IETF Logo Mail Archive

Re: [spring] Spring protection - determining applicability

Shraddha Hegde <shraddha@juniper.net> Tue, 04 August 2020 06:40 UTC

Return-Path: <shraddha@juniper.net>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A91E3A0F0C for <spring@ietfa.amsl.com>; Mon, 3 Aug 2020 23:40:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.399
X-Spam-Level:
X-Spam-Status: No, score=0.399 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, PDS_BTC_ID=0.498, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=XC4W9eym; dkim=pass (1024-bit key) header.d=juniper.net header.b=himtYWah
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zuxP0j9Au5nO for <spring@ietfa.amsl.com>; Mon, 3 Aug 2020 23:40:42 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B07693A0F08 for <spring@ietf.org>; Mon, 3 Aug 2020 23:40:42 -0700 (PDT)
Received: from pps.filterd (m0108163.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0746XiNf008469; Mon, 3 Aug 2020 23:40:41 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=sfWn9T5ah/snIbYJhXGcY33qy6exreexEfwdwdbGqKw=; b=XC4W9eymwtUBdHm41ZSuUYa3iayHR91N6eSYX1YIQMfZhBwS9wBH5hqYV6GgZAg+EAiU at/6jRtybZp5Q1C5GOKWuCNeXcjkEHw0dSWM6fI41aUAsQSpb/UExuUmwDa2xriMAfWg F6PhHvTsZ016+mbiISgv5BOH7ua4nziaDP+X1wPM4MvxTY/R+pDRTy9ema5T/FjHGZ+h Qf/qlkUjvHBFWPzEx0Rr2KU9FShLqbAb8ipnXxd3VnVZbCLtymY+jQw0Q6bLvFMnsrpK eR5oafzbV30gDVp3dKvUibEdrK4c34HDuFy/nsl0WClRN43SeovJA7DHVToG9gDnDP1m eg==
Received: from nam11-dm6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2169.outbound.protection.outlook.com [104.47.57.169]) by mx0b-00273201.pphosted.com with ESMTP id 32n6w5bt4r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 03 Aug 2020 23:40:41 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LvTTkfST/U3tnjwrYZjhCdlwHcwU/HVaPdxCFOEanP3H8lcUdO3cQ49qmp3Pagfk/Mj+eiKsbthuHuHEHBLrU30v36ppUvxbshAP24WnlK56zEhCfUGh3af7Cej/icPrTZW3nLkdU2qSzBx2sBCcOGu4ex+po4ob8XFz3Lnb0Ato1HHQTWLRBdpGWtR5uula/d1snJyGllkGzhQok8kniliWIuoGuco9epi6cCB6Usul+BE/6dYzpP6N6IWLkqolSEvLeAnmoCwtgGu/f4yM1eAXCpD6Rzfl13lsRJaPHJ3RMAmE7UdQ/fPBHLge7t/VrKClAkzbeCIUlweQSvYMdQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sfWn9T5ah/snIbYJhXGcY33qy6exreexEfwdwdbGqKw=; b=aSnHtKlngmtldVtMq1wTe8XfjRHNxEeVF7S1QaqcIjDYc2I8+ImQLoR1dYqlmT2dV2R4FbnlFU1siQF1SuZCsQclpbH2OpyacxvHWLWZM2fWM+nq7+9uCMnbfpUvoKtpg0xtq7fzqOrBH5/BxzD0lfN9VkX/xp2Q4/4J21MUozvcRQy7hpc4n03rBOPIWulc/Y09dTjq8KLjesjluxcgDuybHajQ7OmiqAIHvVeiNyzgzVkzHSKQA2lgaxje/rnMWmoHyWl0q2g8pka9c89cHikqm6J8z45o38/ENmERTDMgINU2EZ0zrZs5rqGBlo6OxF8qXf1tByW/xeHVE2zdwg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sfWn9T5ah/snIbYJhXGcY33qy6exreexEfwdwdbGqKw=; b=himtYWah2EMyk4ZxLNED5kw6zR7lvcJqXLPKdd7s9Lm+jqj1hsQjecdr10Q1r9X36exo701mc3bbr2ZRVERwCuPmIJFTbFbpwJpU81L6E9I4ByH5BEivTFnn+pYr5IicTtTtAj/vam9skViIs7UIju4kL5yRquOfPRaTBw67SzI=
