IETF Logo Mail Archive

Re: draft-ietf-6man-segment-routing-header-26 violating RFC4291, IPv6 Addressing Architecture?

"Darren Dukes (ddukes)" <ddukes@cisco.com> Mon, 09 March 2020 14:28 UTC

Return-Path: <ddukes@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A3CA3A10E5 for <ipv6@ietfa.amsl.com>; Mon, 9 Mar 2020 07:28:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=P0EoWWEo; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=bjkGHdoM
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JMMMtQYcMOYi for <ipv6@ietfa.amsl.com>; Mon, 9 Mar 2020 07:28:38 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CE0F3A10EF for <ipv6@ietf.org>; Mon, 9 Mar 2020 07:28:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2947; q=dns/txt; s=iport; t=1583764117; x=1584973717; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=gKOt13ga10luYzpoQQUObCz+H1BOU8mNd8V3AVPKkKU=; b=P0EoWWEoXNH6SQWj2C2yEujukdZslJnE79RJx18p9jU2Sqas9LU+ol+Z Y87oEFrVboB6tB0VMqJDXTv2DKydxnNzV5NSdiko1SegKUsOO7sgI6y1C 1XS7ktUnG9OEjHWAsUL/OeLJTPOv6wkY+YxwDdT27J8YhE4pIYxkWwfye k=;
IronPort-PHdr: 9a23:4tZIUBSyiPmm0Scsv6saTRcwRNpsv++ubAcI9poqja5Pea2//pPkeVbS/uhpkESUDNfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH15g640NmhA4RsuMCEn1NvnvOiA2AcdPT3du/mqwNg5eH8OtL1A=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BxCABFUWZe/5hdJa1kHQEBAQkBEQUFAYF7gVRQBWxYIAQLKgqHUQOKa4JfiWOOMoJSA1QJAQEBDAEBGA0IAgQBAYRDAoIOJDgTAgMBAQsBAQUBAQECAQUEbYVWDIVjAQEBAQIBAQEQKAYBASwLAQQLAgEIEgYeECEGCxcOAgQOBSKDBAGCSgMOIAEOnFQCgTmIYoIngn8BAQWFAg0LggwDBoE4immBQxqBQT+BOCCCTT6BBIEXSQEBAgGBYoNDgiyNbwShcUQKgjyHUopehDYcmzWXcoIxkCQCBAIEBQIOAQEFgWkigVhwFTsqAYJBUBgNjh0MDAsVgzuFFIVBdAIBAYEljDABgQ8BAQ
X-IronPort-AV: E=Sophos;i="5.70,533,1574121600"; d="scan'208";a="458924723"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 09 Mar 2020 14:28:36 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by rcdn-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id 029ESai2021327 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 9 Mar 2020 14:28:36 GMT
Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 9 Mar 2020 09:28:36 -0500
Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 9 Mar 2020 09:28:35 -0500
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 9 Mar 2020 09:28:35 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=P94bxyq34TgicQy6GmjKqJZflUCMiGsIfVfs4BazcViKNQB1gQhoa0Iq1RLiDnXnGAkC9AIOkt/445EFvBrFLUl4yQPEozafiED2d4ynIz7sXfKex/FENVd9UbUBAoypLa1xTUKsZs+ytW8VYnd4mY0AnE0Ws+3uKk+lqXIS+CdmXtXcNI8A3kGe6BFvqozfgw9eLcZ49TBvDsD9ZeE9OPbm6WmjktX4FjtD0yAEEGVvKiAGMWprUjie7NWvHA9tzwVWZzL9s+/T1yOWR0VFwavDyS5piAQI/k4RRY4odsHsuM+RlEx0Z5Ak6aF1W9VXp/r5JiUJvYgOPaLxb2o76Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=LUjVtTyjUXnVRUFRoxKJymSnPKreloM7TSmj45NJIS8=; b=irXRI6mTIGMNUxKQnfcmvQU+jlju3WeEGv5IF4IfMPvX6pr8Rj18l/Rl0jnjMI90iS7PNh1ySpswZQUZ3A6hW/b1oNbEQwJAI9jWQ+nkHvC2ixJGQO+iV+jxae/v5WiL5fWxEWv1LIcEKeHq0zSVwyBVoPxpK6Is5YM1gkwrZ+elCcOxvRihR5vFPMV5l7/Kw0Tu05iXf1Ghq9vQDwzI85uXGYY8TjkrxejkN3fCBWCyk2KPfvdktzNVu8fCWtNAibCfq0U8iMwFzGRz9xWBPB+MJ7W1HqMyyQ9iOarllfudXco/P8Od6FLFLwPtBrJR4xnRjGq9hf1VbAceMvKUgA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LUjVtTyjUXnVRUFRoxKJymSnPKreloM7TSmj45NJIS8=; b=bjkGHdoMdrbh8JDiDx9J0X5X5pGagEr8BEU1jyfCXZcr/vBlSaGVxLgMd85ROJlmUqjOtxGS1IJ1sQ34WMd+jZkNNUE+EdnWwixpnGWQPG8pkPfkT7YgrKePw887zk3+gGYOIyqO5KD7gAp1d8tkDaKSCnxpdwvTo0XyY3i4eo8=
