Re: Benjamin Kaduk's Discuss on draft-ietf-6man-spring-srv6-oam-11: (with DISCUSS and COMMENT)

"Zafar Ali (zali)" <zali@cisco.com> Thu, 03 June 2021 13:31 UTC

Return-Path: <zali@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CC143A1165; Thu, 3 Jun 2021 06:31:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.895
X-Spam-Level:
X-Spam-Status: No, score=-11.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=gp9xS2p4; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=g98SOFjE
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TTGhgBWj4JZd; Thu, 3 Jun 2021 06:31:35 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 138993A115D; Thu, 3 Jun 2021 06:31:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=81441; q=dns/txt; s=iport; t=1622727095; x=1623936695; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=oiQPHLIA68Q6ozaWrFdJiT+Ldw4OJ40Aon0vm1ffHSg=; b=gp9xS2p4Us+nmqp9twRJ/Gpe8Lx2r+/zXhPwhcWL+Q3N5P6/2SCCeCNf UTU/eEpwAFReVUO+FIXz9oPTUHP66ueFsSV0J7jjiD2f0TCFzVP9qqTds F9Q9X0ypwnHJoEuVUucfd/zlOy/hyrgU7n2UN/HfAJUyRoxJQM93WeuOX I=;
X-IPAS-Result: A0BDAAAc2bhgl4kNJK1aDgwBAQEBAQEBAQEBAwEBAQESAQEBAQICAQEBAYIXgSMwIy5+WjcxC4Q9g0gDhTmIcAOBDY5Eij6BQoERA1QLAQEBDQEBNQoCBAEBgVyCdAIXgWgCJTgTAgQBAQEBAwIDAQEBAQUBAQUBAQECAQYEFAEBAQEBAQEBaIVoDYZEAQEBBBIIAQgdAQElEgEPAgEIEQMBAiEBCQICAjAUCQgCBAENBSKCTwGBflcDLwECDD+dSAGBOgKKH3qBMoEBggcBAQYEBIFIQYMyGIIxAwaBOgGCeoQMAQGCZ4FOgiwnHIFJRIEUAQEmHIIpNj6CYgIBAoEoARIBByEZBgcLgl82gi6BWAE9FRk4MgQiFgMWAiACJAoHKE0IAgMEDhYCDxkRCS+RAgeCcUKIDY0ZkHCBDAqDG4EniGiHLYZhhVAFJoNeixuRQYUglUuMFpMgGAGEVwICAgIEBQIOAQEGgSNIImtYEQdwFTsqAYI+UBcCDlWNSgwNCRWDOYUUhQVFcwI2AgYBCQEBAwl8h3QtgQcBgRABAQ
IronPort-PHdr: A9a23:rTAeaBK9KfcASZ8y7NmcuX8yDhhOgF28FgsU9twqh68dOqig/pG3O kvZ6L0tiVLSRozU5rpCjPaeqKHvX2EMoPPj+HAPeZBBTVkJ3MMRmQFzBc+ZT0D3Ma2iYykzB s8XUlhj8jmyOlRUH8CrYVrUrzWy4DceFw+5OxByI7H+G5XZiIK80OXhk6A=
IronPort-HdrOrdr: A9a23:2WiW1qN7YEd+isBcTxf155DYdb4zR+YMi2TDiHoRdfUFSKKlfp 6V88jzjSWE9wr4WBkb6Le90dq7MA3hHP9OkMgs1NKZPDUO11HYV72KgbGSpgEIXheOitK1tp 0QM5SWaueAd2SS5PySiGLTfrpQo6jkzEnrv5ai854Hd3ANV0gU1XYANu/tKDwOeOApP+tcKL Osou584xawc3Ueacq2QlMfWfLYmtHNnJX6JTYbGh8O8mC1/HCVwY+/NyLd8gYVUjtJz7tn23 PCiRbF6qKqtOz+4gPA1lXU849dlLLau5l+7Y23+40owwfX+0GVjbdaKvu/VfcO0biSAWMR4Z 3xStEbTpxOAj3qDzqISFDWqnjdOX4Vmg/fIBmj8CHeSQiTfkNnNyKH7rgpLycxonBQzu2Vms hwrhGknosSAhXakCvn4d/UExlsi0qvuHIn1fUelnpFTOIlGfBsRKEkjQ5o+a07bW7HAUEcYa FT5crnlbhrmJOhHjrkV0xUsZWRt1gIb2C7q3k5y4eoOmJt7QREJmMjtboid1k7hecAd6U=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.83,246,1616457600"; d="scan'208,217";a="703815547"