Received: from CY4PR05MB3576.namprd05.prod.outlook.com (2603:10b6:910:52::22) by CY4PR05MB3510.namprd05.prod.outlook.com (2603:10b6:910:56::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.12; Tue, 4 Aug 2020 06:40:39 +0000
Received: from CY4PR05MB3576.namprd05.prod.outlook.com ([fe80::9e0:8539:4bfd:ee3e]) by CY4PR05MB3576.namprd05.prod.outlook.com ([fe80::9e0:8539:4bfd:ee3e%7]) with mapi id 15.20.3261.014; Tue, 4 Aug 2020 06:40:39 +0000
From: Shraddha Hegde <shraddha@juniper.net>
To: "EXT-Andrew.Alston@liquidtelecom.com" <Andrew.Alston@liquidtelecom.com>, Robert Raszuk <robert@raszuk.net>
CC: "spring@ietf.org" <spring@ietf.org>, "Joel M. Halpern" <jmh@joelhalpern.com>
Thread-Topic: [spring] Spring protection - determining applicability
Thread-Index: AQHWaSfCmE9nDdjpckqZffxFoYFmAaklun0AgAA0DoCAAMHVAIAABZ+AgAABgICAADUrgIAAC1aAgAAdJoCAAD9EYA==
Date: Tue, 04 Aug 2020 06:40:39 +0000
Message-ID: <CY4PR05MB35769327315CBA84E8912D84D54A0@CY4PR05MB3576.namprd05.prod.outlook.com>
References: <7e29a863-70e9-f0a8-638f-5151348be515@joelhalpern.com> <F73A3CB31E8BE34FA1BBE3C8F0CB2AE297D63B99@dggeml510-mbs.china.huawei.com> <AM0PR03MB4499A048326D9A2E8DA5F46B9D4D0@AM0PR03MB4499.eurprd03.prod.outlook.com> <cce664f5-6f20-36ba-ccea-120266697528@joelhalpern.com> <CAOj+MMHZ5wGAPhAO+yLc+RY9OhRX=LuMQ27QQDJkAjK0YM0HMw@mail.gmail.com> <4229284b-9a73-612b-306d-2818f37dd5b3@joelhalpern.com> <VI1PR03MB50560EA5D95C76F7501608FBEE4D0@VI1PR03MB5056.eurprd03.prod.outlook.com> <CAOj+MMGUYkpT0xx+DAuaF-Gc9YSYrLQbNxHuenb2Xps_S=s_tQ@mail.gmail.com> <VI1PR03MB5056610F42282B6883CED19EEE4A0@VI1PR03MB5056.eurprd03.prod.outlook.com>
In-Reply-To: <VI1PR03MB5056610F42282B6883CED19EEE4A0@VI1PR03MB5056.eurprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2020-08-04T06:40:36Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=0633b888-ae0d-4341-a75f-06e04137d755; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=efc9000a-0c2d-4bf4-8276-2f037b420d11; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=2
dlp-product: dlpe-windows
dlp-version: 11.2.0.14
dlp-reaction: no-action
authentication-results: liquidtelecom.com; dkim=none (message not signed) header.d=none;liquidtelecom.com; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [122.171.69.158]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 89590597-b688-401d-bbb5-08d838414d59
x-ms-traffictypediagnostic: CY4PR05MB3510:
x-ld-processed: bea78b3c-4cdb-4130-854a-1d193232e5f4,ExtAddr
