IETF Logo Mail Archive

Re: [spring] draft-ietf-spring-srv6-srh-compression

Eduard Metz <etmetz@gmail.com> Wed, 07 February 2024 19:24 UTC

Return-Path: <etmetz@gmail.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42B6DC14CF09 for <spring@ietfa.amsl.com>; Wed, 7 Feb 2024 11:24:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K9MqRU2FA-8S for <spring@ietfa.amsl.com>; Wed, 7 Feb 2024 11:24:42 -0800 (PST)
Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E199C14CEFE for <spring@ietf.org>; Wed, 7 Feb 2024 11:24:42 -0800 (PST)
Received: by mail-lf1-x12f.google.com with SMTP id 2adb3069b0e04-50eac018059so1465505e87.0 for <spring@ietf.org>; Wed, 07 Feb 2024 11:24:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1707333880; x=1707938680; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=WyWCN6Y8bKZiCGDvM/oJkIKceCEFh4aAlu77vIUeFmw=; b=QR24kVWAiy+nZMoFJQ0zVh2XH8LCkpiwmH5Z3wnXgpxGvRRLnlr+fqN5uq0c+WJ0cu GScTrg7oXqBJ2vPcRtNdNxIZgTY3DIKphrWE2ocDVMH2/+e3fleufFH1FLm6yPca2RkM kD31lDzkTo34EVSN/OeLmApYX0VfJDkhC4sKTgXfdpGpC2gsi7yoJyzZ025wnrszYHwr XAmlrVzbaXry1xwox159hi1LO9mnaWWMN6ugYAIKbLGpdsJtdF/EOnTqmAt+UrOE8GNl cgHo526CZCmWltEDM1iQgmBeKGctQt9LwAsHgdl5mBCdMaOQ7HIoZwjV5sDFdRBCdlVc Gqzw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707333880; x=1707938680; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=WyWCN6Y8bKZiCGDvM/oJkIKceCEFh4aAlu77vIUeFmw=; b=o5QGQZGUsISlCCAXBWZp+z9jbE6d5xfXNCZG2ATGDGiJUNTe2dYriLdHwrb/aRRaPx S76X8tfPs/L7Yn37ux2EhqFXoB8THbmD6oRMBE35j9HGhAp9UvMA4XCh0nLv2Fr9hDRh Bt9cXHrHWrfNNk2zitk03QLg15afPJseGUjepQKwEk6jDlgXpdspyGEJtVOajVTBaBAS hUuciRO+t925nQKRFPUUiL4Zs7t8+We5oIIPLf7W+oLA2Z69E4vXdV1W3SCPR19L1uD4 pEBM0n9P+bm2nPfJT5pevf1bVuOWrxPRkUHiKbx1bFREOhCe1UxvoxAM8gNCdmI1f47H 3wrQ==
X-Forwarded-Encrypted: i=1; AJvYcCUDb+5tID0Q7Ym/OzPujW/s3nMtZ9x7ai17A9ez0VidrQ5kCSUf4JxkOCjpHm3RX8lrhxu1Y0JlAtjR6mc9Oq8=
X-Gm-Message-State: AOJu0Yya/RFqJWw0oZPYFlWuayxuXwM6X/4aT8i6NzpZKNx4v1lvtNqc fAZqiv0k2ETiqn8JLz9S5z2WI8stF/wOmuTzjoRxusPHqd06v8Tn+VYBIHOV4PJuiU8B2ROq9Nd EV5D7Egf1yqc/snkKqTdKMk9KdKg=
X-Google-Smtp-Source: AGHT+IF8ZNuIPc7OLdMDux+YFT7xZtbEDQ7V3XciAbe88LFwAaR+qeqKG2kEiQHJ1T+lHQ+YHUyZhh8Jg9G7CD8hIOw=
X-Received: by 2002:a05:6512:31c7:b0:511:54e8:b82e with SMTP id j7-20020a05651231c700b0051154e8b82emr5095114lfe.47.1707333880033; Wed, 07 Feb 2024 11:24:40 -0800 (PST)
MIME-Version: 1.0
References: <DU2PR03MB8021764E2F17F0D527E3FA3CFA472@DU2PR03MB8021.eurprd03.prod.outlook.com> <BL0PR05MB53163A098023244520ADCEEBAE472@BL0PR05MB5316.namprd05.prod.outlook.com> <CAOj+MMEc1R8fZZwgOEF2-mK8S0+PE+zBR3Yz9vwXBh-umQPAjQ@mail.gmail.com> <CAO42Z2z1Y_OH0yCi0yiMnHvwQRBHK+UYHxJJw+X5EfHfJgiGNw@mail.gmail.com> <CAOj+MMGxox-TDsqhdped8=8EhqHJOyyLBBk0HK8ZU5-qrV-zYA@mail.gmail.com> <CAO42Z2zm_XtV6CqiO6idX_-=HnZDCz4grgpQV=FJQ3H6qDsKKQ@mail.gmail.com>
In-Reply-To: <CAO42Z2zm_XtV6CqiO6idX_-=HnZDCz4grgpQV=FJQ3H6qDsKKQ@mail.gmail.com>
From: Eduard Metz <etmetz@gmail.com>
Date: Wed, 07 Feb 2024 20:24:26 +0100
Message-ID: <CAG=3OHfi-0uSe__yoeCsEfLUGOcUQEAyNKOpCBdtZN8QTnHXJw@mail.gmail.com>
To: Mark Smith <markzzzsmith@gmail.com>
Cc: Robert Raszuk <robert@raszuk.net>, Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>, Andrew Alston - IETF <andrew-ietf=40liquid.tech@dmarc.ietf.org>, SPRING WG <spring@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006eb7c80610cfa5f5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/PrDIhoSGlhlWKQnx9q-uyJV_oVI>
Subject: Re: [spring] draft-ietf-spring-srv6-srh-compression
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2024 19:24:46 -0000

