IETF Logo Mail Archive

Re: [spring] [nvo3] L4 Checksum and draft-ietf-6man-segment-routing-header

"Stefano Previdi (sprevidi)" <sprevidi@cisco.com> Tue, 31 May 2016 16:02 UTC

Return-Path: <sprevidi@cisco.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 474D712D7FE; Tue, 31 May 2016 09:02:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.947
X-Spam-Level:
X-Spam-Status: No, score=-15.947 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bq2kzmSywLVr; Tue, 31 May 2016 09:02:42 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1713412D610; Tue, 31 May 2016 09:02:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=18065; q=dns/txt; s=iport; t=1464710561; x=1465920161; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=QfQPj7a+Zde9BvekMbL0revFNBqgy5slxPLuRdoysYg=; b=G6tY9hoE+U2o8cLrouwAeVYKdS+NuW8Ak1Yd9mzfoWEXGT2gvs/y00Qd +oKLutoIDtV9hEU/Tb4ZBHmHpdu0+4nEOnEe0VP0dPjx6mtOVYpQONo2J z5Vi/ngb8wKezk9xv9eb4oz2f5UvAarMvvAWZaH/8A/w5c3VDoQF16uxo Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D3AQBftE1X/4oNJK1bgzyBUwauFYtvAQ2BeoYRAoE+OBQBAQEBAQEBZSeERQEBAQMBeQUHBAIBCBEDAQEBARUSByERFAkIAgQOBYgVAw8IuXMNhB8BAQEBAQEBAQEBAQEBAQEBAQEBAQEchieBdwiBS4EDgkOBWiM/gnWCLgWOHYlnMwGId4MvgXmBaY0zhjOBMYdnAR4BAUKDbW6IcwEGIB9/AQEB
X-IronPort-AV: E=Sophos;i="5.26,396,1459814400"; d="scan'208";a="279981446"
Received: from alln-core-5.cisco.com ([173.36.13.138]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 31 May 2016 16:02:39 +0000
Received: from XCH-RTP-010.cisco.com (xch-rtp-010.cisco.com [64.101.220.150]) by alln-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id u4VG2dDo020533 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 31 May 2016 16:02:39 GMT
Received: from xch-rtp-010.cisco.com (64.101.220.150) by XCH-RTP-010.cisco.com (64.101.220.150) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 31 May 2016 12:02:38 -0400
Received: from xch-rtp-010.cisco.com ([64.101.220.150]) by XCH-RTP-010.cisco.com ([64.101.220.150]) with mapi id 15.00.1104.009; Tue, 31 May 2016 12:02:38 -0400
From: "Stefano Previdi (sprevidi)" <sprevidi@cisco.com>
To: Tal Mizrahi <talmi@marvell.com>
Thread-Topic: [nvo3] [spring] L4 Checksum and draft-ietf-6man-segment-routing-header
Thread-Index: AQHRtMWkQ84SBd4Z00OPA2d5Y/ic9p/GZ/OAgAACKoCAAARfAIAAy/oAgAAJ14CADD6+AIAAAh4A
Date: Tue, 31 May 2016 16:02:38 +0000
Message-ID: <5A098FFC-5D34-4E4C-9231-4783077B7D05@cisco.com>
