IETF Logo Mail Archive

Re: CRH and RH0

"Darren Dukes (ddukes)" <ddukes@cisco.com> Wed, 13 May 2020 17:49 UTC

Return-Path: <ddukes@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DD753A00D8 for <ipv6@ietfa.amsl.com>; Wed, 13 May 2020 10:49:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.597
X-Spam-Level:
X-Spam-Status: No, score=-9.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=fYxZxu86; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=RFJcSWOq
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aF4ttY-OZz3E for <ipv6@ietfa.amsl.com>; Wed, 13 May 2020 10:49:07 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B13613A02BB for <6man@ietf.org>; Wed, 13 May 2020 10:49:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=25847; q=dns/txt; s=iport; t=1589392144; x=1590601744; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=D9KJhCyIlhJuImkFqZGIDO9fWKMKea67CTO7uFEltlk=; b=fYxZxu86wBzfff8N1pQvVbZgPdZBvyELp68Ow6Ph9kEYy6//lr2l8NYZ JD+c6YpytBCsfvUeYn4Cum89YE/3KjnNA3fOAcKW5F+7jHPZjsVb7kxJC wQQety9y++cu5fIVwRa1/qgLDllOxuQL2ASH3y+PtmFc5NR4Hzw17IadA o=;
IronPort-PHdr: 9a23:asJjlRC9M7V0s0DxBZYUUyQJPHJ1sqjoPgMT9pssgq5PdaLm5Zn5IUjD/qw03A3LQIPa8/9ezezbr/OoVW8B5MOHt3YPONxJWgQegMob1wonHIaeCEL9IfKrCk5yHMlLWFJ/uX3uN09TFZX8elvTunCoqzgfBka3OQ98PO+gHInUgoy+3Pyz/JuGZQJOiXK9bLp+IQ/wox/Ws5wdgJBpLeA6zR6arw==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DmCACHMbxe/5pdJa1mHgEBCxIMgXwLgSUvUQeBRy8sCoQbg0YDjT2YN4FCgRADVAsBAQEMAQEtAgQBAYREAheBdyQ3Bg4CAwEBCwEBBQEBAQIBBQRthVYMhXEBAQEBAxIRBBkBATcBCwQCAQgOAwQBASgDAgICMBQJCAIEDgUigwSBf00DLgGmZAKBOYhhdn8zgwEBAQWCSYJvGIIOCYE4gmOHE4JMGoFBP4E4HIFPTjA+hBkBCwcBIDeCXjOCLZFahiGKcpAUCoJLmDIdglyNbox+kgGYFoNFAgQCBAUCDgEBBYFoI2ZwcBU7KgGCPj4SGA2QQAwXg0+KVnQ5BgEIgQmMAweBLgGBDwEB
X-IronPort-AV: E=Sophos;i="5.73,388,1583193600"; d="scan'208,217";a="505588613"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 13 May 2020 17:49:03 +0000
Received: from XCH-ALN-005.cisco.com (xch-aln-005.cisco.com [173.36.7.15]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 04DHn1o2020657 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 13 May 2020 17:49:03 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-ALN-005.cisco.com (173.36.7.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 13 May 2020 12:49:03 -0500
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 13 May 2020 12:49:02 -0500
