IETF Logo Mail Archive

Re: [spring] [EXTERNAL] Re: Chair Review of draft-ietf-spring-srv6-srh-compression-11

Alexander Vainshtein <Alexander.Vainshtein@rbbn.com> Wed, 27 March 2024 14:44 UTC

Return-Path: <alexander.vainshtein@rbbn.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD304C16942E for <spring@ietfa.amsl.com>; Wed, 27 Mar 2024 07:44:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rbbn.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hc2RW7cdLd0s for <spring@ietfa.amsl.com>; Wed, 27 Mar 2024 07:44:44 -0700 (PDT)
Received: from usb-smtp-delivery-110.mimecast.com (usb-smtp-delivery-110.mimecast.com [170.10.153.110]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 943B1C14F71B for <spring@ietf.org>; Wed, 27 Mar 2024 07:44:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rbbn.com; s=mimecast20230413; t=1711550683; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=H+/o/pTUkbzwaHuQXWiC5L/P3JIIf0fg9LUcV7VskdE=; b=d8gn2bnRoZK2pxwbVJ7XioJM56FaWhGNn77VsWK5H+bDDvdIg0+Gvr9Mi+GqLj67pbvc53 anaZj8jsBXddBEXihZz2Hn/FNxuM13vgRAKzo2D+EmbNcRbGhzMcpxdM871oUmwFDUx+3m Wa4vClt8EKHuKWp3cKH629HilBnXoPM=
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11lp2168.outbound.protection.outlook.com [104.47.58.168]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id usb-mta-4-xRtdB1v9MpuRMkechnWOhQ-1; Wed, 27 Mar 2024 07:44:37 -0700
X-MC-Unique: xRtdB1v9MpuRMkechnWOhQ-1
Received: from PH0PR03MB6300.namprd03.prod.outlook.com (2603:10b6:510:e2::5) by SJ0PR03MB6485.namprd03.prod.outlook.com (2603:10b6:a03:398::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.31; Wed, 27 Mar 2024 14:44:33 +0000
Received: from PH0PR03MB6300.namprd03.prod.outlook.com ([fe80::37e8:7f43:4659:358d]) by PH0PR03MB6300.namprd03.prod.outlook.com ([fe80::37e8:7f43:4659:358d%6]) with mapi id 15.20.7409.031; Wed, 27 Mar 2024 14:44:33 +0000
From: Alexander Vainshtein <Alexander.Vainshtein@rbbn.com>
To: Stewart Bryant <stewart.bryant@gmail.com>, Andrew Alston - IETF <andrew-ietf=40liquid.tech@dmarc.ietf.org>
CC: Tom Herbert <tom@herbertland.com>, Ron Bonica <rbonica@juniper.net>, "spring@ietf.org" <spring@ietf.org>, Alvaro Retana <aretana.ietf@gmail.com>, Robert Raszuk <robert@raszuk.net>
Thread-Topic: [EXTERNAL] Re: [spring] Chair Review of draft-ietf-spring-srv6-srh-compression-11
Thread-Index: AQHagCpBYboBQ/W080iNtYF5kl8+XrFLflPQgAAEyICAAADW8IAAAb0AgAAE1iCAAAPhgIAABkEAgAABYuCAAAMZgA==
Date: Wed, 27 Mar 2024 14:44:32 +0000
Message-ID: <PH0PR03MB6300D76C9079B8617970D188F6342@PH0PR03MB6300.namprd03.prod.outlook.com>
References: <DU2PR03MB8021EA985F72B11345DB847CFA342@DU2PR03MB8021.eurprd03.prod.outlook.com> <B096D06B-1765-4CDB-AEE6-18A6B7B1C838@gmail.com> <PH0PR03MB63002C097A32DC02EF47269EF6342@PH0PR03MB6300.namprd03.prod.outlook.com>
In-Reply-To: <PH0PR03MB63002C097A32DC02EF47269EF6342@PH0PR03MB6300.namprd03.prod.outlook.com>
Accept-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR03MB6300:EE_|SJ0PR03MB6485:EE_
x-ms-office365-filtering-correlation-id: 2c5a64fc-761a-471b-8d31-08dc4e6c6a7c
