IETF Logo Mail Archive

Re: [spring] How CRH support SFC/Segment Endpoint option?

James Guichard <james.n.guichard@futurewei.com> Sun, 24 May 2020 23:49 UTC

Return-Path: <james.n.guichard@futurewei.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7C833A0B74; Sun, 24 May 2020 16:49:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.089
X-Spam-Level:
X-Spam-Status: No, score=-2.089 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6c4JAz3PUdSy; Sun, 24 May 2020 16:49:12 -0700 (PDT)
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2125.outbound.protection.outlook.com [40.107.243.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6578B3A0E18; Sun, 24 May 2020 16:48:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VzfTdvxee99tJDyGUgE45GgkQaGOS0UPKNeGRMk+iad108/1G8i3tenrRQCF1EA9182dxo04WQBVuXQ4OCbC32KaE99RUckypngIdaRNFdk5SLBlIqGu0eWifAFt734RF9D2SeFhfaarM60U35Q4WAZ43jGV+XRXaox20RhEv9rxQlhC9oisEZp5qyr4qr4l7brTWJW6/kT4K5SKGguNIcWYgqwRdCmKTiuVybZnkQt9glS2ge/UbSK5W3lVJABQga4Vo5L4ibKCdaWB8PEtNEOvBRD8in6t9Lgqia0Ggkl4SKH3H4Ye/8utXWnmRpKoZKqw0uAQAHfYwc0qOL4HZg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PScBaVG+XswL6UxgliSHP7ruFrPx6epEqfu23Vgirp4=; b=IDIRzD8uXDQ9VRe2dXm8XPCX6oYEwOfFFCX6qwQ82KtVxbJiLszDyV2DXUog7nZ0pmCe7VDUFtvsECm1GkSBLROLsCGC38Vh2WNHkn5x/TaQy+0U6cx3hP7dgTj7lFRYH2usek+awRFG7DZgO+u4oaIFtJp/dP0BdvS1R+/MXGrci7oz5K76ORzc6OsudIdpnkYbAhtr8NoKK2Bwwafm/wY1Ox0w4JiIoTB+a6aILaO0r/H9g3fWJLpIcNbCpwHfkoFVKHlMqw35Ydtj2YK4Fpo2QJAG1VeUEej4x3rH91Eg04Qn6zGtIye+Z8e87Cg79af9iL3sQf8vIlggnHnkBA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PScBaVG+XswL6UxgliSHP7ruFrPx6epEqfu23Vgirp4=; b=boC+gJ3dgJu04D2PbRBv3LAUGvKCP1ByklA9RjbfTf+KnrDRWTseXcDwQKZvQpjJhTsUx/IN381+MR7PQeUc1aJ69cb1bFgDZqY7tj4+FGBRu1txE59pyJB20GuQkUvulfmqywTnfnFnnzfLbCoxQRX33K+UyFFUwYjIL/LRc5o=
Received: from DM6PR13MB3066.namprd13.prod.outlook.com (2603:10b6:5:19d::18) by DM6PR13MB3403.namprd13.prod.outlook.com (2603:10b6:5:1c9::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3045.13; Sun, 24 May 2020 23:48:55 +0000
Received: from DM6PR13MB3066.namprd13.prod.outlook.com ([fe80::a024:eb2c:7574:b7b7]) by DM6PR13MB3066.namprd13.prod.outlook.com ([fe80::a024:eb2c:7574:b7b7%7]) with mapi id 15.20.3045.009; Sun, 24 May 2020 23:48:55 +0000
From: James Guichard <james.n.guichard@futurewei.com>
To: Robert Raszuk <robert@raszuk.net>, Brian E Carpenter <brian.e.carpenter@gmail.com>
CC: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, "spring@ietf.org" <spring@ietf.org>, 6man <6man@ietf.org>
Thread-Topic: [spring] How CRH support SFC/Segment Endpoint option?
Thread-Index: AdYwBYkgTau2vInrR6WP+x+iqlpN9gAPJDmwADf+cOAAEX/LgAATRtiAABYR7YAAAFArgAAFULuw
Date: Sun, 24 May 2020 23:48:55 +0000
Message-ID: <DM6PR13MB30663AAD8D09C09C526F7592D2B20@DM6PR13MB3066.namprd13.prod.outlook.com>
