IETF Logo Mail Archive

Re: [IPv6] Working Group Last Call for draft-ietf-6man-comp-rtg-hdr

Tom Herbert <tom@herbertland.com> Sat, 06 January 2024 16:19 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F7AEC14F6FA for <ipv6@ietfa.amsl.com>; Sat, 6 Jan 2024 08:19:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZNfmGEk0jwxU for <ipv6@ietfa.amsl.com>; Sat, 6 Jan 2024 08:18:58 -0800 (PST)
Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA4C2C14F6EC for <ipv6@ietf.org>; Sat, 6 Jan 2024 08:18:58 -0800 (PST)
Received: by mail-lj1-x230.google.com with SMTP id 38308e7fff4ca-2ccae380df2so4809891fa.1 for <ipv6@ietf.org>; Sat, 06 Jan 2024 08:18:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland.com; s=google; t=1704557937; x=1705162737; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=e4Ngb9NsiGhcmDfngik1owWGOjSY5jGGB3f0oM/nfaY=; b=IVTGvVblTVQLuuMOZZ5lc7XybD6dW5d9NuwuQ0u/5U+w/UP+lwWnKJqqJv5D3+iP51 Xi6bc+sKI1ulqVBMsSmraTfLSMWpgQH9UZWKXKDzoxdVPsO2zd0wxotDaxrVuKQUAbnu vXpWDVHmxW8PYIo5U9jjXhO5cyGRpguGZO+FHwePgI4ZxLomqwDV6/o3+qqsrlTz6wUJ u5TAmjmoGjGAKksNal8H20iIQynkRG94bhQSU7L1kIEvReidVOHtc6T6+ZVQzFGEWDKf 19qNImuChwIyenGMDbLw9G379yfyCStJNOpmF2sT21x3Uo77jGB2kxMEB0e92yJQbke1 Cgtg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704557937; x=1705162737; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=e4Ngb9NsiGhcmDfngik1owWGOjSY5jGGB3f0oM/nfaY=; b=CSKndoHKMdRUpnLY0NxAmv/UA6yoqZjqPciFJfzfiCriJQEAPFX7E2zCf9zHUuYH/N etYZ9SM428ZHtBvdhtOEhEnakLIVDsO+SQwHUU0K2+5TsF1LkDY2CqFt0Vat953Ve0F3 6xv81Vzk/p02ao98nT3Iq1k6Rz68yCdL7mrr5pA+Spitks15DURItUw7G9dxfZtF2pY5 OA05jUTHvp9Rg/tQaCyMyH1GVhPLhJ1lrpg21g5/VHcBqIakncUbWnORTdIi4oNdDUph Uj5XaPqDPP0uM7xSQaPUmoCg8veMxBodNcVGd2Mc/8LBC+mXQcd6FiKoGQgeia4FkuVe COHw==
X-Gm-Message-State: AOJu0Yz9GvMp18xmWj1KDr6W+kwIaZwQL5equwUgmIoxuay+xuLoJKlj hfJWllrf5UN8ywD7FCsW4qle8NmwDrjRsWdSgN4LWEEv5oez
X-Google-Smtp-Source: AGHT+IGsvz4+47iP5nybDYPk2FAHPEHMAI0tntlpn2+tnATfMgYjR1osnkhv4d2jDEynLa+7+rOzg41pUNDGcCGTRT0=
X-Received: by 2002:a05:651c:1254:b0:2cc:6d87:9a91 with SMTP id h20-20020a05651c125400b002cc6d879a91mr358432ljh.72.1704557936748; Sat, 06 Jan 2024 08:18:56 -0800 (PST)
MIME-Version: 1.0
References: <CAFU7BATiUtHmtbhtrWSPDR4c2Eb+XQXFdvU2-V=TVLGb+W6hnA@mail.gmail.com> <CALx6S34CWX_1imdUtK1EHcVUEMfhWPm8Uj+JRHiqxMUz5fvH5Q@mail.gmail.com> <BL0PR05MB5316352E89869C176CCF6F50AE652@BL0PR05MB5316.namprd05.prod.outlook.com>
In-Reply-To: <BL0PR05MB5316352E89869C176CCF6F50AE652@BL0PR05MB5316.namprd05.prod.outlook.com>
From: Tom Herbert <tom@herbertland.com>
Date: Sat, 06 Jan 2024 08:18:44 -0800
Message-ID: <CALx6S37iKMXJ6hiqGvfDk6OtkDWsctGb2t-0GwGtciHxV4-thg@mail.gmail.com>
To: Ron Bonica <rbonica@juniper.net>
Cc: Jen Linkova <furry13@gmail.com>, 6man <ipv6@ietf.org>, draft-ietf-6man-comp-rtg-hdr@ietf.org
Content-Type: multipart/alternative; boundary="00000000000051c26d060e495291"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/ymZNVB5q-QoSQ7DdJrBlO4wbXnk>
Subject: Re: [IPv6] Working Group Last Call for draft-ietf-6man-comp-rtg-hdr
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Jan 2024 16:19:03 -0000

On Fri, Jan 5, 2024, 4:35 PM Ron Bonica <rbonica@juniper.net> wrote:

> Hi Tom,
>
> I believe that we have discussed this topic before, but it may have been
> off-list. So, I will repeat my argument on list.
>
> When considering your objection, we must consider:
>
> - its scope
> - the cost / benefit trade-off
>
> Regarding scope, you comment applies to many routing header compression
> scheme's not only the CRH. So, we should search for a solution that
> addresses all routing header compression schemes, not just the CRH.
>

Hi Ron,

Agreed.


