Re: [spring] Chair Review of draft-ietf-spring-srv6-srh-compression-11

Robert Raszuk <robert@raszuk.net> Mon, 25 March 2024 16:07 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4876EC14CE27 for <spring@ietfa.amsl.com>; Mon, 25 Mar 2024 09:07:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2rtkFHKLZjMm for <spring@ietfa.amsl.com>; Mon, 25 Mar 2024 09:07:53 -0700 (PDT)
Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E0E7C151098 for <spring@ietf.org>; Mon, 25 Mar 2024 09:07:42 -0700 (PDT)
Received: by mail-ej1-x632.google.com with SMTP id a640c23a62f3a-a465ddc2c09so252231366b.2 for <spring@ietf.org>; Mon, 25 Mar 2024 09:07:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; t=1711382860; x=1711987660; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=hisqgdxf7CJpmYGB9CgedxgL2uoXC8wG6e9XSUJhshU=; b=b4OFM+2rDKTbzoJPJUX4W6wDKs6s2FWVIS7KBlrA3MDRhTG+xeQOK3OM8UiSBe2aIs gUaK5nCzWrgFX7O1vtYHD/+p6XQF01KuABfmp8DuzRJhGb6sFfrQsj03naqsGgdQKIZM NBCAHS3X5ekTS9z5vYhHos177SWuRBK5CiDmdmiirqlfn1j+Hce+wcogdA38uVWzF6JC zZcwIfVYTGLwRKfYjC/3LjmR+voW7LXlDq1RAg1wDQ9M4QpkpcM8euKsidnWmK8fcs0m T7eG1IbSX28oZVqqpklDbmgMFgrZpYxpDyZAA5D8z5t9rP8RDL9agArcVS50kEpPnfWG cVwQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711382860; x=1711987660; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=hisqgdxf7CJpmYGB9CgedxgL2uoXC8wG6e9XSUJhshU=; b=OWyHGmfLoeD++VPaf87HdiP75sEfuFGItaUbDwDts1sXd+MkxNYP4cAn3eaTpht00L Ovomk7b2MnelkuB+kdGVws/kzZT+IkAnszSfUW4vW7Tzz+IS2+CG5ei4cEGKply4Jbq2 1IkiZ4BKQyj2efMXu1xI9HhjRGqBkfcw19kZxcF8C2yVhMnSJh6WqHNI0EgV9MKLQYRO puCTwWxiXZUjQJQ6MJoXT8Vfh2jVLWPOJXD/smwc1ry+9yAvOHlWhaJNW+W7n3ZfXqQT xG8QKG3xUa1VDCwJYh3pbZ4GUv/H2iRB2Pzvp0eSQCdu3nUMBptyE0v0q/LukHYoxf2m z/bg==
X-Forwarded-Encrypted: i=1; AJvYcCUhclBk7XmXfwFQpBhBgB9v2LBdt41q5DlTrydptKMKW6HuCjBlB0q8qZiuD5wmbjfVOyLGTxoqtASPfqsS8wY=
X-Gm-Message-State: AOJu0YxVlLXtbJEQgjYumwrnqncbIE9DMq4+v5jKv1tv60LLlfnfBfxT P/lxm0nkwGnOXOaqkCCGTpoMWk32DV0pz1tg0xqYLfRMpvSU8ErZZVSCZ4OANN1ED465JDUl/pM PjnnSnp/XZodffW1wDgMhyi06I3sOvUWomZCYBQ==
X-Google-Smtp-Source: AGHT+IEgeorudqcWtIdJld7DuKviSFNNOGLQmRfHdl6eXQmhJyt9LLe1OVw0+UVoMFyw+27kTjSYtFMJTDa6mWwx3YA=
X-Received: by 2002:a50:9e44:0:b0:568:d19e:7ab0 with SMTP id z62-20020a509e44000000b00568d19e7ab0mr6433329ede.36.1711382860264; Mon, 25 Mar 2024 09:07:40 -0700 (PDT)
MIME-Version: 1.0
References: <CAMMESsw=PihfkO3nECiBnCALfCC=vTRn6c1_OYPK-jT5=yHFZA@mail.gmail.com> <CAHT6gR9ytPWVDBdSnoKmofzN2cfEQhS5siV-i405XMP-_=27hw@mail.gmail.com> <CAMMESsyTokFK6Ff8cFJYHSFF917FKfE22FL3e4URCfwNAyYZEA@mail.gmail.com> <CAHT6gR-ry4WgjUs+8OvFmzYwB9Gn-+0tUaaaXvTtk2FgiAB0JA@mail.gmail.com> <CAHT6gR-Zv75y1AjWJkg-D5hLc3O0KFsE51U8cvRvgc8n9bAE=w@mail.gmail.com> <DU2PR03MB80211A59BB7464AF835DFEE2FA362@DU2PR03MB8021.eurprd03.prod.outlook.com> <BL0PR05MB531659043D056FFB4EB38BA7AE362@BL0PR05MB5316.namprd05.prod.outlook.com> <DU2PR03MB8021CBC7A097F17AE3F64102FA362@DU2PR03MB8021.eurprd03.prod.outlook.com> <CALx6S354yL2nRd6Xf4yzq7D+GbQQhYPPxRN58V3kQ0CaMQA+UQ@mail.gmail.com> <CAOj+MMGKA_Bf=sD7aivXMdhexy3gsPTkPp5_DY4hicSigm+cxA@mail.gmail.com> <DU2PR03MB802141D381DD2C716442D01DFA362@DU2PR03MB8021.eurprd03.prod.outlook.com> <CAOj+MMGWkyLqfk-PM8rTCyEpMLQDvujO3P6O=NxGQunB5GBxdA@mail.gmail.com> <DU2PR03MB8021817EDB0676FCDFC0FF3CFA362@DU2PR03MB8021.eurprd03.prod.outlook.com> <CAOj+MMEPZ4O1sTEUm4u-v72MwcptejNWLfcBvFJA98-2qDzzfg@mail.gmail.com> <DU2PR03MB8021CFB963C174317CF604E2FA362@DU2PR03MB8021.eurprd03.prod.outlook.com> <CAOj+MMFDrRq9igN16Dy0LXR=QiopdmHJbTd0SRT=_XdVGgjt+g@mail.gmail.com> <DU2PR03MB80213CDDFC54A4A9C456D654FA362@DU2PR03MB8021.eurprd03.prod.outlook.com>
In-Reply-To: <DU2PR03MB80213CDDFC54A4A9C456D654FA362@DU2PR03MB8021.eurprd03.prod.outlook.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Mon, 25 Mar 2024 17:07:28 +0100
Message-ID: <CAOj+MMGyoo3afahjqfqK50E0NQRN6C-HyZ8HMaK7ZEegRhacsg@mail.gmail.com>
To: Andrew Alston - IETF <andrew-ietf@liquid.tech>
Cc: Tom Herbert <tom=40herbertland.com@dmarc.ietf.org>, Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, "spring@ietf.org" <spring@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007616a006147e5fa7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/MPZQsp70kjfZyZsd7KlBCPIBeOE>
Subject: Re: [spring] Chair Review of draft-ietf-spring-srv6-srh-compression-11
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2024 16:07:58 -0000

So your point is not about transit via SRv6 C-SID enabled domains but about
hosts sending native SRv6 packets ? On the latter I let C-SID authors to
comment. But the former seems no issue and this is what I wanted to
clarify.