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: AVZzp9e6WDoTOtKy2apNQ0FS0YmCQZPHGN0N8aGrcQlISUpRcX4uJcBWVyBF04v0Gt2CY3HMSGgNMjjL7ykntUrClYGeWTXvsmDo4Ypoz13eLxglOrnQnUUTqu04G0ryXseIu7N0w+ar2yz7eg2BGr8LOM/tt4jkzxkjsMIOrkZCASGcgy+8jKkSYAjAk0xn8s54RGLSVToUJ++pnhplx1Z+0SEJ+cICTrkzneSThEZtRzBqVk47NcBsVqZI2Wk3ilXYpqG7pazrMFSxzDded17XvVglI5tQaoswnsser7ww4N9wKhMwK5sFz4+GqQcnlaAV056A/pRGUuV6dQ5pLLe2ZPA6RLoMHIesiXau6nd9VTR4PRw8YFUi33fb+yx0QY71WA2FU6TpuacMGI/30Lg21SMAItQZewcGy0bjMgm6754fqOWyViA2Dk7DUO+O+83r9ZjR0VZBXXJe+1PZql0/7IPwMywX2aJsTBSMo3wrhpj0gsQLcBj3ZTjcR5z1WHdl7fMBngSiFDOxjcELgcwADq3277o3/7HuJrpJTS6rtOOcKaKXhEDWgvZRxtvryLWIhYbqwvWsUCiQqsyQGQWmN1FuTgd441rm6cC7zG8kJFPMMi5M0qkgfrJywZqtILXQTde7vQtskF3iu7q9QsAp/RySvmorj5j3FQLFtq8=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR03MB6300.namprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(1800799015)(366007)(38070700009); DIR:OUT; SFP:1102
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: tU8Yl3Pkx8VntrkZlK9syMqIpOgVpK5dfP0pO2OrXT9/N3Y5VuQ3yS9dv7KijREZW3MpArGtOLxK1UeL2pQCejvEs0P8Fx/NgsfeZasmmvRMfKRSudKN+CmCtdq76Vc/u0VVUNv/0Vmp1rP4O5hHZtKLlTlze3tv+R88hksHkOGXIr2SWR/Nwa17+WnMNUrDgYhk1aepIRkNaDjla29zBVwcjoYPsO3XcAMPVXAX2zY8eU3glGfClBOMJtJ3Nr/1UuwyMEufJkP4gFuGew6pZnG3skq4sMvPMqS/KxE2z/WtO2O7imuc1NhDMXzV6SI754esjYnj5e0kJdOwVKceJ0DOahkt9FNs3UMSOqkjBHyjXCiOatM9UlPIfI+M6MbfASeLIMQv2eVgYFIOr9L46Ijr9CqllJUYQdv1pw5ZzRfxg+WS0SHkpTbG0yjKgFTyRLtluj5TgBzEiork+1tGsnWL7BDnpFJx5BxxB83pP+xxkncBhgyiT0mYOv6fGmsy7R/iJFjYn8oRVZo/wBmO9/HqlF84viBu2twHKSk3HAXyW3vnnFQHCygUik1o6JodSlWPkBhxSj70wPJuoS4Pc8WuwNCDeHMLpiYs86Nd+ixbsUYmgsCOCSH7hEq+svT++NjD0tkNFcBOrV6LW23lSvAtAoDEwmoIptDyw3sFty7tn2ytxOC+z4MF66ep2xSpYsfR5kIi0N50ZEmt2GgV1JfSO/he95F+/vbf7traSLMVP156Zm/rxITyuEz09nO9GxJKbQizNUzuUiP2mCspLx8UXaUGEEiw66uQppOBgBcvh4mGRrD6thCyHgCI2rz4pIkf8VUt7kCZZ4Yzo6ZrtOdgFC5jRjDJ/cxVzFK1wfSHYvzFlcPC5dT8C8p1x2J2IRpKC2dEu6kEhtx5OmzQ3mXQ3M2SApcMIOlgjlhivKFwYyU9pfjD5ddo/KtU4X3pOBPHsRDgB/0f2bTNxlsKNuEyjNa+dteSiB4wgydKX1EbhdIKu/n6M4k3SWfeG9R6CsFTngatx5zNX/AaMKNpEYVDhngJtO5d1SE9+QPsnLqPGnIPMREM/W2zvEdbmchZ91SSd19YJ6ZLG9m9FWURbjcaIYYzs+2JGonxmgUx/2ht+v2/47CwvhYIUJaPdS7G5N0PfS9ArorcDfO2RnBc5WS1q65POhksh8PA1s9i/jwLu71YV8SmvNXlSi/yHi2gkSBqjQdoq2+zU/rCcVRSNVWzaTeav94N1mXga8IKCgnNyxLvmUtknoKHUbLUJMLGvYDLD5gDCrlOyx0Oh4jAQDYkrfjlSyGB3XKUsUQGDAUCyA2PuiMnOgOxhP/934QF8GHyLLexyb1NotbYteZqxq6camSZ0MPvpItnTndlhRryH70djWwdVUHJL1pvjBPvnUHEn8nzwmbyTTL5Ax3fRi1FuEVpsQCmW71KuSo7AIuXxxPiuoNWd8SD2xKbuut0fewuCGOTU5rhhQJGu4DbRIEntPyyj7gck9lIu6ZyfzXxMBUJSxPGluWWx5KOqIPLGl+HO7wOuXk4TWfQV0ZrOBcmAsuRto5ObBlMkOtwTjE=
MIME-Version: 1.0
X-OriginatorOrg: rbbn.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR03MB6300.namprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2c5a64fc-761a-471b-8d31-08dc4e6c6a7c
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Mar 2024 14:44:32.9228 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 29a671dc-ed7e-4a54-b1e5-8da1eb495dc3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: F3+LoioCMGgByTPbF5wC2itn0IBTEsppdsRrfADrl1Sh3tJwquRm6T6DabR2bKGZ/u+3gQJUWeaejP7C05WUTw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR03MB6485
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: rbbn.com
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_PH0PR03MB6300D76C9079B8617970D188F6342PH0PR03MB6300namp_"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/HV8fpcSGecqHQ7a_Kq55Zz0j42s>
Subject: Re: [spring] [EXTERNAL] Re: Chair Review of draft-ietf-spring-srv6-srh-compression-11
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2024 14:44:49 -0000

