IETF Logo Mail Archive

Re: [spring] A note on CRH and on going testing

"Chengli (Cheng Li)" <chengli13@huawei.com> Sun, 22 September 2019 04:01 UTC

Return-Path: <chengli13@huawei.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73E0C120125 for <spring@ietfa.amsl.com>; Sat, 21 Sep 2019 21:01:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.099
X-Spam-Level:
X-Spam-Status: No, score=-4.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iTn0tMnublDo for <spring@ietfa.amsl.com>; Sat, 21 Sep 2019 21:01:06 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3141120059 for <spring@ietf.org>; Sat, 21 Sep 2019 21:01:05 -0700 (PDT)
Received: from LHREML713-CAH.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id A7C9E846AAA2926BEE68; Sun, 22 Sep 2019 05:01:03 +0100 (IST)
Received: from lhreml707-chm.china.huawei.com (10.201.108.56) by LHREML713-CAH.china.huawei.com (10.201.108.36) with Microsoft SMTP Server (TLS) id 14.3.408.0; Sun, 22 Sep 2019 05:01:03 +0100
Received: from lhreml707-chm.china.huawei.com (10.201.108.56) by lhreml707-chm.china.huawei.com (10.201.108.56) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Sun, 22 Sep 2019 05:01:03 +0100
Received: from DGGEML402-HUB.china.huawei.com (10.3.17.38) by lhreml707-chm.china.huawei.com (10.201.108.56) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1713.5 via Frontend Transport; Sun, 22 Sep 2019 05:01:02 +0100
Received: from DGGEML529-MBX.china.huawei.com ([169.254.6.245]) by DGGEML402-HUB.china.huawei.com ([fe80::fca6:7568:4ee3:c776%31]) with mapi id 14.03.0439.000; Sun, 22 Sep 2019 12:00:54 +0800
From: "Chengli (Cheng Li)" <chengli13@huawei.com>
To: Ron Bonica <rbonica@juniper.net>, Jeff Tantsura <jefftant.ietf@gmail.com>
CC: SING Team <s.i.n.g.team.0810@gmail.com>, "EXT - daniel.bernier" <daniel.bernier@bell.ca>, SPRING WG List <spring@ietf.org>
Thread-Topic: [spring] A note on CRH and on going testing
Thread-Index: AQHVcPpUFOJR3Bh3YUKv1CbJRl7wjQ==
Date: Sun, 22 Sep 2019 04:00:54 +0000
Message-ID: <C7C2E1C43D652C4E9E49FE7517C236CB026F2404@dggeml529-mbx.china.huawei.com>
References: <1568906072231.1bkuswxveutxvlrzmmzkgs2g@android.mail.163.com> <20625BDC-2D90-4E35-96E3-2BC4B723C06E@bell.ca> <C7C2E1C43D652C4E9E49FE7517C236CB026DDDBE@dggeml529-mbx.china.huawei.com> <FC493433-BCDD-4080-9400-61481E7ADEF8@gmail.com> <BYAPR05MB546372D1E0559F75D7DA5F61AE880@BYAPR05MB5463.namprd05.prod.outlook.com> <e0776cf0-fbf9-4b13-9aed-54d82c9ee16e@Spark>, <BYAPR05MB54638B3496626552613269A1AE8B0@BYAPR05MB5463.namprd05.prod.outlook.com>
In-Reply-To: <BYAPR05MB54638B3496626552613269A1AE8B0@BYAPR05MB5463.namprd05.prod.outlook.com>
Accept-Language: zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative; boundary="_000_C7C2E1C43D652C4E9E49FE7517C236CB026F2404dggeml529mbxchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/UvF_BJUFmwuDPkMntu5u1TwVveo>
Subject: Re: [spring] A note on CRH and on going testing
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Sep 2019 04:01:10 -0000

Hi Ron,

Good to hear that. Looking forward to seeing it in the next revision.