Just to note that even if so we already have an RFC 8754 which
explicitly allows that:

3.1.  <https://datatracker.ietf.org/doc/html/rfc8754#section-3.1>SR Source
Node <https://datatracker.ietf.org/doc/html/rfc8754#name-sr-source-node>

A SR source node is any node that originates an IPv6 packet with a segment
(i.e., SRv6 SID) in the destination address of the IPv6 header. *The packet
leaving the SR source node may or may not contain an SRH.* This includes
either:¶ <https://datatracker.ietf.org/doc/html/rfc8754#section-3.1-1>

   - A host originating an IPv6 packet, or¶
   <https://datatracker.ietf.org/doc/html/rfc8754#section-3.1-2.1>
   - An SR domain ingress router encapsulating a received packet in an
   outer IPv6 header, followed by an optional SRH.¶
   <https://datatracker.ietf.org/doc/html/rfc8754#section-3.1-2.2>




On Mon, Mar 25, 2024 at 4:47 PM Andrew Alston - IETF
<andrew-ietf@liquid.tech> wrote:

> If the text indeed states that we always encapsulate – and then clarifies
> that the checksum on encap is set to zero – in clear umambiguous text – no
> problem.
>
>
>
> However, unless I missed something – it does NOT say that we push an
> additional header.  If I am wrong on this, please feel free to correct me
> with citation to relevant drafts.  In fact, I believe things were carefully
> written to allow hosts in the domain to use SRv6 without extra encap –
> again – please correct me with the citations if I’m wrong.
>
>
>
> Thanks
>
>
>
> Andrew
>
>
>
>
> Internal All Employees
> From: Robert Raszuk <robert@raszuk.net>
> *Date: *Monday, 25 March 2024 at 18:43
> *To: *Andrew Alston - IETF <andrew-ietf@liquid.tech>
> *Cc: *Tom Herbert <tom=40herbertland.com@dmarc.ietf.org>, Ron Bonica
> <rbonica=40juniper.net@dmarc.ietf.org>, spring@ietf.org <spring@ietf.org>
> *Subject: *Re: [spring] Chair Review of
> draft-ietf-spring-srv6-srh-compression-11
>
> Andrew,
>
>
>
> So my understanding is that there is *always* a new IPv6 header pushed on
> the packet when it travels via the SRv6 "limited domain". With or without
> SRH.
>
>
>
> If we do not - oh yes then your concerns are correct.
>
>
>
> If we however do - do you see any issue
> with draft-ietf-spring-srv6-srh-compression ?
>
>
>
> Thx,
>
> R.
>
>
>
>
>
> On Mon, Mar 25, 2024 at 4:35 PM Andrew Alston - IETF
> <andrew-ietf@liquid.tech> wrote:
>
> It does mean the packet is NOT encapsulated.
>
>
>
> An SRv6 packet without an SRH has no encapsulation unless you are talking
> about applying a separate Ipv6 header to the packet that is stripped off at
> the end.  Encapsulation is defined as “The action of enclosing something in
> aor as if in a capsule”. An SRv6 packet without an SRH is not enclosed in
> anything – it is an outer layer header that you are mangling along the path.
>
>
>
> Hence – unless you are proposing adding an encapsulation header – that
> paragraph in 8200 does not apply
>
>
>
> Andrew
>
>
>
>
>
>
>
> Internal All Employees
>
> From: Robert Raszuk <robert@raszuk.net>
> *Date: *Monday, 25 March 2024 at 18:32
> *To: *Andrew Alston - IETF <andrew-ietf@liquid.tech>
> *Cc: *Tom Herbert <tom=40herbertland.com@dmarc.ietf.org>, Ron Bonica
> <rbonica=40juniper.net@dmarc.ietf.org>, spring@ietf.org <spring@ietf.org>
> *Subject: *Re: [spring] Chair Review of
> draft-ietf-spring-srv6-srh-compression-11
>
> The fact that there is no SRH does not mean that we have mangled the
> raw/original IPv6 packets.
>
>
>
> Just read the subject spec's abstract:
>
>
>
> Such compression significantly reduces the size of the *SRv6
> encapsulation* needed to steer packets over long segment lists.¶
> <https://datatracker.ietf.org/doc/html/draft-ietf-spring-srv6-srh-compression#section-abstract-1>
>
>
>
> On Mon, Mar 25, 2024 at 4:27 PM Andrew Alston - IETF
> <andrew-ietf@liquid.tech> wrote:
>
> Hi Robert,
>
>
>
> Yet in this case we are explicitly talking about srv6 without an SRH –
> where exactly is the tunnel encap here?
>
>
>
> Thanks
>
>
>
> Andrew
>
>
>
>
>
>
>
> Internal All Employees
>
> From: Robert Raszuk <robert@raszuk.net>
> *Date: *Monday, 25 March 2024 at 18:23
> *To: *Andrew Alston - IETF <andrew-ietf@liquid.tech>
> *Cc: *Tom Herbert <tom=40herbertland.com@dmarc.ietf.org>, Ron Bonica
> <rbonica=40juniper.net@dmarc.ietf.org>, spring@ietf.org <spring@ietf.org>
> *Subject: *Re: [spring] Chair Review of
> draft-ietf-spring-srv6-srh-compression-11
>
> Hi Andrew,
>
>
>
> Note that very section also says:
>
>          As an exception to the default behavior, protocols that use UDP
>
>          as a tunnel encapsulation may enable zero-checksum mode for a
>
>          specific port (or set of ports) for sending and/or receiving.
>
>          Any node implementing zero-checksum mode must follow the
>
>          requirements specified in "Applicability Statement for the Use
>
>          of IPv6 UDP Datagrams with Zero Checksums" [RFC6936 <https://datatracker.ietf.org/doc/html/rfc6936>].
>
>
>
>
>
> Many thx,
>
> Robert
>
>
>
>
>
>
>
> On Mon, Mar 25, 2024 at 4:21 PM Andrew Alston - IETF
> <andrew-ietf@liquid.tech> wrote:
>
> Robert,
>
>
>
> By RFC8200 Section 8.1 Second paragraph of Page 28 –
>
>
>
> “Ipv6 receiveers must discard UDP packets containing a zero checksum and
> should log the error”
>
>
>
> Note – Receivers here does not say end points – a transit router still
> receives the packet.  Therefore – if we went with zero checksums – by the
> letter of 8200 – no UDP packets without an SRH would flow, because 8200
> clearly says that they must be dropped.
>
>
>
> Thanks
>
>
>
> Andrew
>
>
>
>
>
>
>
> Internal All Employees
>
> From: Robert Raszuk <robert@raszuk.net>
> *Date: *Monday, 25 March 2024 at 18:16
> *To: *Tom Herbert <tom=40herbertland.com@dmarc.ietf.org>
> *Cc: *Andrew Alston - IETF <andrew-ietf@liquid.tech>, Ron Bonica <rbonica=
> 40juniper.net@dmarc.ietf.org>, spring@ietf.org <spring@ietf.org>
> *Subject: *Re: [spring] Chair Review of
> draft-ietf-spring-srv6-srh-compression-11
>
> All,
>
>
>
> It looks like previous discussions on this topic are lost again and we
> keep starting over and over every few weeks from scratch.
>
>
>
> It has been established that the checksum issue is moot for 99.9% of this
> discussion as we are talking about tunneled packets encapsulated with new
> header. Checksum there should be set to zero on the basis of
> RFC6935/RFC6936 or RFC7676 etc ...
>
>
>
> I do fail to understand why RFC8986 is silent on this. If it is not, I
> hope someone will send a quote.
>
>
>
> So the only issue could be about SRv6 packets with cSIDs originating
> within the network (not encapsulated) - for example ICMP replies. But are
> there such packets in the first place ? Can't they just use SR less default
> routed path towards the src ?
>
>
>
> Many thx,
>
> Robert
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Mon, Mar 25, 2024 at 3:32 PM Tom Herbert <tom=
> 40herbertland.com@dmarc.ietf.org> wrote:
>
>
>
>
>
> On Mon, Mar 25, 2024 at 5:37 AM Andrew Alston - IETF
> <andrew-ietf@liquid.tech> wrote:
>
> I Think that’s a very solid idea.