Stewart, Andrew, and all,
More of the same,

I suspect that the people who call for a new Ethernet for SRv6 are trying to lock the stable door after the horse has been stolen.

If you look at RFC 8159<https://datatracker.ietf.org/doc/html/rfc8159> (Standards Track, published 7 years ago long before SRv6) you will see that it uses IPv6 addresses in a way that, IMHO,  violates RFC 4291.
Quoting from Section 2 of this document (the relevant text is highlighted):

   The L2TPv3 control plane defined in [RFC3931<https://datatracker.ietf.org/doc/html/rfc3931>] is not used for this
   encapsulation.  The management plane is used to create and maintain
   matching configurations at either end of each tunnel.  Local
   configuration by the management plane creates a one-to-one mapping
   between the access-side L2 attachment circuit and the IP address used
   in the network-side IPv6 encapsulation.

I have been the RTGWG reviewer of the draft that developed into this RFC, and I have then pointed to potential violations of the IPv6 addressing architecture in my review – but this did not prevent progressing of this draft.

My 2c,
Sasha

From: Alexander Vainshtein
Sent: Wednesday, March 27, 2024 3:41 PM
To: Stewart Bryant <stewart.bryant@gmail.com>
Cc: Tom Herbert <tom@herbertland.com>; Ron Bonica <rbonica@juniper.net>; spring@ietf.org; Alvaro Retana <aretana.ietf@gmail.com>; Robert Raszuk <robert@raszuk.net>; Andrew Alston - IETF <andrew-ietf=40liquid.tech@dmarc.ietf.org>
Subject: RE: [EXTERNAL] Re: [spring] Chair Review of draft-ietf-spring-srv6-srh-compression-11

Stewart,
The 6man-sid draft<https://datatracker.ietf.org/doc/html/draft-ietf-6man-sids-06#section-5> is a WG document of the 6MAN that has passed the WG Last Call in this WG and has been submitted by the WG to IESG for approval.



The shepherd write-up for this draft<https://datatracker.ietf.org/doc/draft-ietf-6man-sids/shepherdwriteup/> says that “No agreement of the WG that owns that protocol or particularly rough consensus were observed” and that “Nobody has  threatened an appeal or otherwise indicated extreme discontent”.

IMHO and FWIW this counts as “the agreement of the WG that owns that protocol” in your email. What did I miss?

Regards,
Sasha

From: Stewart Bryant <stewart.bryant@gmail.com<mailto:stewart.bryant@gmail.com>>
Sent: Wednesday, March 27, 2024 3:27 PM
To: Andrew Alston - IETF <andrew-ietf=40liquid.tech@dmarc.ietf.org<mailto:andrew-ietf=40liquid.tech@dmarc.ietf.org>>
Cc: Alexander Vainshtein <Alexander.Vainshtein@rbbn.com<mailto:Alexander.Vainshtein@rbbn.com>>; Tom Herbert <tom@herbertland.com<mailto:tom@herbertland.com>>; Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>; spring@ietf.org<mailto:spring@ietf.org>; Alvaro Retana <aretana.ietf@gmail.com<mailto:aretana.ietf@gmail.com>>; Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>
Subject: [EXTERNAL] Re: [spring] Chair Review of draft-ietf-spring-srv6-srh-compression-11

Any router that has interfaces of mixed type has to be able to re-write the datalink header. Changing the Ethertype is a trivial part of changing the Mac header and should therefore be considered a fundamental part of the IETF IP forwarding plane.

In reading this discussion I am reminded of very public statements made to other SDOs that if you want to diverge an IETF protocol from its standard definition you MUST either get the agreement of the WG that owns that protocol (in this case 6man) or get a new Ethertype and a new name for the protocol.

I think that those proposing that SRv6 and all its subvariants should get a new Ethertype are correct both from an IETF policy PoV and a pragmatic engineering PoV.

