IETF Logo Mail Archive

Re: [spring] 6MAN WGLC: draft-ietf-6man-sids

Nick Buraglio <buraglio@es.net> Tue, 04 October 2022 15:45 UTC

Return-Path: <buraglio@es.net>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85FCCC1527A9 for <spring@ietfa.amsl.com>; Tue, 4 Oct 2022 08:45:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=es.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FnIG1uSO9sKM for <spring@ietfa.amsl.com>; Tue, 4 Oct 2022 08:45:11 -0700 (PDT)
Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 226F8C1524AE for <spring@ietf.org>; Tue, 4 Oct 2022 08:44:39 -0700 (PDT)
Received: by mail-ej1-x635.google.com with SMTP id bj12so29718799ejb.13 for <spring@ietf.org>; Tue, 04 Oct 2022 08:44:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=es.net; s=esnet-google; h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=AbgL2UId5aksXF80eX3D91Ut/T9dpgNH34bdNa087y8=; b=nhz47UfP7tUOzeIUT0wcqxpvkn9fijWcTeCsSHvCcBLNp4kpBK5cbFyUdfQ3tiAqiW v6BdgUD/LqbiHFCgNxrJjMKckf1xj+Y/5lPJJNAhTA/0ZQKsqk1ubyDzQmUe5fEzJQMD j3z8YtDpIHcgO/mPMcwTnWdeQd4/A4xBDmGCwWfFvxz/c19WuXLExSgfv7iVSNxeqwuy 6liYwnGNY5mn8GqEAYVbDDovNj4wLs7hD21/jOmm4DJbwtvLu9Ds172MOKTA748A/OZX 4BijSX4kxejZ1vHaLYa2XVXSx8kO9qx1WVdh7MAsbYjoQ9Uxx+KCw1wtHVOPD0IVGRQO NaLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=AbgL2UId5aksXF80eX3D91Ut/T9dpgNH34bdNa087y8=; b=snImo0eAoBZjIiVlhLUL9bDNzdUxanyNODCtVFWMPuub4UKrGnWzYGVpbq3RFqWGTz opj126Ws/WWqh9wd8SjSGaZc3+kQ+6I4ZKQCkCbts18kU6YguTecOtms4UdvGUYhGmTz x8Wv64rXSl5rhQLYL4q6tySIKXPJC7aBrY4/N7wxwM62MPTZd/bcPJhR8gzVu+wnCM4h RxhFxpCHlAXjdf4TpnqIwKXwuta5JRN4ZxbM/TSvq+ITe6ItJ0hNpTox2j1Mk1WsrKNZ kv7NjkjJnJP1Puj1ANliXSCNJXngDnAXX3HHGv6LtjSi074LaF4gzXBlDtBQcWIUB0T1 ygvQ==
X-Gm-Message-State: ACrzQf2Y86V/Lr0xqj56lpmQVXvDIFhC9r06uM/2HTMqVk5EHkyOmbi6 iNvvrw/T6BmCZkxVk30Y9WpO08ZA/1PC0SsXS5+NmPTJRZqqqCN3d8HYj9NaJC0cpB8Xv3+wK/h O+9R24XUqMpJAFIDE0PSR8BQMp9kJD2INoUlqG/mbdMufUwWU4p3dgobBE1SF4cXOXawNnHqFrt pwWkJpC0w=
X-Google-Smtp-Source: AMsMyM5SOyfQLd/bak9NcomVwy1GZnFOMjFQmeza21YEF2uC12UErzT0zIwM3KPGx+UQH9ofvawtf4yniOtiiuVvWnM=
X-Received: by 2002:a17:907:5c2:b0:77e:def7:65d8 with SMTP id wg2-20020a17090705c200b0077edef765d8mr20161532ejb.487.1664898276526; Tue, 04 Oct 2022 08:44:36 -0700 (PDT)
MIME-Version: 1.0
References: <CAFU7BARixwPZTrNQOuEw3WP-FqUsVwTj7btMTahcMbXm_NqWGw@mail.gmail.com> <CABNhwV3AS3bNtXk4BuCbxFdUTp1eKuQ3UeLv-bEhSz9qcdSf=Q@mail.gmail.com> <2f640b1d-3178-c3ca-7af2-cc6059413724@gmail.com> <CABNhwV2M+HHnfmBkEZTOaT32t-jKU4LB_vR5Ex1DkWUOtB0xww@mail.gmail.com> <CANMZLAboNKKhWiwHsFchjJ0xEOGHRMVBHKzqq3cXZZUejk0q7A@mail.gmail.com> <CABNhwV17ONnCPhmMuw=TXK7YfC7WLDhQm6QvqajMyd8Ykk836g@mail.gmail.com>
In-Reply-To: <CABNhwV17ONnCPhmMuw=TXK7YfC7WLDhQm6QvqajMyd8Ykk836g@mail.gmail.com>
Reply-To: buraglio@es.net
From: Nick Buraglio <buraglio@es.net>
Date: Tue, 04 Oct 2022 10:44:25 -0500
Message-ID: <CAM5+tA8-=dhxnEp229T_Ntsn3=nyevziuWLAF6__Vb5HWy-GcQ@mail.gmail.com>
To: Gyan Mishra <hayabusagsm@gmail.com>
Cc: Brian Carpenter <brian.e.carpenter@gmail.com>, SPRING WG List <spring@ietf.org>, 6man <ipv6@ietf.org>, spring-chairs@ietf.org, draft-ietf-6man-sids.authors@ietf.org, 6man Chairs <6man-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005c975e05ea3756bd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/gS2sWUesLgNUzzdwZ49HyatLAHk>
Subject: Re: [spring] 6MAN WGLC: draft-ietf-6man-sids
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Oct 2022 15:45:15 -0000