x-microsoft-antispam-prvs: <CY4PR05MB3510AD7EF58ABB107EA4B7A5D54A0@CY4PR05MB3510.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: uzytqkwb4rn5aoX9yGsMnUb1nYbR7h9Z7vclcuoukStiAV35gXS92QpeBHqwSttGGqrgBjhoUnTcPVEOcuJwLymqWenY23maEJ4BddiP6YPU3J1HiXfCiizr3m+I4nzNWwoAz/e5qZe9/6a3MlusQltEYJR5U8vI1aT1OK2aE8vR8RcSiEN3dkc6GMoEpKPOyBNRLxX7pXYTNjABlF1U48YjHIrtiUiyNFhHsxV2wWatMe7WnMACfZiCGzkGEb8lrDd9/3P82PLaJaORu9kOzyJjGFVD5GvQ/kcyk0YWmhZhd1rfIiSLoMkwpADBWQppgZORuqVd5tWTjtcxoNDdegwvYgHGwK8ThYNMA7O9Hc6Vw2fHjjincoIbgDOVKjMdrkwqxgu9anfrp7ghAyon/9C9BVb6V4kCklb/Rgih3PRGvwXiz8s4XMEHoFzdNiTq
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CY4PR05MB3576.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(136003)(366004)(376002)(396003)(346002)(478600001)(76116006)(8936002)(66446008)(66476007)(71200400001)(83380400001)(54906003)(66946007)(8676002)(64756008)(66556008)(316002)(30864003)(55016002)(110136005)(4326008)(86362001)(53546011)(166002)(9686003)(52536014)(7696005)(26005)(6506007)(2906002)(966005)(5660300002)(33656002)(186003)(491001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: pP/is55b7RGaXZgCR1NV5YLGaeV9p/d7eU05SxeLVrbnj2Q7URodae5+t8mRnNXryio1OSbVmALlU6eoz9z72XzQsNvJGIJR8DZQ5N410O9hH9LdsB7W4NoTQhxkc/Jy+ql1Z350rnwz6EbpEZ9GaiWre3wwbWGH01ttusJITU2BGA5McbOEpr3qyKvjtgmzvq+80T5scf5yQwEZU7XHWXrkUVmpnwtL1ZHCTazjq2PsAKfDtuWfZKebzcYPE8O9eulpnHKdQTMP3F64VIMb+JRGujq7YjXDSpC3S5jHEixbuRa0oqkpLj4cq8LA3JkysYjH5l2HKRdDWKbBaFVZ9CYuAauSqhQrWur/lL0ARAZuOPY2UUw7P0KKWVqR1EdgIQlBs5fmkw5RHPH/1fsXrw8PLpsBQXD6Z2qj8G9DS3mhVTKs6aYiPEGOgPH6kdWpzEYkwSPKbCWVfhAlkqTMkkTU1tuE1JfpDpX8EyLJqlROWCLpfyuWIBIZbvxudBy0MKAWXERTk22E/BHYuRhsxDYeXTd1FbWK0y4XIPk3q9r+e+U6pQxjTVcxTqu3cg3uv54Dq3ITSqmvLyR8mFjOd1hqVmqfatg91Kpwg76p/c1W+2nC3WLm6WrycHQLBA3/oki40lZI378a84bdswnmeg==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_CY4PR05MB35769327315CBA84E8912D84D54A0CY4PR05MB3576namp_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CY4PR05MB3576.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 89590597-b688-401d-bbb5-08d838414d59
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Aug 2020 06:40:39.3971 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 6bUdiHytVMQMt1BMoYL2YdBINtOzTFvjAUPDEZ57yVeQnMnNw4tA5eSGe8YW6P10JplCeqgVaKCy2jGx2jbTsQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR05MB3510
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-08-04_02:2020-08-03, 2020-08-04 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 mlxlogscore=999 phishscore=0 clxscore=1011 suspectscore=0 spamscore=0 malwarescore=0 impostorscore=0 adultscore=0 lowpriorityscore=0 mlxscore=0 priorityscore=1501 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2008040048
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/R1SlOe6-GqJtSHJIjxldexDMlFE>
Subject: Re: [spring] Spring protection - determining applicability
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Aug 2020 06:40:46 -0000

