IETF Logo Mail Archive

Re: I-D Action: draft-voyer-6man-extension-header-insertion-07.txt

Gyan Mishra <hayabusagsm@gmail.com> Wed, 23 October 2019 04:18 UTC

Return-Path: <hayabusagsm@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E1FA12022C for <ipv6@ietfa.amsl.com>; Tue, 22 Oct 2019 21:18:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qFfHksgEx7uP for <ipv6@ietfa.amsl.com>; Tue, 22 Oct 2019 21:18:47 -0700 (PDT)
Received: from mail-qk1-x72c.google.com (mail-qk1-x72c.google.com [IPv6:2607:f8b0:4864:20::72c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EDC412000F for <ipv6@ietf.org>; Tue, 22 Oct 2019 21:18:47 -0700 (PDT)
Received: by mail-qk1-x72c.google.com with SMTP id u184so18586428qkd.4 for <ipv6@ietf.org>; Tue, 22 Oct 2019 21:18:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:subject:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=GSi4ZUp0SFNkjCafpJkyhrGsN4HttiSfLJYeG3sIehk=; b=ayleoPJYeAuYWdSlo3hU7/h39bDorWbTCmih0OzmWL5Xsm2S5xhnWEP5r9EYQboOlQ OL1p0+JGkpEcrIP3XlcoxCraJszAT4C+GZ5R7L0R+rkIGXuyekxoZDacszweDOsKLp3z 2O3OA99TOWKZs6ysAuI+Ci0j82yvd1sFiP+Hk5bz6cPTHCH+9/eBBYmsbh+5/vCC+8kD 7Rjt8VvcM1kOzi7Nd19zAGpMh15N/HxgClAfuopgfAoQNqt+Vq6323/Rs3IQuzXv9Zgq bDoK78oLmkqJIXyKutWs1cAUjAqo2abdy1iL3CbUj/bal1hM0gp1NCC96d38dcp9QEG8 o/LA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=GSi4ZUp0SFNkjCafpJkyhrGsN4HttiSfLJYeG3sIehk=; b=Dk7balhjQC2RdC5AQamDaGz7XJwBmRmqzscTkFuz0fltbGwdki71nIyObRZPHUa9Rm 0tImNLgIRnqLTBbBft55HsKJSY6Qs0QTzo8iTR6SIpU4lT7he7mDhGZCKuHLd9ugnVYV S1o3k/mMteDSxhZUrURFWvXOWmvPDxg2v3fAO1RGDfpx0f7WxYRugsfnubmsiqO7h5GD PBx6TTg8Tljb/Ppf+bj/gwfLOKG7qTainrwjszXGq1byWv+M0eN4pZ1Itra6PajGlnSa dAfrM5zPhCZlj9cpdxUExnAlYmqIA/6oHeRAi00Q8iVB3bPyKqNmyR6MwwIoodZ9HK1b u2Zw==
X-Gm-Message-State: APjAAAUvBIY10GzdmLdEqS8fPshBP34zUKA2v++2qpoZkSNYYE6b49lo HjNb/jecYMUR8LjuSm5tzYmr9N1eFu0=
X-Google-Smtp-Source: APXvYqwQVmPVY05RAWO85mMdctZ/qcL2uz0/n0GO7wI9l2YwtWoxswA5/daVrPY+kD3MblfbjKVx6Q==
X-Received: by 2002:a37:bd0:: with SMTP id 199mr6706910qkl.207.1571804325473; Tue, 22 Oct 2019 21:18:45 -0700 (PDT)
Received: from [192.168.1.213] (pool-72-83-194-140.washdc.fios.verizon.net. [72.83.194.140]) by smtp.gmail.com with ESMTPSA id y188sm8713066qke.31.2019.10.22.21.18.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 22 Oct 2019 21:18:43 -0700 (PDT)
From: Gyan Mishra <hayabusagsm@gmail.com>
X-Google-Original-From: Gyan Mishra <hayabusaGSM@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail-9419E36E-C1C8-4A7E-A94B-2654CB7F618C"
