Re: [spring] Administrative interfaces (was draft-filsfilscheng-spring-srv6-srh-compression)
Robert Raszuk <robert@raszuk.net> Tue, 19 October 2021 12:40 UTC
Return-Path: <robert@raszuk.net>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E4123A0C8B for <spring@ietfa.amsl.com>; Tue, 19 Oct 2021 05:40:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kJvYfGc2EjiO for <spring@ietfa.amsl.com>; Tue, 19 Oct 2021 05:40:53 -0700 (PDT)
Received: from mail-ua1-x92e.google.com (mail-ua1-x92e.google.com [IPv6:2607:f8b0:4864:20::92e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5D1A3A0C82 for <spring@ietf.org>; Tue, 19 Oct 2021 05:40:52 -0700 (PDT)
Received: by mail-ua1-x92e.google.com with SMTP id a17so8538483uax.12 for <spring@ietf.org>; Tue, 19 Oct 2021 05:40:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Sjm+AwRYPTUqBYcjtJMfXEXDSN8sl06WL6zFi33MAWs=; b=SFCtuTALoWRI1c6mg/a/ibxERv0l3KVNEuxhHoyiJpcDBl6DfMX0Orq2GGLyAioV2Y T9q1N/TKM5+IKErALiWdsJzYfsWgpaTgEWwSnfampjbDrfx4FuZBptkpIAaEPsljzMCL JTimTcs4xDdIaLVSqKr1SxkjvuHxNUUb0t8BCnVKFSh5HKxQcMagmwRCvj3mXsjUkIwb 7MzwTZHgoGJRA89f8eN2CqcLVxvHDblmW03hntY5cNmgD9x4YpgBQBqUFBBKwxieZCmY O17wV8woFksRsVc5j2EcUZ9HcyjGpWHQAnAscRZYEhsI/uKeVN4qVxSvHGD/qfoH4tjO gcyA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Sjm+AwRYPTUqBYcjtJMfXEXDSN8sl06WL6zFi33MAWs=; b=uX5HOBXW9IYehR2k9AIA1zj4Ycaxykm4IJa9v8201NhoqKknNX0j/APgSwg3v5M2bi hurYgenr9KgJAvJFbObTjVgRjsDIivZaXRqIwV29EvQyfcEpUCrC0E0volVa2YEj+v90 8ebEg12uAVPuMs1BVSnJKjnlWj7bBINZ0WS+Epm5cutidkyYeTTyhdQQcKsZJrjI+U5X xihGX84PO0aETfNYfsOD/e1Jlkdo0xACmnDs3o0EpSCCM35j/8p+/9j+TI+E/UyCelvY 771psTdyHwqn2Xo3EiN497YBciNA3LDtnUT+xh6uNR43DsKAZj5xzJW5QEkp1Cfn8YQw 6fvQ==
X-Gm-Message-State: AOAM531Ol0XBLMHadINimTcpwFeshv7kfA9cnBhp7g198PPCMRuS+pK7 ziQZRjVPOXg8LvNyGJ5JS29MrCTYJYz20XtvglVTFA==
X-Google-Smtp-Source: ABdhPJwN3pD4sOOiypqAMEa9uHrPthL60Le/iR8VOqlDQWLZPVR/ycclzVb2KS+wD5nj7c7q3Br/cCobDH5jYU8D9Wg=
X-Received: by 2002:a9f:2438:: with SMTP id 53mr32046537uaq.116.1634647249501; Tue, 19 Oct 2021 05:40:49 -0700 (PDT)
MIME-Version: 1.0
References: <85fddbe9-4eb8-7d90-d246-a888fe8bdcd3@joelhalpern.com> <139d72fd-98de-f46a-767f-6a493c4facc9@joelhalpern.com> <26d9fc32-4884-602c-975a-79fc64551727@gmail.com> <CAO42Z2zqQqNcKhh7ghVbumT9-FiDJyaJFZ0VS5KWJyb+q=xPqQ@mail.gmail.com> <CA+9kkMC2PxSBkrD4y66VU31zETRhoZNsBvt7Mmts3oVR0SUxkw@mail.gmail.com>
In-Reply-To: <CA+9kkMC2PxSBkrD4y66VU31zETRhoZNsBvt7Mmts3oVR0SUxkw@mail.gmail.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Tue, 19 Oct 2021 14:40:38 +0200
Message-ID: <CAOj+MMFxbVof+mvNY2=vZjWxJ_mOZVzYkChpJ2dnt4HKMvBhMw@mail.gmail.com>
To: Ted Hardie <ted.ietf@gmail.com>
Cc: Mark Smith <markzzzsmith@gmail.com>, "spring@ietf.org" <spring@ietf.org>, "ipv6@ietf.org" <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a5200b05ceb3f8c4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/TxzecWMFxJCdWsj3hBIDSpjm_ME>
Subject: Re: [spring] Administrative interfaces (was draft-filsfilscheng-spring-srv6-srh-compression)
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Oct 2021 12:40:58 -0000
All, I must say that I am not quite sure what is being discussed here. Today the computer node says linux is also called host. That host has in the kernel multiple routing tables. The same very host (or node) is a home for the number of kube pods which in turn are home for the number of containers. Those run apps. Same for docker with its network interface of choice. To further make it real kubernetes CNI can modify packets between containers/pods and network interfaces in many places (system calls, socket layer, L4 protocol layer, netfilter, RIB, TC, nic driver or even NIC itself. Anything can be changed in the packet as long as kernel helper API allows. So all discussions that route can do that but the host can not are really moot. Maybe 20 years ago they could take the floor but sorry no these days :( SRv6 IPv6 header can be produced by the end app and inserted into a packet in the processing pipeline by BPF. Reverse direction can and does happen too. And none of the above is about the administrative interface of the hosts. That's all together a completely different thing - but I am not sure is in scope of this