IETF Logo Mail Archive

Re: Extension Header Insertion

Gyan Mishra <hayabusagsm@gmail.com> Mon, 09 December 2019 16:33 UTC

Return-Path: <hayabusagsm@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 830C112000F for <ipv6@ietfa.amsl.com>; Mon, 9 Dec 2019 08:33:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nLZD5mDW7HSj for <ipv6@ietfa.amsl.com>; Mon, 9 Dec 2019 08:33:31 -0800 (PST)
Received: from mail-io1-xd30.google.com (mail-io1-xd30.google.com [IPv6:2607:f8b0:4864:20::d30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5789A120096 for <6man@ietf.org>; Mon, 9 Dec 2019 08:33:31 -0800 (PST)
Received: by mail-io1-xd30.google.com with SMTP id u7so15424312iop.5 for <6man@ietf.org>; Mon, 09 Dec 2019 08:33:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=co0TBNa7vOT4p6Unl7J26u35kg4EX1Qpedz3qNfl62g=; b=NUhw0bOQsWp/mI3L6KLmMptmZ44ocKOtRLk1oDuvWC8iBoAqfBYZGQiI8Syz7n4psm shoPGsUUzm/aefUUmfiVG8Jff9y9YwqX6/Z9kUHsyBLALdoh0oX+0OgK08HSLUk14aI4 14Lz685DPfiyr8o8UVd3yVdsCyfrZNLtz5/nSLALSMBK/39toVF/Ig8Gjh8+J2qnuNgA OcxAGiys3YsVB5+H3Xf7X/iC33ggDzSOlqEL3K6Xbq1cNhJ7R7Q89DSMz7/HnMRVN9rI +ocrGFvyfBsHMsJ7NmyAXrTkSF/pDvK28r4cX8q0ovBXCAgGUt2115d0NTyo2JsmoPav PA2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=co0TBNa7vOT4p6Unl7J26u35kg4EX1Qpedz3qNfl62g=; b=e7/GYhPaZ5x6pvq+8xzELjdKOrbalLdIWno/LIPJRR9MXNisBRQnewYIVdOcDbpK8+ vxFQb+v7zAe0iftptd4AZX1RoyMJLsC41iSOMTXkYk0yJWJMrdSaYD20hnEUKJFBuZWn TGR3cVCZjtlE+20k5VsaWXdSSmSbKDAjCJ/Ig2T13AfEJukuR2Qchnfn3IohuYTx7VWD HJ2LrySF+m1nrLVtRMhbk+Ziriy66orG4i0hOcRQK2ZzCgHbwr8KAaSv1PoKXOIzFPK0 ctUzwnjgrycMzlZZ4x38inr4RUrxzinCC0Szf0PZhq0ApYgk5bCF9x1PtAGHvQnU/tV3 5SPw==
X-Gm-Message-State: APjAAAUq2jHaZtiyllI5eKYKXPuzEASylmPc9J9rqwaTx+ed7UucBYit uG1fsMzzwTuSfmJmCwvZUnBc1mhZLCB6NovMDPZNqg==
X-Google-Smtp-Source: APXvYqx8Bkbw0sWWb7D9ZkvGRaFZTmAnAeyvepLf82L/5WANB1tOeVoOYuQ8CkGY6aE2sJuWKEL6lMWtjjMvHDq1dFE=
X-Received: by 2002:a02:2a08:: with SMTP id w8mr28024130jaw.3.1575909210358; Mon, 09 Dec 2019 08:33:30 -0800 (PST)
MIME-Version: 1.0
References: <BN7PR05MB5699D9BA988F96E2F41CD390AE580@BN7PR05MB5699.namprd05.prod.outlook.com> <00dc01d5ae73$c361b450$4a251cf0$@olddog.co.uk> <BN7PR11MB25946B6A525A7D74B2479F17C8580@BN7PR11MB2594.namprd11.prod.outlook.com> <01c401d5aea5$f3b0ba20$db122e60$@olddog.co.uk>
In-Reply-To: <01c401d5aea5$f3b0ba20$db122e60$@olddog.co.uk>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Mon, 09 Dec 2019 11:31:06 -0500
Message-ID: <CABNhwV0H5T1e+D2fOwUNsZptaXbn_of7vP5MwQ7MXRbt=1F4WQ@mail.gmail.com>
Subject: Re: Extension Header Insertion
To: adrian@olddog.co.uk
Cc: 6man <6man@ietf.org>, "Darren Dukes (ddukes)" <ddukes@cisco.com>
Content-Type: multipart/alternative; boundary="000000000000ae8a7e059947f4b6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/z589RoxxCXBhvMa3ZAe7Tz65Vf4>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Dec 2019 16:33:34 -0000

Hi Adrian

When the 2nd SRH is added at the PLR node for TI-LFA how does the PLR node
know that it should now proceed with processing the 2nd SRH added and not
continue using the 1st SRH.  For TI-LFA the backup path around the node
that failed would be referenced using the 2nd SRH which is associated with
the fast reroute operational during a node failure for path protection.
The 1st SRH would be used for nomal conditions non failure scenario.  So
how does the SRv6 capable node know which SRH to use when two or mode are
present for each of the distinct scenarios.

Which draft is that documented in for my reference.

Also I was wondering it seems their is a scenario during migration to SRv6
where you don’t have to have all your routers be SRV6 capable day 1 and all
that is required is all nodes in the SRv6 domain have IPv6 routing enabled
for the IPv6 data plane to be present.  From a migration perspective Best
Effort L3 VPN it sound like would be the first step and basically none of
the nodes are SRv6 enabled and no SRH is present however all L3 VPN
services sit as overlay BGP services encapsulated in IPv6.  The next step
would be to SRv6 enable all PEs so that the SRH eh can be added for source
routing the customer traffic.  During that 2nd step only a single SRH
exists and that is added by the SR domain ingress PE source node to the FEC
destination.  A 3rd and final step would be to upgrade all nodes to be SRv6
capable at which time any node could be a PLR node for TI-LFA fast reroute
and that’s where the 2nd SRH eh header is added.  In end state
hypothetically you can many nodes in the domain in a failure state
initiating FRR at the PLR node and using the backup path.  So in practice
practical application you would not have the additional SRH EH added pre
built also thinking of this from a path perspective.  With TI-LFA the PLR
node builds a tunnel the PQ node endpoint.  I am referencing terminology
used my Remote LFA tunneling when an additional label is added at the PLR
junction point to to the PQ node tunnel termination endpoint where the
label added on PLR node is removed by the PQ node.  I believe SRv6 TI-LFA
works similarly to MPLS   ldp remote LFA where an MPLS label as added
tunneling to PQ node.

So with SRv6 TI-LFA is an encapsulation added with the SRH header similar
to MPLS ldp remote LFA.  If so then that is the case then the added SRH EH
is part the new outer layer 6in6 encapsulation and now its obvious it will
use the SRH added as part of the encapsulation and then upon reaching the
PQ tunnel endpoint node competing the fast reroute the outer header added
at the PLR node is then popped.  So now you are left with the single
original SRH that was inserted at the SRv6 source PE node.  So since the
path is linear drawing a straight line across the SRv6 domain whenever a
failure occurs the TI-LFA encap and SRH would be added at the PLR node and
subsequently removed at the PQ node.

So then you would from what I can tell based on the packet walk in my head
you would at an given point in time never have more then two SRH eh
inserted and each SRH would be part of a different outer header.  So in
theory you would never have to SRH headers with the same outer header as
Ron depicted.

Please let me know if I am way off on my thinking.