To determine / compute the pseudo header, a middlebox would need to be
aware of at least locator block, block length and c-sid length.

Wouldn't it then be sufficient to state that the requirement on middleboxes
that are (made) part of an SRv6 'domain' is to be aware of relevant SRv6
(compression) parameters and support the algorithm / logic to determine the
pseudo-header (to finally compute / validate checksums)?

/Eduard



On Wed, Feb 7, 2024 at 10:58 AM Mark Smith <markzzzsmith@gmail.com> wrote:

>
>
> On Wed, 7 Feb 2024, 20:08 Robert Raszuk, <robert@raszuk.net> wrote:
>
>> Hi Mark,
>>
>> >  however UDP and ICMPv6 would be for OAM per RFC 9269
>>
>> I do agree if we are talking about no SRH containing packets.
>>
>
> I think it would also occur with an SRH if a middlebox is ignoring the SRH
> EH (e.g. unaware of how to handle it, or ignoring some or all IPv6 EHs) and
> validating the pseudo-header checksum when the packet's current DA isn't
> the final one, which of course it may not be if the packet is somewhere
> where in flight between the origin SA and the final DA.
>
> For a middlebox to validate the L4 pseudo header checksum somewhere during
> flight, it would have to determine the final DA for the calculation by
> digging it out of the SRH rather than using the packet's current DA.
>
> Without an SRH the middlebox would have to process the C-SIDs in the
> packet's DA field until it could identify the final DA before then
> performing the L4 pseudo-header calculation and validation.
>
> The would be conditional on the SRv6 payload being TCP, UDP or ICMPv6 and
> the middlebox being SRv6 aware (i.e. understand SRH when present) and SR
> configured to identify C-SID DAs (SRH'less).
>
> So I don't really see how including an SRH in OAM packets solves the
> problem unless the middlebox is SRv6 aware.
>
> And this is precisely why I said "vast majority of packets" not "all
>> packets"
>>
>
>> Glad that you nailed it on the list.
>>
>> Cheers,
>> R.
>>
>> PS. What Ron suggests is too big of a hammer. Instead I see no reason why
>> OAM packets should not contain SRH and resolve the nit that way.
>>
>>
>>
>> On Wed, Feb 7, 2024 at 5:44 AM Mark Smith <markzzzsmith@gmail.com> wrote:
>>
>>>
>>>
>>> On Tue, 6 Feb 2024, 03:17 Robert Raszuk, <robert@raszuk.net> wrote:
>>>
>>>> Hi Ron,
>>>>
>>>> Is there a problem ?
>>>>
>>>> If I read RFC8200 L4 checksum is computed by the packet *originator
>>>> and validated by the packet's ultimate receiver. *
>>>>
>>>> In all SPRING work to the best of my knowledge the vast majority of
>>>> packets are only encapsulated by transit nodes.
>>>>
>>>
>>>
>>> If the payload of the SRv6 packet is another IP packet or layer 2 frame
>>> e.g. Ethernet, common for L2 and L3 VPNs, then the layer 4 checksum issue
>>> probably wouldn't occur, because those protocols don't include the IPv6
>>> pseudo-header fields in their checksum calculations if they even have a
>>> checksum at all - RFC 2473 IPin IPv6 doesn't, and in GRE it is optional.
>>>
>>> However, if SRv6 was used to to directly carry an upper layer transport
>>> layer protocol PDU like UDP, TCP or ICMPv6, then that's when the
>>> checksum/middlebox issue arises, because they do include the IPv6
>>> pseudo-header in their checksum, which would therefore include the SRv6 SA
>>> and DAs.
>>>
>>> Not sure if TCP would be commonly carried directly in an SRv6 packet,
>>> however UDP and ICMPv6 would be for OAM per RFC 9269.
>>>
>>> So your SRv6 L2 or L3 VPN might be able to carry customer traffic
>>> successfully through a middle box, however you may not be able to SRv6
>>> traceroute or ping across it successfully, or have ICMPv6 error
>>> successfully sent between SRv6 nodes.
>>>
>>> Regards,
