IETF Logo Mail Archive

RE: 6man w.g. last call for <draft-ietf-6man-segment-routing-header-11.txt>

Ron Bonica <rbonica@juniper.net> Thu, 05 April 2018 21:07 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1529212D7F2 for <ipv6@ietfa.amsl.com>; Thu, 5 Apr 2018 14:07:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C-VeDL9oT5B3 for <ipv6@ietfa.amsl.com>; Thu, 5 Apr 2018 14:06:52 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D44912E85E for <ipv6@ietf.org>; Thu, 5 Apr 2018 14:06:52 -0700 (PDT)
Received: from pps.filterd (m0108163.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w35L5EXb005548; Thu, 5 Apr 2018 14:06:48 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=PPS1017; bh=kFxJ4xQ0vJJEysnMmRm7ZwROEjou+0xPU6lTf4ZJ728=; b=jDtph+1sHiz2MgooVa39oliGtvihh9hpi6nBXskTWGQbga247xiBKV4GvBpesNqWw55o sOoi8wXUJdGTKCJw8OFyiUxeMYGNbfZx3szkR5Ewo33awyzVoi14FZyoaYiKvoNUYwaN hNQrzD9TNxB7fR4vquuIE6rIm+izBEBscjnH8GQjaSr4J0kAS2OC8VIIbYqPj1RmyS6+ SbnY/aYvFlSpwweE37BcT6h2U/cjm5EpGr3IyvmrIfjxwvRNIwFgmBMmsK8su4IHjU9A d/SvH46cTfv6f72rN7XhY2kgUzFdAvwHGh0gBnvcqqonmAr6JCWl3AnCOcNmczTpM/NQ 6A==
Received: from nam02-sn1-obe.outbound.protection.outlook.com (mail-sn1nam02lp0023.outbound.protection.outlook.com [216.32.180.23]) by mx0b-00273201.pphosted.com with ESMTP id 2h5r310f8e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 05 Apr 2018 14:06:48 -0700
Received: from SN6PR05MB4240.namprd05.prod.outlook.com (52.135.67.146) by SN6PR05MB4173.namprd05.prod.outlook.com (52.135.67.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.675.3; Thu, 5 Apr 2018 21:06:46 +0000
Received: from SN6PR05MB4240.namprd05.prod.outlook.com ([fe80::59a2:13ab:6110:35af]) by SN6PR05MB4240.namprd05.prod.outlook.com ([fe80::59a2:13ab:6110:35af%13]) with mapi id 15.20.0675.004; Thu, 5 Apr 2018 21:06:46 +0000
From: Ron Bonica <rbonica@juniper.net>
To: "Darren Dukes (ddukes)" <ddukes@cisco.com>
CC: stefano previdi <stefano@previdi.net>, IPv6 List <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
Subject: RE: 6man w.g. last call for <draft-ietf-6man-segment-routing-header-11.txt>
Thread-Topic: 6man w.g. last call for <draft-ietf-6man-segment-routing-header-11.txt>
Thread-Index: AQHTx5zaEut14AfnNkml+3dwg8ha1aPwy/HQgAEmJACAAInx4IAAIDyAgAASrYA=
Date: Thu, 05 Apr 2018 21:06:46 +0000
Message-ID: <SN6PR05MB4240DCD7B55FAAE93D31BF75AEBB0@SN6PR05MB4240.namprd05.prod.outlook.com>
References: <20160428004904.25189.43047.idtracker@ietfa.amsl.com> <FB1C6E49-81F7-49DD-8E8B-2C0C4735071B@gmail.com> <SN6PR05MB424035B6FECB0057676067B1AEA40@SN6PR05MB4240.namprd05.prod.outlook.com> <87EAF1D7-FC8A-4661-990E-ECCF4AA7C12E@previdi.net> <SN6PR05MB42406D76603C4D7E1B3BE321AEBB0@SN6PR05MB4240.namprd05.prod.outlook.com> <11D3A431-705F-49F8-8F8B-F0668B9289B8@cisco.com>
