Re: [spring] Alvaro Retana's Discuss on draft-ietf-spring-srv6-network-programming-20: (with DISCUSS and COMMENT)

"Pablo Camarillo (pcamaril)" <pcamaril@cisco.com> Wed, 07 October 2020 16:08 UTC

Return-Path: <pcamaril@cisco.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DF093A0ADD; Wed, 7 Oct 2020 09:08:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.601
X-Spam-Level:
X-Spam-Status: No, score=-9.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Dd3gfG+H; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=O5hcABBq
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UWm6U0UlU2-R; Wed, 7 Oct 2020 09:08:27 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FA3D3A0ADA; Wed, 7 Oct 2020 09:08:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6762; q=dns/txt; s=iport; t=1602086907; x=1603296507; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=bMGvwnAI0GdNYXNnsq4z13pBnFE0N/UQLMkNdkOgUAY=; b=Dd3gfG+H2OZJnmSCTn9nBf8oa+UQFCPEsOdPYfSQEoju/x0dHzeaCEOm EqAU1LxBtNRfCaeS3sucqXSDAiSaz+KHVNDf9H4/WMEuWmIqyaKjc4wL6 UDZ4G6FNoNIb1NwHpQ4YZCTiAgbi87FQzf5txsPVi8ufgslrwFhj59zFE s=;
IronPort-PHdr: 9a23:pdVusRyZ1xFptwzXCy+N+z0EezQntrPoPwUc9psgjfdUf7+++4j5ZRWDt/pohV7NG47c7qEMh+nXtvXmXmoNqdaEvWsZeZNBHxkClY0NngMmDcLEbC+zLPPjYyEgWsgXUlhj8iK0NEFUHID1YFiB6nG35CQZTxP4Mwc9L+/pG4nU2sKw0e36+5DabwhSwjSnZrYnJxStpgKXvc4T0oY=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D0AQCP531f/5FdJa1gHQEBAQEJARIBBQUBQIE+BQELAYFRUQeBSS8sCoQzg0YDjXOKEY5qglMDVQsBAQENAQEtAgQBAYRKAheBcAIlNwYOAgMBAQsBAQUBAQECAQYEbYVcDIVyAQEBAQMSEREMAQE3AQsEAgEIDgMEAQEDAh8HAgICHxEVCAgCBAENBQgahVADLgGeVAKBOYhhdoEygwEBAQWFHQ0LghAJgQ4qAYJxg2uCRIQSG4FBP4ERQ4JNPoIagiUFM4JdM4ItkA8SgmY8kwWQCjhSCoJolVyFLaEtkxqNW5JAAgQCBAUCDgEBBYFqJIFXcBWDJFAXAg2OHwwXFIM6ilZ0NwIGAQkBAQMJfIw7AYEQAQE
X-IronPort-AV: E=Sophos;i="5.77,347,1596499200"; d="scan'208";a="556290369"
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 07 Oct 2020 16:08:26 +0000
Received: from XCH-RCD-002.cisco.com (xch-rcd-002.cisco.com [173.37.102.12]) by rcdn-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id 097G8QW8009135 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 7 Oct 2020 16:08:26 GMT
Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-RCD-002.cisco.com (173.37.102.12) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 7 Oct 2020 11:08:25 -0500
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 7 Oct 2020 11:08:25 -0500
