Re: IPv6 header insertion in a controlled domain
Gyan Mishra <hayabusagsm@gmail.com> Mon, 09 December 2019 09:05 UTC
Return-Path: <hayabusagsm@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E80312016E for <ipv6@ietfa.amsl.com>; Mon, 9 Dec 2019 01:05:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 60LfA5zeh6n3 for <ipv6@ietfa.amsl.com>; Mon, 9 Dec 2019 01:05:01 -0800 (PST)
Received: from mail-il1-x130.google.com (mail-il1-x130.google.com [IPv6:2607:f8b0:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4572512013B for <ipv6@ietf.org>; Mon, 9 Dec 2019 01:05:01 -0800 (PST)
Received: by mail-il1-x130.google.com with SMTP id z12so12025249iln.11 for <ipv6@ietf.org>; Mon, 09 Dec 2019 01:05:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QhvfFaSfZ1xaFYNOFiQW6Cg9Z6KLBeX90RLVUf77M18=; b=Fs/Lc4WafYPRanB0eUqUM8cXH4EjLIdOajQgKY865Wci2unbIvZkIqhSdge2F68TLT PorjcPhu8jyYXvy8J6FI8QuM4+uajyb9d0sggDl8TPZt2elI1Q09J5sRLnHLSIk7w71Y UlGBHKE+QhIfK9zzTSqZKgs1W0B6i0eaX2fZxgDAZIKxBP6RLETyFwLaDOhRnTB6SStQ t3vStS8Ji5n88wINJrG0M4YM8gOnqzS1bUWKOkZj7ilaMvGQIki0TgDJvLvsA62SbnHM tDy4iPEENLyLYgS0RvO+UX376Yre5A1UfZt4AHWpA1+NH8DY9SVqF00VTxArkKkEuuKC ECOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QhvfFaSfZ1xaFYNOFiQW6Cg9Z6KLBeX90RLVUf77M18=; b=XpME36OC+2WGBtHuYAMupoEbOSPqt6EkO4UQhNx6hu5f3TIkoqWLNbJGv5+rS8mhES PuZyeGbGCsGrjDNxg8OPAR3H7X3k0I5bM1U8VgIOBMcPdsz87COmlWv2EgLhXk8zd21l 5PkKWOwCFCKmvNv4oGj9hdcs9fTYcWArJgzOB0NUp949nbV8ya46ojCjFyfoAxfTl38a zow/xznZe6qX5I09s9oo8vBd5wpX6/+0jzwIoPqInjwE3UO1odUL49H2PVi128c4+Qys gknifD/o/K1jMRxpxttpsnBc5fpM5GQ9jVwri2FKBKVFKwBDsCdIyEKFqd1apdUa4lG1 8ryQ==
X-Gm-Message-State: APjAAAWAt+I/qzMDllQox20mDdouXYG1IHN8Jt3nnjfVEv8eo5/saQtL baoeuYrYISbfGCgVt90qO/SF0FP9Jl7zvSUeDq8=
X-Google-Smtp-Source: APXvYqzcn346Nqp7oVDbBo3Efipic13wgHjxz0g8lb48m4h2aN0mZcOIizqOYmhLBn6aW+ETUIqTcuVIMaxcFZDCcnw=
X-Received: by 2002:a92:350d:: with SMTP id c13mr14204116ila.205.1575882300431; Mon, 09 Dec 2019 01:05:00 -0800 (PST)
MIME-Version: 1.0
References: <BN7PR05MB5699F86F6DF1F224DF4A6E32AE580@BN7PR05MB5699.namprd05.prod.outlook.com> <C27A0E92-AF13-477B-9A22-DAB05494DE61@steffann.nl>
In-Reply-To: <C27A0E92-AF13-477B-9A22-DAB05494DE61@steffann.nl>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Mon, 09 Dec 2019 04:04:49 -0500
Message-ID: <CABNhwV2wbw0zbd7SivZJ-P2APfc_0V2B7e_n0Z-Pz5EgfzruUQ@mail.gmail.com>
Subject: Re: IPv6 header insertion in a controlled domain
To: Sander Steffann <sander@steffann.nl>
Cc: 6man WG <ipv6@ietf.org>, Ron Bonica <rbonica@juniper.net>
Content-Type: multipart/alternative; boundary="000000000000b9a149059941b00f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/xC06vSEXp1y8Lh_IgZMVKaaBnPA>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Dec 2019 09:05:04 -0000
This draft is really the missing link that really helps give some clarity to SRv6 and EH insertion issue. This is from the BESS WG https://tools.ietf.org/html/draft-dawra-bess-srv6-services-02 Imagine an overlay and network with underlay being MPLS LDP with overlay BGP services IPv4 IPv6 VPNv4 VPNv6. Now swap the MPLS underlay with the SRv6 keeping the BGP overlay intact. That is what is described in this draft and is what is deployed by a number of operators worldwide. The key point to note is at the PE-CE junction where typically in an MPLS domain label imposition happens on the PE towards the P core. Now instead of label imposition we have 6in6 encapsulation occurring. Note that this is like the bottom services label L3 vpn label not the topmost label which is now IPv6 forwarding plane with SRv6. So we had asked in the voyer eh draft for encapsulation to be complaint with 8200 instead of doing in flight EH insertion. That encapsulation I believe is already occurring with the BGP overlay L2 or L3 services. So with the overlay which is the tunneled payload customer traffic over SRv6 that is encapsulated per the BESS overlay draft above. Below describes BE L3 VPN but I believe even for all SRv6 scenarios, BGP services overlay, an 6in6 encapsulation occurs which is what we want for 8200 compliance. 