IETF Logo Mail Archive

Re: [spring] C-SIDs and upper layer checksums (draft-ietf-spring-srv6-srh-compression)

Robert Raszuk <robert@raszuk.net> Wed, 03 April 2024 22:05 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6D26C14F680 for <spring@ietfa.amsl.com>; Wed, 3 Apr 2024 15:05:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9fpTjk7JGEzX for <spring@ietfa.amsl.com>; Wed, 3 Apr 2024 15:05:18 -0700 (PDT)
Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5439C14F61D for <spring@ietf.org>; Wed, 3 Apr 2024 15:05:18 -0700 (PDT)
Received: by mail-ed1-x536.google.com with SMTP id 4fb4d7f45d1cf-56e030624d1so462186a12.2 for <spring@ietf.org>; Wed, 03 Apr 2024 15:05:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; t=1712181917; x=1712786717; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=JjvqP+W+v5rew/YLffV5+y78qvV0WRJZ6yRzA9QuC2g=; b=frJJaMWyOBjS5AiZtto7Ie00PxUEbZR1gcu6d9IWNNjznhfGNRCx3X9EyFquD/Kmtw 0qMZhdRg43Ltn3o7g5vnFmEAKeLypSBty7LPfb5k8MnizzRL+eAZfskXD3JnBnRqoifG 34VyCUfuyLxFVIBaYA0bAkTnmM6irXyHATzp/2i64CWJR+CRjZUUQYZAX8HwWNWCTynZ ABN/JLu4Lm6Yovl0Ev3a1WyVDzJNoA6Ga7OVwVPE5tOc323JVYWZI2fXWv+mOXSupzPC EUAaUs4UDuY8NNivid5oFiPUJgGYiKFT0XEleuPmVOXjFa9z+sutFvUXcr8+W3EOrMvr Ngrg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712181917; x=1712786717; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=JjvqP+W+v5rew/YLffV5+y78qvV0WRJZ6yRzA9QuC2g=; b=vcgl0rU1PJ1BA8sFOxOOU5evSlYDYxHBBl2f7B6SbA6pNyj4/X8YckdrogWpq9hQWu S3rOYa55XKy41YbcSTIi5ZYNQFiRxlPwL/Sl9RDS/40ka2YT7b1uJgaLTG3QCGC00r2A UjXFVQDRbaCJSA61+hF6V6ELJ8KjzEQpL329Q495uKMPFRqHwOQRsLXXhmaZs874l/dG /yzZY7MCdjr91rFHTRVeQSbbCOikUg9hyD7sS2KvFxTRbPlvLm3GudDh/yBYVsC4jqj1 OYL6rkBajh7WUtIOPcW/973eOA31xOVm/gCwkSptCkU98L022mwxQHcbfYb7WK5j3eYB svMA==
X-Gm-Message-State: AOJu0YyDZg9RroMJz7eL1L5w5swOJ2NvChLxUZmYeCrMPkz1KblYpL9c u0uHXIkZIOwR0Z9aIR3I/zRQcnAXrsSgowgRQyhY9Rq8qgTrWgsKnKTqkEXaUFK23/IVwZlL63/ 47cv+efEwXQ59XIHSvAZoZQsQuRjWbbB8nougVTfZt92GA79T
X-Google-Smtp-Source: AGHT+IE2rAsjAI6VlNapoVPjGN24i5dzy1RwF/zCaw4eRCBOUVhAHFetnTP3PkFkZFtXK0zv4Wsfv73j9lH/m5mwIuA=
X-Received: by 2002:a50:d55a:0:b0:56c:522f:53e1 with SMTP id f26-20020a50d55a000000b0056c522f53e1mr526666edj.17.1712181917122; Wed, 03 Apr 2024 15:05:17 -0700 (PDT)
MIME-Version: 1.0
References: <CAMMESsyCYJwWP48=a9RWx3n8txS1eR4VLnUeE++VEdHKFeKOjw@mail.gmail.com> <CAOj+MMH9-F0nWG6zDZXxAGOQ7T8T9bUn74f4o=Fh2p0zah86Gg@mail.gmail.com> <e50b6a1b-08ae-4c8c-b3f0-0900fe8a9158@joelhalpern.com> <CAOj+MME5yL2S9Y8woVhLpkx8Xjq8g1+Ngw0RjH7o5u82p-38yg@mail.gmail.com> <71b6f07e-08d6-40a0-9436-e4acebf96c3b@joelhalpern.com>
In-Reply-To: <71b6f07e-08d6-40a0-9436-e4acebf96c3b@joelhalpern.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Thu, 04 Apr 2024 00:05:06 +0200
Message-ID: <CAOj+MMGNbYy=QZdptdKfYa-1pGfO0OeEbc_SsOVcvhgR+==sHQ@mail.gmail.com>
To: Joel Halpern <jmh@joelhalpern.com>
Cc: SPRING WG List <spring@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f61c390615386ac7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/LlAV037KaKopMMV5MbgmQVSr3lI>
Subject: Re: [spring] C-SIDs and upper layer checksums (draft-ietf-spring-srv6-srh-compression)
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2024 22:05:22 -0000

Ok Joel,

Thank you for this clarification.

To me the actual spirit of RFC8200 8.1 is to say that it is ok to
compute the checksum by the src such that it comes out right at the final
destination.

But I guess we can have different opinions about that.

But what I find specifically surprising here is that it is a norm in IETF
to have new specifications defining protocol extensions and their behaviour
and never go back to the original protocol RFC to check if this is ok or
not. If that would not be a normal process I bet we would still be using
classful IPv4 routing all over the place.

Regards,
Robert


On Wed, Apr 3, 2024 at 11:28 PM Joel Halpern <jmh@joelhalpern.com> wrote:

> The concern with regard to the text that the chairs are asking about is
> not about intermediate nodes verifying the checksum.  The text does not
> talk aabout that, so we are not asking about that.
>
> But, the text in 8200 specifies how the originating node is to compute the
> upper layer checksum.  It doesn't say "do whatever you need to do to make
> the destination come out right".  It provides specific instructions.  Yes,
> it is understandable that those instructions do not cover the compressed
> container cases.  Which is why the compression document specifies changes
> to those procedures.
>
> Thus, we need to ask 6man how they want to handle the change in the
> instructions in 8200.
>
> the question we are asking SPRING is whether there is any clarification
> people want to the text in the compression draft before we send the
> question over to 6man.
>
> Yours,
>
> Joel
> On 4/3/2024 5:15 PM, Robert Raszuk wrote:
>
> Hi Joel,
>
> My interpretation of text from RFC8200 is that it allows discrepancy
> between the header and the upper layer checksum as long as final packet's
> destination sees the correct one.
>
> The last condition is met.
>
> So I see no issue.
>
> Sure RFC8200 does not talk about SRH nor cSIDs, but provides a hint on how
> to handle such future situations.
>
> With that being said I would like to still understand what real problem
> are we hitting here ...
>
> Kind regards,
> Robert
>
> On Wed, Apr 3, 2024 at 11:09 PM Joel Halpern <jmh@joelhalpern.com> wrote:
>
>> There are two cases covered in section 6.5 of the compression draft that
>> appear to be at variance with secton 8.1 of RFC 8200.
>>
>> First, if the final destination in the routing header is a compressed
>> container, then the ultimate destination address will not be the same as
>> the final destination shown in the routing header.
>>
>> Second, if a uSID container is used as the destination address and no SRH
>> is present, then in addition to the above problem there is no routing
>> header to trigger the behavior described.
>>
>> Yours,
>>
>> Joel
>> On 4/3/2024 4:22 PM, Robert Raszuk wrote:
>>
>> Hi Alvaro,
>>
>> Section 6.5 of draft-ietf-spring-srv6-srh-compression describes the
>>> behavior when an originating node inside an SRv6 domain creates a
>>> packet with a C-SID as the final destination.
>>> *This description differs from the text in Section 8.1 of RFC8200.*
>>
>>
>> I would like you to clarify the above statement - specifically of the
>> last sentence.
>>
>> Reason for this that after looking at both drafts I find section 6.5 of
>> the subject draft to be exactly in line with RFC8200 section 8.1 especially
>> with the paragraf which says:
>>
>>
>>
>>
>>
>>
>>
>> *         If the IPv6 packet contains a Routing header, the Destination
>>        Address used in the pseudo-header is that of the final
>>  destination.  At the originating node, that address will be in
>>  the last element of the Routing header; at the recipient(s),          that
>> address will be in the Destination Address field of the          IPv6
>> header. *
>>
>> So before we dive into solutions (as Andrew has already provided a few
>> of) I think we should first agree on what precise problem are we solving
>> here ?
>>
>> Many thx,
>> Robert
>>
>> PS. As a side note I spoke with my hardware folks - just to check if
>> validation of upper-layer checksum is even an option for transit nodes. The
>> answer is NO as most data plane hardware can read at most 256 bytes of
>> packets. So unless there is some specialized hardware processing up to 9K
>> packets in hardware at line rates this entire discussion about checksum
>> violations, fears of firing appeals is just smoke.
>>
>>

v2.23.0 | Report a Bug | By Email