Received: from alln-core-4.cisco.com ([173.36.13.137]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 03 Jun 2021 13:31:33 +0000
Received: from mail.cisco.com (xbe-rcd-007.cisco.com [173.37.102.22]) by alln-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id 153DVXRk022340 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 3 Jun 2021 13:31:33 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xbe-rcd-007.cisco.com (173.37.102.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.792.15; Thu, 3 Jun 2021 08:31:33 -0500
Received: from xfe-aln-003.cisco.com (173.37.135.123) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Thu, 3 Jun 2021 09:31:31 -0400
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (173.37.151.57) by xfe-aln-003.cisco.com (173.37.135.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.15 via Frontend Transport; Thu, 3 Jun 2021 08:31:32 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Th7JuBokwwTY7f/8+oAZx+SfKNrB2Y9EOP+AS5dWmGjIxH+9br0+nreEi/5mJmcCpgY7WI7oVrrEo1i27NNow89uKhT05pt1IFcYivwFsX7TonFJZ0LcHiFkCh4XZR9r7U9VLi8C/lOw7SH49Z61mm5p74hlY5uiQ4M+zqWccvWvteFommNoBirKipS5YSxMMjGH3QfbrYjC5gF1Up0z3/QKsTJj+PIEMmvEItvAHA3BsKR58xKDVlWHmoAlQsvqgIQ1um9+AxmHYnNDKksHZi7CytNNj1ciCKDnHiG9IzyK7eDX5iqkG4qdhpTLvmnOZWYpl5Kq+mvd3XKzJwYsPw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oiQPHLIA68Q6ozaWrFdJiT+Ldw4OJ40Aon0vm1ffHSg=; b=QtRkqiPDEnS8saXh7ziunh42xn9OMK94KvaZE3irPFGgR/JuxH7A8739uync5+nVP8bFiV9GW1jjI4apSKU7OG+nqEx/Pt7IGJhnky2MyA76074esvQJ2ceaGpEKO7R1Yr0ObFR8HN4NsqF9MtjIOcVR3d6+AixTEsx+EGd9R2y5pSn2HAFw08RxpuKMl/cs4AbLY28T8eHSG6gg+q9PavvQZxIfb6VbN4zwPcdzDf1zHvMWXJ6tXGFMtDSe5h1p/JGHIpKT++Ow8xUxNujuZL2i9xYLRZLZG+39WihHtG/eT8Uk+aWcAx+f3diEwLgrDlGcw8Kk25ru8g4fJhLnBQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oiQPHLIA68Q6ozaWrFdJiT+Ldw4OJ40Aon0vm1ffHSg=; b=g98SOFjEqYzqLwlzuMkGGP7DQVjgoPs0Pt5N1/n57rHhQALI4GK0i4lYkABcSOty8NdNX9tIRqKyCLJl9xq/oL5r4sbe5OJe/Nw6zecIPeWqHzW4boi/OlunOV8n0m6A3/e+r6o3tEqjopHYelppf0mpjYYhMcb8jeiXCb3Pjok=
Received: from DM6PR11MB4692.namprd11.prod.outlook.com (2603:10b6:5:2aa::11) by DM6PR11MB2858.namprd11.prod.outlook.com (2603:10b6:5:bd::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4195.23; Thu, 3 Jun 2021 13:31:29 +0000
Received: from DM6PR11MB4692.namprd11.prod.outlook.com ([fe80::7065:61fa:d9c5:d7ba]) by DM6PR11MB4692.namprd11.prod.outlook.com ([fe80::7065:61fa:d9c5:d7ba%9]) with mapi id 15.20.4195.024; Thu, 3 Jun 2021 13:31:29 +0000
