Re: [spring] Spring protection - determining applicability

"Joel M. Halpern" <jmh@joelhalpern.com> Fri, 14 August 2020 15:09 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0752E3A1018 for <spring@ietfa.amsl.com>; Fri, 14 Aug 2020 08:09:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.069
X-Spam-Level: *
X-Spam-Status: No, score=1.069 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, BITCOIN_SPAM_02=2.497, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTTP_ESCAPED_HOST=0.1, MISSING_HEADERS=1.021, NICE_REPLY_A=-0.949, PDS_BTC_ID=0.498, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s466XTvxV6iJ for <spring@ietfa.amsl.com>; Fri, 14 Aug 2020 08:09:54 -0700 (PDT)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D1C93A0FC8 for <spring@ietf.org>; Fri, 14 Aug 2020 08:09:54 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 4BSn0y3CF9z1p4bL for <spring@ietf.org>; Fri, 14 Aug 2020 08:09:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1597417794; bh=vytqaVvjeZ1/WyKG6J9Nl3XJpkrfOPkdn8OqUH7NAZA=; h=Subject:Cc:References:From:Date:In-Reply-To:From; b=M5gMNSBf5MNOEtxgma8fWJQljZn+tNwWeQCdbAKw9RRti/f1lOpQcr+zQ3fkS4FNq 1ywqsCkIfyOD6laE7z8B7XnDFz6Xu3BFXur4VvmOixrbPfCIA8zcZPNSTRkTfCRp8s P1ZkWVX68r6IW7F5pFT9cZOb8TfgHf0YcE4rDEtE=
X-Quarantine-ID: <1DsQ_LyVqGkN>
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from [192.168.128.43] (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 4BSn0x6djgz1nvCV for <spring@ietf.org>; Fri, 14 Aug 2020 08:09:53 -0700 (PDT)
Cc: "spring@ietf.org" <spring@ietf.org>
References: <7e29a863-70e9-f0a8-638f-5151348be515@joelhalpern.com> <CAOj+MMHZ5wGAPhAO+yLc+RY9OhRX=LuMQ27QQDJkAjK0YM0HMw@mail.gmail.com> <4229284b-9a73-612b-306d-2818f37dd5b3@joelhalpern.com> <VI1PR03MB50560EA5D95C76F7501608FBEE4D0@VI1PR03MB5056.eurprd03.prod.outlook.com> <CAOj+MMGUYkpT0xx+DAuaF-Gc9YSYrLQbNxHuenb2Xps_S=s_tQ@mail.gmail.com> <VI1PR03MB5056610F42282B6883CED19EEE4A0@VI1PR03MB5056.eurprd03.prod.outlook.com> <CY4PR05MB35769327315CBA84E8912D84D54A0@CY4PR05MB3576.namprd05.prod.outlook.com> <AM0PR03MB449907B6175A572E73B6D0389D4A0@AM0PR03MB4499.eurprd03.prod.outlook.com> <af38a341-9839-9435-54b7-09f49e667787@joelhalpern.com> <MW3PR11MB45706B42711F76BB5DD2110EC1400@MW3PR11MB4570.namprd11.prod.outlook.com> <AM0PR03MB449975114CFA78448BFE54A29D400@AM0PR03MB4499.eurprd03.prod.outlook.com> <MW3PR11MB4570615B3050B500C456C99EC1400@MW3PR11MB4570.namprd11.prod.outlook.com> <AM0PR03MB4499C8691A7D5690D052EEB59D400@AM0PR03MB4499.eurprd03.prod.outlook.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <067dfd10-cbd6-fb1c-4361-4bb69f4375ae@joelhalpern.com>
Date: Fri, 14 Aug 2020 11:09:52 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0
MIME-Version: 1.0
In-Reply-To: <AM0PR03MB4499C8691A7D5690D052EEB59D400@AM0PR03MB4499.eurprd03.prod.outlook.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/_SYJeTERXyYc6DoPa4BhA2CNEIo>
Subject: Re: [spring] Spring protection - determining applicability
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Aug 2020 15:10:00 -0000

 From what I have seen in this discussion, we have a number of different 
views, all reasonable, mostly non-document.  It would seem helpful to 
write down our assumptions about meaning and get WG agreement??

Yours,
Joel

On 8/14/2020 10:54 AM, Alexander Vainshtein wrote:
> Ketan, and all,
> I have stated that, IMHO and FWIW, both Adj-SIDs and Prefix SIDs that 
> are advertised with PHP can  ONLY represent topological instructions in 
> SR-MPLS - because the advertising node will not receive them and 
> therefore can hardly be expected to associate any service function with 
> them.
> 
> This is complementary to what you have said.
> 
> Hope this clarifies my position.
> What, if anything, did I miss?
> 
> Regards,
> Sasha
> 
> Get Outlook for Android <https://aka.ms/ghei36>
> 
> ------------------------------------------------------------------------
> *From:* Ketan Talaulikar (ketant) <ketant@cisco.com>
> *Sent:* Friday, August 14, 2020, 16:23
> *To:* Alexander Vainshtein; Joel M. Halpern; Shraddha Hegde; 
> EXT-Andrew.Alston@liquidtelecom.com; Robert Raszuk
> *Cc:* spring@ietf.org
> *Subject:* RE: [spring] Spring protection - determining applicability
> 
> ------------------------------------------------------------------------
> NOTICE: This email was received from an EXTERNAL sender
> ------------------------------------------------------------------------
> 
> Hi Sasha,
> 
> If the service does not need any additional context (e.g. a firewall 
> that just applies locally configured default rules on it), then I don’t 
> see why PHP could not be done for a Prefix SID associated with a service 
> node.