In-Reply-To: <11D3A431-705F-49F8-8F8B-F0668B9289B8@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.129.241.10]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN6PR05MB4173; 7:Oh9VYrAY7utoDapR1l6ReP0/8yRRZ0a6x1m/Gj+jkNI3EDiXinq2FqD82uulf3pj9Z6iiAKTJexmGHVOJ7O4TgK3xLt0T2/Tuwg4y36WunSMP01aCcFW4ivoycRMVDNsCy1XH10Zm3yAVOdJLjumd8EuT7MUI9SPoBOm6JhwDnt/PQiT0P7LChjIEVgK/n+FI/acWZA/DfxbCn9w1/ocjX/uhitIdfC9FJD5g8UlxAZjyn+vUejr0QAaFAkdfqbU
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 37ef2082-f579-4011-8305-08d59b392414
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(3008032)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:SN6PR05MB4173;
x-ms-traffictypediagnostic: SN6PR05MB4173:
x-microsoft-antispam-prvs: <SN6PR05MB41739CF2C26CE447DD51C50CAEBB0@SN6PR05MB4173.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(10436049006162)(138986009662008)(85827821059158)(95692535739014);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(3231221)(944501327)(52105095)(93006095)(93001095)(10201501046)(6055026)(6041310)(20161123562045)(20161123558120)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(6072148)(201708071742011); SRVR:SN6PR05MB4173; BCL:0; PCL:0; RULEID:; SRVR:SN6PR05MB4173;
x-forefront-prvs: 06339BAE63
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(396003)(39380400002)(39860400002)(346002)(376002)(51444003)(189003)(199004)(13464003)(68736007)(2906002)(81156014)(8936002)(4743002)(6916009)(74316002)(5250100002)(105586002)(9686003)(6306002)(3846002)(55016002)(6116002)(316002)(53936002)(5660300001)(229853002)(14454004)(478600001)(3660700001)(33656002)(25786009)(3280700002)(102836004)(59450400001)(53546011)(6506007)(6246003)(26005)(7736002)(66066001)(106356001)(966005)(11346002)(4326008)(186003)(476003)(81166006)(7696005)(446003)(486006)(305945005)(39060400002)(6436002)(2900100001)(99286004)(76176011)(93886005)(54906003)(575784001)(97736004)(86362001)(8676002)(19627235001); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR05MB4173; H:SN6PR05MB4240.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: mZK74Sg7mMsB7IKsUclkruYqvF+lCK+BfErO7cTWAEBEDRRr+DTF4bNXdSKTNsKSwrhFF5aLMluqr4Ekvsy2Wbi7nhG9s2xrZxB63Xbmu5OKdfvQ+lV6kPhuVZU70YxsIeOUClibhrW9oawlJ2MI1vkDS0l4qpR9flCRMRgXdLtZmaeeCgHRNQXEDL0mq0qjVTBzrlqTRbxARmQQzEcFKMIHxEKjmpU4qZN3lF5EVwLLya3QozAVwoTnUTt3mjWlSxTSVMniIiR3Nytny+zxp/5GXXjuSoYmpQWCD/TAX2wipQi9yejOpq93XnzYCMQWQ3PVJStw00Lhli4bajxxaC0Oy02DAoBAReUFDDX4MZ+xMVyvOHb8Ta+D4eniN1l2HaOlb+RwQxHqa7PtvepfiwExuYApqlAdj8hkipE8z6k=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 37ef2082-f579-4011-8305-08d59b392414
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Apr 2018 21:06:46.2933 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR05MB4173
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-04-05_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1804050213
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/zQ0DgDnVLX1H_Ga_95PjZynNAaU>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Apr 2018 21:07:01 -0000