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 7 Oct 2020 11:08:25 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=b/R598OJlgSxEMR1Z6110v97yNian6AAoDIDAxeZ901KEVJR17bHXRZPyU0wa/qjL6el3vc5cqsXehf4sF2y+2yQKL5qwKZw7wrfV4PYrQIZj/8A1Ackv0x9XYkWZaUiawU+Gn0VtBNo2XvebBR6RLgwFGmNthIocDy5olChkPGxAcSpWmAYfYFLRCJHM5lW2itj1xwFWrj+28qjHCSbpjhkBUnBDbZdq4FKBwqY3RfhRza8jgfglLhaTdIwJ5i+/vYORWOnb/ehtjb+gy2ecjAVCWoij16pnf4ekeNaWztI5lE0rjpKLWzUyYcKOpXQbKdr6fRdnv6I6ZuUmmJ8iA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bMGvwnAI0GdNYXNnsq4z13pBnFE0N/UQLMkNdkOgUAY=; b=PpIhQx51l5oAm3yYH55zaXQb9kTOpIBH+WHTZB3eqTIT4AsGqr37+hqBJSW5uLxoLllHtWiUOWgU2+onPcG2E/V2p0evJVfGarDKzDlD17wCxP+X+/lRs3UUS5c3jWw5XdVXLJznAOEe42xTVVB4jzHviuJCUdYYv9+R2h8lBnC64nEdQQwNAfkbdEjzqjixCHAHY4oCZrtaj+KnuuddpLP/VccoGM/W56p8BD1i1gM0MMHE/acj4Nm57Edrg/wNvdVeT+OlD+vUIeZDupRiJbqSkXr5xt6huYUWSOz8BefDk36S51fDKTQiFb1Ba9b6fg7S4tXVjeq3RL8Fxhl1sQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bMGvwnAI0GdNYXNnsq4z13pBnFE0N/UQLMkNdkOgUAY=; b=O5hcABBqkDliJZHWE2eWM6nATJVj2BZa39CSAHpFN/CTq7XMumqH8BwVIoArWHF7Le07bxcxrjNcq2g5/5f6xgIBw+Y1LvlVt64W1pc60j0aYFLU1XWjtFzMqxyUktH+MbMCrH8V5YTr1cJEbeo71ulgdv5aR93R0A4mtnC8rrg=
Received: from PH0PR11MB5079.namprd11.prod.outlook.com (2603:10b6:510:3d::6) by PH0PR11MB5031.namprd11.prod.outlook.com (2603:10b6:510:33::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.21; Wed, 7 Oct 2020 16:08:22 +0000
Received: from PH0PR11MB5079.namprd11.prod.outlook.com ([fe80::4c8b:735b:1ac3:efcc]) by PH0PR11MB5079.namprd11.prod.outlook.com ([fe80::4c8b:735b:1ac3:efcc%7]) with mapi id 15.20.3455.022; Wed, 7 Oct 2020 16:08:22 +0000
From: "Pablo Camarillo (pcamaril)" <pcamaril@cisco.com>
To: Alvaro Retana <aretana.ietf@gmail.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-spring-srv6-network-programming@ietf.org" <draft-ietf-spring-srv6-network-programming@ietf.org>, Bruno Decraene <bruno.decraene@orange.com>, "spring-chairs@ietf.org" <spring-chairs@ietf.org>, Joel Halpern <jmh@joelhalpern.com>, "spring@ietf.org" <spring@ietf.org>
Thread-Topic: Alvaro Retana's Discuss on draft-ietf-spring-srv6-network-programming-20: (with DISCUSS and COMMENT)
Thread-Index: AQHWkexH7Sfcgf7TT06mTUkzS2fD6al5nJiQgAUS+ACAAkUm4IALXauAgAANzVA=
Date: Wed, 07 Oct 2020 16:08:22 +0000
Message-ID: <PH0PR11MB5079CDAEFA7CCFCE6E3CE1CCC90A0@PH0PR11MB5079.namprd11.prod.outlook.com>
References: <160089467694.11025.16329903730475278493@ietfa.amsl.com> <MWHPR11MB137441B3AF475B48CC89AAC9C9360@MWHPR11MB1374.namprd11.prod.outlook.com> <CAMMESsyw8ZV5_yuH1HdqHi222YvzbY7gzippZjnWPiceV9wpog@mail.gmail.com> <MWHPR11MB1374919BDD110601CB50FFDDC9330@MWHPR11MB1374.namprd11.prod.outlook.com> <CAMMESsyu8Ezebo6V=4Nz0yUWJ_rZ5uwM_=AG7YgaZUU+izMv5g@mail.gmail.com>