>
>
>
> What that means is that in the absence of an SRH when using a compressed
> SID – we apply an HBH with the final destination in it.  While this
> technically will not solve the violation of 8200 – since 8200 explicitly
> states “If the Ipv6 packet contains a Routing header, the destination
> address used in the pseudo-header is that of the final destination” – it
> does solve the checksum issue with an easy path to resolution, and it would
> also make for a very simple update to 8200 so we wouldn’t have to debate
> about the text of said update.
>
>
>
> Andrew,
>
>
>
> I don't think it works on two accounts:
>
>
>
> 1) In order to compute the checksum a device would need to understand the
> Hop-by-Hop Option. So the checksum would still be broken for any
> intermediate device that tries to verify it (in particular, NICs that do
> protocol specific checksum offload wouldn't support this option so it
> doesn't help).
>
> 2) The point of not using the SRH is to save bytes on the wire. Sending a
> HBH option instead would negate that benefit. An alternative might be to
> send SRH with a single entry in the route list or maybe a "special" RH with
> minimum length to serve a break for intermediate devices attempting to
> compute the checksum. It's more likely that intermediate devices will skip
> over HBH than skip over RH for computing a checksum (HBH isn't expected to
> have any bearing on the addresses).
>
>
>
> OTOH, I still maintain that doing segment routing without an SRH is simply
> a form of NAT so the checksum should be adjusted in flight like in RFC2663.
> Even if there is an SRH, IMO intermediate nodes should be able to verify
> the transport layer checksum by deducing the final destination address from
> the last address in the route list (which would mean that address needs to
> be self-identifying and can't be compressed using an external state). In
> other words, if any packet contains TCP, UDP, or ICMP it seems like a good
> invariant that the transport layer checksum can always be verified *solely*
> on the contents of the packets.
>
>
>
> Tom
>
>
>
>
>
> Thanks
>
>
>
> Andrew
>
>
>
>
>
>
>
> Internal All Employees
>
> From: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>
> *Date: *Monday, 25 March 2024 at 15:33
> *To: *Andrew Alston - IETF <andrew-ietf@liquid.tech>, spring@ietf.org <
> spring@ietf.org>, Tom Herbert <tom@herbertland.com>
> *Subject: *Re: [spring] Chair Review of
> draft-ietf-spring-srv6-srh-compression-11
>
> Andrew,
>
>
>
> Tom Herbert (copied on this message)  raised the same issue regarding
> another draft on the 6man mailing list a few months ago. I suggested that
> if this problem ever needed to be solved, it could be solved with a new
> Hob-by-hop option. This option would contain the IPv6 address of the
> ultimate destination, so the checksum could be calculated in flight.
>
>
>
> The beauty of this option is that it can be included, when needed and
> excluded, when not needed.
>
>
>
> It may be time to specify the new option. What do you think?
>
>
>
>
>                   Ron
>
>
>
> Juniper Business Use Only
>
>
>
> Internal All Employees
> ------------------------------
>
> *From:* spring <spring-bounces@ietf.org> on behalf of Andrew Alston -
> IETF <andrew-ietf=40liquid.tech@dmarc.ietf.org>
> *Sent:* Monday, March 25, 2024 8:05 AM
> *To:* spring@ietf.org <spring@ietf.org>
> *Subject:* Re: [spring] Chair Review of
> draft-ietf-spring-srv6-srh-compression-11
>
>
>
> *[External Email. Be cautious of content]*
>
>
>
> So I’ve given a lot of thought to the checksum issue – and here is where
> my thinking is currently sitting.
>
>
>
> Firstly – RFC8200 does not mention the word middlebox or middleware
> anywhere.  Nor does RFC8200 specify anywhere that the checksum should not
> be verifable in flight.
>
>
>
> Indeed, section 8.1 actually details how to handle extension headers as
> well – in order to make the checksum valid (Last paragraph page 27)
>
>
>
> Now, while there are specific uses cases for in flight validation of
> checksums which I’m not at liberty to discuss here, surfice to say that
> they exist and stem from the need to verify that packet changes aren’t
> occuring in flight – I believe that’s kinda besides the point.  The point
> here is that as it stands, the draft violates RFC8200.  This leaves two
> options in my view a.) Either update 8200 – with the agreement of 6man – or
> pass an RFC8200 BIS through 6man.
>
>
>
> Either way – if you are violating a standard held by another working group
> – and this does violate section 8.1 – you should be updating the standard
> that is being violated or alternatively BIS’ing it to avoid the
> violation.   But both require that 6man is in full agreement, since SPRING
> is not chartered to make updates or violate standards put forward by
> another working group.  Hence – my suggestion would be to take this to 6man
> and go through the process, though at minimum I fail to see how this cannot
> update RFC8200.
>
>
>
> In fact, let me be clear here – any attempt to pass this document WITHOUT
> correct review by 6man will result in an appeal.
>
>
>
> Thanks
>
>
>
> Andrew
>
>
>
>
>
>
>
> Internal All Employees
>
> *From: *spring <spring-bounces@ietf.org> on behalf of Francois Clad <
> fclad.ietf@gmail.com>
> *Date: *Monday, 18 March 2024 at 17:50
> *To: *Alvaro Retana <aretana.ietf@gmail.com>
> *Cc: *SPRING WG List <spring@ietf.org>
> *Subject: *Re: [spring] Chair Review of
> draft-ietf-spring-srv6-srh-compression-11
>
> Some people who received this message don't often get email from
> fclad.ietf@gmail.com. Learn why this is important
> <https://urldefense.com/v3/__https://aka.ms/LearnAboutSenderIdentification__;!!NEt6yMaO-gk!HRpiQWU2pUWihCzpYT-zhnqmYyOb_iF_IIRZXx6AIXfOS90KBBq-2eWcXLMj5bZ1-KrV-coZZLQWNsXNpLFMYETMlX2PtX8$>
>
> CAUTION: This email has originated from a free email service commonly used
> for personal email services, please be guided accordingly especially if
> this email is asking to click links or share information.
>
>
>
> Dear Alvaro,
>
>
>
> We have integrated the remainder of your feedback in revision -14.
>
>
>
> Detailed replies inline. These include your follow-up comments as well as
> the review items that we missed in the first pass.
>
>
>
> Please let us know if you have any further feedback.
>
>
>
> Thanks,
>
> Francois
>
>
>
> > ...
>
> > > > Operational Considerations/Guidance
>
> > > >
>
> > > > Dhruv brought up [1] the point of providing "guidance on when to use
>
> > > > which flavor and with which C-SID lengths". I fully agree! The
>
> > > > document contains (mostly in §4) recommendations, for example, about
>
> > > > LBL and C-SID lengths, even if any other value is possible. IOW, the
>
> > > > possibilities are endless! Please provide more operational
>
> > > > considerations on how an operator can evaluate their needs and select
>
> > > > the appropriate flavor/value for their deployment.
>
> > >
>
> > > We added a paragraph providing such operational guidance in revision
> -12, and
>
> > > further clarified it in revision -13.
>
> > >
>
> > > | SRv6 is intended for use in a variety of networks that require
>
> > > | different prefix lengths and SID numbering spaces. Each of the two
>
> > > | flavors introduced in this document comes with its own
>
> > > | recommendations for Locator-Block and C-SID length, as specified in
>
> > > | Section 4.1 and Section 4.2. These flavors are best suited for
>
> > > | different environments, depending on the requirements of the network.
>
> > > | For instance, larger C-SID lengths may be more suitable for networks
>
> > > | requiring ample SID numbering space, while smaller C-SID lengths are
>
> > > | better for compression efficiency. The two compression flavors allow
>
> > > | the compressed segment list encoding to adapt to a range of
>
> > > | requirements, with support for multiple compression levels. Network
>
> > > | operators can choose the flavor that best suits their use case,
>
> > > | deployment design, and network scale.
