Re: [spring] Lars Eggert's Discuss on draft-ietf-spring-sr-replication-segment-16: (with DISCUSS and COMMENT)
Rishabh Parekh <rishabhp@gmail.com> Wed, 09 August 2023 21:25 UTC
Return-Path: <rishabhp@gmail.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29319C14E515; Wed, 9 Aug 2023 14:25:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TYHeV6uZphig; Wed, 9 Aug 2023 14:24:57 -0700 (PDT)
Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 717BBC151081; Wed, 9 Aug 2023 14:24:45 -0700 (PDT)
Received: by mail-lf1-x129.google.com with SMTP id 2adb3069b0e04-4fe700f9bf7so306787e87.0; Wed, 09 Aug 2023 14:24:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691616283; x=1692221083; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=dalzbgaEwPeKn6Cp803iGPxfqCh1/nvp3ps0l8fkz5M=; b=l4Q8Q0zdTg+NqJsmpFT1ezblj5xGoBlwtmtK1d3daR8R61e3egRQyc6q20IKv7ewcy zl8tzW9NHvKqvyvUZ+GTtb8hHhorB3wNKawPr0kWvLaz4UIR4LWOJKvN7K75vFtxng3i JIumENgX51IfhPhvLUzvbI3ZVptOc7klQRH8ofdCDhvR3+8XIACtdlOJCGlXHUfW3VI5 vp3PjKips6tg8I8BVjffh3DAOUKNBXcc7ZKt8HUSye61E6O82blZtaA5CxrvTla3L1Yd 44qltd2rTweqnWFPZoe4oZ6iucY/AyZC/7jPXjkI5DSrYV4YEo+ut6AQss6wrg56qsCE gRSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691616283; x=1692221083; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=dalzbgaEwPeKn6Cp803iGPxfqCh1/nvp3ps0l8fkz5M=; b=BOXbYNhe30lqbqzpqiVQXLuce++yDE5AW8FYkGIAYRRADaGeUbzlQAFQDD+goEBHqH TK270Pubdj7/2rws4mlXXRi7GXqmIbSQ8QPDBu2ZW03GjORLGECnxOsf8fD6j/4oHL7A Cowrj6LpvIv9f476SBEZ46h1ZKdzBqHGwsVN3KVcHxF4k3x/7Zgzu941PKNBJhgPorMm bFquzLmj48EqW1jjPzLcN45qCKHVRwWPoE5ao10ff+AIld2Y3VMHQT7WhIpmy+ZWeoSv oskn7GhTMNwmgCu6EsecKjzXfDYtqW4fOC78HbG6L8XsNimOdE0pkynSOm7PegWO+gZS YcEw==
X-Gm-Message-State: AOJu0YzTWKpy9vt6b0Nx92+GvjGcqtE1/0GEHF0rwuFRWMc2GLwHN6HR btLmrargi7BQFdKCfYDBBTCNpZ9u7NcmHuWEnnw=
X-Google-Smtp-Source: AGHT+IGupPSyBW/72HUIY8WYtH741HtjKzwmsORXbQajC5R3xTwDMcrFYsKjyi1VtHkyUhkoo5DTWH4dMoNn9DdUCx8=
X-Received: by 2002:a05:6512:ba0:b0:4fd:fc3e:722c with SMTP id b32-20020a0565120ba000b004fdfc3e722cmr303125lfv.58.1691616283117; Wed, 09 Aug 2023 14:24:43 -0700 (PDT)
MIME-Version: 1.0
References: <169113757232.15080.2703586835855766334@ietfa.amsl.com>
In-Reply-To: <169113757232.15080.2703586835855766334@ietfa.amsl.com>
From: Rishabh Parekh <rishabhp@gmail.com>
Date: Wed, 09 Aug 2023 14:24:30 -0700
Message-ID: <CABjMoXZPXeUYLwzfSr=sRVAqZQm1BOLB9KCPbXHrbqWrM769Vg@mail.gmail.com>
To: Lars Eggert <lars@eggert.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-spring-sr-replication-segment@ietf.org, spring-chairs@ietf.org, spring@ietf.org, mankamis@cisco.com
Content-Type: multipart/alternative; boundary="000000000000a6cd5f0602841b81"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/TbHzdm2SCfhF_ANmQ5oDtjw1N9k>
Subject: Re: [spring] Lars Eggert's Discuss on draft-ietf-spring-sr-replication-segment-16: (with DISCUSS and COMMENT)
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Aug 2023 21:25:01 -0000
Lars, Responses inline @ [RP] On Fri, Aug 4, 2023 at 1:26 AM Lars Eggert via Datatracker <noreply@ietf.org> wrote: > Lars Eggert has entered the following ballot position for > draft-ietf-spring-sr-replication-segment-16: Discuss > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > # GEN AD review of draft-ietf-spring-sr-replication-segment-16 > > CC @larseggert > > Thanks to Thomas Fossati for the General Area Review Team (Gen-ART) review > (https://mailarchive.ietf.org/arch/msg/gen-art/WF6_i6kgEP9J8_frlekZtnm_6sQ > ). > > ## Discuss > > ### Paragraph 0 > > This document introduces packet replication functionality into SR > networks. This significantly increases and complicates the attack > surface of the technology while at the same time introducing severe > new misconfiguration possibilities (e.g., multicast amplification > loops that can lead to congestion collapse of the network.) This > document does not adequately describe and discuss these issues. > [RP] May I ask what you think is missing in the Security section text about loops? Additionally, this documents needs to specify suitable > countermeasures - it is not sufficient to leave this up to > unspecified control plane mechanisms. > [RP] This document is just specifying behavior of a single replication segment. The use of PCE as a controller to create a tree by stitching replication segments in specified in PIM WG document ( draft-ietf-pim-sr-p2mp-policy <https://datatracker.ietf.org/doc/draft-ietf-pim-sr-p2mp-policy/>) and PCEP protocol extensions are described in PCE WG doc ( draft-ietf-pce-sr-p2mp-policy <https://datatracker.ietf.org/doc/draft-ietf-pce-sr-p2mp-policy/>). > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > ## Comments > > ### Section 2, paragraph 18 > ``` > In principle it is possible for different Replication segments to > replicate packets to the same Replication segment on a Downstream > node. However, such usage is intentionally left out of scope of this > document. > ``` > What was the intent of leaving this out? There seems to be complexity > here that can be abused, in which case I would have expected this to > either be explicitly forbidden or discussed in sufficient detail to > understand (and mitigate) the issues. > [RP] This came up in WG discussion during WGLC about "sharing" a downstream replication segment across multiple "upstream" replication segments (possibly to enable Multipoint-to-Multipoint). Although this is feasible, it is only possible to do this when a complex set of conditions are satisfied. This adds complexity to both control plane and data plane (like needing "outer" and "inner" replication segment context in packets). Hence, it was kept out of scope of this document. > > ### Section 2.2.3, paragraph 2 > ``` > An implementation of Replication segment for SRv6 MUST enforce these > same restrictions and exceptions. Though this specification does not > use any extension header a future extension may do so and MUST > support the exception (2) above. > ``` > It is unusual for a spec to limit what a future extension can do in > this way (and often it turns out to be too limiting) - why is this > content needed in this document? > [RP] This text was for any future extension (say one that defines a destination option) to mandate supporting exception 2). However, I agree the last sentence is not really necessary. I will remove it in the next revision.
- [spring] Lars Eggert's Discuss on draft-ietf-spri… Lars Eggert via Datatracker
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Lars Eggert
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Lars Eggert
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Lars Eggert
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh