from mail-pl0-x234.google.com (mail-pl0-x234.google.com [IPv6:2607:f8b0:400e:c01::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4DB1D12D864 for <ipv6@ietf.org>; Wed, 4 Apr 2018 13:30:41 -0700 (PDT)
Received: by mail-pl0-x234.google.com with SMTP id v18-v6so13747883ply.12 for <ipv6@ietf.org>; Wed, 04 Apr 2018 13:30:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:subject:to:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=O0ffwH+srL7nN+bEX7lUqtl15bpEO1Dpoo/zeZvzUUs=; b=I5aHghq1gzEbos6odeM+hBhW9hk4PA6A66KMtXy6xBXljpaYitcz5VuYqt386gi2xq UgiQo53tcdEtphBsrgwmLX0jkAI6euX3RK9q2EiCYv8jHe37dOZMQ9rZrRdex5fW1td0 AnlNXBKbapmeEUnVqGiKaD/55fc2nIqLlWAg5TY6fohf2axFLQdIl67QHxxzcSImrjjF lMH4k8m9KIrmBBE/R7uFADYjoADa1N4u70dg2Vl88IDXuevKnmAHbtpzUWivfAwxMZdv otrtWZmmQg5UDGBiAabo+7jvA01dMTOD1BzhhP2WMtyDy8Ojq+bZRbYk/UcToLZtEivk zbFA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:subject:to:references:from:message-id :date:user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=O0ffwH+srL7nN+bEX7lUqtl15bpEO1Dpoo/zeZvzUUs=; b=L9Fdrici0C/fOc9KXXtnbuuBaeoBYgJgNPAc3z+whMqeEPwNQXH2ZGpflePoV50LA+ vQsdXz8+xOkpqmh1jHkJPMFDqfZ1Hr1ANOalQt/mBP3FggY++sCctlA6gMjWRZuWdfnl 9fEwT36/hsiqAkPNKrq5C3120b/Mr3/M5gAhZZ3dqZ+h90XTAlRZf/0wgG/HdMccRv12 ccN/rIQOiIRvAEus83nMbRs/rznb7cDoHqYB0gpn63Ey3QVj3iwxljE7ass/KsZgCb5p 4EGei6kkEDS9B77+aRYZ9N3/J4IqLe8fgluMxFedAt9U/YNVwSgAB2hXEigrqUyzCuV9 GIMw==
X-Gm-Message-State: AElRT7H6+AZRBjCbOQAn5jxokBOcaZJrfqYEPX0HGYjKzbIWC8L0cElZ UezpJaSMFINR79GBgcGsXwErqw==
X-Google-Smtp-Source: AIpwx4/UYkQOrknzny6uqQzd7h1YB/Cb3kYJZ5CU4ysZS3JKhWQMGHvSQO4mR7FpQN467ht4DBaXjQ==
X-Received: by 2002:a17:902:8c84:: with SMTP id t4-v6mr19944193plo.357.1522873840584; Wed, 04 Apr 2018 13:30:40 -0700 (PDT)
Received: from [192.168.178.26] (207.26.255.123.static.snap.net.nz. [123.255.26.207]) by smtp.gmail.com with ESMTPSA id b9sm11617138pff.13.2018.04.04.13.30.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Apr 2018 13:30:39 -0700 (PDT)
Sender: Brian Carpenter <becarpenter46@gmail.com>
Subject: Re: 6man w.g. last call for <draft-ietf-6man-segment-routing-header-11.txt>
To: Ron Bonica <rbonica@juniper.net>, Bob Hinden <bob.hinden@gmail.com>, IPv6 List <ipv6@ietf.org>
References: <20160428004904.25189.43047.idtracker@ietfa.amsl.com> <FB1C6E49-81F7-49DD-8E8B-2C0C4735071B@gmail.com> <SN6PR05MB424035B6FECB0057676067B1AEA40@SN6PR05MB4240.namprd05.prod.outlook.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <554e59f0-83eb-6e0e-14c5-1ee1ade183cd@gmail.com>
Date: Thu, 05 Apr 2018 08:30:40 +1200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <SN6PR05MB424035B6FECB0057676067B1AEA40@SN6PR05MB4240.namprd05.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/nN82y5S83ck_b0uIXJDzkXFyzXI>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2018 20:30:43 -0000

Ron, great review. Here are a few comments on some of your comments.