References: <eaf5cad817624c7a8758758aa058399b@IL-EXCH02.marvell.com> <AD825FC8-E5AB-437D-992B-F5900B67EFA7@employees.org> <ECB16B90-392C-4C98-B3EA-86050AE2BEBA@cisco.com> <5dc56935eba94c2390120244564f9b21@IL-EXCH02.marvell.com> <A5EFDE4C-BE25-4F5C-B176-E63740E94F4B@cisco.com> <ed76a19f5995465e8f4eddcba5d0c95c@IL-EXCH02.marvell.com> <0551686F-F1D2-4C34-81C8-530F1BEE1BDF@cisco.com> <5d889e7013b44b27ae1e75cf7ea2dd22@IL-EXCH02.marvell.com> <CALx6S35iChUWbF_Qp6Sf2s5ipPDqkNfVB1k0i=45Nq5q4OnS_w@mail.gmail.com> <3549ABBE-9828-42D2-A056-851432487E2E@cisco.com> <1e13d2e32b2448af94bf23d5acf17740@IL-EXCH02.marvell.com> <569a4067fd1f45dd85d60e983be69b90@IL-EXCH02.marvell.com> <CA+b+ER=zQbceetmYE-ehVczCVTcx0tawEZb1bdRB9ZktdfW7ZA@mail.gmail.com> <bb99730deb8348bcac4f5c433e88d435@IL-EXCH02.marvell.com> <CA+b+ERkQf5ezEZdP=+U0MBHHSX7cKVnxudVKCrJ0BX+5HBq1oQ@mail.gmail.com> <1c27bb3513bc48889ec310e8d143784c@IL-EXCH02.marvell.com> <CA+b+ERmsCQbjcGLK4sNo+B51pZyXTqFW6On_CeTbYq4gSjHwRw@mail.gmail.com> <36D9FCF0-382C-4669-85A5-C782636A85BB@vmware.com> <D368BC04.19BA29%kreeger@cisco.com> <d5f75f2fc2dd4e72a0de3e581667b9f6@IL-EXCH02.marvell.com>
In-Reply-To: <d5f75f2fc2dd4e72a0de3e581667b9f6@IL-EXCH02.marvell.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.61.201.156]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <764A43FFFC5A82498A4729D56E40B12D@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/spring/IzUztMES53AJkaezy0r5PNM74mc>
Cc: "spring@ietf.org" <spring@ietf.org>, 6man WG <ipv6@ietf.org>, "draft-ietf-6man-segment-routing-header@tools.ietf.org" <draft-ietf-6man-segment-routing-header@tools.ietf.org>
Subject: Re: [spring] [nvo3] L4 Checksum and draft-ietf-6man-segment-routing-header
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Stacked Tunnels for Source Routing \(STATUS\)." <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 May 2016 16:02:46 -0000

> On May 31, 2016, at 5:54 PM, Tal Mizrahi <talmi@marvell.com> wrote:
> 
> Hi Stefano,
> 
> Going back to our original discussion, I believe we can conclude that the L4 Checksum may be interesting in two possible scenarios:
> 
> 
> 1.       The SRH is generated by the host. In this case the L4 Checksum is computed by the host based on the IP address of the last hop.
> 
> 2.       The SRH is generated by the ingress node of the SR domain using an IP tunnel. Specifically, if the tunnel encapsulation includes an L4 header (e.g., VXLAN, VXLAN-GPE, Geneve, GUE), then (again) the ingress node computes the L4 Checksum based on the IP address of the last hop.
> 
> In both cases intermediate routers in the SR domain do not need to update the Checksum, even though they update the destination IP address.


it can be simplified by stating that any SRH that is inserted in transit MUST be removed prior to deliver the packet to the final destination.

All other cases implies that the source is inserting the SRH, in which case the checksum is consistent.


s.



> 
> It would be great if some text would be added to the draft to clarify these observations.
> 
> Cheers,
> Tal.
