IETF Logo Mail Archive

Re: [spring] 6MAN WGLC: draft-ietf-6man-sids

Joel Halpern <jmh@joelhalpern.com> Mon, 10 October 2022 16:17 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D07BC14CE20; Mon, 10 Oct 2022 09:17:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.807
X-Spam-Level:
X-Spam-Status: No, score=-2.807 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fx335N-yZ5Ut; Mon, 10 Oct 2022 09:17:22 -0700 (PDT)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6039EC14CE3C; Mon, 10 Oct 2022 09:17:16 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 4MmPFS1Nfvz1nwgw; Mon, 10 Oct 2022 09:17:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1665418636; bh=lifbkYdLcbH/23sBES7x7+fftT37rqW8NHbtd3np8JE=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=BL67w/eD0mO0SP03goxDT10VJOd1V9wdf4zNfXg3eAqzkr43bSbUdeHOam7YeiotZ HNh93xQaJJ1KRvegKDmHrcDxzEJXbTDC7GWBO4i3S6AcjXEwQsE09RVJWczHTZ6Oxv 4hUtm9bWoSyZjAADwDRAytUKwxmjevhp6un4kA/k=
X-Quarantine-ID: <gqtbxFdesFnp>
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from [192.168.23.73] (unknown [50.233.136.230]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 4MmPFR3THzz1nsMH; Mon, 10 Oct 2022 09:17:15 -0700 (PDT)
Content-Type: multipart/alternative; boundary="------------uzzcNiJKEcmweN4dEOqVG1KZ"
Message-ID: <9f36fcf4-8409-9c3b-8ca9-3158e72d8d4e@joelhalpern.com>
Date: Mon, 10 Oct 2022 12:17:14 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.3.1
Content-Language: en-US
To: Robert Raszuk <robert@raszuk.net>
Cc: 6man <ipv6@ietf.org>, SPRING WG List <spring@ietf.org>
References: <35484ed3-509a-39ba-6a16-8f2bf807f4f2@joelhalpern.com> <95BA9A88-CCC3-4E4B-9283-5BF38EDC79D0@employees.org> <8181802b-0319-4609-2679-8ced5993bdac@joelhalpern.com> <CAOj+MMECgJd6i7eBYdBq58EK6nWPX_KDq8+G1pw0VGkfMgdv6w@mail.gmail.com>
From: Joel Halpern <jmh@joelhalpern.com>
In-Reply-To: <CAOj+MMECgJd6i7eBYdBq58EK6nWPX_KDq8+G1pw0VGkfMgdv6w@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/HOXAazPjK28hp7cjpuzLS_7uydA>
Subject: Re: [spring] 6MAN WGLC: draft-ietf-6man-sids
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Oct 2022 16:17:26 -0000

What I asked for, and I believe Suresh plans for, is to note that not 
using the reserved block complicates the filtering for ingress and 
egress.   I do not expect this document to discuss what other methods of 
filtering could be applied.

Yours,

Joel

On 10/10/2022 11:40 AM, Robert Raszuk wrote:
> > that domains using SRH filter it at ingress and egress edges.
>
> *it* is a key here.
>
> If document says (as I presume Suresh explained) that such ingress 
> filtering will be based on destination address of the packets being 
> the new SRv6 prefix or any other infra address of the AS - all is 
> legal and great.
>
> But you keep stating that filtering can also happen based on presence 
> of SRH alone - irrespective of the destination address of the packet. 
> That is something I have hard time to agree with.
>
> Best,
> R.
>
> On Mon, Oct 10, 2022 at 5:35 PM Joel Halpern <jmh@joelhalpern.com> wrote:
>
>     There appear to be two separate issues, only one of which affects
>     this
>     document.
>
>     The issue that affects this document is that the SRH document
>     explicitly
>     requires that domains using SRH filter it at ingress and egress
>     edges.
>     That is what is relevant for the document at hand.  And while some
>     folks
>     have envisioned use cases that violate that, the RFC is clear that
>     it is
>     prohibited.  (My reading is that this also applies to SRv6 in
>     general,
>     even when compressed SIDs with no SRH are used.)
>
>     The question of whether, in doing enforcing that requirement a domain
>     may filter more packets that should not be received is about how the
>     operator chooses to enforce the requirement.  We are not
>     specifying how
>     the operator does the enforcement.
>
>     The question of what transit domains are permitted to do is one that
>     reasonable people appear to be able to differ on.  But it is not a
>     relevant question for this draft.
>
>     Yours,
>
>     Joel
>
>     On 10/10/2022 10:31 AM, Ole Troan wrote:
>     > Joel,
>     >
>     >> On 10 Oct 2022, at 15:36, Joel Halpern <jmh@joelhalpern.com> wrote:
>     >>
>     >> Eric, you seem to be objecting to something I did not say.  I
>     have not asked, and do not expect, for the document to mandate or
>     even suggest that arbitrary domains should drop packets with SRH. 
>     I will note that given that SRH is explicitly for limited domains,
>     an operator who chooses to drop such packets is well within his
>     rights.  And I am told there are such operators.  But that is not
>     what I asked for this document.
>     > No, that would violate rfc8200.
>     >
>     > O.
>
>     --------------------------------------------------------------------
>     IETF IPv6 working group mailing list
>     ipv6@ietf.org
>     Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>     --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email