IETF Logo Mail Archive

Re: [spring] 6MAN WGLC: draft-ietf-6man-sids

David Farmer <farmer@umn.edu> Mon, 10 October 2022 14:56 UTC

Return-Path: <farmer@umn.edu>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16FFBC1524A1 for <spring@ietfa.amsl.com>; Mon, 10 Oct 2022 07:56:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umn.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mti_l4Q-co0q for <spring@ietfa.amsl.com>; Mon, 10 Oct 2022 07:56:31 -0700 (PDT)
Received: from mta-p5.oit.umn.edu (mta-p5.oit.umn.edu [134.84.196.205]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0345C1522B4 for <spring@ietf.org>; Mon, 10 Oct 2022 07:56:31 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by mta-p5.oit.umn.edu (Postfix) with ESMTP id 4MmMSG2fyBz9x6BF for <spring@ietf.org>; Mon, 10 Oct 2022 14:56:30 +0000 (UTC)
X-Virus-Scanned: amavisd-new at umn.edu
Received: from mta-p5.oit.umn.edu ([127.0.0.1]) by localhost (mta-p5.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4WhLvXPfPGZ2 for <spring@ietf.org>; Mon, 10 Oct 2022 09:56:30 -0500 (CDT)
Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p5.oit.umn.edu (Postfix) with ESMTPS id 4MmMSF6TMbz9x69t for <spring@ietf.org>; Mon, 10 Oct 2022 09:56:29 -0500 (CDT)
DMARC-Filter: OpenDMARC Filter v1.3.2 mta-p5.oit.umn.edu 4MmMSF6TMbz9x69t
DKIM-Filter: OpenDKIM Filter v2.11.0 mta-p5.oit.umn.edu 4MmMSF6TMbz9x69t
Received: by mail-ej1-f71.google.com with SMTP id sa6-20020a1709076d0600b0078d84ed54b9so2493944ejc.18 for <spring@ietf.org>; Mon, 10 Oct 2022 07:56:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=evEu98Ib9FvgJTTwTK01CkGgRrgxm8ZPlR18FvI1V4s=; b=Sbpw+Gw1vT2Rj1D91iO7N7sZqUwEYVKUaym0QhLV+JXyTkKMEqNurYOX1C5mHFtOMl wTSZ/JEKfRRn9cz9FgEWUSGr0ol5C4oYbHcXuV5knWhdCUQ9wiQkU4KCszP6gEhQK7ER pArnNFMpQV/3v3IL1c8XvCW1PAlyHXnuzF8QbGwPRF7zdVIGJCkByWMSXfj1R4KewG+r IKSWPfT7vRabz9HjD1gI+WbzC+aumGyUniQyPT27wyaqQgT7PcwpemkUh/8jJFyQiNb8 I5FbIAKxvSVf6uax1RzQKkBgyVFGY1AHxE8UILwK2rCSH/T745EJsy7UULFWpcT3IgdM EagA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=evEu98Ib9FvgJTTwTK01CkGgRrgxm8ZPlR18FvI1V4s=; b=CgjxnQ5UnLJo9pekTnYM2L9MRu3Ufg56yMctoj/hf+yp2QOFcKT3O7E877aAClVIGG yVaA7bEiEOpqDc3I7oklfe2c1BCPWaS1jeisjmgjeXyhwb4K1pLRJ9pcyuAzr+bIHEon 42yZ/cyllkh2NOL5YFZhw0xhYw9cYSpmSp/3QbfLOw1uLvl/vtFFogqAITWujgQhx9lv hG7TUPpPpuNMBTtEFPdY/fdbEA2lbW3aY69DGBDMWZGccYkg0eGpJvHLM4xtGNh5gz4X 3sJGoMILRNiUPZcs8749zRJUOpmluWhldtr/lT+7UamB7tprvyIwf9j8G81QaYtRh5li jJSg==
X-Gm-Message-State: ACrzQf2sVXxtqm1612YlNrJ2vtSuTry8d4CeTdkz+phoraZLHB1uBCh8 l5035QP2d4hzmYpRcCVlNqbFDFZvZQ2exyVApd11cNqkPhOSyUSj2rP88rNmXdpgoK+TMOvoYYl psG2m4eCDgZ8e5Kg1sKfN0Xiohxk=
X-Received: by 2002:a05:6402:2748:b0:459:15fe:a868 with SMTP id z8-20020a056402274800b0045915fea868mr17961493edd.157.1665413788671; Mon, 10 Oct 2022 07:56:28 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM4maY6wzZKAfSUrKf9QS0vS0AfX62RqLjTeBhbAB0MmqjMHtVkd7ddjsNqqKr+H7kTCER/paY1QhwhCQYfd4CE=
X-Received: by 2002:a05:6402:2748:b0:459:15fe:a868 with SMTP id z8-20020a056402274800b0045915fea868mr17961460edd.157.1665413788296; Mon, 10 Oct 2022 07:56:28 -0700 (PDT)
MIME-Version: 1.0
References: <CAFU7BARixwPZTrNQOuEw3WP-FqUsVwTj7btMTahcMbXm_NqWGw@mail.gmail.com> <58E77509-A1A1-4CE8-9EE4-22BEEEA8B62E@gmail.com> <98a941e4-0fff-ced1-d4ca-4406368eac31@joelhalpern.com> <4DC495DF-AD6B-4D60-80C4-B836DD365A0C@gmail.com> <CAOj+MMEx7+jWN1yC=81dMwo5GmqbhyHqOZr9W2_qzN9BNjs+Zw@mail.gmail.com> <ab55e9c0-60b9-2986-07f1-38c28852009e@joelhalpern.com> <CAOj+MMEn6Dz-Rz0PRRvR8VXT8idAQm+rLuouWJoNz-dA+kRkJQ@mail.gmail.com> <1fe2d387-8ecc-5240-092c-84a5978af5e4@gmail.com> <CAOj+MME6Nb3MLQCiGQ5S06Cwj6d3Z+aoSpxwFdtoFaV-yPPuJQ@mail.gmail.com> <e65772a1-bc86-c59c-e99f-7cabf92f28a4@joelhalpern.com> <183BB8B9-A338-4136-8546-7C7858B4D4E4@cisco.com> <35484ed3-509a-39ba-6a16-8f2bf807f4f2@joelhalpern.com> <BAAD744A-2AD2-4498-90EC-9C9A184E0A8A@cisco.com> <CAOj+MMGjTa+zwRHnRWWu-+bRZd83vo4xz22XuRK+7TJ5A81DQQ@mail.gmail.com> <a10a6d8c-ef59-398b-1b53-dc3e688c16b0@joelhalpern.com> <CAOj+MMFGRjevpYLGxwiRs1GP-yN8eAxE6a7JKxuhbsYrJgUyLA@mail.gmail.com> <0d911d38-b939-692a-9b8b-24ff752672bc@joelhalpern.com> <CAOj+MMEnYR-ORvtUg+mrq=TW=QXrKYRXoJx=eaFhv2rc+rb+WQ@mail.gmail.com>
In-Reply-To: <CAOj+MMEnYR-ORvtUg+mrq=TW=QXrKYRXoJx=eaFhv2rc+rb+WQ@mail.gmail.com>
From: David Farmer <farmer@umn.edu>
Date: Mon, 10 Oct 2022 09:56:11 -0500
Message-ID: <CAN-Dau1iOPn5kiu1nxNmp7U+ziCqN1m+isadBwQTZfz1WTFgiQ@mail.gmail.com>
To: Robert Raszuk <robert@raszuk.net>
Cc: Joel Halpern <jmh.direct@joelhalpern.com>, 6man <ipv6@ietf.org>, SPRING WG List <spring@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000417d4e05eaaf5de0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/9I7DYvDc_-RTIUJKMmNJm91xagg>
Subject: Re: [spring] 6MAN WGLC: draft-ietf-6man-sids
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Oct 2022 14:56:36 -0000