Mime-Version: 1.0 (1.0)
Subject: Re: I-D Action: draft-voyer-6man-extension-header-insertion-07.txt
X-Mailer: iPhone Mail (16G102)
In-Reply-To: <CAO42Z2yXbuW7=vc7ivuxDbsqQoc_8EnE0Vq=wYtjCRzoVxf-Nw@mail.gmail.com>
Date: Wed, 23 Oct 2019 00:18:42 -0400
Cc: 6man WG <ipv6@ietf.org>, Tom Herbert <tom@herbertland.com>
Content-Transfer-Encoding: 7bit
Message-Id: <3C41A044-1A9D-403A-9EBD-168AE6397F79@gmail.com>
References: <156903961333.5092.16807379687598480151@ietfa.amsl.com> <c9702ec2-61d9-66e4-1d2c-d462eaf00f21@gmail.com> <CALx6S37TrL_SsJ3o1FqzskZ4xqyDo8AeHDhXiKpPTd2e8vP_sw@mail.gmail.com> <CAO42Z2w+ZS55QzbSJ=vEcbWpyWKx2wS+O2QSSwHEOVLz1WQR6g@mail.gmail.com> <CALx6S37gwTuW1yF=Z_EchozBJMQ+29XZYGE3WT5FJg+ko9dDdw@mail.gmail.com> <CAO42Z2zOie5c+zvq4iR5wu9G92XoE39uQo_UeQJyKK_rP=fHPg@mail.gmail.com> <CABNhwV2GYdf7jQW2JjhzfbZ9Deekw7KUngCmx+8DK3roEne2iQ@mail.gmail.com> <CAO42Z2zS3i+inSE8ERhkESdcyzxniyyZkCn2=L1q-9FvxipWUA@mail.gmail.com> <008D9E1A-04EC-493B-A549-7D63CBBD81D3@gmail.com> <CAO42Z2yXbuW7=vc7ivuxDbsqQoc_8EnE0Vq=wYtjCRzoVxf-Nw@mail.gmail.com>
To: Mark Smith <markzzzsmith@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/yR8y1JGcGJKZ6dZJi59aXLlbL7Q>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2019 04:18:53 -0000

In-line  

Sent from my iPhone

> On Oct 18, 2019, at 12:22 AM, Mark Smith <markzzzsmith@gmail.com> wrote:
> 
> 
> 
>> On Fri, 18 Oct 2019, 12:04 Gyan Mishra, <hayabusagsm@gmail.com> wrote:
>> 
>> 
>> Sent from my iPhone
>> 
>> > On Oct 14, 2019, at 7:53 PM, Mark Smith <markzzzsmith@gmail.com> wrote:
>> > 
>> >> On Tue, 15 Oct 2019 at 10:31, Gyan Mishra <hayabusagsm@gmail.com> wrote:
>> >> 
>> >> 
>> >> 
>> >>> On Mon, Oct 14, 2019 at 6:56 PM Mark Smith <markzzzsmith@gmail.com> wrote:
>> >>> 
>> >>> Hi  Tom,
>> >>> 
>> >>>> On Tue, 15 Oct 2019 at 08:53, Tom Herbert <tom@herbertland.com> wrote:
>> >>>> 
>> >>>>> On Mon, Oct 14, 2019 at 2:15 PM Mark Smith <markzzzsmith@gmail.com> wrote:
>> >>>>> 
>> >>>>> Now that tunnelling has been accepted, and that a distinct IP tunnel could be created for each segment, 1:1, with tunnel/segment heads or tails being the place where the SRH can be created or transferred, with or without modification, or over from the previous segment/tunnel, which does comply with RFC8200 (as tunnel endpoints are IPv6 hosts), there is no functional need for mid-tunnel anonymous insertion.