----
nb


On Thu, Sep 29, 2022 at 11:16 AM Gyan Mishra <hayabusagsm@gmail.com> wrote:

> Brian
>
> On Thu, Sep 29, 2022 at 5:50 AM Brian Carpenter <
> brian.e.carpenter@gmail.com> wrote:
>
>> No Gyan, fc00::/7 is not available for carving. fc00::/8 is on reserve
>> for the dreamt-of centrally registered ULA prefixes, and fd00::/8 is fully
>> committed.
>>
>> If SRV6 is important, it could justify its own prefix.
>>
>
>
>    Gyan> As using either GUA or ULA for SRV6 block provides flexibility
> for operators, I agree that SRv6 can justify its own global block as the
> /16 being allocated with this draft.  I think we should augment the draft
> to add a dedicated ULA bock maybe same /16 size would be reasonable.  Since
> there is not an IANA ULA registry since ULA is private, as the compressed
> SID violates RFC 4291, I think maybe a draft at least that defines the
> dedicated /16 block for ULA for SRV6 use is a good idea.
>

I would caution against use of ULA for this for a number of reasons, not
the least of which is the fact that ULA is allocated as Brian mentioned
prior. A dedicated block solves both the issue of potential overlap with
site specific use of ULA (which admittedly is probably unlikely), but also
creates a clear visual indicator as well as an easier programmatic
implementation by using something that should never occur elsewhere in the
network topology. Also, using non GUA blocks further complicates
inter-domain efforts which is not a show stopper, but is definitely notable
in that SR block allocation now needs to be coordinated further than
internally.



>
> One of the major benefits as I mentioned for ULA over GUA is that ULA is
> not internet routable and that mitigates any possibility of security issues
> with SRV6 SID leaking to the internet.
>

This is a legitimate use case, and with the lack of SRH4 filtering
capabilities in platforms I have looked at (admittedly not everything) this
is an operational concern, however, I suspect that will be addressed and
should be part of a best practices recommendation for anyone not attempting
to do inter-domain SRv6 provisioning regardless of SRv6 SID choices.  It
feels a little like the model of using RFC1918 space as a mechanism to
further "air-gap" the control plane - which I have totally done in the
past, so no judgement - just an observation. Not illegitimate, but
definitely needs a bit of forethought, which in many cases it does not get.
As an operator, my response would be "why not both?". A dedicated block of
*non-ULA* space for use when required / desired and perhaps a bit of
verbiage on operational considerations for filtering at network edges when
GUA is in play?  Similar concerns are covered in section 4.1 but stop short
of filtering the header.***



*** my experience with this is largely lab-focused and incomplete
having only tested a few platforms and software packages, so I fully admit
that I may be missing information or misunderstanding. IIRC, one platform
could filter RH0 and none did 4.


