Re: [spring] 6MAN WGLC: draft-ietf-6man-sids
Joel Halpern <jmh.direct@joelhalpern.com> Mon, 10 October 2022 14:03 UTC
Return-Path: <jmh.direct@joelhalpern.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E49CC14CF0B; Mon, 10 Oct 2022 07:03:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.808
X-Spam-Level:
X-Spam-Status: No, score=-2.808 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2hwOiIQw7C9E; Mon, 10 Oct 2022 07:03:17 -0700 (PDT)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F33BC1524A0; Mon, 10 Oct 2022 07:03:15 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 4MmLGq3qmCz1pW9w; Mon, 10 Oct 2022 07:03:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1665410595; bh=8MRm54XRWToSIo/T82cjnAkrRJw9P4WqP743nHaVZcA=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=GAme1StFW4Qh28IIjB01vdZ5zsRQxgo4+c1JBqvxLWoWu3dStxt46ZVdgEu9DsfL7 A4WiqXcUJhFuvnhyJT7ZxF6RVZei1R8EYAm7srdquEFsPIjWW193yZ1LWMqMkHfu6X 9ffbzZy31XSD4eaoYw/eS1OQOGNr5kuLPNYecddI=
X-Quarantine-ID: <zFDfHwEg4tUl>
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from [192.168.23.73] (unknown [50.233.136.230]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 4MmLGp4DDSz1pHXG; Mon, 10 Oct 2022 07:03:14 -0700 (PDT)
Content-Type: multipart/alternative; boundary="------------qMocg0Ruq7jmQnLceBGGrQhu"
Message-ID: <0d911d38-b939-692a-9b8b-24ff752672bc@joelhalpern.com>
Date: Mon, 10 Oct 2022 10:03:12 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.3.1
Content-Language: en-US
To: Robert Raszuk <robert@raszuk.net>
Cc: "Eric Vyncke (evyncke)" <evyncke@cisco.com>, 6man <ipv6@ietf.org>, SPRING WG List <spring@ietf.org>
References: <CAFU7BARixwPZTrNQOuEw3WP-FqUsVwTj7btMTahcMbXm_NqWGw@mail.gmail.com> <58E77509-A1A1-4CE8-9EE4-22BEEEA8B62E@gmail.com> <98a941e4-0fff-ced1-d4ca-4406368eac31@joelhalpern.com> <4DC495DF-AD6B-4D60-80C4-B836DD365A0C@gmail.com> <CAOj+MMEx7+jWN1yC=81dMwo5GmqbhyHqOZr9W2_qzN9BNjs+Zw@mail.gmail.com> <ab55e9c0-60b9-2986-07f1-38c28852009e@joelhalpern.com> <CAOj+MMEn6Dz-Rz0PRRvR8VXT8idAQm+rLuouWJoNz-dA+kRkJQ@mail.gmail.com> <1fe2d387-8ecc-5240-092c-84a5978af5e4@gmail.com> <CAOj+MME6Nb3MLQCiGQ5S06Cwj6d3Z+aoSpxwFdtoFaV-yPPuJQ@mail.gmail.com> <e65772a1-bc86-c59c-e99f-7cabf92f28a4@joelhalpern.com> <183BB8B9-A338-4136-8546-7C7858B4D4E4@cisco.com> <35484ed3-509a-39ba-6a16-8f2bf807f4f2@joelhalpern.com> <BAAD744A-2AD2-4498-90EC-9C9A184E0A8A@cisco.com> <CAOj+MMGjTa+zwRHnRWWu-+bRZd83vo4xz22XuRK+7TJ5A81DQQ@mail.gmail.com> <a10a6d8c-ef59-398b-1b53-dc3e688c16b0@joelhalpern.com> <CAOj+MMFGRjevpYLGxwiRs1GP-yN8eAxE6a7JKxuhbsYrJgUyLA@mail.gmail.com>
From: Joel Halpern <jmh.direct@joelhalpern.com>
In-Reply-To: <CAOj+MMFGRjevpYLGxwiRs1GP-yN8eAxE6a7JKxuhbsYrJgUyLA@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/nF9swobI3tgBGDN1xhJHjhTzm5k>
Subject: Re: [spring] 6MAN WGLC: draft-ietf-6man-sids
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Oct 2022 14:03:21 -0000
SRH was explicitly defined for use in limited domains. That is why I think dropping it is acceptable. Certainly not required, but permitted. The closest equivalent is NSH, which is also defined for limited domains. In my personal opinion (not speaking for the SFC working group) I think it would be legitimate for a domain, particularly one that is using NSH, to drop packets where the IP carried protocol is NSH. (I would prefer that they block only packets to their domain with carried protocol of NSH, but that is up to the operator.) You have said that you consider the limited domain requirement to be wrong and irrelevant. Whether you agree with it or not, it is in the RFC. Operators may reasonably act on that. Yours, Joel On 10/10/2022 9:59 AM, Robert Raszuk wrote: > > it seems acceptable to block all packets with SRH > > And such statements you are making are exactly my point. > > Just curious - Is there any other extension header type subject to > being a good enough reason to drop packets at any transit node in IPv6 ? > > Thx, > R. > > On Mon, Oct 10, 2022 at 3:53 PM Joel Halpern > <jmh.direct@joelhalpern.com> wrote: > > Protection from leaking inwards is required by the RFCs as far as > I know. > > Note that there are multiple ways to apply such protection. It is > sufficient for the domain only to block packets addressed to its > own SID prefixes. If the domain is using SRv6 without compression > or reduction, it seems acceptable to block all packets with SRH. > After all, they should not be occurring. But we do not tell > operators how to perform the filtering. It is up to them what > they do. > > Yours, > > Joel >
- [spring] 6MAN WGLC: draft-ietf-6man-sids Jen Linkova
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Brian E Carpenter
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Acee Lindem (acee)
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Adrian Farrel
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Adrian Farrel
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Acee Lindem (acee)
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Adrian Farrel
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Gyan Mishra
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Brian E Carpenter
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Gyan Mishra
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Michael Richardson
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Brian Carpenter
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Xiejingrong (Jingrong)
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Gyan Mishra
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Gyan Mishra
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Gyan Mishra
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Gyan Mishra
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Gyan Mishra
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Mark Smith
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Chengli
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Chongfeng Xie
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Fred Baker
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Mark Smith
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Dhruv Dhody
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Nick Buraglio
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Vasilenko Eduard
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Dhruv Dhody
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Xiejingrong (Jingrong)
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Nick Buraglio
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Dale W. Carder
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Nick Buraglio
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Dhruv Dhody
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Chongfeng Xie
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Chengli
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Brian E Carpenter
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Brian E Carpenter
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Brian E Carpenter
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Eric Vyncke (evyncke)
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Eric Vyncke (evyncke)
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Ole Troan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids David Farmer
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids David Farmer
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Dirk Steinberg
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Brian E Carpenter
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Dirk Steinberg
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Eduard Metz
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Eduard Metz
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Nick Buraglio
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Erik Kline