If you are saying the concept of Limited Domains does not apply to SRH
since it isn't an IETF consensus document, then I believe that calls the
consensus for SRH into serious question. Furthermore, if the SRH consensus
is questionable, the idea that operators might filter it shouldn't be
surprising.

Thanks

On Mon, Oct 10, 2022 at 9:24 AM Robert Raszuk <robert@raszuk.net> wrote:

> Joel,
>
> Am I wrong understanding that definition of "limited domain" was never
> approved by any formal IETF process ?
>
> If so do you really think we should be bounded on something which has been
> defined outside of IETF ?
>
> Cheers,
> Robert
>
> On Mon, Oct 10, 2022 at 4:03 PM Joel Halpern <jmh.direct@joelhalpern.com>
> wrote:
>
>> SRH was explicitly defined for use in limited domains.   That is why I
>> think dropping it is acceptable.  Certainly not required, but permitted.
>> The closest equivalent is NSH, which is also defined for limited domains.
>> In my personal opinion (not speaking for the SFC working group) I think it
>> would be legitimate for a domain, particularly one that is using NSH, to
>> drop packets where the IP carried protocol is NSH.  (I would prefer that
>> they block only packets to their domain with carried protocol of NSH, but
>> that is up to the operator.)
>>
>> You have said that you consider the limited domain requirement to be
>> wrong and irrelevant.  Whether you agree with it or not, it is in the RFC.
>> Operators may reasonably act on that.
>>
>> Yours,
>>
>> Joel
>> On 10/10/2022 9:59 AM, Robert Raszuk wrote:
>>
>> >  it seems acceptable to block all packets with SRH
>>
>> And such statements you are making are exactly my point.
>>
>> Just curious - Is there any other extension header type subject to being
>> a good enough reason to drop packets at any transit node in IPv6 ?
>>
>> Thx,
>> R.
>>
>> On Mon, Oct 10, 2022 at 3:53 PM Joel Halpern <jmh.direct@joelhalpern.com>
>> wrote:
>>
>>> Protection from leaking inwards is required by the RFCs as far as I know.
>>>
>>> Note that there are multiple ways to apply such protection.  It is
>>> sufficient for the domain only to block packets addressed to its own SID
>>> prefixes.  If the domain is using SRv6 without compression or reduction, it
>>> seems acceptable to block all packets with SRH.  After all, they should not
>>> be occurring.  But we do not tell operators how to perform the filtering.
>>> It is up to them what they do.
>>>
>>> Yours,
>>>
>>> Joel
>>>
>>> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>


-- 
===============================================
David Farmer               Email:farmer@umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================

v2.23.0 | Report a Bug | By Email