> 
> Also, I didn’t follow the point that you were trying to make about Adj-SIDs.
> 
> Thanks,
> 
> Ketan
> 
> *From:*Alexander Vainshtein <Alexander.Vainshtein@rbbn.com>
> *Sent:* 14 August 2020 18:24
> *To:* Ketan Talaulikar (ketant) <ketant@cisco.com>om>; Joel M. Halpern 
> <jmh@joelhalpern.com>om>; Alexander Vainshtein 
> <Alexander.Vainshtein@rbbn.com>om>; Shraddha Hegde <shraddha@juniper.net>et>; 
> EXT-Andrew.Alston@liquidtelecom.com <Andrew.Alston@liquidtelecom.com>om>; 
> Robert Raszuk <robert@raszuk.net>
> *Cc:* spring@ietf.org
> *Subject:* Re: [spring] Spring protection - determining applicability
> 
> Hi all,
> 
> Regarding the statement "Prefix SID could be just a topological 
> instruction or may also be used to steer the flow to a node which is 
> applying a service function to it":
> 
> I think that in SR-MPLS a Node SID that is advertised with PHP aciton 
> can be safely considered as "just a topological instruction" by the PLR 
> because the originating node will not receive it.
> 
> The same applies to Adj-SDIs.
> 
> My 2c.
> 
> Get Outlook for Android 
> <https://clicktime.symantec.com/375c5YYBeEbaEZwUcHpCY1m6H2?u=https%3A%2F%2Faka.ms%2Fghei36>
> 
> ------------------------------------------------------------------------
> 
> *From:* spring <spring-bounces@ietf.org 
> <mailto:spring-bounces@ietf.org>> on behalf of Ketan Talaulikar (ketant) 
> <ketant=40cisco.com@dmarc.ietf.org 
> <mailto:ketant=40cisco.com@dmarc.ietf.org>>
> *Sent:* Friday, August 14, 2020, 15:00
> *To:* Joel M. Halpern; Alexander Vainshtein; Shraddha Hegde; 
> EXT-Andrew.Alston@liquidtelecom.com 
> <mailto:EXT-Andrew.Alston@liquidtelecom.com>; Robert Raszuk
> *Cc:* spring@ietf.org <mailto:spring@ietf.org>
> *Subject:* Re: [spring] Spring protection - determining applicability
> 
> 
> 
> Hi All,
> 
> I would like to share a different perspective on this.
> 
> First, thanks to Joel for bringing up the discussion. Clearly we need a 
> well-defined applicability statement for determining applicability of 
> protection for segment used in an SR Policy. Some of this is captured in 
> [1].
> 
> This is about local repair at a PLR. By it's very nature, the PLR does 
> not have a notion of how "strict or not" is the SLA that is being 
> provided by the SR Policy. Awareness of that notion exists at the SR 
> Policy headend and/or computation-node.
> 
> We have protected and un-protected variants of adjacency SIDs to enable 
> the computation to pick or the other based on the "strictness" of the 
> SLA requirement for picking that link. We do not have such a notion for 
> Prefix SIDs. One can say that we could introduce signalling (e.g. a B 
> flag) to indicate whether a Prefix SID can be bypassed or not. This 
> provides the opportunity for the computation to use one or the other 
> flavor depending on the nature of the SLA for the SR Policy.
> 
> I have a problem and a concern in the assumption that PLRs can assume 
> that the currently defined variant of Prefix SIDs in RFC8402 (and IGP 
> specs) are "bypass-able".
> 
> As Joel and others have brought out, the Prefix SID could be just a 
> topological instruction or may also be used to steer the flow to a node 
> which is applying a service function to it. In order to support a mix of 
> SR Policies of different SLAs (strict and not-strict), we need to enable 
> the choice of SIDs that indicates to the PLR whether they are 
> "bypass-able" or not.
> 
> For the cases, where the SR Policy has a specific SLA, it is required 
> for nodes to drop the packets meant for the "active segment" than to 
> bypass it. When this mechanism is used along side SRTE path monitoring 
> mechanisms, it enables the headend to detect the failure and fallback to 
> an alternate path using the path protection approach. This is something 
> that is described and in use in deployments today [1]..
> 
> Thanks,
> Ketan
> 
> [1] 
> https://clicktime.symantec.com/3Y3fWuNFYCjMJUiiAiWwUms6H2?u=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-spring-segment-routing-policy-08%23section-9
> [2] 
> https://clicktime.symantec.com/36fCMrgmEewC4a4AJRrmn7H6H2?u=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-spring-segment-routing-policy-08%23section-9.3
> 
> -----Original Message-----
> From: spring <spring-bounces@ietf.org <mailto:spring-bounces@ietf.org>> 
> On Behalf Of Joel M. Halpern
> Sent: 04 August 2020 20:25
> To: Alexander Vainshtein <Alexander.Vainshtein@rbbn.com 
> <mailto:Alexander.Vainshtein@rbbn.com>>; Shraddha Hegde 
> <shraddha=40juniper.net@dmarc.ietf.org 
> <mailto:shraddha=40juniper.net@dmarc.ietf.org>>; 
> EXT-Andrew.Alston@liquidtelecom.com 
> <mailto:EXT-Andrew.Alston@liquidtelecom.com> 
> <Andrew.Alston@liquidtelecom.com 
> <mailto:Andrew.Alston@liquidtelecom.com>>; Robert Raszuk 
> <robert@raszuk.net <mailto:robert@raszuk.net>>
> Cc: spring@ietf.org <mailto:spring@ietf.org>; Joel M. Halpern 
> <jmh@joelhalpern.com <mailto:jmh@joelhalpern.com>>
> Subject: Re: [spring] Spring protection - determining applicability
> 
> There are, as far as I can tell, a number of ways to address this family 
> of related questions.
> What struck me, and prompted the starting question, was that none of 
> them were spelled out.  I see lots of interesting ideas / proposals.
> Some of them are compatible with others.   Some are not.
> It would be good if we could reach agreement on how we thought it should 
> be handled.
> 
> Thank you,
> Joel
> 
> On 8/4/2020 3:54 AM, Alexander Vainshtein wrote:
>  > Hi all,
>  >
>  > I am still not sure that the problem of bypass going thru undesirable
>  > links/nodes exists in the case of topological SIDs.
>  >
>  > AFAIK, Facility Protection in RSVP-TE FRR (RFC 4090
>  > 
> <https://clicktime.symantec.com/3Q92knE9XJujrf8Bk7oJvs6H2?u=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc4090>) 
> has been successfully deployed
>  > for many years before SR-MPLS has been introduced. What’s more,
>  > signaling of bypass tunnels he PLR usually did not include any of the
>  > constraints used for computing of any specific LSP that the bypass LSP
>  > would protect – because in the Facility Protection mode the same
>  > bypass LSP would be used to protect multiple LSPs passing thru the
>  > failed link/node.
>  >
>  >  From my POV the only difference between this behavior and that
>  > introduced by the “bypassing” drafts in SR is that, in the case of
>  > RSVP-TE, the operator would explicitly indicate, as part of LSP
>  > signaling, whether it would or would not use FRR; LSPs that would not
>  > use FRR would then drop traffic rather than delivering it the wrong way.
>  >
>  > Such an option indeed does not exist in SR-TE today, but would be easy
>  > to provide if so desired IMHO.
>  >
>  > Did I miss something substantial?
>  >
>  > Regards, and lots of thanks in advance,
>  >
>  > Sasha
>  >
>  > Office: +972-39266302
>  >
>  > Cell:      +972-549266302
>  >
>  > Email: Alexander.Vainshtein@ecitele.com 
> <mailto:Alexander.Vainshtein@ecitele.com>
>  >
>  > *From:* spring <spring-bounces@ietf.org 
> <mailto:spring-bounces@ietf.org>> *On Behalf Of *Shraddha Hegde
>  > *Sent:* Tuesday, August 4, 2020 9:41 AM
>  > *To:* EXT-Andrew.Alston@liquidtelecom.com 
> <mailto:EXT-Andrew.Alston@liquidtelecom.com>
>  > <Andrew.Alston@liquidtelecom.com 
> <mailto:Andrew.Alston@liquidtelecom.com>>; Robert Raszuk 
> <robert@raszuk.net <mailto:robert@raszuk.net>>
>  > *Cc:* spring@ietf.org <mailto:spring@ietf.org>; Joel M. Halpern 
> <jmh@joelhalpern.com <mailto:jmh@joelhalpern.com>>
>  > *Subject:* Re: [spring] Spring protection - determining applicability
>  >
>  > All,
>  >
>  > This is a very interesting discussion and thanks to Joel for starting
>  > this discussion. IMO, when there are strict requirements of avoiding
>  > certain nodes/links it can be realized  either by defining a flex-algo
>  > avoiding those
>  >
>  > Nodes and links or by using a stack of unprotected adj-sids that avoid
>  > restricted nodes and links. When a stack of adj-sids is used to
>  > realize the path, the head-end based (sBFD) protection mechanisms can 
> be applied.
>  >
>  > If Node-sids/prefix-sid/anycast-sids are used to build the stack, the
>  > failure events may cause traffic to go through restricted nodes and
>  > links. This would happen regardless of whether any kind of protection
>  > is in use or not.
>  >
>  > Rgds
>  >
>  > Shraddha
>  >
>  > Juniper Business Use Only
>  >
>  > *From:* spring <spring-bounces@ietf.org
> <mailto:spring-bounces@ietf.org%20%0b>> 
> <mailto:spring-bounces@ietf.org>> *On Behalf Of *Andrew Alston
>  > *Sent:* Tuesday, August 4, 2020 5:41 AM
>  > *To:* Robert Raszuk <robert@raszuk.net <mailto:robert@raszuk.net>>
>  > *Cc:* spring@ietf.org <mailto:spring@ietf.org> 
> <mailto:spring@ietf.org>; Joel M. Halpern
>  > <jmh@joelhalpern.com <mailto:jmh@joelhalpern.com>>
>  > *Subject:* Re: [spring] Spring protection - determining applicability
>  >
>  > *[External Email. Be cautious of content]*
>  >
>  > Robert this is actually far more difficult when – it can be an entire
>  > (long) series of nodes that need to be avoided.
>  >
>  > It could potentially be made to work but I’d worry that to do this –
>  > you’d have to stack 10 – 20 – 30 negative labels – and that wouldn’t
>  > be viable.