1 <https://tools.ietf.org/html/draft-dawra-bess-srv6-services-02#section-1>. Introduction SRv6 refers to Segment Routing instantiated on the IPv6 dataplane [I- D.ietf-spring-srv6-network-programming][I-D.ietf-6man-segment-routing -header]. SRv6 based BGP services refers to the L3 and L2 overlay services with BGP as control plane and SRv6 as dataplane. SRv6 SID refers to a SRv6 Segment Identifier as defined in [I-D.ietf-spring-srv6-network-programming <https://tools.ietf.org/html/draft-dawra-bess-srv6-services-02#ref-I-D.ietf-spring-srv6-network-programming>]. SRv6 Service SID refers to an SRv6 SID associated with one of the service specific behavior on the advertising Provider Edge(PE) router, such as (but not limited to), END.DT (Table lookup in a VRF) or END.DX (cross-connect to a nexthop) behaviors in the case of L3VPN service as defined in [I-D.ietf-spring-srv6-network-programming <https://tools.ietf.org/html/draft-dawra-bess-srv6-services-02#ref-I-D.ietf-spring-srv6-network-programming>]. To provide SRv6 service with best-effort connectivity, the egress PE signals an SRv6 Service SID with the BGP overlay service route. The ingress PE encapsulates the payload in an outer IPv6 header where the destination address is the SRv6 Service SID provided by the egress PE. The underlay between the PEs only need to support plain IPv6 forwarding [RFC8200 <https://tools.ietf.org/html/rfc8200> ]. To provide SRv6 service in conjunction with an underlay SLA from the ingress PE to the egress PE, the egress PE colors the overlay serviceSo Gyan On Mon, Dec 9, 2019 at 1:40 AM Sander Steffann <sander@steffann.nl> wrote: > Hi Ron, > > > See Section 7.5 of > https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header-26 > > Not choosing to use AH to protect the SRH is one thing, but not supporting > an AH in the existing packet when doing header insertion is quite another. > I want to be sure the second doesn't apply. > > Cheers > Sander > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > -- Gyan S. Mishra IT Network Engineering & Technology Verizon Communications Inc. (VZ) 13101 Columbia Pike FDC1 3rd Floor Silver Spring, MD 20904 United States Phone: 301 502-1347 Email: gyan.s.mishra@verizon.com www.linkedin.com/in/networking-technologies-consultant
- Network Programming - Penultimate Segment Popping Ron Bonica
- Re: Network Programming - Penultimate Segment Pop… Fernando Gont
- Re: Network Programming - Penultimate Segment Pop… Darren Dukes (ddukes)
- RE: Network Programming - Penultimate Segment Pop… Ron Bonica
- Re: Network Programming - Penultimate Segment Pop… Fernando Gont
- Re: Network Programming - Penultimate Segment Pop… otroan
- RE: Network Programming - Penultimate Segment Pop… Ron Bonica
- Re: Network Programming - Penultimate Segment Pop… otroan
- Re: Network Programming - Penultimate Segment Pop… Fernando Gont
- We don't seem to be following our processes (Re: … Fernando Gont
- Re: We don't seem to be following our processes (… otroan
- Re: We don't seem to be following our processes (… Fernando Gont
- Re: We don't seem to be following our processes (… otroan
- Re: We don't seem to be following our processes (… Tom Herbert
- RE: We don't seem to be following our processes (… Ron Bonica
- Re: We don't seem to be following our processes (… Fernando Gont
- Re: We don't seem to be following our processes (… Enno Rey
- Re: We don't seem to be following our processes (… Enno Rey
- RE: We don't seem to be following our processes (… Ron Bonica
- Re: We don't seem to be following our processes (… Bob Hinden
