IETF Logo Mail Archive

Re: [spring] SRv6 Network Programming - ICMP Source Address Selection

Mark Smith <markzzzsmith@gmail.com> Mon, 13 January 2020 21:44 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2426012006D for <spring@ietfa.amsl.com>; Mon, 13 Jan 2020 13:44:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.498
X-Spam-Level:
X-Spam-Status: No, score=-0.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N4kk64PJRaKO for <spring@ietfa.amsl.com>; Mon, 13 Jan 2020 13:44:12 -0800 (PST)
Received: from mail-ot1-x334.google.com (mail-ot1-x334.google.com [IPv6:2607:f8b0:4864:20::334]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1DCA12002F for <spring@ietf.org>; Mon, 13 Jan 2020 13:44:11 -0800 (PST)
Received: by mail-ot1-x334.google.com with SMTP id 66so10460525otd.9 for <spring@ietf.org>; Mon, 13 Jan 2020 13:44:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NJqP7b2KsL7VA7pkJOG7Wh/Itum31RWVbVRiALNxnBI=; b=DJb9JCoEP3BLMz9T5i/cnPOyLMorb8zEAMw/rx1joKvr89YgtFvAPsDJlx46HBNsIQ ZhruLNAQbqsvnlogQhVEYg3z5HZTK+LPnGJYM3HXajLsf8OjCHPrhR4i26kQDrE4XGLO 6dGwWwN4BMMzKw54nylNbiuG30/dxIoek2lRA/cyv5HUKejSH0/gqBP6PebBJ2W55lww EtgBPyx9ngDPrMdBJPwnyrCI221jZ+gOmzrF8wpEUz1Rr0AfSlxnZGespm2h9NhxG9rD 00f7I+D3ptT4Hj9jE/12iAQKDK6V/Z7y51wpd6ikhaLxPUf6NeNYzAS/Q5aYwwlAeQsT VpEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NJqP7b2KsL7VA7pkJOG7Wh/Itum31RWVbVRiALNxnBI=; b=ETmyhdVa5giaNmouCaDQ8RAluPZgmYFEDHcENiKxkIe0ilYDaMOOP6SzeHgzEzSVSe 1l/p+wbPtfdqkVnIlR1lqZcIWR4XowM4rNKel4TxXKfxYe4dJ2o5qAa9wwPJOxd2Umno NbmTUeE4ljzbMWR/J0UUye/dK4TxjhF66f/tFWIw4h+ICL8yBfD9QmvHERqhMFJTFgGk E9IUXK3wz2Dh9hlXlNP1R6I/99GPJu3Ao8E6n0lq7wjp2ooBkZgnBs7V1OmmDyjPQMvs VSoDsqJ1chNRkwMl8veyAt5/hDTk474RYngXCGEPOFYNaIIQo7Z+wtg0TPgh/iGPHmpg W5/Q==
X-Gm-Message-State: APjAAAW3NT5Ak5jjQ/UMNhDr+uAVZ2z3NNmDn6ahOpH6xgCY7JTlMKTD NQJxpf9bGZH5QnmZ4Ffs2ihe/tUP7Dyr/jipic6r5A==
X-Google-Smtp-Source: APXvYqziYwMof4EQ6c4K/8q1x4Q4ewlE1WQEblFiLl7ZKOukjdnG6kf/2ZPU7fz4QVjFlvJF80L89otq6MhbIyt18qY=
X-Received: by 2002:a05:6830:151a:: with SMTP id k26mr15415259otp.74.1578951850944; Mon, 13 Jan 2020 13:44:10 -0800 (PST)
MIME-Version: 1.0
References: <B91AA98B-F605-4C6B-AFAF-C9FDEA703460@cisco.com> <BN7PR05MB5699B27F84C5E8051028D97AAE2C0@BN7PR05MB5699.namprd05.prod.outlook.com> <44F0ED35-5684-4594-BB29-BDCC193284A4@cisco.com> <BN7PR05MB39386FA6A2666370FF07FAA7AE3F0@BN7PR05MB3938.namprd05.prod.outlook.com> <CEB721B4-DA87-4838-BA6D-499D38A33936@cisco.com> <BN7PR05MB3938FEE1C2F83C919D4CFA2AAE380@BN7PR05MB3938.namprd05.prod.outlook.com> <DF0DC4A0-37D7-4943-BFC2-D152BB9E8D38@cisco.com> <3b5c9226-6c3a-0670-9f7f-c8dbf363f5d9@joelhalpern.com>
In-Reply-To: <3b5c9226-6c3a-0670-9f7f-c8dbf363f5d9@joelhalpern.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Tue, 14 Jan 2020 08:43:58 +1100
Message-ID: <CAO42Z2x37qaZQ+SRwHB8p9MU88c-PvCHE6ofQoibN_BKwrf1eQ@mail.gmail.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
Cc: "Pablo Camarillo (pcamaril)" <pcamaril@cisco.com>, Ron Bonica <rbonica@juniper.net>, "spring@ietf.org" <spring@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000316dae059c0c6017"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/dgfaoy6K7E1vd4lktfhwqt3fdrk>
Subject: Re: [spring] SRv6 Network Programming - ICMP Source Address Selection
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jan 2020 21:44:15 -0000