If we do not eat our own dog food here we will not be able to hold the line when other organisations propose incompatible changes to our protocols. As you can imagine if uncontrolled divergent changes happen that is unlikely to end well for the Internet.

Regards

Stewart

On 27 Mar 2024, at 1:05 pm, Andrew Alston - IETF <andrew-ietf=40liquid.tech@dmarc.ietf.org<mailto:andrew-ietf=40liquid.tech@dmarc.ietf.org>> wrote:

That still does not negate the point – if hardware is capable of stripping the mac address – and ethertype – and pushing such at the LER – I fail to see why you cannot push the mac addresses with a different ethertype.

Lets look at this:

Packet comes in unlabelled – we strip the mac addresses and the 0x0800 that identifies this as an Ipv4 packet.
We then – on egress – push mac addresses and a 0x8847 ethertype – and a label stack.

In the case of the srv6 stuff – Packet comes in – we strip the mac addresses and the 0x86DD type – on egress we push the mac addresses and 0xyyyy ethertype to denote as srv6.  Either way – perhaps my terminology was slightly off and I conceed that – but it does not negate the fact we are quite capable of pushing new ethertypes.

Andrew




Internal All Employees
From: Alexander Vainshtein <Alexander.Vainshtein@rbbn.com<mailto:Alexander.Vainshtein@rbbn.com>>
Date: Wednesday, 27 March 2024 at 15:55
To: Andrew Alston - IETF <andrew-ietf@liquid.tech<mailto:andrew-ietf@liquid.tech>>
Cc: Tom Herbert <tom@herbertland.com<mailto:tom@herbertland.com>>, Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>, spring@ietf.org<mailto:spring@ietf.org> <spring@ietf.org<mailto:spring@ietf.org>>, Alvaro Retana <aretana.ietf@gmail.com<mailto:aretana.ietf@gmail.com>>, Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>
Subject: RE: [spring] Chair Review of draft-ietf-spring-srv6-srh-compression-11
Andrew,
What you describe in is not an Ethertype re-write IMHO.

In your example the entire Layer 2 header (MAC addresses, VLAN tags and the Ethertype that identifies IPv4 or IPv6) are stripped after the packet is identified as an IP packet.
When the label stack is pushed onto the packet, a new Layer 2 header (MAC addresses, VLAN tags and the Ethertype that identifies MPLS with downstream-allocated labels is pushed on the packet.

Regards,
Sasha



Internal All Employees
From: Andrew Alston - IETF <andrew-ietf@liquid.tech<mailto:andrew-ietf@liquid.tech>>
Sent: Wednesday, March 27, 2024 2:34 PM
To: Alexander Vainshtein <Alexander.Vainshtein@rbbn.com<mailto:Alexander.Vainshtein@rbbn.com>>
Cc: Tom Herbert <tom@herbertland.com<mailto:tom@herbertland.com>>; Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>; spring@ietf.org<mailto:spring@ietf.org>; Alvaro Retana <aretana.ietf@gmail.com<mailto:aretana.ietf@gmail.com>>; Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>
Subject: [EXTERNAL] Re: [spring] Chair Review of draft-ietf-spring-srv6-srh-compression-11

Errr

When unlabelled ipv4 traffic (ethertype 0x0800) gets pushed onto an LSP, the traffic is labelled – and the ethertype is switched to 0x8847 (MPLS). When the MPLS decap occurs – the ethertype is rewritten back to 0x0800.

Further more – when pushing VLAN tags – ethertype will move from 0x0800 to 0x8100 and back again when VLAN tags are stripped.  In both cases ethertypes are being rewritten.

Thanks

Andrew




Internal All Employees
From: Alexander Vainshtein <Alexander.Vainshtein@rbbn.com<mailto:Alexander.Vainshtein@rbbn.com>>
Date: Wednesday, 27 March 2024 at 15:30
To: Andrew Alston - IETF <andrew-ietf@liquid.tech<mailto:andrew-ietf@liquid.tech>>
Cc: Tom Herbert <tom@herbertland.com<mailto:tom@herbertland.com>>, Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>, spring@ietf.org<mailto:spring@ietf.org> <spring@ietf.org<mailto:spring@ietf.org>>, Alvaro Retana <aretana.ietf@gmail.com<mailto:aretana.ietf@gmail.com>>, Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>
Subject: RE: [spring] Chair Review of draft-ietf-spring-srv6-srh-compression-11
Andrew,
Can you please provide any details about re-write of MPLS Ethertype?  Why is it needed, what are the applications etc.
I am not aware of any such operations.


