Re: [spring] C-SIDs and upper layer checksums (draft-ietf-spring-srv6-srh-compression)
Francois Clad <fclad.ietf@gmail.com> Thu, 04 April 2024 14:23 UTC
Return-Path: <fclad.ietf@gmail.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAB3FC14F60C for <spring@ietfa.amsl.com>; Thu, 4 Apr 2024 07:23:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bPZmZn9QGuuf for <spring@ietfa.amsl.com>; Thu, 4 Apr 2024 07:23:08 -0700 (PDT)
Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6722CC14F5FC for <spring@ietf.org>; Thu, 4 Apr 2024 07:23:08 -0700 (PDT)
Received: by mail-ej1-x62d.google.com with SMTP id a640c23a62f3a-a45f257b81fso149295866b.0 for <spring@ietf.org>; Thu, 04 Apr 2024 07:23:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712240587; x=1712845387; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=evvHyUtH9G3bA1EgCpEoutGm6J41r0KMKDM4c8TdisA=; b=Sy3SckNzlht08oRtgbwbGTGPPvEvu7i+eHTCR7sgP2GLLI8LhRl7tH3CcMQRWz6R7v E30ZQCsiVGoSRmnMbV3JGzcL+i8BOrY1qKzVKQxXUYndyibL93E++fLdtSbXN3ZA6t9A QJ7U8CgnjHgTj/ixa/MrGIAnrDEBO8mYW3uhPFNCQ+WlqQ/a4t6lJuTnpj5XWHzIOHLT KxJ1xBt9boknzH/Kg+LztgCK8s8iHAibOZRWJu5/r2hvJcaduQn+bfBxfUsyeYJYXRCt uYoIZEIORgl5WG1nlgUvaeREsXjicM/WecBrXiJY9je56Xt6g8YtfaxdOWwYNrhV4cpG ps9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712240587; x=1712845387; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=evvHyUtH9G3bA1EgCpEoutGm6J41r0KMKDM4c8TdisA=; b=mKZhgkbIt125aw2yXOkOVE4JjHQqCb3XTztCcMIDzBvb05Ln2I67OjfIDs8hqjgpoA OujMIfHG28KFvuSVM0nYBQ9EMFv92SPz+gC/K1SHH0YkllYDxx1kHOWdLqAD+BgvmD72 jTpq5KZ5VVWJo0mgGHju/awMVZlCTuj2dPDsM1L002K0rChU2JDeLw616cLvbpndySAX mjCtorRiIfy23aOGhcByYs3G/uVKw8Q1Z7HG1DWTQTl0ehMDj/ZcQR3hawfCNjqSjEnG 9C0AeoUdPYGHWD7mbaK5F8LszIM7LdMTzP3Z1ltzfToRcgyuxPAVN7kykidAUDfam+rH KUyQ==
X-Gm-Message-State: AOJu0YylEFYYi7K05pQBllrvQtz1t3FsWX3RCnc1Q+0jx5MTgYuT3Oct 1pXG3gpp9HyqpX3V9UJp7brH877Zp3B7XaO9nOT8E/iJ7QQA0Iv1T8i9/QnCSdP71gM12bk0xyd RN+uKUCsLSmKAVr1Miv4mYONEDQ==
X-Google-Smtp-Source: AGHT+IGEn6yYzPB1b+5PtUJc24BY+8MWTDDR420LQiqw4lvQkzSk5ZH8nZtj9KV2kuLP3hfOkHsgQUVqOrAgfF1LIDI=
X-Received: by 2002:a17:907:970c:b0:a47:df55:cf6c with SMTP id jg12-20020a170907970c00b00a47df55cf6cmr2486557ejc.63.1712240585928; Thu, 04 Apr 2024 07:23:05 -0700 (PDT)
Received: from 1064022179695 named unknown by gmailapi.google.com with HTTPREST; Thu, 4 Apr 2024 14:23:05 +0000
Received: from 1064022179695 named unknown by gmailapi.google.com with HTTPREST; Thu, 4 Apr 2024 14:23:03 +0000
MIME-Version: 1.0 (Mimestream 1.2.6)
References: <CAMMESsyCYJwWP48=a9RWx3n8txS1eR4VLnUeE++VEdHKFeKOjw@mail.gmail.com> <CAOj+MMH9-F0nWG6zDZXxAGOQ7T8T9bUn74f4o=Fh2p0zah86Gg@mail.gmail.com> <e50b6a1b-08ae-4c8c-b3f0-0900fe8a9158@joelhalpern.com> <CAOj+MME5yL2S9Y8woVhLpkx8Xjq8g1+Ngw0RjH7o5u82p-38yg@mail.gmail.com> <71b6f07e-08d6-40a0-9436-e4acebf96c3b@joelhalpern.com> <CAOj+MMGNbYy=QZdptdKfYa-1pGfO0OeEbc_SsOVcvhgR+==sHQ@mail.gmail.com> <e9731f5f-f583-456f-b1a2-ba99e1b9dda8@joelhalpern.com> <CAHT6gR8+y0nn8TndTsB5=uJXCpLW-01F6s1o9ZRrBA9yxQiqwQ@mail.gmail.com> <DU2PR03MB8021725C40A8BFF037A97C8FFA3C2@DU2PR03MB8021.eurprd03.prod.outlook.com> <CAHT6gR-zJOngZrnugetKgJ+jzDVJ0LO6Ro9Cng=scRDzQFTo0w@mail.gmail.com> <038b66c0-1f43-4167-8066-550addd2307a@joelhalpern.com>
In-Reply-To: <038b66c0-1f43-4167-8066-550addd2307a@joelhalpern.com>
From: Francois Clad <fclad.ietf@gmail.com>
Date: Thu, 04 Apr 2024 14:23:05 +0000
Message-ID: <CAHT6gR93o5kCnsoMme3nZ=Ru_H=Ahj7nKJHK+e8v2w=TFySCag@mail.gmail.com>
