Re: [spring] How SRm6 supports SFC/Segment Endpoint option?
"Chengli (Cheng Li)" <c.l@huawei.com> Tue, 26 May 2020 14:05 UTC
Return-Path: <c.l@huawei.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D95F3A0F53; Tue, 26 May 2020 07:05:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dqhgShsBTIRD; Tue, 26 May 2020 07:05:15 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97C143A0C41; Tue, 26 May 2020 07:05:14 -0700 (PDT)
Received: from lhreml740-chm.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 4F977E8F53095493C1CC; Tue, 26 May 2020 15:05:13 +0100 (IST)
Received: from lhreml740-chm.china.huawei.com (10.201.108.190) by lhreml740-chm.china.huawei.com (10.201.108.190) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Tue, 26 May 2020 15:05:13 +0100
Received: from DGGEML424-HUB.china.huawei.com (10.1.199.41) by lhreml740-chm.china.huawei.com (10.201.108.190) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.1.1913.5 via Frontend Transport; Tue, 26 May 2020 15:05:12 +0100
Received: from DGGEML529-MBX.china.huawei.com ([169.254.6.79]) by dggeml424-hub.china.huawei.com ([10.1.199.41]) with mapi id 14.03.0487.000; Tue, 26 May 2020 22:05:06 +0800
From: "Chengli (Cheng Li)" <c.l@huawei.com>
To: Ron Bonica <rbonica@juniper.net>, Tom Herbert <tom@herbertland.com>, Brian E Carpenter <brian.e.carpenter@gmail.com>
CC: "spring@ietf.org" <spring@ietf.org>, 6man <6man@ietf.org>
Thread-Topic: [spring] How SRm6 supports SFC/Segment Endpoint option?
Thread-Index: AdYzZSJ0Hc5aC56EQlOsNXN63tr2DQ==
Date: Tue, 26 May 2020 14:05:04 +0000
Message-ID: <C7C2E1C43D652C4E9E49FE7517C236CB02A4F296@dggeml529-mbx.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.108.203.229]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/ULaz5eW0kyJNmB36UAzi5LLAE5Y>
Subject: Re: [spring] How SRm6 supports SFC/Segment Endpoint option?
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 May 2020 14:05:24 -0000
Hi Ron,
Thanks for your reply. I think I asked a wrong question, so I change the title to be "How SRm6 supports SFC/Segment Endpoint option?"
In Segment endpoint option draft[1], you define PSSI for supporting limited Service Chain.
PSSI: Per-Segment Service Instructions, the text is shown below.
"
SRm6 paths are programmable. They support several instruction types,
including Per-Segment Service Instructions (PSSI). The following are
examples of PSSIs:
o Expose a packet to a firewall policy.
o Expose a packet to a sampling policy.
"
I am curious about how can we use PSSI to support Limited Service Chain. As per [1],
"
PSSI Identifiers identify PSSIs. They have domain-wide significance.
When a controller creates a limited service chain, also allocates a
PSSI Identifier. It then distributes the following information to
each node that contributes to the limited service chain:
o The PSSI Identifier.
o The PSSI that the node should execute when it receives a packet
that has the PSSI Identifier encoded within it.
"
Q1: How to distribute the PSSI to the nodes on the Service Chain?
Q2: It seems like we have only one PSSI ID for a Service Chain, how to support different behaviors at different nodes? By local configuring the PSSI mapping to a specific behavior at node?
You know, I focus on SFC, and my customers want us to provide SFC. I can not provide only CRH to them, we need an integrated solution of SFC.
So it will be much better to know how to support SFC by using CRH and PSSI, it will help me and others to evaluate the CRH and SRm6 better.
Thanks,
Cheng
[1]. https://tools.ietf.org/html/draft-bonica-6man-seg-end-opt-07#section-3
-----Original Message-----
From: Ron Bonica [mailto:rbonica@juniper.net]
Sent: Monday, May 25, 2020 12:29 PM
To: Chengli (Cheng Li) <c.l@huawei.com>; Tom Herbert <tom@herbertland.com>; Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: spring@ietf.org; 6man <6man@ietf.org>
Subject: RE: [spring] How CRH support SFC/Segment Endpoint option?
Cheng,
The CRH doesn't attempt the address SFC. That is beyond the scope or a routing header.
Ron
Juniper Business Use Only
-----Original Message-----
From: Chengli (Cheng Li) <c.l@huawei.com>
Sent: Sunday, May 24, 2020 11:44 PM
To: Ron Bonica <rbonica@juniper.net>; Tom Herbert <tom@herbertland.com>; Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: spring@ietf.org; 6man <6man@ietf.org>
Subject: RE: [spring] How CRH support SFC/Segment Endpoint option?
[External Email. Be cautious of content]
Hi Ron,
Thank you to share the facts of RFC8200.
Could you please explain how CRH supports SFC by the first Destination Options header as you mentioned in you previous email?
Or how to support performing a specific behavior at a specify node along the path by using CRH?
You know, when we add an option in the first DOH, it will be processed by all the nodes listed in the RH.
Best Regards,
Cheng
-----Original Message-----
From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Ron Bonica
Sent: Monday, May 25, 2020 11:09 AM
To: Tom Herbert <tom@herbertland.com>; Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: spring@ietf.org; 6man <6man@ietf.org>
Subject: RE: [spring] How CRH support SFC/Segment Endpoint option?
Folks,
I think that we are all talking past one another. RFC 8200 recommends specific ordering of extension headers for a reason.
IPv6 extension header are ordered as follows:
- Headers processed at every node along the delivery path
- Hop-by-hop
- Headers processed at every segment endpoint
- Destination options
- Routing header
- Headers processed at the ultimate destination only
- Fragment header
- Authentication header
- ESP header
- Destination Options header
Note that the Destination Options header is the only extension header that can appear twice in a packet. The Destination Options header must immediately precede the Routing header or the upper-0layer header.
If a packet contains a destination options header, a routing header, a fragment header, and another destination options header:
- the destination options header that precedes the routing header appears in each fragment
- the destination options header that precedes the routing header Is processed on each segment endpoint, before the packet is reassembled
- the destination options header that precedes the upper layer header appears in the first fragment only
- the destination options header that precedes the upper layer header Is processed on the ultimate destination node, after the packet has been reassembled
ROn
Juniper Business Use Only
-----Original Message-----
From: Tom Herbert <tom@herbertland.com>
Sent: Sunday, May 24, 2020 7:56 PM
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: Robert Raszuk <robert@raszuk.net>; Ron Bonica <rbonica@juniper.net>; spring@ietf.org; 6man <6man@ietf.org>
Subject: Re: [spring] How CRH support SFC/Segment Endpoint option?
[External Email. Be cautious of content]
On Sun, May 24, 2020 at 2:51 PM Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>
> On 25-May-20 09:08, Tom Herbert wrote:
> > On Sun, May 24, 2020 at 3:23 AM Robert Raszuk <robert@raszuk.net> wrote:
> >>
> >> Hi Ron,
> >>
> >> I have one small question on the Destination Option Header you keep referencing to carry for example VPN demux instructions.
> >>
> >> As DOH follows Fragment Header it is indeed inspected before CRH.
> >>
> >> So please kindly clarify what is there in the IPv6 packet header which would stop each segment endpoint (during the transit over SR anchors) which destination is obviously in DA of the arriving packet not to inspect DOH and not trying to execute it ?
> >>
> >> If you could please also provide reference to RFC8200 defining it.
> >>
> > Robert,
> >
> > Look at Destination Options before the routing header in RFC8200.
> > These are intended to be processed at every intermediate destination
> > in the routing header
>
> That intention is not specified in the text, and IMHO cannot be deduced from the text. Hence my comment on draft-bonica-6man-ext-hdr-update.
>
Brian,
I think it can be deduced. Extension headers need to be processed in order, so destination options before the routing header must be processed before the routing header. If the destination options before the routing were only to be processed at the final destination, then we would need to process the routing header before processing the destination options in order to determine if the destination address is indeed the final destination. More practically, if destination options were only to be processed at the final destination then it doesn't seem like there would be any material between destination options before and those after the routing header (or maybe there was some other intent to have two flavors of destination options?)..
I agree that the text could be clarified, It seems like another case of potential ambiguity in RFC8200 among the terms destination, destination address, final destination, an intermediate destination.
https://urldefense.com/v3/__https://tools.ietf.org/html/draft-herbert-ipv6-update-dest-ops-00__;!!NEt6yMaO-gk!XLLXuigXPE8uDwP4SF5HfRZ1NBlH1w24-GVBjHk_rvCmqCueDLaELLoTDx-wnEK6$ was an attempt to calirfy this, at least to clarify the significance of a modifiable destination option (before the routing header).
Tom
> Brian
>
> > and precede any fragment header.
> >
> > Tom
> >
> >> Keep in mind that in number of networks P routers are also PE routers so executing DOH even if CRH still contains many hops to go may result in very unexpected behaviours. I am sure you recall that L3VPN labels are locally significant and there is no mechanism in place to assure uniqueness of VPN demux values across PEs..
> >>
> >> Why is this important here - because CRH by design is decoupled from any functions or network application handling.
> >>
> >> Many thx,
> >> Robert.
> >>
> >>
> >> On Sun, May 24, 2020 at 3:24 AM Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org> wrote:
> >>>
> >>> Cheng,
> >>>
> >>>
> >>>
> >>> The CRH is a building block. It has exactly one function. That is, to steer a packet along its delivery path.
> >>>
> >>>
> >>>
> >>> The CRH does not attempt to deliver parameters or metadata to service function instances. It relies on other mechanisms. One possibility is a destination options header that precedes the CRH. I am sure that there are other mechanisms. CRH should be compatible with all of them.
> >>>
> >>>
> >>>
> >>> Personally, I am not an NSH expert. Maybe someone who is can speak up...
> >>>
> >>>
> >>>
> >>>
> >>> Ron
> >>
> >> -------------------------------------------------------------------
> >> - IETF IPv6 working group mailing list ipv6@ietf.org Administrative
> >> Requests:
> >> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/i
> >> pv6__;!!NEt6yMaO-gk!XLLXuigXPE8uDwP4SF5HfRZ1NBlH1w24-GVBjHk_rvCmqCu
> >> eDLaELLoTD0hgsR60$
> >> -------------------------------------------------------------------
> >> -
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list ipv6@ietf.org Administrative
> > Requests:
> > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/ip
> > v6__;!!NEt6yMaO-gk!XLLXuigXPE8uDwP4SF5HfRZ1NBlH1w24-GVBjHk_rvCmqCueD
> > LaELLoTD0hgsR60$
> > --------------------------------------------------------------------
> >
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/ipv6__;!!NEt6yMaO-gk!XdMQFD54OnmS_ELU3qQMHcVZZnhEpDqi6DlUjZBbErP9_6b9aReoEWXxfz3ztST_$
--------------------------------------------------------------------
- Re: [spring] How SRm6 supports SFC/Segment Endpoi… Chengli (Cheng Li)