> Thoughts?
>
>>
>> Regards,
>>     Brian Carpenter
>>     (via tiny screen & keyboard)
>>
>>
>> On Thu, 29 Sep 2022, 19:45 Gyan Mishra, <hayabusagsm@gmail.com> wrote:
>>
>>>
>>>
>>> On Wed, Sep 28, 2022 at 11:31 PM Brian E Carpenter <
>>> brian.e.carpenter@gmail.com> wrote:
>>>
>>>> On 29-Sep-22 16:06, Gyan Mishra wrote:
>>>> ...
>>>>
>>>> > We should qualify the IANA request to make the /16 non internet
>>>> routable identical to ULA addressing.
>>>> >
>>>> > If that is what we desire then why don’t we make it standard BCP to
>>>> always use ULA for the operators SRV6 domain.
>>>>
>>>> I don't believe that a /48 would be enough, but it is required, to
>>>> conform with RFC4193.
>>>
>>>
>>>     Gyan> Understood.  Most operators would like to use ULA for SRV6
>>> deployments so do we need to carve out block out of ULA space just as we
>>> are doing for GUA to conform with RFC 4291.  ULA has is a big enough block
>>> FC00::/7 so we could carve a block out of that.  Does not need to be as
>>> large a block allocation for SIDs as it would not be advertised to the
>>> internet does not require to be globally unique.
>>>
>>>>
>>>>
>>>>     Brian
>>>>
>>>> > We would not have to burn up a /16 unnecessarily.
>>>> >
>>>> >
>>>> > Kind Regards
>>>> >
>>>> > Gyan
>>>> >
>>>> > On Sat, Sep 17, 2022 at 4:00 AM Jen Linkova <furry13@gmail.com
>>>> <mailto:furry13@gmail.com>> wrote:
>>>> >
>>>> >     Hello,
>>>> >
>>>> >     This email starts the 6man Working Group Last Call for the
>>>> "Segment
>>>> >     Identifiers in SRv6" draft
>>>> >     (https://datatracker.ietf.org/doc/html/draft-ietf-6man-sids <
>>>> https://datatracker.ietf.org/doc/html/draft-ietf-6man-sids>).
>>>> >
>>>> >     The WGLC ends on Tue, Oct 4, 23:59:59 UTC.
>>>> >
>>>> >       As the document is closely related to the work in the SPRING
>>>> WG, we'd
>>>> >     like the SPRING WG to review the document and discuss the
>>>> following
>>>> >     questions:
>>>> >
>>>> >     - the action items required from SPRING (Section 4.1 and 4.2 of
>>>> the
>>>> >     draft,
>>>> https://datatracker.ietf.org/doc/html/draft-ietf-6man-sids-01#section-4
>>>> <
>>>> https://datatracker.ietf.org/doc/html/draft-ietf-6man-sids-01#section-4
>>>> >)
>>>> >     [*]. Would it make sense to merge those open issues with the 'Open
>>>> >     Issues' section of
>>>> >     the SPRING document?
>>>> >     -  whether the document needs more guidance regarding routability
>>>> of
>>>> >     /16 or such requirements shall belong to some other document?  In
>>>> >     particular,  shall we specify that it MUST NOT be in the DFZ? Or
>>>> >     setting 'Globally Reachable = false' in the registry should be
>>>> >     sufficient? The current idea is that the prefix needs to fail
>>>> closed
>>>> >     and not be routable by default.
>>>> >
>>>> >     [*] The draft currently refers to the individual submission
>>>> instead of
>>>> >
>>>> https://datatracker.ietf.org/doc/draft-ietf-spring-srv6-srh-compression/
>>>> <
>>>> https://datatracker.ietf.org/doc/draft-ietf-spring-srv6-srh-compression/
>>>> >
>>>> >       - the link will be updated in the next revision.
>>>> >
>>>> >     Please review the draft and send your comments to the list/
>>>> >
>>>> >     --
>>>> >     SY, Jen Linkova aka Furry
>>>> >
>>>> >
>>>>  --------------------------------------------------------------------
>>>> >     IETF IPv6 working group mailing list
>>>> >     ipv6@ietf.org <mailto:ipv6@ietf.org>
>>>> >     Administrative Requests:
>>>> https://www.ietf.org/mailman/listinfo/ipv6 <
>>>> https://www.ietf.org/mailman/listinfo/ipv6>
>>>> >
>>>>  --------------------------------------------------------------------
>>>> >
>>>> > --
>>>> >
>>>> > <http://www.verizon.com/
>>>> <https://streaklinks.com/BOgeQnbdXQqEXVeasQZb5BE-/http%3A%2F%2Fwww.verizon.com%2F>
>>>> >
>>>> >
>>>> > *Gyan Mishra*
>>>> >
>>>> > /Network Solutions A//rchitect /
>>>> >
>>>> > /Email gyan.s.mishra@verizon.com <mailto:gyan.s.mishra@verizon.com>//
>>>> > /
>>>> >
>>>> > /M 301 502-1347
>>>> >
>>>> > /
>>>> >
>>>> >
>>>> >
>>>> > --------------------------------------------------------------------
>>>> > IETF IPv6 working group mailing list
>>>> > ipv6@ietf.org
>>>> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>>> > --------------------------------------------------------------------
>>>>
>>> --
>>>
>>>
>>> <https://streaklinks.com/BOgeQnTTkwXl56xfuw7ho9oP/http%3A%2F%2Fwww.verizon.com%2F>
>>>
>>> *Gyan Mishra*
>>>
>>> *Network Solutions A**rchitect *
>>>
>>> *Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>*
>>>
>>>
>>>
>>> *M 301 502-1347*
>>>
>>> --
>
> <http://www.verizon.com/>
>
> *Gyan Mishra*
>
> *Network Solutions A**rchitect *
>
> *Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>*
>
>
>
> *M 301 502-1347*
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>
ᐧ

v2.23.0 | Report a Bug | By Email