To: Joel Halpern <jmh.direct@joelhalpern.com>
Cc: SPRING WG List <spring@ietf.org>, Robert Raszuk <robert@raszuk.net>, Andrew Alston - IETF <andrew-ietf@liquid.tech>
Content-Type: multipart/alternative; boundary="000000000000e4fa7c06154613bf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/A75NydbfS3ze4WB4M9PxumNwPIY>
Subject: Re: [spring] C-SIDs and upper layer checksums (draft-ietf-spring-srv6-srh-compression)
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2024 14:23:09 -0000
Hi Joel, The ping behavior is described in section 9.1 of the draft ( https://www.ietf.org/archive/id/draft-ietf-spring-srv6-srh-compression-14.html#section-9.1 ). Specifically, "When pinging a SID of this document via a segment list, the SR source node MUST construct the IPv6 packet as described in Section 6 and compute the ICMPv6 checksum as described in Section 6.5." Please let me know if anything in this text is not clear. Thanks, Francois On 4 Apr 2024 at 16:10:11, Joel Halpern <jmh.direct@joelhalpern.com> wrote: > <No Hat> > > Does this mean that if I have a source and destiantion host inside an SRv6 > domain, and I am trying to verify a uSID path between them, so I issue the > command ping <usUD-DA>, it will fail? Given that we have documents > describing the use of ping and traceroute with SRv6, shouldn't the > comrpession document say someething about this? > > Your,s > > Joel > On 4/4/2024 9:59 AM, Francois Clad wrote: > > Hi Andrew, > > The originator (TX Linux box in your case) acting as an SR source node for > C-SID must follow the entire Section 6 of > draft-ietf-spring-srv6-srh-compression, including section 6.5 about the > checksum calculation. One cannot expect it to work if it only implements > half of it. > > On the receive side, there is nothing special to do. The DA in the > received IPv6 header is the one that was used for the checksum calculation. > > I do not see anything broken. > > Cheers, > Francois > > On 4 Apr 2024 at 15:32:12, Andrew Alston - IETF <andrew-ietf@liquid.tech> > <andrew-ietf@liquid.tech> wrote: > >> So in investgiating this further, there is a further problem. >> >> >> >> I’ve checked on 4 different linux boxes with 4 different network cards. >> >> >> >> Linux by default offloads TX checksumming on a lot of network cards. If >> you originate a packet with a microsid and no SRH – and the linux box >> offloads the checksum generation – the checksum generated by the NIC will >> be incorrect – and when the packet arrives at the end host – if that end >> host is running RX checksumming – the checksum will fail and the packet >> will be dropped. >> >> >> >> If you disable TX checksumming – the kernel will have no way to tell if >> the packet is an Ipv6 or a microsid packet, it will therefore use the DA – >> and generate an incorrect checksum. Again – if RX checksumming is enabled >> on the receiving end point – the packet will get dropped. >> >> >> >> Effectively this does NOT just affect middle boxes – it effects anything >> generating a packet directed to a microsid that either offloads the tx to >> hardware (whichi will have no clue this is a microsid) or in the >> alternative is generating tx checksums itself via kernel mechanisms that >> will treat these packets as standard Ipv6 packets. >> >> >> >> This is broken – severely broken. >> >> >> >> Andrew >> >> >> >> >> >> * Internal All Employees From: *spring <spring-bounces@ietf.org> on >> behalf of Francois