>  >
>  > It’s easier to use algorithms and adjacency sids and other such things
>  > to calculate paths – the biggest trick is about the stack depth.  When
>  > you have this need for node avoidance – the need for 10+ label depth
>  > is critical – unless you wanna be applying one hell of a lot of
>  > binding labels along the way which is a nightmare.
>  >
>  > But to answer your question, is this a common use case – it’s a use
>  > case that most of the people I discuss this with certain have – I cant
>  > comment on a global scale, or for anyone else, but every indication I
>  > have is that yes – its something people need, and want
>  >
>  > Andrew
>  >
>  > *From:* Robert Raszuk <robert@raszuk.net <mailto:robert@raszuk.net>>
>  > *Sent:* Tuesday, 4 August 2020 01:27
>  > *To:* Andrew Alston <Andrew.Alston@liquidtelecom.com
> <mailto:Andrew.Alston@liquidtelecom.com%20%0b>> 
> <mailto:Andrew.Alston@liquidtelecom.com>>
>  > *Cc:* Joel M. Halpern <jmh@joelhalpern.com
> <mailto:jmh@joelhalpern.com%20%0b>> <mailto:jmh@joelhalpern.com>>; 
> spring@ietf.org <mailto:spring@ietf.org>
>  > <mailto:spring@ietf.org>
>  > *Subject:* Re: [spring] Spring protection - determining applicability
>  >
>  > Is this a common use case ie.  "but rather – which nodes / network
>  > segments it can never touch or flow through."
>  >
>  > If so perhaps its time to define notion of *negative-SID* ie. list in
>  > the packet resources which given packet MUST not ever traverse.
>  >
>  > Put in the packet set of nodes or links which the packet should never
>  > traverse.
>  >
>  > That goes in line of recent wave of negative routing implementations
>  > (RIFT) or discussions (LSR)
>  >
>  > Best,
>  > R.
>  >
>  > On Mon, Aug 3, 2020 at 11:46 PM Andrew Alston
>  > <Andrew.Alston@liquidtelecom.com
> <mailto:Andrew.Alston@liquidtelecom.com%20%0b>> 
> <mailto:Andrew.Alston@liquidtelecom.com>> wrote:
>  >
>  >     So –
>  >
>  >     One of the use cases, in fact, some very major use cases in any
>  >     spring technology for us revolve around the following
>  >
>  >     a.The explicit avoidance of certain nodes
>  >
>  >     b.The explicit avoidance of certain sections of the network
>  >
>  >     Anything that could result in that explicit avoidance being violated
>  >     – would create, shall we say significant problems.
>  >
>  >     Much of the use case is not a case of which nodes the packets flow
>  >     through – but rather – which nodes / network segments it can never
>  >     touch or flow through.  Effectively, to be used as a technology to
>  >     avoid certain things for specific reasons.
>  >
>  >     This is also one of the reasons for needing such deep label stacks –
>  >     this kind of detailed path programming tends to deepen the stack
>  >     because you sometimes have to be pretty explicit.
>  >
>  >     It is absolutely critical to us that this functionality is there –
>  >     and that we can avoid situations which could cause traffic to
>  >     accidently hit things explicitly avoided.
>  >
>  >     I wish I could be more specific than this, but it is what it is.
>  >
>  >     Thanks
>  >
>  >     Andrew
>  >
>  >     *From:* spring <spring-bounces@ietf.org
> <mailto:spring-bounces@ietf.org%0b>>     
> <mailto:spring-bounces@ietf.org>> *On Behalf Of *Joel M. Halpern
>  >     *Sent:* Monday, 3 August 2020 21:36
>  >     *To:* Robert Raszuk <robert@raszuk.net <mailto:robert@raszuk.net>>
>  >     *Cc:* spring@ietf..org <mailto:spring@ietf..org> 
> <mailto:spring@ietf.org>
>  >     *Subject:* Re: [spring] Spring protection - determining
>  > applicability
>  >
>  >     (Since the thread has gotten long enough, reiterating that this 
> is as a
>  >     participant, not a WG chair.)
>  >
>  >     Yes, we are talking IP networks. And yes, I have seen IP networks 
> that
>  >     choose to drop packets. For all sorts of reasons.
>  >     I think there are likely other reasons why one may not want a random
>  >     path rather than a chosen TE path. I think it is important we be 
> clear
>  >     about what constraints may be / are violated when we tell people they
>  >     have this tool (protective rerouting) that is intended to 
> preserve QoS.
>  >
>  >     Let's be clear. I am not arguing that this is not a good idea. It 
> is a
>  >     good idea. And useful. I am trying to figure otu what combination of
>  >     additional mechanisms and clear descriptions will lead to everyone
>  >     getting the behavior they expect (which may not be the behavior they
>  >     desire, but sometimes is the best we can do.)
>  >
>  >     Yours,
>  >     Joel
>  >
>  >     On 8/3/2020 2:30 PM, Robert Raszuk wrote:
>  >      > Joel,
>  >      >
>  >      > Are we still talking about IP networks here ? Or perhaps some hard
>  >      > slicing with real resource reservations or detnets ?
>  >      >
>  >      > Because if we are talking about IP networking I have two
>  >     observations:
>  >      >
>  >      > A) If you need to traverse via a specific node (ie. firewall) you
>  >     better
>  >      > apply IP encapsulation to that node.. I don't think IP
>  >     encapsulation can
>  >      > be hijacked today such that destination address of the packet is
>  >     ignored.