>> >>>>> 
>> >>>> Mark,
>> >>>> 
>> >>>> I would tend to agree. It seems that the only purported benefit of SR
>> >>>> insertion over tunneling is that it saves packet overhead. But I don't
>> >>>> think that really pans out. In insertion without attribution, the
>> >>>> difference is twenty-four bytes overhead, but if attribution is done
>> >>>> (like node modifying the packet puts it address in it somewhere), then
>> >>>> the overhead is as little as eight bytes (possibly even less if there
>> >>>> is only one entry in the SID list). Relative to the potential large
>> >>>> size of the SRH itself, I don't seethe potential savings in overhead
>> >>>> to be very impressive especially relative to the complexities of
>> >>>> defining a robust and secure protocol for EH insertion.
>> >>>> 
>> >>> 
>> >>> Once an IPv6 tunnel is considered a link-layer (because it is and is
>> >>> being used that way), then there are opportunities to perform forms of
>> >>> compression on the inner payload packet to reduce overhead between the
>> >>> tunnel end-points, as link-layers don't process payloads (nothing new
>> >>> here, no lower layers are supposed to process their upper layer
>> >>> payloads at any layer).
>> >>> 
>> >>> I don't know much about it, however it looks like Robust Header
>> >>> Compression (RoHC) could be used (RFC5795) to compress the inner
>> >>> packet headers while the packet is in flight across the current IPv6
>> >>> tunnel/SR segment/virtual link. A quick Internet search finds a few
>> >>> implementations, including a couple of open source ones.
>> >>> 
>> >>> RoHC might be too stateful or not able to be performed fast enough on
>> >>> high speed links. The following method is stateless, takes advantage
>> >>> of IPv6 networks having many /64s, using them to identify tunnel
>> >>> endpoints (rather than /128s), and leverages the common fields and
>> >>> field semantics between the inner and outer header, using the outer
>> >>> header fields as proxies for the inner header fields while the packets
>> >>> are in flight.
>> >>> 
>> >>> "Skinny IPv6 in IPv6 Tunnelling"
>> >>> 
>> >>> 
>> >>> As long as it provides attribution (the source /64 in its case), and
>> >>> is fully reverseable, excepting the mutable Traffic Class and Flow
>> >>> Label fields, I think it too could be an option to reduce inner packet
>> >>> overhead if 128 bit SIDs are used.
>> >>> 
>> >>> Regards,
>> >>> Mark.
>> >>> 
>> >>> [Gyan]  unfortunately we would have multiple EH insertions so that GRE tunnel won’t work.
>> >> 
>> >> 
>> >> In that stick diagram I had sent the 1st EH insertion is on the ingress PE of the SRv6 domain and then for Ti-LFA at the PLR (point of local repair) for IP fast reroute backup path a 2nd EH insertion which would be at mid point somewhere  along the path to the 1st outer tunnel endpoint so you would have at a minimum 2 encapsulations in following RFC 8200.  So 6in6 tunnel won’t work unfortunately.
>> >> 
>> > 
>> > Well firstly, I'm going to pretty much not bother trying to understand
>> > anything where you suggest insertion, because I've literally spent
>> > hours of my own time writing up why I disagree with it and the
>> > problems it causes.
>> > 
>> > It sounds like you think there can't be a 6in6in6 tunnel. Or a
>> > 6in6in6in6 tunnel.
>> > 
>> > There's nothing that technically stops tunnels being inside tunnels.
>> > Same as LSPs inside LSPs ...
>> > 
>> > Have a read of
>> > 
>> > "IP Tunnels in the Internet Architecture"
>> > https://tools.ietf.org/html/draft-ietf-intarea-tunnels-10
>> > 
>> > if you haven't already.
>> 
>> [Gyan] So in theory some say once this I-D becomes approved standard at some point vendors will implement the feature and support but anyone doing SRv6 today which is supported in Cisco XR 7.0 and I believe Juniper and Huawei supports however today the multi tunnel stacking feature is not an option for today’s deployments.
> 
> 
> The IETF isn't about what's available today, is about what will be available in the future.
> 
> We need to consider problems that both exist today and that may exist in the future, so that if and when a problem exists in the future, we already have an engineered solution, hopefully with implementations already available to deploy.