> Regarding the cost / benefit trade-off, some operators may be concerned
> about the issue that you raise. They would be willing to sacrifice a few
> bytes of overhead for the additional functionality that you propose. Other
> operators, not so much.
>

Yes, this trade-off could be one of the questions answered in the
experiment.

>
> So, it seems that we should look for a solution that a) is applicable to
> many routing header compression scheme's and b) is optional. Clause a)
> precludes a solution that is embedded in the CRH.


> What do you think of a HBH Option that displays the ultimate destination.
> This can apply to any routing header compression scheme. It is also
> optional. If you like the idea, I would support a draft.
>

No, I suspect a new HBH option for this would be overkill.

Since this is experiment, how about defining two routing header types for
CRH where last SID is compressed, and one where it's not. The additional
processing and implementation complexity for the handling two variants
shouldn't be very significant, and both could be deployed side-by-side. It
would allow us to get feedback from real use cases, particularly on rather
a FIB containing all possible final destinations is scalable.

Tom



>                                                                         Ron
>
>
>
> Juniper Business Use Only
> -----Original Message-----
> From: Tom Herbert <tom@herbertland.com>
> Sent: Friday, January 5, 2024 5:56 PM
> To: Jen Linkova <furry13@gmail.com>
> Cc: 6man <ipv6@ietf.org>; draft-ietf-6man-comp-rtg-hdr@ietf.org
> Subject: Re: [IPv6] Working Group Last Call for
> draft-ietf-6man-comp-rtg-hdr
>
> [External Email. Be cautious of content]
>
>
> Hi,
>
> I have a concern with this proposal. As I understand it, the addresses of
> all intermediate destinations and the final destination can only be
> correctly deduced with access to the external state (the CRH-FIB). In
> particular, the final destination address can no longer be deduced by
> simple inspection of the packet contents. I think it may have ramifications
> on debugging and security. I suspect this also would be a concern for SR
> CRH.
>
> This will make much hardware to track and diagnose flows in the network.
> Also, if the destination is obfuscated the TCP and UDP checksum cannot be
> validated in the network (strictly not needed, however it is done when
> debugging corrupted checksums. Even if the diagnostic tools do have access
> to the FIB, it has to be the correct FIB in time. So to do post mortem
> analysis on a flow could only be done if the correct state is accessed for
> when the packet was accessed.
>
> Security may be a problem due to the potential of misdelivery. Correct
> delivery depends on FIB state being correct and synchronized between nodes.
> Presumably, misdelivery would be detected by transport layer checksum with
> pseudo header, however not all protocols have a checksum, and RFC6936
> allows UDPv6 to be sent with a zero checksum in the case of tunnels.
>
> To avoid ambiguity and misinterpretation, I suggest that the final address
> in the SIDs should be sent uncompressed as a plain address or compressed
> using some stateless method. I think this also could reduce the size of the
> FIB table since final destinations are likely to be hosts and there may be
> an order of magnitude more hosts than routers in the network.
>
> Tom
>
> On Thu, Jan 4, 2024 at 1:09 PM Jen Linkova <furry13@gmail.com> wrote:
> >
> > This message starts a new two week 6MAN Working Group Last Call on
> > advancing "The IPv6 Compact Routing Header (CRH)" document
> > (https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ie
> >
> tf-6man-comp-rtg-hdr/__;!!NEt6yMaO-gk!CWvVGIuSGSWauTRliWk7FJg8VvZNfVPLMcMeOdaUrfqmrfb7flEI0bndmOe3UuwngN0gXiuPTOerJkI$
> ) as an Experimental document.
> >
> > Substantive comments and statements of support for publishing this
> > document should be directed to the ipv6@ietf.org mailing list.
> > Editorial suggestions can be sent to the authors.  This last call will
> > end on Jan 21 2024, 23:59:59 UTC.
> >
> > --
> > Cheers, Jen Linkova on behalf of 6MAN chairs
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests:
> > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/ipv6
> > __;!!NEt6yMaO-gk!CWvVGIuSGSWauTRliWk7FJg8VvZNfVPLMcMeOdaUrfqmrfb7flEI0
> > bndmOe3UuwngN0gXiuPTMIkwPI$
> > --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email