Re: [spring] SRv6 Network Programming - ICMP Source Address Selection

"Joel M. Halpern" <jmh@joelhalpern.com> Mon, 13 January 2020 18:29 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99D95120946 for <spring@ietfa.amsl.com>; Mon, 13 Jan 2020 10:29:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QVmSYk97PTE8 for <spring@ietfa.amsl.com>; Mon, 13 Jan 2020 10:29:15 -0800 (PST)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0FAD12088C for <spring@ietf.org>; Mon, 13 Jan 2020 10:29:15 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 47xMYl57KSz1nyqB; Mon, 13 Jan 2020 10:29:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1578940155; bh=V3GspQ7ecKcCauzzbvK3k6638LEF8wE1/etfDi7PbiA=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=HNXGoX7sMiTRwQ+LHmpxaMFEWzpnXo4Djj76t3Vxwyz4apgfhlqYQAmzhAs2dSQel Uya9GSg9zsPlwP1bSDmi+YcKTFm9/yP4y1ilYBUJi/nKhkOmx7yd06FY8Fiv+EUaR8 y1YsJOKOEWQm23ad/HmacYJFrJm0JAG9P8HTkFIY=
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from [192.168.128.43] (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 47xMYl0X7Lz1nymv; Mon, 13 Jan 2020 10:29:14 -0800 (PST)
To: "Pablo Camarillo (pcamaril)" <pcamaril@cisco.com>, "rbonica@juniper.net" <rbonica@juniper.net>
Cc: "spring@ietf.org" <spring@ietf.org>
References: <B91AA98B-F605-4C6B-AFAF-C9FDEA703460@cisco.com> <BN7PR05MB5699B27F84C5E8051028D97AAE2C0@BN7PR05MB5699.namprd05.prod.outlook.com> <44F0ED35-5684-4594-BB29-BDCC193284A4@cisco.com> <BN7PR05MB39386FA6A2666370FF07FAA7AE3F0@BN7PR05MB3938.namprd05.prod.outlook.com> <CEB721B4-DA87-4838-BA6D-499D38A33936@cisco.com> <BN7PR05MB3938FEE1C2F83C919D4CFA2AAE380@BN7PR05MB3938.namprd05.prod.outlook.com> <DF0DC4A0-37D7-4943-BFC2-D152BB9E8D38@cisco.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <3b5c9226-6c3a-0670-9f7f-c8dbf363f5d9@joelhalpern.com>
Date: Mon, 13 Jan 2020 13:29:10 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
MIME-Version: 1.0
In-Reply-To: <DF0DC4A0-37D7-4943-BFC2-D152BB9E8D38@cisco.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/0kbyd-I9Vn7IAd6Vp_u5GN6jcuU>
Subject: Re: [spring] SRv6 Network Programming - ICMP Source Address Selection
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jan 2020 18:29:18 -0000

Let me try asking the question a different way.  (I hope I understand 
Ron;s question.)

RFC 4443 clearly allows the ICMP source to be the destination address of 
the offending packet.  You seem to be saying that sometimes that is okay 
for SRH  / network programming.

At the same time, the SRH document and the network programming document 
are both quite clear that SRv6 SIDs are not IPv6 addresses.  They are 
other kinds of things that can be prefix routed.
If SRv6 SIDs are NOT IPv6 addresses, then there would seem to be a 
problem with putting them in the source address field of an ICMP 
message.  There is no document that describes or allows anything other 
than an IPv6 address as the source address of an IPv6 ICMP.

It seems like it ought to be possible to clarify this with some text. 
It does seem that something ought to be said.

