IETF Logo Mail Archive

Re: [spring] Spirit and Letter of the Law (was: Question about SRv6 Insert function)

Tom Herbert <tom@herbertland.com> Thu, 05 September 2019 18:34 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 243AA1208D5 for <spring@ietfa.amsl.com>; Thu, 5 Sep 2019 11:34:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6molsVlBcx6I for <spring@ietfa.amsl.com>; Thu, 5 Sep 2019 11:34:30 -0700 (PDT)
Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21D2B1200F3 for <spring@ietf.org>; Thu, 5 Sep 2019 11:34:30 -0700 (PDT)
Received: by mail-ed1-x534.google.com with SMTP id o9so3694889edq.0 for <spring@ietf.org>; Thu, 05 Sep 2019 11:34:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=RwSBuGrmG9RsB5s9owgZzJmg9dBfpBzfFhveNjR2xQc=; b=lJ///y48YJ61yel0apQCtiZJI4PpmfZuS2hT902MeQb2HX6tWO6ohKdT6ox8GGFJqC 6AZCWz/TA1VfBEDAtm8x7jfLbQwh+xB1udh0/X1GlqmY0nbEuG5X+Po+f+DleQ+jy8tP GDueZpH4D2S2hUAz+1H7gzMoQzP0PDAQ7UrIosmbl2gxhvJA3gBpZWxOfLmTocdSrr4N hOKv3pQPLQ95Dd68dVExCDabwoUcaWNgVwbYFfQlLU4J5ATkB3Mwz4HGBfxZU1IwFp7p EfZxJL4ZvNM/gU1RZhzOho/PSmfJhCmMR0nTGff3FfbSnTUBQnxrssxfgGD8tLqozL8O bHsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=RwSBuGrmG9RsB5s9owgZzJmg9dBfpBzfFhveNjR2xQc=; b=rrmxeWFtm0b/aD0i9Q0E5AXenAoMSug6ostJfDfczHnqPOjlwvOT5pD46Oizbt/x0a eFMqaTplLRy3qNgtRQ8tnrrgEqoO2HaOglxh8HH1hpDekkrZRvp2P5hTEDEg2Nr0lLWX oBkedS0L3K8k1HWIQdd44VgLc3fUrhX4CWXcB+ZW6tF9WA58togJGo8SGxrTbXsFLU9l 8WImEz1R/vvCOhato38hBV8VSDXEF+sjSTrAGL8FH2BIrqUrNRxScQGgh5zUJTMXN8Nw qb741obgU8tyGLg7s62ThuMe0EM7d2Oj6OKjrAz1P/4IGRfVuix94ALyk8E5wsrOMQ58 lw0Q==
X-Gm-Message-State: APjAAAXBntEabXZkyj0W1Ae/JL+xkV/iFZFvcG3hAdxmG9vjEtbdYTxU J6DqOeKZ9N/q7ByBuTyG5+KTi7wC6yrg6BSBqDt2cA==
X-Google-Smtp-Source: APXvYqwllcagYj0lXM6Ijo/hLLXU6/G3M4fF2r3NyfFZ2HPJPHPixNLQBGZHEn0YTaBWCxcZlGdE1aCg8m5Zpd3c4Qc=
X-Received: by 2002:a05:6402:286:: with SMTP id l6mr5440624edv.111.1567708468542; Thu, 05 Sep 2019 11:34:28 -0700 (PDT)
MIME-Version: 1.0
References: <BYAPR05MB54637FEAE1518F83977D274FAEB80@BYAPR05MB5463.namprd05.prod.outlook.com> <538732E2-915B-4952-A439-F4678FCC21B2@employees.org> <4c6b2456-db05-0771-5b98-bfd9f07b220b@si6networks.com> <34AB9F0F-614B-45C2-BD84-7DD53A1D5188@employees.org> <ea9557e5-9025-db78-8862-18454dd549c3@joelhalpern.com> <5200FFA0-E2F1-4491-8D06-0DC6BF87F77A@employees.org> <cdc190f4-315f-f716-951c-6d4ba1f4888d@si6networks.com> <CA+b+ERn6KMGCboERKOMeKAwM3y=1p=sc8j2LnEGYa7h5mz_xxw@mail.gmail.com> <BYAPR05MB5463F429E6AA307D0F313B9AAEBB0@BYAPR05MB5463.namprd05.prod.outlook.com> <CAOj+MMGH25AoQ6hvoKa4jVonPcauD6xY2pgwnZFtwvF559V+vQ@mail.gmail.com>
In-Reply-To: <CAOj+MMGH25AoQ6hvoKa4jVonPcauD6xY2pgwnZFtwvF559V+vQ@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 05 Sep 2019 11:34:16 -0700
Message-ID: <CALx6S35WeoZs=cOmP0CA0K2Wj_Oc1H_YZr+Ky1W=UL=nF1x4rg@mail.gmail.com>
To: Robert Raszuk <robert@raszuk.net>
Cc: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, "spring@ietf.org" <spring@ietf.org>, "6man@ietf.org" <6man@ietf.org>, Suresh Krishnan <suresh.krishnan@gmail.com>, Fernando Gont <fgont@si6networks.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/FdztA_mibjWgXb_Kvni3AXiZBlQ>
Subject: Re: [spring] Spirit and Letter of the Law (was: Question about SRv6 Insert function)
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Sep 2019 18:34:33 -0000

