Re: [spring] WGLC - draft-ietf-spring-srv6-network-programming

"Pablo Camarillo (pcamaril)" <pcamaril@cisco.com> Tue, 07 January 2020 09:30 UTC

Return-Path: <pcamaril@cisco.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79FE31208E9 for <spring@ietfa.amsl.com>; Tue, 7 Jan 2020 01:30:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=MePg+emu; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=kjnrKslF
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UmPVcs5Vnv8r for <spring@ietfa.amsl.com>; Tue, 7 Jan 2020 01:30:03 -0800 (PST)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B09412006F for <spring@ietf.org>; Tue, 7 Jan 2020 01:30:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11446; q=dns/txt; s=iport; t=1578389403; x=1579599003; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=uwrJNor2RvQ2hhPL/Y5O1qcZY8qdkOofyMeV4XyiLFM=; b=MePg+emui169TdW+RXSdSzc378xKuWX/xNWaZwuCaIfUzSpw0k8GXKOS G7Ch+teQYSwq80Ax59XsDzVGtdKg/KnrwyxNGIN5XWhggH39t8WXLLoqU 1wUZlG7+iI/2Isk2oMe+D25z7N2AWMn1ojQIeOztOkYui1RKCY7PgCWMQ k=;
IronPort-PHdr: =?us-ascii?q?9a23=3AUieB8RInyDOZ+ymyedmcpTVXNCE6p7X5OBIU4Z?= =?us-ascii?q?M7irVIN76u5InmIFeBvKd2lFGcW4Ld5roEkOfQv636EU04qZea+DFnEtRXUg?= =?us-ascii?q?Mdz8AfngguGsmAXFXwJfvjdS0+NM9DT1RiuXq8NBsdFQ=3D=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BNAgBkTxRe/5xdJa1mGwEBAQEBAQE?= =?us-ascii?q?FAQEBEQEBAwMBAQGBfIFUUAWBRCAECyoKg3+DRgOLAoI6JZgNglIDVAkBAQE?= =?us-ascii?q?MAQEtAgEBhEACF4FSJDgTAgMNAQEEAQEBAgEFBG2FNwyFXgEBAQECARIREQw?= =?us-ascii?q?BATcBCwQCAQgRAwECAwImAgICMBQBCAgCBA4FIoMAgkcDDiABoV4CgTiIYXW?= =?us-ascii?q?BMoJ+AQEFgkqCNxiCDAmBDiiMGRqBQT+BEScMFIFOfj6EGAsmgxAygiyNRIJ?= =?us-ascii?q?9iBmWSQqCNpYcG4JHh32LWYRChEGLWpQBhRgCBAIEBQIOAQEFgWkigVhwFTs?= =?us-ascii?q?qAYJBUBgNikmCSQkDF4NQilN0gSiLAQEGIYELATBfAQE?=
X-IronPort-AV: E=Sophos;i="5.69,405,1571702400"; d="scan'208";a="410313134"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 07 Jan 2020 09:29:54 +0000
Received: from XCH-ALN-005.cisco.com (xch-aln-005.cisco.com [173.36.7.15]) by rcdn-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id 0079TrMC007941 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 7 Jan 2020 09:29:54 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-ALN-005.cisco.com (173.36.7.15) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 7 Jan 2020 03:29:53 -0600
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 7 Jan 2020 03:29:52 -0600
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 7 Jan 2020 03:29:52 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LeCt8cUg8a6Tn/qaPFtNFCcLbN+9bvOOD+zu4+q7ROS70SbmmUd/2lpLEyqw0qW+Ko6P31GEFWVHGlTcg3Qg3rFQ3IWA8vV/l5iv6iclbHgLWlO0+JDrqh2CIUvlBQII3yJ/2ki0UMzxNTcVgtMw8FsVd74EbtAdT1SRphy/NY+FlO2q17AByJDePhFx5RtdKz7V2PM+aTVT6NKTBcH1pAvdxANsiEn7ZQu17x6ATQtfWeoAMy0WnZPjji7zFFstHcQmwdj8RdU+ZRWq7r5iKKGdbWYWoJ9E6QM2crE4Tc6Yd3fO3DB6fBXYnSsyxJQNycAQFNOgQ/y0nKnvxwCkmA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uwrJNor2RvQ2hhPL/Y5O1qcZY8qdkOofyMeV4XyiLFM=; b=TkG0pmKDwfRu4xz5MsXCizazEAbV+Ya2f1uSLl71+VQ6JHhVg2To1pEXhrc3v+DKksI0h+nB9EkPbuJGDANhb+OP+v1c1HUFV+NdU2pySx/9pElrL//NNWFTDIHCbQlXTc8T2YSLsUE9gQ/JIFdOGmRyFF2b+Srr0L0tCbK/ru0eomq+1Hp9/wDrLBL4jvZ2oZ1Sxk4YWt4Lym4DQ11b1GXEi/U3IfII/WA9Veql5ExcQKWmEVa8hbAXEDl75yiZrc4H1VeqprHrrsnva2PS04BeJzRXn7YXo92ENugm+381xrCEPrtLZizP5MK3f6pVB1URts5vHzoRSfy3+PaWeQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uwrJNor2RvQ2hhPL/Y5O1qcZY8qdkOofyMeV4XyiLFM=; b=kjnrKslF7qxNs7/3nEAcbJU63tZsHR5tANN2HyR9O8xfdv17kWn+bFG8pMW+iMFw/neIUky4rwZ0oQZAraTkgwXCWf1bQ6eBYjhV7wdII1D4eo2DArNTL+wbmIqc7hVc5b1IWixeC0K1e8ehxuoqwXawuytfO7n/2IW7LLsCAjQ=
