IETF Logo Mail Archive

Re: [spring] WGLC - draft-ietf-spring-srv6-network-programming

"jmh.direct@joelhalpern.com" <jmh.direct@joelhalpern.com> Wed, 11 December 2019 02:18 UTC

Return-Path: <jmh.direct@joelhalpern.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13B36120086; Tue, 10 Dec 2019 18:18:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eRLopSR0TkWc; Tue, 10 Dec 2019 18:18:55 -0800 (PST)
Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 732C4120059; Tue, 10 Dec 2019 18:18:55 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id 47XgbM2wfvz6GChr; Tue, 10 Dec 2019 18:18:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1576030735; bh=dQ+ekhI4NYvGvmCDpF4uKqCUhwToe53Xd2ost3WM9fw=; h=Date:Subject:In-Reply-To:From:To:Cc:From; b=VpnE9U9v7yDtXJQRKMbYi5iJDoniznTJPPSvKr29OWLZdYooqsCRMlZfYYwX/h1QC Bc1Twp3QCutC9R5PJZF0BFEcw/e2Z0S/S+UGkMjFaEqKgL1o5SCyNRp2pTnqGR1ppZ PcXFqHK5SP7H6+8+qnEpQE+F579RjujlmvHHgX3M=
X-Virus-Scanned: Debian amavisd-new at a2.tigertech.net
Received: from [IPv6:2600:380:923d:b4af:f1c7:efa9:b6b0:1c70] (unknown [IPv6:2600:380:923d:b4af:f1c7:efa9:b6b0:1c70]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 47XgbL0jg5z6GCh4; Tue, 10 Dec 2019 18:18:53 -0800 (PST)
SavedFromEmail: jmh.direct@joelhalpern.com
Date: Tue, 10 Dec 2019 21:18:52 -0500
In-Reply-To: <CALx6S36anj=Eo0gsePxXNX_YHcYQBOA5cfhdsqUtS5khx3xPQg@mail.gmail.com>
Importance: normal
From: "jmh.direct@joelhalpern.com" <jmh.direct@joelhalpern.com>
To: Tom Herbert <tom@herbertland.com>, "Joel M. Halpern" <jmh@joelhalpern.com>
Cc: Fernando Gont <fgont@si6networks.com>, SPRING WG List <spring@ietf.org>, "6man@ietf.org" <6man@ietf.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="--_com.samsung.android.email_1198074346575740"
Message-Id: <20191211021855.732C4120059@ietfa.amsl.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/sFXdHJC9zJEnnVDktbtGNOSecPI>
Subject: Re: [spring] WGLC - draft-ietf-spring-srv6-network-programming
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Dec 2019 02:18:58 -0000

Tom, I was and am commenting on OSP.  Header insertion is a separate, lo8sely related, topic.I think it is quite important that we use the words we ended up with, both when they support what we want and when they do not.Yours,JoelSent via the Samsung Galaxy S7, an AT&T 4G LTE smartphone
-------- Original message --------From: Tom Herbert <tom@herbertland.com> Date: 12/10/19  20:44  (GMT-05:00) To: "Joel M. Halpern" <jmh@joelhalpern.com> Cc: Fernando Gont <fgont@si6networks.com>, SPRING WG List <spring@ietf.org>, 6man@ietf.org Subject: Re: WGLC - draft-ietf-spring-srv6-network-programming On Tue, Dec 10, 2019 at 4:49 PM Joel M. Halpern <jmh@joelhalpern.com> wrote:>> Fernando, I really wish I could agree with you.> But I can't.>> In 8200, it is clear that the meaning fo "Destination Address" for an> IPv6 packet is the value placed in the IPv6 destination address field.> the fact that if we had looked ahead we might have said something> different does not change what words we chose to use.  If I am going to> insist (as I have in other contexts) that other folks live with the> words we compromised on in 8200, then I have to live myself with the> words we compromised on in 8200.>Joel,That might be the wording, but don't believe that was the intent. Thereal intent is revealed by some of the earlier text that said(draft-ietf-6man-rfc2460bis-07):"The insertion of Extension Headers by any node other than the sourceof the packet breaks PMTU-discovery and can result in ICMP errormessages being sent to the source of the packet that did not insertthe header."That is true, and breaking ICMP is an issue that has been raisedrepeatedly. It also breaks AH as pointed out. Furthermore, if RFC8200allows SRH insertion to occur, then we'd have to accept that it allowsANY type EH insertion (except maybe fragmentation?) to occur at anydestination address! Not only that, we also need to accept that thiswould allow NAT devices to insert EH when the destination address isthe NAT address.So the possibility that destination address wasn't spelled out asbeing final destination seems to be an unfortunate omission, but evenso, that omission doesn't somehow magically make EH insertion robustor mitigate the problems of EH insertion that have already beendiscussed. Neither does it provide the rationale why encapsulationwith the EH can't be used instead which is clearly the option thatmost closely adheres to the Robustness principle.Tom> I have concerns about whether PSP is a good design.  I am trying to> write a useful note on the topic.  (And without such a note, I can not> expect anyone to care about thoughts in my head.)   But I can not and> will not claim that PSP violates RFC 8200.>> Yours,> Joel>> On 12/10/2019 6:16 PM, Fernando Gont wrote:> > Bruno,> >> > On 10/12/19 13:18, bruno.decraene@orange.com wrote:> >> Fernando,> >>> >> Thank you for spelling out your comment, plus on the WGLC thread.> >> More in-line> >>> >>> Bruno,> >>>> >>> On 5/12/19 12:15, bruno.decraene@orange.com wrote:> >>> [....]>> >>>> This email starts a two weeks Working Group Last Call on> >>>> draft-ietf-spring-srv6-network-programming [1].> >>>>> >>>>> >>>>> >>>> Please read this document if you haven't read the most recent version,> >>>> and send your comments to the SPRING WG list, no later than December 20.> >>>>> >>>>> >>>>> >>>> You may copy the 6MAN WG for IPv6 related comment, but consider not> >>>> duplicating emails on the 6MAN mailing list for the comments which are> >>>> only spring specifics.> >>>>> >>>>> >>>>> >>>> If you are raising a point which you expect will be specifically debated> >>>> on the mailing list, consider using a specific email/thread for this point.> >>>>> >>>> This may help avoiding that the thread become specific to this point and> >>>> that other points get forgotten (or that the thread get converted into> >>>> parallel independent discussions)> >>>> >>> Penultimate Segment Popping describes/specifies the removal of a SRH at> >>> a place other than the final destination of the packet.> >>>> >>> Such behavior violates RFC8200, which specifies:> >>>> >>     > Extension headers (except for the Hop-by-Hop Options header) are not> >>     > processed, inserted, or deleted by any node along a packet's delivery> >>     > path, until the packet reaches the node (or each of the set of nodes,> >>     > in the case of multicast) identified in the Destination Address field> >>     > of the IPv6 header.> >>>> >>> Note, of course, that the reference of "Destination Address" in RFC8200> >>> is clearly the final destination of the packet -- for instance, RFC8200> >>> >> I hear and can understand your reading of RFC8200.> >> > Could you please check RFC8200, and tell me what other possible> > interpretation of "Destination Address" you might have, in the context> > of RFC8200.> >> > RFC8200 does not even specify any routing header types. SO...where's the> > ambiguity?> >> >> >> >> At minimum, I think that we can agree that there is another reading, as expressed by other WG participants, and hence I disagree with "of course".> >> > No, I argue that there is not. IN fact, I argue that folks have been> > following that strategy for way too long, and that's quite frustrating.> >> >> >> >> Personally, I understand "Destination Address" as "Destination Address field of the IPv6 header." as indicated explicitly in the text quoted.> >> > The quoted text is from RFC8200. In the context of RFC8200 the> > Destination Address can only contain the ultimate destination of the> > packet. Where's the ambiguity?> >> > And let me ask you, as chair, another question, that will lead you to> > the same place: is IPv6 and end to end protocol?> >> >> > The fact that I may claim that RFC8200 contains a receipe for BBQ does> > not actually mean that that's the case.> >> >> >> >> I'm fine with having this clarified with 6MAND chairs and AD. That been said, the Internet AD would have an opportunity to DISCUSS this.> >> > For the record, I think this is a major issue that should be cleared> > before it can be claimed that there is consensus to request publication> > of this document.> >> >> >> >>> >>> does not specify any routing header type, and hence the meaning is> >>> unambiguous (there's no destination other than the final destination of> >>> the packet).> >>>> >>> This is of course in line with IPv6 being and end-to-end protocol, and> >>> crucial for other related mechanisms to work as expected (such as IPsec> >>> AH). Please also check: draft-smith-6man-in-flight-eh-insertion-harmful.> >>>> >>> So, in order to proceed with the document, there are multiple options> >>> forward:> >>>> >>> 1) Just remove the corresponding text/behavior> >>> >> That is indeed one option. But as of today, this is not my assumption.> >>> >>> 2) Implement a similar mechanism in an RFC8200-compliant manner (e.g.,> >>> re-encap)> >>> >> SRH insert is out of scope of this specification. So yes, IPv6 encaps is used.> >> We are talking SRH removal. I'm assuming that you are referring to PSP. My understanding is that this function (PSP) is to distribute the (forwarding plane) load between the PSP and the USP. In a way similar to MPLS PHP. But in all cases, this is not about SRH insertion.> >> > It's about SRH removal, which is also forbiden by RFC8200.> >> >> >> >> >>> 3) Do the necessary standards work to update RFC8200, such that it> >>> allows this sort of behavior, and only ship the network-programming> >>> draft for publication when at least 6man has consensus to proceed on> >>> that path.> >>> >> Not the preferred path as of today.> >> > Yes, it should be evident that it seems the preferred path has been> > (starting with EH insertion at the time) to circumvent existing> > specifications.> >> >> >> >>> >>> P.S.: I will go through the document once again... but the same> >>> reasoning should be applied to any EH-insertion/removal at a place other> >>> than the source of the packet or its final destination.> >>> >> It looks to me that SRH insertion and SRH removal are to be treated differently.> >> > I don't see how or why. Both violate the same requirement in RFC8200.> >> >> > Thanks,> >>> --------------------------------------------------------------------> IETF IPv6 working group mailing list> ipv6@ietf.org> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email