> 
> [Gyan] Mark I read through your 6in6 skinny draft again.  So this new 6in6 skinny GRE tunnel is different from standard GRE is that it now has its own EH header type and also shrinks the inner payload IPv6 down by mapping the source and destination IID of inner header to the outer header Source and Destination IID and do the endpoints of the tunnel have to be /64 but other then that this new 6in6 tunnel can be used for any 6in6 use case I imagine.  So now with the new skinny EH header with a single lookup you can determine that skinny payload is present.  So how does this new skinny 6in6 feature with the new EH header for skinny allow you to stack tunnels and have multiple 6in6in6 etc encapsulations.  Normally with 6in6 or 4in4 you have your underlay Routing which is your outer header routing to tunnel destination and then your inner header is overlay private tunneled routed single hop.  So what’s confusing to me is how you can add another overlay another GRE/IPv6 encapsulation so essentially having two IPv6 payloads encapsulated.  You would definitely need a higher Path MTU to avoid fragmentation which is a given.  

> So in the SRv6 scenario at that IP FRR node backup path for link and node protection occurring at the PLR(point of local repair) you would be adding another in flight EH insertion routing type 4 for SRH and that would now be done via another IPv6 encapsulation header tacked on which has the EH SRH header inserted for SRv6 Ti-LFA. So the inner most header would now be the 6in6 using skinny let’s say and so has the Skinny EH header tacked on as well so now when you get the the PQ node LFA node you pop do a single lookup see the skinny 6in6 header pop the inner most last 6in6 encapsulation that was the skinny encapsulation and now when the packet hits the END SID SID length 0 the egress P or PE node respectively does the PSP or USP pop and removes the EH insertion of the SRH header done by the originator ingress PE SRv6 domain source node and now the Native IPv6 packet is forwarded on the PE-CE link to the customer VRF.  Thinking it through it sounds like this will work with 6in6 skinny feature that you can stack tunnels and this would be a use case that would benefit significantly from your draft.

>> > 
>> >> 
>> >>     I think the only viable option is the using a virtual interface like a loopback for the /64 SID to be in compliance with RFC 8200.
>> >> 
>> >> Gyan
>> >>> 
>> >>> 
>> >>> 
>> >>> 
>> >>> 
>> >>> 
>> >>>> Tom
>> >>>> 
>> >>>> 
>> >>>>> So what is the reason to persist with it? It doesn't make sense to me that people are clinging to an idea that has so many flaws and contradictions to standard behaviour, when there is a method that works without these flaws and contradictions.
>> >>>>> 
>> >>>>> Determining whether or not to perform deeper packet processing (SRH processing in this case) on a packet, using the packets' DA, is conventional, traditional, and implemented in billions of deployed devices, both hosts and routers.
>> >>>>> 
>> >>>>> Contrast that with a device having to purposely ignore literally every packets' DA that it looks at, to search all of those packets for an SRH to then determine if it should perform SR processing on it. Unconventional, non-traditional, and a capability I'd guess is likely to be deployed in way less than 10 000 devices,  and likely less than 1000.
>> >>>>> 
>> >>>>> Not updating SAs after packet modification, and having to purposely ignoring packets' DAs, is down a rat hole that NAT also lives in.
>> >>>>> 
>> >>>>> Regards,
>> >>>>> Mark.
>> >>>>> 
>> >>>>>> On Tue, 15 Oct 2019, 02:54 Tom Herbert, <tom@herbertland.com> wrote:
>> >>>>>> 
>> >>>>>> On Sat, Oct 12, 2019 at 2:58 PM Brian E Carpenter
>> >>>>>> <brian.e.carpenter@gmail.com> wrote:
>> >>>>>>> 
>> >>>>>>> Hi,
>> >>>>>>> 
>> >>>>>>> I'd like to comment on this version. It is in fact a complete rewrite compared to
>> >>>>>>> its predecessors and I thank the authors for that. The tone is now purely technical,
>> >>>>>>> and that's a great improvement.