>  >      >
>  >      > B) Have you seen any IP network where upon topology change (link
>  >     or node
>  >      > failure) you suddenly start dropping flows in spite of SPT 
> offering
>  >      > perhaps few ms longer path with 10 ms more jitter ?
>  >      >
>  >      > Or are some SR marketing slides promise to turn IP networks in
>  >      > something new ? Worse ... do they mention path quality guarantees,
>  >      > resource reservations ? I hope not.
>  >      >
>  >      > Thx,
>  >      > R.
>  >      >
>  >      >
>  >      >
>  >      >
>  >      >
>  >      >
>  >      >
>  >      >
>  >      >
>  >      > On Mon, Aug 3, 2020 at 8:10 PM Joel M. Halpern 
> <jmh@joelhalpern.com
> <mailto:jmh@joelhalpern.com%0b>>     <mailto:jmh@joelhalpern.com%20%0b>> 
> <mailto:jmh@joelhalpern.com>> wrote:
>  >      >
>  >      > Well less serious for TE SIDs, I am not sure the problem is
>  >     restricted
>  >      > to just service SIDs.
>  >      >
>  >      > Suppose that the PCE has specified the path to meet some 
> complex te
>  >      > objective.  The bypass node has no way of knowing what those
>  >      > constraints
>  >      > were.  And for some kinds of traffic, it is better to drop the 
> packet
>  >      > than to deliver it outside the envelop.  I suspect that the right
>  >      > answer
>  >      > to this is "too bad".  If so, as with the distinction regarding
>  >     service
>  >      > nodes, we should say so, shouldn't we?
>  >      >
>  >      > Yours,
>  >      > Joel
>  >      >
>  >      > On 8/3/2020 2:36 AM, Alexander Vainshtein wrote:
>  >      > > Mach, Joel and all,
>  >      > >
>  >      > > I think that in most cases:
>  >      > >
>  >      > > 1.There is clear differentiation between "topological" and
>  >     "service"
>  >      > > instructions in SID advertisements. E.g.:
>  >      > >
>  >      > > oIGP Prefix Node SIDs IGP Adj-SIDs (identified as such in the
>  >      > > corresponding IGP advertisements) represent topological
>  >     instructions
>  >      > >
>  >      > > oService SIDs for SRv6 (see SRv6 BGP-Based Overlay Services
>  >      > >
>  >      >
>  >     
> <https://clicktime.symantec.com/3CCcy9mY6cMfbk7QfjhiA3R6H2?u=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-bess-srv6-services-04
> <https://clicktime.symantec.com/3CCcy9mY6cMfbk7QfjhiA3R6H2?u=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-bess-srv6-services-04%0b>>     
> <https://clicktime.symantec.com/3GC5af2z3JzphZDkPncHAQi6H2?u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-bess-srv6-services-04__%3B%21%21NEt6yMaO-gk%21S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqguoZHgwp6vpRHOGt8AkTRDuiDo4T-L0nl%24>>
>  >      >
>  >      > > draft) unsurprisingly represent “service” instructions
>  >      > >
>  >      > > 2.Segments that represent topological instructions can be 
> bypassed,
>  >      > > while segments that represent service instructions require
>  >      > alternative
>  >      > > protection mechanisms.
>  >      > >
>  >      > > This view seems to be aligned with RFC 8402
>  >      > > 
> <https://clicktime.symantec.com/345NLCB6TydxuuqUjtcDRZy6H2?u=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc8402
> <https://clicktime.symantec.com/345NLCB6TydxuuqUjtcDRZy6H2?u=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc8402%0b>>     
> <https://clicktime.symantec.com/37PzUKAD82cjSvmVcGvpkhF6H2?u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Ftools.ietf.org%2Fhtml%2Frfc8402__%3B%21%21NEt6yMaO-gk%21S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqguoZHgwp6vpRHOGt8AkTRDuiDo0I4Ybtm%24>>
>  >     that says in Section 1:
>  >      > >
>  >      > >     In the context of an IGP-based distributed control 
> plane, two
>  >      > >
>  >      > > topological segments are defined: the IGP-Adjacency segment 
> and the
>  >      > >
>  >      > >     IGP-Prefix segment.
>  >      > >
>  >      > >     In the context of a BGP-based distributed control plane, two
>  >      > >
>  >      > > topological segments are defined: the BGP peering segment 
> and the
>  >      > >
>  >      > >     BGP-Prefix segment.
>  >      > >
>  >      > > In the case of SR-MPLS this differentiation is assumed in 
> Section
>  >      > 3.4 of
>  >      > > the Node Protection for SR-TE Path
>  >      > >
>  >      >
>  >     
> <https://clicktime.symantec.com/3JbSWGx5DAfNPsZdhpExxx96H2?u=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-hegde-spring-node-protection-for-sr-te-paths-07%23section-3.4
> <https://clicktime.symantec.com/3JbSWGx5DAfNPsZdhpExxx96H2?u=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-hegde-spring-node-protection-for-sr-te-paths-07%23section-3.4%0b>>     
> <https://clicktime.symantec.com/3CrUgARW8somAbw6TisjgJ16H2?u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-hegde-spring-node-protection-for-sr-te-paths-07%2Asection-3.4__%3BIw%21%21NEt6yMaO-gk%21S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqguoZHgwp6vpRHOGt8AkTRDuiDo9wO-Ssn%24>>
>  >      >
>  >      > > draft that says:
>  >      > >
>  >      > >     The node protection mechanism described in the previous
>  >     sections
>  >      > >
>  >      > >     depends on the assumption that the label immediately below
>  >      > the top
>  >      > >
>  >      > > label in the label stack is understood in the IGP domain.  
