IETF Logo Mail Archive

Re: [spring] Roman Danyliw's Discuss on draft-ietf-spring-srv6-network-programming-19: (with DISCUSS and COMMENT)

"Pablo Camarillo (pcamaril)" <pcamaril@cisco.com> Tue, 22 September 2020 19:59 UTC

Return-Path: <pcamaril@cisco.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 759A33A0CEA; Tue, 22 Sep 2020 12:59:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.62
X-Spam-Level:
X-Spam-Status: No, score=-9.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=lETpuEFV; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=ns5GiVrd
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i7ETEfWYo4ql; Tue, 22 Sep 2020 12:59:09 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F26F3A0CE6; Tue, 22 Sep 2020 12:59:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9636; q=dns/txt; s=iport; t=1600804749; x=1602014349; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=OYv3zv3Byh+ryt9PVbk8TjLep7mwfpMnLmcn/xJorsY=; b=lETpuEFVmDM2w3/U6fSjr8l6MH/983nzL4qMxjN4IKerH/Gbus0Tr7ut skdhIyNRo+tDp4ltWx6tXhVKwW5I2Ru1kPCtcrqrzV3b37/Gm1IdU8ZyN aQF3ZxiQUGO0bZ6lMZMFBUCxfitkj1BLzLGxGrt/gKJ7xEKeAnfHaEnQh s=;
IronPort-PHdr: 9a23:d3gBaRT45Z3MffAMca/PowpHEdpsv++ubAcI9poqja5Pea2//pPkeVbS/uhpkESQBN+J4P9el6zRqa+zEWAD4JPUtncEfdQMUhIekswZkkQmB9LNEkz0KvPmLklYVMRPXVNo5Te3ZE5SHsutbFDIvju19zFBUhn6PBB+c+LyHIOahs+r1ue0rpvUZQgAhDe0bb5oahusqgCEvcgNiowkIaE0mRY=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DLBQC4Vmpf/5FdJa1fHAEBAQEBAQcBARIBAQQEAQFAgU+BUlEHcFkvLAqEMINGA414gQKXc4FCgREDVQsBAQENAQElCAIEAQGESwIXgg4CJDgTAgMBAQsBAQUBAQECAQYEbYVcDIVyAQEBAQMSEREMAQE3AQsEAgEGAg4DBAEBAwIfBwICAjAVCAgCBAENBQgagwWCSwMuAQ6aV5BpAoE5iGF2gTKDAQEBBYFHQYMoGIIQAwaBDiqCcYNpgkGEERuBQT+BEUOCGDU+glwCAQIBgSYBAQsGASMFMQKCXTOCLZAQA4JmPKJ4gQgKgmeId4xThSaDDIl5k36SfophlRsCBAIEBQIOAQEFgWsjZ1gRB3AVgyRQFwINjh8MFxSDOoUUhUJ0AjUCBgEJAQEDCXyLHoE0AYEQAQE
X-IronPort-AV: E=Sophos;i="5.77,291,1596499200"; d="scan'208";a="828644423"
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 22 Sep 2020 19:59:07 +0000
Received: from XCH-ALN-003.cisco.com (xch-aln-003.cisco.com [173.36.7.13]) by rcdn-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id 08MJx7KY025033 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 22 Sep 2020 19:59:07 GMT
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by XCH-ALN-003.cisco.com (173.36.7.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 22 Sep 2020 14:59:06 -0500
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 22 Sep 2020 15:58:59 -0400
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 22 Sep 2020 15:58:59 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fPufnWj62vloWcrMvIV8DgGozOfFNGkNi8A7pWhK4kgbhkAzQgEq/Qpt3oeN/fk8Ct9qUYmi1/ka70Pb5MYk/jQnP9qVP0QCY6mngJQF3cAdHAEJWFRZZtS//45DPId0qdaIk8I+B81SIew6nHEe0KVfCNFoJbLRvgusSqFiwrU8pd14Vmg0c65PBQ3tZ/oYzpZUI5bL2ryopDT1UzdfStMuX4GxNWjazeAmNX+ZPPa/FAjLM+DNUSHl3iWjtN6oTE1XOeG777bNsHs+GdyOoxLHaGQTV2t4ov8Ip7vVFmc0u3bmYPI/6Cn3uNLQZC346+/a1AVwdujGHZ1X3RNxgw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OYv3zv3Byh+ryt9PVbk8TjLep7mwfpMnLmcn/xJorsY=; b=BuNoYfnH/8x5jeJzWpZYFZ9c/sBzXtyOWuUZ5MLoF1MHv8vCv4E3GdwPdplxMIJY3qA2Ix0eS/z21Qrst7bRZlhfQL5IIBuNLvwMFInIaRO88y5GMggk6kOEThUsnLHmPWw3pTUWZIA4JfGP7yQ5j1wRyVQzB9jiSgLTifuzCLu7ROC98rPNXSQyGK3LEziJEwWxXJblbi8Eb1I2Z1yHnRcPnh7NexTA5SEHIPqeRjiwuOictWG5BxMEJx+hrq3E5LBPZlWRLJHUw6JpNTO2yeK3YpVk2qfNzuu+GEfvG7DyBBdRACp+xRfFDaegzLa3MnARn/hS7FEcdeNtQxhYUQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OYv3zv3Byh+ryt9PVbk8TjLep7mwfpMnLmcn/xJorsY=; b=ns5GiVrdkj9XInjtmaW0L1sE8rn8kQbA9+DY5czLgBvGbC0gEGQYMBw0WUe6fwgQddEM86TAoVLZHLgPG0CzlecNtmeukxlxoyHNUZksV9KfYUICFafiQvo8koTivDm5j7gvRDiMeIKyrrQElnfV53Cj09TqXqy/NUSxQAihQ1E=
Received: from MWHPR11MB1374.namprd11.prod.outlook.com (2603:10b6:300:24::8) by MWHPR11MB0047.namprd11.prod.outlook.com (2603:10b6:301:68::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.16; Tue, 22 Sep 2020 19:58:57 +0000