On 05/04/2018 04:22, Ron Bonica wrote:
> Folks,
...> Section 2.2 SRv6 Segment (Comment 5)
> 
> According to RFC 8200:
> 
> "If, while processing a received packet, a node encounters a Routing header with an unrecognized Routing Type value, the required behavior of the node depends on the value of the Segments Left field, as follows:
> 
>  -  If Segments Left is zero, the node must ignore the Routing header and proceed to process the next header in the packet, whose type is identified by the Next Header field in the Routing header.
> 
> -  If Segments Left is non-zero, the node must discard the packet and send an ICMP Parameter Problem, Code 0, message to the packet's Source Address, pointing to the unrecognized Routing Type."
> 
> This is safe, so long as all Routing Extension Types use SL == 0  to indicate that the Routing Extension Header has been completely processed. It is may not be safe when SL == 0 means that one more segment needs to be processed. 
> 
> In the SRH, SL == 0 indicates that one more segment needs to be processed. The document should address this security consideration.
> 
> If you redefine the SL to match RFC 8200's definition, this problem resolves itself.

Yes, it seems completely wrong to change the generic definition of SL. It creates
confusion and introduces problems for no reason. What's hard to understand in
the phrase "segments left"? Your later comments make this 100% clear.

> Section 2.3  Segment Routing (SR) Domain (Comment 1)
> 
> RFC 8200 says:
> 
> "Extension headers (except for the Hop-by-Hop Options header) are not processed, inserted, or deleted by any node along a packet's delivery path, until the packet reaches the node (or each of the set of nodes, in the case of multicast) identified in the Destination Address field of the IPv6 header."
> 
> Draft-ietf-6man-segment-routing-header says:
> 
> " It is assumed in this document that the SRH is added to the packet by its source, consistently with the source routing model defined in  [RFC8200].  For example:
> 
>    o  At the node originating the packet (host, server).
> 
>    o  At the ingress node of an SR domain where the ingress node receives an IPv6 packet and encapsulates it into an outer IPv6 header followed by a Segment Routing header."
> 
> This gives the reader the impression that draft-ietf-6man-segment-routing-header is in harmony with RFC 8200.
> 
> However, Sections 4.13, 5.2  and 5.3 of draft-filsfils-spring-srv6-network-programming offer procedures in which intermediate nodes insert Segment Routing Headers. (Sometimes, they insert a second SRH in a packet that already has an SRH).
> 
> Draft-ietf-6man-segment-routing-header should either proscribe SHR insertion (using RFC 2119 language)

IMHO it doesn't need to, since it has RFC8200 as a normative reference. The
"It is assumed..." sentence seems acceptable to me.

> or update the above-mentioned assumption and define scenarios in which Routing Extension Header insertion is acceptable.

The debate around draft-voyer-6man-extension-header-insertion is far from over,
and I don't see draft-filsfils-spring-srv6-network-programming progressing
until that is settled. (You are probably correct in your later comment that
spring-srv6-network-programming needs to be a normative reference, so that
will hold up the current draft anyway.)

...
> 
> Section 4.1  Endpoint Function (End)  (Comment 2)
> 
> This section says, " An SRv6-capable node MUST include the Flow Label of the IPv6 header in its hash computation for ECMP load-balancing."

(For anybody checking this, in the text "Flow Label" is misspelt "FlowLabel".)
 
> This works only if the node that originated the packet sets the Flow Label to something other than zero.

Well, we don't know what else is being used for ECMP, do we? If the flow label
is zero, it has no effect, but whatever other fields are used for ECMP might
do the job. It's a bit odd to mention ECMP exactly once in the document, with
no details.

(The flow label is mentioned once elsewhere, in section 4.2 "End.X: Endpoint
with Layer-3 cross-connect" but almost as a throw-away line.)

> Furthermore, load balancing will still break of intermediate, none SRv6-capable nodes don't include the Flow Label in the hash computation

Not necessarily. It only breaks in some ECMP topologies where some paths
contain flow-label balancers and others don't. In fact, it's not got
much to do with SRv6 at all.

> The draft needs a section on load balancing and ECMP.

Either that, or say nothing at all. If it is a requirement that sources
set the flow label, there needs to be a normative citation of RFC 6437,
which defines how to do it. (If you're encapsulating, RFC 6438 might
also be relevant.)

     Brian

v2.23.0 | Report a Bug | By Email