bigger thread. Thx, R. On Tue, Oct 19, 2021 at 10:43 AM Ted Hardie <ted.ietf@gmail.com> wrote: > Hi Mark, > > I updated the subject because I think this is a distinct question, and > I've tried to pull that question into focus by cutting to that text below. > I hope that's okay. > > On Tue, Oct 19, 2021 at 8:11 AM Mark Smith <markzzzsmith@gmail.com> wrote: > >> Hi Brian, >> >> On Tue, 19 Oct 2021 at 15:51, Brian E Carpenter >> >> If a router as a physical device has IPv6 addresses that are sent to >> the device itself, then the router as a physical device is also >> performing host functions. For packets with those "router addresses", >> the router as a physical device is not "forward[ing] IPv6 packets not >> explicitly addressed to itself. " >> >> > In many deployments the packets sent to the router while it is "performing > host functions" are sent to a distinct interface (or distinct interfaces, > when there is one for each address family). That interface or those > interfaces typically have distinct security controls and expose different > ports (so that you can ssh in, for example). > > I think it would be reasonable to add text on using SID addressing to > reach administrative interfaces. I think that would work along the lines > already laid out, with the administrative interfaces being outside the SR > domain, but additional thought and text on it might well be useful. > > > >> In a router as a physical device, the forwarding plane is performing >> the router function above. In a router as a physical device, the >> "control plane" (really just a fancy name for a host) is performing >> host functions on packets that are directly to and from it (BGP, OSPF, >> SSH, SNMP etc. packets). >> >> The consequence is that all IPv6 addresses are host addresses, and all >> processing of packets at the device that holds a packet's DA is host >> processing of the packet. >> > > I must disagree with this conclusion. I think RFC 8504 was written the > way it was to highlight that there is some commonality between hosts and > routers and to set out the node requirements that unite the two. But there > are clear differences between the processing of a packet by a router and by > a host, with forwarding behavior being chief among them. To say that all > processing is host processing is to gloss over both an architectural > distinction and the deployed reality I mentioned before. The reason people > maintain distinct administrative addresses is to ensure that the host > processing and router processing remain distinct. > > I think Brian's note is maintaining a distinction that is both generally > important and important for understanding this case. Speaking personally, > I'd like to retain that understanding. > > best regards, > > Ted Hardie > > > >> >> It is the same in IPv4 - from RFC791, "The internet protocol provides >> for transmitting blocks of data called datagrams from sources to >> destinations, where sources and destinations are hosts identified by >> fixed length addresses." >> >> So these packets with CSID rotating IPv6 DAs are being host processed >> by the router (as a device), after the forwarding plane in the router >> (as a device) has forwarded the packet to the colocated host function. >> >> (A more practical example to support the above observation. If a >> router as a device is bought from a router vendor, and then is run as >> a BGP route reflector, meaning it is never in a packet forwarding >> path, and therefore never "forwards IPv6 packets not explicitly >> addressed to itself" is the router device still a router? Functionally >> no, it is a host, even though it looks like a router (as a device).) >> >> Regards, >> Mark. >> >> > Another way to say it is RFC 7608 is the relevant architectural >> > standard. CIDR rules, even within an SR domain. >> > >> > For that reason, the fact that the bottom 64 bits in the >> > "address" look funny or change is simply irrelevant. They are >> > invisible to routing (which is done based on the prefix) >> > and invisible to neighbor discovery (because it never happens). >> > >> > I apologise if this is all obvious to everybody, but I needed >> > to spell it out for my