From: "Zafar Ali (zali)" <zali@cisco.com>
To: Benjamin Kaduk <kaduk@mit.edu>, The IESG <iesg@ietf.org>
CC: "draft-ietf-6man-spring-srv6-oam@ietf.org" <draft-ietf-6man-spring-srv6-oam@ietf.org>, "6man-chairs@ietf.org" <6man-chairs@ietf.org>, "ipv6@ietf.org" <ipv6@ietf.org>, Ole Trøan <ot@cisco.com>, "Zafar Ali (zali)" <zali@cisco.com>
Subject: Re: Benjamin Kaduk's Discuss on draft-ietf-6man-spring-srv6-oam-11: (with DISCUSS and COMMENT)
Thread-Topic: Benjamin Kaduk's Discuss on draft-ietf-6man-spring-srv6-oam-11: (with DISCUSS and COMMENT)
Thread-Index: AQHXWB1WbokOwVREd0Kll/P8P4AmS6sCBjoA
Date: Thu, 03 Jun 2021 13:31:29 +0000
Message-ID: <B193899F-14E5-4D9B-99EA-99B54F303C4C@cisco.com>
References: <162268609064.11866.12543243198460223644@ietfa.amsl.com>
In-Reply-To: <162268609064.11866.12543243198460223644@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.49.21050901
authentication-results: mit.edu; dkim=none (message not signed) header.d=none;mit.edu; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [47.185.233.68]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7202c012-dbe2-43da-830e-08d92693e50a
x-ms-traffictypediagnostic: DM6PR11MB2858:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DM6PR11MB28583DC7885D40FDE65145B4DE3C9@DM6PR11MB2858.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: DY6yEYDLyeZmX/1Ct4r/6MldP48ZVfAWJOgvh8aHHLaO0Fo9+0yz1pKhAc/dqGpbeEIydw6xDbUhNB5aMSbjqmsha1MWFO5BLAzf0vZUGNmzobek3s0+ildzia4pMMXyiI9fS1dBl96OLtUAioKEHO0kV4dDy4s/r3XHVAEO8Iciw0oVAo5rIIF5xFHpIaghxWhOBMyhrtc5TopNmOyCmOXXGcT0qr/6Ex8DRHgOcAJMa+JLw70FSoh6gu4PAwNAJndRvHvjzhzR60hniXYGm2PdTpbAqe3p39jwW7XdYyq5B+x+Z4LDbooc6Dr3ZJZL8ICc8wIELE0hmvgdPC4gAumQHsi1Ex2OR50dmy6L4ht2ni4JQkVO9dMHw2Lso9XqP+8NigY6vMQ3l/WJzTorG6TPPSiO8I15Nue1X3y0cZfdCdTDso9JQITUIOYu8owCzhcvWrNOqkZHljE9yhrtekklSFQFy2UMvEBB1se7QD/2hil7+UUhDytzbzubXMgjQdPxx5y/f4fg0sa/tTTb7ks8gOYt+ug8apOl1n8NIthtbH9uBlb1NmUtBLXgLTG6KbEpA4qAByHhOBFZyP4eMXgYMCQpUWkhKCKdanvd36My1Byepu8tVpDggFB4y7zmPtdLqqpJpFtK3DbVGM3ZEgevZ99HMQ0bY2S4yC4H4Y2EH+NlBVWHeZQJFrHBd5V/iVTolsC49fsnCmHrAOfg7n6WnWt2wNAVHjF3pGS6BU+DcvyuiK586Q4GnHu+8YAbLzwYNun+PyfXlSFH4wRGofpAFa62QheVYivxcdcpOEHPTeXBaJXO/iDnucT5pyGX