Yours,
Joel

On 1/13/2020 12:30 PM, Pablo Camarillo (pcamaril) wrote:
> Ron,
> 
> You cannot pre-select or enforce one of the two options you refer to below.
> 
> The ICMP behaviors/considerations for SRv6 NET-PGM are the same as in 
> the SRH.
> 
> It boils down to: when you generate an ICMP Parameter Problem Message 
> you follow the logic described in RFC4443 section 2.2 to choose the 
> source address of the packet.
> 
> RFC4443 offers two options A and B.
> 
> In your implementation you need to develop both options and depending on 
> the type of address you will choose either A or B. It is not possible to 
> create an implementation shortcut and pre-select/enforce only one of them.
> 
> Can you please point me to the text in 
> draft-ietf-spring-srv6-network-programming that suggests that the ICMP 
> considerations are changed with respect to the SRH? I believe there is none.
> 
> Thank you,
> 
> Pablo.
> 
> *From: *Ron Bonica <rbonica@juniper.net>
> *Date: *Friday, 10 January 2020 at 20:09
> *To: *"Pablo Camarillo (pcamaril)" <pcamaril@cisco.com>
> *Cc: *"spring@ietf.org" <spring@ietf.org>
> *Subject: *RE: [spring] SRv6 Network Programming - ICMP Source Address 
> Selection
> 
> Pablo,
> 
> So, in Section 4.1, Line S03, an SRv6 node sends an ICMP Parameter 
> Problem Message. What is the source address in that message?
> 
> Is it the destination address of the offending packet (i.e., A SID)? Or 
> is in the address of an interface on the SRv6 node?
> 
>                                                                                           Ron
> 
> Juniper Business Use Only
> 
> *From:*Pablo Camarillo (pcamaril) <pcamaril@cisco.com>
> *Sent:* Friday, January 10, 2020 11:54 AM
> *To:* Ron Bonica <rbonica@juniper.net>
> *Cc:* spring@ietf.org
> *Subject:* Re: [spring] SRv6 Network Programming - ICMP Source Address 
> Selection
> 
> Ron,
> 
> There is no behavior in draft-ietf-spring-srv6-network-programming that 
> proposes to encode a SID in the source address of the IPv6 header.
> 
> If in the future someone would propose to do such thing in another I-D; 
> it is up to those authors to justify why they would want to do this, and 
> how to ensure that the processing does not break any other protocol. But 
> as said, this is not in the scope of 
> draft-ietf-spring-srv6-network-programming.
> 
> Regarding the ICMP messages:
> 
> SRH follows RFC4443 Section 2.2 with respect to how to select the ICMP 
> Source Address.
> 
> SRv6 Network Programming does not change this (it simply follows the 
> SRv6 rules defined by the SRH).
> 
> In your email you refer to a possibility of future protocols breaking 
> this. I don’t think that we can guess what future protocols will do, and 
> it is up to those future protocols to ensure compatibility with the 
> existing standards.
> 
> Thanks,
> 
> Pablo.
> 
> *From: *Ron Bonica <rbonica@juniper.net <mailto:rbonica@juniper.net>>
> *Date: *Tuesday, 7 January 2020 at 19:07
> *To: *"Pablo Camarillo (pcamaril)" <pcamaril@cisco.com 
> <mailto:pcamaril@cisco.com>>
> *Cc: *SPRING WG <spring@ietf.org <mailto:spring@ietf.org>>
> *Subject: *RE: [spring] SRv6 Network Programming - ICMP Source Address 
> Selection
> 
> Pablo,
> 
> Let me try to ask the question another way:
> 
> 1)Is it generally acceptable for a SID to appear in the source address 
> field of an IPv6 header?
> 
> 2)Can an exception be made for ICMP messages?
> 
> I think that the answer to the first question is “no”, because doing so 
> would break ICMP. Think about what would happen if:
> 
> -Node S sends a packet to Node D with a SID S as its source address.
> 
> -Node Q is an intermediate node on the path from Node S to Node D. For 
