[spring] Re: [IPv6]C-SIDs and Upper-Layer Checksums (draft-ietf-spring-srv6-srh-compression)
Sander Steffann <sander@steffann.nl> Thu, 13 June 2024 11:45 UTC
Return-Path: <sander@steffann.nl>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C06B2C14F749; Thu, 13 Jun 2024 04:45:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=steffann.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ntEgyrKhKGnV; Thu, 13 Jun 2024 04:45:41 -0700 (PDT)
Received: from mail.sintact.nl (mail.sintact.nl [185.54.92.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3538C14F748; Thu, 13 Jun 2024 04:45:37 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.sintact.nl (Postfix) with ESMTP id 97F6653; Thu, 13 Jun 2024 13:45:35 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=steffann.nl; h= x-mailer:references:message-id:content-transfer-encoding:date :date:in-reply-to:from:from:subject:subject:mime-version :content-type:content-type:received:received; s=mail; t= 1718279133; bh=lt3webNC2HSAfNHK1LylFgEv4epyy4wDw7fj2+OL1tc=; b=Y jKiN25DcX1uJg7btrzUFACT023U7I4vyX67cTWzm0rBCs5dd6JNJbw3KBCfDKwRi 7H5xQJxy+38YDBp3VLyq47wQMFzXyZyFBd/ek/bT7MTS/PSjcVF/TKs0k1d1r9wK HbYyTuLg4rfPy+pH9jhbJ2wRp2jEUBNBgwJSfuFR60=
X-Virus-Scanned: Debian amavisd-new at mail.sintact.nl
Received: from mail.sintact.nl ([127.0.0.1]) by localhost (mail.sintact.nl [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id h_rg1KHzBq91; Thu, 13 Jun 2024 13:45:33 +0200 (CEST)
Received: from smtpclient.apple (unknown [IPv6:2001:9e0:8804:7701:2d0a:cee5:e628:112e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail.sintact.nl (Postfix) with ESMTPSA id 6577B51; Thu, 13 Jun 2024 13:45:33 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.600.62\))
X-Clacks-Overhead: GNU Terry Pratchett
From: Sander Steffann <sander@steffann.nl>
In-Reply-To: <DU2PR03MB8021FFDA47C7B5A659E39ABEFAC12@DU2PR03MB8021.eurprd03.prod.outlook.com>
Date: Thu, 13 Jun 2024 13:45:23 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <9087096E-2BE7-43D5-89AA-BBD06B4BF935@steffann.nl>
References: <DU2PR03MB8021FFDA47C7B5A659E39ABEFAC12@DU2PR03MB8021.eurprd03.prod.outlook.com>
To: Andrew Alston - IETF <andrew-ietf@liquid.tech>
X-Mailer: Apple Mail (2.3774.600.62)
Message-ID-Hash: OVGYVWROVFWEYRG7AJ6RDYBHBEG7FERX
X-Message-ID-Hash: OVGYVWROVFWEYRG7AJ6RDYBHBEG7FERX
X-MailFrom: sander@steffann.nl
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-spring.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Alvaro Retana <aretana.ietf@gmail.com>, 6man <ipv6@ietf.org>, "int-ads@ietf.org" <int-ads@ietf.org>, "rtg-ads@ietf.org" <rtg-ads@ietf.org>, 6man Chairs <6man-chairs@ietf.org>, 'spring-chairs' <spring-chairs@ietf.org>, SPRING WG List <spring@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [spring] Re: [IPv6]C-SIDs and Upper-Layer Checksums (draft-ietf-spring-srv6-srh-compression)
List-Id: "Source Packet Routing in NetworkinG (SPRING)" <spring.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/fcVcFXlyBVqggtt5fyq8uo1numk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Owner: <mailto:spring-owner@ietf.org>
List-Post: <mailto:spring@ietf.org>
List-Subscribe: <mailto:spring-join@ietf.org>
List-Unsubscribe: <mailto:spring-leave@ietf.org>
