IETF Logo Mail Archive

Re: [spring] Lars Eggert's Discuss on draft-ietf-spring-sr-replication-segment-16: (with DISCUSS and COMMENT)

Lars Eggert <lars@eggert.org> Wed, 23 August 2023 09:59 UTC

Return-Path: <lars@eggert.org>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02377C14CE2C; Wed, 23 Aug 2023 02:59:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=eggert.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sLk_9Vvp0QvG; Wed, 23 Aug 2023 02:59:21 -0700 (PDT)
Received: from mail.eggert.org (mail.eggert.org [IPv6:2a00:ac00:4000:400::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFE8CC15199E; Wed, 23 Aug 2023 02:59:20 -0700 (PDT)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id CD30C80900; Wed, 23 Aug 2023 12:59:15 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eggert.org; s=dkim; t=1692784757; h=from:subject:date:message-id:to:cc:mime-version:content-type: in-reply-to:references; bh=UmA67FrKXi90lHO/rHLmL2JRvu9TBn+x7ufiElL6QCE=; b=CMvLxIrL8jn4RAya6KPn/Ysr2SChdhgpGvUxPJnvsFbz2CTM41l6hsZx29hb1bLM6/HRlE fBdrbhoXuAEiqfM4O5wGtCeQMdR7m6JkvLGsk1tuaiMfl8AeCIf4golvIdvDCcRsAk23wD 3Aaj7vyTwgqT/yiRZYZBnH1gt3eRaOkO1KKY/+pFI+6GKzuAN+vW+3JvAeZdlgVVUX77YK ePTxlxPUPO8jjXJjG+xPt+mFdREIsz6vMslJbMC8Np9X1p8rehsMSlw84EnGsIPyd2s3Wz 8YaSHjbfxSe6aqwj0sfkp5WYlzT/MyR5eTfwZ8UfnKmEMrRe4PrYY0+3WpXm0w==
Content-Type: multipart/signed; boundary="Apple-Mail=_7CC23911-9F89-4E89-8DC6-4C3557AB3C63"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
From: Lars Eggert <lars@eggert.org>
In-Reply-To: <CABjMoXY865nJ_ET-QGAyULO=3WggrJ4Q7ZV0VjS9MGs1VaXF8Q@mail.gmail.com>
Date: Wed, 23 Aug 2023 12:59:16 +0300
Cc: The IESG <iesg@ietf.org>, draft-ietf-spring-sr-replication-segment@ietf.org, spring-chairs@ietf.org, spring@ietf.org, mankamis@cisco.com
Message-Id: <452FDC37-8151-46DA-8154-0EF1BD53CC64@eggert.org>
References: <169113757232.15080.2703586835855766334@ietfa.amsl.com> <CABjMoXZPXeUYLwzfSr=sRVAqZQm1BOLB9KCPbXHrbqWrM769Vg@mail.gmail.com> <97A5A5D3-0E88-4F07-8072-91921E1540BD@eggert.org> <CABjMoXY865nJ_ET-QGAyULO=3WggrJ4Q7ZV0VjS9MGs1VaXF8Q@mail.gmail.com>
To: Rishabh Parekh <rishabhp@gmail.com>
X-Last-TLS-Session-Version: TLSv1.2
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/IukVgjn5Zr39IsZWmOG8pJ7htBU>
Subject: Re: [spring] Lars Eggert's Discuss on draft-ietf-spring-sr-replication-segment-16: (with DISCUSS and COMMENT)
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Aug 2023 09:59:25 -0000

Hi,

On Aug 11, 2023, at 21:40, Rishabh Parekh <rishabhp@gmail.com> wrote:
> On Thu, Aug 10, 2023 at 12:54 AM Lars Eggert <lars@eggert.org> wrote:
> Hi,
> 
> On Aug 10, 2023, at 00:24, Rishabh Parekh <rishabhp@gmail.com> wrote:
> > This document introduces packet replication functionality into SR
> > networks. This significantly increases and complicates the attack
> > surface of the technology while at the same time introducing severe
> > new misconfiguration possibilities (e.g., multicast amplification
> > loops that can lead to congestion collapse of the network.) This
> > document does not adequately describe and discuss these issues.
> >
> > [RP] May I ask what you think is missing in the Security section text about loops?
> 
> A way to detect and/or mitigate the effects of loop congestion. Or if that cannot be done in this document, a requirement that this technology MUST NOT be deployed without a control plane that either prevents loops or detects and mitigates their effects, and a normative reference to those control plane specs.
> 
> [RP2] I will add a MUST requirement for a control plane to prevent or detect/mitigate loops in steady state in the next revision.

I'm missing a normative reference to at least one control plane that satisfies this requirement.

> Local provisioning of replication segments on SR nodes is valid too - maybe we can add a SHOULD clause to prevent loops via local provisioning. However, I don't think a normative reference to the control plane is required because the behavior of a single replication segment - as specified in this document does not necessitate a control plane.

Safe deployment of this technology requires that loop congestion collapse be prevented. If the only way to achieve this is by requiring a control plane, that must be a normative reference. If there is some other way to prevent loop congestion without a control plane, this document or a normative reference must specify how this is done.

>   > Additionally, this documents needs to specify suitable
> > countermeasures - it is not sufficient to leave this up to
> > unspecified control plane mechanisms.
> >
> > [RP] This document is just specifying behavior of a single replication segment. The use of PCE as a controller to create a tree by stitching replication segments in specified in PIM WG document (draft-ietf-pim-sr-p2mp-policy) and PCEP protocol extensions are described in PCE WG doc (draft-ietf-pce-sr-p2mp-policy).
> 
> draft-ietf-pim-sr-p2mp-policy is only cited informally, and draft-ietf-pce-sr-p2mp-policy not at all. If they do contain these countermeasures, they need to be cited normatively and their use needs to be required. However, I just skimmed them and neither seems to discuss loops or congestion?
> 
> [RP] draft-ietf-pim-sr-p2mp-policy is really an "architecture" draft for using PCE as a control plane for creating a tree by stichting replication segments; draft-ietf-pce-sr-p2mp-policy is just PCEP signalling extensions and hence not really referenced in this draft. Once we add the MUST requirements in this draft, I will update draft-ietf-pim-sr-p2mp-policy to satisfy this requirement.

If draft-ietf-pim-sr-p2mp-policy is the control plane that contains the loop congestion collapse protection, it must also become a normative reference.

> > ### Section 2, paragraph 18
> > ```
> >      In principle it is possible for different Replication segments to
> >      replicate packets to the same Replication segment on a Downstream
> >      node.  However, such usage is intentionally left out of scope of this
> >      document.
> > ```
> > What was the intent of leaving this out? There seems to be complexity
> > here that can be abused, in which case I would have expected this to
> > either be explicitly forbidden or discussed in sufficient detail to
> > understand (and mitigate) the issues.
> >
> > [RP] This came up in WG discussion during WGLC about "sharing" a downstream replication segment across multiple "upstream" replication segments (possibly to enable Multipoint-to-Multipoint). Although this is feasible, it is only possible to do this when a complex set of conditions are satisfied. This adds complexity to both control plane and data plane (like needing "outer" and "inner" replication segment context in packets). Hence, it was kept out of scope of this document.
> 
> So what you write seems to argue that this should then be explicitly forbidden?
> 
> [RP2] No, it should not be forbidden, but left to other future documents that can address the MP2MP use-case or replication segment sharing, if required.

Those other documents should then update this one, allowing this option and describing the details.

Thanks,
Lars

v2.23.0 | Report a Bug | By Email