> 
> 
> 
> From: Larry Kreeger (kreeger) [mailto:kreeger@cisco.com]
> Sent: Monday, May 23, 2016 11:55 PM
> To: Tal Mizrahi
> Cc: draft-ietf-nvo3-geneve@tools.ietf.org; draft-ietf-nvo3-vxlan-gpe@tools.ietf.org; spring@ietf.org; 6man WG; nvo3@ietf.org; draft-ietf-6man-segment-routing-header@tools.ietf.org; Stefano Previdi (sprevidi)
> Subject: Re: [nvo3] [spring] L4 Checksum and draft-ietf-6man-segment-routing-header
> 
> I agree with Robert and Jesse. - Larry
> 
> From: Jesse Gross <jgross@vmware.com<mailto:jgross@vmware.com>>
> Date: Monday, May 23, 2016 at 1:19 PM
> To: Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>, Tal Mizrahi <talmi@marvell.com<mailto:talmi@marvell.com>>
> Cc: "draft-ietf-nvo3-geneve@tools.ietf.org<mailto:draft-ietf-nvo3-geneve@tools.ietf.org>" <draft-ietf-nvo3-geneve@tools.ietf.org<mailto:draft-ietf-nvo3-geneve@tools.ietf.org>>, "draft-ietf-nvo3-vxlan-gpe@tools.ietf.org<mailto:draft-ietf-nvo3-vxlan-gpe@tools.ietf.org>" <draft-ietf-nvo3-vxlan-gpe@tools.ietf.org<mailto:draft-ietf-nvo3-vxlan-gpe@tools.ietf.org>>, "spring@ietf.org<mailto:spring@ietf.org>" <spring@ietf.org<mailto:spring@ietf.org>>, 6man WG <ipv6@ietf.org<mailto:ipv6@ietf.org>>, "nvo3@ietf.org<mailto:nvo3@ietf.org>" <nvo3@ietf.org<mailto:nvo3@ietf.org>>, "draft-ietf-6man-segment-routing-header@tools.ietf.org<mailto:draft-ietf-6man-segment-routing-header@tools.ietf.org>" <draft-ietf-6man-segment-routing-header@tools.ietf.org<mailto:draft-ietf-6man-segment-routing-header@tools.ietf.org>>, "Stefano Previdi (sprevidi)" <sprevidi@cisco.com<mailto:sprevidi@cisco.com>>
> Subject: Re: [nvo3] [spring] L4 Checksum and draft-ietf-6man-segment-routing-header
> Resent-From: <alias-bounces@ietf.org<mailto:alias-bounces@ietf.org>>, <jgross@vmware.com<mailto:jgross@vmware.com>>
> Resent-To: Larry Kreeger <kreeger@cisco.com<mailto:kreeger@cisco.com>>, <uri.elzur@intel.com<mailto:uri.elzur@intel.com>>, <draft-ietf-6man-segment-routing-header@ietf.org<mailto:draft-ietf-6man-segment-routing-header@ietf.org>>
> Resent-Date: Monday, May 23, 2016 at 1:20 PM
> 
> I agree that I don't believe that there is anything in these drafts that precludes the use of extension headers or segment routing - IP is simply the layer underneath that these protocols are building on. The figures are definitely just examples - they also show outer Ethernet headers, which is not a requirement.
> 
> I wouldn't want to add text specifically stating that extension headers are permissible. It seems like that could lead to similar questions in the future where one might wonder if other features of IP are allowed because one is explicitly listed and others are not, etc. In my opinion, the drafts are about as clear as they can be on this point.
> 
> Jesse
> 
> On 5/23/16, 1:09 AM, "rraszuk@gmail.com<mailto:rraszuk@gmail.com> on behalf of Robert Raszuk" <rraszuk@gmail.com<mailto:rraszuk@gmail.com> on behalf of robert@raszuk.net<mailto:robert@raszuk.net>> wrote:
> 
> Hi Tal,
> 
>> In order to avoid ambiguity, it would be great if the
>> authors could explicitly mention that IPv6 extension
>> headers are permitted.
> 
> Well the drafts are complaint to RFC2119 (normative reference) so unless the text excludes elements with MUST/MUST NOT - everything else defined in the building blocks they (re)use is permitted.
> 
> However as you say perhaps for clarity what could be added to those drafts is a normative reference to IPv4 and IPv6 base RFCs.
> 
> Best,
> R.
> 
> 
> On Mon, May 23, 2016 at 9:54 AM, Tal Mizrahi <talmi@marvell.com<mailto:talmi@marvell.com>> wrote:
> Hi Robert,
> 
> That makes sense.
> However, in this case the figures may be a bit confusing WRT the possible existence of extension headers. This confusion is what led to the discussion in this thread about whether segment routing is possible with VXLAN/VXLAN-GPE/Geneve encapsulations.
> 
> In order to avoid ambiguity, it would be great if the authors could explicitly mention that IPv6 extension headers are permitted.
> 
> Regards,
> Tal.
> 
> From:rraszuk@gmail.com<mailto:rraszuk@gmail.com> [mailto:rraszuk@gmail.com<mailto:rraszuk@gmail.com>] On Behalf Of Robert Raszuk
> Sent: Monday, May 23, 2016 10:47 AM
> 
> To: Tal Mizrahi
> Cc: spring@ietf.org<mailto:spring@ietf.org>; 6man WG; draft-ietf-nvo3-vxlan-gpe@tools.ietf.org<mailto:draft-ietf-nvo3-vxlan-gpe@tools.ietf.org>; nvo3@ietf.org<mailto:nvo3@ietf.org>; draft-ietf-6man-segment-routing-header@tools.ietf.org<mailto:draft-ietf-6man-segment-routing-header@tools.ietf.org>; draft-ietf-nvo3-geneve@tools.ietf.org<mailto:draft-ietf-nvo3-geneve@tools.ietf.org>; Stefano Previdi (sprevidi)
> Subject: Re: [nvo3] [spring] L4 Checksum and draft-ietf-6man-segment-routing-header
> 
> Hi Tal,
> 
> Indeed .. I saw the figures, but figures are non normative in any draft/rfc unless text below specifically spells it out.
> 
> For example from vxlan-gpe:
> 
> "When the outer IP header is IPv4, VTEPs MUST set the DF bit."
> 
> Besides it is pretty challenging to add animation to the current draft formats to illustrate all possibly allowed field values/combinations in any figure :)  Figures just illustrate one use example.
> 
> To me the current specs permit any value of IPv6 NxtHdr field as permitted in both encapsulations.
> 
> Best,
> Robert.
> 
> 
> On Mon, May 23, 2016 at 9:35 AM, Tal Mizrahi <talmi@marvell.com<mailto:talmi@marvell.com>> wrote:
> Hi Robert,
> 
> 
>> Where say in draft draft-quinn-vxlan-gpe do you see such statement that would imply
>> that v6 NxtHdr must be only equal to 17 (UDP) and not be a pointer to any other type
>> of extension header further followed by UDP ?
> 
> 
> The following text is from Figure 4 in draft-ietf-nvo3-vxlan-gpe:
> 
>      Outer IPv6 Header:
>      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>      |Version| Traffic Class |           Flow Label                  |
>      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>      |         Payload Length        | NxtHdr=17(UDP)|   Hop Limit   |
>      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>      |                                                               |
> 
> 
> There is a similar figure in draft-ietf-nvo3-geneve.
> 
> Best regards,
> Tal.
> 
> From: nvo3 [mailto:nvo3-bounces@ietf.org<mailto:nvo3-bounces@ietf.org>] On Behalf Of Robert Raszuk
> Sent: Monday, May 23, 2016 10:29 AM
> To: Tal Mizrahi
> Cc: spring@ietf.org<mailto:spring@ietf.org>; 6man WG; draft-ietf-nvo3-vxlan-gpe@tools.ietf.org<mailto:draft-ietf-nvo3-vxlan-gpe@tools.ietf.org>; nvo3@ietf.org<mailto:nvo3@ietf.org>; draft-ietf-6man-segment-routing-header@tools.ietf.org<mailto:draft-ietf-6man-segment-routing-header@tools.ietf.org>; draft-ietf-nvo3-geneve@tools.ietf.org<mailto:draft-ietf-nvo3-geneve@tools.ietf.org>; Stefano Previdi (sprevidi)
> 
> Subject: Re: [nvo3] [spring] L4 Checksum and draft-ietf-6man-segment-routing-header
> 
> Hi Tal,
> 
>> drafts seem to imply
> 
> Where say in draft draft-quinn-vxlan-gpe do you see such statement that would imply that v6 NxtHdr must be only equal to 17 (UDP) and not be a pointer to any other type of extension header further followed by UDP ?
> 
> Thx,
> R.
> 
> 
> On Mon, May 23, 2016 at 7:50 AM, Tal Mizrahi <talmi@marvell.com<mailto:talmi@marvell.com>> wrote:
> Dear Authors of VXLAN-GPE / Geneve,
> 
> I am reiterating on this question, as I haven't seen a response yet:
> 
> Have you considered the use of Segment Routing with VXLAN-GPE / Geneve? The current VXLAN-GPE / Geneve drafts seem to imply that IPv6 extension headers are currently not supported.
> 
> Thanks,
> Tal.
> 
> 
> 
>> -----Original Message-----
>> From: nvo3 [mailto:nvo3-bounces@ietf.org<mailto:nvo3-bounces@ietf.org>] On Behalf Of Tal Mizrahi
>> Sent: Tuesday, May 17, 2016 12:09 PM
>> To: Stefano Previdi (sprevidi); Tom Herbert; draft-ietf-nvo3-
>> geneve@tools.ietf.org<mailto:geneve@tools.ietf.org>; draft-ietf-nvo3-vxlan-gpe@tools.ietf.org<mailto:draft-ietf-nvo3-vxlan-gpe@tools.ietf.org>
>> Cc: spring@ietf.org<mailto:spring@ietf.org>; nvo3@ietf.org<mailto:nvo3@ietf.org>; 6man WG; draft-ietf-6man-segment-
>> routing-header@tools.ietf.org<mailto:routing-header@tools.ietf.org>
>> Subject: Re: [nvo3] [spring] L4 Checksum and draft-ietf-6man-segment-
>> routing-header
>> 
>> Stefano,
>> 
>> If I understand your point correctly:
>> IPv6 segment routing does not work with VXLAN / VXLAN-GPE / Geneve, since
>> these encapsulations do not currently allow the use of IPv6 extension
>> headers.
>> 
>> I wonder if the authors of VXLAN-GPE and Geneve have considered the use of
>> segment routing.
>> 
>> Thanks,
>> Tal.
>> 
>> 
>> 
>>> -----Original Message-----
>>> From: Stefano Previdi (sprevidi) [mailto:sprevidi@cisco.com<mailto:sprevidi@cisco.com>]
>>> Sent: Tuesday, May 17, 2016 10:41 AM
>>> To: Tom Herbert
>>> Cc: Tal Mizrahi; 6man WG; spring@ietf.org<mailto:spring@ietf.org>;
>>> draft-ietf-6man-segment-routing- header@tools.ietf.org<mailto:header@tools.ietf.org>
>>> Subject: Re: [spring] L4 Checksum and draft-ietf-6man-segment-routing-
>>> header
>>> 
>>> 
>>>> On May 16, 2016, at 7:10 PM, Tom Herbert <tom@herbertland.com<mailto:tom@herbertland.com>>
>> wrote:
>>>> 
>>>> On Mon, May 16, 2016 at 4:32 AM, Tal Mizrahi <talmi@marvell.com<mailto:talmi@marvell.com>>
>>> wrote:
>>>>>> it's all about IP, not layer-2.
>>>>>> 
>>>>>> s.
>>>>> 
>>>>> Right. However, it appears that at least in some cases a VXLAN VTEP
>>>>> will
>>> use SR. It certainly may be the case in SFC use cases (see Section 2.3
>>> in draft- ietf-spring-ipv6-use-cases).
>>>>> 
>>>> 
>>>> draft-ietf-6man-segment-routing-header mentions that the packet is
>>>> encapsulated
>>> 
>>> 
>>> into an outer ipv6 header which makes it a layer-3 encap.
>>> 
>>> 
>>>> , but I don't think it is explicit as to exact encapsulation format
>>>> (I suppose simple ip6ip6 is implied).
>>> 
>>> 
>>> see section 2.2
>>> 
>>> 
>>>> But, it
>>>> seems like any of several encapsulation techniques could work (VXLAN,
>>> 
>>> 
>>> I have some problems to understand where to fit an extension header
>>> into a vxlan encap...
>>> 
>>> 
>>>> GRE/IP, ESP/IP, GUE, foo over UDP, etc.) and if a device that wants
>>>> to do SR is already doing tunneling it seems reasonable to me to only
>>>> have one layer of encapsulation. Maybe this should be clarified in
>>>> the draft?
>>> 
>>> 
>>> the draft is about IPv6 extension header and more precisely a new type
>>> of the routing extension header defined in rfc2460. That's the context.
>>> 
>>> 
>>> s.
>>> 
>>> 
>>> 
>>> 
>>>> 
>>>> Tom
>>>> 
>>>>> 
>>>>> 
>>>>>> -----Original Message-----
>>>>>> From: Stefano Previdi (sprevidi) [mailto:sprevidi@cisco.com<mailto:sprevidi@cisco.com>]
>>>>>> Sent: Monday, May 16, 2016 2:24 PM
>>>>>> To: Tal Mizrahi
>>>>>> Cc: Ole Trøan;
>>>>>> draft-ietf-6man-segment-routing-header@tools.ietf.org<mailto:draft-ietf-6man-segment-routing-header@tools.ietf.org>;
>>>>>> spring@ietf.org<mailto:spring@ietf.org>; 6man WG
>>>>>> Subject: Re: [spring] L4 Checksum and
>>>>>> draft-ietf-6man-segment-routing- header
>>>>>> 
>>>>>> 
>>>>>>> On May 16, 2016, at 1:19 PM, Tal Mizrahi <talmi@marvell.com<mailto:talmi@marvell.com>> wrote:
>>>>>>> 
>>>>>>> Hi Stefano,
>>>>>>> 
>>>>>>> Thanks again for the prompt response.
>>>>>>> 
>>>>>>>> 2. the SRH is originated by the ingress node of the SR domain.
>>>>>>>> This is done by encapsulating the packet into a outer
>>>>>>>> (additional) ipv6 header followed by an SRH. This is L3
>>>>>>>> encapsulation and no L4 checksum is involved. When the  packet
>>>>>>>> leaves the SR tunnel the outer encapsulation  (including the SRH)
>>>>>>>> is removed and the packet continues  its journey like nothing
>> happened.
>>>>>>> 
>>>>>>> So VXLAN is off the table?
>>>>>> 
>>>>>> 
>>>>>> it's all about IP, not layer-2.
>>>>>> 
>>>>>> s.
>>>>>> 
>>>>>> 
>>>>>>> It would be worthwhile to clarify this in the draft. If you have a
>>>>>>> specific
>>>>>> encapsulation in mind, it would be great if the draft would specify it.
>>>>>>> 
>>>>>>> Thanks,
>>>>>>> Tal.
>>>>>>> 
>>>>>>> 
>>>>>>>> -----Original Message-----
>>>>>>>> From: Stefano Previdi (sprevidi) [mailto:sprevidi@cisco.com<mailto:sprevidi@cisco.com>]
>>>>>>>> Sent: Monday, May 16, 2016 2:13 PM
>>>>>>>> To: Tal Mizrahi
>>>>>>>> Cc: Ole Trøan;
>>>>>>>> draft-ietf-6man-segment-routing-header@tools.ietf.org<mailto:draft-ietf-6man-segment-routing-header@tools.ietf.org>;
>>>>>>>> spring@ietf.org<mailto:spring@ietf.org>; 6man WG
>>>>>>>> Subject: Re: [spring] L4 Checksum and
>>>>>>>> draft-ietf-6man-segment-routing- header
>>>>>>>> 
>>>>>>>> Hi,
>>>>>>>> 
>>>>>>>> On May 16, 2016, at 11:04 AM, Tal Mizrahi <talmi@marvell.com<mailto:talmi@marvell.com>>
>>> wrote:
>>>>>>>>> 
>>>>>>>>> Hi Stefano,
>>>>>>>>> 
>>>>>>>>> Thanks for the responses.
>>>>>>>>> 
>>>>>>>>>> exactly.
>>>>>>>>>> 
>>>>>>>>>> Moreover, draft-ietf-6man-segment-routing-header assumes
>>>>>>>>>> encapsulation so clearly there's no L4 involved here.
>>>>>>>>>> 
>>>>>>>>>> s.
>>>>>>>>> 
>>>>>>>>> Two questions:
>>>>>>>>> 1. What if the encapsulation is VXLAN? L4 would still be
>>>>>>>>> involved,
>>> right?
>>>>>>>> 
>>>>>>>> 
>>>>>>>> See below.
>>>>>>>> 
>>>>>>>> 
>>>>>>>>> 2. When you say 'assumes encapsulation', does it mean that a
>>>>>>>>> host cannot
>>>>>>>> send an IPv6 packet with an SRH? The current draft says:
>>>>>>>>> 
>>>>>>>>> A Source SR Node can be any node originating an IPv6 packet with
>>>>>>>>> its
>>>>>>>>> IPv6 and Segment Routing Headers.  This include either:
>>>>>>>>> 
>>>>>>>>>   A host originating an IPv6 packet.
>>>>>>>>> 
>>>>>>>>>   An SR domain ingress router encapsulating a received IPv6 packet
>>>>>>>>>   into an outer IPv6 header followed by an SRH.
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> Will appreciate if you can clarify that.
>>>>>>>> 
>>>>>>>> 
>>>>>>>> ok, two cases:
>>>>>>>> 
>>>>>>>> 1. the SRH is inserted at the source.
>>>>>>>> the source originates the packet, the ipv6 header and  the SRH.
>>>>>>>> The source computes L4 checksum taking into  account the whole
>>> IPv6+SRH.
>>>>>>>> Here, theres' nothing new  compared to rfc2460.
>>>>>>>> 
>>>>>>>> 2. the SRH is originated by the ingress node of the SR domain.
>>>>>>>> This is done by encapsulating the packet into a outer
>>>>>>>> (additional) ipv6 header followed by an SRH. This is L3
>>>>>>>> encapsulation and no L4 checksum is involved. When the  packet
>>>>>>>> leaves the SR tunnel the outer encapsulation  (including the SRH)
>>>>>>>> is removed and the packet continues  its journey like nothing
>> happened.
>>>>>>>> 
>>>>>>>> s.
>>>>>>>> 
>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> Thanks,
>>>>>>>>> Tal.
>>>>>>>>> 
>>>>>>>>>> -----Original Message-----
>>>>>>>>>> From: Stefano Previdi (sprevidi) [mailto:sprevidi@cisco.com<mailto:sprevidi@cisco.com>]
>>>>>>>>>> Sent: Monday, May 16, 2016 11:59 AM
>>>>>>>>>> To: Ole Trøan; Tal Mizrahi
>>>>>>>>>> Cc: draft-ietf-6man-segment-routing-header@tools.ietf.org<mailto:draft-ietf-6man-segment-routing-header@tools.ietf.org>;
>>>>>>>>>> spring@ietf.org<mailto:spring@ietf.org>; 6man WG
>>>>>>>>>> Subject: Re: [spring] L4 Checksum and
>>>>>>>>>> draft-ietf-6man-segment-routing- header
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>>> On May 15, 2016, at 8:06 PM, otroan@employees.org<mailto:otroan@employees.org> wrote:
>>>>>>>>>>> 
>>>>>>>>>>> Tal,
>>>>>>>>>>> 
>>>>>>>>>>>> [Apologies if this issue has been discussed before.]
>>>>>>>>>>>> 
>>>>>>>>>>>> According to draft-ietf-6man-segment-routing-header, an 'SR
>>>>>>>>>>>> Segment
>>>>>>>>>> Endpoint Node' updates the Destination IP address.
>>>>>>>>>>>> Therefore, it must also update the Layer 4 Checksum, right?
>>>>>>>>>>>> 
>>>>>>>>>>>> I wonder if there is an upper bound on the size of the SRH.
>>>>>>>>>>>> Otherwise, the
>>>>>>>>>> L4 Checksum may be located in a pretty deep location.
>>>>>>>>>>>> Speaking from a chip vendor's perspective this may be a problem

v2.23.0 | Report a Bug | By Email