But I am curious that is a bind SID in CRH an interface IPv6 address only without any other semantics? Just like the other SIDs you mentioned in CRH.

If not, this binding SID should not be introduced in to CRH since it pollutes the architecture.

If yes, what’s the standard for an Interface IPv6 address?

Thanks for confirming that BSID is needed in CRH. I totally agree with you.

Best regards,
Cheng




________________________________
李呈 Cheng Li
Email: chengli13@huawei.com<mailto:chengli13@huawei.com>



From: Ron Bonica<rbonica@juniper.net<mailto:rbonica@juniper.net>>
To: Jeff Tantsura<jefftant.ietf@gmail.com<mailto:jefftant.ietf@gmail.com>>;Chengli (Cheng Li)<chengli13@huawei.com<mailto:chengli13@huawei.com>>
Cc: SING Team<s.i.n.g.team.0810@gmail.com<mailto:s.i.n.g.team.0810@gmail.com>>;EXT - daniel.bernier<daniel.bernier@bell.ca<mailto:daniel.bernier@bell.ca>>;SPRING WG List<spring@ietf.org<mailto:spring@ietf.org>>
Subject: RE: [spring] A note on CRH and on going testing
Time: 2019-09-22 04:37:17

Jeff,

After an off-line conversation with the SRv6+ implementors, we decided that it would be trivial to add a binding SID to SRv6+. So, we will do that in the next version of the draft.

In keeping with RFC 8200, it will prepend only. Since the CRH is short, insertion is not needed.

                                                                                                       Ron




Juniper Business Use Only
From: Jeff Tantsura <jefftant.ietf@gmail.com>
Sent: Saturday, September 21, 2019 4:32 PM
To: Chengli (Cheng Li) <chengli13@huawei.com>; Ron Bonica <rbonica@juniper.net>
Cc: SING Team <s.i.n.g.team.0810@gmail.com>; EXT - daniel.bernier@bell.ca <daniel.bernier@bell.ca>; SPRING WG List <spring@ietf.org>
Subject: RE: [spring] A note on CRH and on going testing

Hi Ron,

Thanks for your comments, exactly, BSID MPLS label = CRH value :)

Cheers,
Jeff
On Sep 20, 2019, 11:09 AM -0700, Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>, wrote:
Hi Jeff,

It would be easy enough to add a binding SID to SRv6+. Given customer demand, I would not be averse to adding one.

However, there is another way to get exactly the same behavior on the forwarding plane without adding a new SID type.

Assume that on Node N, we have the following SFIB entry:


  *   SID: 123
  *   IPv6 address: 2001:db8::1
  *   SID type: prefix SID

Now assume that was also have the following route on Node N:

2001:db8::1 -> SRv6+ tunnel with specified destination address and CRH

This gives you the same forwarding behavior as a binding SID.

                                                           Ron




Juniper Business Use Only
From: spring <spring-bounces@ietf.org<mailto:spring-bounces@ietf.org>> On Behalf Of Jeff Tantsura
Sent: Thursday, September 19, 2019 10:53 PM
To: Chengli (Cheng Li) <chengli13@huawei.com<mailto:chengli13@huawei.com>>
Cc: SING Team <s.i.n.g.team.0810@gmail.com<mailto:s.i.n.g.team.0810@gmail.com>>; EXT - daniel.bernier@bell.ca<mailto:daniel.bernier@bell.ca> <daniel.bernier@bell.ca<mailto:daniel.bernier@bell.ca>>; SPRING WG List <spring@ietf.org<mailto:spring@ietf.org>>
Subject: Re: [spring] A note on CRH and on going testing

There’s number of solutions on the market that extensively use BSID for multi-domain as well as multi-layer signaling.

Regards,
Jeff

On Sep 19, 2019, at 19:49, Chengli (Cheng Li) <chengli13@huawei.com<mailto:chengli13@huawei.com>> wrote:
+1.