Received: from MWHPR11MB1374.namprd11.prod.outlook.com ([fe80::91c6:cab8:6b42:58ca]) by MWHPR11MB1374.namprd11.prod.outlook.com ([fe80::91c6:cab8:6b42:58ca%3]) with mapi id 15.20.3391.024; Tue, 22 Sep 2020 19:58:57 +0000
From: "Pablo Camarillo (pcamaril)" <pcamaril@cisco.com>
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
CC: "draft-ietf-spring-srv6-network-programming@ietf.org" <draft-ietf-spring-srv6-network-programming@ietf.org>, "spring-chairs@ietf.org" <spring-chairs@ietf.org>, "spring@ietf.org" <spring@ietf.org>, Bruno Decraene <bruno.decraene@orange.com>, Joel Halpern <jmh@joelhalpern.com>
Thread-Topic: Roman Danyliw's Discuss on draft-ietf-spring-srv6-network-programming-19: (with DISCUSS and COMMENT)
Thread-Index: AQHWkERu3aD+X9F0yke1skKQCmXfAql00TuQ
Date: Tue, 22 Sep 2020 19:58:57 +0000
Message-ID: <MWHPR11MB1374D5D6DCA0A44C98A29FB3C93B0@MWHPR11MB1374.namprd11.prod.outlook.com>
References: <160071265366.14948.8163350323208659826@ietfa.amsl.com>
In-Reply-To: <160071265366.14948.8163350323208659826@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: cert.org; dkim=none (message not signed) header.d=none;cert.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [173.38.220.43]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 43d937b0-5424-480d-a8b9-08d85f31f135
x-ms-traffictypediagnostic: MWHPR11MB0047:
x-microsoft-antispam-prvs: <MWHPR11MB0047C8FA64BE3F2D89ACCDC6C93B0@MWHPR11MB0047.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Bgu0UsjZjp13n+ev1XXp5lKvREalqkSeH2dADImzxMJj4nzFaiQy+v/JAi621U5OjtUcYTp0/T9gwDpLSl1FcOYPP4JhJIzWxc76z0Dwwlk2fezvyNm/dd3HkEu8Y50WpTp4EA2BY85pw7BxIYlQ32FeZ1uPR5bZ1Fa331K9veAjAbGBbLPl8itBIMbEhOsJBusK2k9NpeRZJeZCehJSZ/vxfY4uqiLK4nL2I2RvrL/270FYQPADRfVGKA0NGfJgkEb1X2LISE287nXdDKEiab6SWRVUTkKLsZx95kgWUpU2c6Hg33AEw0m5yUuz4VAm06RPGKeruJ5uwVk7cqx9/h7GFbFSap4kMmoIGOMpl4pJvSs6xO1KPb1KEZosU0Hu6ItNYe4Y0BpqHvN88IfJOA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR11MB1374.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(346002)(376002)(136003)(366004)(396003)(39860400002)(33656002)(52536014)(9686003)(55016002)(7696005)(6506007)(53546011)(26005)(966005)(110136005)(54906003)(86362001)(71200400001)(186003)(8936002)(66556008)(66446008)(66476007)(64756008)(76116006)(66946007)(8676002)(4326008)(83380400001)(5660300002)(316002)(478600001)(2906002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: H6brVV7NoEyYpW3pB4nB+Wso3eCAEXuB5rF6gLjgwnZAOn7t6ffbwMz11pMGWxN0b5P+kJTCxkgbdPalVyOQAHXOddLSWKKJB+OMTvmGs4LQZ7GLXFPTlguV8ziatKzGjX3zh9euqzP49QnfjyCTSXBRXLGVEaqmGh+IH8runAqYDMFl7niMux8HESkzBOY5t+b0yPBoFsLM8NxNgY/XkMnbQpTdbUT1jaSc/VC+xQw30wpk0wwQsc1NxdoEYu15GuhvugIkliitqjzB/PKWBNGx3a2jbzaCXAUsyom5yMpnzvFs7DJmLiWf3I96rD0OloC552grXvaU9x7ww1X0z+sOlZq1/ZMvK5War5CghK+gpthDONizkOwwMfi7b8chWmWPkscQuPs0mWVb7VpEyBSRt9XT/yCPlFIw3gZpEgZ7EehErAKXx4W3YUbeDzBLuP7Ej4MlVtNjQUcdYfouxL4vOmYwGD738sozjfhczBbR3Qakd/vsboKdfXPCWGrRxsht1Ef0Mh8MRn2OexHKmwqonF6GJ5tj9ZFRv1SgAlL7kFiZXtphDAihuiWlNLGsUzMSdGWsT70lRERbE1ZxNw8piz/h1wiT+FzW8CehGEj8dB/93c8mwrBp4BGlIVAIcVIv7KOpMux/AeiwYgLqsQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MWHPR11MB1374.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 43d937b0-5424-480d-a8b9-08d85f31f135
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Sep 2020 19:58:57.6907 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: x6BLapUEBeSvvjKtBP23wPI+0i67l8kfJs9JkH2VsI4f148ich3Lts51w271FW2YWq9c5249jcjwgIR9jIaY7g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB0047
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.13, xch-aln-003.cisco.com
X-Outbound-Node: rcdn-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/_jO3ESjI69vri0zhKWYq6V24cEU>
Subject: Re: [spring] Roman Danyliw's Discuss on draft-ietf-spring-srv6-network-programming-19: (with DISCUSS and COMMENT)
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Sep 2020 19:59:12 -0000

