Re: [spring] Lars Eggert's Discuss on draft-ietf-spring-sr-replication-segment-16: (with DISCUSS and COMMENT)
Rishabh Parekh <rishabhp@gmail.com> Fri, 11 August 2023 18:41 UTC
Return-Path: <rishabhp@gmail.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2751DC14CE22; Fri, 11 Aug 2023 11:41:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yqT2hJRynyVp; Fri, 11 Aug 2023 11:41:09 -0700 (PDT)
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CD79C14F74A; Fri, 11 Aug 2023 11:41:09 -0700 (PDT)
Received: by mail-ed1-x533.google.com with SMTP id 4fb4d7f45d1cf-52328e96869so2992012a12.1; Fri, 11 Aug 2023 11:41:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691779268; x=1692384068; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=c++WmS13tSfrejkz4qgivCKZNzrnLhm6lA46tYn/Hqs=; b=ncADv4FxzfBCC6CcaHgbvovQx5x8CK65zcHjPkaMd2rYNF83aPa7UVeVn0cjdkkR4N O3+1TZJqOYa0y25CbYdBrkONr8oGcWbq5u9BOv6Ipb+ztYOKuV1ZKtC3Uy8R7dSqRb+C BRjZ3ZgY88y47Uf+zWj0/JnKhl0Yeq/zzq6sXhLEQOau5VfdzqhhTtWqTrrYq2wxULS+ 3gtjBK5R8xrDPINz2y9Ddoji3qjUvbMXZCMoSuc5/axT1hPLgwgOl84+8UsYEg13K8Fy SDMRjAV6wtXBdhtBtwXhJ5RQ3JMq+0UfF2BKA919XP+bP0JW46xqr3nfV5QzExkCFHej 6l0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691779268; x=1692384068; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=c++WmS13tSfrejkz4qgivCKZNzrnLhm6lA46tYn/Hqs=; b=QLzTov8THkhEJV34scGZeXDBBLFjDuP0TUigcsjdcFvjPX8VaBkRe9rRtSToPGBIOC hQDqA+5xSxs4QW/Pi/tvFqSML3yerCQIGxy6U00J/H6mwuFpsHRQNmyuG/Z7x645Ei4x svjNWUTcSfR2KjAG2CukUkw6iYu4TWscMomonqLm6rR9e21fn6R0gHNbJ500DukIyePd /KND+Q9n8QNj6KNeOrKMddmIagxu6GjLWyEpnHCOVErGcPQNds6b9hDWUJtnhd6llmeC LOob6cWSCPC2kkOmH1FirtDyaWwnKCNznd7YIgEcB45gVu3TSOaiBuM2YLWm7OoeyD3n 0h2Q==
X-Gm-Message-State: AOJu0YxzAIkMwF3jjhjBimRu1QwesvhXTMJNglekzHhR8Mli++c8JpUp Vf5DgXCYDOOF+ZBIidMWHL3x9VRaIQlgrOTlxEs=
X-Google-Smtp-Source: AGHT+IGsbpbqNXs0umXVvYKgBgmM56jGzY+3wPR17ZDEJsSd3UKpPv51KDYZEVpb2snr/ltnOi8qKAYlrfobJYRhRC0=
X-Received: by 2002:a05:6402:191:b0:523:264e:eee3 with SMTP id r17-20020a056402019100b00523264eeee3mr2485679edv.11.1691779267536; Fri, 11 Aug 2023 11:41:07 -0700 (PDT)
MIME-Version: 1.0
References: <169113757232.15080.2703586835855766334@ietfa.amsl.com> <CABjMoXZPXeUYLwzfSr=sRVAqZQm1BOLB9KCPbXHrbqWrM769Vg@mail.gmail.com> <97A5A5D3-0E88-4F07-8072-91921E1540BD@eggert.org>
In-Reply-To: <97A5A5D3-0E88-4F07-8072-91921E1540BD@eggert.org>
From: Rishabh Parekh <rishabhp@gmail.com>
Date: Fri, 11 Aug 2023 11:40:53 -0700
Message-ID: <CABjMoXY865nJ_ET-QGAyULO=3WggrJ4Q7ZV0VjS9MGs1VaXF8Q@mail.gmail.com>
To: Lars Eggert <lars@eggert.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-spring-sr-replication-segment@ietf.org, spring-chairs@ietf.org, spring@ietf.org, mankamis@cisco.com
Content-Type: multipart/alternative; boundary="00000000000047abb10602aa0e7b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/tDEWWq601ZMHA4rvaBu49jtA64Q>
Subject: Re: [spring] Lars Eggert's Discuss on draft-ietf-spring-sr-replication-segment-16: (with DISCUSS and COMMENT)
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Aug 2023 18:41:10 -0000
Lars, Inline @ [RP2] Thanks, -Rishabh On Thu, Aug 10, 2023 at 12:54 AM Lars Eggert <lars@eggert.org> wrote: > Hi, > > On Aug 10, 2023, at 00:24, Rishabh Parekh <rishabhp@gmail.com> wrote: > > This document introduces packet replication functionality into SR > > networks. This significantly increases and complicates the attack > > surface of the technology while at the same time introducing severe > > new misconfiguration possibilities (e.g., multicast amplification > > loops that can lead to congestion collapse of the network.) This > > document does not adequately describe and discuss these issues. > > > > [RP] May I ask what you think