IETF Logo Mail Archive

Re: [spring] 6MAN WGLC: draft-ietf-6man-sids

Robert Raszuk <robert@raszuk.net> Sun, 09 October 2022 22:48 UTC

Return-Path: <robert@raszuk.net>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FECCC14F73F for <spring@ietfa.amsl.com>; Sun, 9 Oct 2022 15:48:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5zbXNenFLvrS for <spring@ietfa.amsl.com>; Sun, 9 Oct 2022 15:48:26 -0700 (PDT)
Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4CC9DC14F74B for <spring@ietf.org>; Sun, 9 Oct 2022 15:48:26 -0700 (PDT)
Received: by mail-wm1-x329.google.com with SMTP id ay36so5895621wmb.0 for <spring@ietf.org>; Sun, 09 Oct 2022 15:48:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=jjw+ScsZ46IoPv/tB3YlzkWSEsXwtPMSQIDVmm0PkHY=; b=JRqNPF/dKkOPVwcAAVTCTgdmKkGVYPxGzHvna/Wy/6wTtoc1zsEEWy8pK/GBiyLwyV sczS4r/ePgwhqvw2cXg9ex3KQeRPBLM8OZ7XyHf3QwC2HN+c056ZRnHAynNIJ4GA0r5Y sDXZ5oW6TZma+kqzhn/bcfu/cTckjDjgWeDZryjmwxHa7xOgoC8YxWncVppI6NLwUEJO A6ASWQJfaQDUNVfBznFmCzrMWY6Ii2t0l2m6kjD5hMBN/7dEBbVH/WgSMhy/e+BFFFq/ XcQw0kcSvolB6NUtzNH+qa9cPXJ4+q4KQAPEaNFV22avkkS6jxwueJld+waI596gFSDQ vxRw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=jjw+ScsZ46IoPv/tB3YlzkWSEsXwtPMSQIDVmm0PkHY=; b=qUFcXo2/DBMPaLME9/UjNXyWqg0Pok8tv6we8qTvv6TJWmTC9eBoXbRx5I4qmlGoEo PUgr/abp7vCgOPzhsGv5W0plPhAbEUNneqD16FgMtbjzF/ALY/906GaAjb/8rUHyz1ar NKktTUbLsiXum/uvS8Orxp/CAkL5GHIx/L8sH737muJdloDyDCkqeCN0Jh5zh8KtZZa8 iiyiF0hRZj0jeF+WEcrkTdPPk6xkd+eMHyx659SOgv5hd9pnIrrgnx9IndZhhwQYtq48 sLfgfbVvuJD2u9/w+Qna+odnBqxbKfI5CQirfoR5WsGUCNMVbiuB/3ejHnCum2XwWYd7 4pgQ==
X-Gm-Message-State: ACrzQf3XPeIzR6UmAG86KC+o44icWx/Ah9324JFW24H34lTwnYvdDREE jw9R4tDel+OwOPZTnLdcQvglrDWszEd+rSePXeOgCA==
X-Google-Smtp-Source: AMsMyM6An4tM/1l+Cuf3MJVgkyyKDkuO0oR24Y9mLrjaUC1+4AaOz9UWJ+IZo0vY0wp8i9mrLdPYx6rE1XzRdSiyGA4=
X-Received: by 2002:a05:600c:524b:b0:3b4:8c0c:f3b6 with SMTP id fc11-20020a05600c524b00b003b48c0cf3b6mr18542929wmb.50.1665355702832; Sun, 09 Oct 2022 15:48:22 -0700 (PDT)
MIME-Version: 1.0
References: <CAFU7BARixwPZTrNQOuEw3WP-FqUsVwTj7btMTahcMbXm_NqWGw@mail.gmail.com> <bdd7bf12-f712-3fe5-2698-9272c16ddded@joelhalpern.com> <58E77509-A1A1-4CE8-9EE4-22BEEEA8B62E@gmail.com> <98a941e4-0fff-ced1-d4ca-4406368eac31@joelhalpern.com> <4DC495DF-AD6B-4D60-80C4-B836DD365A0C@gmail.com> <CAOj+MMEx7+jWN1yC=81dMwo5GmqbhyHqOZr9W2_qzN9BNjs+Zw@mail.gmail.com> <ab55e9c0-60b9-2986-07f1-38c28852009e@joelhalpern.com> <CAOj+MMEn6Dz-Rz0PRRvR8VXT8idAQm+rLuouWJoNz-dA+kRkJQ@mail.gmail.com> <1fe2d387-8ecc-5240-092c-84a5978af5e4@gmail.com> <CAOj+MME6Nb3MLQCiGQ5S06Cwj6d3Z+aoSpxwFdtoFaV-yPPuJQ@mail.gmail.com> <e65772a1-bc86-c59c-e99f-7cabf92f28a4@joelhalpern.com> <CAOj+MMF-dWpdLwQjc611Uv6s_0jaexvvRNmiMbkqxwjAfqwHbw@mail.gmail.com> <e894c1bd-1474-f732-9d39-50e9d48e1d6d@joelhalpern.com> <CAOj+MME8Ca=ANegECKvDeDH22zwZxL5OQKjrvWVg42OZNaMrXQ@mail.gmail.com> <EF93A54E-0DB4-48F9-B210-15FE3AF82B0F@gmail.com> <CAOj+MMEqyWaLq=D0SLPeGhRzFYi6w0p53UdqKxSgaxqJwDPvmw@mail.gmail.com> <77e0b05f-e23d-65d6-6f81-99303d1e1bda@gmail.com>
In-Reply-To: <77e0b05f-e23d-65d6-6f81-99303d1e1bda@gmail.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Mon, 10 Oct 2022 00:49:01 +0200
Message-ID: <CAOj+MMEwHam3ST0gt8OzachoPm5oS1iCS+TGMLnGKwR8jBdJwg@mail.gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Suresh Krishnan <suresh.krishnan@gmail.com>, 6man <ipv6@ietf.org>, SPRING WG List <spring@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000017a1f105eaa1d768"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/T1v-TyWjq5XKc6uf2eI0CClssn8>
Subject: Re: [spring] 6MAN WGLC: draft-ietf-6man-sids
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Oct 2022 22:48:30 -0000

Hi Brian,

Easily avoided by another layer of encapsulation, surely? Personally I
> would want to do that, and to use an encrypted encapsulation, to make sure
> that the SR domain is not penetrated.
>

I am not even sure what you call SR domain ... In the old days, slides
showed the domain as a little cloud or circle. Well times have changed.

Today your domain may be using AWS internal links for interconnect
shared with other users. Is this still limited domain buzz ?

Then we have a concept of DMZs. Are those part of a limited domain or not ?
Note that DMZs are usually open to the Internet (perhaps with few ACls
protection and often IPS systems).

Life is not as simple as RFCs to say "limited domain" and move on when you
are dealing with Internet accepted ethertype.

It doesn't, IMHO, belong in this draft. It really looks like an update to
> 8402: how to build a distributed SR domain.
>

Well if you recall during those discussions I illustrated this use case. It
was not taken into consideration.

And my overall point here - let's be a bit closer to reality. Sure some
IETF WGs could work completely detached and produce RFCs which not many
will follow - but is this really a good thing ?

Best,
R.

v2.23.0 | Report a Bug | By Email