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 13 May 2020 13:49:01 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UB5OO/TCvY8bgFraxiSaOCN5k9jkWy+wG3ZRTHuDY3do/C+VhHykZ7qPWpz42FzixGheJcKNa5M50w8auMHaPa5IoTntiEo9ppJrNr0aR1RWljBmpQnE9d4TQ1M93tXNmjvI8ZFxAM/HS2zwvMtoIbAdxBuXAb8n49uyzUALSIhSu3ksEGFZJ8l5XUP7cFB/TWqp21QD7nXoCOIAD5M0gMBLwywNI6G95szhFqkiyz+g6y+3pHL6/egGnoQrNRUQu+hOF0Ky01HYACDeXP43TzT/xI2XP6iz/WJNUmYkchalkZ1erT2/Kk0b2dwEq041F8qp12sfXNL5DHsjWeSM8Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=D9KJhCyIlhJuImkFqZGIDO9fWKMKea67CTO7uFEltlk=; b=SWQ2J74Annn93qursqvN0SlZ8hq+u+qMRH+gblbRnS++hTF0ZpYvWYwzOFWxR+XsmiaND8VOuzVFJ9Rh2lPm+Q5OBLJd5fuXPCrRynha7v6MEj9bH42qu60glMJHqifmexZ3Xbn+SVJ8VnwNsbC7aPfDl36RFLWiI+tiWLSgKPdHhs0bOmpBygz0MMmUdcbhPYKkEqWWanY3c3/2ZFa/q15Pyvs3yd+NNsxH7QVECXUKsGRoNFmxRSi0/Dan0eMRKJEVDgiX028KgEiAAHsCjegLybr0+hjXRFPMzOkz1vo34XLTo2/oPpjA02DL2hqDZEASBR/KpUBjfnEKCkDxMg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=D9KJhCyIlhJuImkFqZGIDO9fWKMKea67CTO7uFEltlk=; b=RFJcSWOqATyoxuL2pimgQ7x5kYetv9gVcw4CkiHfzCwoGR0DosQTZJhEXaQuxS1NHV6Er5qsxYQEiXejX5j/KoqPBofUZaBdP9cITW8hQJAWWns/OoUL7o78HA6sqQjZfLNLb8tRPiA6uNDjOgVquuH4VJcvcicp2oAV4fbdznk=
Received: from DM6PR11MB4090.namprd11.prod.outlook.com (2603:10b6:5:195::10) by DM6PR11MB3594.namprd11.prod.outlook.com (2603:10b6:5:13b::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.24; Wed, 13 May 2020 17:49:01 +0000
Received: from DM6PR11MB4090.namprd11.prod.outlook.com ([fe80::40f5:a11d:2b0f:282d]) by DM6PR11MB4090.namprd11.prod.outlook.com ([fe80::40f5:a11d:2b0f:282d%7]) with mapi id 15.20.3000.016; Wed, 13 May 2020 17:49:01 +0000
From: "Darren Dukes (ddukes)" <ddukes@cisco.com>
To: Ron Bonica <rbonica@juniper.net>
CC: "otroan@employees.org" <otroan@employees.org>, 6man <6man@ietf.org>
Subject: Re: CRH and RH0
Thread-Topic: CRH and RH0
Thread-Index: AQHWKIre6MbB3sWObEy3ynEKfIXZ6KikxkmAgAAGFwCAABYQAIAABw0AgAAQLICAAUmygIAAASIAgAAH/gA=
Date: Wed, 13 May 2020 17:49:00 +0000
Message-ID: <5396F13B-BE31-4B08-A369-E3D021C32BE3@cisco.com>
References: <4EDFE9A2-A69C-4434-BB0A-960C2453250F@cisco.com> <DM6PR05MB6348FE6E3A45320C2A47EB66AEBE0@DM6PR05MB6348.namprd05.prod.outlook.com> <8068EBE1-38DD-411E-A896-EB79084BBCC4@cisco.com> <DM6PR05MB6348326B0F72A009DB4F7746AEBE0@DM6PR05MB6348.namprd05.prod.outlook.com> <942AF8C7-079E-4C81-95AB-F07A182E8F19@employees.org> <DM6PR05MB63483621F4AD3DEACA6FAF35AEBE0@DM6PR05MB6348.namprd05.prod.outlook.com> <4CDC2EA7-6817-40F9-B973-3777D159DAE2@cisco.com> <DM6PR05MB6348929B54C1C4D5275DC6B5AEBF0@DM6PR05MB6348.namprd05.prod.outlook.com>
In-Reply-To: <DM6PR05MB6348929B54C1C4D5275DC6B5AEBF0@DM6PR05MB6348.namprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3445.104.14)
authentication-results: juniper.net; dkim=none (message not signed) header.d=none;juniper.net; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [198.84.207.201]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5a2e75a2-ced1-4d3d-8772-08d7f765eb7e
