IETF Logo Mail Archive

Re: [spring] draft-ietf-spring-srv6-srh-compression

Greg Mirsky <gregimirsky@gmail.com> Thu, 08 February 2024 21:30 UTC

Return-Path: <gregimirsky@gmail.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 722A5C1CAF33 for <spring@ietfa.amsl.com>; Thu, 8 Feb 2024 13:30:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mCKBZjB9HLen for <spring@ietfa.amsl.com>; Thu, 8 Feb 2024 13:30:23 -0800 (PST)
Received: from mail-yb1-xb2f.google.com (mail-yb1-xb2f.google.com [IPv6:2607:f8b0:4864:20::b2f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62067C1CAF27 for <spring@ietf.org>; Thu, 8 Feb 2024 13:30:23 -0800 (PST)
Received: by mail-yb1-xb2f.google.com with SMTP id 3f1490d57ef6-dc742fc3b68so328459276.2 for <spring@ietf.org>; Thu, 08 Feb 2024 13:30:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1707427822; x=1708032622; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=4vG9X/J0PP0Cw25h+GjqzH25UJKDm7qBNGMbLKx9pVU=; b=EIdZDLhA+UeJsA8KAha/OewV+4920CEQZXlZTwFub2xEo3VqZfYxIDhMdTfM/mz0hi Tjps+DmYPPpvZaLcwqfdH2Yc0ViI5ImI7F4iw7sWQzbN3fjs2j8ywlm9+vJbOysoTVSB DnfkK/Z1g2vS3sbK87QpqbU+74NYjRk7zb4IBR9lpZt4NPWJtwWCVF4+lJCKlNlhECii 2NvmDWEFxf5bCXPXKb35se2G1rj4N0GgftxnRqYCFp99/F/vd2kCPXeiFdkW5SPZlpta GkSw3ivNc1Yr2IA5wkDJtGSaksMr2kNfNiXv11s3hpmT7e2iJAZtev7IdsyHrs5SQerk s6Dw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707427822; x=1708032622; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=4vG9X/J0PP0Cw25h+GjqzH25UJKDm7qBNGMbLKx9pVU=; b=lR9C+eAqILCoxYuFLgUpkCaeMieUzinfopoa9LjK5NaPMk1Knbaq4vjGyqtihlAfyM CxEF0mn3Kj9oQHMHVHqYb1sSMSNpkVRJ1e+uCh5741GhJOxnL5RjUZQzxow7p5dIXJBU YkMaJ/HKszezW9A6Iqdw3WFh4/vnHmfVHFQ1e9IEw8IFQo2MfuUHI9CmyK7r8Ka3fYpH smj0lDEgRP2PLrnRhaHSq8YEpUcnxA5BrAecCBiE5BS4Sn1Vuwlx3Ul0WljLt1T4FOQ3 DMpgcMThdyeDnCKtlob4I3uyuL5tqxI8S2NH/4j+TTnn+TPy0hREuiwbLapO3PCtspuH ZWOw==
X-Gm-Message-State: AOJu0YypMJ+64kLBwdMyFI3F9x9dbXH8ObdE/hokfP60vrHaUc/vjvEq hBvf1SQiCKShYUWfZ3qQxpgdm0CNK3Pw5bTlaUFz80iKKDEeURndqw4fs7mf+WdNKV2MAge/iuZ jWN4kM6GEEZUvzeYdpxLFqMlfWvQ=
X-Google-Smtp-Source: AGHT+IHRW/GrfxjuNXLLv/+o+q8VOrUVpXZM/jq3uUNTiYn6+ggAEaZr47fiWbfOKKBcC5n8YWWRUClg1UD9l2qEdfo=
X-Received: by 2002:a25:b21c:0:b0:dc6:cd76:5ddf with SMTP id i28-20020a25b21c000000b00dc6cd765ddfmr697888ybj.39.1707427822339; Thu, 08 Feb 2024 13:30:22 -0800 (PST)
MIME-Version: 1.0
References: <DU2PR03MB8021764E2F17F0D527E3FA3CFA472@DU2PR03MB8021.eurprd03.prod.outlook.com> <BL0PR05MB53163A098023244520ADCEEBAE472@BL0PR05MB5316.namprd05.prod.outlook.com> <CAOj+MMEc1R8fZZwgOEF2-mK8S0+PE+zBR3Yz9vwXBh-umQPAjQ@mail.gmail.com> <CAO42Z2z1Y_OH0yCi0yiMnHvwQRBHK+UYHxJJw+X5EfHfJgiGNw@mail.gmail.com> <CAOj+MMGxox-TDsqhdped8=8EhqHJOyyLBBk0HK8ZU5-qrV-zYA@mail.gmail.com> <CAO42Z2zm_XtV6CqiO6idX_-=HnZDCz4grgpQV=FJQ3H6qDsKKQ@mail.gmail.com> <CAOj+MMESaauKhEtY_6uqTt6Bw72j_nTkddsgsZLWVvDpmMRx8Q@mail.gmail.com>
In-Reply-To: <CAOj+MMESaauKhEtY_6uqTt6Bw72j_nTkddsgsZLWVvDpmMRx8Q@mail.gmail.com>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Thu, 08 Feb 2024 13:30:11 -0800
Message-ID: <CA+RyBmUYrPMi7gLZdHTY0fX08iw7b-jp6pTUrXsu-eS7fNZqrQ@mail.gmail.com>
To: Robert Raszuk <robert@raszuk.net>
Cc: Mark Smith <markzzzsmith@gmail.com>, Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, Andrew Alston - IETF <andrew-ietf=40liquid.tech@dmarc.ietf.org>, SPRING WG <spring@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d488c90610e58466"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/3o6Lvbz8olAlpcbSXIfh6b_ZqEg>
Subject: Re: [spring] draft-ietf-spring-srv6-srh-compression
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Feb 2024 21:30:24 -0000