References: <C7C2E1C43D652C4E9E49FE7517C236CB02A2CD12@dggeml529-mbx.china.huawei.com> <DM6PR05MB63482CFA4D5AB938D5A4B818AEB40@DM6PR05MB6348.namprd05.prod.outlook.com> <C7C2E1C43D652C4E9E49FE7517C236CB02A37DC6@dggeml509-mbs.china.huawei.com> <DM6PR05MB63489256A7C8357BEF526EE2AEB20@DM6PR05MB6348.namprd05.prod.outlook.com> <CAOj+MMGLj9OgFCcsB21oWXbcCqHZ7B4qTvCcrK9LXuKDYVu_vQ@mail.gmail.com> <811e0a83-6dee-5d08-2293-832d0eb6708a@gmail.com> <CAOj+MMFom5p2YYM6==RhHEe3S-8e-dd9y16_At6-M55b9aPcOw@mail.gmail.com>
In-Reply-To: <CAOj+MMFom5p2YYM6==RhHEe3S-8e-dd9y16_At6-M55b9aPcOw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: raszuk.net; dkim=none (message not signed) header.d=none;raszuk.net; dmarc=none action=none header.from=futurewei.com;
x-originating-ip: [47.14.47.233]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1628d8ce-6b8f-4d67-fcb2-08d8003d0551
x-ms-traffictypediagnostic: DM6PR13MB3403:
x-microsoft-antispam-prvs: <DM6PR13MB34030242A71AD7AC3E5A6344D2B20@DM6PR13MB3403.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0413C9F1ED
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: mbPZh+JGzYfwH/G5OQb4XqDtUIHI5LVSYzCxxhutM5RShapitEbqAjEXaPPpPBuUS8A5pZbioU7/n5r9AqJEiiNZqwvRbeuPSjr755o5YRcQaRFeICk5lSHxM0MV4JrJ0BpR4D5CJZqkl6pcyRqmt4ERV24SE98eEqfU+25LoZsJ3svDO12Y9foI/d67/8QxQMq3r0CbP2Z8WtdDbq3/2FEfIeueDaJpI+YSyJnM+6s3ych8mTFNa6rbLTRbAymjWNS/aYukacqj+bGC991qSmYhyaLW09D9q6XfqYtYcxX+8MtcK3Zdei+qvbJkco86GTiCaH6z6zxYa41uR/kUhA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR13MB3066.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(346002)(136003)(366004)(396003)(39830400003)(376002)(66446008)(7696005)(5660300002)(66556008)(53546011)(6506007)(64756008)(66476007)(66946007)(33656002)(8676002)(71200400001)(26005)(76116006)(186003)(478600001)(9686003)(55016002)(54906003)(110136005)(8936002)(4326008)(86362001)(2906002)(316002)(52536014); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: 5M22L4jzeXIqYgLRybeeoUZftXmrQoaIfYEMKmQNdw5D0/1+zZP0fRFMOdbcgRYbBQjat6I42LXBdqwakRtuSXUmIUDA0ZqWtuWRQhOfW3JmkmHgpg0or82tpXI4OVm9KETecbUOIvJwQugPPeNi+0OO94zrQKlFBZlkBrEd3fo5u+diXXG3qLqlmSamhgpOCFHgzK3Wgd0rWysChCUmravmlu4ExURlC96cefxMKgGB2kyQkBR5M89zVbicQ62zdfIa63Jq3c2LTzHiYUpct7b5OOLL46nrbYgfkzdOADAwSqiDGnQNWndQFgQpFjFsl8ZBBPvQ8Nt7WTiaf/xlFJHTzYx16v/Rpl9b6aUtPX1+CZncl+t1JrQflF60htX2I6zQqk/NJ3C/MOHeLheLdGLKEoA14OrAfpVwcXt9tZJ8XAq84DwcSLratUih414/X8F9o8vOJEucWJaGX0mw958GrMxXdNZRROVNCCLVsTI=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM6PR13MB30663AAD8D09C09C526F7592D2B20DM6PR13MB3066namp_"
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1628d8ce-6b8f-4d67-fcb2-08d8003d0551
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 May 2020 23:48:55.3860 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Tu+UllMk5tU+abWxUPnR+1yQwUptB4fS+1/VtaZLNVuwJPJJqcDMpV3yZfi3mmjVP38wqk94u2FPtUuAqZeEzw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR13MB3403
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/Rh-Q7xb_cr-qVKK3Pkt-luCYk1I>
Subject: Re: [spring] How CRH support SFC/Segment Endpoint option?
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 May 2020 23:49:18 -0000

