IETF Logo Mail Archive

Re: [spring] A note on CRH and on going testing

Ron Bonica <rbonica@juniper.net> Fri, 20 September 2019 18:09 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26D2E1200D8 for <spring@ietfa.amsl.com>; Fri, 20 Sep 2019 11:09:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RG0GoJv-EaBt for <spring@ietfa.amsl.com>; Fri, 20 Sep 2019 11:09:50 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CF47120099 for <spring@ietf.org>; Fri, 20 Sep 2019 11:09:50 -0700 (PDT)
Received: from pps.filterd (m0108157.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x8KI93Px011270; Fri, 20 Sep 2019 11:09:43 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=dZ8wfnCrmdEpNtLKe4Cw/LijTRBvIjrKmV7Bgv/JEfk=; b=0LzC/UW8utNVJgkIH7hph5HBJChPGt9oe2g9Q2AJrgjAyWd/n2gc8W1CF72r8PDW4GlC vQto5io0yAw9xI7vG39nHNipvBKyU3zx1EU+4/jPAN7nwgiZN8NbBMLEkXi+7fGcogbe Ll77zZxPxAtYmnrIkbt1UDRDhPR2wETVSwYAcYvSBiBlbBBOUPgLu+DbTOyyHuX2vRRn jgXVr5jzCcSjbmNv0BalhrXjP6XyAcFreL/xDg8jMMeF3NPD9fuPN7lTOvb6wE14w7Wn ooku56bNR4LpqBAEKOB/ISEsPa/MvNetqeyk76S3Ldlj29j9Lp7sSlGImVFzpSXCNzPA vw==
Received: from nam02-bl2-obe.outbound.protection.outlook.com (mail-bl2nam02lp2054.outbound.protection.outlook.com [104.47.38.54]) by mx0a-00273201.pphosted.com with ESMTP id 2v4nyy9cxx-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 20 Sep 2019 11:09:43 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jRPpq8u0H96ucak1ruRTvtzPqchhmYxi4yvwzCFWuTVUY3HfT6O4piWUVynviAeUlAgWGkBXSD+l7CsaslSlVFCfS2cBF70qMVgKSOzNSy0Y+wWaEengcSTUfZRswMb+39b5uNGZxLZRg5B21d5EaTnVKpL9HHefP3DqEaKRTSXgODT/gxh+KjBaBvbxgFjzOdYLBdmXZTyOZf40RYtbQ+uVtlQ/u2KBAixAz16/w8FggXTnAdTlSztP5YNnr8W5afEuqy7h3B8YcHgkCxBaYfkIGBqFQL0rglPdbQIwjeEaNqr+EplINyj+RbTqNB6pevjLIeMGm+ZQINOQEIGsag==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dZ8wfnCrmdEpNtLKe4Cw/LijTRBvIjrKmV7Bgv/JEfk=; b=h/3AvIoB8LsCAzJMEJrnQ76ZPmSMYV5YaL1PBlOjMcyvey7+kxb3neTw/MgyF78bIxUwYwpXHFjdeN6KFTX0J+pZ2/7x/UTddvie+pCrY4XZVJH0t2tVHKxxPR28OnMJKrelEayMBP6pX2kVQa6LIYghkMhhyBLpQMdH7Nw0BDzPasZCa5ENMVvnOoOoSvSrqxr7Lf3XTtNizaSzdGAR1VkV4uHyYeiY684yxKaDecL4VGxSu1k+NXnBOqjfZ/dGip5qGkpGFJKiiVHO5RnSat4pXDyO/dzSSmGhtR9uuat9AQzTeYV21982pyrH1FyH4RDVBND9meacaGNMX/Ik4g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
Received: from BYAPR05MB5463.namprd05.prod.outlook.com (20.177.185.144) by BYAPR05MB4469.namprd05.prod.outlook.com (52.135.203.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.17; Fri, 20 Sep 2019 18:09:39 +0000
Received: from BYAPR05MB5463.namprd05.prod.outlook.com ([fe80::f4f2:f284:d49a:890a]) by BYAPR05MB5463.namprd05.prod.outlook.com ([fe80::f4f2:f284:d49a:890a%4]) with mapi id 15.20.2284.009; Fri, 20 Sep 2019 18:09:39 +0000
From: Ron Bonica <rbonica@juniper.net>
To: Jeff Tantsura <jefftant.ietf@gmail.com>, "Chengli (Cheng Li)" <chengli13@huawei.com>
CC: SING Team <s.i.n.g.team.0810@gmail.com>, "EXT - daniel.bernier@bell.ca" <daniel.bernier@bell.ca>, SPRING WG List <spring@ietf.org>
Thread-Topic: [spring] A note on CRH and on going testing
Thread-Index: AQHVbv1ogIVJNBSa90i6Frx+YTTnzaczIfKAgAC8GgCAAAELAIAA/e3w
Content-Class:
Date: Fri, 20 Sep 2019 18:09:39 +0000
Message-ID: <BYAPR05MB546372D1E0559F75D7DA5F61AE880@BYAPR05MB5463.namprd05.prod.outlook.com>
References: <1568906072231.1bkuswxveutxvlrzmmzkgs2g@android.mail.163.com> <20625BDC-2D90-4E35-96E3-2BC4B723C06E@bell.ca> <C7C2E1C43D652C4E9E49FE7517C236CB026DDDBE@dggeml529-mbx.china.huawei.com> <FC493433-BCDD-4080-9400-61481E7ADEF8@gmail.com>
