IETF Logo Mail Archive

Re: [spring] Question from SPRING regarding draft-filsfilscheng-spring-srv6-srh-compression

Nick Hilliard <nick@foobar.org> Sun, 17 October 2021 22:38 UTC

Return-Path: <nick@foobar.org>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94B3F3A132D; Sun, 17 Oct 2021 15:38:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FGLGShPipHXk; Sun, 17 Oct 2021 15:38:50 -0700 (PDT)
Received: from mail.netability.ie (mail.netability.ie [IPv6:2a03:8900:0:100::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B674F3A132B; Sun, 17 Oct 2021 15:38:48 -0700 (PDT)
X-Envelope-To: ipv6@ietf.org
Received: from crumpet.local (admin.ibn.ie [46.182.8.8]) (authenticated bits=0) by mail.netability.ie (8.17.1/8.16.1) with ESMTPSA id 19HMciK8096722 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 17 Oct 2021 23:38:44 +0100 (IST) (envelope-from nick@foobar.org)
X-Authentication-Warning: cheesecake.ibn.ie: Host admin.ibn.ie [46.182.8.8] claimed to be crumpet.local
To: "Joel M. Halpern" <jmh@joelhalpern.com>
Cc: "ipv6@ietf.org" <ipv6@ietf.org>, "spring@ietf.org" <spring@ietf.org>
References: <85fddbe9-4eb8-7d90-d246-a888fe8bdcd3@joelhalpern.com>
From: Nick Hilliard <nick@foobar.org>
Message-ID: <66bcaafc-ab55-7884-d002-c4be439e2062@foobar.org>
Date: Sun, 17 Oct 2021 23:38:43 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:52.0) Gecko/20100101 PostboxApp/7.0.49
MIME-Version: 1.0
In-Reply-To: <85fddbe9-4eb8-7d90-d246-a888fe8bdcd3@joelhalpern.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/A4oi_CrNUDK6nDcQSBVI5glA4lM>
Subject: Re: [spring] Question from SPRING regarding draft-filsfilscheng-spring-srv6-srh-compression
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Oct 2021 22:38:55 -0000

Joel M. Halpern wrote on 13/10/2021 04:52:
> 1) Does the placement of a list of sids in the IPv6 DA field change the 
> IPv6 architectural description of that field.

the draft, as I understand it, specifies that inside the srv6 limited 
domain, the DA is overwritten in-flight with a locator of configurable 
mask length, followed by a stack containing CSIDs.

On each node that the packet passes through, the router left-shifts the 
stack of CSIDs by a number of bits, which causes an implicit stack pop 
of the CSID list.  The locator remains unchanged.

Once the stack is empty, the DA field is reverted to the original DA.

The question from the point of view of IPv6 architecture is whether the 
modified DA a) represents the ipv6 address of an interface (rfc4291, 
section 2.1) and b) represents the "128-bit address of the intended 
recipient of the packet" (rfc8200, section 3).

The answer to both of these questions seems to be no.

--

If we take the examples in draft-clad-spring-srv6-srh-compression-illus, 
the locator is 2001:db8:000b (block length 48), normally written as 
2001:db8:b::/48.

At no point is there necessarily a node in the network with an interface 
which which is bound to an ip address constructed as 
[locator].[csid1]..[csidN].  It might happen that there was such an 
interface, but this is not necessary for the protocol to function as 
specified.

 From this point of view, the draft does not appear to comply with the 
definition of the destination address field of the ipv6 header, as 
defined in rfc8200.

--

Question b (i.e. whether the address represents the "128-bit address of 
the intended recipient of the packet").  It is presumed that the address 
space carved out by the operator allocates a unique block of IP 
addresses for the locator.  The modified DA will not generally (and 
probably not ever) represent the intended recipient of the packet, so on 
this basis it seems that the draft introduces a semantic change to the 
addressing architecture of ipv6 as defined in rfc4291.

--

In simple terms, the srh compression draft appears to repurpose the ipv6 
DA field as a temporary storage stack.  This changes the semantics of 
the DA field into something different that rfc8200 / rfc4291 aren't 
aware of.

Some people have brought up NAT and mutable ipv6 header fields.  I don't 
see an issue with modifying source or destination IP addresses / ports 
in-flight, as long as they represent actual endpoints as defined in 
rfc8200/4291.  We have 25 years of precedent in the form of NAT, so this 
simply isn't a problem.

What is a problem is changing the semantics of a well-known field to 
mean something else other than what's defined in 8200/4291.  The 
rationale for doing this is not relevant.

On a constructive point, I have no doubt that the authors need space to 
store the SID stack, so it may be better for them to consider using an 
EH for this purpose.  If this were handled in a similar way to how 
standard SRv6 forwards packets using EHs for SID lists, I don't believe 
that there would be an issue for 6man to be concerned about, and as 
there is already running code which uses EHs to determine next-hops for 
SRv6 packets, there is no reason not to do something similar for C-SIDs.

> 2) Does the operation of shifting information around in the IPv6 
> destination address field represent a modification or extension of the 
> IPv6 data plane.

Although the syntax remains the same, the draft proposes that the 
semantics of the ipv6 header be modified.  In a SRv6 domain, a packet 
modified as described will do one thing, and outside the domain it mean 
something quite different.

Rather than answering this question directly, let's take the 
heterogeneous brown-field network example provided in:

https://mailarchive.ietf.org/arch/msg/ipv6/LQyfNkJjCEijP0v8mHYIQPBT7-A/

In this network, if a packet has its DA modified as described in this 
draft, then the packet would not necessarily arrive at its endpoint if 
it needed to traverse a section of the network which wasn't srv6 aware. 
If no modification had been made to the ipv6 data plane, then the packet 
would be expected to arrive at its destination.

This is in contrast with standard srv6, which can apparently support 
this style of configuration.

It is true that SRv6 is defined only in terms of its rfc8799 limited 
domain and you could argue that as the limited domain is not properly 
specified according to what the I-D authors intended, that this is a 
configuration problem rather than a protocol problem.

Flip side, this example describes what happens when limited domains hit 
operational reality, i.e. this is an interesting example of why 
modifying data plane semantics is considered to be a red-flag issue from 
the point of view of baseline protocol semantics - things break.

Nick

v2.23.0 | Report a Bug | By Email