>> >>>>>>> 
>> >>>>>>> It's also, IMHO, accurate in its statements about the relationship with RFC 8200.
>> >>>>>>> In particular:
>> >>>>>>> 
>> >>>>>>>>   Action 2 inserts an SRH in a packet within the SR domain at a node
>> >>>>>>>>   not in the destination address, and inserts more than one SRH in a
>> >>>>>>>>   packet.  This does not appear to be permitted by the statements
>> >>>>>>>>   quoted above from RFC8200.  However, the restrictions above are not
>> >>>>>>>>   applicable within the SR domain.  Every source node participating in
>> >>>>>>>>   the SR domain expects SRH insertion, relies on it for services
>> >>>>>>>>   provided by the SR domain, correctly processes ICMP errors, and
>> >>>>>>>>   according to RFC8200 must process multiple SRH in the same packet.
>> >>>>>>> 
>> >>>>>>> That statement "the restrictions above are not applicable within the SR domain"
>> >>>>>>> is (it seems to me) a normative statement. It might be even clearer to state it
>> >>>>>>> as such:
>> >>>>>>>  ...the restrictions above SHOULD NOT be applied within the SR domain.
>> >>>>>>> 
>> >>>>>> Brian,
>> >>>>>> 
>> >>>>>> Dissecting this a bit:
>> >>>>>> 
>> >>>>>> "Every source node participating in the SR domain expects SRH insertion"
>> >>>>>> 
>> >>>>>> That is awfully inclusive and seems to be retroactively creating a
>> >>>>>> fundamental property of SR domains. Also, no opt out form source? I
>> >>>>>> would expect that in most use cases, probably all in deployment today,
>> >>>>>> the SR EH is set at the ingress node into the SR domain and describes
>> >>>>>> the path to egress. The fact that some intermediate node might insert
>> >>>>>> an EH could conceivably be a security issue in such deployments more
>> >>>>>> than anything. IMO, if EH is allowed then source nodes should be able
>> >>>>>> to opt out, or even better EH insertion should always be opt in from
>> >>>>>> the source. If a source node wishes to enforce that no EHs are
>> >>>>>> inserted it can do that with AH (assuming that AH were properly
>> >>>>>> specified to interact with SRH)..
>> >>>>>> 
>> >>>>>> The draft also states that the source and destination are required to
>> >>>>>> be in the same SR domain for EH insertion. This needs to be specified
>> >>>>>> as a MUST. The obvious question this raises is: how does an
>> >>>>>> intermediate node know that a source and destination are in the SR
>> >>>>>> domain? I would infer that the authors are probably assuming that this
>> >>>>>> can be done by specifying a prefix for the SR domain or maybe a
>> >>>>>> whitelist of addresses? This is easy enough to propose, but on a
>> >>>>>> network of even moderate scale I'm not convinced it's manageable. I
>> >>>>>> suggest an alternative is for the source node to mark packets for
>> >>>>>> which EH insertion is permissible (i.e. the opt in model). This could
>> >>>>>> be done for instance by the source setting a null SR header (no SIDs)
>> >>>>>> with a flag that indicates EH insert is permitted.
>> >>>>>> 
>> >>>>>> "correctly processes ICMP errors"
>> >>>>>> 
>> >>>>>> That presumes that correct processing of ICMP errors is well defined.
>> >>>>>> Consider this scenario:
>> >>>>>> 
>> >>>>>> An intermediate node inserts an SRH with HMAC, a subsequent downstream
>> >>>>>> node attempts to verify the HMAC and fails to verify. The downstream
>> >>>>>> node sends an ICMP packet back to the source. What is source supposed
>> >>>>>> to do with this ICMP error? (note this is just one scenario, the
>> >>>>>> general case is how to deal with ICMP errors sent because of error in
>> >>>>>> the inserted EH). There is nothing that source host can do within the
>> >>>>>> protocol to avoid further occurrences of the error. At best they'll
>> >>>>>> log it, but since there's no attribution so now somebody someone needs
>> >>>>>> to track down who is inserting the EH-- in a complex network that may
>> >>>>>> be non-trivial.