Hi Roman,

Many thanks for your thorough review. Please see inline with [PC].

Thanks,
Pablo.

-----Original Message-----
From: Roman Danyliw via Datatracker <noreply@ietf.org> 
Sent: lunes, 21 de septiembre de 2020 20:24
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-spring-srv6-network-programming@ietf.org; spring-chairs@ietf.org; spring@ietf.org; Bruno Decraene <bruno.decraene@orange.com>; Joel Halpern <jmh@joelhalpern.com>; jmh@joelhalpern.com
Subject: Roman Danyliw's Discuss on draft-ietf-spring-srv6-network-programming-19: (with DISCUSS and COMMENT)

Roman Danyliw has entered the following ballot position for
draft-ietf-spring-srv6-network-programming-19: Discuss

When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-spring-srv6-network-programming/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

Section 3.1.  (In case I missed it, please provide the obvious reference) Per “In such a case, the semantics and format of the ARG bits are defined as part of the SRv6 endpoint behavior specification”, is “endpoint behavior specification” Section 4 or another document?  If the former, I don’t see any references to argument bits in the pseudo-code of the Section 4.* subsections. 
If the latter, what document?  Can the behaviors be polymorphic (i.e., same network behavior accepting different arguments)?

[PC] The End.DT2M behavior in section 4.12 has an argument called “Arg.FE2”. The behavior specification explains the semantics of the argument and the pseudocode describes how it is handled. The arguments to the function can indeed vary.

