IETF Logo Mail Archive

Re: [spring] 6MAN WGLC: draft-ietf-6man-sids

Robert Raszuk <robert@raszuk.net> Sat, 08 October 2022 21:07 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9C59C14F722 for <spring@ietfa.amsl.com>; Sat, 8 Oct 2022 14:07:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id of_Jie58OxYR for <spring@ietfa.amsl.com>; Sat, 8 Oct 2022 14:07:08 -0700 (PDT)
Received: from mail-wm1-x32c.google.com (mail-wm1-x32c.google.com [IPv6:2a00:1450:4864:20::32c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1880FC14CE24 for <spring@ietf.org>; Sat, 8 Oct 2022 14:06:39 -0700 (PDT)
Received: by mail-wm1-x32c.google.com with SMTP id p26-20020a7bcc9a000000b003c384e59047so2355616wma.4 for <spring@ietf.org>; Sat, 08 Oct 2022 14:06:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=PmI9DqG56LMOH6E7LaocoWp2tdqDVMxf+9ZCWUBYEoA=; b=Quok8GkI35efDRqL5Z6cvZxQSIcaBWDURjqwGHu0mFQODKcXXiCvwgPKn8OMSi88zZ kNX3+klvqWNUBDswoFPSlcWQUO1YwxdpR9irXANq6qgysW9Zsv5Z7B4mvqjpgTPImRHu 5xV+5PiHigsRXCHpTtHh4ojEIIfcYdQWODNfzE1Yuw6nGbSMZUD29NbWeS4tOjlSiCpi Lw8nVHJOTphX92QFXz4YC0NlTOwnY48wVnJFUpyx62DUe64aIGxnH3JiopGvnGqgwEjX z6Tj2+sKrPF+jfqXFjZPiLEMMAAM0fNFajC+Co4eSXI6JraydjdYAMMj1DsHtoF5MPMp PX9Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=PmI9DqG56LMOH6E7LaocoWp2tdqDVMxf+9ZCWUBYEoA=; b=5n/8SdmcDvvABtUOQnwm9+2pfDGCUl6zfKcWp87Lgbt1i8lUJ204ctFLSktZkZt/BM Qz6khCwBSv/B0M8k38RP76bMelKODSUmNRllCAXaUahemhyBXPkW4UYHCu35oqCpjJyf zsgKALtQhl5ptqEHuO/i89YeDMxeDUsHIpuZQIuc7BeZPaSDnGqSHKMNl+I/jfOeZRnq bxFI6GQB4paA7GHDOCFF2zpxDjMAxqHOmmRoLIxlfFP7mdpupVcmAHmU+OdCggHWG7ff h82KdDofZDmoGtYigGf9wQugoiVvBiPmz2onAYY0mYdEoD41qJ8YJEPw7TayjALX7BwM 2EhA==
X-Gm-Message-State: ACrzQf3xrt/VsQjFukQvRD5FwI1olUAEVkoNyquhN7rxprTdM4qL0CwS ymNR7d3ufRfxKir2PA1onfKe4o/RRtFLro6egvHDmw==
X-Google-Smtp-Source: AMsMyM6Joww0uCHHBRVWGUjRBJa+IykdlGWmr1W7wn7wb09D/NvrOzxd9f0i9egnrgI/jyZC01CCBOMBNT8wnz27XOs=
X-Received: by 2002:a05:600c:5022:b0:3be:ed8:9a25 with SMTP id n34-20020a05600c502200b003be0ed89a25mr14686009wmr.194.1665263198472; Sat, 08 Oct 2022 14:06:38 -0700 (PDT)
MIME-Version: 1.0
References: <CAFU7BARixwPZTrNQOuEw3WP-FqUsVwTj7btMTahcMbXm_NqWGw@mail.gmail.com> <CAB75xn4+N31=ggO03AAQJANv7RgHaC1eNGXRUQ9B20rLK+nJyg@mail.gmail.com> <E77D8982-11E9-45F9-81BF-3CA1E1F6B745@gmail.com> <CAB75xn4Zme4KOjPuY1_-4jCKTk1jshbq8X645zXhYQLiKB+N9g@mail.gmail.com> <54A38015-95AD-41F0-8E9D-76B3E62AA55B@gmail.com> <bdd7bf12-f712-3fe5-2698-9272c16ddded@joelhalpern.com> <58E77509-A1A1-4CE8-9EE4-22BEEEA8B62E@gmail.com> <98a941e4-0fff-ced1-d4ca-4406368eac31@joelhalpern.com> <4DC495DF-AD6B-4D60-80C4-B836DD365A0C@gmail.com> <CAOj+MMEx7+jWN1yC=81dMwo5GmqbhyHqOZr9W2_qzN9BNjs+Zw@mail.gmail.com> <ab55e9c0-60b9-2986-07f1-38c28852009e@joelhalpern.com> <CAOj+MMEn6Dz-Rz0PRRvR8VXT8idAQm+rLuouWJoNz-dA+kRkJQ@mail.gmail.com> <1fe2d387-8ecc-5240-092c-84a5978af5e4@gmail.com>
In-Reply-To: <1fe2d387-8ecc-5240-092c-84a5978af5e4@gmail.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Sat, 08 Oct 2022 23:07:15 +0200
Message-ID: <CAOj+MME6Nb3MLQCiGQ5S06Cwj6d3Z+aoSpxwFdtoFaV-yPPuJQ@mail.gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Joel Halpern <jmh@joelhalpern.com>, Suresh Krishnan <suresh.krishnan@gmail.com>, 6man <ipv6@ietf.org>, SPRING WG List <spring@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000671ed905ea8c4d73"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/M0gJImpxdeB_9J8L3F8FTtI0d-A>
Subject: Re: [spring] 6MAN WGLC: draft-ietf-6man-sids
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Oct 2022 21:07:12 -0000

Hi Brian,

Completely agree.

One thing is not to guarantee anything in respect to forwarding IPv6
packets with SRH (or any other extension header) and the other thing is to
on purpose recommending killing it at interdomain boundary as some sort of
evil.

Cheers,
R.



On Sat, Oct 8, 2022 at 9:51 PM Brian E Carpenter <
brian.e.carpenter@gmail.com> wrote:

> Robert,
>
> > If there is any spec which mandates that someone will drop my IPv6
> packets only because they contain SRH in the IPv6 header I consider this an
> evil and unjustified action.
>
> The Internet is more or less opaque to most extension headers, especially
> to recently defined ones, so I don't hold out much hope for SRH outside SR
> domains.
>
> https://www.rfc-editor.org/rfc/rfc9098.html
> https://datatracker.ietf.org/doc/html/draft-elkins-v6ops-eh-deepdive-fw
>
> Regards
>     Brian Carpenter
>
> On 09-Oct-22 07:52, Robert Raszuk wrote:
> > Hi Joel,
> >
> > I was hoping this is apparent so let me restate that I do not buy into
> "limited domain" business for SRv6.
> >
> > I have N sites connected over v6 Internet. I want to send IPv6 packets
> between my "distributed globally limited domain" without yet one more encap.
> >
> > If there is any spec which mandates that someone will drop my IPv6
> packets only because they contain SRH in the IPv6 header I consider this an
> evil and unjustified action.
> >
> > Kind regards,
> > Robert
> >
> > On Sat, Oct 8, 2022 at 7:40 PM Joel Halpern <jmh@joelhalpern.com
> <mailto:jmh@joelhalpern.com>> wrote:
> >
> >     Robert, I am having trouble understanding your email.
> >
> >     1) A Domain would only filter the allocated SIDs plus what it
> chooses to use for SRv6.
> >
> >     2) Whatever it a domain filters should be irrelevant to any other
> domain, since by definition SRv6 is for use only within a limited domain.
> So as far as I can see there is no way a domain can apply incorrect
> filtering.
> >
> >     Yours,
> >
> >     Joel
> >
> >     On 10/8/2022 3:16 AM, Robert Raszuk wrote:
> >>     Hi Suresh,
> >>
> >>         NEW:
> >>         In case the deployments do not use this allocated prefix
> additional care needs to be exercised at network ingress and egress points
> so that SRv6 packets do not leak out of SR domains and they do not
> accidentally enter SR unaware domains.
> >>
> >>
> >>     IMO this is too broad. I would say that such ingress filtering
> could/should happen only if dst or locator is within locally
> configured/allocated prefixes. Otherwise it is pure IPv6 transit and I see
> no harm not to allow it.
> >>
> >>         Similarly as stated in Section 5.1 of RFC8754 packets entering
> an SR domain from the outside need to be configured to filter out the
> selected prefix if it is different from the prefix allocated here.
> >>
> >>
> >>     Again the way I read it this kills pure IPv6 transit for SRv6
> packets. Why ?
> >>
> >>     (Well I know the answer to "why" from our endless discussions about
> SRv6 itself and network programming however I still see no need to mandate
> in any spec to treat SRv6 packets as unwanted/forbidden for pure IPv6
> transit.)
> >>
> >>     Thx,
> >>     R.
> >
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email