As I mentioned before, Binding SID is not only for shortening SID list.
We should see the important part of binding SID in inter-domain routing,  since it hides the details of intra-domain. Security and Privacy are always important.

Since the EH insertion related text will be removed from SRv6 NP draft, I don’t think anyone will still say we don’t need binding SID.
Let’s be honest, Encap mode Binding SID is very useful in inter-domain routing. It is not secure to share internal info outside a trusted network domain.

Cheng


From: spring [mailto:spring-bounces@ietf.org] On Behalf Of Bernier, Daniel
Sent: Thursday, September 19, 2019 11:36 PM
To: SING Team <s.i.n.g.team.0810@gmail.com<mailto:s.i.n.g.team.0810@gmail.com>>
Cc: 'SPRING WG List' <spring@ietf.org<mailto:spring@ietf.org>>
Subject: Re: [spring] A note on CRH and on going testing

+1

This is what we did on our multi-cloud trials.

Encap with Binding SID to avoid inter-domain mapping + I don’t need to have some sort of inter-domain alignment of PSSIs

Dan

On 2019-09-19, 11:18 AM, "spring on behalf of SING Team" <spring-bounces@ietf.org<mailto:spring-bounces@ietf.org> on behalf of s.i.n.g.team.0810@gmail.com<mailto:s.i.n.g.team.0810@gmail.com>> wrote:

Hi Andrew,

Good to hear that reality experiment :)

But is it secure to share internal SID-IP mappings outside a trusted network domain?

Or is there an analogue like Binding SID of SRv6, in SRv6+?

Btw, PSSI and PPSI can not do that now, right?

Best regards,
Moonlight Thoughts


(mail failure, try to cc to spring again.)

On 09/19/2019 17:49, Andrew Alston<mailto:Andrew.Alston@liquidtelecom.com> wrote:
Hi Guys,

I thought this may be of interest in light of discussions around deployments and running code - because one of the things we've been testing is inter-domain traffic steering with CRH on both our DPDK implementation and another implementation.

So - the setup we used last night:

6 systems in a lab - one of which linked to the open internet.  Call these S1 -> S6
3 systems in a lab on the other side of the world - no peering between the networks in question.  Call these R1 -> R3

We applied a SID list on S1, that steered S1 -> S2 -> S3 -> S6 -> R1 -> R3, with the relevant mappings from the CRH SID's to the underlying addressing (S2 had a mapping for the SID for S3, S3 had a mapping for the SID corresponding to S6, S6 had a mapping for the SID corresponding to R1 etc)

Then we sent some packets - and the test was entirely successful.

What this effectively means is that if two providers agree to share the SID mappings - it is possible to steer across one network, out over an open path, and across a remote network.  Obviously this relies on the fact that EH's aren't being dropped by intermediate providers, but this isn't something we're seeing.

Combine this with the BGP signaling draft - and the SID's can then be signaled between the providers - work still going on with regards to this for testing purposes.  Just as a note - there would be no requirement to share the full SID mapping or topologies when doing this with BGP - the requirement would be only to share the relevant SID's necessary for the steering.

I can say from our side - with various other providers - this is something that we see *immense* use case for - for a whole host of reasons.

Thanks

Andrew


_______________________________________________
spring mailing list
spring@ietf..org<mailto:spring@ietf.org>
https://www.ietf.org/mailman/listinfo/Spring<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/Spring__;!8WoA6RjC81c!U4_s7somKP_KyQ3viBMIcXpk_pTMYlY11nTHMB2b-JTdTLKi9mnrF1wu_DoXwIdf$>
_______________________________________________
spring mailing list
spring@ietf.org<mailto:spring@ietf.org>
https://www.ietf.org/mailman/listinfo/spring<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spring__;!8WoA6RjC81c!U4_s7somKP_KyQ3viBMIcXpk_pTMYlY11nTHMB2b-JTdTLKi9mnrF1wu_Ll7ej5P$>

v2.23.0 | Report a Bug | By Email