>>> Mark.
>>>
>>>
>>>> Is there any formal mandate in any of the RFCs that an encapsulating
>>>> node must mangle the inner packet's L4 checksum ? I don't think so but
>>>> stand open to get my understanding corrected.
>>>>
>>>> Cheers,
>>>> Robert
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Mon, Feb 5, 2024 at 5:04 PM Ron Bonica <rbonica=
>>>> 40juniper.net@dmarc.ietf.org> wrote:
>>>>
>>>>> Folks,
>>>>>
>>>>> Has anyone proposed a solution to the L4 checksum problem that Andrew
>>>>> talks about?
>>>>>
>>>>>                                           Ron
>>>>>
>>>>> Juniper Business Use Only
>>>>> ------------------------------
>>>>> *From:* spring <spring-bounces@ietf.org> on behalf of Andrew Alston -
>>>>> IETF <andrew-ietf=40liquid.tech@dmarc.ietf.org>
>>>>> *Sent:* Monday, February 5, 2024 5:21 AM
>>>>> *To:* spring@ietf.org <spring@ietf.org>
>>>>> *Subject:* [spring] draft-ietf-spring-srv6-srh-compression
>>>>>
>>>>>
>>>>> [External Email. Be cautious of content]
>>>>>
>>>>> Hi All,
>>>>>
>>>>>
>>>>>
>>>>> (In capacity as a contributor and wearing no other hats)
>>>>>
>>>>>
>>>>>
>>>>> At this point I cannot support progression of this document until the
>>>>> issues around the L4 Checksum have been resolved.  It’s been clearly stated
>>>>> in other emails on the list that in certain circumstances the behavior
>>>>> described in this document break the L4 checksum as defined in RFC8200.
>>>>> This requires an update to RFC8200 to fix it – and I’m not sure that spring
>>>>> can update 8200 absent the consent of 6man, which I’m not sure has been
>>>>> asked for, nor am I sure that a spring document can update something like
>>>>> 8200 in an area so fundamental as the checksum without a -BIS, which would
>>>>> have to be done via 6man.  The L4 checksum issue though is real – and it
>>>>> cannot simply be ignored.
>>>>>
>>>>>
>>>>>
>>>>> I also have deep concerns that the compression document creates
>>>>> something that (in a similar way to SRv6) creates something that is
>>>>> completely non-conformant with RFC4291.  There are multiple references to
>>>>> this in draft-6man-sids, and should draft-6man-sids become an RFC I would
>>>>> argue that it should probably be a normative reference in this document –
>>>>> on the logic that this document relies on similar RFC4291 violations that
>>>>> srv6 itself does (and for the record, just because SRv6 itself violates
>>>>> RFC4291 as is clearly documented in draft-6man-sids – does not make it
>>>>> acceptable to do so in yet another draft without clear and unambiguously
>>>>> stating the deviations and ideally updating RFC4291 to allow for said
>>>>> deviations)
>>>>>
>>>>>
>>>>>
>>>>> I believe these two issues alone are sufficient that to pass this
>>>>> document would create still further tensions about the relationship between
>>>>> SRv6 and IPv6 and lead to confusion.  As such – I believe these issues need
>>>>> to be adequately dealt with – and the solutions to them need to be approved
>>>>> by 6man as the working group that holds responsibility for ipv6 maintenance.
>>>>>
>>>>>
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>>
>>>>> Andrew Alston
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Internal All Employees
>>>>> _______________________________________________
>>>>> spring mailing list
>>>>> spring@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/spring
>>>>>
>>>> _______________________________________________
>>>> spring mailing list
>>>> spring@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/spring
>>>>
>>> _______________________________________________
> spring mailing list
> spring@ietf.org
> https://www.ietf.org/mailman/listinfo/spring
>

v2.23.0 | Report a Bug | By Email