> some reason, Node Q cannot forward the packet.
> 
> -Node Q sends an ICMP message to Node S. The ICMP destination address is 
> SID S.
> 
> -The ICMP message arrives at Node A
> 
> -Node A discards the ICMP message, because the payload is ICMP
> 
> It might be OK to make an exception for ICMP messages. This is because 
> RFC 4443 forbids sending an ICMP message in response to another ICMP 
> message. However, I am not entirely sure that this is a good idea. One 
> day in the future, some protocol other than ICMP may try send a response 
> to the source address of the ICMP message.
> 
>                                                                                       Ron
> 
> Juniper Business Use Only
> 
> *From:*Pablo Camarillo (pcamaril) <pcamaril@cisco.com 
> <mailto:pcamaril@cisco.com>>
> *Sent:* Tuesday, January 7, 2020 4:18 AM
> *To:* Ron Bonica <rbonica@juniper.net <mailto:rbonica@juniper.net>>
> *Cc:* SPRING WG <spring@ietf.org <mailto:spring@ietf.org>>
> *Subject:* Re: [spring] SRv6 Network Programming - ICMP Source Address 
> Selection
> 
> Ron,
> 
> It’s good to see agreement on the fact that SRH follows RFC4443 Section 
> 2.2 with respect to how the ICMP Source Address is selected.
> 
> Can you please point me to the text in 
> draft-ietf-spring-srv6-network-programming that changes the behavior 
> below from RFC4443 Section 2.2? I believe there is no such text.
> 
> Thanks,
> 
> Pablo.
> 
> *From: *Ron Bonica <rbonica@juniper.net <mailto:rbonica@juniper.net>>
> *Date: *Saturday, 21 December 2019 at 20:59
> *To: *"Pablo Camarillo (pcamaril)" <pcamaril@cisco.com 
> <mailto:pcamaril@cisco.com>>
> *Cc: *"spring@ietf.org <mailto:spring@ietf.org>" <spring@ietf.org 
> <mailto:spring@ietf.org>>
> *Subject: *RE: [spring] SRv6 Network Programming - ICMP Source Address 
> Selection
> 
> Pablo,
> 
> Section 2.2 of RFC 4443 offers the following options:
> 
> “   (a) If the message is a response to a message sent to one of the
> 
>         node's unicast addresses, the Source Address of the reply MUST be
> 
>         that same address.
> 
>     (b) If the message is a response to a message sent to any other
> 
>         address, such as
> 
>         - a multicast group address,
> 
>         - an anycast address implemented by the node, or
> 
>         - a unicast address that does not belong to the node
> 
>        the Source Address of the ICMPv6 packet MUST be a unicast address
> 
>        belonging to the node. “
> 
> So, the question boils down to whether you consider a SID to be one of 
> the node’s unicast addresses. If so, the answer is a). If not, the 
> answer is b).
> 
> So, which is it?
> 
>                                                      Happy Holidays,
> 
>                                                           Ron
> 
> Juniper Business Use Only
> 
> *From:*Pablo Camarillo (pcamaril) <pcamaril@cisco.com 
> <mailto:pcamaril@cisco.com>>
> *Sent:* Friday, December 20, 2019 12:30 PM
> *To:* Ron Bonica <rbonica@juniper.net <mailto:rbonica@juniper.net>>
> *Cc:* spring@ietf.org <mailto:spring@ietf.org>
> *Subject:* Re: [spring] SRv6 Network Programming - ICMP Source Address 
> Selection
> 
> Ron,
> 
> I guess that draft-ietf-6man-segment-routing-header does not contain any 
> explicit text about it because it is not needed.
> 
> Instead draft-ietf-6man-segment-routing-header contains a reference to 
> RFC4443 that details in section 2.2 how to select it.
> 
> There is no text in draft-ietf-spring-srv6-network-programming that 
> changes such behavior.
> 
> Happy Holidays,
> 
> Pablo.
> 
> *From: *spring <spring-bounces@ietf.org 
> <mailto:spring-bounces@ietf.org>> on behalf of Ron Bonica 