>
> >
>
> > I don't consider this paragraph enough.  I understand that "different
>
> > environments, depending on the requirements of the network" *may*
>
> > result in a different choice.  I want to understand how "operators can
>
> > choose the flavor that best suits their use case, deployment design,
>
> > and network scale."
>
> >
>
> > Let me illustrate with an example.  The text above says that "larger
>
> > C-SID lengths may be more suitable for networks requiring ample SID
>
> > numbering space, while smaller C-SID lengths are better for
>
> > compression efficiency".  Ok, what are my choices?
>
> >
>
> >    §4.1: "An implementation MUST support...a 16-bit C-SID length (LNFL)
> for
>
> >           NEXT-C-SID flavor SIDs, and may support any other...C-SID
> length."
>
> >
>
> >    §4.2: "This document defines the REPLACE-C-SID flavor for 16-bit and
> 32-bit
>
> >           C-SID lengths (LNFL). An implementation MUST support a 32-bit
> C-SID
>
> >           length for REPLACE-C-SID flavor SIDs."
>
> >
>
> > Judging from the *required* implementations, it looks like if an
>
> > operator wants a C-SID length that is "better for compression
>
> > efficiency" then it should use the NEXT-C-SID flavor (because 16-bit
>
> > may only be supported there).
>
>
>
> We need some agreement for interoperability so that all implementers
> support at least one common C-SID length for each of the flavors. For this,
> the length that is most efficient and suitable has been picked for each
> flavor. That's it; nothing more. At least that's the intention here.
>
>
>
> > However, if we assume that vendors will offer other options, for
>
> > example 16-bit C-SIDs for the REPLACE-C-SID flavor, what next?  Which
>
> > C-SID should I chose?
>
> >
>
> > I know that this document is not a deployment guide and that it cannot
>
> > cover all cases.  But the current guidance is basically non-existent
>
> > given the large amount of choice.
>
>
>
> There are likely to various other considerations besides the C-SID
> lengths. They may be a mix of technical and/or non-technical. Perhaps the
> SRv6 Ops forum will produce some deployment and operational guidelines for
> the technical aspects. It is not in the scope of this document to serve as
> a deployment or design guide.
>
>
>
> > ...
>
> > > > [major] "SHOULD use a consistent Locator-Block length and C-SID
> length
>
> > > > for all SIDs of the SR domain"
>
> > > >
>
> > > > When is it ok to not be consistent? IOW, why is this recommended and
>
> > > > not required? What are the effects of not being consistent?
>
> > >
>
> > > Deployments may use any Locator-Block and C-SID length. However, the
> C-SID
>
> > > compression relies on common Locator-Block and consistent C-SID
> length, so
>
> > > using inconsistent ones, while possible, will lead to reduced
> compression
>
> > > efficiency.
>
> >
>
> > Please add this information to the draft.  Note that clarifying this
>
> > option is good operational guidance.  Also, it appears several times
>
> > in the document.
>
> >
>
> > "Because you can doesn't mean you should."
>
>
>
> We added this in revision -14.
>
>
>
> Section 4.1:
>
> | A deployment should use a consistent Locator-Block length and C-SID
>
> | length for all SIDs of the SR domain.  Heterogeneous lengths, while
>
> | possible, may impact the compression efficiency.
>
>
>
> Section 4.2:
>
> | A deployment should use a consistent Locator-Block length and C-SID
>
> | length for all SIDs of the SR domain.  Heterogeneous C-SID lengths,
>
> | while possible, may impact the compression efficiency.
>
>
>
> > ...
>
> > > > 362 An SR segment endpoint node instantiating a SID with the
> NEXT-C-SID
>
> > > > 363 flavor MUST accept any Argument value for that SID.
>
> > > >
>
> > > > [major] Does this also mean that any future behavior cannot make use
>
> > > > of an Argument? IOW, behaviors like End.DT2M cannot be used with the
>
> > > > NEXT-C-SID flavor. If so, please be explicit about it.
>
> > >
>
> > > This statement does not impose any requirement on future behaviors.
>
> > >
>
> > > The argument of the NEXT-C-SID flavor SIDs defined in this document
> only
>
> > > contains the following C-SIDs in the container, for which an endpoint
> node
>
> > > must accept any value.
>
> > >
>
> > > A future document defining another NEXT-C-SID flavor SID whose argument
>
> > > contains other pieces of information will need to define the structure
> of
>
> > > that argument and acceptable values. Most likely, the part of the
> argument
>
> > > carrying the following C-SIDs will follow the same rule as stated here.
>
> >
>
> > The text doesn't point at the requirement (MUST) applying to only the
>
> > SIDs in this document.  If that is the case then please be explicit.
>
>
>
> Fixed in revision -14.
>
>
>
> | An SR segment endpoint node instantiating a SID of this document with
>
> | the NEXT-C-SID flavor MUST accept any Argument value for that SID.
>
>
>
> > ...
>
> > > > 377 4.1.1. End with NEXT-C-SID
>
> > > > ...
>
> > > > 384 The below pseudocode is inserted between lines S01 and S02 of
> the SRH
>
> > > > 385 processing in Section 4.1 of [RFC8986]. In addition, this
> pseudocode
>
> > > > 386 is executed before processing any extension header that is not an
>
> > > > 387 SRH, a Hop-by-Hop header or a Destination Option header, or
> before
>
> > > > 388 processing the upper-layer header, whichever comes first.
>
> > > >
>
> > > > [major] "In addition..."
>
> > > >
>
> > > > This sentence is not needed because S01 says "When an SRH is
>
> > > > processed", so we're already processing the SRH. Also, this sentence
>
> > > > is paraphrasing the ordering in §4/rfc8200 -- which makes it
>
> > > > unnecessary as the behavior is already specified elsewhere.
>
> > > >
>
> > > > Furthermore, Appendix A.1 shows the pseudocode being executed "before
>
> > > > processing the upper-layer header". However, that upper-layer header
>
> > > > would only be processed *after* the SRH is processed (rfc8200) -- so
>
> > > > doing it again is unnecessary.
>
> > > >
>
> > > > Please remove both the sentence above and the extra step in A.1
>
> > > > *before* the upper-layer header.
>
> > > >
>
> > > > ** Note that other descriptions in this section also contain the same
>
> > > > text and should be modified in the same way (including the
>
> > > > appendices).
>
> > > >
>
> > >
>
> > > The SRH processing is performed when the packet contains an SRH. The
> sentence
>
> > > that you quoted (and the corresponding step described in appendix)
> covers the
>
> > > cases where it does not. This may occur when the SRH is omitted in the
> SRv6
>
> > > encapsulation (section 4.1 of RFC 8754 or section 5 of RFC 8986) or
> when it
>
> > > is removed before the ultimate destination (section 4.16.1 of RFC
> 8986).
>
> >
>
> > I see.
>
> >
>
> > This point is related to the still-open issue of L4 checksums when no
>
> > SRH is present.  If that discussion results in a requirement to always
>
> > carry the SRH then we'll need to remove the text; otherwise, something
>
> > will need to be added to §6.5 about it.
>
>
>
> Section 6.5 already covers this case.
>
>
>
> | This applies regardless of
>
> | whether an SRH is present in the IPv6 packet or omitted.
>
>
>
> > > > 390 N01. If (DA.Argument != 0) {
>
> > > > 391 N02. If (IPv6 Hop Limit <= 1) {
>
> > > > 392 N03. Send an ICMP Time Exceeded message to the Source Address,
>
> > > > 393 Code 0 (Hop limit exceeded in transit),
>
> > > > 394 interrupt packet processing and discard the packet.
