IETF Logo Mail Archive

Re: [spring] RFC8200 update?

Mark Smith <markzzzsmith@gmail.com> Sat, 29 February 2020 01:13 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C42C3A086A; Fri, 28 Feb 2020 17:13:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.597
X-Spam-Level:
X-Spam-Status: No, score=-0.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xLPX3qPBPtNa; Fri, 28 Feb 2020 17:13:45 -0800 (PST)
Received: from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com [IPv6:2607:f8b0:4864:20::32c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EF143A0869; Fri, 28 Feb 2020 17:13:45 -0800 (PST)
Received: by mail-ot1-x32c.google.com with SMTP id w6so4406768otk.0; Fri, 28 Feb 2020 17:13:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DOYN7ch7ZxJ03gXhc+VMJ7l4tvlTjnKue3PpKtMHB1w=; b=USBJOPekVWngyr1W8392R6D1/uqbbQgsg4Tw/f3+bwrYVDTMTBysK7oSQ2GWLe+F9t 30X/AaiJVsirVqNhM/he8R7wnrxmGo9bt/n8Z4VVBcSE9BP9jVdzOuqMRPcX0QFRSre2 2mEphNfjzKw+10uFzun5yVrS8WXW3r54eoRV0McV5Q+O/eO+4Se+tAza8ZH6gpUnuf0s GKaU5li6pqmOw2WFc12Rd8rsbbQJCBR7quMSOMH+bikjiT2pP+f0hH+ZpLySjMzPIqhQ +gqnQhlfuz73vPLsu5hDCBjz3qqfqXeibcNh51n5pJD3ElR3/YSSWmsVPxYmq8T8ivBO cW9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DOYN7ch7ZxJ03gXhc+VMJ7l4tvlTjnKue3PpKtMHB1w=; b=VaygKYNqPUlG6Ziq8oLhbJFkSPPDNTpI6xjDFnitdfVWadYkE8YT5lI4PmW1XcYobH aKI9uKbHHjnMFbAciKKDPv2ySEGQUBizYpTg3B2QlRDFsPOdesXzPNAC2U6UdnC3peR/ vYs5P2o64aemoSbZu3elVUbUV/WuliKoBizcWZR8cnvLnSdv2JQ2DwAUM8nqWOlXdd+P CyapegqS/QvaR6v9d3UgU7x90vBsuQPBAhe0d1fVFbt/cz0i/heASZ5MRIoNB1e2HbCr cRlqiP/vyesH9WfG64EBrbiXIyd9wQvvDT8wMcBmFGSph+1UvnH/QJ4WMX7G1qQbBbLE onSA==
X-Gm-Message-State: APjAAAUG0KFM1hF4Q5oMjqSvi55ptbSord0/0naVMF1dkO4uOVn1LmFb F9vb8yZMea+bs9+9J7jutF5q+EM2VsnBsjTnZHk=
X-Google-Smtp-Source: APXvYqz2cCb0OuDbUX0mJBMvU9Ss7Z9MFgeBzJYSDccgaM3zlV4cfmU55ImSmvEBlPVv3wlyy4b9EaZ1gn9JX4Hd/qw=
X-Received: by 2002:a9d:65cb:: with SMTP id z11mr5041347oth.348.1582938824656; Fri, 28 Feb 2020 17:13:44 -0800 (PST)
MIME-Version: 1.0
References: <D20C2322-8420-416A-90C4-6A2401825FBD@steffann.nl> <DBBPR03MB5415E186A3F30AB1E62EC5E3EEE80@DBBPR03MB5415.eurprd03.prod.outlook.com> <199B7645-A2AC-4E1A-9E6E-7638A200BE80@steffann.nl> <c1e8bc28880d4ee3a631ac9b9c6799d3@nokia-sbell.com> <C5A467D6-F4CB-4EE8-9746-B8E3DE235CB5@steffann.nl> <DM6PR13MB3066B3C8F53A6CDC5D097DE1D2E80@DM6PR13MB3066.namprd13.prod.outlook.com> <CAOj+MMFCWDSnQhBOdfApoowNZi5S-b2CVTP0+fu8-Wj8-+ORag@mail.gmail.com> <CAHw9_iL0as1Ospinatm3kwfQPfKsKWwzn3r8H_KLiqZBgmgcqw@mail.gmail.com>
In-Reply-To: <CAHw9_iL0as1Ospinatm3kwfQPfKsKWwzn3r8H_KLiqZBgmgcqw@mail.gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Sat, 29 Feb 2020 12:13:18 +1100
Message-ID: <CAO42Z2z+k37d3z6=c=UrpRX64OC9fmsdCrWiFr-NiZb0GzU3wg@mail.gmail.com>
To: Warren Kumari <warren@kumari.net>
Cc: Robert Raszuk <robert@raszuk.net>, James Guichard <james.n.guichard@futurewei.com>, SPRING WG List <spring@ietf.org>, 6man WG <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005849aa059facaaa2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/XNjVK403TVClqd-rMwomPM8BtX4>
Subject: Re: [spring] RFC8200 update?
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Feb 2020 01:13:47 -0000

On Sat, 29 Feb 2020, 06:55 Warren Kumari, <warren@kumari.net> wrote:

> On Fri, Feb 28, 2020 at 9:02 AM Robert Raszuk <robert@raszuk.net> wrote:
> >
> > > interestingly enough MPLS took the same approach
> >
> > Well not really. As you know, MPLS unicast and multicast have a new
> ethertype.
>
> And this is a critical distinction -- Brian Carpenter's limited domain
> document (draft-carpenter-limited-domains) says:
> "Domain boundaries that are defined administratively (e.g. by address
> filtering rules in routers) are prone to leakage caused by human
> error, especially if the limited domain traffic appears otherwise
> normal to the boundary routers. In this case, the network operator
> needs to take active steps to protect the boundary. This form of
> leakage is much less likely if nodes must be explicitly configured to
> handle a given limited domain protocol, for example by installing a
> specific protocol handler."
>

Using IPv6 for SR is fundamentally using the wrong tool for the job.

IPv6 is an internetworking protocol used to network networks and to
internetwork all hosts attached to all of those networks.

The SR problem space is typically limited to local network or sub-network,
and usually only between network elements, rather than out to end hosts.

It does make sense to try to use a internetworking protocol to solve a
local sub-network problem when the internetworking protocol has become
commodity. The benefits of the cheapness of the commodity protocol should
outweigh the costs of the drawbacks and compromises that need to be made to
use it.

However, the moment customising the commodity to better suit the problem
starts is the moment the benefits of using the existing commodity start
being lost. Customise too much and all of the benefits of choosing a
commodity in the first place disappear.

That's why I fundamentally think changing IPv6 to suit SR should be avoided
as much as possible.

Compromising SR to suit and fit within existing IPv6 would retain the
benefits of using existing commodity IPv6. Customising IPv6 to suit SR
risks throwing the commodity benefits "baby out with the bathwater", with
the more radical the customising, the greater risk.

Regards,
Mark.
















>
>
> >
> > SRv6 folks were just too nice and thought to leverage 0x86DD. I think
> that was a mistake. I further think we should fix it.
> >
> > Cheers,
> > R.
> >
> > On Fri, Feb 28, 2020 at 2:44 PM James Guichard <
> james.n.guichard@futurewei.com> wrote:
> >>
> >> Hi Sander,
> >>
> >> RFC8402 explicitly says in section 8 security considerations that "by
> default, the explicit routing information MUST NOT be leaked through the
> boundaries of the administered domain". The intent therefore seems clear
> that "global internet" does not apply; interestingly enough MPLS took the
> same approach and has been widely deployed for years.
> >>
> >> Respectfully,
> >>
> >> Jim
> >>
> >> -----Original Message-----
> >> From: spring <spring-bounces@ietf.org> On Behalf Of Sander Steffann
> >> Sent: Friday, February 28, 2020 8:25 AM
> >> To: Wang, Weibin (NSB - CN/Shanghai) <weibin.wang@nokia-sbell.com>
> >> Cc: SPRING WG List <spring@ietf.org>; 6man WG <ipv6@ietf.org>; Andrew
> Alston <Andrew.Alston@liquidtelecom.com>
> >> Subject: Re: [spring] RFC8200 update?
> >>
> >> Hi,
> >>
> >> > In the bearer of srv6 traffic, srv6 domain is only one part of the
> whole packet journey. Because the srv6 domain is trusted by single
> operator, it is no necessary for the outer IPv6 header (for performing SRH
> function) to inherit all IPv6 extension headers specially designed for the
> initial end-to-end IPv6 communication, for example, the AH is not must for
> outer IPv6 header and its SRH. Therefore, the outer IPv6 processing of srv6
> traffic can appropriately relax the restrictions, that is to say, the outer
> IPv6 encapsulation only inherits a part of IPv6 spec.
> >>
> >> No. It uses IPv6 and must therefore follow the rules of IPv6. What I
> propose is to update IPv6 to make this possible, but you can't break the
> rules in a standard without consensus that the rules can be changed.
> >>
> >> > For example, it is allowed to perform functions such as PSP within
> SRv6 domain;  Could we treat IPv6 headers function of internal and external
> layers differently, after all, their purposes are different.
> >>
> >> Let's not use implicit definitions of "internal" and "external" layers.
> They don't make sense in a global protocol (and despite your claims that
> SRv6 is limited to a specific domain, it really isn't. It uses global IPv6
> addresses and can traverse the global internet). Let's define global rules
> that apply to everybody instead, and standardise this behaviour.
> >>
> >> Cheers,
> >> Sander
> >>
> >> _______________________________________________
> >> spring mailing list
> >> spring@ietf.org
> >> https://www.ietf.org/mailman/listinfo/spring
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
>
>
>
> --
> I don't think the execution is relevant when it was obviously a bad
> idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen those particular rabid weasels and that pair
> of pants.
>    ---maf
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email