IETF Logo Mail Archive

Re: [spring] CRH is not needed - Re: How CRH support SFC/Segment Endpoint option?

Robert Raszuk <robert@raszuk.net> Tue, 26 May 2020 21:17 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CFAA3A0808 for <spring@ietfa.amsl.com>; Tue, 26 May 2020 14:17:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W7FWTgigK8-x for <spring@ietfa.amsl.com>; Tue, 26 May 2020 14:17:16 -0700 (PDT)
Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC7F73A0827 for <spring@ietf.org>; Tue, 26 May 2020 14:17:15 -0700 (PDT)
Received: by mail-ed1-x52e.google.com with SMTP id be9so18883771edb.2 for <spring@ietf.org>; Tue, 26 May 2020 14:17:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lrPb1RaQf/tnpL6+HIagE+vgLTpbiqcHJJ0rAzD/5aU=; b=fCI/6ZXgj9tBHXNPan0UYDPEoPn8KkbxXEXID8txyhCVYVpCgvwO6t0xaTIu7ASBVd /5TcOKe9a2eAuZWZwfAAlOfma8BxnXQA9vkyBV6uk7oEFSsVtuCo3ckn080C/MN4YfZh HmzHf+rve2fpCzUOAZxHPzwB9TS4nwJrl0YbZfcfyWAwI1BBVteOwlYOOJOg+o37Crd9 qvxK487A5D2nw1pFRd4FazmmvPm3+hN98sgW2/6aatXA3FEjno2bEv0o7REbAHygIrv/ CfSkA5L8j0x/eXKsKx1CklaqOyXVOCWCLiP3np9STIBqbTso69EoZMXHsLIUKxONOzAU N4xg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lrPb1RaQf/tnpL6+HIagE+vgLTpbiqcHJJ0rAzD/5aU=; b=OqOznuuVI18MP63+vNm2TJbafOY23Y5RGEKBCrsUDEHIgVobCcGBuy1mrDU2a9qHgL v5vjm6Shv1dzoPOyyJWezt2/d1eOZDbCUUZYE+/cnRsL6nx2p+iWliJ4Y64qPiI5qJzn MyXf3Xct4Ay/xJbUtDnQ0KK/sBCZDKC4JLfmFeq05AbP4n1Ifj+ewBClUT518MHR8+Px xHs46JMkf02nsnv5R1m/9DXDhcFBBJWLGYSZn+b0ChGkhA61fWLgWgIa1ha/IqeUtE+I tnsbsJzxm1NBfCUZHw2Xsf4hm1UPTwX6XHLk5jJquX1JJW7s9FL8cdR2fT9O4ehWSNB8 EkBg==
X-Gm-Message-State: AOAM531zcj/3f4k10qJanvtUiBcnRWjl+GD5xx2HxFVJW2A+e+itKjD/ MPDUFtkc7aO6aLZf162kGK3RZiR0qfGf1IYpPQCX9w==
X-Google-Smtp-Source: ABdhPJzAG+FooJQQQCFKK5KUn35n9r9hjnUNP71pdfbwcAUtmxoXNvYOJ452l5vF0yZ6HUAzfswMTHbAKYtI92UU8u8=
X-Received: by 2002:aa7:d2d0:: with SMTP id k16mr21376896edr.272.1590527833186; Tue, 26 May 2020 14:17:13 -0700 (PDT)
MIME-Version: 1.0
References: <CAOj+MMHRAuT1931reBLe-1UQ5gac4RmCtybk-OXn03atoAjDkA@mail.gmail.com> <5265F3D0-BAB8-41E3-B932-85ED4DEDA468@steffann.nl> <DB768488-AC2B-4B2B-A2FC-F8E07B88356C@juniper.net>
In-Reply-To: <DB768488-AC2B-4B2B-A2FC-F8E07B88356C@juniper.net>
From: Robert Raszuk <robert@raszuk.net>
Date: Tue, 26 May 2020 23:17:04 +0200
Message-ID: <CAOj+MMH-26mc-rSQAOTmNWBBESor66EsnaqUgGyXMCJYyAtE=A@mail.gmail.com>
To: John Scudder <jgs@juniper.net>
Cc: Sander Steffann <sander@steffann.nl>, Ron Bonica <rbonica@juniper.net>, 6man <6man@ietf.org>, "Zafar Ali (zali)" <zali@cisco.com>, "spring@ietf.org" <spring@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000080b9f105a6939e27"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/0J30Zpk6rmhy6widu__Gqvdbp0E>
Subject: Re: [spring] CRH is not needed - Re: How CRH support SFC/Segment Endpoint option?
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 May 2020 21:17:24 -0000

Hi John,

That is indeed an interesting point. Honestly in all of my personal and
business interests I want to use any of those technologies (of course with
RbR preference) for engineering SDWANs. So clearly Internet transit
applies.

But then I have just one question:

- In what context have we spent so many emails discussing "escaping packets
to the Internet" or protecting infrastructure (SID addresses from "entering
your network from Internet" ?

Kind regards,
R.





On Tue, May 26, 2020 at 10:44 PM John Scudder <jgs@juniper.net> wrote:

> On May 26, 2020, at 3:52 PM, Sander Steffann <sander@steffann.nl> wrote:
>
>
> Source and destination are in the same domain. Who says that the domain is
> contiguous? Let's change the example to main and branch offices. Same
> administrative domain, while still traversing the internet.
>
>
> This is an interesting point. You can protect it with AH to address
> security concerns about sending the CRH across the big-I Internet, too. I
> feel like it provides another illustration of the “look at the benefits you
> get if you work within an existing architecture instead of trying to invent
> a whole new one” case. You didn’t have to invent a whole new security
> architecture of your own — you fit into an existing architecture, and got
> to inherit its security properties.
>
> $0.02,
>
> —John
>

v2.23.0 | Report a Bug | By Email