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB4692.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(396003)(39860400002)(376002)(366004)(346002)(91956017)(54906003)(316002)(110136005)(76116006)(6486002)(9326002)(6512007)(8936002)(2906002)(8676002)(86362001)(36756003)(166002)(71200400001)(66476007)(5660300002)(26005)(2616005)(107886003)(122000001)(83380400001)(38100700002)(66446008)(21615005)(30864003)(66946007)(53546011)(33656002)(966005)(64756008)(478600001)(66556008)(186003)(6506007)(4326008)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: oY+MdJ3uc5EaQTDoVeuKV87QjGLaylJyZvk3Q6Kvhqglv+Iu8ZJrbCSwVtSlYgjgYQSY3tTT2nAqtmxoPVoNeEeeTA8KEtwoHiS11nwobuxU3kXEhkw5fCkSlWWgkQkd34adcj2r07LvqOFOTs/xwLFK4WpVu56qbKx5xcRG6D2f3ERPkTfKYgQ+QfT3TieJVvC6PFR8HJn4w1Q9O2DiMvlR9DZ9hPV90WTo1WLxCjdvfKG/POS4KdHQ35hXU6ws1aB7BnqtKM+VyuvPlPYsnLWeJ40NDhCQZJOSBU2JR/ssnpqjzlwexMiuKsa3wOw7Hellsw4+9RAJABLfF30HGYjZWzXegAOgjIoNtel0f+FVoXJisAJ5z+Gu0bxGlNtnKfmGFBQWhLnEYZ/HSOYjwZbtIMMF8P/YbKD0n2MjaZQ0AIinKlXfFSFTrrb/4VH+aCeHN4IaJky0xNUMAM6YbyxpXatqChb0c4nMS2UacGwm6CNC2GrvFbRlw4HLAtmx8JVK+PqwSKQMFhny42In6qBr53vsuCTX9ZTpKfMpefrTt5UF29pYQp5pkUHbNPJz7oJnsViyvgKmOYAfD8a8wprTswp9cs5xy4JtXq9mmf1pHLpwEoVHdtMpl+RmjvlGjFMiCMY8ma8KV24QVOE0cgs9ycFJNQ3vVHd8YElOu9ozCaz/UyCJsbPksnVyxPE+0t4HJjhDJTjNn4Yb+QktgA0eQYFl9K1cPqU/FbTWRF2CZQDQz6Q2eQDUmRPNyz1RA2S63NAZCFidWuZqLsm4fWI/Yggd1mu6/3DLdkiXX8691DV3Uyfb8JVhOTsJzv1H4VAe/1ksUNVbOh1sV/6667uh1yTV9qL6XsdkbxWCt6qx4BwHWDGvt7ZK+IzQAwlzRRy/yiYjNTQzKP4/UvsXlS5NenH5upS7mQoTaTzCr0j1O5E30z+7+gMYOSYcDTUU3XK7R/jUrs67CiWtDpG1vN3v7FVjjmTCNqHmcDybRq2R5KoqfPxsgwtirEbvz7/eh00cyRSUjO1SsNq6d6fmqhz58ijEX20OU/tZR5DojUUOedV4EB0HwN9m8879iDZZ1sdNbcyB73kw36M2LXO6vPBSZpF5Q1pOZSHnKm//j/rRLg6EwKSR1Wh++auBjYD0HWN1lV/z6uvdCjWdZzuBEBPcMvTPIlvI2EU/b5r4VsDp1MHXCMdweiiBywPtxp+aVlqwQIJfUGRcSXRHPBJeBYbL4ZeTxKFGBBJ/6QpOCdebNvOBkncyzhx+4Idth3HAtEZBJpEWDjNOcUbFsqrfbspx0tvmtdsJFpXs1t8xIHNQ9txMd6cBEkctqOfbk/biY58lpXxS4n6Z58el7b0epw==
Content-Type: multipart/alternative; boundary="_000_B193899F14E54D9B99EA99B54F303C4Cciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4692.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7202c012-dbe2-43da-830e-08d92693e50a
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jun 2021 13:31:29.2503 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: cFV5URtbTQoD3FCtp8sYL1so75W4wVBAjwqSc1Ava7QqFLpun6eloIV02swgnlcj
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB2858
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.22, xbe-rcd-007.cisco.com
X-Outbound-Node: alln-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/oV_5n4SbFWUAfTH_2RiRVm2pdII>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Jun 2021 13:31:42 -0000