own understanding. >> > >> > Now back to Joel's questions: >> > >> > >> > On 13-Oct-21 20:37, Joel M. Halpern wrote: >> > > There is a typo in the below which if not understood as a typo would >> be >> > >> > > quite confusing. I wrote that I raised the issue with >> > > "with the Internet ADs and SPRING chairs". >> > > That should have read "with the Internet ADs and 6man chairs". >> > > The SPRING co-chairs are recused, and the charter requirement leads to >> > > the 6man chairs. Which is who I talked to. >> > > >> > > Also, I am sending a courtesy copy to the routing ADs, which I should >> > > have done originally. >> > > >> > > Thank you and enjoy. >> > > Yours, >> > > Joel >> > > >> > > On 10/12/2021 11:52 PM, Joel M. Halpern wrote: >> > >> The SPRING working group is in the midst of an adoption call on >> > >> >> https://datatracker.ietf.org/doc/draft-filsfilscheng-spring-srv6-srh-compression/ >> . >> > >> >> > >> >> > >> The SPRING charter has text that is explicit that modifications to >> data >> > >> planes and architectures standardized by other working groups may >> not be >> > >> modified in SPRING unless the chairs and ADs responsible for that >> data >> > >> > >> plane and / or architecture agree. >> > >> >> > >> To complete the context, as my SPRING co-chairs are co-authors on the >> > >> document in question, they have recused themselves from decisional >> > >> activities regarding the document. Therefore, this message is coming >> > >> just from my as the responsible SPRING co-chair managing this >> adoption >> > >> > >> call. >> > >> >> > >> As you have seen, multiple questions have been raised about the >> > >> relationship of the document to the IPv6 defined data plane and >> > >> architecture (particularly RFC 4291 and 8200). In particular the >> > >> questions seem to revolve around what the document describes as the >> > >> NEXT-C-SID flavor of compressed SID, and its relationship to the IPv6 >> > >> standards. (For those seeking more context without reading the full >> > >> document, a paraphrase and simplification of the NEXT-C_SID flavor is >> > >> provided as a postscript.) >> > >> >> > >> I raised the question of concurrence as required by the SPRING >> charter >> > >> > >> with the Internet ADs and SPRING chairs. They quite reasonably >> asked me >> > >> to write a note to 6man explaining the concerns as clearly as a can, >> so >> > >> that they can then determine how to proceed. >> > >> >> > >> The questions that prompted my inquiry are: >> > >> >> > >> 1) Does the placement of a list of sids in the IPv6 DA field change >> the >> > >> IPv6 architectural description of that field. >> > >> > I think it should be noted explicitly somewhere that since the contents >> > of the DA field are *never* used for last-hop neighbor discovery, >> > the IID aspect of RFC 4291 is irrelevant, and RFC 4861 + RFC 5942 >> > are irrelevant. Another citation is RFC 7608: for routing, all that >> > counts is the prefix, and it can be anything up to 128. >> > >> > Perhaps this should have been in section 5 of RFC 8754, but I leave >> > that to the wordsmiths. >> > >> > >> 2) Does the operation of shifting information around in the IPv6 >> > >> destination address field represent a modification or extension of >> the >> > >> > >> IPv6 data plane. >> > >> > No. As my text above indicates, the SRv6 DA field is only ever used >> > by routing, where RFC 7608 rules. And of course it vanishes as soon >> > as the packet is decapsulated. >> > >> > Regards >> > Brian >> > >> > >> >> > >> On a related note, the document in question also defines two other >> > >> flavors, REPLACE-C-SID, and NEXT-and-REPLACE-C-SID. The >> > >> NEXT-and-REPLACE-C_SID flavor is defined to include the NEXT-C_SID >> > >> flavor operation, so seems to be affected by the same question. >> > >> >> > >> From my own reading, it appears that the REPLACE-C-SID flavor does >> not >> > >> raise issues requiring 6man leadership concurrence. >> > >> >> > >> Yours, >> > >> Joel M. Halpern for the SPRING working group >> > >> >> > >> >> > >> PS: >> > >> Clearly, understanding the question requires some understanding of >> what >> > >> the NEXT-C_SID flavor