All,

This is a very interesting discussion and thanks to Joel for starting this discussion. IMO, when there are strict requirements of avoiding certain nodes/links it can be realized  either by defining a flex-algo avoiding those
Nodes and links or by using a stack of unprotected adj-sids that avoid restricted nodes and links. When a stack of adj-sids is used to realize the path, the head-end based (sBFD) protection mechanisms can be applied.

If Node-sids/prefix-sid/anycast-sids are used to build the stack, the failure events may cause traffic to go through restricted nodes and links. This would happen regardless of whether any kind of protection is in use or not.

Rgds
Shraddha





Juniper Business Use Only
From: spring <spring-bounces@ietf.org> On Behalf Of Andrew Alston
Sent: Tuesday, August 4, 2020 5:41 AM
To: Robert Raszuk <robert@raszuk.net>
Cc: spring@ietf.org; Joel M. Halpern <jmh@joelhalpern.com>
Subject: Re: [spring] Spring protection - determining applicability

[External Email. Be cautious of content]

Robert this is actually far more difficult when - it can be an entire (long) series of nodes that need to be avoided.

It could potentially be made to work but I'd worry that to do this - you'd have to stack 10 - 20 - 30 negative labels - and that wouldn't be viable.

It's easier to use algorithms and adjacency sids and other such things to calculate paths - the biggest trick is about the stack depth.  When you have this need for node avoidance - the need for 10+ label depth is critical - unless you wanna be applying one hell of a lot of binding labels along the way which is a nightmare.

But to answer your question, is this a common use case - it's a use case that most of the people I discuss this with certain have - I cant  comment on a global scale, or for anyone else, but every indication I have is that yes - its something people need, and want

Andrew


From: Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>
Sent: Tuesday, 4 August 2020 01:27
To: Andrew Alston <Andrew.Alston@liquidtelecom.com<mailto:Andrew.Alston@liquidtelecom.com>>
Cc: Joel M. Halpern <jmh@joelhalpern.com<mailto:jmh@joelhalpern.com>>; spring@ietf.org<mailto:spring@ietf.org>
Subject: Re: [spring] Spring protection - determining applicability


Is this a common use case ie.  "but rather - which nodes / network segments it can never touch or flow through."

If so perhaps its time to define notion of negative-SID ie. list in the packet resources which given packet MUST not ever traverse.

Put in the packet set of nodes or links which the packet should never traverse.

That goes in line of recent wave of negative routing implementations (RIFT) or discussions (LSR)

Best,
R.





On Mon, Aug 3, 2020 at 11:46 PM Andrew Alston <Andrew.Alston@liquidtelecom.com<mailto:Andrew.Alston@liquidtelecom.com>> wrote:
So -

One of the use cases, in fact, some very major use cases in any spring technology for us revolve around the following


a.       The explicit avoidance of certain nodes

b.       The explicit avoidance of certain sections of the network

Anything that could result in that explicit avoidance being violated - would create, shall we say significant problems.

Much of the use case is not a case of which nodes the packets flow through - but rather - which nodes / network segments it can never touch or flow through.  Effectively, to be used as a technology to avoid certain things for specific reasons.

This is also one of the reasons for needing such deep label stacks - this kind of detailed path programming tends to deepen the stack because you sometimes have to be pretty explicit.

It is absolutely critical to us that this functionality is there - and that we can avoid situations which could cause traffic to accidently hit things explicitly avoided.

I wish I could be more specific than this, but it is what it is.

Thanks

Andrew


From: spring <spring-bounces@ietf.org<mailto:spring-bounces@ietf.org>> On Behalf Of Joel M. Halpern
Sent: Monday, 3 August 2020 21:36
To: Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>
Cc: spring@ietf.org<mailto:spring@ietf.org>
Subject: Re: [spring] Spring protection - determining applicability

(Since the thread has gotten long enough, reiterating that this is as a
participant, not a WG chair.)

Yes, we are talking IP networks. And yes, I have seen IP networks that
choose to drop packets. For all sorts of reasons.
I think there are likely other reasons why one may not want a random
path rather than a chosen TE path. I think it is important we be clear
about what constraints may be / are violated when we tell people they
have this tool (protective rerouting) that is intended to preserve QoS.

Let's be clear. I am not arguing that this is not a good idea. It is a
good idea. And useful. I am trying to figure otu what combination of
additional mechanisms and clear descriptions will lead to everyone
getting the behavior they expect (which may not be the behavior they
desire, but sometimes is the best we can do.)