In-Reply-To: <CAMMESsyu8Ezebo6V=4Nz0yUWJ_rZ5uwM_=AG7YgaZUU+izMv5g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [173.38.220.35]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4392a9cf-6200-457f-c839-08d86adb372a
x-ms-traffictypediagnostic: PH0PR11MB5031:
x-microsoft-antispam-prvs: <PH0PR11MB50311F8BCFAFD52FDA812602C90A0@PH0PR11MB5031.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: d7SW4nf0k1Qtkmh244mEz3M2/zbsf+XI+Jxe9csmgOPFC0h1pz5QdcNMPz4GxInh6zs8pzOFd1BsOQUCxst1PxTfkFcejs7Sd6vtAj+mOCHo3xRKKOJ7gD6EpApBLtVmImt7WlpO378u3UsPrTHETIZLm00zEri+oMmxIfnYUg6Qo9y/6Q2hyevVor+6ZqQftGQhUulZMfLbQsW9NB4g1f/6fzHbYhnndo1khk0ZKchD+F5IqxkGyJV0IOVV40gHa/P3JrkJ8hPSmDrzVrTOoaEeDHri6d87ZR6xFQg7OjPjf97aq8KQAK7wFwDltZAwAhp83Ch8gRnDTR9RLu81Tg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB5079.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(39860400002)(346002)(136003)(396003)(366004)(376002)(66574015)(83380400001)(5660300002)(52536014)(478600001)(33656002)(8676002)(66946007)(66476007)(9686003)(66556008)(4326008)(2906002)(86362001)(316002)(186003)(110136005)(55016002)(54906003)(8936002)(53546011)(7696005)(6506007)(76116006)(71200400001)(64756008)(66446008)(26005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: ivedwxae2MEgrUuV+Yu3XDG5Q9eH8GNVPf5qlI+MdZpmq834EeHIF5WoARlVx6N+34nF3j3P6pi+1iSI5dCaUW2IuOOijK4dIedXfhxl7jQx3KTJDomu77fuQ1nTShV6gKEXO9B7jLtoA+GQZdRoDSovK/3M1AGpGeyUtlax4RH6dbS3WFBOc/F72Swd5kh7y8DxJ3jea1jxHt+//OT0sXPn876uoMPlr1SPMqyUcWDlVx4i0GHVZmlApnv/WHIRGYxNzHqP/6ZXVxWRnvhsJ3yVcI7meYXnu7Tqu/x/pOvCzEcBruMME4jtLNvpJoxJQjtJxYlkJqTbSDc9B1BFosM4GsE4dLxk44CWHIGEi+2TEinCbI/xqOWcJe7NmnrvTa/c3Gd0pIcxtJtgyJvM7btfNpLZr0QG4qOLvKkbkmFW1bF9YHs3Jcvf+EkA7tdio5R3Pz3tFb45P8k8yw5zorz2Bc6t54WuZHXCpJO7ckupslQ7wQAkTVRpGhponzQBa6FGSiU9VQMyAd7G1WFAac5KZ5KA1JzRshUnG/KM51UpG3nFb9WFuuU8ex/DM3tQDnG28w8jMqS3H2GLPoamtZKrzzWNIkPYf7x4ypXIFnuqMdeadwdA5FDHLjNj82ljYl9k9pWI9gccnLZYMfCguA==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5079.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4392a9cf-6200-457f-c839-08d86adb372a
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Oct 2020 16:08:22.6299 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 2GEldXhqWrLEI7r9F+hXdXDJXeHH0lwlVEprmr0zZ7BJsZZjyeI2BHDOXMs0BLlnODSoRsFRB6QIEJMMrlvaKQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5031
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.12, xch-rcd-002.cisco.com
X-Outbound-Node: rcdn-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/wW-em8jPm-Fqrq_zXUTYJTCZ_fo>
Subject: Re: [spring] Alvaro Retana's Discuss on draft-ietf-spring-srv6-network-programming-20: (with DISCUSS and COMMENT)
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2020 16:08:30 -0000