On Tue, 14 Jan 2020, 05:29 Joel M. Halpern, <jmh@joelhalpern.com> wrote:

> Let me try asking the question a different way.  (I hope I understand
> Ron;s question.)
>
> RFC 4443 clearly allows the ICMP source to be the destination address of
> the offending packet.  You seem to be saying that sometimes that is okay
> for SRH  / network programming.
>
> At the same time, the SRH document and the network programming document
> are both quite clear that SRv6 SIDs are not IPv6 addresses.  They are
> other kinds of things that can be prefix routed.
> If SRv6 SIDs are NOT IPv6 addresses, then there would seem to be a
> problem with putting them in the source address field of an ICMP
> message.


I'd say if SRv6 SIDs are stated not to be IPv6 addresses, then I think
there is a problem with using their values anywhere with and in the IPv6
protocol, including packets' DA fields, unless there is a translation
function between SRv6 SIDs and IPv6 addresses.

The translation function might be nothing more than a simple copy of the
128 bit SID value into the place where it will be used in IPv6, and I
understand this would be the motivation for having 128 bit SIDs in SRv6 and
20 bit SIDs in SR-MPLS.

However that then means SID values always have to comply with IPv6 address
requirements and formats, regardless of SR context. Otherwise, the
translation function needs to be a transform between SRv6 SIDs and IPv6
addresses.


