IETF Logo Mail Archive

Re: [spring] draft-ietf-spring-srv6-network-programming - IPv6 Addresses and SIDs

"Wang, Weibin (NSB - CN/Shanghai)" <weibin.wang@nokia-sbell.com> Thu, 10 October 2019 11:03 UTC

Return-Path: <weibin.wang@nokia-sbell.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A419120BDE for <spring@ietfa.amsl.com>; Thu, 10 Oct 2019 04:03:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.798
X-Spam-Level:
X-Spam-Status: No, score=-1.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d1xMA0iR1qKF for <spring@ietfa.amsl.com>; Thu, 10 Oct 2019 04:03:06 -0700 (PDT)
Received: from cnshjsmin05.nokia-sbell.com (cnshjsmin05.app.nokia-sbell.com [116.246.26.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74F4C120103 for <spring@ietf.org>; Thu, 10 Oct 2019 04:03:04 -0700 (PDT)
X-AuditID: ac18929d-d43ff7000000dbec-b7-5d9f0fe5faa6
Received: from CNSHPPEXCH1602.nsn-intra.net (Unknown_Domain [135.251.51.102]) (using TLS with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by cnshjsmin05.nokia-sbell.com (Symantec Messaging Gateway) with SMTP id C3.84.56300.5EF0F9D5; Thu, 10 Oct 2019 19:03:01 +0800 (HKT)
Received: from CNSHPPEXCH1605.nsn-intra.net (135.251.51.105) by CNSHPPEXCH1602.nsn-intra.net (135.251.51.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Thu, 10 Oct 2019 19:03:00 +0800
Received: from CNSHPPEXCH1605.nsn-intra.net ([135.251.51.105]) by CNSHPPEXCH1605.nsn-intra.net ([135.251.51.105]) with mapi id 15.01.1713.007; Thu, 10 Oct 2019 19:03:00 +0800
From: "Wang, Weibin (NSB - CN/Shanghai)" <weibin.wang@nokia-sbell.com>
To: Robert Raszuk <robert@raszuk.net>
CC: Gyan Mishra <hayabusagsm@gmail.com>, Ron Bonica <rbonica@juniper.net>, Fernando Gont <fgont@si6networks.com>, SPRING WG List <spring@ietf.org>
Thread-Topic: [spring] draft-ietf-spring-srv6-network-programming - IPv6 Addresses and SIDs
Thread-Index: AdV4lRCYx7PvZlo2Q0Gr5UNrwidUkgAfQXWAACyBboABPD/MgAABeNkAAAYfAgAAG/WwcP//hvkA//9fhIA=
Date: Thu, 10 Oct 2019 11:03:00 +0000
Message-ID: <2bfc34c002684e1d9c6bdc815e1483ea@nokia-sbell.com>
References: <SN6PR05MB5710CBAF8E6DF307401A2166AE9D0@SN6PR05MB5710.namprd05.prod.outlook.com> <f5eb739b-9ae4-433e-e6c0-8bcdb7bc575e@si6networks.com> <BYAPR05MB5703169601886283700608A5AE9F0@BYAPR05MB5703.namprd05.prod.outlook.com> <B6FE2A8B-B23B-4E9C-BB33-F6A5BD78C52B@gmail.com> <BN7PR05MB5699E5EA714CC64456771712AE940@BN7PR05MB5699.namprd05.prod.outlook.com> <1076F074-EB35-4D38-9949-4A241C946E07@gmail.com> <1fce4e24590847348894d10ca8bd5816@nokia-sbell.com> <CAOj+MMHvhO4gecUuaLZtG4L-OL5eKZRoS5=FEVY7fL8zrcDA4w@mail.gmail.com>
In-Reply-To: <CAOj+MMHvhO4gecUuaLZtG4L-OL5eKZRoS5=FEVY7fL8zrcDA4w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.251.51.115]
Content-Type: multipart/alternative; boundary="_000_2bfc34c002684e1d9c6bdc815e1483eanokiasbellcom_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrGIsWRmVeSWpSXmKPExsXS/ts4Tfcp//xYg4cf2CyerHrDZrGhoYnR 4sB3B4umhU3MFscv/GZ0YPXYOesuu8eSJT+ZPK43XWX32L1xAZPHh0M97AGsUVw2Kak5mWWp Rfp2CVwZDev+sBf82MNUsWbBJ/YGxktbmLoYOTkkBEwk5h48wdLFyMUhJHCISeLH/6PsEM5f RomFq1uYIZxNjBLb+s4xg7SwCbhJTNq2iw3EFhFQleg88QisiFlgCqPE5PU9YAlhgRiJBR3N UEWxEm8f7mCEsJMk5i+dAGRzcLAANbefCgEJ8wrYSez+uogJYtlcFomt21aygiQ4BQIlWpd2 sYPYjAJiEt9PrQG7m1lAXOLWk/lQPwhILNlznhnCFpV4+fgfK8h8CQElib4NUOWpEn0d39kh dglKnJz5hGUCo+gsJJNmISmbhaRsFtAkZgFNifW79CFKFCWmdD9kh7A1JFrnzGVHFl/AyL6K UTo5rzgjqzg3M8/AVC8vPzszUbc4KTUnRy85P3cTIzB210hMmruDsbMz/hCjAAejEg9vxsm5 sUKsiWXFlbmHGCU4mJVEeBfNmhMrxJuSWFmVWpQfX1Sak1p8iFGag0VJnPd3q1OskEB6Yklq dmpqQWoRTJaJg1OqgVF3jvQbwbxbChZqD6+/Wce0Q//wtELeVT6Vs35fUdkQNuO7gkkV41Ob uaeeydWcEXh4wSItjqXz8NPPuyZrJy2b0/3VT8mbbe+HaQLqy9N3OMQkfO8yspmYfLr4cNxB 5nsJbTO6D5nrR9zamyO+sfaYtnfCZ5ViC/drqS8UNN59bnhTd6Hl7RYlluKMREMt5qLiRADC sDOc2QIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/ShOPX2bhbn8kHZu9PM41BSHFMaM>
Subject: Re: [spring] draft-ietf-spring-srv6-network-programming - IPv6 Addresses and SIDs
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2019 11:03:11 -0000