Hi Ben,

Thank you for your review.

You are right. The SID may represent a locally instantiated SRv6 SID or a local interface. We will make the following changes to fix (all instances).

Existing Text> If the target SID (2001:db8:B:4::) is not locally instantiated, the packet is discarded

New Text> If the target SID (2001:db8:B:4::) is not locally instantiated and does not represent a local interface, the packet is discarded

Also many thanks for spotting the various nits. I am sorry, these nits should have been spotted before your review. We will fix these nits and do a thorough review of the document.

Thanks

Regards … Zafar

From: Benjamin Kaduk via Datatracker <noreply@ietf.org>
Reply-To: Benjamin Kaduk <kaduk@mit.edu>
Date: Wednesday, June 2, 2021 at 10:08 PM
To: The IESG <iesg@ietf.org>
Cc: "draft-ietf-6man-spring-srv6-oam@ietf.org" <draft-ietf-6man-spring-srv6-oam@ietf.org>, "6man-chairs@ietf.org" <6man-chairs@ietf.org>, "ipv6@ietf.org" <ipv6@ietf.org>, "ot@cisco.com" <ot@cisco.com>, "ot@cisco.com" <ot@cisco.com>
Subject: Benjamin Kaduk's Discuss on draft-ietf-6man-spring-srv6-oam-11: (with DISCUSS and COMMENT)
Resent-From: <alias-bounces@ietf.org>
Resent-To: <mach.chen@huawei.com>, <satoru.matsushima@g.softbank.co.jp>, <daniel.voyer@bell.ca>, <cfilsfil@cisco.com>, <zali@cisco.com>
Resent-Date: Wednesday, June 2, 2021 at 10:08 PM

Benjamin Kaduk has entered the following ballot position for
draft-ietf-6man-spring-srv6-oam-11: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-6man-spring-srv6-oam/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

In Section 3.1.2, we say that:

   o  If the target SID (2001:db8:B:4::) is not locally instantiated,
      the packet is discarded

However, RFC 8754 §4.3.2 seems to say that the next header is processed
in this case.   Only if the target SID is both not locally instantiated
and does not represent a local interface will the packet be discarded,
if I understand correctly.  (Similarly for the analogous statement in
§3.2.2.)


There's also quite a few other internal incosistencies in this document,
such as copy/paste chunks that refer to "N4" as executing a given SID in
a scenario where it is actually a different node doing so, many
instances where a given IP address or SID does not match up with the
addressing structure listed in Section 1.3, places where we seem to say
that an SR ingress node can be a classic IPv6 node that lacks SRv6
capabilities, etc.  Individually, many of
these would be nit-level (and indeed are called out specifically in the
NITS section of my ballot comment), but collectively they seem to
indicate a document that is not yet in publishable state.


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thanks to Dan Harkins for the secdir review and Stig Venaas for the
opsdir review (with observation on the security considerations) and the
authors for updating in response to them.  I support Roman's discuss
position to make the remaining updates.

The setup introducing a couple of the examples mentions the assumed link
metric on the links in question, but none of the procedures we describe
actually make use the assumed metric information -- it seems we could
just as easily omit mention of it.

Section 1.3

      Nodes N3, N5 and N6 are IPv6 nodes that are not SRv6-capable.
      Such nodes are referred as classic IPv6 nodes.

Can I suggest using a different adjective than "classic" for this, perhaps
"standard"?  The word "classic" can come with some connotations of being
old, outdated, or legacy, and I don't think we have IETF consensus that
SRv6 is the next evolution of IPv6 that relegates "classic IPv6" to such
a legacy status.