Regards,
Sasha



Internal All Employees
From: Andrew Alston - IETF <andrew-ietf@liquid.tech<mailto:andrew-ietf@liquid.tech>>
Sent: Wednesday, March 27, 2024 2:25 PM
To: Alexander Vainshtein <Alexander.Vainshtein@rbbn.com<mailto:Alexander.Vainshtein@rbbn.com>>; Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>
Cc: Tom Herbert <tom@herbertland.com<mailto:tom@herbertland.com>>; Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>; spring@ietf.org<mailto:spring@ietf.org>; Alvaro Retana <aretana.ietf@gmail.com<mailto:aretana.ietf@gmail.com>>
Subject: [EXTERNAL] Re: [spring] Chair Review of draft-ietf-spring-srv6-srh-compression-11

Actually there are many reasons – which have been detailed in the ethertype document why various operators believe that this is insufficient.  It is still a fail open mechanism.

Irrespective of that – I do not believe that 6man-sids contradicts the ravioli draft – in fact I would argue they are complementary, and the implementation of both mechanisms would provide operators with more layers of security.  Considering that ravioli provides a mechanism that is opt-in for operators – and gives them a CHOICE to choose the level of the security, I fail to see the opposition here.

Adding an optional ethertype a.) Would not break things for peoplel who chose to run without it b.) Is an optional mechanism that would leave operators more comfortable should they want a fail closed mechanism c.) Is extremely simple to implement considering that ethertype rewrites are common place on almost all hardware (we already rewrite ethertypes for MPLS and for various other things)

So why fight against giving operators a choice that could end up enhancing deployment of a technology that been fought so hard for, for so many years?  That seems self defeatist to me.

Just my view point 😊

Andrew




Internal All Employees
From: Alexander Vainshtein <Alexander.Vainshtein@rbbn.com<mailto:Alexander.Vainshtein@rbbn.com>>
Date: Wednesday, 27 March 2024 at 15:18
To: Andrew Alston - IETF <andrew-ietf@liquid.tech<mailto:andrew-ietf@liquid.tech>>, Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>
Cc: Tom Herbert <tom@herbertland.com<mailto:tom@herbertland.com>>, Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>, spring@ietf.org<mailto:spring@ietf.org> <spring@ietf.org<mailto:spring@ietf.org>>, Alvaro Retana <aretana.ietf@gmail.com<mailto:aretana.ietf@gmail.com>>
Subject: RE: [spring] Chair Review of draft-ietf-spring-srv6-srh-compression-11
Andrew, Robert and all,
IMHO and FWIW Section 5 of the 6man-sid draft<https://datatracker.ietf.org/doc/html/draft-ietf-6man-sids-06#section-5> defines a simple security mechanism that can be easily deployed by the operators that have security concerns about SRv6 at the border of their network.

Regards,
Sasha



Internal All Employees
From: Andrew Alston - IETF <andrew-ietf@liquid.tech<mailto:andrew-ietf@liquid.tech>>
Sent: Wednesday, March 27, 2024 11:36 AM
To: Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>
Cc: Tom Herbert <tom@herbertland.com<mailto:tom@herbertland.com>>; Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>; Alexander Vainshtein <Alexander.Vainshtein@rbbn.com<mailto:Alexander.Vainshtein@rbbn.com>>; spring@ietf.org<mailto:spring@ietf.org>; Alvaro Retana <aretana.ietf@gmail.com<mailto:aretana.ietf@gmail.com>>
Subject: [EXTERNAL] Re: [spring] Chair Review of draft-ietf-spring-srv6-srh-compression-11

No Robert,

There are operators that have legitimate security concerns and concerts about layer violations – and those operators are entirely in their rights to have such concerns and act on them accordingly.  What this means is that unless those concerns are addressed (with a fail closed solution/ethertype/whatever) those operators will err on the side of security and choose to forgo srv6 entirely no matter what it offers.

This may well not be the case if SRv6 did diverge from Ipv6 and take appropriate measures to become a fail closed system, giving the operator the ability to run srv6 as they see fit, in either fail-closed mode (with its own ethertype) or in open mode (without its own ethertype) – or in a hybrid mode (though when we wrote the raviolli draft we chose not to discuss the semantics of hybrid operation because of complexity and because it probably would be a bad idea – but it CAN be done)

Thanks

Andrew




Internal All Employees
From: Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>
Date: Wednesday, 27 March 2024 at 12:28
To: Andrew Alston - IETF <andrew-ietf@liquid.tech<mailto:andrew-ietf@liquid.tech>>
Cc: Tom Herbert <tom@herbertland.com<mailto:tom@herbertland.com>>, Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>, Alexander Vainshtein <Alexander.Vainshtein@rbbn.com<mailto:Alexander.Vainshtein@rbbn.com>>, spring@ietf.org<mailto:spring@ietf.org> <spring@ietf.org<mailto:spring@ietf.org>>, Alvaro Retana <aretana.ietf@gmail.com<mailto:aretana.ietf@gmail.com>>
Subject: Re: [spring] Chair Review of draft-ietf-spring-srv6-srh-compression-11
Andrew,

> because there are operators out there that will never run srv6

So for the operator who will never run SRv6 what exactly is the problem ? How is he going to be affected by any SRv6 extensions ?