- Re: We don't seem to be following our processes (… Fernando Gont
- Re: We don't seem to be following our processes (… otroan
- Re: We don't seem to be following our processes (… Joel M. Halpern
- Re: We don't seem to be following our processes (… Sander Steffann
- Re: We don't seem to be following our processes (… Alexandre Petrescu
- Re: We don't seem to be following our processes (… Tom Herbert
- Re: [spring] We don't seem to be following our pr… Robert Raszuk
- Re: [spring] We don't seem to be following our pr… Sander Steffann
- Re: [spring] We don't seem to be following our pr… Robert Raszuk
- Re: We don't seem to be following our processes (… Bob Hinden
- Re: We don't seem to be following our processes (… Fernando Gont
- Re: We don't seem to be following our processes (… Fernando Gont
- Re: We don't seem to be following our processes (… otroan
- Re: We don't seem to be following our processes (… Fernando Gont
- Re: We don't seem to be following our processes (… Tom Herbert
- Re: We don't seem to be following our processes (… otroan
- Re: [spring] We don't seem to be following our pr… Andrew Alston
- Re: We don't seem to be following our processes (… Brian E Carpenter
- Re: [spring] We don't seem to be following our pr… otroan
- RE: [spring] We don't seem to be following our pr… Ron Bonica
- Re: [spring] We don't seem to be following our pr… Andrew Alston
- Re: [spring] We don't seem to be following our pr… otroan
- RE: [spring] We don't seem to be following our pr… Ron Bonica
- Re: We don't seem to be following our processes (… Brian E Carpenter
- Re: [spring] We don't seem to be following our pr… Fernando Gont
- Re: Network Programming - Penultimate Segment Pop… Darren Dukes (ddukes)
- Re: We don't seem to be following our processes (… Fernando Gont
- RE: Network Programming - Penultimate Segment Pop… Ron Bonica
- Re: [spring] We don't seem to be following our pr… Ole Troan
- Re: [spring] We don't seem to be following our pr… Andrew Alston
- Re: [spring] We don't seem to be following our pr… Sander Steffann
- Re: We don't seem to be following our processes (… Brian E Carpenter
- Re: [spring] We don't seem to be following our pr… Fernando Gont
- Re: We don't seem to be following our processes (… Joel M. Halpern
- Re: We don't seem to be following our processes (… Tom Herbert
- Re: We don't seem to be following our processes (… Fernando Gont
- Re: [spring] We don't seem to be following our pr… otroan
- Re: We don't seem to be following our processes (… otroan
- Re: We don't seem to be following our processes (… Brian E Carpenter
- Re: [spring] We don't seem to be following our pr… Brian E Carpenter
- Re: [spring] We don't seem to be following our pr… Fernando Gont
- Re: We don't seem to be following our processes (… Fernando Gont
- Re: We don't seem to be following our processes (… Fernando Gont
- Re: [spring] We don't seem to be following our pr… Fernando Gont
- Re: We don't seem to be following our processes (… Tom Herbert
- Re: We don't seem to be following our processes (… Ole Troan
- Re: We don't seem to be following our processes (… Brian E Carpenter
- Re: [spring] We don't seem to be following our pr… Brian E Carpenter
- Re: We don't seem to be following our processes (… Joel M. Halpern
- Re: We don't seem to be following our processes (… Fernando Gont
- Re: [spring] We don't seem to be following our pr… Fernando Gont
- Re: We don't seem to be following our processes (… Fernando Gont
- Separating issues (was Re: [spring] We don't seem… Suresh Krishnan
- RE: Separating issues (was Re: [spring] We don't … Ketan Talaulikar (ketant)
- Re: We don't seem to be following our processes (… otroan
- Re: We don't seem to be following our processes (… Joel M. Halpern
- Re: We don't seem to be following our processes (… Mark Smith
- Re: We don't seem to be following our processes (… otroan
- Re: We don't seem to be following our processes (… otroan
- Re: [spring] We don't seem to be following our pr… Robert Raszuk
- Re: [spring] We don't seem to be following our pr… Alexandre Petrescu
- Re: Network Programming - Penultimate Segment Pop… Darren Dukes (ddukes)
- Re: We don't seem to be following our processes (… Fernando Gont
- Re: Network Programming - Penultimate Segment Pop… Fernando Gont
- Re: [spring] We don't seem to be following our pr… Darren Dukes (ddukes)
- Re: [spring] We don't seem to be following our pr… Robert Raszuk
- Re: We don't seem to be following our processes (… Tom Herbert
- Re: Network Programming - Penultimate Segment Pop… Tom Herbert
- Re: [spring] Network Programming - Penultimate Se… Robert Raszuk
- Re: [spring] We don't seem to be following our pr… Fernando Gont
- Re: [spring] We don't seem to be following our pr… Fernando Gont
- Re: [spring] We don't seem to be following our pr… Brian E Carpenter
- Re: We don't seem to be following our processes (… Mark Smith
- IPv6 header insertion in a controlled domain otroan
- IPv6 header insertion in a controlled domain otroan
- Re: IPv6 header insertion in a controlled domain Fernando Gont
- Re: IPv6 header insertion in a controlled domain otroan
- Re: IPv6 header insertion in a controlled domain Sander Steffann
- Re: IPv6 header insertion in a controlled domain Gyan Mishra
- Re: IPv6 header insertion in a controlled domain otroan
- Re: IPv6 header insertion in a controlled domain Joel M. Halpern
- Re: IPv6 header insertion in a controlled domain Gyan Mishra
- Re: IPv6 header insertion in a controlled domain otroan
- Re: IPv6 header insertion in a controlled domain Tom Herbert
- Re: IPv6 header insertion in a controlled domain jmh.direct@joelhalpern.com
- Re: IPv6 header insertion in a controlled domain otroan
- Re: IPv6 header insertion in a controlled domain Gyan Mishra
- Re: IPv6 header insertion in a controlled domain Gyan Mishra
- Re: IPv6 header insertion in a controlled domain otroan
- Re: IPv6 header insertion in a controlled domain otroan
- Re: IPv6 header insertion in a controlled domain otroan
- Re: We don't seem to be following our processes (… Alexandre Petrescu
- Re: IPv6 header insertion in a controlled domain Sander Steffann
- Re: IPv6 header insertion in a controlled domain Brian E Carpenter
- Re: IPv6 header insertion in a controlled domain Warren Kumari
- Re: IPv6 header insertion in a controlled domain otroan
- Re: IPv6 header insertion in a controlled domain Gyan Mishra
- RE: We don't seem to be following our processes (… Ron Bonica
- RE: IPv6 header insertion in a controlled domain Ron Bonica
- Re: IPv6 header insertion in a controlled domain Sander Steffann
- Re: IPv6 header insertion in a controlled domain Gyan Mishra
- RE: IPv6 header insertion in a controlled domain Ron Bonica
- Re: IPv6 header insertion in a controlled domain otroan
- RE: [spring] We don't seem to be following our pr… bruno.decraene
- Re: IPv6 header insertion in a controlled domain Fernando Gont
- Re: IPv6 header insertion in a controlled domain Tom Herbert
- Re: IPv6 header insertion in a controlled domain Gyan Mishra
- Re: IPv6 header insertion in a controlled domain Fernando Gont
- RE: IPv6 header insertion in a controlled domain Ron Bonica
- Re: IPv6 header insertion in a controlled domain Gyan Mishra
- Re: IPv6 header insertion in a controlled domain Fernando Gont
- Re: topics to circulate Alexandre Petrescu
- Re: topics to circulate Gyan Mishra
- Re: topics to circulate Erik Kline
- Re: topics to circulate Alexandre Petrescu
- Re: topics to circulate Alexandre Petrescu
- Re: IPv6 header insertion in a controlled domain Alexandre Petrescu
- Re: IPv6 header insertion in a controlled domain Alexandre Petrescu