>
> > > > 395 N04. }
>
> > > >
>
> > > > [major] Why are the other checks not done? For example, why are SL
>
> > > > not checked? I understand that if the previous node didn't change it
>
> > > > then it should be ok -- but it may not!
>
> > >
>
> > > This pseudocode specifies a dataplane behavior implemented in the
> forwarding
>
> > > path of routers, where every operation matters. For that reason, sanity
>
> > > checks are strictly limited to the fields used as part of the packet
>
> > > processing. For instance, the value in the Segments Left field is only
>
> > > validated when it is used or modified.
>
> >
>
> > Ok -- the problem remains.  Without the SL check, for example, packets
>
> > could be forwarded that shouldn't.  Given the performance expectation,
>
> > it would be good to add a note about any potential risk/threat.
>
>
>
> Any node whose processing may fail due to an invalid SL value or malformed
> SRH will check the fields before using them. This also aligns with RFC 8754
> and RFC 8986, which do not perform a sanity check when the SL value is 0,
> although the SRH may still be malformed.
>
>
>
> > ...
>
> > > > 547 4.2. REPLACE-C-SID Flavor
>
> > > > ...
>
> > > > 597 The RECOMMENDED Locator-Block lengths (LBL) for REPLACE-C-SID
> flavor
>
> > > > 598 SIDs are 48, 56, 64, 72, or 80 bits, depending on the needs of
> the
>
> > > > 599 operator.
>
> > > >
>
> > > > 601 The REPLACE-C-SID flavor supports both 16- and 32-bit C-SID
> lengths
>
> > > > 602 (LNFL). A C-SID length of 32-bit is RECOMMENDED.
>
> > > >
>
> > > > 604 Any other Locator-Block and C-SID length selection is possible,
> but
>
> > > > 605 may lead to suboptimal C-SID encoding in the C-SID containers
> (e.g.,
>
> > > > 606 presence of padding bits).
>
> > > >
>
> > > > [major] The first two of the three paragraphs above suggest the use
> of
>
> > > > specific values, but it is not until the third paragraph that the
>
> > > > reasons become clear -- and it is clarified that any length selection
>
> > > > is possible. This makes the initial paragraphs a little misleading
>
> > > > because it gives the impression that only specific lengths are
>
> > > > supported.
>
> > > >
>
> > > > Suggestion:
>
> > > >
>
> > > > The REPLACE-C-SID flavor supports any Locator-Block and C-SID
>
> > > > length selection. LBL values of 48, 56, 64, 72, or 80 bits,
>
> > > > and C-SID lengths of 16- or 32-bits are RECOMMENDED to avoid
>
> > > > suboptimal C-SID encoding in the C-SID containers (e.g.,
>
> > > > presence of padding bits).
>
> > >
>
> > > We clarified the requirements and recommendations in revision -13.
>
> > >
>
> > > | The REPLACE-C-SID flavor SIDs support any Locator-Block length (LBL),
>
> > > | depending on the needs of the operator, as long as it does not exceed
>
> > > | 128-LNFL-ceiling(log_2(128/LNFL)) (ceiling(x) is the least integer
>
> > > | greater than or equal to x [GKP94]), so that enough bits remain
>
> > > | available for the C-SID and Argument. A Locator-Block length of 48,
>
> > > | 56, 64, 72, or 80 bits is RECOMMENDED for address planning reasons.
>
> >
>
> > Related to the operational guidance  I'm looking for -- what "address
>
> > planning reasons"?  How does my address planning influence the
>
> > decision?
>
> >
>
> > Looks like there is no required LBL implementation support.  IOW, the
>
> > RECOMMENDED values are from the deployment point of view, right?  If
>
> > so, then there's no interoperability-related need to use normative
>
> > language.  s/RECOMMENDED/recommended
>
>
>
> We updated this in revision -14.
>
>
>
> | The REPLACE-C-SID flavor SIDs support any Locator-Block length (LBL),
>
> | depending on the needs of the operator, as long as it does not exceed
>
> | 128-LNFL-ceiling(log_2(128/LNFL)) (ceiling(x) is the least integer
>
> | greater than or equal to x [GKP94]), so that enough bits remain
>
> | available for the C-SID and Argument.  A Locator-Block length of 48,
>
> | 56, 64, 72, or 80 bits is recommended for easier reading in
>
> | operation.
>
>
>
> > ...
>
> > > > 840 The SR segment endpoint node obtains the value Arg.FE2 from the
> 16
>
> > > > 841 most significant bits of DA.Argument if DA.Arg.Index is zero, or
> from
>
> > > > 842 the 16 least significant bits of the next position in the current
>
> > > > 843 C-SID container (Segment List[Segments Left][DA.Arg.Index-1])
>
> > > > 844 otherwise (DA.Arg.Index is non-zero).
>
> > > >
>
> > > > [?] Where does the 16-bit value come from? rfc8986 doesn't specify
>
> > > > the size of Arg.FE2, and the related applications don't seem to match
>
> > > > in length. What am I missing?
>
> > >
>
> > > This document sets the length of Arg.FE2 to 16 bits for the End.DT2M
> with
>
> > > REPLACE-C-SID SID. We clarified this in revision -13.
>
> > >
>
> > > | The value of Arg.FE2 is 16-bit long. The SR segment endpoint node
>
> > > | obtains the value Arg.FE2 from the 16 most significant bits of
>
> > > | DA.Argument if DA.Arg.Index is zero, or from the 16 least significant
>
> > > | bits of the next position in the current C-SID container (Segment
>
> > > | List[Segments Left][DA.Arg.Index-1]) otherwise (DA.Arg.Index is non-
>
> > > | zero).
>
> >
>
> > s/The value of Arg.FE2 is 16-bit long./The value of Arg.FE2 is 16-bit
>
> > long when used with the REPLACE-C-SID C-SID.
>
>
>
> Fixed in revision -14.
>
>
>
> | For any End.DT2M SID with the REPLACE-C-SID flavor, the value of
>
> | Arg.FE2 is 16-bit long.
>
>
>
> > ...
>
> > > > 963 5.4. Recommended Installation of C-SIDs in FIB
>
> > > >
>
> > > > 965 An SR segment endpoint node instantiating a NEXT-C-SID or
> REPLACE-
>
> > > > 966 C-SID flavor SID SHOULD install the corresponding FIB entry to
> match
>
> > > > 967 only the Locator and Function parts of the SID (i.e., with a
> prefix
>
> > > > 968 length of LBL + LNL + FL). Any other mean of identifying a
> locally
>
> > > > 969 instantiated SID is possible as long as it is compliant with
>
> > > > 970 Section 4.3 of [RFC8754] and accepts all valid Argument values
> for
>
> > > > 971 the SID.
>
> > > >
>
> > > > [major] §4.3/rfc8754 doesn't use normative language. It uses a
>
> > > > general statement that allows for different implementations:
>
> > > >
>
> > > > Without constraining the details of an implementation, the SR segment
>
> > > > endpoint node creates Forwarding Information Base (FIB) entries for
> its
>
> > > > local SIDs.
>
> > > >
>
> > > > It seems to me that rfc8754 already covers what wants to be conveyed
>
> > > > in this document: the FIB entry has to uniquely identify the segment
>
> > > > endpoint.
>
> > > >
>
> > > > As written, the text raises several questions:
>
> > > >
>
> > > > When is it ok to not "install the corresponding FIB entry to match
>
> > > > only the Locator and Function parts of the SID"? IOW, why is this
>
> > > > action recommended and not required? Note that the entry has to at
>
> > > > least cover "a prefix length of LBL + LNL + FL".
>
> > > >
>
> > > > The other means refer to §4.3/rfc8754, which (as shown above) says
>
> > > > that anything (including "install the corresponding FIB entry to
> match
>
> > > > only the Locator and Function parts of the SID") is ok. This takes us
>
> > > > back to my original point: rfc8754 already covers what this section
>
> > > > wants to convey and it is not needed.
>
> > > >
>
> > > > "all valid Argument values" -- most of the SIDs used don't use an
>
> > > > Argument, so which are the "valid Argument values"? s/all valid
>
> > > > Argument values/any Argument value
>
> > >
>
> > > In general, an implementation could identify a locally instantiated
> SRv6 SID
>
> > > with argument by installing multiple /128 FIB entries, one for each
> valid
>
> > > argument value. However, such method is not suited for NEXT-C-SID and
>
> > > REPLACE-C-SID flavor SIDs given than any argument value is valid. We
>
> > > clarified this in revision -13.
>
> > >
>
> > > | Section 4.3 of [RFC8754] defines how an SR segment endpoint node
>
> > > | identifies a locally instantiated SRv6 SID. To ensure that any valid
>
> > > | argument value is accepted, an SR segment endpoint node instantiating
>
> > > | a NEXT-C-SID or REPLACE-C-SID flavor SID SHOULD install a
>
> > > | corresponding FIB entry that matches only the Locator and Function
>
> > > | parts of the SID (i.e., with a prefix length of LBL + LNL + FL).
>
> >
>
> > My opinion is still that rfc8754 already covers what this section
>
> > wants to convey.
>
> >
>
> > If you want to keep it you should maintain the "spirit" of the text in
>
> > §4.3/rfc8754 and avoid using normative language (s/SHOULD
>
> > install/installs), OR, explain when is it ok to not "install a
>
> > corresponding FIB entry...". IOW, why is this action recommended and
>
> > not required?
>
>
>
> Indeed this paragraph is merely an advice for implementers. We removed the
> normative language in revision -14.
>
>
>
> > ...
>
> > > > 1094 The segment list that the SR source node pushes onto the packet
> MUST
>
> > > > 1095 comply with the rules in Section 6.3 and Section 6.4 and result
> in a
>
> > > > 1096 path equivalent to the original segment list.
>
> > > >
>
> > > > [major] "MUST...result in a path equivalent to the original segment
> list"
>
> > > >
>
> > > > How is a "path equivalent to the original" defined? The next
>
> > > > paragraph mentions "a compressed segment list of equal or shorter
>
> > > > length than the uncompressed segment list". What does the length
>
> > > > refer to -- the number of Segment Lists in the SRH, the size of the
>
> > > > SRH, or something else?
>
> > >
>
> > > We clarified in revision -13 that this is "the same forwarding path".
>
> > >
>
> > > The length of a segment list is the number of elements that it
> contains.
>
> > >
>
> > > > 1098 If an SR source node chooses to compress the segment list, one
> method
>
> > > > 1099 is described below for illustrative purposes. Any other method
>
> > > > 1100 producing a compressed segment list of equal or shorter length
> than
>
> > > > 1101 the uncompressed segment list is compliant.
>
> >
>
> > The requirement is: "MUST...result in the same forwarding path as the
>
> > original segment list."  BUT a method that produces "a compressed
>
> > segment list of equal or shorter length than the uncompressed segment
>
> > list is compliant".
>
> >
>
> > I understand the intent, but given that it is a requirement, how can
>
> > "the same forwarding path" be enforced?  If the path is loose, how can
>
> > "the same forwarding path" be guaranteed?
>
> >
>
> > Suggestion>
>
> >
>
> >    The segment list that the SR source node pushes onto the packet MUST
>
> >    comply with the rules in Section 6.3 and Section 6.4 and should result
>
> >    in the same forwarding path as the original segment list.
>
>
>
> That's a good point. However, "should result in the same forwarding path"
> may be too loose.
>
>
>
> How about "MUST [...] result in the same *set of possible forwarding
> paths* as the original segment list"?
>
>
>
> > ...
>
> > > > 1107 * When the compression method encounters a series of one or more
>
> > > > 1108 consecutive compressible NEXT-C-SID flavor SIDs, it compresses
> the
>
> > > > 1109 series as follows. A SID with the NEXT-C-SID flavor is
>
> > > > 1110 compressible if its structure is known to the SR source node and
>
> > > > 1111 its Argument value is 0.
>
> > > >
>
> > > > [major] Unlike the REPLACE-C-SID flavor (below), there's no check
>
> > > > equivalent to ConCheck for the NEXT-C-SID flavor SIDs. Why isn't that
>
> > > > needed?
>
> > >
>
> > > A similar check is performed inline on line S03 of the first
> pseudocode in this section.
>
> >
>
> > Yes, similar, but not the same.  ConCheck explicitly checks if the
>
> > same SID structure is shared -- why isn't that needed here?
>
>
>
> In this case, only the Locator-Blocks need to match. There is no
> requirement that the C-SID lengths be the same.
>
>
>
> > 1201   Regardless of how a compressed segment list is produced, the SR
>
> > 1202   source node writes it in the IPv6 packet as described in Section
> 4.1
>
> > 1203   of [RFC8754].  The text is reproduced below for reference.
>
> >
>
> > 1205   |  A source node steers a packet into an SR Policy.  If the SR
> Policy
>
> > 1206   |  results in a Segment List containing a single segment, and
> there
>
> > 1207   |  is no need to add information to the SRH flag or add TLV; the
> DA
>
> > 1208   |  is set to the single Segment List entry, and the SRH MAY be
>
> > 1209   |  omitted.
>
> > 1210   |
>
> > 1211   |  When needed, the SRH is created as follows:
>
> > 1212   |
>
> > 1213   |  The Next Header and Hdr Ext Len fields are set as specified in
>
> > 1214   |  [RFC8200].
>
> > 1215   |
>
> > 1216   |  The Routing Type field is set to 4.
>
> > 1217   |
>
> > 1218   |  The DA of the packet is set with the value of the first
> segment.
>
> > 1219   |
>
> > 1220   |  The first element of the SRH Segment List is the ultimate
> segment.
>
> > 1221   |  The second element is the penultimate segment, and so on.
>
> > 1222   |
>
> > 1223   |  The Segments Left field is set to n-1, where n is the number of
>
> > 1224   |  elements in the SR Policy.
>
> > 1225   |
>
> > 1226   |  The Last Entry field is set to n-1, where n is the number of
>
> > 1227   |  elements in the SR Policy.
>
> > 1228   |
>
> > 1229   |  TLVs (including HMAC) may be set according to their
> specification.
>
> > 1230   |
>
> > 1231   |  The packet is forwarded toward the packet's Destination Address
>
> > 1232   |  (the first segment).
>
> > 1233   |
>
> > 1234   |  When a source does not require the entire SID list to be
> preserved
>
> > 1235   |  in the SRH, a reduced SRH may be used.
>
> > 1236   |
>
> > 1237   |  A reduced SRH does not contain the first segment of the
> related SR
>
> > 1238   |  Policy (the first segment is the one already in the DA of the
> IPv6
>
> > 1239   |  header), and the Last Entry field is set to n-2, where n is the
>
> > 1240   |  number of elements in the SR Policy.
>
> >
>
> > [nit] The last two paragraphs belong to §4.1.1/rfc8754, and not
>
> > "Section 4.1 of [RFC8754]" as mentioned above.
>
>
>
> One may argue that whatever belongs to 4.1.1 also belongs to the parent
> section 4.1. Regardless, we have added an explicit reference to 4.1.1 in
> revision -14.
>
>
>
> | Regardless of how a compressed segment list is produced, the SR
>
> | source node writes it in the IPv6 packet as described in Sections 4.1
>
> | and 4.1.1 of [RFC8754].  The text is reproduced below for reference.