Hi Robert,
could you clarify "can be used"? Is it MAY, SHOULD or MUST?
If we use an active performance measurement protocol, e.g., STAMP, then it
is expected that the path of the reflected STAMP test packet traverses the
same set of nodes and links as the original STAMP test packet. Thus, the
Session-Reflector must use encapsulation that ensures the path
coroutedness for the reflected test packet, e.g., C-SIDs.

Regards,
Greg

On Wed, Feb 7, 2024 at 4:14 AM Robert Raszuk <robert@raszuk.net> wrote:

> Hi,
>
> Actually for OAM responses in vast majority of cases vanilla IPv6 packets
> can be used.
>
> Kind regards,
> R.
>
> On Wed, Feb 7, 2024, 10:58 Mark Smith <markzzzsmith@gmail.com> wrote:
>
>>
>>
>> On Wed, 7 Feb 2024, 20:08 Robert Raszuk, <robert@raszuk.net> wrote:
>>
>>> Hi Mark,
>>>
>>> >  however UDP and ICMPv6 would be for OAM per RFC 9269
>>>
>>> I do agree if we are talking about no SRH containing packets.
>>>
>>
>> I think it would also occur with an SRH if a middlebox is ignoring the
>> SRH EH (e.g. unaware of how to handle it, or ignoring some or all IPv6 EHs)
>> and validating the pseudo-header checksum when the packet's current DA
>> isn't the final one, which of course it may not be if the packet is
>> somewhere where in flight between the origin SA and the final DA.
>>
>> For a middlebox to validate the L4 pseudo header checksum somewhere
>> during flight, it would have to determine the final DA for the calculation
>> by digging it out of the SRH rather than using the packet's current DA.
>>
>> Without an SRH the middlebox would have to process the C-SIDs in the
>> packet's DA field until it could identify the final DA before then
>> performing the L4 pseudo-header calculation and validation.
>>
>> The would be conditional on the SRv6 payload being TCP, UDP or ICMPv6 and
>> the middlebox being SRv6 aware (i.e. understand SRH when present) and SR
>> configured to identify C-SID DAs (SRH'less).
>>
>> So I don't really see how including an SRH in OAM packets solves the
>> problem unless the middlebox is SRv6 aware.
>>
>> And this is precisely why I said "vast majority of packets" not "all
>>> packets"
>>>
>>
>>> Glad that you nailed it on the list.
>>>
>>> Cheers,
>>> R.
>>>
>>> PS. What Ron suggests is too big of a hammer. Instead I see no reason
>>> why OAM packets should not contain SRH and resolve the nit that way.
>>>
>>>
>>>
>>> On Wed, Feb 7, 2024 at 5:44 AM Mark Smith <markzzzsmith@gmail.com>
>>> wrote:
>>>
>>>>
>>>>
>>>> On Tue, 6 Feb 2024, 03:17 Robert Raszuk, <robert@raszuk.net> wrote:
>>>>
>>>>> Hi Ron,
>>>>>
>>>>> Is there a problem ?
>>>>>
>>>>> If I read RFC8200 L4 checksum is computed by the packet *originator
>>>>> and validated by the packet's ultimate receiver. *
>>>>>
>>>>> In all SPRING work to the best of my knowledge the vast majority of
>>>>> packets are only encapsulated by transit nodes.
>>>>>
>>>>
>>>>
>>>> If the payload of the SRv6 packet is another IP packet or layer 2 frame
>>>> e.g. Ethernet, common for L2 and L3 VPNs, then the layer 4 checksum issue
>>>> probably wouldn't occur, because those protocols don't include the IPv6
>>>> pseudo-header fields in their checksum calculations if they even have a
>>>> checksum at all - RFC 2473 IPin IPv6 doesn't, and in GRE it is optional.
>>>>
>>>> However, if SRv6 was used to to directly carry an upper layer transport
>>>> layer protocol PDU like UDP, TCP or ICMPv6, then that's when the
>>>> checksum/middlebox issue arises, because they do include the IPv6
>>>> pseudo-header in their checksum, which would therefore include the SRv6 SA
>>>> and DAs.
>>>>
>>>> Not sure if TCP would be commonly carried directly in an SRv6 packet,
>>>> however UDP and ICMPv6 would be for OAM per RFC 9269.
>>>>
>>>> So your SRv6 L2 or L3 VPN might be able to carry customer traffic
>>>> successfully through a middle box, however you may not be able to SRv6