Yours,
Joel

On 8/3/2020 2:30 PM, Robert Raszuk wrote:
> Joel,
>
> Are we still talking about IP networks here ? Or perhaps some hard
> slicing with real resource reservations or detnets ?
>
> Because if we are talking about IP networking I have two observations:
>
> A) If you need to traverse via a specific node (ie. firewall) you better
> apply IP encapsulation to that node. I don't think IP encapsulation can
> be hijacked today such that destination address of the packet is ignored.
>
> B) Have you seen any IP network where upon topology change (link or node
> failure) you suddenly start dropping flows in spite of SPT offering
> perhaps few ms longer path with 10 ms more jitter ?
>
> Or are some SR marketing slides promise to turn IP networks in
> something new ? Worse ... do they mention path quality guarantees,
> resource reservations ? I hope not.
>
> Thx,
> R.
>
>
>
>
>
>
>
>
>
> On Mon, Aug 3, 2020 at 8:10 PM Joel M. Halpern <jmh@joelhalpern.com
<mailto:jmh@joelhalpern.com%20%0b>> <mailto:jmh@joelhalpern.com>> wrote:
>
> Well less serious for TE SIDs, I am not sure the problem is restricted
> to just service SIDs.
>
> Suppose that the PCE has specified the path to meet some complex te
> objective.  The bypass node has no way of knowing what those
> constraints
> were.  And for some kinds of traffic, it is better to drop the packet
> than to deliver it outside the envelop.  I suspect that the right
> answer
> to this is "too bad".  If so, as with the distinction regarding service
> nodes, we should say so, shouldn't we?
>
> Yours,
> Joel
>
> On 8/3/2020 2:36 AM, Alexander Vainshtein wrote:
> > Mach, Joel and all,
> >
> > I think that in most cases:
> >
> > 1.There is clear differentiation between "topological" and "service"
> > instructions in SID advertisements. E.g.:
> >
> > oIGP Prefix Node SIDs IGP Adj-SIDs (identified as such in the
> > corresponding IGP advertisements) represent topological instructions
> >
> > oService SIDs for SRv6 (see SRv6 BGP-Based Overlay Services
> >
> <https://datatracker.ietf.org/doc/html/draft-ietf-bess-srv6-services-04<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-ietf-bess-srv6-services-04__;!!NEt6yMaO-gk!S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqguoZHgwp6vpRHOGt8AkTRDuiDo4T-L0nl$>>
>
> > draft) unsurprisingly represent "service" instructions
> >
> > 2.Segments that represent topological instructions can be bypassed,
> > while segments that represent service instructions require
> alternative
> > protection mechanisms.
> >
> > This view seems to be aligned with RFC 8402
> > <https://tools.ietf.org/html/rfc8402<https://urldefense.com/v3/__https:/tools.ietf.org/html/rfc8402__;!!NEt6yMaO-gk!S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqguoZHgwp6vpRHOGt8AkTRDuiDo0I4Ybtm$>> that says in Section 1:
> >
> >     In the context of an IGP-based distributed control plane, two
> >
> > topological segments are defined: the IGP-Adjacency segment and the
> >
> >     IGP-Prefix segment.
> >
> >     In the context of a BGP-based distributed control plane, two
> >
> > topological segments are defined: the BGP peering segment and the
> >
> >     BGP-Prefix segment.
> >
> > In the case of SR-MPLS this differentiation is assumed in Section
> 3.4 of
> > the Node Protection for SR-TE Path
> >
> <https://datatracker.ietf.org/doc/html/draft-hegde-spring-node-protection-for-sr-te-paths-07#section-3.4<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-hegde-spring-node-protection-for-sr-te-paths-07*section-3.4__;Iw!!NEt6yMaO-gk!S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqguoZHgwp6vpRHOGt8AkTRDuiDo9wO-Ssn$>>
>
> > draft that says:
> >
> >     The node protection mechanism described in the previous sections
> >
> >     depends on the assumption that the label immediately below
> the top
> >
> > label in the label stack is understood in the IGP domain.  When the
> >
> >     provider edge routers exchange service labels via BGP or some