Hi Alvaro,

Many thanks for the feedback. Inline below with PC3.
Note that we have just posted rev24 as per the comments below.

Cheers,
Pablo.

-----Original Message-----
From: Alvaro Retana <aretana.ietf@gmail.com> 
Sent: miércoles, 7 de octubre de 2020 17:04
To: The IESG <iesg@ietf.org>; Pablo Camarillo (pcamaril) <pcamaril@cisco.com>
Cc: draft-ietf-spring-srv6-network-programming@ietf.org; Bruno Decraene <bruno.decraene@orange.com>; spring-chairs@ietf.org; Joel Halpern <jmh@joelhalpern.com>; spring@ietf.org
Subject: RE: Alvaro Retana's Discuss on draft-ietf-spring-srv6-network-programming-20: (with DISCUSS and COMMENT)

On September 30, 2020 at 9:18:37 AM, Pablo Camarillo wrote:


Pablo:

Hi!

Just leaving below the points I still want to talk about.

Thanks!

Alvaro.


...
> > --------------------------------------------------------------------
> > --
> > DISCUSS:
> > --------------------------------------------------------------------
> > --
...
> > (1b) It would be nice if the behavior in §4.1.1 were also specified 
> > using pseudocode...
...
> §4.1.1 is called from different places, while processing different 
> behaviors. Is it expected that the "local configuration" will cover 
> each behavior individually, or will the operator be able to configure 
> a single policy for all? In either case, it would be good to mention it.
>
[PC2] In the document we've left 'local configuration' up to an [PC2] implementation. Whether an implementation implements the local [PC2] configuration on an interface as an ACL or globally for all SIDs or per [PC2] SID via some API is not for this document to decide, and has no impact [PC2] on interoperability.

True, it has no impact on interoperability, but it can have an impact on the operation of the network.  While not including details about local configuration, I would like to see some guidance on the definition of proper policies.  For example, considering your example of allowing ICMPv6, OAM may be important, but forwarding a packet that is not in line with the behavior would not be.
[PC3] Indeed, it's a good point. We have posted in rev24 the following diff: 
<OLD>
   Notes:
   S01.  As an example, an operator may not wish to have any TCP traffic
   destined to a local SID, but may want to enable ICMPv6 packet
   processing for OAM purposes.
</OLD>
<NEW>
   Allowing processing of specific Upper-Layer Headers types is useful
   for OAM.  As an example, an operator might permit pinging of SIDs.
   To do this they may enable local configuration to allow Upper-layer
   Header type 58 (ICMPv6).

   It is RECOMMENDED that an implementation of local configuration only
   allows Upper-layer Header processing of types that do not result in
   the packet being forwarded (e.g.  ICMPv6).
</NEW>

Along those lines, the headend policy should be consistent with the behavior and any local configuration.  This expectation should also be mentioned somewhere.
[PC3] Indeed. We've included that in the Security Considerations section.
<OLD>
   This document introduces SRv6 Endpoint and SR Policy Headend
   behaviors for implementation on SRv6 capable nodes in the network.
   As such, this document does not introduce any new
   security considerations.
</OLD>
<NEW (third line)>
   This document introduces SRv6 Endpoint and SR Policy Headend
   behaviors for implementation on SRv6 capable nodes in the network.
   The headend policy definition should be consistent with the specific
   behavior used and any local configuration (as specified in
   Section 4.1.1).  As such, this document does not introduce any new
   security considerations.
</NEW>


...
> > (3) The description of the flavors in §4.16 is also unclear.
> ...
> For an endpoint behavior that indicates more than one flavor, which 
> one should be applied?
>
> For some of the behaviors, 29 (End with PSP&USD) for example, the 
> flavor used seems to depend on the number of SLs: if received with SL 
> == 0, then the flavor is USD, but if received with SL == 1 then use 
> PSP. But for other behaviors, 30 (End with USP&USD) for example, which 
> flavor should be applied if both are supported?
>
[PC2] When a behavior (e.g. End) is combined with one or more flavors (e.g.
[PC2] USP & USD), their combined pseudocode is what determines the packet [PC2] processing. In the specific example of USP&USD (when SL=0), the [PC2] pseudocode would end up first removing the processed SRH and then, [PC2] depending on the next upper-layer header, also removing the outer IPv6 [PC2] encapsulation header if/when there is an inner IP packet.

Oh, it's the combination; that is not mentioned anywhere.
[PC3] Currently we have the following text present in 4.16. 
> The End, End.X and End.T behaviors can support these flavors either individually or in combinations. 

Thank you for your time!