Received: from MWHPR11MB1374.namprd11.prod.outlook.com (10.169.234.8) by MWHPR11MB1838.namprd11.prod.outlook.com (10.175.52.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2602.12; Tue, 7 Jan 2020 09:29:51 +0000
Received: from MWHPR11MB1374.namprd11.prod.outlook.com ([fe80::b04b:c9bb:2378:7a8d]) by MWHPR11MB1374.namprd11.prod.outlook.com ([fe80::b04b:c9bb:2378:7a8d%11]) with mapi id 15.20.2602.016; Tue, 7 Jan 2020 09:29:51 +0000
From: "Pablo Camarillo (pcamaril)" <pcamaril@cisco.com>
To: Adrian Farrel <adrian@olddog.co.uk>
CC: SPRING WG <spring@ietf.org>
Thread-Topic: WGLC - draft-ietf-spring-srv6-network-programming
Thread-Index: AdWrjZKMyJw/FcG0Qj29O28HuDn7+wAwBAwAARTcLgD//51VAIAL+KeAgAz/hICAEK+HgA==
Date: Tue, 7 Jan 2020 09:16:57 +0000
Message-ID: <DC67155A-E9A3-4795-9393-1560911ECCC7@cisco.com>
References: <17421_1575566127_5DE93B2F_17421_93_1_53C29892C857584299CBF5D05346208A48D1A3DA@OPEXCAUBM43.corporate.adroot.infra.ftgroup> <035701d5ac4d$a3ea7ad0$ebbf7070$@olddog.co.uk> <0CB8E109-95E3-4A75-BCEF-1186817F68CE@cisco.com> <062c01d5b06f$bf4b76f0$3de264d0$@olddog.co.uk> <E46E18A8-BAD4-4B62-A1DC-4F315BE79E60@cisco.com> <000f01d5bceb$e56dc350$b04949f0$@olddog.co.uk>
In-Reply-To: <000f01d5bceb$e56dc350$b04949f0$@olddog.co.uk>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.20.0.191208
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pcamaril@cisco.com;
x-originating-ip: [173.38.220.45]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6e210214-b61e-4d0b-6e92-08d7935425d6
x-ms-traffictypediagnostic: MWHPR11MB1838:
x-microsoft-antispam-prvs: <MWHPR11MB183805815D615612ED9F0A31C93F0@MWHPR11MB1838.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 027578BB13
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(346002)(366004)(396003)(136003)(39860400002)(51914003)(13464003)(199004)(189003)(36756003)(316002)(2616005)(5660300002)(86362001)(6486002)(6916009)(4326008)(478600001)(2906002)(76116006)(6506007)(6512007)(81166006)(26005)(8676002)(91956017)(186003)(8936002)(81156014)(71200400001)(66946007)(66476007)(66446008)(66556008)(64756008)(33656002)(71600200004)(574754004); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR11MB1838; H:MWHPR11MB1374.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: rYcJY5uZTdPJ4O81IlVi2XTHg66wYdO09ikeyOL9eMWQMriSL5A+L23IQ+/VoEVI+kOueczQthOJ2cE+CkjWSCfehd2l0jHigO6tRwsuUx0kG34ekFHUmm850PQjMWNmk2yxXAg1mMvz1JT1htX9NkGaM0nn/+MsZ0FLOEHYzT7SAlkrnVcxdywFlQqo9rNbJWrlTLd/alDPHGll5gVuQSGHkpHIrRsSPhKJr5cL29/zMmTVmFce13aF/i3uxZc9ZbuSABtEiy6pM1gP8im6u+nO4C9ZG9NRwSgooM/Vf3bwNmotfI281o6J5rh/YqyVuSPsXqxi5zT89E5k/lrm8dm91jqLb0yx7yzM+k6nLjtRtwQd+m3eoqZ2BGHrjTG1lzZ54gqMpUBnfCcl7SW7I0oYX7zOBl/M4P6ORTzl3KikKl6Eub35m/Hb6bJeySD0YuFC64ptYUYVW3g1e2r+Atpft8BCLAq0IDPleoThqweEgtLsy1HkyV2srYzpuiqqPUa66/yAY/kQbDTpAMeQ9Y4dF09koShq0gedN/eM6ZCgwEZZy8zwcFZw/Nv+lN8Sdu4Mrb+lMy+sRaNQYoYCjw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <B5F81A7AAF81DE429657928C8574ACE2@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 6e210214-b61e-4d0b-6e92-08d7935425d6
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jan 2020 09:29:51.6321 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: +icUAsWGVYmQsDUFM8aijHptPLRtxkPXwhLP2I5RYVSdxZTGhGIcyrpULElxA3a5QLaJiGRoSGj7SQE0xmQMXg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1838
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.15, xch-aln-005.cisco.com
X-Outbound-Node: rcdn-core-5.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/1Q0ZzmkxINJRmk6ri7RkYP2Vn5w>
Subject: Re: [spring] WGLC - draft-ietf-spring-srv6-network-programming
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jan 2020 09:30:11 -0000

Hi Adrian,

Happy New Year.
Please see inline.

Many thanks for your comments,
Pablo.

-----Original Message-----
From: Adrian Farrel <adrian@olddog.co.uk>
Organisation: Old Dog Consulting
Reply to: "adrian@olddog.co.uk" <adrian@olddog.co.uk>
Date: Friday, 27 December 2019 at 20:29
To: "Pablo Camarillo (pcamaril)" <pcamaril@cisco.com>
Cc: "spring@ietf.org" <spring@ietf.org>
Subject: RE: WGLC - draft-ietf-spring-srv6-network-programming

    Thanks Pablo and Happy Imminent New Year.
    
    > I have reviewed your suggested changes and incorporated them
    > in the latest revision of the document. 
    
    Great. I will try to pull that and review it soon.
    
    > Please see below inline for more detail.
    
    [snipped]
         
        >> 4.1
        >>
        >> I was surprised by...
        >>
        >>  S01. When an SRH is processed {
        >>  S02.   If (Segments Left == 0) {
        >>  S03.      Send an ICMP Parameter Problem message to the Source Address
        >>               Code TBD-SRH (SR Upper-layer Header Error),
        >>               Pointer set to the offset of the upper-layer header,
        >>               interrupt packet processing and discard the packet
        >>  S04.   }
        >>  S05.   If (IPv6 Hop Limit <= 1) {
        >>  S06.      Send an ICMP Time Exceeded message to the Source Address,
        >>               Code 0 (Hop limit exceeded in transit),
        >>               interrupt packet processing and discard the packet
        >>  S07.   }
        >>
        >> Are you sure that Hop Limit processing is left so late? Isn't it one of
        >> the first things done with a packet before even the SRH is discovered to
        >> be present?
        >
        > PC: Is there any difference on the hop limit check if I do it two lines earlier? 
        > I believe that the end result is the same.
         
        It makes a difference which ICMP error is sent. I would argue that you shouldn't be looking at the SRH of a packet when the Hop Limit has expired.
    
    PC: I've checked with the SRH draft and the ICMP check is the last check happening in the pseudocode. I would tend to agree that this should be the last thing done once you have determined that the packet needs to be forwarded. 
    
    AF: So, just to check I understand what you are saying. If a packet arrives with Hop Limit already at zero you would still look inside the SRH?

PC: As per RFC8200, if a packet arrives with Hop Limit equal to zero, you process the packet normally.
Then, when you attempt to forward it, if Hop Limit is zero, then you discard the packet.
This makes a difference when you are the last segment (like End.DX4).
      