It seems to me that RFC8200 could not be clearer when it states that there is an order to how extension headers are processed (see [1]) and if a DOH precedes a routing header then *every* node in the routing header must process the DOH; which leads me to wonder how a service chain could be supported unless only a single service is needed in a chain and that service be placed as the last node in the routing header so that a DOH could be added *after* the routing header and therefore only be processed by the last node.

[1] RFC8200 section 4.1

      note 1: for options to be processed by the first destination that
              appears in the IPv6 Destination Address field plus
              subsequent destinations listed in the Routing header.
      note 3: for options to be processed only by the final destination
              of the packet.

** note 1 is for DOH preceding routing header and note 3 is for DOH after routing header.

Jim
From: spring <spring-bounces@ietf.org> On Behalf Of Robert Raszuk
Sent: Sunday, May 24, 2020 5:03 PM
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>; spring@ietf.org; 6man <6man@ietf.org>
Subject: Re: [spring] How CRH support SFC/Segment Endpoint option?

Hi Brian,

No playing with words intended at all.

But as you very well know half of the room read RFC8200 verbatim to what the definition of destination node is. Clearly segment endpoint address would be the "local" destination of the packet when it receives it.

It seems very clear that RFC8200 authors did not expect that packet may have more then one destination in a domain :)  That seems to be a crux.

Let's please do not restart that topic. I asked this question as I am curious for RbR - how to prevent midpoints to examine DOH if someone would choose to carry VPN demux label there.

What is there in the packet when packet is received by a segment endpoint (transit point) to tell - STOP ... this is not a packet for you - skip DOH - but go and examine other RHs ?

Thank you,
R,









On Sun, May 24, 2020 at 10:54 PM Brian E Carpenter <brian.e.carpenter@gmail.com<mailto:brian.e.carpenter@gmail.com>> wrote:
Hi Robert,

On 24-May-20 22:22, Robert Raszuk wrote:
> Hi Ron,
>
> I have one small question on the Destination Option Header you keep referencing to carry for example VPN demux instructions.
>
> As DOH follows Fragment Header it is indeed inspected before CRH.
>
> So please kindly clarify what is there in the IPv6 packet header which would stop each segment endpoint (during the transit over SR anchors)  which destination is obviously in DA of the arriving packet not to inspect DOH and not trying to execute it ?
>
> If you could please also provide reference to RFC8200 defining it..

I think you are playing with words a bit here. 8200 says:
"The Destination Options header is used to carry optional information
that need be examined only by a packet's destination node(s)."

That clearly means that other nodes *do not need* to examine the DOH, so they can simply skip over it. Because it isn't encrypted, of course they physically can examine it if they want to waste CPU cycles, but they *do not need* to do so. Since they are not the destination node, obviously the information in the DOH is not intended for them. If it isn't obvious that they are not intended to act on that information, I don't know why we bother to write RFCs at all.

Regards
    Brian

v2.23.0 | Report a Bug | By Email