> other
> >
> >     non-IGP mechanism the bottom label is not understood in the IGP
> >
> >     domain.
> >
> >     The egress node protection mechanisms described in the draft
> >
> >     [RFC8679 <https://datatracker.ietf.org/doc/html/rfc8679<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/rfc8679__;!!NEt6yMaO-gk!S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqguoZHgwp6vpRHOGt8AkTRDuiDo8MGipXc$>>] is
> > applicable to this use case and no additional changes
> >
> >     will be required for SR based networks
> >
> > The scenarios in which  differentiation between "topological" and
> > "service" instructions is broken are indeed problematic. E.g.,
> consider
> > the use case in which a Node SID in the ERO of a SR-TE path
> identifies a
> > node that acts as a firewall for all packets it receives, i.e.,
> provides
> > the firewall service without any dedicated service SID
> identifying it.
> > One could say that the Node SID of such a node would combine
> topological
> > and service instructions thus breaking the differentiation
> between the two.
> >
> > I am not sure if usage of such "combined" SIDs could be prevented
> or at
> > least discouraged.
> >
> > If not, providing an ability to identify such SIDs in the
> advertisement
> > mechanisms would be useful IMHO.
> >
> > My 2c,
> >
> > Sasha
> >
> > Office: +972-39266302
> >
> > Cell:      +972-549266302
> >
> > Email: Alexander.Vainshtein@ecitele.com<mailto:Alexander.Vainshtein@ecitele.com>
> <mailto:Alexander.Vainshtein@ecitele.com>
> >
> > -----Original Message-----
> > From: spring <spring-bounces@ietf.org
<mailto:spring-bounces@ietf.org%0b>> <mailto:spring-bounces@ietf.org>> On Behalf Of Mach Chen
> > Sent: Monday, August 3, 2020 6:30 AM
> > To: Joel M. Halpern <jmh@joelhalpern.com
<mailto:jmh@joelhalpern.com%0b>> <mailto:jmh@joelhalpern.com>>; spring@ietf.org<mailto:spring@ietf.org> <mailto:spring@ietf.org>
> > Subject: Re: [spring] Spring protection - determining applicability
> >
> > Hi Joel,
> >
> > I think this is a good point that may not be discussed in the
> past. And
> > I also don't think there is a "can be bypassed" indication in the
> > routing advertisement for now.
> >
> > IMHO, the information advertised by routing is neutral, such
> information
> > (can or cannot be bypassed) is more path specific, thus normally the
> > controller should be responsible for deciding whether/which SID
> can be
> > bypassed.
> >
> > Best regards,
> >
> > Mach
> >
> >  > -----Original Message-----
> >
> >  > From: spring [mailto:spring-bounces@ietf.org
> <mailto:spring-bounces@ietf.org><mailto:spring-bounces@ietf.org%0b%3e%20%3cmailto:spring-bounces@ietf.org%3e>] On Behalf Of Joel M.
> >
> >  > Halpern
> >
> >  > Sent: Monday, August 3, 2020 7:51 AM
> >
> >  > To: spring@ietf.org<mailto:spring@ietf.org> <mailto:spring@ietf.org>
> <mailto:spring@ietf.org <mailto:spring@ietf.org<mailto:spring@ietf.org%20%3cmailto:spring@ietf.org>>>
> >
> >  > Subject: [spring] Spring protection - determining applicability
> >
> >  >
> >
> >  > (WG Chair hat Off, this is merely a note from a slightly
> confused WG
> >
> >  > participant.)
> >
> >  >
> >
> >  > I have been reading the various repair drafts, and the various
> >
> >  > networks programming and service programming draft, and I am
> trying to
> >
> >  > figure out one aspect of the combination.
> >
> >  >
> >
> >  > How does a node that is doing some form of bypass (suppose, for
> >
> >  > simplicity, it is Node N2 deciding to bypass the next SID for
> a failed
> >
> >  > node N3) know that it is safe to do so?
> >
> >  >
> >
> >  > If the path was just for TE, then it is "safe" if the new path
> meets
> >
> >  > the TE criteria.  or maybe it is safe if it is even close, as
> long as
> >
> >  > it is not used for too long.
> >
> >  >
> >
> >  > But what if the node were a Firewall, included to meet legal
> > requirements?
> >