In-Reply-To: <FC493433-BCDD-4080-9400-61481E7ADEF8@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=True; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Owner=rbonica@juniper.net; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2019-09-20T18:09:36.9432858Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=Juniper Business Use Only; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Application=Microsoft Azure Information Protection; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=70d03f89-7559-494f-86f2-665128e7461f; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Extended_MSFT_Method=Automatic
dlp-product: dlpe-windows
dlp-version: 11.2.0.14
dlp-reaction: no-action
x-originating-ip: [108.28.233.91]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 11bc7dee-520e-4236-2aaa-08d73df5b450
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600167)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:BYAPR05MB4469;
x-ms-traffictypediagnostic: BYAPR05MB4469:
x-ms-exchange-purlcount: 2
x-ld-processed: bea78b3c-4cdb-4130-854a-1d193232e5f4,ExtAddr
x-microsoft-antispam-prvs: <BYAPR05MB44698F6A034B68D0F87969AAAE880@BYAPR05MB4469.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:4125;
x-forefront-prvs: 0166B75B74
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(396003)(39860400002)(346002)(376002)(136003)(199004)(189003)(74316002)(229853002)(6436002)(86362001)(9686003)(25786009)(66066001)(316002)(33656002)(6306002)(76176011)(236005)(6246003)(7736002)(54896002)(4326008)(3846002)(6116002)(26005)(2906002)(55016002)(64756008)(66556008)(790700001)(66446008)(186003)(66476007)(66946007)(966005)(5660300002)(81156014)(81166006)(7696005)(102836004)(76116006)(52536014)(99286004)(486006)(71190400001)(6506007)(53546011)(11346002)(256004)(54906003)(14444005)(606006)(8676002)(110136005)(71200400001)(66574012)(9326002)(446003)(8936002)(476003)(478600001)(14454004); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR05MB4469; H:BYAPR05MB5463.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: e4bq3qqStEyex8Px44xJIaKaZAG6wiVOuSJqqbLSAWcUoHn9vYG0HMqa5an48mI4giPAj0yveF0fW/3EhuRE6Dys409SdVRN5kzvAedTr3qNHZpbte8YoWQl1X2ol6ZHuWmUD88dmMTZDKUGArQeeAGEanora16HxYRbRLt3/y+1L62FERBrH8vDThcCDBwrbBLwtrvntHVEFtRS/W63kcBDvy04j4wc53M2N6kuUm6zkQ9qt0y74qh1uJh4ef8Dff8GEPk96LXHdwB18YG+xXD760e1+EehGszE4+sjvB8pIwJ+d5iGYD5JDo3EQMC/TkTdxMJzYqa4YhVfXYAqTHWl5EF4tna+lQHqozG30r40YCWFzYIeyKbtgaE8/QC2n4CLfStG3oIxEJv0by0IBmxtbZnLXzb5brDTN0F4OLs=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BYAPR05MB546372D1E0559F75D7DA5F61AE880BYAPR05MB5463namp_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 11bc7dee-520e-4236-2aaa-08d73df5b450
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Sep 2019 18:09:39.6910 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: EBxX5ywcEpi/8k2RrXpdNwCGtCwcV6ASvmkCPdkO65YQ9DFcSj4dtkb3/hC/GDsUBUq1zqU/R45pvpJ2eK2Nug==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB4469
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.70,1.0.8 definitions=2019-09-20_06:2019-09-20,2019-09-20 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 bulkscore=0 mlxlogscore=999 malwarescore=0 spamscore=0 impostorscore=0 mlxscore=0 lowpriorityscore=0 phishscore=0 priorityscore=1501 adultscore=0 suspectscore=0 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1908290000 definitions=main-1909200151
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/iFA9MBVuG67FkcULO9VBTBH_ZCo>
Subject: Re: [spring] A note on CRH and on going testing
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Sep 2019 18:09:53 -0000