----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thanks for responding to the SECDIR review (and thank you to Brian Weis for doing it)

** Section 3.2.  Per “An SR Source Node cannot infer the behavior by examination of the FUNCT value of a SID”, isn’t there at least some hint provided by the use of the FUNCT from the IANA registry?
[PC] Recall that Section 3.1 says the following (there is no hint):
   The FUNCT is an opaque identification of a local behavior bound to
   the SID.
   The term "function" refers to the bit-string in the SRv6 SID.  The
   term "behavior" identifies the behavior bound to the SID.  The
   behaviors are defined in Section 4 of this document.

[PC] The FUNCT is part of the SID value assigned by the operator. This SID is associated with a behavior (defined in the IANA registry). The control plane is going to advertise the association of the SID (including the FUNCT) and the particular behavior (using the IANA codepoint).
An intermediate node that only has access to the SRv6 user traffic, only by looking at the FUNCT value (and with no control plane information), cannot know what the behavior is associated to such SID. Looking ahead at your next comment, I believe the confusion might arise from the values used in the example in this section.

** Section 3.2.
Per “Function 11 associated with the behavior End.X …” AND

Per “Function 12 associated with the behavior End.X …”

The initial registrations for Endpoint Behavior per Section 10.2.1 suggest that Function 11 and 12 are End.T.
[PC] Please see response to previous comment. Indeed, the example can be improved.  I’ll replace 11 and 12 for 100 and 101 that are unassigned on the IANA registry to more clearly differentiate between FUNCT and Behavior.

** Section 4.1.  Pseudo-code without formal definition might be open to interpretation.  My nits (which likely apply to other sections) are that: -- it might not be clear that S03, S06 and S10 are effectively returns/exits from this “behavior”, and if they are run, S12-S15 should never be reached (otherwise Segments Left or Hop Limit = -1)
[PC] Indeed, it would be clearer if we call out where there is a return/exit.
<OLD>
   S03.      Proceed to process the next header in the packet,
                whose type is identified by the Next Header field in
                the routing header.
</OLD>
<NEW>
   S03.      Stop processing the SRH, proceed to process the next
                header in the packet, whose type is identified by the 
                Next Header field in the routing header.
</NEW>

[PC] For lines S06 and S10 currently include “Interrupt packet processing and discard the packet”. Do you think this is sufficient to indicate there is no more SRH processing done?

-- (for consistency) the IF … ELSEIF … END construct is used in Section 4.8, but not here.
[PC] Indeed, pseudocodes should be consistent.

-- What does it mean to indent the code?  For example S06 is:
S06.      Send an ICMP Time Exceeded message to the Source Address,
                Code 0 (Hop limit exceeded in transit),
                Interrupt packet processing and discard the packet.

I can see why “Code 0 …” is indented under “Send an … “ as this is a line wrap, but why is “Interrupt packet processing?”
[PC] Yes. The indentation of interrupt packet processing is incorrect. It should be part of the same statement as above (the period should not be there). I’ll review the indentation of all pseudocodes.

** A few other psuedo code nits:
-- Section 4.1.  S05 uses “IPv6 Hop Limit” but S12 uses “Hop Limit”.  Recommend consistency.
[PC] Ack. Fixed for next next rev.

-- Section 4.4.  Per S05.  Is “next header” purposely lower case?  I asked because it looks like explicit field names are in upper case (e.g., S03 says “Segments Left field”).
[PC] Ack. Fixed for next next rev.

-- Section 4.16.3.  As a style/consistency note, the other sections which check the upper header type seem use of a construct of != 41 or 4 to “Process per Section 4.1.1”. (e.g., Section 4.4, 4.5, 4.6, etc.)
[PC] Ack. Fixed for next next rev.

** Section 8.  Given how meticulously the Section 4 guidance was described, it would be helpful to say that the HMAC TLV processing, if present, happens as a notional Step “S0” per guidance in Section 2.1.2.1 of RFC8754.
[PC] Ack. I would propose the following addition at the end of the security considerations.
<NEW>
When enabled by local configuration, HMAC processing occurs at the beginning of SRH processing as defined in Sec 2.1.2.1 of RFC8754.
</NEW>

** Editorial Nits:
-- Section 3.2. Typo. s/an network/a network/
-- Section 3.2. Typo. s/is minimum/is minimal/
[PC] Acking both. Fixed for next next rev.

v2.23.0 | Report a Bug | By Email