Darren,

Thanks! I am feeling much better than yesterday!

I think that we are getting to the bottom of that subtle difference between SL in RFC 8200 and SL in draft-ietf-6man-segment-routing-header.

In RFC 8200, a node receives a packet that satisfies the following conditions:

- IPv6 Destination Address is local to the node
- Packet contains a Routing Extension Header
- Routing Extension Header SL value is equal to 0

The correct behavior is to skip over the Routing Extension Header and process the next header. The Routing Extension Header has already been completely processed by upstream nodes. In fact it doesn't even matter if the node recognizes the Routing Extension Type. The node will skip over it, regardless of its type.

In draft-ietf-6man-segment-routing-header, a node receives a packet that satisfies the same conditions.

The required behavior is to process the instruction in Segment List [0]. When I has done this, the Routing Extension Header will be completely processed. The node better recognize the SRH, because skipping the instruction might be dangerous.

The difference between SL in RFC 8200 and SL in draft-ietf-6man-segment-routing is subtle, but significant.

                                                                         Ron

> -----Original Message-----
> From: Darren Dukes (ddukes) <ddukes@cisco.com>
> Sent: Thursday, April 5, 2018 3:39 PM
> To: Ron Bonica <rbonica@juniper.net>
> Cc: stefano previdi <stefano@previdi.net>; IPv6 List <ipv6@ietf.org>; Bob
> Hinden <bob.hinden@gmail.com>
> Subject: Re: 6man w.g. last call for <draft-ietf-6man-segment-routing-
> header-11.txt>
> 
> Hi Ron, I’m glad you’re feeling a bit better.
> 
> 
> 
> Your analysis of SL is not correct.  Both 2460, 8200 and SRH say the same thing
> for SL==0 but you’re getting stuck on what 'the index, in the Segment List, of
> the next segment to inspect’ means.
> 
> 
> 
> Using the same example from 2460 section 4.4 but modifying for the
> Segment List[] defined in SRH.
> 
> 
> 
>  As the packet travels from S to I1:
> 
>         Source Address = S                  Hdr Ext Len = 6
> 
>         Destination Address = I1            Segments Left = 3
> 
>                                             Segment List[0] = D
> 
>                                             Segment List[1] = I3
> 
>                                             Segment List[2] = I2
> 
>                                             Segment List[3] = I1
> 
>    As the packet travels from I1 to I2:
> 
>         Source Address = S                  Hdr Ext Len = 6
> 
>         Destination Address = I2            Segments Left = 2
> 
>                                             Segment List[0] = D
> 
>                                             Segment List[1] = I3
> 
>                                             Segment List[2] = I2
> 
>                                             Segment List[3] = I1
> 
>   As the packet travels from I2 to I3:
> 
>         Source Address = S                  Hdr Ext Len = 6
> 
>         Destination Address = I3            Segments Left = 1
> 
>                                             Segment List[0] = D
> 
>                                             Segment List[1] = I3
> 
>                                             Segment List[2] = I2
> 
>                                             Segment List[3] = I1
> 
>    As the packet travels from I3 to D:
> 
>         Source Address = S                  Hdr Ext Len = 6
> 
>         Destination Address = D             Segments Left = 0
> 
>                                             Segment List[0] = D
> 
>                                             Segment List[1] = I3
> 
>                                             Segment List[2] = I2
> 
>                                             Segment List[3] = I1
> 
> SL always points to the "next segment to inspect", that segment is also in the
> Destination Address.
> 
> For example between I1 and I2, the next segment to inspect is I2, the SL==2
> which is the index in Segment List of I2.
> 
> The same is true for I3 to D where SL==0, the next segment to inspect is D,
> but the SRH need not be processed because SL==0.
> 
> 
> 
> Section 4.1 of SRH shows this quite clearly in its description of the END
> function where SL is decremented then the Segment at SRH[SL] is used to
> update the Destination Address.
> 
> 1. IF SegmentsLeft > 0 THEN
> 
> 2.    decrement SL
> 
> 3.    update the IPv6 DA with SRH[SL]
> 
> 4.    FIB lookup on updated DA
> 
> 5.    forward accordingly to the matched entry
> 
> 8.  ELSE
> 
> 7.    drop the packet
> 
> 
> 
> 
> 
> I hope this clears up the confusion.
> 
> 
> 
> Darren
> 
> 
> 
> > On Apr 5, 2018, at 2:44 PM, Ron Bonica <rbonica@juniper.net> wrote:
> 
> >
> 
> > Hi Stephano,
> 
> >
> 
> > I'm glad you asked this question. RFC 8200 and draft-ietf-6man-segment-
> routing-header define Segments Left (SL) differently. The difference is a bit
> subtle and took me a few readings to catch.
> 
> >
> 
> > RFC 8200 defines SL as follows:
> 
> >
> 
> > "8-bit unsigned integer.  Number of route  segments remaining, i.e.,
> number of explicitly listed intermediate nodes still to be visited before
> reaching the final destination."
> 
> >
> 
> > Therefore, if a packet arrives at a node and the following conditions are
> true, the node skips over the Routing Extension Header and processes the
> next header:
> 
> >
> 
> > - The packets IPv6 Destination address is local to the node