x-ms-traffictypediagnostic: DM6PR11MB3594:
x-microsoft-antispam-prvs: <DM6PR11MB3594AC83E164246D856EB952C8BF0@DM6PR11MB3594.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0402872DA1
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4oRfgdLvb+8U44OH5CGfz0wG2KbXID4xwOUcQ0rXnh4pcENeGQnn+eqDRxQp6XGheje0fGM5Zk1rUBxMyKUPvP3S4UwH+SO6hh/w/MzRREDxT1o7sc8PyGSruoQp68Mzh7V+eQvz/sEPX2WDMIlOCFa6uUppP5Qr57SWRwtFv9jTIBOUE9hdbgCP8QB+xtgt6uOAL1Ma45hOk8+yMAosVJfKJeK246fF5uy2M97rhuTZtQbV+VHjJ9k9oOrQnmefrTDs38Q7Luw9f/J0LOHlTjCY2wtAjoi+31lyTHBtkN8tMXhCY1L3KJO94/Tm9bqXT3OkinqgipaBOF3G6m7rb3e9u829QjeiFxzTzT/4lwDCpgy1+9tKUtBjblyA3NH5SxecpHcmnhiibKLht47bqbg2BuzltXWL1NjZVPouuOngwGGhjk40tAC7f7/YgpaPbJyMSwsEhoKTttpED/zSZqhQIysMlNuNCQuBGZPLrgl4+uaQQ/qG+BOKx1+xEJ/wItQ4zVzlyuNllmwgzbZEYw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB4090.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(376002)(396003)(366004)(136003)(346002)(39860400002)(33430700001)(8936002)(54906003)(316002)(8676002)(53546011)(6506007)(5660300002)(2616005)(26005)(186003)(33656002)(66574014)(66946007)(76116006)(91956017)(66446008)(6486002)(66556008)(86362001)(71200400001)(33440700001)(478600001)(36756003)(64756008)(66476007)(4326008)(6512007)(7116003)(6916009)(2906002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: Lde9CFwelO2uq1STWoyVCHGOnJ7QwcoGzs6w85kIid5KiRV4WTe7QZP5Lu8ajGILG4QLQkVAEpYg5WxlTKu0qlc763vyKPW0mZSBQzE4gIPLtWjdpPgEyrhX4qXOLD05R/uga2gtYn0JpFPnUvqeu8fHFyQrvb/nDVfCpyxbfZg0ZxfR6vBy2dQ+/e1u4lPE77usealvc1jSkdlw5LIWlHwO3onLQAffHAY26VqvxClWkwzbxu9ZfgBtZvmlzcKy+TV5h3fnaj/JcoMz7o8dhtsmtYgbKzJbPRGeKdW1qB6O/DcFYpMPnBUNNo3Cl4wkiLHgfMC93V1f8f/CIJpz4p859gAyI0W5kHybLs6LPYLMxDjlU+OSylg4tSN+1zAplc2JnhDeIx54P+2uzCOjvHEquoLfQWjsIQsg3J70VeDJdpROXb/yRn9plnbg0j0TyP+Mh1a1qycnh7FRbmJ2KMiNkpkhtgqbfwSV48pggikHHw9IUEQN68sKGnNeu+cP
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_5396F13BBE314B08A369E3D021C32BE3ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 5a2e75a2-ced1-4d3d-8772-08d7f765eb7e
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 May 2020 17:49:00.9990 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: NmlD/K1zFNhMlgkwmzUJo5XcDFZZW8nrIZA1favnt7pLfL7luPCPg9dxbS+BAT1y/0bK8SkWrlWSd5OppghH9w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB3594
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.15, xch-aln-005.cisco.com
X-Outbound-Node: rcdn-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/wtg11CR7F_sD0kOeV8gd9Iv00b4>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 May 2020 17:49:10 -0000