      A SID at node k with locator block 2001:db8:B::/48 and function F
      is represented by 2001:db8:B:k:F::.
   [...]
      2001:db8:B:k:Cij:: is explicitly allocated as the END.X SID at
      node k towards neighbor node i via jth Link between node i and
      node k.  e.g., 2001:db8:B:2:C31:: represents END.X at N2 towards

What is the "function F" in this example?  My understanding was that the
function would correspond to just End.X (and thus the value "C" for that
16-bit component), with the "ij" information needing to be in the
"argument".

Section 2.1.1

   The O-flag in SRH is used as a marking-bit in the user packets to
   trigger the telemetry data collection and export at the segment
   endpoints.

If it's to be set in "user packets", who exactly is it that sets the mark?

   controller for monitoring and analytics.  Similarly, without the loss
   of generality, this document assumes requested information elements
   are configured by the management plane through data set templates
   (e.g., as in IPFIX [RFC7012]).

Can we say anything about the scope for which the set of requested
information elements are configured?  I mostly assume that it's expected
to, say, configure node A to export some information on seeing the
O-flag, and configure node B to export different information on seeing
the O-flag.  But can it be configured at a finer granularity than just
"node", e.g., at a per-flow level?

   If the telemetry data from the ultimate segment in the segment-list
   is required, a penultimate segment SHOULD NOT be a Penultimate
   Segment Pop (PSP) SID.  When the penultimate segment is a PSP SID,
   the SRH will be removed and the O-flag will not be processed at the
   ultimate segment.

This looks like a statement of fact to me, with no need to strengthen it
by normative langauge.  If you need telemetry from the ultimate segment,
and PSP is used, you won't get telemetry based on the SRH O-flag, and
that's that.

Section 2.2

   IPv6 OAM operations can be performed for any SRv6 SID whose behavior
   allows Upper Layer Header processing for an applicable OAM payload
   (e.g., ICMP, UDP).

What options are available for SIDs whose behavior does not allow such
ULH processing?

   to the correct outgoing interface.  To exercise the behavior of a
   target SID, the OAM operation SHOULD construct the probe in a manner
   similar to a data packet that exercises the SID behavior, i.e. to
   include that SID as a transit SID in either an SRH or IPv6 DA of an
   outer IPv6 header or as appropriate based on the definition of the
   SID behavior.

I think I understand what is meant by putting the target SID as a
transit SID in a SRH (or encapsulated analogue).  I'm not sure how this
would specifically validate that the node is exercising the behavior in
question (End.X here, so switching to the proper outgoing interface).
That is, if I'm trying to ping a given SID and confirm that it does
End.X properly, how does just adding an SRH confirm the cross-connect
part if I am still pinging that SID?  Do I need to target the ping at
the "next" SID in the SID list in order to actually use the
cross-connect?

Section 3.1.1

   IGP metric set to 100.  User issues a ping from node N1 to a loopback
   of node 5, via segment list <2001:db8:B:2:C31::, 2001:db8:B:4:C52::>.

How does a *user* issue a ping (directly) with an associated segment
list?  This seems to no longer be a "classic ping" mechanism as written
... perhaps there is some automated component in the system that
translates what the user put in the packet into a segment list?  Or
should we reference some ping utility that is patched to accept
segment-list input in the vein of Figure 2?
(A similar comment applies to the traceroute analogue in Section 3.2.1.)

   o  The echo request packet at N5 arrives as an IPv6 packet with or
      without an SRH.  If N5 receives the packet with SRH, it skips SRH
      processing (SL=0).  In either case, Node N5 performs the standard
      ICMPv6 processing on the echo request and responds with the echo
      reply message to N1.  The echo reply message is IP routed.

I think the tsv-art reviewer's remark that "the echo reply message is IP
routed" could hide quite a lot, is pretty accurate.  It seems worth
stating clearly that it does not have an SRH so that the reader can work
through the consequences for deployments where there is no native IP
connectivity for the return path.