>> >>>>>> 
>> >>>>>> Attribution is critical. One obvious way to address this would be for
>> >>>>>> the node inserting the EH to put its address into the SRH, but then
>> >>>>>> that reduces the overhead savings of SR EH insertion compared to
>> >>>>>> encapsulation to be just eight bytes (destination address in
>> >>>>>> encapsulation is same as last address in insert SID list). IMO, it
>> >>>>>> would be better to just do encapsulation instead.
>> >>>>>> 
>> >>>>>> Another hole is correct ICMP processing is reflected in:
>> >>>>>> 
>> >>>>>> "The SR domain ingress edge processing the ICMP error SHOULD log the
>> >>>>>> error and decrement the ingress edge MTU for traffic traversing the SR
>> >>>>>> domain (if it's greater than the IPv6 minimum MTU of 1280 bytes)"
>> >>>>>> 
>> >>>>>> Okay, but what if the source _is_ already at minimum MTU for PMTU?
>> >>>>>> Note that SRH can be hundreds of byte and now with insertion there can
>> >>>>>> be multiple SRHs of these is a packet, I don't think this is something
>> >>>>>> that can be easily dismissed with the typical assumption that all
>> >>>>>> networks can just set MTUs large enough.
>> >>>>>> 
>> >>>>>> "However, the restrictions above are not applicable within the SR domain"
>> >>>>>> 
>> >>>>>> I think the wording here is wrong for the intent of the draft. All the
>> >>>>>> normative "MUSTs" in RFC8200 and other appropriate standards are
>> >>>>>> applicable to _all_ use cases of the protocol. I see no provision in
>> >>>>>> RFC8200 that its requirements, like prohibition of EH insertion, are
>> >>>>>> conditional based on the environment in which the protocol is
>> >>>>>> deployed. So RFC8200 is applicable in SR domains, limited domains, and
>> >>>>>> the Internet. IMO, this draft is trying to justify an exception to the
>> >>>>>> requirements and should be written as such. Presumably, the exception
>> >>>>>> might be palatable if it maintains robustness, interoperability, and
>> >>>>>> spirit of requirements of RFC8200.
>> >>>>>> 
>> >>>>>> Tom
>> >>>>>> 
>> >>>>>>>>   the SR domain expects SRH insertion
>> >>>>>>> Clearly it's a WG question whether on not we want to put this on the standards
>> >>>>>>> track. I hope we can discuss it as a technical question. My subsidiary
>> >>>>>>> question is: does the description of an SR domain (here and in RFC8402)
>> >>>>>>> provide enough security and operational assurance that this SHOULD NOT is
>> >>>>>>> safe?
>> >>>>>>> 
>> >>>>>> Hi Brain,
>> >>>>>> 
>> >>>>>> 
>> >>>>>> 
>> >>>>>>> Regards
>> >>>>>>>   Brian Carpenter
>> >>>>>>> j
>> >>>>>>>> On 21-Sep-19 16:20, internet-drafts@ietf.org wrote:
>> >>>>>>>> 
>> >>>>>>>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>> >>>>>>>> 
>> >>>>>>>> 
>> >>>>>>>>        Title           : Insertion of IPv6 Segment Routing Headers in a Controlled Domain
>> >>>>>>>>        Authors         : Daniel Voyer
>> >>>>>>>>                          Clarence Filsfils
>> >>>>>>>>                          Darren Dukes
>> >>>>>>>>                          Satoru Matsushima
>> >>>>>>>>                          John Leddy
>> >>>>>>>>      Filename        : draft-voyer-6man-extension-header-insertion-07.txt
>> >>>>>>>>      Pages           : 13
>> >>>>>>>>      Date            : 2019-09-20
>> >>>>>>>> 
>> >>>>>>>> Abstract:
>> >>>>>>>>   Traffic traversing an SR domain is encapsulated in an outer IPv6
>> >>>>>>>>   header for its journey through the SR domain.