  There is no document that describes or allows anything other
> than an IPv6 address as the source address of an IPv6 ICMP.
>
> It seems like it ought to be possible to clarify this with some text.
> It does seem that something ought to be said.
>
> Yours,
> Joel
>
> On 1/13/2020 12:30 PM, Pablo Camarillo (pcamaril) wrote:
> > Ron,
> >
> > You cannot pre-select or enforce one of the two options you refer to
> below.
> >
> > The ICMP behaviors/considerations for SRv6 NET-PGM are the same as in
> > the SRH.
> >
> > It boils down to: when you generate an ICMP Parameter Problem Message
> > you follow the logic described in RFC4443 section 2.2 to choose the
> > source address of the packet.
> >
> > RFC4443 offers two options A and B.
> >
> > In your implementation you need to develop both options and depending on
> > the type of address you will choose either A or B. It is not possible to
> > create an implementation shortcut and pre-select/enforce only one of
> them.
> >
> > Can you please point me to the text in
> > draft-ietf-spring-srv6-network-programming that suggests that the ICMP
> > considerations are changed with respect to the SRH? I believe there is
> none.
> >
> > Thank you,
> >
> > Pablo.
> >
> > *From: *Ron Bonica <rbonica@juniper.net>
> > *Date: *Friday, 10 January 2020 at 20:09
> > *To: *"Pablo Camarillo (pcamaril)" <pcamaril@cisco.com>
> > *Cc: *"spring@ietf.org" <spring@ietf.org>
> > *Subject: *RE: [spring] SRv6 Network Programming - ICMP Source Address
> > Selection
> >
> > Pablo,
> >
> > So, in Section 4.1, Line S03, an SRv6 node sends an ICMP Parameter
> > Problem Message. What is the source address in that message?
> >
> > Is it the destination address of the offending packet (i.e., A SID)? Or
> > is in the address of an interface on the SRv6 node?
> >
> >
>
> Ron
> >
> > Juniper Business Use Only
> >
> > *From:*Pablo Camarillo (pcamaril) <pcamaril@cisco.com>
> > *Sent:* Friday, January 10, 2020 11:54 AM
> > *To:* Ron Bonica <rbonica@juniper.net>
> > *Cc:* spring@ietf.org
> > *Subject:* Re: [spring] SRv6 Network Programming - ICMP Source Address
> > Selection
> >
> > Ron,
> >
> > There is no behavior in draft-ietf-spring-srv6-network-programming that
> > proposes to encode a SID in the source address of the IPv6 header.
> >
> > If in the future someone would propose to do such thing in another I-D;
> > it is up to those authors to justify why they would want to do this, and
> > how to ensure that the processing does not break any other protocol. But
> > as said, this is not in the scope of
> > draft-ietf-spring-srv6-network-programming.
> >
> > Regarding the ICMP messages:
> >
> > SRH follows RFC4443 Section 2.2 with respect to how to select the ICMP
> > Source Address.
> >
> > SRv6 Network Programming does not change this (it simply follows the
> > SRv6 rules defined by the SRH).
> >
> > In your email you refer to a possibility of future protocols breaking
> > this. I don’t think that we can guess what future protocols will do, and
> > it is up to those future protocols to ensure compatibility with the
> > existing standards.
> >
> > Thanks,
> >
> > Pablo.
> >
> > *From: *Ron Bonica <rbonica@juniper.net <mailto:rbonica@juniper.net>>
> > *Date: *Tuesday, 7 January 2020 at 19:07
> > *To: *"Pablo Camarillo (pcamaril)" <pcamaril@cisco.com
> > <mailto:pcamaril@cisco.com>>
> > *Cc: *SPRING WG <spring@ietf.org <mailto:spring@ietf.org>>
> > *Subject: *RE: [spring] SRv6 Network Programming - ICMP Source Address
> > Selection
> >
> > Pablo,
> >
> > Let me try to ask the question another way:
> >
> > 1)Is it generally acceptable for a SID to appear in the source address
> > field of an IPv6 header?
> >
> > 2)Can an exception be made for ICMP messages?
> >
> > I think that the answer to the first question is “no”, because doing so
> > would break ICMP. Think about what would happen if:
> >
> > -Node S sends a packet to Node D with a SID S as its source address.