> <rbonica=40juniper.net@dmarc.ietf.org 
> <mailto:rbonica=40juniper.net@dmarc.ietf.org>>
> *Date: *Thursday, 19 December 2019 at 14:59
> *To: *"Pablo Camarillo (pcamaril)" <pcamaril@cisco.com 
> <mailto:pcamaril@cisco.com>>, "spring@ietf.org <mailto:spring@ietf.org>" 
> <spring@ietf.org <mailto:spring@ietf.org>>
> *Subject: *Re: [spring] SRv6 Network Programming - ICMP Source Address 
> Selection
> 
> Pablo,
> 
> Can you provide a specific reference into 
> draft-ietf-6man-segment-routing-header? I can’t find the answer to my 
> question in there.
> 
>                                                                                           Ron
> 
> Juniper Business Use Only
> 
> *From:*Pablo Camarillo (pcamaril) <pcamaril@cisco.com 
> <mailto:pcamaril@cisco.com>>
> *Sent:* Thursday, December 19, 2019 6:47 AM
> *To:* Ron Bonica <rbonica@juniper.net <mailto:rbonica@juniper.net>>; 
> spring@ietf.org <mailto:spring@ietf.org>
> *Subject:* Re: SRv6 Network Programming - ICMP Source Address Selection
> 
> Ron,
> 
> This is exactly the same as in the SRH.
> 
> There is no text in draft-ietf-spring-srv6-network-programming that 
> changes this.
> 
> Cheers,
> 
> Pablo.
> 
> *From: *Ron Bonica <rbonica@juniper.net <mailto:rbonica@juniper.net>>
> *Date: *Monday, 9 December 2019 at 23:48
> *To: *"Pablo Camarillo (pcamaril)" <pcamaril@cisco.com 
> <mailto:pcamaril@cisco.com>>, SPRING WG <spring@ietf.org 
> <mailto:spring@ietf.org>>, 6man <6man@ietf.org <mailto:6man@ietf.org>>
> *Subject: *RE: SRv6 Network Programming - ICMP Source Address Selection
> 
> Pablo,
> 
> Section 2.2 of RFC 4443 offers two options. If you think that a SID is a 
> unicast address, the first option is applicable. If you think that a SID 
> is not a unicast address, the second option is applicable.
> 
> Which did you choose?
> 
>                                                                           Ron
> 
> Juniper Business Use Only
> 
> *From:*Pablo Camarillo (pcamaril) <pcamaril@cisco.com 
> <mailto:pcamaril@cisco.com>>
> *Sent:* Monday, December 9, 2019 10:18 AM
> *To:* Ron Bonica <rbonica@juniper.net <mailto:rbonica@juniper.net>>; 
> SPRING WG <spring@ietf.org <mailto:spring@ietf.org>>; 6man 
> <6man@ietf.org <mailto:6man@ietf.org>>
> *Subject:* Re: SRv6 Network Programming - ICMP Source Address Selection
> 
> Ron,
> 
> As you pointed out in your email, RFC4443 Section 2.2 is very clear 
> about how to select the source address.
> 
> draft-ietf-spring-srv6-network-programming does not change this.
> 
> Thanks,
> 
> Pablo.
> 
> *From: *ipv6 <ipv6-bounces@ietf.org <mailto:ipv6-bounces@ietf.org>> on 
> behalf of Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org 
> <mailto:rbonica=40juniper.net@dmarc.ietf.org>>
> *Date: *Friday, 6 December 2019 at 17:40
> *To: *SPRING WG <spring@ietf.org <mailto:spring@ietf.org>>, 6man 
> <6man@ietf.org <mailto:6man@ietf.org>>
> *Subject: *SRv6 Network Programming - ICMP Source Address Selection
> 
> Authors,
> 
> When an SRv6 node sends an ICMP message, how does it select the ICMP 
> message’s source address?
> 
> Section 2.2 of RFC 4443 offers two options. If you think that a SID is a 
> unicast address, the first option is applicable. If you think that a SID 
> is not a unicast address, the second option is applicable.
> 
>                                                                       Ron
> 
> Juniper Business Use Only
> 
> Please excuse any typos, sent from my 'smart'phone.
> 
> Please excuse any typos, sent from my 'smart'phone.
> 
> Please excuse any typos, sent from my 'smart'phone.
> 
> 
> _______________________________________________
> spring mailing list
> spring@ietf.org
> https://www.ietf.org/mailman/listinfo/spring
>