> When the
>  >      > >
>  >      > >     provider edge routers exchange service labels via BGP or 
> some
>  >      > other
>  >      > >
>  >      > >     non-IGP mechanism the bottom label is not understood in 
> the IGP
>  >      > >
>  >      > >     domain.
>  >      > >
>  >      > >     The egress node protection mechanisms described in the draft
>  >      > >
>  >      > >     [RFC8679 
> <https://clicktime.symantec.com/3JfvtBAmaQPN1jA3pM6TdCE6H2?u=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc8679
> <https://clicktime.symantec.com/3JfvtBAmaQPN1jA3pM6TdCE6H2?u=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc8679%0b>>     
> <https://clicktime.symantec.com/36dMAjuYTQovo8jHwmm3eJw6H2?u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc8679__%3B%21%21NEt6yMaO-gk%21S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqguoZHgwp6vpRHOGt8AkTRDuiDo8MGipXc%24>>]
>  >     is
>  >      > > applicable to this use case and no additional changes
>  >      > >
>  >      > >     will be required for SR based networks
>  >      > >
>  >      > > The scenarios in which  differentiation between 
> “topological” and
>  >      > > “service” instructions is broken are indeed problematic. E.g.,
>  >      > consider
>  >      > > the use case in which a Node SID in the ERO of a SR-TE path
>  >      > identifies a
>  >      > > node that acts as a firewall for all packets it receives, i.e.,
>  >      > provides
>  >      > > the firewall service without any dedicated service SID
>  >      > identifying it.
>  >      > > One could say that the Node SID of such a node would combine
>  >      > topological
>  >      > > and service instructions thus breaking the differentiation
>  >      > between the two.
>  >      > >
>  >      > > I am not sure if usage of such “combined” SIDs could be 
> prevented
>  >      > or at
>  >      > > least discouraged.
>  >      > >
>  >      > > If not, providing an ability to identify such SIDs in the
>  >      > advertisement
>  >      > > mechanisms would be useful IMHO.
>  >      > >
>  >      > > My 2c,
>  >      > >
>  >      > > Sasha
>  >      > >
>  >      > > Office: +972-39266302
>  >      > >
>  >      > > Cell:      +972-549266302
>  >      > >
>  >      > > Email: Alexander.Vainshtein@ecitele.com 
> <mailto:Alexander.Vainshtein@ecitele.com>
>  >     <mailto:Alexander.Vainshtein@ecitele.com>
>  >      > <mailto:Alexander.Vainshtein@ecitele.com>
>  >      > >
>  >      > > -----Original Message-----
>  >      > > From: spring <spring-bounces@ietf.org
> <mailto:spring-bounces@ietf.org%0b>>     
> <mailto:spring-bounces@ietf.org%0b>>
>  >     <mailto:spring-bounces@ietf.org>> On Behalf Of Mach Chen
>  >      > > Sent: Monday, August 3, 2020 6:30 AM
>  >      > > To: Joel M. Halpern <jmh@joelhalpern.com
> <mailto:jmh@joelhalpern.com%0b>>     <mailto:jmh@joelhalpern.com%0b>> 
> <mailto:jmh@joelhalpern.com>>;
>  > spring@ietf.org <mailto:spring@ietf.org> <mailto:spring@ietf.org> 
> <mailto:spring@ietf.org>
>  >      > > Subject: Re: [spring] Spring protection - determining 
> applicability
>  >      > >
>  >      > > Hi Joel,
>  >      > >
>  >      > > I think this is a good point that may not be discussed in the
>  >      > past. And
>  >      > > I also don't think there is a "can be bypassed" indication 
> in the
>  >      > > routing advertisement for now.
>  >      > >
>  >      > > IMHO, the information advertised by routing is neutral, such
>  >      > information
>  >      > > (can or cannot be bypassed) is more path specific, thus
>  >     normally the
>  >      > > controller should be responsible for deciding whether/which SID
>  >      > can be
>  >      > > bypassed.
>  >      > >
>  >      > > Best regards,
>  >      > >
>  >      > > Mach
>  >      > >
>  >      > >  > -----Original Message-----
>  >      > >
>  >      > >  > From: spring [mailto:spring-bounces@ietf.org
>  >      > <mailto:spring-bounces@ietf.org>
>  >     
> <mailto:spring-bounces@ietf.org%0b%3e%20%3cmailto:spring-bounces@ietf.org%3e>]
>  >     On Behalf Of Joel M.
>  >      > >
>  >      > >  > Halpern
>  >      > >
>  >      > >  > Sent: Monday, August 3, 2020 7:51 AM
>  >      > >
>  >      > >  > To: spring@ietf.org <mailto:spring@ietf.org> 
> <mailto:spring@ietf.org>
>  >     <mailto:spring@ietf.org>
>  >      > <mailto:spring@ietf.org <mailto:spring@ietf.org
> <mailto:spring@ietf.org%20%3cmailto:spring@ietf.org%0b>>     
> <mailto:spring@ietf.org%20%3cmailto:spring@ietf.org>>>
>  >      > >
>  >      > >  > Subject: [spring] Spring protection - determining 
> applicability
>  >      > >
>  >      > >  >
>  >      > >
>  >      > >  > (WG Chair hat Off, this is merely a note from a slightly
>  >      > confused WG
>  >      > >
>  >      > >  > participant.)