> >
> > -Node Q is an intermediate node on the path from Node S to Node D. For
> > some reason, Node Q cannot forward the packet.
> >
> > -Node Q sends an ICMP message to Node S. The ICMP destination address is
> > SID S.
> >
> > -The ICMP message arrives at Node A
> >
> > -Node A discards the ICMP message, because the payload is ICMP
> >
> > It might be OK to make an exception for ICMP messages. This is because
> > RFC 4443 forbids sending an ICMP message in response to another ICMP
> > message. However, I am not entirely sure that this is a good idea. One
> > day in the future, some protocol other than ICMP may try send a response
> > to the source address of the ICMP message.
> >
> >
>
> Ron
> >
> > Juniper Business Use Only
> >
> > *From:*Pablo Camarillo (pcamaril) <pcamaril@cisco.com
> > <mailto:pcamaril@cisco.com>>
> > *Sent:* Tuesday, January 7, 2020 4:18 AM
> > *To:* Ron Bonica <rbonica@juniper.net <mailto:rbonica@juniper.net>>
> > *Cc:* SPRING WG <spring@ietf.org <mailto:spring@ietf.org>>
> > *Subject:* Re: [spring] SRv6 Network Programming - ICMP Source Address
> > Selection
> >
> > Ron,
> >
> > It’s good to see agreement on the fact that SRH follows RFC4443 Section
> > 2.2 with respect to how the ICMP Source Address is selected.
> >
> > Can you please point me to the text in
> > draft-ietf-spring-srv6-network-programming that changes the behavior
> > below from RFC4443 Section 2.2? I believe there is no such text.
> >
> > Thanks,
> >
> > Pablo.
> >
> > *From: *Ron Bonica <rbonica@juniper.net <mailto:rbonica@juniper.net>>
> > *Date: *Saturday, 21 December 2019 at 20:59
> > *To: *"Pablo Camarillo (pcamaril)" <pcamaril@cisco.com
> > <mailto:pcamaril@cisco.com>>
> > *Cc: *"spring@ietf.org <mailto:spring@ietf.org>" <spring@ietf.org
> > <mailto:spring@ietf.org>>
> > *Subject: *RE: [spring] SRv6 Network Programming - ICMP Source Address
> > Selection
> >
> > Pablo,
> >
> > Section 2.2 of RFC 4443 offers the following options:
> >
> > “   (a) If the message is a response to a message sent to one of the
> >
> >         node's unicast addresses, the Source Address of the reply MUST be
> >
> >         that same address.
> >
> >     (b) If the message is a response to a message sent to any other
> >
> >         address, such as
> >
> >         - a multicast group address,
> >
> >         - an anycast address implemented by the node, or
> >
> >         - a unicast address that does not belong to the node
> >
> >        the Source Address of the ICMPv6 packet MUST be a unicast address
> >
> >        belonging to the node. “
> >
> > So, the question boils down to whether you consider a SID to be one of
> > the node’s unicast addresses. If so, the answer is a). If not, the
> > answer is b).
> >
> > So, which is it?
> >
> >                                                      Happy Holidays,
> >
> >                                                           Ron
> >
> > Juniper Business Use Only
> >
> > *From:*Pablo Camarillo (pcamaril) <pcamaril@cisco.com
> > <mailto:pcamaril@cisco.com>>
> > *Sent:* Friday, December 20, 2019 12:30 PM
> > *To:* Ron Bonica <rbonica@juniper.net <mailto:rbonica@juniper.net>>
> > *Cc:* spring@ietf.org <mailto:spring@ietf.org>
> > *Subject:* Re: [spring] SRv6 Network Programming - ICMP Source Address
> > Selection
> >
> > Ron,
> >
> > I guess that draft-ietf-6man-segment-routing-header does not contain any
> > explicit text about it because it is not needed.
> >
> > Instead draft-ietf-6man-segment-routing-header contains a reference to
> > RFC4443 that details in section 2.2 how to select it.
> >
> > There is no text in draft-ietf-spring-srv6-network-programming that
> > changes such behavior.
> >
> > Happy Holidays,
> >
> > Pablo.
> >
> > *From: *spring <spring-bounces@ietf.org
> > <mailto:spring-bounces@ietf.org>> on behalf of Ron Bonica
> > <rbonica=40juniper.net@dmarc.ietf.org