Hi Jeff,

It would be easy enough to add a binding SID to SRv6+. Given customer demand, I would not be averse to adding one.

However, there is another way to get exactly the same behavior on the forwarding plane without adding a new SID type.

Assume that on Node N, we have the following SFIB entry:


  *   SID: 123
  *   IPv6 address: 2001:db8::1
  *   SID type: prefix SID

Now assume that was also have the following route on Node N:

2001:db8::1 -> SRv6+ tunnel with specified destination address and CRH

This gives you the same forwarding behavior as a binding SID.

                                                           Ron




Juniper Business Use Only
From: spring <spring-bounces@ietf.org> On Behalf Of Jeff Tantsura
Sent: Thursday, September 19, 2019 10:53 PM
To: Chengli (Cheng Li) <chengli13@huawei.com>
Cc: SING Team <s.i.n.g.team.0810@gmail.com>; EXT - daniel.bernier@bell.ca <daniel.bernier@bell.ca>; SPRING WG List <spring@ietf.org>
Subject: Re: [spring] A note on CRH and on going testing

There's number of solutions on the market that extensively use BSID for multi-domain as well as multi-layer signaling.

Regards,
Jeff

On Sep 19, 2019, at 19:49, Chengli (Cheng Li) <chengli13@huawei.com<mailto:chengli13@huawei.com>> wrote:
+1.

As I mentioned before, Binding SID is not only for shortening SID list.
We should see the important part of binding SID in inter-domain routing,  since it hides the details of intra-domain. Security and Privacy are always important.

Since the EH insertion related text will be removed from SRv6 NP draft, I don't think anyone will still say we don't need binding SID.
Let's be honest, Encap mode Binding SID is very useful in inter-domain routing. It is not secure to share internal info outside a trusted network domain.

Cheng


From: spring [mailto:spring-bounces@ietf.org] On Behalf Of Bernier, Daniel
Sent: Thursday, September 19, 2019 11:36 PM
To: SING Team <s.i.n.g.team.0810@gmail.com<mailto:s.i.n.g.team.0810@gmail.com>>
Cc: 'SPRING WG List' <spring@ietf.org<mailto:spring@ietf.org>>
Subject: Re: [spring] A note on CRH and on going testing

+1

This is what we did on our multi-cloud trials.

Encap with Binding SID to avoid inter-domain mapping + I don't need to have some sort of inter-domain alignment of PSSIs

Dan

On 2019-09-19, 11:18 AM, "spring on behalf of SING Team" <spring-bounces@ietf.org<mailto:spring-bounces@ietf.org> on behalf of s.i.n.g.team.0810@gmail.com<mailto:s.i.n.g.team.0810@gmail.com>> wrote:

Hi Andrew,

Good to hear that reality experiment :)

But is it secure to share internal SID-IP mappings outside a trusted network domain?

Or is there an analogue like Binding SID of SRv6, in SRv6+?

Btw, PSSI and PPSI can not do that now, right?

Best regards,
Moonlight Thoughts


(mail failure, try to cc to spring again.)

On 09/19/2019 17:49, Andrew Alston<mailto:Andrew.Alston@liquidtelecom.com> wrote:
Hi Guys,

I thought this may be of interest in light of discussions around deployments and running code - because one of the things we've been testing is inter-domain traffic steering with CRH on both our DPDK implementation and another implementation.

So - the setup we used last night:

6 systems in a lab - one of which linked to the open internet.  Call these S1 -> S6
3 systems in a lab on the other side of the world - no peering between the networks in question.  Call these R1 -> R3

We applied a SID list on S1, that steered S1 -> S2 -> S3 -> S6 -> R1 -> R3, with the relevant mappings from the CRH SID's to the underlying addressing (S2 had a mapping for the SID for S3, S3 had a mapping for the SID corresponding to S6, S6 had a mapping for the SID corresponding to R1 etc)

Then we sent some packets - and the test was entirely successful.

What this effectively means is that if two providers agree to share the SID mappings - it is possible to steer across one network, out over an open path, and across a remote network.  Obviously this relies on the fact that EH's aren't being dropped by intermediate providers, but this isn't something we're seeing.

Combine this with the BGP signaling draft - and the SID's can then be signaled between the providers - work still going on with regards to this for testing purposes.  Just as a note - there would be no requirement to share the full SID mapping or topologies when doing this with BGP - the requirement would be only to share the relevant SID's necessary for the steering.

I can say from our side - with various other providers - this is something that we see *immense* use case for - for a whole host of reasons.

Thanks

Andrew


_______________________________________________
spring mailing list
spring@ietf..org<mailto:spring@ietf.org>
https://www.ietf.org/mailman/listinfo/Spring<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/Spring__;!8WoA6RjC81c!U4_s7somKP_KyQ3viBMIcXpk_pTMYlY11nTHMB2b-JTdTLKi9mnrF1wu_DoXwIdf$>
_______________________________________________
spring mailing list
spring@ietf.org<mailto:spring@ietf.org>
https://www.ietf.org/mailman/listinfo/spring<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spring__;!8WoA6RjC81c!U4_s7somKP_KyQ3viBMIcXpk_pTMYlY11nTHMB2b-JTdTLKi9mnrF1wu_Ll7ej5P$>

v2.23.0 | Report a Bug | By Email