Clad <fclad.ietf@gmail.com> >> *Date: *Thursday, 4 April 2024 at 14:49 >> *To: *Joel Halpern <jmh.direct@joelhalpern.com> >> *Cc: *SPRING WG List <spring@ietf.org>, Robert Raszuk <robert@raszuk.net> >> *Subject: *Re: [spring] C-SIDs and upper layer checksums >> (draft-ietf-spring-srv6-srh-compression) >> >> Some people who received this message don't often get email from >> fclad.ietf@gmail.com. Learn why this is important >> <https://aka.ms/LearnAboutSenderIdentification> >> >> CAUTION: This email has originated from a free email service commonly >> used for personal email services, please be guided accordingly especially >> if this email is asking to click links or share information. >> >> >> >> Hi all, >> >> >> >> Section 6.5 of draft-ietf-spring-srv6-srh-compression specifies how an SR >> source node originating a packet with an upper layer checksum determines >> the Destination Address for use in the IPv6 pseudo-header. >> >> >> >> As a co-author, I’d say that the current text of 6.5 is good. >> >> >> >> This text is aligned with RFC 8200. It only indicates how the text in >> Section 8.1 of RFC 8200 applies to the SIDs of >> draft-ietf-spring-srv6-srh-compression. This is necessary since RFC 8200 >> does not specify the format nor behavior of any source routing scheme. >> >> >> >> Thanks, >> >> Francois >> >> >> >> >> >> On 4 Apr 2024 at 00:10:55, Joel Halpern <jmh.direct@joelhalpern.com> >> wrote: >> >> I can not speak to the "norm" for other working groups. The SPRING >> charter is very specific about what we have to do if we want to change an >> underlying protocol. We have to go back to the WG which owns that >> protocol. >> >> 6man gets to decide if the change is acceptable, and if it is acceptable >> how it is to be represented. SPRINGs job is to make sure we are asking the >> question we intend. >> >> Yours, >> >> Joel >> >> On 4/3/2024 6:05 PM, Robert Raszuk wrote: >> >> Ok Joel, >> >> >> >> Thank you for this clarification. >> >> >> >> To me the actual spirit of RFC8200 8.1 is to say that it is ok to >> compute the checksum by the src such that it comes out right at the final >> destination. >> >> >> >> But I guess we can have different opinions about that. >> >> >> >> But what I find specifically surprising here is that it is a norm in IETF >> to have new specifications defining protocol extensions and their behaviour >> and never go back to the original protocol RFC to check if this is ok or >> not. If that would not be a normal process I bet we would still be using >> classful IPv4 routing all over the place. >> >> >> >> Regards, >> >> Robert >> >> >> >> >> >> On Wed, Apr 3, 2024 at 11:28 PM Joel Halpern <jmh@joelhalpern.com> wrote: >> >> The concern with regard to the text that the chairs are asking about is >> not about intermediate nodes verifying the checksum. The text does not >> talk aabout that, so we are not asking about that. >> >> But, the text in 8200 specifies how the originating node is to compute >> the upper layer checksum. It doesn't say "do whatever you need to do to >> make the destination come out right". It provides specific instructions. >> Yes, it is understandable that those instructions do not cover the >> compressed container cases. Which is why the compression document >> specifies changes to those procedures. >> >> Thus, we need to ask 6man how they want to handle the change in the >> instructions in 8200. >> >> the question we are