> 
> > - The packet contains a Routing Extension Header
> 
> > - The SL value in the Routing Extension Header is equal to 0
> 
> >
> 
> > In RFC 2460, Routing Extension Type RH0 was compliant with this behavior.
> The description of RHO (RFC 2460, Section 4.4) explains how RH0 used to
> process SL, offering pseudocode and an example. Between the publication
> of RFC 2460 and RFC 8200, RHO was deprecated for other reasons. Therefore,
> the detailed example of SL handling was not brought forward into RFC 8200.
> 
> >
> 
> > But even though this example was not brought forward into RFC 8200, it
> explains why RFC 8200 says:
> 
> >
> 
> > "If, while processing a received packet, a node encounters a Routing
> header with an unrecognized Routing Type value, the required behavior of
> the node depends on the value of the Segments Left field, as  follows:
> 
> >
> 
> > If Segments Left is zero, the node must ignore the Routing header and
> proceed to process the next header in the packet, whose type is identified
> by the Next Header field in the Routing header.
> 
> >
> 
> > If Segments Left is non-zero, the node must discard the packet and  send
> an ICMP Parameter Problem, Code 0, message to the packet's Source
> Address, pointing to the unrecognized Routing Type."
> 
> >
> 
> > This is because an SL value of 0 means that the Routing Extension Header
> has already been completely processed by upstream nodes. Even if the node
> recognized the Routing Type, it still would skip over it.
> 
> >
> 
> > By contrast, draft-ietf-6man-segment-routing header defines the
> Segments Left as follows:
> 
> >
> 
> > "Defined in [RFC8200], it contains the index, in the Segment List, of the
> next segment to inspect.  Segments Left  is decremented at each segment.
> 
> >
> 
> > Therefore, if a packet arrives at a node and the following conditions are
> true, the node processes Segment[0]:
> 
> >
> 
> > - The packets IPv6 Destination address is local to the node
> 
> > - The packet contains a Routing Extension Header
> 
> > - The SL value in the Routing Extension Header is equal to 0
> 
> >
> 
> > This is different from the behavior described in RFC 8200 and 2460. It also
> raises two questions:
> 
> >
> 
> > - If the node doesn't recognize SRH, is it safe to ignore the SRH, as
> recommended by RFC 8200
> 
> > - If the node does recognize SRH and the segment requires decapsulation
> and forwarding, are Extension Headers that follow SRH (e.g. Fragment,
> Destination Options) ignored?
> 
> >
> 
> >                                                             Ron
> 
> >
> 
> >
> 
> >> -----Original Message-----
> 
> >> From: stefano previdi <stefano@previdi.net>
> 
> >> Sent: Thursday, April 5, 2018 5:30 AM
> 
> >> To: Ron Bonica <rbonica@juniper.net>
> 
> >> Cc: Bob Hinden <bob.hinden@gmail.com>; IPv6 List <ipv6@ietf.org>
> 
> >> Subject: Re: 6man w.g. last call for <draft-ietf-6man-segment-routing-
> 
> >> header-11.txt>
> 
> >>
> 
> >> Ron,
> 
> >>
> 
> >> on comment 5:
> 
> >>
> 
> >>
> 
> >>> Section 2.2 SRv6 Segment (Comment 5)
> 
> >>>
> 
> >>> According to RFC 8200:
> 
> >>>
> 
> >>> "If, while processing a received packet, a node encounters a Routing
> 
> >> header with an unrecognized Routing Type value, the required behavior
> of
> 
> >> the node depends on the value of the Segments Left field, as follows:
> 
> >>>
> 
> >>> -  If Segments Left is zero, the node must ignore the Routing header and
> 
> >> proceed to process the next header in the packet, whose type is
> identified
> 
> >> by the Next Header field in the Routing header.
> 
> >>>
> 
> >>> -  If Segments Left is non-zero, the node must discard the packet and
> send
> 
> >> an ICMP Parameter Problem, Code 0, message to the packet's Source
> 
> >> Address, pointing to the unrecognized Routing Type."
> 
> >>>
> 
> >>> This is safe, so long as all Routing Extension Types use SL == 0  to indicate
> 
> >> that the Routing Extension Header has been completely processed. It is
> may
> 
> >> not be safe when SL == 0 means that one more segment needs to be
> 
> >> processed.
> 
> >>>
> 
> >>> In the SRH, SL == 0 indicates that one more segment needs to be
> 
> >> processed.
> 
> >>
> 
> >>
> 
> >> sorry, I don’t understand.
> 
> >>
> 
> >> Can you point me the text in draft-ietf-6man-segment-routing-header
> that
> 
> >> states that ?
> 
> >>
> 
> >> If it’s the case it should be obviously corrected.
> 
> >>
> 
> >> SL==0 means the packet is traveling within the last segment.
> 
> >>
> 
> >> draft-ietf-6man-segment-routing-header does not modify the semantic
> of
> 
> >> “Segments Left”.
> 
> >>
> 
> >> It does modify the way segment list is encoded (that’s one of the reason
> it’s
> 
> >> a different routing header type) but not the "Segments Left” field
> semantic.
> 
> >>
> 
> >> s.
> 
> >>
> 
> >>
> 
> >>
> 
> >>
> 
> >
> 
> > --------------------------------------------------------------------
> 
> > IETF IPv6 working group mailing list
> 
> > ipv6@ietf.org
> 
> > Administrative Requests:
> https://urldefense.proofpoint.com/v2/url?u=https-
> 3A__www.ietf.org_mailman_listinfo_ipv6&d=DwIGaQ&c=HAkYuh63rsuhr6S
> cbfh0UjBXeMK-ndb3voDTXcWzoCI&r=Fch9FQ82sir-BoLx84hKuKwl-
> AWF2EfpHcAwrDThKP8&m=WmPR-
> DmQkiyFhWqdRohhiCg015eX46xGJmHofETXsM0&s=7bmAIXTGfcwjaJMMnP
> w7zYDgOQmzyIQ66CYofnt72Dw&e=
> 
> > --------------------------------------------------------------------
> 
>

v2.23.0 | Report a Bug | By Email