Of course, you can do that like your description, but that may lead to complicatedness, because you had better enable security measure for DDOS on SID within SRv6 domain when deploying SRv6, if you have a dedicated and separate SRv6 SID block, you can have only one ACL entry in ingress PE to filter malicious traffic target toward nodes inside SRv6 domain, so it is easy;

And if the SID represent Adj-SID such as END.X, and in further if you can not advertised it with IGP, but anyway it will lead to complexity, because you have to use a Node-SID plus Adj-SID to represent the link segment.

I think, if you have assign a SID prefix to a Node (SID block + parent Node ID),  all SRv6 SIDs instantiated in this Node will be covered within the SID prefix, so all what the Node have to do is  only advertisement for this SID prefix.

--------------------------------------
Cheers !


WANG Weibin

From: Robert Raszuk <robert@raszuk.net>
Sent: 2019年10月10日 17:05
To: Wang, Weibin (NSB - CN/Shanghai) <weibin.wang@nokia-sbell.com>
Cc: Gyan Mishra <hayabusagsm@gmail.com>; Ron Bonica <rbonica@juniper.net>; Fernando Gont <fgont@si6networks.com>; SPRING WG List <spring@ietf.org>
Subject: Re: [spring] draft-ietf-spring-srv6-network-programming - IPv6 Addresses and SIDs

> so they are not overlap each other, but Both of them must advertised by IGP or BGP protocol

While it is an option it is not "must". You can use your regular routing addresses as SID locators and it perfectly ok for SRv6 and routing locators to be identical.

Of course if you want to to create separate address spaces it is fine as well.

Thx,
R.