asking SPRING is whether there is any clarification >> people want to the text in the compression draft before we send the >> question over to 6man. >> >> Yours, >> >> Joel >> >> On 4/3/2024 5:15 PM, Robert Raszuk wrote: >> >> Hi Joel, >> >> >> >> My interpretation of text from RFC8200 is that it allows discrepancy >> between the header and the upper layer checksum as long as final packet's >> destination sees the correct one. >> >> >> >> The last condition is met. >> >> >> >> So I see no issue. >> >> >> >> Sure RFC8200 does not talk about SRH nor cSIDs, but provides a hint on >> how to handle such future situations. >> >> >> >> With that being said I would like to still understand what real problem >> are we hitting here ... >> >> >> >> Kind regards, >> >> Robert >> >> >> >> On Wed, Apr 3, 2024 at 11:09 PM Joel Halpern <jmh@joelhalpern.com> wrote: >> >> There are two cases covered in section 6.5 of the compression draft that >> appear to be at variance with secton 8.1 of RFC 8200. >> >> First, if the final destination in the routing header is a compressed >> container, then the ultimate destination address will not be the same as >> the final destination shown in the routing header. >> >> Second, if a uSID container is used as the destination address and no SRH >> is present, then in addition to the above problem there is no routing >> header to trigger the behavior described. >> >> Yours, >> >> Joel >> >> On 4/3/2024 4:22 PM, Robert Raszuk wrote: >> >> Hi Alvaro, >> >> >> >> Section 6.5 of draft-ietf-spring-srv6-srh-compression describes the >> behavior when an originating node inside an SRv6 domain creates a >> packet with a C-SID as the final destination. >> *This description differs from the text in Section 8.1 of RFC8200.* >> >> >> >> I would like you to clarify the above statement - specifically of the >> last sentence. >> >> >> >> Reason for this that after looking at both drafts I find section 6.5 of >> the subject draft to be exactly in line with RFC8200 section 8.1 especially >> with the paragraf which says: >> >> >> >> >> >> >> >> >> * If the IPv6 packet contains a Routing header, the Destination >> Address used in the pseudo-header is that of the final >> destination. At the originating node, that address will be in >> the last element of the Routing header; at the recipient(s), that >> address will be in the Destination Address field of the IPv6 >> header.* >> >> >> >> So before we dive into solutions (as Andrew has already provided a few >> of) I think we should first agree on what precise problem are we solving >> here ? >> >> >> >> Many thx, >> >> Robert >> >> >> >> PS. As a side note I spoke with my hardware folks - just to check if >> validation of upper-layer checksum is even an option for transit nodes. The >> answer is NO as most data plane hardware can read at most 256 bytes of >> packets. So unless there is some specialized hardware processing up to 9K >> packets in hardware at line rates this entire discussion about checksum >> violations, fears of firing appeals is just smoke. >> >> >> >> _______________________________________________ >> spring mailing list >> spring@ietf.org >> https://www.ietf.org/mailman/listinfo/spring >> >>
- [spring] C-SIDs and upper layer checksums (draft-… Alvaro Retana
- Re: [spring] C-SIDs and upper layer checksums (dr… Alvaro Retana
- Re: [spring] C-SIDs and upper layer checksums (dr… Andrew Alston - IETF