> >  > Or was some other necessary programmatic transform (wince we are
> >
> >  > deliberately vague about what nodes can do when asked suitably.)
> >
> >  >
> >
> >  > Is there some "can be bypassed" indication in the routing
> >
> >  > advertisements that I missed?
> >
> >  >
> >
> >  > Thank you,
> >
> >  > Yours,
> >
> >  > Joel
> >
> >  >
> >
> >  > _______________________________________________
> >
> >  > spring mailing list
> >
> >  > spring@ietf.org<mailto:spring@ietf.org> <mailto:spring@ietf.org>
> <mailto:spring@ietf.org <mailto:spring@ietf.org<mailto:spring@ietf.org%20%3cmailto:spring@ietf.org>>>
> >
> >  >
> >
> https://clicktime.symantec.com/367qhU4KiUkzW9uGC4eAvP46H2?u=https%3A%2<https://urldefense.com/v3/__https:/clicktime.symantec.com/367qhU4KiUkzW9uGC4eAvP46H2?u=https*3A*2__;JSU!!NEt6yMaO-gk!S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqguoZHgwp6vpRHOGt8AkTRDuiDo6HwPLil$>
> >
> <https://clicktime.symantec.com/367qhU4KiUkzW9uGC4eAvP46H2?u=https%3A%252<https://urldefense.com/v3/__https:/clicktime.symantec.com/367qhU4KiUkzW9uGC4eAvP46H2?u=https*3A*252__;JSU!!NEt6yMaO-gk!S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqguoZHgwp6vpRHOGt8AkTRDuiDozoQiAHk$>>
> >
> >  > F%2Fwww.ietf.org<https://urldefense.com/v3/__http:/2Fwww.ietf.org__;!!NEt6yMaO-gk!S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqguoZHgwp6vpRHOGt8AkTRDuiDo-pPCjvR$>
> <http://2Fwww.ietf.org<https://urldefense.com/v3/__http:/2Fwww.ietf.org__;!!NEt6yMaO-gk!S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqguoZHgwp6vpRHOGt8AkTRDuiDo-pPCjvR$>>%2Fmailman%2Flistinfo%2Fspring
> >
> > _______________________________________________
> >
> > spring mailing list
> >
> > spring@ietf.org<mailto:spring@ietf.org> <mailto:spring@ietf.org> <mailto:spring@ietf.org
<mailto:spring@ietf.org%0b>> <mailto:spring@ietf.org>>
> >
> >
> https://clicktime.symantec.com/367qhU4KiUkzW9uGC4eAvP46H2?u=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fspring<https://urldefense.com/v3/__https:/clicktime.symantec.com/367qhU4KiUkzW9uGC4eAvP46H2?u=https*3A*2F*2Fwww.ietf.org*2Fmailman*2Flistinfo*2Fspring__;JSUlJSUl!!NEt6yMaO-gk!S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqguoZHgwp6vpRHOGt8AkTRDuiDo-hR3gAD$>
> >
> >
> >
> >
> ------------------------------------------------------------------------
> > Notice: This e-mail together with any attachments may contain
> > information of Ribbon Communications Inc. that is confidential
> and/or
> > proprietary for the sole use of the intended recipient. Any review,
> > disclosure, reliance or distribution by others or forwarding without
> > express permission is strictly prohibited. If you are not the
> intended
> > recipient, please notify the sender immediately and then delete all
> > copies, including any attachments.
> >
> ------------------------------------------------------------------------
> >
> > _______________________________________________
> > spring mailing list
> > spring@ietf.org<mailto:spring@ietf.org> <mailto:spring@ietf.org>
> > https://www.ietf.org/mailman/listinfo/spring<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spring__;!!NEt6yMaO-gk!S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqguoZHgwp6vpRHOGt8AkTRDuiDo5KlPnbj$>
> >
>
> _______________________________________________
> spring mailing list
> spring@ietf.org<mailto:spring@ietf.org> <mailto:spring@ietf.org>
> https://www.ietf.org/mailman/listinfo/spring<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spring__;!!NEt6yMaO-gk!S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqguoZHgwp6vpRHOGt8AkTRDuiDo5KlPnbj$>
>

_______________________________________________
spring mailing list
spring@ietf.org<mailto:spring@ietf.org>
https://www.ietf.org/mailman/listinfo/spring<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spring__;!!NEt6yMaO-gk!S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqguoZHgwp6vpRHOGt8AkTRDuiDo5KlPnbj$>

v2.23.0 | Report a Bug | By Email