Re: [spring] Spring protection - determining applicability

Huzhibo <> Tue, 04 August 2020 13:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D827A3A0B71 for <>; Tue, 4 Aug 2020 06:32:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id oHRumwOpszDK for <>; Tue, 4 Aug 2020 06:32:43 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 676043A0B6B for <>; Tue, 4 Aug 2020 06:32:43 -0700 (PDT)
Received: from (unknown []) by Forcepoint Email with ESMTP id 12F6A2D048052B120B20 for <>; Tue, 4 Aug 2020 14:32:40 +0100 (IST)
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Tue, 4 Aug 2020 14:32:39 +0100
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.1.1913.5 via Frontend Transport; Tue, 4 Aug 2020 14:32:39 +0100
Received: from ([]) by ([]) with mapi id 14.03.0487.000; Tue, 4 Aug 2020 21:32:36 +0800
From: Huzhibo <>
To: "Joel M. Halpern" <>, "" <>
Thread-Topic: [spring] Spring protection - determining applicability
Thread-Index: AQHWaSfMvaROiWEXVU+aZWRNMojsJakn8pLg
Date: Tue, 4 Aug 2020 13:32:36 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <>
Subject: Re: [spring] Spring protection - determining applicability
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 04 Aug 2020 13:32:45 -0000

Hi Joel and all:

    I think node protected is used when the SLA of a path cannot be quickly repaired. E2E detection cannot be deployed in some scenarios. As a result, the faulty path cannot be repaired at the headend. 
    To prevent SR policy from bypassing Service Sid, if the Per Sid forwarding state is not introduced on other nodes, the advertise Sid Not Bypass Flag is useless. Therefore, extending the Not Bypass Flag in the SRH Flag may be an effective method. The following document is trying to solve such problem.



-----Original Message-----
From: spring [] On Behalf Of Joel M. Halpern
Sent: Monday, August 3, 2020 7:51 AM
Subject: [spring] Spring protection - determining applicability

(WG Chair hat Off, this is merely a note from a slightly confused WG

I have been reading the various repair drafts, and the various networks programming and service programming draft, and I am trying to figure out one aspect of the combination.

How does a node that is doing some form of bypass (suppose, for simplicity, it is Node N2 deciding to bypass the next SID for a failed node N3) know that it is safe to do so?

If the path was just for TE, then it is "safe" if the new path meets the TE criteria.  or maybe it is safe if it is even close, as long as it is not used for too long.

But what if the node were a Firewall, included to meet legal requirements?
Or was some other necessary programmatic transform (wince we are deliberately vague about what nodes can do when asked suitably.)

Is there some "can be bypassed" indication in the routing advertisements that I missed?

Thank you,

spring mailing list