Kind regards,

Gyan

On Mon, Dec 9, 2019 at 10:33 AM Adrian Farrel <adrian@olddog.co.uk> wrote:

> Hello Darren,
>
>
>
> Thanks for your considered and friendly reply.
>
>
>
> Thanks for the additional pointer to 8200. I (of course) was not involved
> in the production of that document, but I read it as doing two things:
>
>    1. Setting the high-level behaviour for general processing.
>    This is the text you quote.
>    2. Giving detailed rules about specific EHs for order and presence.
>    The text I quoted.
>
>
>
> So I would be guided by 8200 to not expect to see a second routing header
> (e.g., SRH).
>
>
>
> Of course, I might implement to see the second one and treat it as an
> unknown EH. That would be good self-protection code.
>
>
>
> Now, I said “Thus we may assume that the proponents of Extension Header
> insertion do think that it is acceptable to insert a second routing header
> into a packet that already has one.” And you said “I do not agree with
> your assumptions”. So can I take it that you do not think it is acceptable
> to insert a second SRH into a packet that already has one?
>
>
>
> Thanks,
>
> Adrian
>
>
>
> *From:* Darren Dukes (ddukes) <ddukes@cisco.com>
> *Sent:* 09 December 2019 13:31
> *To:* adrian@olddog.co.uk; 'Ron Bonica' <rbonica=
> 40juniper.net@dmarc.ietf.org>; '6man' <6man@ietf.org>
> *Subject:* Re: Extension Header Insertion
>
>
>
> Hi Adrian. You failed to quote the section of rfc 8200 where it says “IPv6
> nodes must accept and attempt to process extension headers in
>
>    any order and occurring any number of times in the same packet,”
>
>
>
> I do not agree with your assumptions nor the attempt to imply something
> about the Other drafts.
>
>
>
> Darren.
>
>
> ------------------------------
>
> *From:* ipv6 <ipv6-bounces@ietf.org> on behalf of Adrian Farrel <
> adrian@olddog.co.uk>
> *Sent:* Monday, December 9, 2019 4:34 AM
> *To:* 'Ron Bonica'; '6man'
> *Subject:* RE: Extension Header Insertion
>
>
>
> Hi Ron,
>
>
>
> I think we can jump to a quick answer on this because
> draft-ietf-spring-srv6-network-programming-05 says:
>
>
>
>    We assume that the SRH may
>
>    be present multiple times inside each packet.
>
>
>
> Thus we may assume that the proponents of Extension Header insertion do
> think that it is acceptable to insert a second routing header into a packet
> that already has one.
>
>
>
> And 8200 is clear when it says:
>
>    Each extension header should occur at most once, except for the
>
>    Destination Options header, which should occur at most twice (once
>
>    before a Routing header and once before the upper-layer header).
>
>
>
> So draft-ietf-spring-srv6-network-programming-05 includes a false
> assumption which need to be either removed or secured through an update to
> 8200.
>
>
>
> Ideally, I suppose, draft-ietf-6man-segment-routing-header would have
> contained the clarification that the SRH could be present multiple times
> (updating 8200 as it went).
>
>
>
> Cheers,
>
> Adrian
>
>
>
> *From:* ipv6 <ipv6-bounces@ietf.org> *On Behalf Of *Ron Bonica
> *Sent:* 09 December 2019 03:04
> *To:* 6man <6man@ietf.org>
> *Subject:* Extension Header Insertion
>
>
>
> Folks,
>
>
>
> This question is posed primarily to the proponents of Extension Header
> insertion.
>
>
>
> Do you think that it is acceptable to insert a second routing header into
> a packet that already has one, so the resulting packet looks like the
> following:
>
>
>
>    - IPv6 header
>    - SRH
>    - SRH
>    - Upper-layer header
>
>
>
> Would this be common in TI-LFA?
>
>
>
>                                                                       Ron
>
>
>
>
>
> Juniper Business Use Only
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>
-- 

Gyan S. Mishra

IT Network Engineering & Technology

Verizon Communications Inc. (VZ)

13101 Columbia Pike FDC1 3rd Floor

Silver Spring, MD 20904

United States

Phone: 301 502-1347

Email: gyan.s.mishra@verizon.com

www.linkedin.com/in/networking-technologies-consultant

v2.23.0 | Report a Bug | By Email