does. This explanation is a simplification >> for >> > >> length and context. Really, the best place to understand it is the >> > >> draft. However, to give you enough information to let you decide >> > >> > >> whether you care, I will try to provide a fair summary. My >> apologies in >> > >> advance to the authors for necessary liberties for length. Also, >> > >> > >> discussion of the draft contents (as distinct from the interaction >> with >> > >> the IPv6 data plane and architecture) belongs on the SPRING list, and >> > >> should not clutter up 6man. >> > >> >> > >> SIDs are the identifiers used in segment routing. >> > >> In SRv6, as document in the current RFCs, these are 128 bits. As >> > >> defined in the relevant RFCs, SIDs which identify endpoints to which >> > >> packets are directed are identified by endpoint SIDs. These can have >> > >> behaviors (decapsulate and forward is one example). They can have >> > >> flavors such as where the SRH is removed. >> > >> >> > >> The topic under discussion is means to compress these SIDs in the >> > >> packets on the wire. The document under discussion provides three >> > >> flavors of compression. >> > >> >> > >> The fundamental mechanism of the draft is to use a single SRH entry >> as >> > a >> > >> container for multiple SIDs. In the NEXT-C_SID mechanism, when it is >> > >> first encountered the entire container is copied into the desination >> > >> address of the IPv6 packet. The container has a common routing >> prefix >> > >> used for all the NEXT-C-SID SIDs. It is followed by a sequence of >> > >> compressed SIDs of a configured length. One could configure 16, 24, >> or >> > >> 32 bits. Or whatever length. The routing advertisements are >> arranged >> > >> so that the IPv6 packet is directed to the node represented by the >> first >> > >> compressed SID on the basis of longest prefix match matching the >> > >> combination of the common routing prefix and that compressed SID. >> > >> >> > >> When the packet arrives at that node, it looks up the configured >> > >> portion, the compressed SID, and determines the behavior and >> flavor. In >> > >> the case of the NEXT-C-SID flavor, the resulting operation is to >> shift >> > >> > >> the entire remaining contents of the IPv6 address (the bits past the >> > >> first compressed sid) so as to over-write the first compressed SID. >> 0 >> > >> bits are shifted into the low order positions. If the result is a >> > >> non-zero new first compressed SID, then the packets is forwarded and >> the >> > >> process repeats. When all that is left are 0s, if there is an SRH, >> it >> > >> is consulted to find the next SRH entry, which is, per normal SRv6 >> > >> processing, put into the IPv6 DA. >> > >> Note that in the common case where the SIDS needed all fit in to a >> > >> single container, the analysis also assumes the use of the reduced >> > >> encapsulation options which omits the SRH that is not needed as it >> would >> > >> have no entries. This the packet contains a normal IPv6 header, >> with a >> > >> sequence of compressed SIDs (what one might or might not call a >> source >> > >> > >> route) in the IPv6 destination address field. >> > >> >> > >> PPS: If the authors of the NEXT-C-SID flavor feel I have >> mis-represented >> > >> the work, please, send clarifications or corrections. Again, the >> best >> > >> source of information is the draft itself. I was asked to provide >> extra >> > >> context in this email. >> > > >> > > -------------------------------------------------------------------- >> > > IETF IPv6 working group mailing list >> > > ipv6@ietf.org >> > > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 >> > > -------------------------------------------------------------------- >> > > >> > >> > -------------------------------------------------------------------- >> > IETF IPv6 working group mailing list >> > ipv6@ietf.org >> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 >> > -------------------------------------------------------------------- >> >> -------------------------------------------------------------------- >> IETF IPv6 working group mailing list >> ipv6@ietf.org >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 >> -------------------------------------------------------------------- >> > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- >