>  >      > >
>  >      > >  >
>  >      > >
>  >      > >  > I have been reading the various repair drafts, and the 
> various
>  >      > >
>  >      > >  > networks programming and service programming draft, and I am
>  >      > trying to
>  >      > >
>  >      > >  > figure out one aspect of the combination.
>  >      > >
>  >      > >  >
>  >      > >
>  >      > >  > How does a node that is doing some form of bypass 
> (suppose, for
>  >      > >
>  >      > >  > simplicity, it is Node N2 deciding to bypass the next SID for
>  >      > a failed
>  >      > >
>  >      > >  > node N3) know that it is safe to do so?
>  >      > >
>  >      > >  >
>  >      > >
>  >      > >  > If the path was just for TE, then it is "safe" if the new 
> path
>  >      > meets
>  >      > >
>  >      > >  > the TE criteria.  or maybe it is safe if it is even close, as
>  >      > long as
>  >      > >
>  >      > >  > it is not used for too long.
>  >      > >
>  >      > >  >
>  >      > >
>  >      > >  > But what if the node were a Firewall, included to meet legal
>  >      > > requirements?
>  >      > >
>  >      > >  > Or was some other necessary programmatic transform (wince 
> we are
>  >      > >
>  >      > >  > deliberately vague about what nodes can do when asked 
> suitably.)
>  >      > >
>  >      > >  >
>  >      > >
>  >      > >  > Is there some "can be bypassed" indication in the routing
>  >      > >
>  >      > >  > advertisements that I missed?
>  >      > >
>  >      > >  >
>  >      > >
>  >      > >  > Thank you,
>  >      > >
>  >      > >  > Yours,
>  >      > >
>  >      > >  > Joel
>  >      > >
>  >      > >  >
>  >      > >
>  >      > >  > _______________________________________________
>  >      > >
>  >      > >  > spring mailing list
>  >      > >
>  >      > >  > spring@ietf.org <mailto:spring@ietf.org> 
> <mailto:spring@ietf.org>
>  >     <mailto:spring@ietf.org>
>  >      > <mailto:spring@ietf.org <mailto:spring@ietf.org
> <mailto:spring@ietf.org%20%3cmailto:spring@ietf.org%0b>>     
> <mailto:spring@ietf.org%20%3cmailto:spring@ietf.org>>>
>  >      > >
>  >      > >  >
>  >      > >
>  >      >
>  > 
> https://clicktime.symantec.com/367qhU4KiUkzW9uGC4eAvP46H2?u=https%3A%2 
> <https://clicktime.symantec.com/367qhU4KiUkzW9uGC4eAvP46H2?u=https%3A%252>
>  >     
> <https://clicktime.symantec.com/3Q7vX2qWSUdWVc892XuXy2H6H2?u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fclicktime.symantec.com%2F367qhU4KiUkzW9uGC4eAvP46H2%3Fu%3Dhttps%2A3A%2A2__%3BJSU%21%21NEt6yMaO-gk%21S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqguoZHgwp6vpRHOGt8AkTRDuiDo6HwPLil%24>
>  >      > >
>  >      >
>  >     
> <https://clicktime.symantec.com/367qhU4KiUkzW9uGC4eAvP46H2?u=https%3A%252
> <https://clicktime.symantec.com/367qhU4KiUkzW9uGC4eAvP46H2?u=https%3A%252%0b>>     
> <https://clicktime.symantec.com/3A5B8H2Fm1rPnaZ3Supjwr6H2?u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fclicktime.symantec.com%2F367qhU4KiUkzW9uGC4eAvP46H2%3Fu%3Dhttps%2A3A%2A252__%3BJSU%21%21NEt6yMaO-gk%21S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqguoZHgwp6vpRHOGt8AkTRDuiDozoQiAHk%24>>
>  >      > >
>  >      > >  > F%2Fwww.ietf.org
>  >     
> <https://clicktime.symantec.com/39NznmYBtRuHARhGJ5W5dGB6H2?u=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2F2Fwww.ietf.org__%3B%21%21NEt6yMaO-gk%21S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqguoZHgwp6vpRHOGt8AkTRDuiDo-pPCjvR%24>
>  >      > 
> <https://clicktime.symantec.com/3GWT9fyjaFi3FcvHDvoodvS6H2?u=http%3A%2F%2F2Fwww.ietf.org
> <https://clicktime.symantec.com/3GWT9fyjaFi3FcvHDvoodvS6H2?u=http%3A%2F%2F2Fwww.ietf.org%0b>>     
> <https://clicktime.symantec.com/39NznmYBtRuHARhGJ5W5dGB6H2?u=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2F2Fwww.ietf.org__%3B%21%21NEt6yMaO-gk%21S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqguoZHgwp6vpRHOGt8AkTRDuiDo-pPCjvR%24>>%2Fmailman%2Flistinfo%2Fspring
>  >      > >
>  >      > > _______________________________________________
>  >      > >
>  >      > > spring mailing list
>  >      > >
>  >      > > spring@ietf.org <mailto:spring@ietf.org> 
> <mailto:spring@ietf.org>
>  >     <mailto:spring@ietf.org> <mailto:spring@ietf.org
> <mailto:spring@ietf.org%0b>>     <mailto:spring@ietf.org%0b>> 
> <mailto:spring@ietf.org>>
>  >      > >
>  >      > >
>  >      >
>  > 
> https://clicktime.symantec.com/367qhU4KiUkzW9uGC4eAvP46H2?u=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fspring
>  >     
> <https://clicktime.symantec.com/3BhyEtx4Q7n74BhiRnfMJtT6H2?u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fclicktime.symantec.com%2F367qhU4KiUkzW9uGC4eAvP46H2%3Fu%3Dhttps%2A3A%2A2F%2A2Fwww.ietf.org%2A2Fmailman%2A2Flistinfo%2A2Fspring__%3BJSUlJSUl%21%21NEt6yMaO-gk%21S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqguoZHgwp6vpRHOGt8AkTRDuiDo-hR3gAD%24>
>  >      > >
>  >      > >
>  >      > >
>  >      > >
>  >      >
>  >     
> ------------------------------------------------------------------------
>  >      > > Notice: This e-mail together with any attachments may contain
>  >      > > information of Ribbon Communications Inc. that is confidential
>  >      > and/or
>  >      > > proprietary for the sole use of the intended recipient. Any 
> review,
>  >      > > disclosure, reliance or distribution by others or forwarding
>  >     without
>  >      > > express permission is strictly prohibited. If you are not the
>  >      > intended
>  >      > > recipient, please notify the sender immediately and then 
> delete all
>  >      > > copies, including any attachments.