>> >>>>>>>> 
>> >>>>>>>>   To implement transport services strictly within the SR domain, the SR
>> >>>>>>>>   domain may require insertion or removal of an SRH after the outer
>> >>>>>>>>   IPv6 header of the SR domain.  Any segment within the SRH is strictly
>> >>>>>>>>   contained within the SR domain.
>> >>>>>>>> 
>> >>>>>>>>   The SR domain always preserves the end-to-end integrity of traffic
>> >>>>>>>>   traversing it.  No extension header is manipulated, inserted or
>> >>>>>>>>   removed from an inner transported packet.  The packet leaving the SR
>> >>>>>>>>   domain is exactly the same (except for the hop-limit update) as the
>> >>>>>>>>   packet entering the SR domain.
>> >>>>>>>> 
>> >>>>>>>>   The SR domain is designed with link MTU sufficiently greater than the
>> >>>>>>>>   MTU at the ingress edge of the SR domain.
>> >>>>>>>> 
>> >>>>>>>> 
>> >>>>>>>> 
>> >>>>>>>> The IETF datatracker status page for this draft is:
>> >>>>>>>> https://datatracker.ietf.org/doc/draft-voyer-6man-extension-header-insertion/
>> >>>>>>>> 
>> >>>>>>>> There are also htmlized versions available at:
>> >>>>>>>> https://tools.ietf.org/html/draft-voyer-6man-extension-header-insertion-07
>> >>>>>>>> https://datatracker.ietf.org/doc/html/draft-voyer-6man-extension-header-insertion-07
>> >>>>>>>> 
>> >>>>>>>> A diff from the previous version is available at:
>> >>>>>>>> https://www.ietf.org/rfcdiff?url2=draft-voyer-6man-extension-header-insertion-07
>> >>>>>>>> 
>> >>>>>>>> 
>> >>>>>>>> Please note that it may take a couple of minutes from the time of submission
>> >>>>>>>> until the htmlized version and diff are available at tools.ietf.org.
>> >>>>>>>> 
>> >>>>>>>> Internet-Drafts are also available by anonymous FTP at:
>> >>>>>>>> ftp://ftp.ietf.org/internet-drafts/
>> >>>>>>>> 
>> >>>>>>>> _______________________________________________
>> >>>>>>>> I-D-Announce mailing list
>> >>>>>>>> I-D-Announce@ietf.org
>> >>>>>>>> https://www.ietf.org/mailman/listinfo/i-d-announce
>> >>>>>>>> Internet-Draft directories: http://www.ietf.org/shadow.html
>> >>>>>>>> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>> >>>>>>>> 
>> >>>>>>> 
>> >>>>>>> --------------------------------------------------------------------
>> >>>>>>> IETF IPv6 working group mailing list
>> >>>>>>> ipv6@ietf.org
>> >>>>>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> >>>>>>> --------------------------------------------------------------------
>> >>>>>> 
>> >>>>>> --------------------------------------------------------------------
>> >>>>>> IETF IPv6 working group mailing list
>> >>>>>> ipv6@ietf.org
>> >>>>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> >>>>>> --------------------------------------------------------------------
>> >>> 
>> >>> --------------------------------------------------------------------
>> >>> IETF IPv6 working group mailing list
>> >>> ipv6@ietf.org
>> >>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> >>> --------------------------------------------------------------------
>> >> 
>> >> --
>> >> 
>> >> Gyan S. Mishra
>> >> 
>> >> IT Network Engineering & Technology
>> >> 
>> >> Verizon Communications Inc. (VZ)
>> >> 
>> >> 13101 Columbia Pike FDC1 3rd Floor
>> >> 
>> >> Silver Spring, MD 20904
>> >> 
>> >> United States
>> >> 
>> >> Phone: 301 502-1347
>> >> 
>> >> Email: gyan.s.mishra@verizon.com
>> >> 
>> >> www.linkedin.com/in/networking-technologies-consultant
>> >> 
>> >>

v2.23.0 | Report a Bug | By Email