- Re: [spring] Question from SPRING regarding draft… Stefano Salsano
- [spring] Question from SPRING regarding draft-fil… Joel M. Halpern
- [spring] Typo correction Re: Question from SPRING… Joel M. Halpern
- Re: [spring] Typo correction Re: Question from SP… Brian E Carpenter
- Re: [spring] Typo correction Re: Question from SP… Michael Richardson
- Re: [spring] Typo correction Re: Question from SP… Ted Hardie
- Re: [spring] Typo correction Re: Question from SP… Carsten Bormann
- Re: [spring] Question from SPRING regarding draft… Erik Kline
- Re: [spring] Typo correction Re: Question from SP… Brian E Carpenter
- Re: [spring] Typo correction Re: Question from SP… Tom Herbert
- Re: [spring] Typo correction Re: Question from SP… mohamed.boucadair
- Re: [spring] Typo correction Re: Question from SP… Mark Smith
- Re: [spring] Typo correction Re: Question from SP… mohamed.boucadair
- Re: [spring] Typo correction Re: Question from SP… Ted Hardie
- [spring] short term plan regarding adoption call … Joel M. Halpern
- Re: [spring] Typo correction Re: Question from SP… Tom Herbert
- Re: [spring] Question from SPRING regarding draft… Andrew Alston
- Re: [spring] Question from SPRING regarding draft… Francois Clad (fclad)
- Re: [spring] Typo correction Re: Question from SP… Michael Richardson
- Re: [spring] Typo correction Re: Question from SP… Brian E Carpenter
- [spring] All IPv6 fields are now mutable (Re: Typ… Mark Smith
- Re: [spring] Question from SPRING regarding draft… Brian E Carpenter
- Re: [spring] Question from SPRING regarding draft… Brian E Carpenter
- Re: [spring] All IPv6 fields are now mutable (Re:… Andrew Alston
- Re: [spring] Question from SPRING regarding draft… Mark Smith
- Re: [spring] Question from SPRING regarding draft… Brian Carpenter
- Re: [spring] Question from SPRING regarding draft… Michael Richardson
- Re: [spring] Question from SPRING regarding draft… Darren Dukes (ddukes)
- Re: [spring] All IPv6 fields are now mutable (Re:… Tom Herbert
- Re: [spring] Question from SPRING regarding draft… Brian E Carpenter
- Re: [spring] All IPv6 fields are now mutable (Re:… Brian E Carpenter
- Re: [spring] Question from SPRING regarding draft… Nick Hilliard
- Re: [spring] All IPv6 fields are now mutable (Re:… Tom Herbert
- Re: [spring] Question from SPRING regarding draft… Darren Dukes (ddukes)
- Re: [spring] Question from SPRING regarding draft… Brian E Carpenter
- Re: [spring] All IPv6 fields are now mutable (Re:… Brian E Carpenter
- Re: [spring] Question from SPRING regarding draft… otroan
- Re: [spring] Typo correction Re: Question from SP… Ted Hardie
- Re: [spring] Typo correction Re: Question from SP… Brian E Carpenter
- Re: [spring] Typo correction Re: Question from SP… Brian E Carpenter
- Re: [spring] Typo correction Re: Question from SP… Mark Smith
- [spring] Administrative interfaces (was draft-fil… Ted Hardie
- Re: [spring] Administrative interfaces (was draft… Robert Raszuk
- Re: [spring] Typo correction Re: Question from SP… Tom Herbert
- Re: [spring] Typo correction Re: Question from SP… Brian E Carpenter
- Re: [spring] Typo correction Re: Question from SP… Greg Mirsky
- Re: [spring] Typo correction Re: Question from SP… Brian E Carpenter
- Re: [spring] Question from SPRING regarding draft… Nick Hilliard
- Re: [spring] Typo correction Re: Question from SP… Darren Dukes (ddukes)
- Re: [spring] Typo correction Re: Question from SP… Gyan Mishra
- Re: [spring] Typo correction Re: Question from SP… Gyan Mishra
- Re: [spring] Typo correction Re: Question from SP… Chengli (Cheng Li)
- Re: [spring] Typo correction Re: Question from SP… Darren Dukes (ddukes)
- Re: [spring] Question from SPRING regarding draft… Erik Kline
- Re: [spring] Typo correction Re: Question from SP… Gyan Mishra
- Re: [spring] Typo correction Re: Question from SP… Greg Mirsky
- Re: [spring] Typo correction Re: Question from SP… Darren Dukes (ddukes)
- Re: [spring] Typo correction Re: Question from SP… Erik Kline
- Re: [spring] Typo correction Re: Question from SP… Erik Kline