Received: from DM5PR11MB1818.namprd11.prod.outlook.com (2603:10b6:3:114::9) by DM5PR11MB1675.namprd11.prod.outlook.com (2603:10b6:4:d::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.17; Mon, 9 Mar 2020 14:28:34 +0000
Received: from DM5PR11MB1818.namprd11.prod.outlook.com ([fe80::4d47:30fc:1b10:3db8]) by DM5PR11MB1818.namprd11.prod.outlook.com ([fe80::4d47:30fc:1b10:3db8%12]) with mapi id 15.20.2793.013; Mon, 9 Mar 2020 14:28:34 +0000
From: "Darren Dukes (ddukes)" <ddukes@cisco.com>
To: Mark Smith <markzzzsmith@gmail.com>
CC: 6man WG <ipv6@ietf.org>
Subject: Re: draft-ietf-6man-segment-routing-header-26 violating RFC4291, IPv6 Addressing Architecture?
Thread-Topic: draft-ietf-6man-segment-routing-header-26 violating RFC4291, IPv6 Addressing Architecture?
Thread-Index: AQHV9DEtyssIk3xONkKzJ07M0HVK4KhAVaOA
Date: Mon, 09 Mar 2020 14:28:34 +0000
Message-ID: <226A1DDB-2BF9-4F55-81A0-277E4FBB352A@cisco.com>
References: <CAO42Z2xKWYB4F5Fd735E8xTL+KLZBVO73FjKyVqj8fy2uJkNsg@mail.gmail.com>
In-Reply-To: <CAO42Z2xKWYB4F5Fd735E8xTL+KLZBVO73FjKyVqj8fy2uJkNsg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ddukes@cisco.com;
x-originating-ip: [161.44.192.52]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 8c097b5b-8137-45ab-5296-08d7c4362636
x-ms-traffictypediagnostic: DM5PR11MB1675:
x-microsoft-antispam-prvs: <DM5PR11MB1675B25305ABC95270FC6D86C8FE0@DM5PR11MB1675.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0337AFFE9A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(366004)(136003)(39860400002)(376002)(346002)(189003)(199004)(71200400001)(6506007)(53546011)(6916009)(2616005)(2906002)(6486002)(316002)(478600001)(76116006)(91956017)(66476007)(66946007)(966005)(64756008)(66556008)(66446008)(33656002)(86362001)(81166006)(81156014)(8676002)(8936002)(6512007)(4326008)(36756003)(26005)(5660300002)(186003); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR11MB1675; H:DM5PR11MB1818.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 7WsDj0ciiE5V/MA1dl11a1nya5z9jwg2i0D1KYrc8YdWIqB5VGD+t3M0Klo7G5GNh2A6rkmGHWlDGhOnbtVhxmQx1ECgSk9Ix2hqEol/QbQ1GowH1s/0/VLhUFxK04DmP/tHx70lP2Cal0k7bV2MwrzFPzrV/77p4g2f21IABkbmXClLxnX80yWgAaPT+mWld1LdMhnGn5N5hBiunPtADYh+vWHli5Bg2EOC9GnCVDze4rmqCpKat43IMprJRVgPiNO0xF5gsJTfGL4MYru8nPvmPUqo20j1B5nstBPAez13VSRhWEj8MT9frOti/+X95vdYjHC5+KCexrCFKCvmaC468Pi2cVhQ1bpxRrO1aN0Zab5rtjvuDPm3ugNSgyJGE99dx4Q328YMK53MDhBrhFDkuQ38URb+saQW8pw/0Z1Qow8nw5Uhy6fGjtlD/H3tGyhHgQrPfN+aN5rpaksqVsLhaLVva0N3gcHGTyx92YT52NLS3dfOwMPeImD6vjKRIV0Bfhw8wBqu8cIevgaSig==
x-ms-exchange-antispam-messagedata: XwHVxlJ169SHbqYfhv2w9SZ0z1sV1jBZgaG3XZnY9B0z/hcO+TJgcBlmI6UOkJj6gu0dp6V/Xa1xqm571Vy9QLBRV+zyB6dIu8Wk4r3KwbfGvT8ZG36YLjrF7mvhvLV69kpjQtmLX/WyO/zkBbM72w==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-ID: <566AED3D6D254C4F81F4021BC814ABEB@namprd11.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 8c097b5b-8137-45ab-5296-08d7c4362636
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Mar 2020 14:28:34.3277 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: KUGiEjs5s+Apl/Zljje5lkY626KJaDVn2yVgLNnEnRlqXMgaPVUBMEIyPXwaXLhsZuaEhitJWGhwf7OwJsAl/g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1675
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.11, xch-rcd-001.cisco.com
X-Outbound-Node: rcdn-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/sN7vWknqBBBk1Z39T-0uOUlnmUM>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2020 14:28:51 -0000

