IETF Logo Mail Archive

Re: [spring] draft-ietf-spring-srv6-srh-compression

Ron Bonica <rbonica@juniper.net> Wed, 07 February 2024 01:44 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A7C1C14F6B6 for <spring@ietfa.amsl.com>; Tue, 6 Feb 2024 17:44:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b="e6tI0tbO"; dkim=pass (1024-bit key) header.d=juniper.net header.b="V7IZcfYe"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YqQYVbtgbgy2 for <spring@ietfa.amsl.com>; Tue, 6 Feb 2024 17:44:17 -0800 (PST)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AA28C14F6A3 for <spring@ietf.org>; Tue, 6 Feb 2024 17:44:17 -0800 (PST)
Received: from pps.filterd (m0108162.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 4170TPlh005901; Tue, 6 Feb 2024 17:44:15 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=PPS1017; bh=OcGBh/j5amQjpdzcaZnF9p L+EZNpqxWCVXyXftMks6M=; b=e6tI0tbO00xTd2dWpQfvly9VvsWu3DEzwsbhIV FS7Jz8yGhubvBEIGV1GJ9MppoeYaP9Z9xv4iqjsF5+43l1gSIisZiqRpH+0aHS9i UT8VYfdyt2V2AxH4YpZQs+qriJVVbWqoRuw4ZwemWGGUQnCPEv9bhHMnYQkrtNq/ p2Hx/rIHJdUmBAXAaXXZhiSYGFk+pDmrldgJw9jG4VbBfQ8ubncxXe+3ChE1qX+y Ifthls5kBaQVZW37aQPcRs7ZmgHk7kjtKY2EVMDxW7TrEMPKvayN/heV6WJqY/TU qIYR4C2XhRM1UERgfjD3A3+9W8iX/rtPNKVMnM4Tm6KDBt0A==
Received: from bn1pr04cu002.outbound.protection.outlook.com (mail-eastus2azlp17012016.outbound.protection.outlook.com [40.93.12.16]) by mx0b-00273201.pphosted.com (PPS) with ESMTPS id 3w3028fdgd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 06 Feb 2024 17:44:15 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=REcQa1mwoOqjcP22GMiVUPk2Eywc6YU4xV5Qc+n2BRBZvV9dfS7R1HlzFYLmHk5sdlQAfvjpVy7XiJ4jqYDoS+VK8iy5nWnudtjZF+a4haIbf1ubhxSU8ksgW9fAcbyVL/sWw2pCX3LJuIhwW+EbKOAZFSCAN3xrzo79w5bvQ1U0HGGSU0GqCxb+ayHGfVOCywxJSltgJlg/9AW/3au8aodj/JpJ1FLb2RkDqF6T821nhbfYf3K86HzqlwdO2FmJX7BHt9mjXqUl1FCbPIg2DtyDV0arV9zeyOBVMI/ytIDHtWk7NiyuMH2RuknDjmVJF35m7pD1zRRfY/ZMvrdweA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OcGBh/j5amQjpdzcaZnF9pL+EZNpqxWCVXyXftMks6M=; b=TWl9qKATqEfehABTZUouelfaB51IwcdZvi1ruwzeoGH9es/FTT8x/eMnoGVlfPJmJh6vkyU9DWdARNkJQkH07Ge+nmXLZe42PiGnrCFGoBYj6Gkxr0R3C78PIRd2n6SeiPAOrjeuiOI9IR4G/juuFb6ctWzqG8Dgue6swOWRcpRrk9eFOAPAAv1yJBqTQHKjv1Uocq8Q/NGw8AroiVPCAmjAsPwFOR6UlvaUAOBRexDd3KLWopJq1XZEN0a+nqZFRoDsqo/HjH6+PPO24myD3K5oQhVVOViqlaoha0uuDo0C+VfP4rTvFIhUk/LVQjwWHpP08Ka/stYH5CZaYLCkiw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OcGBh/j5amQjpdzcaZnF9pL+EZNpqxWCVXyXftMks6M=; b=V7IZcfYeTP/6Xkf0Ruq+yrXFZ7QGOHrD1SuTcn21xtyqEkkFtTZtUykyYZMfJEhF6Nw9XDyESAMJIf1MtdPbDf2hQ4T0o/S75FlvWWy+IUjj8lU79rnWlNB1NXd1QAD8vc+pWx4kkV57oo7rdZ1DF6pYKGebSsndQno5lBryhEw=
Received: from BL0PR05MB5316.namprd05.prod.outlook.com (2603:10b6:208:2f::25) by PH0PR05MB8270.namprd05.prod.outlook.com (2603:10b6:510:a7::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.36; Wed, 7 Feb 2024 01:44:11 +0000
Received: from BL0PR05MB5316.namprd05.prod.outlook.com ([fe80::ea96:ac1:f1bd:c2d7]) by BL0PR05MB5316.namprd05.prod.outlook.com ([fe80::ea96:ac1:f1bd:c2d7%4]) with mapi id 15.20.7249.035; Wed, 7 Feb 2024 01:44:11 +0000
From: Ron Bonica <rbonica@juniper.net>
To: Tal Mizrahi <tal.mizrahi.phd@gmail.com>, Andrew Alston - IETF <andrew-ietf=40liquid.tech@dmarc.ietf.org>
CC: Antoine FRESSANCOURT <antoine.fressancourt=40huawei.com@dmarc.ietf.org>, Robert Raszuk <robert@raszuk.net>, "spring@ietf.org" <spring@ietf.org>
Thread-Topic: [spring] draft-ietf-spring-srv6-srh-compression
Thread-Index: AQHaWBqGpqhd9gNhPE+Rt6XBQAHESbD76ObTgAAEN4CAADaP2YAA5JOggAAQXlqAAE3SAIAAtfns
Date: Wed, 07 Feb 2024 01:44:11 +0000
Message-ID: <BL0PR05MB5316861600A028619034FD14AE452@BL0PR05MB5316.namprd05.prod.outlook.com>
References: <DU2PR03MB8021764E2F17F0D527E3FA3CFA472@DU2PR03MB8021.eurprd03.prod.outlook.com> <BL0PR05MB53163A098023244520ADCEEBAE472@BL0PR05MB5316.namprd05.prod.outlook.com> <CAOj+MMEc1R8fZZwgOEF2-mK8S0+PE+zBR3Yz9vwXBh-umQPAjQ@mail.gmail.com> <DU2PR03MB8021CE3063F9E5B59B9A142FFA472@DU2PR03MB8021.eurprd03.prod.outlook.com> <6d32265d55cb4533b7da5d2d25e7c8d4@huawei.com> <DU2PR03MB8021F2F2194249158DE985B9FA462@DU2PR03MB8021.eurprd03.prod.outlook.com> <CABUE3X=LcM3cbaZZqE2KCyHYmd7uwfmhwfKE8gGj7J+MXOjQPA@mail.gmail.com>
In-Reply-To: <CABUE3X=LcM3cbaZZqE2KCyHYmd7uwfmhwfKE8gGj7J+MXOjQPA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=True; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2024-02-07T01:43:55.413Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=Juniper Business Use Only; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=0; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BL0PR05MB5316:EE_|PH0PR05MB8270:EE_
x-ms-office365-filtering-correlation-id: 33a95547-41ef-4288-3fd7-08dc277e4883
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: T46CiSKwEinNEHuBcAcuPYdjCDPZ3vbvimzijI0R1EI9o7Un13M7LXf4rTQPaP5sx175uNTtFvKMmNWXjTrHHX/BGs5au4ip5s4TbkUXBTH6xhVaEhPAyFT/VjIMdAsP81wRpqIwD2u+S+9dHCI1NZH391woXin4xBQ8bUiKvl/Z/Z8vwBtlbBXQOn3ILikCCuJimSqWJiuIsIqOyar1e+8W2HBvmksimRpe6hLM6bdr6+YvA2Eag26i9aQC2s2ZRDIQZpXegiubaPlpDJ7rLM7YFYkzo6EfFH3WnMn/0zthh8T9x0M4ubm0ab57w90jDF9LbWHLfE3NGZuRNCmBtSnlWDhXZHEkxncawx1SHhBVKckycpcVN/KIl8avXx1O4qgG7KYicVICQDfTWOWoFRJe3zLeEsN63NuaVbnmjNvkT2Hmyp2H6nBlP+GoSefiRCco4fTdsMbmAz47UHORq46x9C9tjRy0yfEgIcnS6j/kCxdmF1z6V7SLSLHgMIay5+zhrcEppX93FEQ6fFI4p+ZxcNz1yC400iXwmnJMg9mqIUTRBwb87N1LzEhDUersdvfeoEoFhbGnKSj2QdtSJP04B1wreowa2T29E5PI9JQ=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR05MB5316.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366004)(39860400002)(346002)(396003)(136003)(376002)(230273577357003)(230922051799003)(451199024)(1800799012)(64100799003)(186009)(122000001)(38100700002)(83380400001)(55016003)(19627405001)(2906002)(166002)(41300700001)(66899024)(52536014)(6506007)(8676002)(26005)(91956017)(316002)(66946007)(54906003)(64756008)(66556008)(110136005)(66446008)(66476007)(76116006)(38070700009)(86362001)(4326008)(8936002)(7696005)(966005)(33656002)(9686003)(66574015)(71200400001)(5660300002)(53546011)(478600001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: /Z61lPvuklSgcw10MuTodiOiu2A7+/FtuGHjzXM3wD6RccdZr/lMr8nMxpih8I0DOseWNji+b8QilXepAZtlcOjTVifaS/wwuBlvZRdLkDfM3QBEzRgnYQqR+dPXtLJ89K5yCHwoDuYc7Fj97s/QfGPbJXLIFnHpbmS84mR51URoLf6cFRnblOVsDVOFRdLBAGV6EnxqkY5afV8d5ZC0t0WkiNZ7JzURnQXQgXKOyWasclgzZOgNB1sRHTkGuStsQkyB+hoSzaASfCKIBPQAZ0XViCjMqW3HMmo6V1EORAaAwhMX2Un52xlvYS0lpkUw5EE+PjKsJqMQfm6LkiUnII/aPIJJ0cLBGR2V1JifVJUE8akC1kiTw26y/40Y6Wf3PYkbQ2a/VHKYEBYnyanfs18s+VlCpmfLY1w+QS09UfsQaKtI2JMcml921Go58Bjt/aKvD/HpfQsNt2v6Q0pEVX9GT7nBM+uKCYphNN759ATPu9WkyFgwy4kGwTQpSR937vmgl5RQ4rL5sV0WZiKm1jfJILmVe6CfCJhZkajlYiZspKIkUhOWf8pwFCdT8+3lVe6gE47YJqJtFIKd8W3ByYDP566dZ6xeZHbKcRpCHkOpq/PpOtuWfMFC6IFYCGlE9exmc+FdTBhQGiZPAI2B4TttGPrgjBoXMGQuROFtwGUNtd8DY+C0+Op/mGvC4vSBgaSi2/SaVT7Ms4QL97CkK/zi3D8Vr5JXWTPX2s4RE1R2S2eGSCV8hu72yYb/Y6Y3osGSkg0shGPvuCGezFrZZ52lh1VTnwc5SgiazzL4MHkwWz6wCc8378uEa0x5JWa8alwIJo6dydgyeVgMraVKM1GZnW0qLC4hFACnbhYljUkJ/3zF44tKcqKpASFq/0PoDLswIC59cj7+pbxT6pnsWOXpVFL/OF2J3sDceyibwIBfvmgEpsU40tHDiPLUiN8z8y7J0adS2s174Bncue7VODSUa9pWW/tSj89uDoLN0Vn13Rp7PCVEPuIi+TaNBjVm/KTD5Leepg/wzpQIba4EAluTYHdeIjapwAVpI7Z9TezkbS8K+jYUw4CEGUbsG+D2CcgouHM7vaai/new6FIyCs6rRHOX0w9TMNIVzv5BIc7YBAwCJFWK1zaSlrvEkuUxhpqU8LUyCx9P72j0KfGfYjAtP4OnWajeOIAR+2MIti0Afo/4uTG8d6wS9xm5uxTn0A/Ji386Rgxu5cDtC7WXzxhEcdh5z0X7iuWcXrZiZcuXVyz9nFt2BrQnkZCWbM/5SlA606428rbnFHyyCv5Vcg0R2zl1mkvvLseJ+GHmdgAz8Nrv59HHwlpjoaLmN11hynU5U6DayQ0RxQds5eCH8Ru+iFa/8rWRDLnJkch2PcBpYOHteEgmRLP6C56liPPbVt5U2Y7vXyGjpprBKE84fkpSakMpvFUjI2rO0fAxan4SpJOVSm0bgOq+CntEDzF33jUcLQ/Ssyw9NCjr/gIYHQk8uQVEaeeYOgVipBHfQHZ7z4ru9eHrHnBcU3j2TWVsbqQcnsoMnkeh29aFSxyPcM7WpZxzy4HSmztX4UZgV+0=
Content-Type: multipart/alternative; boundary="_000_BL0PR05MB5316861600A028619034FD14AE452BL0PR05MB5316namp_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR05MB5316.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 33a95547-41ef-4288-3fd7-08dc277e4883
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Feb 2024 01:44:11.5206 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 5SXExrXVh9GekBFcizakE0k1cugIQazuwMZf5YRN+RhHXRdOwz67NZQwQ+UJXD/c69x2DQGPs/Ey9Bbjb5/YIw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR05MB8270
X-Proofpoint-ORIG-GUID: -Vs0AFXYxdkw8FAIFotqGIP2DACotoB0
X-Proofpoint-GUID: -Vs0AFXYxdkw8FAIFotqGIP2DACotoB0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-02-06_16,2024-01-31_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 clxscore=1011 impostorscore=0 phishscore=0 mlxlogscore=999 suspectscore=0 mlxscore=0 lowpriorityscore=0 bulkscore=0 spamscore=0 malwarescore=0 priorityscore=1501 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401310000 definitions=main-2402070011
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/Uz9NUgSEEpqi6Dgoek18J_ykG6I>
Subject: Re: [spring] draft-ietf-spring-srv6-srh-compression
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2024 01:44:21 -0000

Folks,

Someone raised the same objection with regard to the CRH Draft<https://datatracker.ietf.org/doc/html/draft-ietf-6man-comp-rtg-hdr-03>. Since there iss no easy solution to the problem, the authors simply acknowledged the issue in Section 7<https://www.ietf.org/archive/id/draft-ietf-6man-comp-rtg-hdr-03.html#name-destination-address-transpa> of the draft. So, operators are warned. If you have middleboxes that verify L4 checksums, don't deploy this technology.

You might want to add a similar section in your draft.

                                                               Ron




Juniper Business Use Only

________________________________
From: Tal Mizrahi <tal.mizrahi.phd@gmail.com>
Sent: Tuesday, February 6, 2024 9:46 AM
To: Andrew Alston - IETF <andrew-ietf=40liquid.tech@dmarc.ietf.org>
Cc: Antoine FRESSANCOURT <antoine.fressancourt=40huawei.com@dmarc.ietf.org>; Robert Raszuk <robert@raszuk.net>; Ron Bonica <rbonica@juniper.net>; spring@ietf.org <spring@ietf.org>
Subject: Re: [spring] draft-ietf-spring-srv6-srh-compression

[External Email. Be cautious of content]


Dear Andrew,

A couple of questions regarding the middlebox use case.

1. I am curious to know whether there are existing middleboxes that
can verify the L4 checksum for packets with an SRH.
2. Can a middlebox verify the L4 checksum of a packet with an SRH *in
compliance with RFC 8200*?
  RFC 8200 defines the pseudo-header "At the originating node" and "at
the recipient(s)", but does not say anything about middleware. Is it
implicitly assumed that the middleware is an "originating node"?

Cheers,
Tal.

On Tue, Feb 6, 2024 at 12:16 PM Andrew Alston - IETF
<andrew-ietf=40liquid.tech@dmarc.ietf.org> wrote:
>
> I think it’s only fair to clarify my remarks – again – speaking entirely as a contributor.
>
>
>
> Let’s be clear – the middlware boxes will work in most cases – except when there is no SRH.
>
>
>
> The problem here is that if you apply a Micro-SID – which is imposed by originating system – and have no SRH – the DA of the packet is changing along the way – and the L4 checksum will be broken.  There is no way to actually calculate the correct L4 checksum in flight – and in reality the originating system will now need to impose a checksum that is invalid at the start for it to be correct at the end – breaking end to end check summing.  This is a problem.
>
>
>
> Let’s look at what 8200 says:
>
>
>
>       o  If the IPv6 packet contains a Routing header, the Destination
>
>          Address used in the pseudo-header is that of the final
>
>          destination.  At the originating node, that address will be in
>
>          the last element of the Routing header; at the recipient(s),
>
>          that address will be in the Destination Address field of the
>
>          IPv6 header.
>
>
>
> Now, in the case of no SRH – the DA address placed by the originating host – is *NOT* the final DA – because of the manipulation in the middle.
>
>
>
> The reality is that middleware boxes are (unfortunately) common – especially in this part of the world – they are used by state and other entities for DPI and traffic control etc – and they are used for IDS purposes etc – and breaking the L4 checksum in flight with no way for these boxes to calculate the correct checksum – will break existing deployments – that – is a problem and it needs to be addressed.  I would be quite fine if there was explicit text detailing this that was explicitly approved by 6man as the originators of 8200 (and a clear indication that this document updates 8200) – or alternatively a -BIS to 8200.  Either way – if you break the checksum – this needs explanatory text and it needs approval for 6man via a 6man Last call as far as I am concerned.
>
>
>
> Thanks
>
>
>
> Andrew
>
>
>
>
>
>
>
>
>
>
> Internal All Employees
>
> From: Antoine FRESSANCOURT <antoine.fressancourt=40huawei.com@dmarc.ietf.org>
> Date: Tuesday, 6 February 2024 at 12:16
> To: Andrew Alston - IETF <andrew-ietf@liquid.tech>, Robert Raszuk <robert@raszuk.net>, Ron Bonica <rbonica@juniper.net>
> Cc: spring@ietf.org <spring@ietf.org>
> Subject: RE: [spring] draft-ietf-spring-srv6-srh-compression
>
> Hello,
>
>
>
> I tend to agree with Andrew that the fact that the verification of a L4 checksum by a middlebox breaks is a problem. But I think this is a huge problem with the middleboxes, not with SRv6.
>
>
>
> According to me, reading RFC 8200 gives rather clear guidelines with regards to the computation of the L4 checksum. This checksum should be computed using the destination address seen by the destination verifying the checksum. As L4 protocols are end to end protocols, the checksum verifier is the end point destination of the packet, and not a middlebox on the path. If a middlebox breaks the communication by looking at fields it should not look at, then the problem is the intervention of the middlebox.
>
>
>
> Best,
>
>
>
> Antoine
>
>
>
>
>
> From: spring <spring-bounces@ietf.org> On Behalf Of Andrew Alston - IETF
> Sent: lundi 5 février 2024 20:32
> To: Robert Raszuk <robert@raszuk.net>; Ron Bonica <rbonica@juniper.net>
> Cc: spring@ietf.org
> Subject: Re: [spring] draft-ietf-spring-srv6-srh-compression
>
>
>
> I call breaking any middleware that does checksum validation a problem - and a big one
>
>
>
>
>
> Andrew Alston
>
>
>
> Internal All Employees
>
> ________________________________
>
> From: Robert Raszuk <robert@raszuk.net>
> Sent: Monday, February 5, 2024 7:16:23 PM
> To: Ron Bonica <rbonica@juniper.net>
> Cc: Andrew Alston - IETF <andrew-ietf@liquid.tech>; spring@ietf.org <spring@ietf.org>
> Subject: Re: [spring] draft-ietf-spring-srv6-srh-compression
>
>
>
> Hi Ron,
>
>
>
> Is there a problem ?
>
>
>
> If I read RFC8200 L4 checksum is computed by the packet originator and validated by the packet's ultimate receiver.
>
>
>
> In all SPRING work to the best of my knowledge the vast majority of packets are only encapsulated by transit nodes.
>
>
>
> Is there any formal mandate in any of the RFCs that an encapsulating node must mangle the inner packet's L4 checksum ? I don't think so but stand open to get my understanding corrected.
>
>
>
> Cheers,
>
> Robert
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Mon, Feb 5, 2024 at 5:04 PM Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org> wrote:
>
> Folks,
>
>
>
> Has anyone proposed a solution to the L4 checksum problem that Andrew talks about?
>
>
>
>                                           Ron
>
>
>
> Juniper Business Use Only
>
> ________________________________
>
> From: spring <spring-bounces@ietf.org> on behalf of Andrew Alston - IETF <andrew-ietf=40liquid.tech@dmarc.ietf.org>
> Sent: Monday, February 5, 2024 5:21 AM
> To: spring@ietf.org <spring@ietf.org>
> Subject: [spring] draft-ietf-spring-srv6-srh-compression
>
>
>
> [External Email. Be cautious of content]
>
>
>
> Hi All,
>
>
>
> (In capacity as a contributor and wearing no other hats)
>
>
>
> At this point I cannot support progression of this document until the issues around the L4 Checksum have been resolved.  It’s been clearly stated in other emails on the list that in certain circumstances the behavior described in this document break the L4 checksum as defined in RFC8200.  This requires an update to RFC8200 to fix it – and I’m not sure that spring can update 8200 absent the consent of 6man, which I’m not sure has been asked for, nor am I sure that a spring document can update something like 8200 in an area so fundamental as the checksum without a -BIS, which would have to be done via 6man.  The L4 checksum issue though is real – and it cannot simply be ignored.
>
>
>
> I also have deep concerns that the compression document creates something that (in a similar way to SRv6) creates something that is completely non-conformant with RFC4291.  There are multiple references to this in draft-6man-sids, and should draft-6man-sids become an RFC I would argue that it should probably be a normative reference in this document – on the logic that this document relies on similar RFC4291 violations that srv6 itself does (and for the record, just because SRv6 itself violates RFC4291 as is clearly documented in draft-6man-sids – does not make it acceptable to do so in yet another draft without clear and unambiguously stating the deviations and ideally updating RFC4291 to allow for said deviations)
>
>
>
> I believe these two issues alone are sufficient that to pass this document would create still further tensions about the relationship between SRv6 and IPv6 and lead to confusion.  As such – I believe these issues need to be adequately dealt with – and the solutions to them need to be approved by 6man as the working group that holds responsibility for ipv6 maintenance.
>
>
>
> Thanks
>
>
>
> Andrew Alston
>
>
>
>
>
>
>
> Internal All Employees
>
> _______________________________________________
> spring mailing list
> spring@ietf.org
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spring__;!!NEt6yMaO-gk!EP3H1Kg-F8iNFIm1BpYH1ioC5lNtcd6S3XisWWZon80eZtRk_HyIophSpxWJ3vs0xKMM5bzRHw06xBX92ckK4KYwdw$
>
> _______________________________________________
> spring mailing list
> spring@ietf.org
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spring__;!!NEt6yMaO-gk!EP3H1Kg-F8iNFIm1BpYH1ioC5lNtcd6S3XisWWZon80eZtRk_HyIophSpxWJ3vs0xKMM5bzRHw06xBX92ckK4KYwdw$

v2.23.0 | Report a Bug | By Email