Isn't such an operator acting like coast guard of selected IPv6 extensions defending its day one "purity" even if people living further on the land find it useful ? Or is there some cherry picking going on at the "Gates to IPv6 Land" ? You can enter pls come in but you Sr. ohhh sorry No - pls go away ?

As mentioned I did observe those operators fighting when 6man allowed SRv6 to be IPv6 and they lost the battle badly including fired appeals.

RFC8754 is a clear example of this. It is IETF STD track RFC and published by 6man WG. So at this point any discussion on new ethertype for IPv6 should first start an effort to first obsolete all RFCs already approved in this space.

Best,
R.

On Wed, Mar 27, 2024 at 7:24 AM Andrew Alston - IETF <andrew-ietf@liquid.tech<mailto:andrew-ietf@liquid.tech>> wrote:
Tom,

I believe a number of the differences are highlighted in draft-ietf-6man-sids.

Though that does not go as far as to say they ipv6 and srv6 are not the same thing – it does highlight that there are key deviations between srv6 and rfc4291 for example.

(I hit discuss on this when I was still an AD as seen here https://datatracker.ietf.org/doc/draft-ietf-6man-sids/ballot/#draft-ietf-6man-sids_andrew-alston<https://datatracker.ietf.org/doc/draft-ietf-6man-sids/ballot/#draft-ietf-6man-sids_andrew-alston>  because as I said in the discuss I believe that the sids document was attempting to have it both ways – and I don’t believe you can do that)

I also point out that if we do agree to diverge between srv6 and ipv6 – this can be done without creating further complexity – and by allowing for an *optional* ethertype as per https://datatracker.ietf.org/doc/draft-raviolli-intarea-trusted-domain-srv6/<https://datatracker.ietf.org/doc/draft-raviolli-intarea-trusted-domain-srv6> this also would allow operators the choice to run srv6 in a way that makes them comfortable or not – without complexity and actually *enhance* the deployment of srv6 – because there are operators out there that will never run srv6 while we continue to insist its ipv6 but violate the ipv6 standards – at the expense of security and other aspects.

I have never understood the vendor resistence to giving operators this choice though – especially when it would actually help get their stuff deployed in more networks potentially.

Andrew



Internal All Employees
From: Tom Herbert <tom@herbertland.com<mailto:tom@herbertland.com>>
Date: Wednesday, 27 March 2024 at 02:52
To: Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>
Cc: Alexander Vainshtein <Alexander.Vainshtein@rbbn.com<mailto:Alexander.Vainshtein@rbbn.com>>, spring@ietf.org<mailto:spring@ietf.org> <spring@ietf.org<mailto:spring@ietf.org>>, Andrew Alston - IETF <andrew-ietf@liquid.tech<mailto:andrew-ietf@liquid.tech>>, Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>, Alvaro Retana <aretana.ietf@gmail.com<mailto:aretana.ietf@gmail.com>>
Subject: Re: [spring] Chair Review of draft-ietf-spring-srv6-srh-compression-11
On Tue, Mar 26, 2024 at 4:03 PM Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>> wrote:
>
> Sasha,
>
> At the moment when SRv6 diverges from  IPv6, the two evolutionary branches are identical. If SRv6 needs link locals, it can use them.
>
> However, SRv6 now has the freedom to evolve in ways that IPv6 cannot.

Hi Ron,

That assumes that SRv6 is forked from IPv6? It might be nice for
someone to write up an I-D to really clarify the relationship between
SRv6 and IPv6.