        >> 4.1 (and other sections)
        >> 
        >> I spent rather too much time trying to work out
        >> 
        >>  S08.   max_LE = (Hdr Ext Len / 2) - 1
        >>  S09.   If ((Last Entry > max_LE) or (Segments Left > Last Entry+1)) {
        >> 
        >> As far as I can see, for an SRH,
        >> 
        >>   Hdr Ext Len = 7 + (16 * (Last Entry + 1) ) + sum(all TLV lengths)
        >> 
        >> So, while I see that you want to check that Last Entry doesn't point out
        >> beyond the end of the SRH, I don't see how your computation of max_LE 
        >> helps.
        >> 
        >> What have I missed?
        > 
        > PC: How do you propose to check whether Last Entry value exceeds
        > the maximum possible theoretical Last Entry value?
        > The only information you have is the Header Extension Length. Based
        > on this I compute the maximum theoretical Last Entry possible value,
        > and then just compare the values.
        >
        > Maybe I am the one who have missed something. If you have a simpler
        > proposal please let me know.
        
        OK, we agree that the right thing to do is work out the largest possible Last Entry value (max_LE) and compare it to the actual Last Entry value. That is good.
        
        I also agree that all you have in hand is the Header Extension Length (Hdr Ext Len)
        
        I just don't think that you are computing the right value for max_LE using max_LE = (Hdr Ext Len / 2) - 1.
        
        I would agree that max_LE < (Hdr Ext Len / 2) - 1  so that comparing Last Entry with that value provides a check. I just don't think it is a very precise check.
        
        Perhaps my understanding of the actual value of Hdr Ext Len is incorrect, but if I am right, then you could probably get closer to a good number.
       
    PC: Ok. I rechecked it and I believe that we cannot get any better than that.
    [RFC8200]
    Hdr Ext Len         8-bit unsigned integer.  Length of the Routing
                                  header in 8-octet units, not including the
                                  first 8 octets.
    [draft-ietf-6man-segment-routing-header-26]
    o  Last Entry: contains the index (zero based), in the Segment List,
       of the last element of the Segment List.
    
    Let us consider an SRH containing k SIDs and 0 or more TLVs.
    Hdr Ext Len >= k x (16 / 8) = k x 2
    Last Entry = k - 1
    
    Isolating k on one side of each equation:
    k <= Hdr Ext Len / 2
    k = Last Entry + 1
    
    Combining the two equations together:
    Last Entry + 1 <= Hdr Ext Len / 2
    
    Isolating Last Entry on one side of the equation:
    Last Entry <= Hdr Ext Len / 2 - 1
    
    Further note that, if no TLV is present, we have:
    Last Entry = Hdr Ext Len / 2 - 1
    
    PC: If I'm still missing the point let me know!
    
    AF: Very (very) sorry. My bad.
    I entirely missed " Length of the Routing header *in*8-octet*units*, not including the first 8 octets"
    Now I feel stupid.
    
        >> 6.1
        >> 
        >> I agree with this section, but I am concerned that you are updating 
        >> draft-ietf-6man-segment-routing-header by adding normative language to
        >> describe nodes that process the SRH. Does that mean you should use an
        >> "Updates" clause in the document header?
        >>  
        >> After describing CNT-1 and CNt-2 you say...
        >> 
        >>   Furthermore, an SRv6 capable node maintains an aggregate counter
        >>   CNT-3 tracking the IPv6 traffic that was received with a destination
        >>   address matching a local interface address that is not a locally
        >>   instantiated SID and the next-header is SRH with SL>0.
        >> 
        >> That looks like s/maintains/MUST maintain/ unless you have a reference
        >> for the assertion that it does maintain CNT-3.
        >
        > PC: I disagree that this is an update to the SRH. The SRH defines a
        > header and one type of segment processing.
        > Defining a counter is not related to the SRH at all.
         
        Well, perhaps you didn't just say what you meant to say because the text I quoted most clearly says that the counter is counting events related to the SRH.
        
        But to the point: the document says...
           Any SRv6 capable node SHOULD implement the following set of combined
           counters (packets and bytes):
        "Any SRv6 capable node" is clearly in the scope of draft-ietf-6man-segment-routing-header
    
    PC: This document talks of the processing and behaviours of SRv6. And hence the counters are included in this draft.
    
    AF: Last try before I give up on this one (you may be relieved to know).
    Does every device that supports SRv6 have to support this document? I had formed the impression not: that is a simple SRv6 routing node functions fine without this document (even if this document also describes it's behaviour). But, in the quoted text you are adding description of function for all "SRv6 capable nodes" that is not described elsewhere. So either:
    - it is not possible to have an SRv6 capable node prior to this draft
    or
    - you are updating some other document that describes SRv6 capable nodes

PC: I think we can address this by changing "Any SRv6 capable node" by "A node supporting this document ...".
    
    Many thanks for the work,
    Adrian