On Thu, Oct 10, 2019 at 10:44 AM Wang, Weibin (NSB - CN/Shanghai) <weibin.wang@nokia-sbell.com<mailto:weibin.wang@nokia-sbell.com>> wrote:
The key character of SRv6 is the SRv6 SID has capability of routable function, it is reachable according to FIBv6, so the SIDs, I think, must be allocated from unicast IPv6 address space, because the SRv6 domain is limited and controlled by operator, such as deploying it within it's AS domain, so ULA as well GUA, I think, are also options for SRv6 SID; and the SID block is separate from plain IPv6 address block which are usually configured under Node's interfaces; so they are not overlap each other, but Both of them must advertised by IGP or BGP protocol, they perform different function within network; how to allocate the SID and how to indicate length of SID prefix May be up to operator and its specific network scenario.

--------------------------------------
Cheers !


WANG Weibin

-----Original Message-----
From: spring <spring-bounces@ietf.org<mailto:spring-bounces@ietf.org>> On Behalf Of Gyan Mishra
Sent: 2019年10月10日 10:58
To: Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>
Cc: Fernando Gont <fgont@si6networks.com<mailto:fgont@si6networks.com>>; SPRING WG List <spring@ietf.org<mailto:spring@ietf.org>>
Subject: Re: [spring] draft-ietf-spring-srv6-network-programming - IPv6 Addresses and SIDs


Hi Ron,

I read that as well in my SRv6 studies so thinking about it logically from an IGP ospf or ISIS longest match routing IPv6 FIB entry perspective for me makes sense to understand the SRv6 IPv6 data plane.  So I think my interpretation is that the 128 bit SID is broken up into hierarchy fields with intelligence but from a routing perspective it’s an IPv6 address of a connected interface on a P or PE router which is a /127 for p2p links however it defines your “next hop” NH or “next next hop” NNH in the legacy MPLS TE FRR node or path protection or IP-LFA/Remote LFA or you can think of it like a MPLS TE autoroute or FA (forwarding adjacencies) and to use that path you have to static next hop to the tunnel but in this SRv6 case it’s a next hop IPv6 address which is a full 128 bit address that is in the SID entry in the SID list as the next hop for your FEC destination in the IPv6 FIB entry.

To make this easier for me to understand the SRv6 spec and how to interpret lets think of an example of a service provider core with an IPv6 data plane path between ingress PE and egress and a egress FEC which is the loopback0 for your ibgp peering vpn services which is the IPv6 destination last SID entry in the SID list which the one hop prior P would do it’s normal PSP similar to PHP in the mpls world.  So now imagine each P router along the path to the destination PE has a bunch of /127 p2p links.  So now the 1st SID entry would be to the next hop P from the originating PE that inserted the EH routing type 4 header SRH to source route the traffic along the engineered path.  So now if you examine that 1st SID entry it is a 128 bit address with embedded information such as the function and arguments in the station id so the actual IPv6 FIB entry for the egress PE FEC destination would have a next hop of the P router which is the SID what the 1st SID contains which is a 128 bit address to route to the 1st node which is the next hop PE. Once the packet arrives at the 1st node in the case the ingress P the station id IID is decoded for any functions or argument the need to be executed by the instruction PSSI.

That’s my interpretation but I have to build this out in the lab do dig deeper into the bits and bytes.

Cheers,

Gyan

Sent from my iPhone

> On Oct 9, 2019, at 8:02 PM, Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>> wrote:
>
> Gyan,
>
> If the Locator were guaranteed to be 64 bits, as you suggest, there would be no problem. However, the following text from Section 3.1 suggests otherwise.
>
> "   An SRv6 SID is represented as LOC:FUNCT where LOC (locator) is the L
>   most significant bits and FUNCT (function) is the 128-L least
>   significant bits of the SID.  L is called the locator length and is
>   flexible.  Each operator is free to use the locator length it
>   chooses.  Most often the locator is routable and leads to the node
>   which instantiates that SID.  A control-plane protocol might
>   represent the locator as B:N where B is the SRv6 SID block (IPv6
>   subnet allocated for SRv6 SIDs by the operator) and N is the
>   identifier of the parent node."
>
>                                                                    Ron
>
>
>
> Juniper Business Use Only
>
> -----Original Message-----
> From: Gyan Mishra <hayabusagsm@gmail.com<mailto:hayabusagsm@gmail.com>>
> Sent: Wednesday, October 9, 2019 7:21 PM
> To: Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>
> Cc: Fernando Gont <fgont@si6networks.com<mailto:fgont@si6networks.com>>; SPRING WG List
> <spring@ietf.org<mailto:spring@ietf.org>>
> Subject: Re: [spring] draft-ietf-spring-srv6-network-programming -
> IPv6 Addresses and SIDs
>
>
>
> In-line comments
>
> Thanks
>
> Gyan
>
> Sent from my iPhone
>
>> On Oct 3, 2019, at 12:25 PM, Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org<mailto:40juniper.net@dmarc.ietf.org>> wrote:
>>
>> Fernando,
>>
>> Someone should. I think that the expertise to do this is in 6man.
>>
>>                                 Ron
>>
>>
>> Juniper Business Use Only
>>
>> -----Original Message-----
>> From: Fernando Gont <fgont@si6networks.com<mailto:fgont@si6networks.com>>
>> Sent: Wednesday, October 2, 2019 3:11 PM
>> To: Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>; SPRING WG List
>> <spring@ietf.org<mailto:spring@ietf.org>>
>> Subject: Re: [spring] draft-ietf-spring-srv6-network-programming -
>> IPv6 Addresses and SIDs
>>
>>> On 1/10/19 23:30, Ron Bonica wrote:
>>> Authors,
>>>
>>>
>>>
>>> The document should include a discussion of the relationship between
>>> IPv6 addresses and SIDs. For example:
>>>
>>>
>>>
>>> * From what address space can SIDs be drawn? Link local? Multicast? ULA?
>>> * Can a locator be longer than 64 bits? If so, how can the rest of the
>>>   /64 be used?
>>
>> I'm not saying that this shouldn't be done or that it is a bad idea,
>> but I'm curious if is anybody looking at this from a higher level?
>> (these seems pretty architectural to me)
>>
>> Thanks,
>> --
>> Fernando Gont
>> SI6 Networks
>> e-mail: fgont@si6networks.com<mailto:fgont@si6networks.com>
>> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>>
>>
>
> [Gyan] The SRv6 SID format is below:
>
> So from an IPv6 data plane forwarding perspective the fixed length 64 bit Locator is copied hop by hop into the destination address of the IPv6 header to the tail end FEC destination egress PE and during failover Ti-LFA kicks in additional EH is inserted {violating RFC 8200} at the PLR NNHOP to the similar to RLFA PQ node.
>
> So with SRV6 native traffic engineering the locator is either the physical IP on ingress interface along each hop or loopback along each hop and so is either a GUA or ULA but not LL or multicast address is what I understand from a technical standpoint.
>
> From everything I have read the SID is fixed at 64 bit length maximum but I guess you can have a smaller then 64 bit locator.
>
> I am working on getting this setup in the lab now so that will really help understand the real world implementations.
>
> SRv6 SID format:
>
> 128-bits Segment IDs can be used and allocated for different purposes, for example:
> • The first 64 bits can be used to direct traffic to a specific node
> in the network – the “main body” of the program • The next 32 bits can
> be used to enforce some actions on the traffic – the “function”part •
> The remaining 32 bits can be used to pass some additional information
> – the “argument” part 128-bit SRv6 SID
> Locator: routed to the node performing the function Function: any
> possible function Flexible bit-length selection
>
>>
>> _______________________________________________
>> spring mailing list
>> spring@ietf.org<mailto:spring@ietf.org>
>> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spr<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spr>
>> i
>> ng__;!8WoA6RjC81c!UP3yJRwYfx17fPimClpX4-wcZU8JT55LIEZGQRTz6hag6LoSzz8
>> K
>> kBJW9qEVHARw$

_______________________________________________
spring mailing list
spring@ietf.org<mailto:spring@ietf.org>
https://www.ietf.org/mailman/listinfo/spring
_______________________________________________
spring mailing list
spring@ietf.org<mailto:spring@ietf.org>
https://www.ietf.org/mailman/listinfo/spring

v2.23.0 | Report a Bug | By Email