>  >      > >
>  >      >
>  >     
> ------------------------------------------------------------------------
>  >      > >
>  >      > > _______________________________________________
>  >      > > spring mailing list
>  >      > > spring@ietf.org <mailto:spring@ietf.org> 
> <mailto:spring@ietf.org> <mailto:spring@ietf.org>
>  >      > > 
> https://clicktime.symantec.com/3Q1xsKGyMzNJCKyVPByhqLq6H2?u=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fspring
>  >     
> <https://clicktime.symantec.com/3NrDnSTReXh671G79BVGEq16H2?u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fspring__%3B%21%21NEt6yMaO-gk%21S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqguoZHgwp6vpRHOGt8AkTRDuiDo5KlPnbj%24>
>  >      > >
>  >      >
>  >      > _______________________________________________
>  >      > spring mailing list
>  >      > spring@ietf.org <mailto:spring@ietf.org> 
> <mailto:spring@ietf.org> <mailto:spring@ietf.org>
>  >      > 
> https://clicktime.symantec.com/3Q1xsKGyMzNJCKyVPByhqLq6H2?u=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fspring
>  >     
> <https://clicktime.symantec.com/3NrDnSTReXh671G79BVGEq16H2?u=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fspring__%3B%21%21NEt6yMaO-gk%21S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqguoZHgwp6vpRHOGt8AkTRDuiDo5KlPnbj%24>
>  >      >
>  >
>  >     _______________________________________________
>  >     spring mailing list
>  > spring@ietf.org <mailto:spring@ietf.org> <mailto:spring@ietf.org>
>  > 
> https://clicktime.symantec.com/3Q1xsKGyMzNJCKyVPByhqLq6H2?u=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fspring
>  >
>  > <https://clicktime.symantec.com/3NrDnSTReXh671G79BVGEq16H2?u=https%3A%
> <https://clicktime.symantec.com/3NrDnSTReXh671G79BVGEq16H2?u=https%3A%25%0b>> 
> 2F%2Furldefense.com%2Fv3%2F__https%3A%2Fwww.ietf.org%2Fmailman%2Flisti
>  > nfo%2Fspring__%3B%21%21NEt6yMaO-gk%21S0Yusx9FYNE8E_R1oiQAtQxgm0x0wxqgu
>  > oZHgwp6vpRHOGt8AkTRDuiDo5KlPnbj%24>
>  >
>  >
>  >
>  > ----------------------------------------------------------------------
>  > --
>  > Notice: This e-mail together with any attachments may contain
>  > information of Ribbon Communications Inc. that is confidential and/or
>  > proprietary for the sole use of the intended recipient. Any review,
>  > disclosure, reliance or distribution by others or forwarding without
>  > express permission is strictly prohibited. If you are not the intended
>  > recipient, please notify the sender immediately and then delete all
>  > copies, including any attachments.
>  > ----------------------------------------------------------------------
>  > --
> 
> _______________________________________________
> spring mailing list
> spring@ietf.org <mailto:spring@ietf.org>
> https://clicktime.symantec.com/3Q1xsKGyMzNJCKyVPByhqLq6H2?u=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fspring
> _______________________________________________
> spring mailing list
> spring@ietf.org <mailto:spring@ietf.org>
> https://clicktime.symantec.com/3Q1xsKGyMzNJCKyVPByhqLq6H2?u=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fspring
> 
> ------------------------------------------------------------------------
> 
> Notice: This e-mail together with any attachments may contain 
> information of Ribbon Communications Inc. that is confidential and/or 
> proprietary for the sole use of the intended recipient. Any review, 
> disclosure, reliance or distribution by others or forwarding without 
> express permission is strictly prohibited. If you are not the intended 
> recipient, please notify the sender immediately and then delete all 
> copies, including any attachments.
> 
> ------------------------------------------------------------------------
>