>
>
>
> > 1242 6.3.  Rules for segment lists containing NEXT-C-SID flavor SIDs
>
> >
>
> > 1244   1.  If a Destination Option header would follow an SRH with a
> segment
>
> > 1245       list of more than one segment compressed as a single
> NEXT-C-SID
>
> > 1246       container, the SR source node MUST NOT omit the SRH.
>
> >
>
> > 1248   2.  When the last Segment List entry (index 0) in the SRH is a
> C-SID
>
> > 1249       container representing more than one segment, the PSP
> operation
>
> > 1250       is performed at the segment preceding the first segment of
> this
>
> > 1251       C-SID container in the segment list.  If the PSP behavior
> should
>
> > 1252       instead be performed at the penultimate segment along the
> path,
>
> > 1253       the SR source node MUST NOT compress the ultimate segment of
> the
>
> > 1254       segment list into a C-SID container.
>
> >
>
> > 1256   3.  If a Destination Option header would follow an SRH with a last
>
> > 1257       Segment List entry being a NEXT-C-SID container representing
> more
>
> > 1258       than one segment, the SR source node MUST ensure that the PSP
>
> > 1259       operation is not performed before the penultimate SR segment
>
> > 1260       endpoint node along the path.
>
> >
>
> > 1262 6.4.  Rules for segment lists containing REPLACE-C-SID flavor SIDs
>
> >
>
> > 1264   1.  All SIDs compressed in a REPLACE-C-SID sequence MUST share the
>
> > 1265       same Locator-Block and the same compression scheme.
>
> >
>
> > 1267   2.  All SIDs except the last one in a C-SID sequence for REPLACE-
>
> > 1268       C-SID MUST have the REPLACE-C-SID flavor.  If the last C-SID
>
> > 1269       container is fully filled (i.e., the last C-SID is at
> position 0
>
> > 1270       in the C-SID container) and the last SID in the C-SID
> sequence is
>
> > 1271       not the last segment in the segment list, the last SID in the
>
> > 1272       C-SID sequence MUST NOT have the REPLACE-C-SID flavor.
>
> >
>
> > 1274   3.  When a REPLACE-C-SID flavor C-SID is present as the last SID
> in a
>
> > 1275       container that is not the last Segment List entry (index 0) in
>
> > 1276       the SRH, the next element in the segment list MUST be a
> REPLACE-
>
> > 1277       C-SID container in packed format carrying at least one C-SID.
>
> >
>
> > [major] Are these requirements validated at any point?  For example,
>
> > if rule #3 is not implemented and the next Segment List is not "a
>
> > REPLACE-C-SID container in packed format".  Which node enforces the
>
> > fact that the specification is not followed?  It seems to me that the
>
> > only node in that position would be the one represented by the that
>
> > last SID.  Can any action be taken?  What is the impact?
>
>
>
> These requirements are a part of how the SR source node builds the
> compressed segment list and the SR source node is sole responsible for
> enforcing them.
>
>
>
> As goes with any SRv6 segment list, the other nodes along the path can
> only validate that the next SID matches a local FIB entry.
>
>
>
> The impact if these rules are not followed are the same as any other
> incorrect value in an SRv6 segment list: the packet may get dropped or
> misrouted.
>
>
>
> > ...
>
> > 1282   When receiving a SID advertisement for a REPLACE-C-SID flavor SID
>
> > 1283   with LNL=16, FL=0, AL=128-LBL-NL-FL, and the value of the
> Argument is
>
> > 1284   all 0, the SR source node marks both the SID and its locator as
> using
>
> > 1285   16-bit compression.  All other SIDs allocated from this locator
> with
>
> > 1286   LNL=16, FL=16, AL=128-LBL-NL-FL, and the value of the Argument is
> all
>
> > 1287   0 are also marked as using 16-bit compression.  When receiving a
> SID
>
> > 1288   advertisement for a REPLACE-C-SID flavor SID with LNFL=32, AL=128-
>
> > 1289   LBL-NL-FL, and the value of the Argument is all 0, the SR source
> node
>
> > 1290   marks both the SID and its locator as using 32-bit compression.
>
> >
>
> > [] "All other SIDs allocated from this locator with LNL=16, FL=16,
>
> > AL=128-LBL-NL-FL..."
>
> >
>
> > Shouldn't this be "LNL=16, FL=0, AL=128-LBL-NL-FL"?
>
>
>
> The sentence in the draft is correct. This rule is meant to property
> identify the local 16-bit C-SIDs advertised in combination with a global
> C-SID (see Section 8).
>
>
>
> > 1292 6.5.  Upper-Layer Checksums
>
> > ...
>
> > 1297   At the originating node, that address will be the Destination
> Address
>
> > 1298   as it is expected to be received by the ultimate destination.
> When
>
> > 1299   the last element in the compressed segment list is a C-SID
> container,
>
> > 1300   this address can be obtained from the last element in the
>
> > 1301   uncompressed segment list or by repeatedly applying the segment
>
> > 1302   behavior as described in Section 9.2.  This applies regardless of
>
> > 1303   whether an SRH in present in the IPv6 packet or omitted.
>
> >
>
> > [nit] s/SRH in present/SRH is present
>
>
>
> Fixed in revision -14.
>
>
>
> > ...
>
> > 1330 7.1.  End.PS: Prefix Swap
>
> > ...
>
> > 1340   Each instance of an End.PS SID is associated with a target
> Locator-
>
> > 1341   Block B2/m.  The target Locator-Block is a local property of the
>
> > 1342   End.PS SID on the SR segment endpoint node.
>
> >
>
> > [minor] Please explain what "Locator-Block B2/m" means.
>
>
>
> Resolved in revision -12.
>
>
>
> > ...
>
> > 1353   The means by which an SR source node learns the target
> Locator-Block
>
> > 1354   associated with an End.PS SID are outside the scope of this
> document.
>
> > 1355   As examples, it could be learnt via configuration or using a
>
> > 1356   signaling protocol.
>
> >
>
> > [?] Is there any work in progress to get this going?
>
>
>
> If you are asking about an IETF draft then none has been disclosed
> currently that I am aware of.
>
>
>
> > ...
>
> > 1384 7.2.  End.XPS: L3 Cross-Connect and Prefix Swap
>
> > ...
>
> > 1400   The means by which an SR source node learns the target
> Locator-Block
>
> > 1401   associated with an End.XPS SID are outside the scope of this
>
> > 1402   document.  As examples, it could be learnt via configuration or
> using
>
> > 1403   a signaling protocol.
>
> >
>
> > [?] Is there any work in progress to get this going?
>
>
>
> Same as previous comment.
>
>
>
> > ...
>
> > 1433 8.  Control Plane
>
> > ...
>
> > 1447   *  BGP [RFC9252], [RFC9514],
>
> > 1448      [I-D.ietf-idr-segment-routing-te-policy],
>
> > 1449      [I-D.ietf-idr-bgp-ls-sr-policy]
>
> >
>
> > [nit] It might be useful to separate BGP from BGP-LS.
>
>
>
> Fixed in revision -14.
>
>
>
> | *  BGP [RFC9252], [RFC9514], [I-D.ietf-idr-sr-policy-safi]
>
> |
>
> | *  BGP-LS [I-D.ietf-idr-bgp-ls-sr-policy]
>
>
>
> > ...
>
> > 1458   Signaling the SRv6 SID Structure is REQUIRED for all the SIDs
>
> > 1459   introduced in this document.  It is used by an SR source node to
>
> > 1460   compress a segment list as described in Section 6.  The node
>
> > 1461   initiating the SID advertisement MUST set the length values in the
>
> > 1462   SRv6 SID Structure to match the format of the SID on the SR
> segment
>
> > 1463   endpoint node.  For example, for a SID of this document
> instantiated
>
> > 1464   from a /48 SRv6 SID block and a /64 Locator, and having a 16-bit
>
> > 1465   Function, the SRv6 SID Structure advertisement carries the
> following
>
> > 1466   values.
>
> >
>
> > [major] "Signaling the SRv6 SID Structure is REQUIRED..."
>
> >
>
> > The SRv6 SID Structure TLVs are optional in rfc9352, rfc9513, rfc9514,
>
> > I-D.ietf-pce-segment-routing-ipv6, and
>
> > I-D.ietf-idr-segment-routing-te-policy.  Even if this document
>
> > requires the information to be advertised, the control protocols
>
> > don't.  What should the SR Source Node do if the SRv6 SID Structure is
>
> > not present?
>
> >
>
> > Given that the SRv6 SID Structure TLVs are optional, a rogue node can
>
> > decide to not advertise the information -- the result would probably
>
> > be that SIDs would not be available to construct all the paths that
>
> > may be required, which may result in suboptimal routing, or even the
>
> > inability to construct paths to specific destinations.  Please include
>
> > something about this threat in the Security Considerations.
>
>
>
> This is covered in section 6.1. In particular:
>
>
>
> | When compressing a segment list, the SR source node MUST treat an
>
> | invalid SID structure as unknown, and treats the SID as
>
> | incompressible.
>
>
>
> Not sure how that can be a security threat, though.
>
>
>
> > [major] "...the SRv6 SID Structure is REQUIRED for all the SIDs
>
> > introduced in this document."
>
> >
>
> > This document defines, for example, the End.T behavior for both C-SID
>
> > flavors.  However, rfc9352, rfc9513, and rfc9514 don't define the
>
> > advertisement of End.T.  To illustrate, rfc9352 says this:
>
> >
>
> >    9. SRv6 SID Structure Sub-Sub-TLV
>
> >
>
> >      The SRv6 SID Structure sub-sub-TLV is an optional sub-sub-TLV of:
>
> >
>
> >      *  SRv6 End SID sub-TLV (Section 7.2)
>
> >
>
> >      *  SRv6 End.X SID sub-TLV (Section 8.1)
>
> >
>
> >      *  SRv6 LAN End.X SID sub-TLV (Section 8.2)
>
> >      ...
>
> >
>
> > No mention of End.T, or other behaviors mentioned in this document.
>
> >
>
> > Also, from §7.2:
>
> >
>
> >    Supported behavior values, together with parent TLVs in which they
>
> >    are advertised, are specified in Section 10 of this document. Please
>
> >    note that not all behaviors defined in [RFC8986] are defined in this
>
> >    document, e.g., End.T is not.
>
> >
>
> >
>
> > The above means that the requirement to advertise the SRv6 SID
>
> > Structure "for all the SIDs introduced in this document" can't be met
>
> > because the control plane protocols don't currently have the ability
>
> > to signal all the behaviors or because the SRv6 SID Structure is not a
>
> > valid option for them.
>
> >
>
> > While I don't think this issue is a showstopper for this document, I'm
>
> > curious about the plan to extend/update the existing specifications.
>
> > Note that the implementations in §10 give the impression that no
>
> > exceptions exist -- of course, it is possible that other mechanisms
>
> > (manual configuration, for example) are used.  I am also curious about
>
> > any manageability-related plans to enhance YANG models.
>
>
>
> The SID structure requirement only applies when those SIDs are advertised
> in a control plane protocol.
>
>
>
> While it is desirable to extend the existing control and management plane
> mechanisms for those remaining SIDs, it really falls outside the scope of
> this document.
>
>
>
> > ...
>
> > 1476   A local C-SID MAY be advertised in the control plane individually
>
> > 1477   and/or in combination with a global C-SID instantiated on the
> same SR
>
> > 1478   segment endpoint node, with the End behavior, and the same
> Locator-
>
> > 1479   Block and flavor as the local C-SID.  A combined global and local
>
> > 1480   C-SID is advertised as follows.
>
> >
>
> > [major] The use of local/global spaces is not visible to the control
>
> > plane, so the "MAY" doesn't have normative value.  s/MAY/may
>
>
>
> Fixed in revision -14.
>
>
>
> > ...
>
> > 1976 13.1.  SRv6 Endpoint Behaviors
>
> >
>
> > 1978   This I-D. requests the IANA to update the reference of the
> following
>
> > 1979   registrations from the "SRv6 Endpoint Behaviors" registry under
> the
>
> > 1980   top-level "Segment Routing" registry-group
>
> > 1981   (https://www.iana.org/assignments/segment-routing/
> <https://urldefense.com/v3/__https://www.iana.org/assignments/segment-routing/__;!!NEt6yMaO-gk!HRpiQWU2pUWihCzpYT-zhnqmYyOb_iF_IIRZXx6AIXfOS90KBBq-2eWcXLMj5bZ1-KrV-coZZLQWNsXNpLFMYETMd6az628$>)
> with the RFC
>
> > 1982   number of this document once it is published, and transfer change
>
> > 1983   control to the IETF.
>
> >
>
> > [major] you also need to ask for the assignment of the TBA values.
>
> >
>
> > ...
>
> > 2113      +-------+-----------------------------------------+-----------+
>
> > 2114      | TBA   | End.PS with NEXT-CSID                   | This I-D. |
>
> > 2115      +-------+-----------------------------------------+-----------+
>
> > 2116      | TBA   | End.PS with REPLACE-CSID                | This I-D. |
>
> > 2117      +-------+-----------------------------------------+-----------+
>
> > 2118      | TBA   | End.XPS with NEXT-CSID                  | This I-D. |
>
> > 2119      +-------+-----------------------------------------+-----------+
>
> > 2120      | TBA   | End.XPS with REPLACE-CSID               | This I-D. |
>
> > 2121      +-------+-----------------------------------------+-----------+
>
>
>
> Fixed in revision -12.
>
>
>
> > ...
>
> > 2136 15.1.  Normative References
>
> > ...
>
> > 2173   [RFC9259]  Ali, Z., Filsfils, C., Matsushima, S., Voyer, D., and
> M.
>
> > 2174              Chen, "Operations, Administration, and Maintenance
> (OAM)
>
> > 2175              in Segment Routing over IPv6 (SRv6)", RFC 9259,
>
> > 2176              DOI 10.17487/RFC9259, June 2022,
>
> > 2177              <https://www.rfc-editor.org/info/rfc9259
> <https://urldefense.com/v3/__https://www.rfc-editor.org/info/rfc9259__;!!NEt6yMaO-gk!HRpiQWU2pUWihCzpYT-zhnqmYyOb_iF_IIRZXx6AIXfOS90KBBq-2eWcXLMj5bZ1-KrV-coZZLQWNsXNpLFMYETMM1rWuPY$>
> >.
>
> >
>
> > [minor] This reference can be Informative.
>
>
>
> Fixed in revision -14.
>
>
>
> > 2179   [RFC9350]  Psenak, P., Ed., Hegde, S., Filsfils, C., Talaulikar,
> K.,
>
> > 2180              and A. Gulko, "IGP Flexible Algorithm", RFC 9350,
>
> > 2181              DOI 10.17487/RFC9350, February 2023,
>
> > 2182              <https://www.rfc-editor.org/info/rfc9350
> <https://urldefense.com/v3/__https://www.rfc-editor.org/info/rfc9350__;!!NEt6yMaO-gk!HRpiQWU2pUWihCzpYT-zhnqmYyOb_iF_IIRZXx6AIXfOS90KBBq-2eWcXLMj5bZ1-KrV-coZZLQWNsXNpLFMYETMRynQXik$>
> >.
>
> >
>
> > [minor] This reference can be Informative.
>
>
>
> Fixed in revision -14.
>
>
>
> _______________________________________________
> spring mailing list
> spring@ietf.org
> https://www.ietf.org/mailman/listinfo/spring
>
>