Tom

>
>                                                                   Ron
>
> Juniper Business Use Only
>
> ________________________________
> From: Alexander Vainshtein <Alexander.Vainshtein@rbbn.com<mailto:Alexander.Vainshtein@rbbn.com>>
> Sent: Tuesday, March 26, 2024 4:24 PM
> To: Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>
> Cc: spring@ietf.org<mailto:spring@ietf.org> <spring@ietf.org<mailto:spring@ietf.org>>; Andrew Alston - IETF <andrew-ietf@liquid.tech<mailto:andrew-ietf@liquid.tech>>; Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>; Tom Herbert <tom@herbertland.com<mailto:tom@herbertland.com>>; Alvaro Retana <aretana.ietf@gmail.com<mailto:aretana.ietf@gmail.com>>
> Subject: Re: [spring] Chair Review of draft-ietf-spring-srv6-srh-compression-11
>
>
> [External Email. Be cautious of content]
>
> Ron,
> I am not sure you can separate just the forwarding plane of SRv6 and IPv6.
>
> E.g., what would happen to all the IPv6 mechanisms that use link-local IPv6 addresses?
>
> Replicating these mechanisms does not make much sense to me.
>
> My 2c,
> Sasha
>
>
> Get Outlook for Android
>
>
> Juniper Business Use Only
>
> ________________________________
> From: Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>
> Sent: Tuesday, March 26, 2024 8:36:49 PM
> To: Alexander Vainshtein <Alexander.Vainshtein@rbbn.com<mailto:Alexander.Vainshtein@rbbn.com>>
> Cc: spring@ietf.org<mailto:spring@ietf.org> <spring@ietf.org<mailto:spring@ietf.org>>; Andrew Alston - IETF <andrew-ietf@liquid.tech<mailto:andrew-ietf@liquid.tech>>; Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>; Tom Herbert <tom@herbertland.com<mailto:tom@herbertland.com>>; Alvaro Retana <aretana.ietf@gmail.com<mailto:aretana.ietf@gmail.com>>
> Subject: [EXTERNAL] Re: [spring] Chair Review of draft-ietf-spring-srv6-srh-compression-11
>
> Sasha,
>
> Good point. In my previous email, I didn't mean suggest that we should divorce SRv6 from the entire suite of Internet protocols. I only meant that we should divorce the SRv6 forwarding plane from the IPv6 forwarding plane. BGP could continue to distribute SIDS exactly as is distributes MPLS service labels today.
>
> You bring up another good point about the parallel evolution of SRv6 and IPv6. Yes, this is an engineering trade off. If you divorce SRv6 from IPv6, and IPv6 develops a useful new feature, SRv6 might need to develop that feature, too. However, if you bind SRv6 to IPv6, SRv6 must strictly adhere to IPv6 standards, both now and in the future.
>
> Which is more painful?
>
>                                                                        Ron
>
> Juniper Business Use Only
>
> ________________________________
> From: Alexander Vainshtein <Alexander.Vainshtein@rbbn.com<mailto:Alexander.Vainshtein@rbbn.com>>
> Sent: Tuesday, March 26, 2024 1:56 PM
> To: Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>
> Cc: spring@ietf.org<mailto:spring@ietf.org> <spring@ietf.org<mailto:spring@ietf.org>>; Andrew Alston - IETF <andrew-ietf@liquid.tech<mailto:andrew-ietf@liquid.tech>>; Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>; Tom Herbert <tom@herbertland.com<mailto:tom@herbertland.com>>; Alvaro Retana <aretana.ietf@gmail.com<mailto:aretana.ietf@gmail.com>>
> Subject: RE: [spring] Chair Review of draft-ietf-spring-srv6-srh-compression-11
>
>
> [External Email. Be cautious of content]
>
> Ron and all,
>
> I respectfully disagree with the proposal of separation of SRv6 from the existing IPv6.
>
>
>
> IMHO and FWIW the most important added value of SRv6 is its ability to provide BGP-based overlay services without any changes in the P routers as described in Introduction of RFC 9252:
>
>
>
> To provide SRv6 service with best-effort connectivity, the egress PE signals an SRv6 Service SID with the BGP overlay service route. The ingress PE encapsulates the payload in an outer IPv6 header where the destination address is the SRv6 Service SID provided by the egress PE. The underlay between the PEs only needs to support plain IPv6 forwarding [RFC8200].
>
>
>
> To me this means that SRv6 services can benefit from incremental deployment when new forwarding capabilities (implementation of SRv6 Endpoint Behaviors) would be initially available just in the relevant PEs.
>
>
>
> And best-effort BGP-based SRv6 services would scale up much better than best-effort BGP-based services on top of a SR-MPLS underlay because:
>
> With SR-MPLS, the forwarding HW of the ingress PE would have to maintain at least one dedicated egress encapsulation information element for the local representation of each service instance in each egress PE of this service (the label stack that delivers the packet to the relevant egress PE and the label that identifies the relevant service in this egress PE)
> With SRv6, the forwarding HW of the ingress PE would have to maintain only a dedicated egress encapsulation information element for each local adjacency of this PE.
>
> IMHO and FWIW the flex-algo approach extends the above scalability considerations to BGP-based SRv6 services that require some kind of traffic engineering.
>
>
>
> All these advantages would be lost if SRv6 were separated from IPv6. Such separation would require, at the very least:
>
> HW (or FW) upgrades that would identify received SRv6 packets based on their new Ethertype – across the entire SRv6 network
> SW upgrades supporting new/modified routing protocols dedicated for SRv6 – also across the entire SRv6 network.
>
>
>
> From my POV, SRv6 should try to minimize its deviations from the “normal” IPv6 (e.g., the differences in the address architecture), clearly define them and avoid all attempts to violate the IPv6 rules that do not belong to the “deviated” area.
>
>
>
> My 2c,
>
> Sasha
>
>
>
>
> Juniper Business Use Only
>
> From: spring <spring-bounces@ietf.org<mailto:spring-bounces@ietf.org>> On Behalf Of Ron Bonica
> Sent: Tuesday, March 26, 2024 7:14 PM
> To: Tom Herbert <tom@herbertland.com<mailto:tom@herbertland.com>>; Alvaro Retana <aretana.ietf@gmail.com<mailto:aretana.ietf@gmail.com>>
> Cc: spring@ietf.org<mailto:spring@ietf.org>; Andrew Alston - IETF <andrew-ietf@liquid.tech<mailto:andrew-ietf@liquid.tech>>; Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>
> Subject: [EXTERNAL] Re: [spring] Chair Review of draft-ietf-spring-srv6-srh-compression-11
>
>
>
> Working Group,
>
>
>
> Might  SRv6 progress much more quickly if we did the following:
>
>
>
> ·       Divorce SRv6 from IPv6
>
> ·       Give SRv6 its own ethertype
>
> ·       Let SRv6 progress along its own evolutionary trajectory, unencumbered by IPv6 restrictions
>
>
>
> At very least, this divorce would end the long and painful debates regarding IPv6 compliance. And would it give SRv6 more degrees of freedom as it evolves,
>
>
>
> As far as I can see, the only benefit of binding SRv6 to IPv6 is in the expectation that IPv6-enabled hardware won't have to change too much to support SRv6. This benefit might still be realized if SRv6 doesn't deviate too much from IPv6.
>
>
>
> My question is not rhetorical. Maybe I am missing something, but is there any real benefit in continuing to bind SRRv6 to IPv6?
>
>
>
>                                                            Ron
>
>
>
> Juniper Business Use Only
>
> ________________________________
>
> From: Tom Herbert <tom@herbertland.com<mailto:tom@herbertland.com>>
> Sent: Monday, March 25, 2024 3:40 PM
> To: Alvaro Retana <aretana.ietf@gmail.com<mailto:aretana.ietf@gmail.com>>
> Cc: Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>; Andrew Alston - IETF <andrew-ietf@liquid.tech<mailto:andrew-ietf@liquid.tech>>; Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>; spring@ietf.org<mailto:spring@ietf.org> <spring@ietf.org<mailto:spring@ietf.org>>; Joel Halpern <jmh@joelhalpern.com<mailto:jmh@joelhalpern.com>>
> Subject: Re: [spring] Chair Review of draft-ietf-spring-srv6-srh-compression-11
>
>
>
> [External Email. Be cautious of content]
>
>
> On Mon, Mar 25, 2024 at 12:31 PM Alvaro Retana <aretana.ietf@gmail.com<mailto:aretana.ietf@gmail.com>> wrote:
> >
> > Tom:
> >
> > Hi!
> >
> > I understand your point.
> >
> > I put the option out there because it came up at last week’s spring meeting and it should be discussed.
>
> Alvaro,
>
> This seems to come back to the fundamental question: is SRv6 still
> IPv6 or is it a new protocol. If it's IPv6 then it should adhere to
> all the requirements and expectations of IPv6, if it's a new protocol
> that is going to diverge from the standard IPv6 then maybe it needs
> its own EtherType and standards development path.
>
> Tom
>
>
> >
> > Thanks!
> >
> > Alvaro.
> >
> >
> > On March 25, 2024 at 2:58:48 PM, Tom Herbert (tom@herbertland.com<mailto:tom@herbertland.com>) wrote:
> >
> > On Mon, Mar 25, 2024 at 11:17 AM Alvaro Retana <aretana.ietf@gmail.com<mailto:aretana.ietf@gmail.com>> wrote:
> > >
> > > FWIW, I agree with most of what Joel wrote. ;-)
> > >
> > > I see another path forward: Given that the issue is constrained to an SR domain, the draft could also point out the issues as operational/deployment considerations. Operators can then make an informed decision on whether they want to/can use C-SIDs without an SRH in their network. This path forward (or leaving it out of scope, as Joel suggests below) is something the spring WG can reach consensus on by itself (i.e., without needing to consult or agree with other WGs).
> >
> > Alvaro,.
> >
> > This wouldn't be robust and would seem to violate the "be conservative
> > in what you send clause". Punting this to the operators doesn't seem
> > practical either, in an even moderately large network they wouldn't be
> > able to know all the potential problems they might hit in devices.
> > They're about one misconfiguration away from having to debug a rather
> > unpleasant problem. For instance, if operator gets a packet trace from
> > a router they would see a whole bunch of packets with bad checksums,
> > but they would have no way of knowing if these were cases of segment
> > routing or actually corrupted packets.
> >
> > Tom
>
>
>
> Disclaimer
>
> This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments.
>
>
_______________________________________________
spring mailing list
spring@ietf.org<mailto:spring@ietf.org>
https://www.ietf.org/mailman/listinfo/spring<https://www.ietf.org/mailman/listinfo/spring>

v2.23.0 | Report a Bug | By Email