is missing in the Security section text > about loops? > > A way to detect and/or mitigate the effects of loop congestion. Or if that > cannot be done in this document, a requirement that this technology MUST > NOT be deployed without a control plane that either prevents loops or > detects and mitigates their effects, and a normative reference to those > control plane specs. > [RP2] I will add a MUST requirement for a control plane to prevent or detect/mitigate loops in steady state in the next revision. Local provisioning of replication segments on SR nodes is valid too - maybe we can add a SHOULD clause to prevent loops via local provisioning. However, I don't think a normative reference to the control plane is required because the behavior of a single replication segment - as specified in this document does not necessitate a control plane. > > > Additionally, this documents needs to specify suitable > > countermeasures - it is not sufficient to leave this up to > > unspecified control plane mechanisms. > > > > [RP] This document is just specifying behavior of a single replication > segment. The use of PCE as a controller to create a tree by stitching > replication segments in specified in PIM WG document > (draft-ietf-pim-sr-p2mp-policy) and PCEP protocol extensions are described > in PCE WG doc (draft-ietf-pce-sr-p2mp-policy). > > draft-ietf-pim-sr-p2mp-policy is only cited informally, and > draft-ietf-pce-sr-p2mp-policy not at all. If they do contain these > countermeasures, they need to be cited normatively and their use needs to > be required. However, I just skimmed them and neither seems to discuss > loops or congestion? > [RP] draft-ietf-pim-sr-p2mp-policy is really an "architecture" draft for using PCE as a control plane for creating a tree by stichting replication segments; draft-ietf-pce-sr-p2mp-policy is just PCEP signalling extensions and hence not really referenced in this draft. Once we add the MUST requirements in this draft, I will update draft-ietf-pim-sr-p2mp-policy to satisfy this requirement. > > > ### Section 2, paragraph 18 > > ``` > > In principle it is possible for different Replication segments to > > replicate packets to the same Replication segment on a Downstream > > node. However, such usage is intentionally left out of scope of > this > > document. > > ``` > > What was the intent of leaving this out? There seems to be complexity > > here that can be abused, in which case I would have expected this to > > either be explicitly forbidden or discussed in sufficient detail to > > understand (and mitigate) the issues. > > > > [RP] This came up in WG discussion during WGLC about "sharing" a > downstream replication segment across multiple "upstream" replication > segments (possibly to enable Multipoint-to-Multipoint). Although this is > feasible, it is only possible to do this when a complex set of conditions > are satisfied. This adds complexity to both control plane and data plane > (like needing "outer" and "inner" replication segment context in packets). > Hence, it was kept out of scope of this document. > > So what you write seems to argue that this should then be explicitly > forbidden? > [RP2] No, it should not be forbidden, but left to other future documents that can address the MP2MP use-case or replication segment sharing, if required. > > Thanks, > Lars > > >
- [spring] Lars Eggert's Discuss on draft-ietf-spri… Lars Eggert via Datatracker
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Lars Eggert
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Lars Eggert
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Lars Eggert
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh