IETF Logo Mail Archive

Re: [spring] SR-MPLS over IPv6?

"Chengli (Cheng Li)" <chengli13@huawei.com> Tue, 24 September 2019 02:14 UTC

Return-Path: <chengli13@huawei.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A6A01200D8 for <spring@ietfa.amsl.com>; Mon, 23 Sep 2019 19:14:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.099
X-Spam-Level:
X-Spam-Status: No, score=-4.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IemIF6YkCoyh for <spring@ietfa.amsl.com>; Mon, 23 Sep 2019 19:14:06 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5322120086 for <spring@ietf.org>; Mon, 23 Sep 2019 19:14:05 -0700 (PDT)
Received: from lhreml708-cah.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id 43529BAAFCF154A33AA3; Tue, 24 Sep 2019 03:14:04 +0100 (IST)
Received: from lhreml723-chm.china.huawei.com (10.201.108.74) by lhreml708-cah.china.huawei.com (10.201.108.49) with Microsoft SMTP Server (TLS) id 14.3.408.0; Tue, 24 Sep 2019 03:14:03 +0100
Received: from lhreml723-chm.china.huawei.com (10.201.108.74) by lhreml723-chm.china.huawei.com (10.201.108.74) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Tue, 24 Sep 2019 03:14:03 +0100
Received: from DGGEML403-HUB.china.huawei.com (10.3.17.33) by lhreml723-chm.china.huawei.com (10.201.108.74) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.1.1713.5 via Frontend Transport; Tue, 24 Sep 2019 03:14:03 +0100
Received: from DGGEML529-MBX.china.huawei.com ([169.254.6.245]) by DGGEML403-HUB.china.huawei.com ([fe80::74d9:c659:fbec:21fa%31]) with mapi id 14.03.0439.000; Tue, 24 Sep 2019 10:13:53 +0800
From: "Chengli (Cheng Li)" <chengli13@huawei.com>
To: Ron Bonica <rbonica@juniper.net>, Jeff Tantsura <jefftant.ietf@gmail.com>
CC: SING Team <s.i.n.g.team.0810@gmail.com>, "EXT - daniel.bernier@bell.ca" <daniel.bernier@bell.ca>, SPRING WG List <spring@ietf.org>
Thread-Topic: [spring] SR-MPLS over IPv6?
Thread-Index: AdVyfXpR2Zy+FnKjRXStpDyUGRI2Gw==
Date: Tue, 24 Sep 2019 02:13:53 +0000
Message-ID: <C7C2E1C43D652C4E9E49FE7517C236CB02700FC1@dggeml529-mbx.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.130.185.75]
Content-Type: multipart/alternative; boundary="_000_C7C2E1C43D652C4E9E49FE7517C236CB02700FC1dggeml529mbxchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/26855I76rVmxtfe3b-04WFewIK4>
Subject: Re: [spring] SR-MPLS over IPv6?
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2019 02:14:10 -0000

Oh, I misunderstood the BSID in CRH in last email, sorry for that.

Yes, the SID is not an IPv6 address in CRH, but a 16/32 bit value like MPLS label.

Therefore, IMHO, it may not comply with RFC8402: https://tools.ietf.org/html/rfc8402#section-3.1.3

If possible, I suggest to change the name of SRv6+, since it is not SRv6 based. Something like SR-MPLS over IPv6 maybe better?

Thanks,
Cheng


From: Ron Bonica [mailto:rbonica@juniper.net]
Sent: Monday, September 23, 2019 10:45 PM
To: Chengli (Cheng Li) <chengli13@huawei.com>; Jeff Tantsura <jefftant.ietf@gmail.com>
Cc: SING Team <s.i.n.g.team.0810@gmail.com>; EXT - daniel.bernier@bell.ca <daniel.bernier@bell.ca>; SPRING WG List <spring@ietf.org>
Subject: RE: [spring] A note on CRH and on going testing

Cheng,

In SRv6+, it would be very difficult to pollute the architecture because:
-          A SID is either 16-or 32-bits long
-          An IPv6 address is 128-bits long
-          Therefore, it is impossible to copy a SID to an IPv6 address or an IPv6 address to a SID
The binding SID will be a 16-or 32-bit topological instruction, found in the CRH. Like all topological instructions, it will identify an SFIB entry.

There will be a new SFIB entry type that will contain the following information:
-          An IPv6 Destination Address (to be used in the outer IPv6 header)
-          A list of SIDs (to be used in the CRH
                                                                 Ron





Juniper Business Use Only
From: Chengli (Cheng Li) <chengli13@huawei.com<mailto:chengli13@huawei.com>>
Sent: Sunday, September 22, 2019 12:01 AM
To: Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>; Jeff Tantsura <jefftant.ietf@gmail.com<mailto:jefftant.ietf@gmail.com>>
Cc: SING Team <s.i.n.g.team.0810@gmail.com<mailto:s.i.n.g.team.0810@gmail.com>>; EXT - daniel.bernier@bell.ca<mailto:daniel.bernier@bell.ca> <daniel.bernier@bell.ca<mailto:daniel.bernier@bell.ca>>; SPRING WG List <spring@ietf.org<mailto:spring@ietf.org>>
Subject: RE: [spring] A note on CRH and on going testing

Hi Ron,

Good to hear that. Looking forward to seeing it in the next revision.

But I am curious that is a bind SID in CRH an interface IPv6 address only without any other semantics? Just like the other SIDs you mentioned in CRH.

If not, this binding SID should not be introduced in to CRH since it pollutes the architecture.

If yes, what’s the standard for an Interface IPv6 address?

Thanks for confirming that BSID is needed in CRH. I totally agree with you.

Best regards,
Cheng

________________________________
李呈 Cheng Li
Email: chengli13@huawei.com<mailto:chengli13@huawei.com>
From: Ron Bonica<rbonica@juniper.net<mailto:rbonica@juniper.net>>
To: Jeff Tantsura<jefftant.ietf@gmail.com<mailto:jefftant.ietf@gmail.com>>;Chengli (Cheng Li)<chengli13@huawei.com<mailto:chengli13@huawei.com>>
Cc: SING Team<s.i.n.g.team.0810@gmail.com<mailto:s.i.n.g.team.0810@gmail.com>>;EXT - daniel.bernier<daniel.bernier@bell.ca<mailto:daniel.bernier@bell.ca>>;SPRING WG List<spring@ietf.org<mailto:spring@ietf.org>>
Subject: RE: [spring] A note on CRH and on going testing
Time: 2019-09-22 04:37:17

Jeff,

After an off-line conversation with the SRv6+ implementors, we decided that it would be trivial to add a binding SID to SRv6+. So, we will do that in the next version of the draft.

In keeping with RFC 8200, it will prepend only. Since the CRH is short, insertion is not needed.

                                                                                                       Ron




Juniper Business Use Only
From: Jeff Tantsura <jefftant.ietf@gmail.com<mailto:jefftant.ietf@gmail.com>>
Sent: Saturday, September 21, 2019 4:32 PM
To: Chengli (Cheng Li) <chengli13@huawei.com<mailto:chengli13@huawei.com>>; Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>
Cc: SING Team <s.i.n.g.team.0810@gmail.com<mailto:s.i.n.g.team.0810@gmail.com>>; EXT - daniel.bernier@bell.ca<mailto:daniel.bernier@bell.ca> <daniel.bernier@bell.ca<mailto:daniel.bernier@bell.ca>>; SPRING WG List <spring@ietf.org<mailto:spring@ietf.org>>
Subject: RE: [spring] A note on CRH and on going testing

Hi Ron,

Thanks for your comments, exactly, BSID MPLS label = CRH value :)

Cheers,
Jeff
On Sep 20, 2019, 11:09 AM -0700, Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>, wrote:
Hi Jeff,

It would be easy enough to add a binding SID to SRv6+. Given customer demand, I would not be averse to adding one.

However, there is another way to get exactly the same behavior on the forwarding plane without adding a new SID type.

Assume that on Node N, we have the following SFIB entry:


  *   SID: 123
  *   IPv6 address: 2001:db8::1
  *   SID type: prefix SID

Now assume that was also have the following route on Node N:

2001:db8::1 -> SRv6+ tunnel with specified destination address and CRH

This gives you the same forwarding behavior as a binding SID.

                                                           Ron




Juniper Business Use Only
From: spring <spring-bounces@ietf.org<mailto:spring-bounces@ietf.org>> On Behalf Of Jeff Tantsura
Sent: Thursday, September 19, 2019 10:53 PM
To: Chengli (Cheng Li) <chengli13@huawei.com<mailto:chengli13@huawei.com>>
Cc: SING Team <s.i.n.g.team.0810@gmail.com<mailto:s.i.n.g.team.0810@gmail.com>>; EXT - daniel.bernier@bell.ca<mailto:daniel.bernier@bell.ca> <daniel.bernier@bell.ca<mailto:daniel.bernier@bell.ca>>; SPRING WG List <spring@ietf.org<mailto:spring@ietf.org>>
Subject: Re: [spring] A note on CRH and on going testing

There’s number of solutions on the market that extensively use BSID for multi-domain as well as multi-layer signaling.

Regards,
Jeff

On Sep 19, 2019, at 19:49, Chengli (Cheng Li) <chengli13@huawei.com<mailto:chengli13@huawei.com>> wrote:
+1.

As I mentioned before, Binding SID is not only for shortening SID list.
We should see the important part of binding SID in inter-domain routing,  since it hides the details of intra-domain. Security and Privacy are always important.

Since the EH insertion related text will be removed from SRv6 NP draft, I don’t think anyone will still say we don’t need binding SID.
Let’s be honest, Encap mode Binding SID is very useful in inter-domain routing. It is not secure to share internal info outside a trusted network domain.

Cheng


From: spring [mailto:spring-bounces@ietf.org] On Behalf Of Bernier, Daniel
Sent: Thursday, September 19, 2019 11:36 PM
To: SING Team <s.i.n.g.team.0810@gmail.com<mailto:s.i.n.g.team.0810@gmail.com>>
Cc: 'SPRING WG List' <spring@ietf.org<mailto:spring@ietf.org>>
Subject: Re: [spring] A note on CRH and on going testing

+1

This is what we did on our multi-cloud trials.

Encap with Binding SID to avoid inter-domain mapping + I don’t need to have some sort of inter-domain alignment of PSSIs

Dan

On 2019-09-19, 11:18 AM, "spring on behalf of SING Team" <spring-bounces@ietf.org<mailto:spring-bounces@ietf.org> on behalf of s.i.n.g.team.0810@gmail.com<mailto:s.i.n.g.team.0810@gmail.com>> wrote:

Hi Andrew,

Good to hear that reality experiment :)

But is it secure to share internal SID-IP mappings outside a trusted network domain?

Or is there an analogue like Binding SID of SRv6, in SRv6+?

Btw, PSSI and PPSI can not do that now, right?

Best regards,
Moonlight Thoughts


(mail failure, try to cc to spring again.)

On 09/19/2019 17:49, Andrew Alston<mailto:Andrew.Alston@liquidtelecom.com> wrote:
Hi Guys,

I thought this may be of interest in light of discussions around deployments and running code - because one of the things we've been testing is inter-domain traffic steering with CRH on both our DPDK implementation and another implementation.

So - the setup we used last night:

6 systems in a lab - one of which linked to the open internet.  Call these S1 -> S6
3 systems in a lab on the other side of the world - no peering between the networks in question.  Call these R1 -> R3

We applied a SID list on S1, that steered S1 -> S2 -> S3 -> S6 -> R1 -> R3, with the relevant mappings from the CRH SID's to the underlying addressing (S2 had a mapping for the SID for S3, S3 had a mapping for the SID corresponding to S6, S6 had a mapping for the SID corresponding to R1 etc)

Then we sent some packets - and the test was entirely successful.

What this effectively means is that if two providers agree to share the SID mappings - it is possible to steer across one network, out over an open path, and across a remote network.  Obviously this relies on the fact that EH's aren't being dropped by intermediate providers, but this isn't something we're seeing.

Combine this with the BGP signaling draft - and the SID's can then be signaled between the providers - work still going on with regards to this for testing purposes.  Just as a note - there would be no requirement to share the full SID mapping or topologies when doing this with BGP - the requirement would be only to share the relevant SID's necessary for the steering.

I can say from our side - with various other providers - this is something that we see *immense* use case for - for a whole host of reasons.

Thanks

Andrew


_______________________________________________
spring mailing list
spring@ietf..org<mailto:spring@ietf.org>
https://www.ietf.org/mailman/listinfo/Spring<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/Spring__;!8WoA6RjC81c!U4_s7somKP_KyQ3viBMIcXpk_pTMYlY11nTHMB2b-JTdTLKi9mnrF1wu_DoXwIdf$>
_______________________________________________
spring mailing list
spring@ietf.org<mailto:spring@ietf.org>
https://www.ietf.org/mailman/listinfo/spring<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spring__;!8WoA6RjC81c!U4_s7somKP_KyQ3viBMIcXpk_pTMYlY11nTHMB2b-JTdTLKi9mnrF1wu_Ll7ej5P$>

v2.23.0 | Report a Bug | By Email