Section 3.2

   operation at the classic IPv6 nodes in an SRv6 network.  That
   includes the classic IPv6 node with ingress, egress or transit roles.

I'm a little confused at what it would mean for a "classic IPv6" node to
act as the *ingress* role.  What is ingress, if not entrance to the SR
domain and applying an SRH?

Section 3.2.1, 3.2.2

Where do the 2001:db8:1:2:21::, 2001:db8:2:3:31::, 2001:db8:3:4::41::,
2001:db8:4:5::52:: come from?  They don't seem to match the stated
structure for "nth link between node i and j at the i side"
(2001:db8:i:j:in::); was there supposed to be a separate case for "at
the j side" in the terminology section?

Section 3.3

   o  The controller N100 processes and correlates the copy of the
      packets sent from nodes N1, N4 and N7 to find segment-by-segment
      delays and provide other hybrid OAM information related to packet
      P1.

If the controller is going to coalesce timestamped data from the various
SRv6 nodes, we need to have some discussion of the requirement for
synchronized time across the SR domain (or controller knowledge of time
offsets, which is essentially equivalent).

Section 5

   service attack.  Additionally, SRH Flags are protected by the HMAC
   TLV, as described in Section 2.1.2.1 of [RFC8754].

I think we should remind the reader that the HMAC protection is very
coarse-grained, and that once an HMAC exists that allows setting the
O-flag for a given segment list, it can be used to produce an arbitrary
amount of such traffic.

   This document does not impose any additional security challenges to
   be considered beyond security threats described in [RFC4884],
   [RFC4443], [RFC0792], and [RFC8754].

We might add RFC 8986 to this list, since we are using its endpoint
behaviors in our examples.

NITS

Secton 1

   any nodes within an SRv6 domain.  Specifically, the document
   illustrates how a centralized monitoring system can monitor arbitrary
   SRv6 paths by creating the loopback probes that originates and
   terminates at the centralized monitoring system.

singular/plural mismatch "probes" vs "originates and terminates".

Section 1.3

      The IPv6 address of the nth Link between node i and j at the i
      side is represented as 2001:db8:i:j:in::, e.g., the IPv6 address
      of link6 (the 2nd link) between N3 and N4 at N3 in Figure 1 is
      2001:db8:3:4:32::.  Similarly, the IPv6 address of link5 (the 1st
      link between N3 and N4) at node 3 is 2001:db8:3:4:31::.

The expansion of "in" as the contatnation of node index i and link index
n was confusing to me on first reading.  Also, it's not entirely clear
what ordering is used for the "first link" between a given pair of
nodes, since the links themselves are given absolute indices as opposed
to indices scoped to a given pair of nodes.  (Why does 'i' need to be in
the address twice, anyway?)

      2001:db8:B:k:Cij:: is explicitly allocated as the END.X SID at
      node k towards neighbor node i via jth Link between node i and
      node k.  e.g., 2001:db8:B:2:C31:: represents END.X at N2 towards

I suggest using 'n' for the link again (instead of repurposing 'j' which
used to be a node).

(Also, RFC 8986 spells it "End.X" with two minuscule and two majuscule
letters.  Similarly for just "End", as "END" appears later on in the
document.)

Section 2.1.1

   When N receives a packet whose IPv6 DA is S and S is a local SID, the
   line S01 of the pseudo-code associated with the SID S, as defined in
   section 4.3.1.1 of [RFC8754], is appended as follows for the O-flag
   processing.

Seeing "S" right after "DA" primes me to think about "source", not
"SID"; would a different label be workable?
Also, I'd s/appended/appended to/

      Ref1: An implementation SHOULD copy and record the timestamp as
      soon as possible during packet processing. Timestamp or any other
      metadata is not
      carried in the packet forwarded to the next hop.

The pseudocode does not make the inclusion of timestamp optional for
what's sent to the OAM process, so s/or/and/

Section 3.1.1

   IGP metric set to 100.  User issues a ping from node N1 to a loopback
   of node 5, via segment list <2001:db8:B:2:C31::, 2001:db8:B:4:C52::>.

s/5/N5/

   Figure 2 contains sample output for a ping request initiated at node
   N1 to the loopback address of node N5 via a segment list

s/the loopback/a loopback/ (to match the previous paragraph).

   o  Node N2, which is an SRv6-capable node, performs the standard SRH
      processing.  Specifically, it executes the END.X behavior
      (2001:db8:B:2:C31::) and forwards the packet on link3 to N3.

I suggest "executes the End.X behavior indicated by the SID
2001:db8:B:2:C31::".  (Similarly for the other End.X behavior in this
example.)

      If 2001:db8:B:4:C52:: is a PSP SID, The penultimate node (Node N4)
      does not, should not and cannot differentiate between the data
s/T/t/

Section 3.1.2

      processing.  Specifically, it executes the END.X behavior
      (2001:db8:B:2:C31::) on the echo request packet.  If

[same comment as above]

Section 3.2.1

   If an SRv6-capable ingress node wants to traceroute to IPv6 address
   via an arbitrary segment list <S1, S2, S3>, it needs to initiate
   traceroute probe with an SR header containing the SID list <S1, S2,

s/initiate/initiate a/

   IPv6 MTU [RFC4443].  The SR header is also included in these ICMPv6
   messages initiated by the classic IPv6 transit nodes that are not
   running SRv6 software.  Specifically, a node generating ICMPv6

I'm not sure why "also" is appropriate here, since the initial example
involves N3, a classit IPv6 node, returning information for link3.  Is
that not a case of a classic IPv6 transit node that is not running SRv6
software and includes the SRH in the ICMPv6 replies that it generates?

   bound to END.X behavior 2001:db8:B:2:C31:: (link3).  Similarly, the
   information displayed for hop5 contains the incoming interface

There is no hop 5; this looks like hop 4 to me.

Section 3.2.2

   of traceroute mechanism.  The UDP encoded message to traceroute a SID
   uses the UDP ports assigned by IANA for "traceroute use".

I don't think we actually show the UDP port anywhere, so phrasing like
"would use the UDP ports assigned by IANA" might be more appropriate.

   o  When Node N2 receives the packet with hop-count > 1, it performs
      the standard SRH processing.  Specifically, it executes the END.X
      behavior (2001:db8:B:2:C31::) on the traceroute probe.  If
      2001:db8:B:2:C31:: is a PSP SID, node N4 executes the SID like any

N2 != N4; I assume this is a copy/paste issue and the "N4" should be
"N2".

   o  If the target SID (2001:db8:B:4::) is locally instantiated, the
      node processes the upper layer header.  As part of the upper layer
      header processing node N4 responses with the ICMPv6 message (Type:

s/responses/responds/

Section 3.3

      packet to be monitored via the hybrid OAM.  Node N1 sets O-flag
      during encapsulation required by policy P.  As part of setting the

"during the encapsulation"

      processing.  Specifically, it executes the END.X behavior
      (2001:db8:B:2:C31::) as described in [RFC8986] and forwards the

[same comment as in §3.1.1; also later in this section]

   o  When node N7 receives the packet P1 (2001:db8:A:1::,
      2001:db8:B:7:DT999::) (2001:db8:B:7:DT999::, 2001:db8:B:4:C52::,
      2001:db8:B:2:C31::; SL=0; O-flag=1; NH=IPv4)(IPv4
      header)(payload), it processes the O-flag.  As part of processing
      the O-flag, it sends a timestamped copy of the packet to a local
      OAM process.  The local OAM process sends a full or partial copy
      of the packet P1 to the controller N100.  The OAM process includes
      the recorded timestamp, additional OAM information like incoming
      and outgoing interface, etc. along with any applicable metadata.
      Node N4 performs the standard SRv6 SID and SRH processing on the

N4 != N7