Hi Andrew, > As I have repeatedly stated in spring and will state so again here. In certain circumstances the use of C-SID breaks the checksums as relates to transit nodes. RFC8200 lays out specific processing rules for upper-layer checksums, and expressly deals with scenarios where there is a routing header (Section 8.1.). RFC8200 in section 8.1. also provides for specific cases for UDP traffic that is encapsulated. > > As the compression draft notes – there are systems that may be in the transit line that will fail to compute the checksums in the absence of a routing header. This is in my view a violation of RFC8200. Now, there has been some discussion about if “middleware” boxes are bad etc – but that’s entirely beside the point, the fact is that the draft changes the data plane in such a way as to make it incompatible with existing deployments. This brings this clearly into the domain of 6man (since the spring charter stated, explicitly, that modification to existing data planes that make them incompatible with existing deployments should be avoided) > > I do not want to a start a debate about if what operators have deployed – either because they wished to deploy or were forced to deploy by regulation – is a good thing – operators are free to run their networks as they see fit. However, when changing the ipv6 data plane to the point where a new draft makes said data plane incompatible with existent deployments, at the very least said draft should update the original draft (and in fact I would go further and argue that when changing something as fundamental as the upper-layer checksum, there should be an 8200bis to allow for this). > > For far too long we have seen srv6 work violating underlying standards that are the domain of 6man – yet we still insist on claiming that srv6 is ipv6. This has led to several issues, including the publication of a draft like draft-krishnam-6man-sids to clarify things, and a draft in spring to address significant security considerations with regards to srv6 etc. The time has come to say, we cannot keep violating the base ipv6 standards unless we update the original standards – because every time this is allowed to happen, we drift further from the base standard and introduce the possibility of further calamity for operators. As such – I do not believe that this document should be allowed to proceed in the absence of an update to RFC8200 and preferably a BIS document. Breaking the checksum is simply not acceptable without the base standard explicitly dealing with the case in question (as RFC8200 does for other use cases) I agree. Even though SRv6 is supposed to be used in a controlled environment, as we have tested some time ago it can work over the open internet. And coming from the ISP side: I don’t want to be the one who gets shouted at when SRv6 breaks in the future. Everything that claims to be IPv6 *MUST* comply with the relevant IPv6 RFCs. Cheers, Sander
- [spring] C-SIDs and Upper-Layer Checksums (draft-… Alvaro Retana
- [spring] Re: [IPv6]C-SIDs and Upper-Layer Checksu… Cheng Li
- [spring] Re: [IPv6]C-SIDs and Upper-Layer Checksu… Tom Herbert
- [spring] Re: [IPv6]C-SIDs and Upper-Layer Checksu… zhuyq-ietf2024@foxmail.com
- [spring] Re: [IPv6]C-SIDs and Upper-Layer Checksu… zhuyq-ietf2024@foxmail.com
- [spring] Re: [IPv6]C-SIDs and Upper-Layer Checksu… Andrew Alston - IETF
- [spring] Re: [IPv6]Re: C-SIDs and Upper-Layer Che… Ted Hardie
- [spring] Re: [IPv6]C-SIDs and Upper-Layer Checksu… Sander Steffann
- [spring] Re: [IPv6]Re: C-SIDs and Upper-Layer Che… Tom Herbert
- [spring] Re: [IPv6]Re: C-SIDs and Upper-Layer Che… Robert Raszuk
- [spring] Re: [IPv6]Re: C-SIDs and Upper-Layer Che… Tom Herbert
- [spring] Re: [IPv6]Re: C-SIDs and Upper-Layer Che… Robert Raszuk
- [spring] Re: [IPv6]Re: C-SIDs and Upper-Layer Che… Tom Herbert
- [spring] Re: [IPv6]Re: C-SIDs and Upper-Layer Che… Gyan Mishra
- [spring] Re: [IPv6]Re: C-SIDs and Upper-Layer Che… Gyan Mishra