- Re: [spring] C-SIDs and upper layer checksums (dr… Alvaro Retana
- Re: [spring] C-SIDs and upper layer checksums (dr… Andrew Alston - IETF
- Re: [spring] C-SIDs and upper layer checksums (dr… Alvaro Retana
- Re: [spring] C-SIDs and upper layer checksums (dr… Robert Raszuk
- Re: [spring] C-SIDs and upper layer checksums (dr… Joel Halpern
- Re: [spring] C-SIDs and upper layer checksums (dr… Robert Raszuk
- Re: [spring] C-SIDs and upper layer checksums (dr… Joel Halpern
- Re: [spring] C-SIDs and upper layer checksums (dr… Robert Raszuk
- Re: [spring] C-SIDs and upper layer checksums (dr… Joel Halpern
- Re: [spring] C-SIDs and upper layer checksums (dr… Francois Clad
- Re: [spring] C-SIDs and upper layer checksums (dr… Andrew Alston - IETF
- Re: [spring] C-SIDs and upper layer checksums (dr… Robert Raszuk
- Re: [spring] C-SIDs and upper layer checksums (dr… Andrew Alston - IETF
- Re: [spring] C-SIDs and upper layer checksums (dr… Francois Clad
- Re: [spring] C-SIDs and upper layer checksums (dr… Andrew Alston - IETF
- Re: [spring] C-SIDs and upper layer checksums (dr… Francois Clad
- Re: [spring] C-SIDs and upper layer checksums (dr… Andrew Alston - IETF
- Re: [spring] C-SIDs and upper layer checksums (dr… Andrew Alston - IETF
- Re: [spring] C-SIDs and upper layer checksums (dr… Joel Halpern
- Re: [spring] C-SIDs and upper layer checksums (dr… Francois Clad
- Re: [spring] C-SIDs and upper layer checksums (dr… jmh.direct
- Re: [spring] C-SIDs and upper layer checksums (dr… Andrew Alston - IETF
- Re: [spring] C-SIDs and upper layer checksums (dr… Cheng Li
- Re: [spring] C-SIDs and upper layer checksums (dr… Martin Vigoureux (Nokia)
- Re: [spring] C-SIDs and upper layer checksums (dr… Cheng Li
- Re: [spring] C-SIDs and upper layer checksums (dr… Joel Halpern
- Re: [spring] C-SIDs and upper layer checksums (dr… Antoine FRESSANCOURT
- Re: [spring] C-SIDs and upper layer checksums (dr… Martin Vigoureux (Nokia)
- Re: [spring] C-SIDs and upper layer checksums (dr… Tal Mizrahi
- Re: [spring] C-SIDs and upper layer checksums (dr… Francois Clad
- Re: [spring] C-SIDs and upper layer checksums (dr… Joel Halpern
- Re: [spring] C-SIDs and upper layer checksums (dr… Francois Clad
- Re: [spring] C-SIDs and upper layer checksums (dr… Francois Clad
- Re: [spring] C-SIDs and upper layer checksums (dr… Joel Halpern
- Re: [spring] C-SIDs and upper layer checksums (dr… Robert Raszuk
- Re: [spring] C-SIDs and upper layer checksums (dr… Joel Halpern
- Re: [spring] C-SIDs and upper layer checksums (dr… Ketan Talaulikar
- Re: [spring] C-SIDs and upper layer checksums (dr… Boris Hassanov
- Re: [spring] C-SIDs and upper layer checksums (dr… Joel Halpern
- Re: [spring] C-SIDs and upper layer checksums (dr… Ketan Talaulikar
- Re: [spring] [**EXTERNAL**] Re: C-SIDs and upper … Shah, Himanshu
- Re: [spring] C-SIDs and upper layer checksums (dr… Joel Halpern
- Re: [spring] [**EXTERNAL**] Re: C-SIDs and upper … Robert Raszuk
- Re: [spring] C-SIDs and upper layer checksums (dr… Francois Clad
- Re: [spring] C-SIDs and upper layer checksums (dr… liu.yao71
- Re: [spring] [**EXTERNAL**] Re: C-SIDs and upper … Mark Smith
- Re: [spring] C-SIDs and upper layer checksums (dr… Robert Raszuk
- Re: [spring] C-SIDs and upper layer checksums (dr… Robert Raszuk
- Re: [spring] C-SIDs and upper layer checksums (dr… linchangwang
- Re: [spring] C-SIDs and upper layer checksums (dr… liu.yao71
- Re: [spring] C-SIDs and upper layer checksums (dr… 梁艳荣