Hi Mark, the working group discussed the association with RFC4291 and closed it with the text in the document.

Besides, and as you note with your IPSec reference, this is a local implementation decision.

Darren

> On Mar 6, 2020, at 10:32 PM, Mark Smith <markzzzsmith@gmail.com> wrote:
> 
> Just to pull it out of my last response to Joel for discussion,
> 
> "It only occurred to me yesterday that SRH/SRv6 might also be violating
> RFC 4291, as it seems that when SIDs are transformed into IPv6
> addresses, those IPv6 addresses aren't assigned to interfaces but
> rather nodes:
> 
> RFC 4291:
> 
> "2.1.  Addressing Model
> 
> IPv6 addresses of all types are assigned to interfaces, not nodes.
>   An IPv6 unicast address refers to a single interface.  Since each
>   interface belongs to a single node, any of that node's interfaces'
>   unicast addresses may be used as an identifier for the node."
> 
> 
> draft-ietf-6man-segment-routing-header-26:
> 
> "4.3.  SR Segment Endpoint Node
> 
> When an SRv6-capable node receives an IPv6 packet, it performs a
>   longest-prefix-match lookup on the packets destination address.  This
>   lookup can return any of the following:
> 
>       * A FIB entry that represents a locally instantiated SRv6 SID
>       * A FIB entry that represents a local interface, not locally
>                                       instantiated as an SRv6 SID
>       * A FIB entry that represents a non-local route
>       * No Match"
> 
> It would seem to me that the first match bullet point is effectively a
> node IPv6 address match.
> 
> [...]"
> 
> Compliance with RFC4291 could be achieved by assigning a prefix to a
> virtual interface, effectively assigning all of the addresses within
> the prefix to the virtual interface.
> 
> I've proposed that sort of thing in "4. Addressing Tunnel Endpoints"
> of "Skinny IPv6 in IPv6 Tunnelling" -
> https://tools.ietf.org/id/draft-smith-skinny-ipv6-in-ipv6-tunnelling-00.html#rfc.section.4.
> I also discussed some issues related to address selection in that
> situation.
> 
> A significant operational advantage of assigning a SID prefix to a
> virtual interface would be that then all of the things that use an
> interface as a handle becomes available e.g. interface packet counters
> and being able to query them via SNMP, interface assigned packet
> filters/ACLs, etc.
> 
> Early Cisco and Linux crypto/IPSec implementations didn't use virtual
> tunnel interfaces to represent IPsec tunnels. They became much more
> operator friendly when they did.
> 
> Regards,
> Mark.
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email