Hi Ron.

Just what I said…
So I'm hoping you'll update the draft so I can understand a bit more:
- CRH has nothing to do with RH0.
- CRH operates only within a limited domain.

Anything else to clarify from others comments would help too.

Thanks!
  Darren

On May 13, 2020, at 1:20 PM, Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>> wrote:

Darren,

What updates do you suggest?

                         Ron



Juniper Business Use Only
From: Darren Dukes (ddukes) <ddukes@cisco.com<mailto:ddukes@cisco.com>>
Sent: Wednesday, May 13, 2020 1:16 PM
To: Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>
Cc: otroan@employees.org<mailto:otroan@employees.org>; 6man <6man@ietf.org<mailto:6man@ietf.org>>
Subject: Re: CRH and RH0

[External Email. Be cautious of content]

Hi Ron,

I'm still trying to figure out where you're going with this.
First it was SRm6, then an RH0 replacement, then not an RH0 replacement (in the 6man meeting), then it sort of is...

So I'm hoping you'll update the draft so I can understand a bit more:
- CRH has nothing to do with RH0.
- CRH operates only within a limited domain.

Anything else to clarify from others comments would help too.

Thanks
  Darren

On May 12, 2020, at 5:36 PM, Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>> wrote:

Ole, Darren,

The CRH is a general purpose Routing header that operates inside of a network domain. In the sense that it is a general purpose routing header, it replaces RH0. In the sense that it is restricted to a network domain, it does not replace RH0.

If adding these two sentences will cause you to support the draft, or at least not object to it, I will happily add them!

Are these the only objections?

                                                                                   Ron



Juniper Business Use Only

-----Original Message-----
From: otroan@employees.org<mailto:otroan@employees.org> <otroan@employees.org<mailto:otroan@employees.org>>
Sent: Tuesday, May 12, 2020 4:38 PM
To: Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>
Cc: Darren Dukes (ddukes) <ddukes@cisco.com<mailto:ddukes@cisco.com>>; 6man <6man@ietf.org<mailto:6man@ietf.org>>
Subject: Re: CRH and RH0

[External Email. Be cautious of content]


Hi Ron,


The answer to your question is a bit nuanced. My goals were to build a general purpose routing header that overcomes the RH0's limitations. Those being:

     - Its size
     - Its security issues

Now, is that a replacement for RH0? In one way, yes. RH0 and CRH are both general purpose routing headers. In another sense, no. RH0 is meant to traverse network boundaries. But RFC 5095 taught us that letting routing header traverse network boundaries might not be a wonderful idea. So, CRH is restricted to a network domain.

If CRH could be a RH0 replacement, you would have to show how the tag distribution mechanism would work across the Internet?
RH0 was supported in every IPv6 node, given the requirement for a tag->IPv6 address (or is it forwarding method) mapping, I can't quite see how that would be done in a general enough fashion for CRH?

I don't think RFC5095 taught us that source routing cannot be done across the Internet.
In fact I don't see how the CRH draft prevents the RFC5095 attack to happen inside of the CRH limited domain.
Just send a packet with a list of tag#0, tag#1, tag#0, tag#1 and you have the same amplification attack.

And now I return to my original question. When engineering students read the CRH RFC in 25 years, will they really care what my motivation was? Why should we burden them with this detail?

To the contrary. Take the motivations and intentions behind IPv6. We have spent thousands of emails trying to decode what the original intensions with EHs and their limitations were, why the minimum MTU was 1280, recently I saw a thread about the reasons for why TTL/HL and protocol/next header was swapped between v4 and v6. If your protocol is successful, the original napkin it was designed on will become legend. ;-)

Best regards,
Ole

v2.23.0 | Report a Bug | By Email