> > <mailto:rbonica=40juniper.net@dmarc.ietf.org>>
> > *Date: *Thursday, 19 December 2019 at 14:59
> > *To: *"Pablo Camarillo (pcamaril)" <pcamaril@cisco.com
> > <mailto:pcamaril@cisco.com>>, "spring@ietf.org <mailto:spring@ietf.org>"
>
> > <spring@ietf.org <mailto:spring@ietf.org>>
> > *Subject: *Re: [spring] SRv6 Network Programming - ICMP Source Address
> > Selection
> >
> > Pablo,
> >
> > Can you provide a specific reference into
> > draft-ietf-6man-segment-routing-header? I can’t find the answer to my
> > question in there.
> >
> >
>
> Ron
> >
> > Juniper Business Use Only
> >
> > *From:*Pablo Camarillo (pcamaril) <pcamaril@cisco.com
> > <mailto:pcamaril@cisco.com>>
> > *Sent:* Thursday, December 19, 2019 6:47 AM
> > *To:* Ron Bonica <rbonica@juniper.net <mailto:rbonica@juniper.net>>;
> > spring@ietf.org <mailto:spring@ietf.org>
> > *Subject:* Re: SRv6 Network Programming - ICMP Source Address Selection
> >
> > Ron,
> >
> > This is exactly the same as in the SRH.
> >
> > There is no text in draft-ietf-spring-srv6-network-programming that
> > changes this.
> >
> > Cheers,
> >
> > Pablo.
> >
> > *From: *Ron Bonica <rbonica@juniper.net <mailto:rbonica@juniper.net>>
> > *Date: *Monday, 9 December 2019 at 23:48
> > *To: *"Pablo Camarillo (pcamaril)" <pcamaril@cisco.com
> > <mailto:pcamaril@cisco.com>>, SPRING WG <spring@ietf.org
> > <mailto:spring@ietf.org>>, 6man <6man@ietf.org <mailto:6man@ietf.org>>
> > *Subject: *RE: SRv6 Network Programming - ICMP Source Address Selection
> >
> > Pablo,
> >
> > Section 2.2 of RFC 4443 offers two options. If you think that a SID is a
> > unicast address, the first option is applicable. If you think that a SID
> > is not a unicast address, the second option is applicable.
> >
> > Which did you choose?
> >
> >
>                                                                          Ron
> >
> > Juniper Business Use Only
> >
> > *From:*Pablo Camarillo (pcamaril) <pcamaril@cisco.com
> > <mailto:pcamaril@cisco.com>>
> > *Sent:* Monday, December 9, 2019 10:18 AM
> > *To:* Ron Bonica <rbonica@juniper.net <mailto:rbonica@juniper.net>>;
> > SPRING WG <spring@ietf.org <mailto:spring@ietf.org>>; 6man
> > <6man@ietf.org <mailto:6man@ietf.org>>
> > *Subject:* Re: SRv6 Network Programming - ICMP Source Address Selection
> >
> > Ron,
> >
> > As you pointed out in your email, RFC4443 Section 2.2 is very clear
> > about how to select the source address.
> >
> > draft-ietf-spring-srv6-network-programming does not change this.
> >
> > Thanks,
> >
> > Pablo.
> >
> > *From: *ipv6 <ipv6-bounces@ietf.org <mailto:ipv6-bounces@ietf.org>> on
> > behalf of Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org
> > <mailto:rbonica=40juniper.net@dmarc.ietf.org>>
> > *Date: *Friday, 6 December 2019 at 17:40
> > *To: *SPRING WG <spring@ietf.org <mailto:spring@ietf.org>>, 6man
> > <6man@ietf.org <mailto:6man@ietf.org>>
> > *Subject: *SRv6 Network Programming - ICMP Source Address Selection
> >
> > Authors,
> >
> > When an SRv6 node sends an ICMP message, how does it select the ICMP
> > message’s source address?
> >
> > Section 2.2 of RFC 4443 offers two options. If you think that a SID is a
> > unicast address, the first option is applicable. If you think that a SID
> > is not a unicast address, the second option is applicable.
> >
> >                                                                       Ron
> >
> > Juniper Business Use Only
> >
> > Please excuse any typos, sent from my 'smart'phone.
> >
> > Please excuse any typos, sent from my 'smart'phone.
> >
> > Please excuse any typos, sent from my 'smart'phone.
> >
> >
> > _______________________________________________
> > spring mailing list
> > spring@ietf.org
> > https://www.ietf.org/mailman/listinfo/spring
> >
>
> _______________________________________________
> spring mailing list
> spring@ietf.org
> https://www.ietf.org/mailman/listinfo/spring
>

v2.23.0 | Report a Bug | By Email