On Thu, Sep 5, 2019 at 11:01 AM Robert Raszuk <robert@raszuk.net> wrote:
>
> Hi Ron,
>
> Nope that is not correct interpretation. Let me try to rephrase it ...
>
> An IPv6 path contains a source node, a destination node, and transit nodes
> Transit nodes belong to network operators which move the packets
> When packet enters operator's network it can be encapsulated and new src, dst and any other elements added to its header - original packet becomes just the payload
> Then new packet (and payload) is send within given domain via transit nodes.
> Some transit nodes just do basic IPv6 forwarding, some may see themselves in the dst field of the packet imposed by ingress node.
> If this is the case (when packet is received by segment endpoint) packets are processed as defined by SRv6 rules.
> According to RFC 8200, segment endpoints can insert, change, or delete extension headers. However, transit nodes that are not segment nodes cannot insert, change or delete extension headers
>
Robert,

That's an arbitrary interpretation of RFC8200. Even we were to accept
that, it still doesn't address the issues raised for extension header
insertion. For instance, I'd invite you do the thought experiment
about what happens when an intermediate node inserts a header that
causes the packet to exceed the MTU of some downstream forwarding
node. There is no robust protocol mechanism to deal with this. The
fact that the extension header in question happens to be segment
routing doesn't change things in this regard.

Tom

> Now that is more like what I highlighted few times already ...
>
> Best,
> R..
>
>
>
> On Thu, Sep 5, 2019 at 7:52 PM Ron Bonica <rbonica=40juniper..net@dmarc.ietf.org> wrote:
>>
>> Robert,
>>
>>
>>
>> I think that I can summarize what you are saying as follows:
>>
>>
>>
>> An IPv6 path contains a source node, a destination node, and transit nodes
>> Some transit nodes are also segment endpoints. Segment endpoints are identified by either of the following:
>>
>> The initial value of the IPv6 address
>> An entry in the segment list of the Routing header
>>
>> According to RFC 8200, segment endpoints can insert, change, or delete extension headers. However, transit nodes that are not segment headers cannot insert, change or delete extension headers
>>
>>
>>
>> Have I read your email, below, correctly? Is this what you are actually saying?
>>
>>
>>
>>                                                                   Ron
>>
>>
>>
>> From: spring <spring-bounces@ietf.org> On Behalf Of Robert Raszuk
>> Sent: Thursday, September 5, 2019 10:28 AM
>> To: Fernando Gont <fgont@si6networks.com>
>> Cc: Suresh Krishnan <suresh.krishnan@gmail.com>; 6man@ietf.org; Ole Troan <otroan@employees.org>; Joel M. Halpern <jmh@joelhalpern.com>; spring@ietf.org
>> Subject: Re: [spring] Spirit and Letter of the Law (was: Question about SRv6 Insert function)
>>
>>
>>
>>
>>
>> 3) Now there's at least one I-D in spring that ignores RFC8200, and
>> proposes EH-insertion as if it was allowed, essentially circumventing
>> RFC8200, and IETF consensus.
>>
>>
>>
>> Incorrect. RFC8200 makes it black on white clear that insertion, deletion and mangling is allowed in IPv6 if destination is yourself in the packet's IPv6 outer header.
>>
>>
>>
>> So functions to insert SRH or delete it discussed in SPRING DO NOT violate anything.
>>
>>
>>
>> Remember - in SRv6 you *change* IPv6 dst at each end of segment. So each SR segment node can legally  do whatever it needs with EH.
>>
>>
>>
>> Is this clear enough?
>>
>>
>>
>> - - -
>>
>>
>>
>> There is other individual document in 6man proposing a solution for FRR in IPv6 which goes beyond the above. But it in no way that should impact base specs. As written base specs can be used 100% legally according to RFC8200 as it stands today...
>>
>>
>>
>> Now if 6man response to proposl of SRv6 use case for FRR with TI-LFA will state "IPv6 was not designed for that" - I am fine. It will make IPv6 deployments for sure much more robust. It may even help end to end principle shine again and get all of your end IPv6 compute and set-top boxes full open to global hackers.
>>
>>
>>
>> Thx,
>>
>> R.
>>
>>
>>
>> Juniper Business Use Only
>>
>> _______________________________________________
>> spring mailing list
>> spring@ietf.org
>> https://www.ietf.org/mailman/listinfo/spring
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email