>>>> traceroute or ping across it successfully, or have ICMPv6 error
>>>> successfully sent between SRv6 nodes.
>>>>
>>>> Regards,
>>>> Mark.
>>>>
>>>>
>>>>> Is there any formal mandate in any of the RFCs that an encapsulating
>>>>> node must mangle the inner packet's L4 checksum ? I don't think so but
>>>>> stand open to get my understanding corrected.
>>>>>
>>>>> Cheers,
>>>>> Robert
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Mon, Feb 5, 2024 at 5:04 PM Ron Bonica <rbonica=
>>>>> 40juniper.net@dmarc.ietf.org> wrote:
>>>>>
>>>>>> Folks,
>>>>>>
>>>>>> Has anyone proposed a solution to the L4 checksum problem that Andrew
>>>>>> talks about?
>>>>>>
>>>>>>                                           Ron
>>>>>>
>>>>>> Juniper Business Use Only
>>>>>> ------------------------------
>>>>>> *From:* spring <spring-bounces@ietf.org> on behalf of Andrew Alston
>>>>>> - IETF <andrew-ietf=40liquid.tech@dmarc.ietf.org>
>>>>>> *Sent:* Monday, February 5, 2024 5:21 AM
>>>>>> *To:* spring@ietf.org <spring@ietf.org>
>>>>>> *Subject:* [spring] draft-ietf-spring-srv6-srh-compression
>>>>>>
>>>>>>
>>>>>> [External Email. Be cautious of content]
>>>>>>
>>>>>> Hi All,
>>>>>>
>>>>>>
>>>>>>
>>>>>> (In capacity as a contributor and wearing no other hats)
>>>>>>
>>>>>>
>>>>>>
>>>>>> At this point I cannot support progression of this document until the
>>>>>> issues around the L4 Checksum have been resolved.  It’s been clearly stated
>>>>>> in other emails on the list that in certain circumstances the behavior
>>>>>> described in this document break the L4 checksum as defined in RFC8200.
>>>>>> This requires an update to RFC8200 to fix it – and I’m not sure that spring
>>>>>> can update 8200 absent the consent of 6man, which I’m not sure has been
>>>>>> asked for, nor am I sure that a spring document can update something like
>>>>>> 8200 in an area so fundamental as the checksum without a -BIS, which would
>>>>>> have to be done via 6man.  The L4 checksum issue though is real – and it
>>>>>> cannot simply be ignored.
>>>>>>
>>>>>>
>>>>>>
>>>>>> I also have deep concerns that the compression document creates
>>>>>> something that (in a similar way to SRv6) creates something that is
>>>>>> completely non-conformant with RFC4291.  There are multiple references to
>>>>>> this in draft-6man-sids, and should draft-6man-sids become an RFC I would
>>>>>> argue that it should probably be a normative reference in this document –
>>>>>> on the logic that this document relies on similar RFC4291 violations that
>>>>>> srv6 itself does (and for the record, just because SRv6 itself violates
>>>>>> RFC4291 as is clearly documented in draft-6man-sids – does not make it
>>>>>> acceptable to do so in yet another draft without clear and unambiguously
>>>>>> stating the deviations and ideally updating RFC4291 to allow for said
>>>>>> deviations)
>>>>>>
>>>>>>
>>>>>>
>>>>>> I believe these two issues alone are sufficient that to pass this
>>>>>> document would create still further tensions about the relationship between
>>>>>> SRv6 and IPv6 and lead to confusion.  As such – I believe these issues need
>>>>>> to be adequately dealt with – and the solutions to them need to be approved
>>>>>> by 6man as the working group that holds responsibility for ipv6 maintenance.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>>
>>>>>>
>>>>>> Andrew Alston
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Internal All Employees
>>>>>> _______________________________________________
>>>>>> spring mailing list
>>>>>> spring@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/spring
>>>>>>
>>>>> _______________________________________________
>>>>> spring mailing list
>>>>> spring@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/spring
>>>>>
>>>> _______________________________________________
> spring mailing list
> spring@ietf.org
> https://www.ietf.org/mailman/listinfo/spring
>

v2.23.0 | Report a Bug | By Email