Re: [spring] 6MAN WGLC: draft-ietf-6man-sids
Robert Raszuk <robert@raszuk.net> Mon, 10 October 2022 15:05 UTC
Return-Path: <robert@raszuk.net>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E804C14CE27 for <spring@ietfa.amsl.com>; Mon, 10 Oct 2022 08:05:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=raszuk.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RHUs_SVJ0W1h for <spring@ietfa.amsl.com>; Mon, 10 Oct 2022 08:05:22 -0700 (PDT)
Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 047FBC1522A8 for <spring@ietf.org>; Mon, 10 Oct 2022 08:05:21 -0700 (PDT)
Received: by mail-wr1-x42b.google.com with SMTP id b4so17497936wrs.1 for <spring@ietf.org>; Mon, 10 Oct 2022 08:05:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raszuk.net; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=WJ7LAF1MIX3j6bGpqh51SM1PXMbf6+3GhEWS29i6wH4=; b=HCq/mC9lXQ3n59htgrXMc10JTFx/qxQX44g37EIZBE7/4EVmsx0ccavh6XdpynLfAJ KMsrxJ+HEc0IUBrNKJzaKsL8Yh7S+47Kk7gqRhQCtQOZLCMqwl5m9WZzHUjhCH5VcLdj No5dI15+7qrA2ot7ByQB0j5VGFg2uAKmWT9lHX+5KyFwGEBl2mBN9RrhW5kh82g43455 jtl2GotUGPHLcy8rWmvb5Iy3J2bdNT9fOgrviNOmP3hX99X+bnnVgGdNQrpyQhQ/CvZn SurHSlVOmSc2EB/cTChtsw+nfXCD+l0JHLwRvJs0U2Nccmbh5pXtXIFTZcoWnehcNBPB rn5A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=WJ7LAF1MIX3j6bGpqh51SM1PXMbf6+3GhEWS29i6wH4=; b=5gWAIPMW3+N+tFDEHcJfZn6TL4k8/2ZOGG0wT8fUTKGJJk3gawAbKGB/BXUzhBmNW1 jbvt6rozJamk/Lvha/qU3Lyxu2xiopcub8Kl4pygaRyAm5FqpZlqZn6gRsFqqb8AKQgG oHlGNS4OJFn5iljjDTfJyIX3uMSxl09I9ffCGr/klXeJfV4OC7CffA5Dq3QyjdSbQixE YRxWVUWVH+FOmX2LDjct7+hr3PIgIw668OxC9ClFYQkmIb0n1qOPvNVNVmSxmEjmDgAP gYCmk0jM88VNaKpF8yja9VYau0R8gaMp7JXkmmlxYfv6yPVawXlXmcpgrDza/dvSIcIg A+dQ==
X-Gm-Message-State: ACrzQf1GyOmNEZJovmvb+C59GQtIoohIUkgQKnLTBMCyu9jQJ9gFYs4E QvokxUfcwTZtJ2iZAraRnVnyokGusDkR2/2FhehXcw==
X-Google-Smtp-Source: AMsMyM6VbXEYPSfxMkeM5fFdHrrOa0psOPKH4B1GK6O1j+PxSveGxpZ2KnUNV6AXditiWTsrDo6uZtFqXz2s3FSeW+0=
X-Received: by 2002:a5d:6409:0:b0:22e:f12:2abd with SMTP id z9-20020a5d6409000000b0022e0f122abdmr12278673wru.157.1665414319716; Mon, 10 Oct 2022 08:05:19 -0700 (PDT)
MIME-Version: 1.0
References: <CAFU7BARixwPZTrNQOuEw3WP-FqUsVwTj7btMTahcMbXm_NqWGw@mail.gmail.com> <58E77509-A1A1-4CE8-9EE4-22BEEEA8B62E@gmail.com> <98a941e4-0fff-ced1-d4ca-4406368eac31@joelhalpern.com> <4DC495DF-AD6B-4D60-80C4-B836DD365A0C@gmail.com> <CAOj+MMEx7+jWN1yC=81dMwo5GmqbhyHqOZr9W2_qzN9BNjs+Zw@mail.gmail.com> <ab55e9c0-60b9-2986-07f1-38c28852009e@joelhalpern.com> <CAOj+MMEn6Dz-Rz0PRRvR8VXT8idAQm+rLuouWJoNz-dA+kRkJQ@mail.gmail.com> <1fe2d387-8ecc-5240-092c-84a5978af5e4@gmail.com> <CAOj+MME6Nb3MLQCiGQ5S06Cwj6d3Z+aoSpxwFdtoFaV-yPPuJQ@mail.gmail.com> <e65772a1-bc86-c59c-e99f-7cabf92f28a4@joelhalpern.com> <183BB8B9-A338-4136-8546-7C7858B4D4E4@cisco.com> <35484ed3-509a-39ba-6a16-8f2bf807f4f2@joelhalpern.com> <BAAD744A-2AD2-4498-90EC-9C9A184E0A8A@cisco.com> <CAOj+MMGjTa+zwRHnRWWu-+bRZd83vo4xz22XuRK+7TJ5A81DQQ@mail.gmail.com> <a10a6d8c-ef59-398b-1b53-dc3e688c16b0@joelhalpern.com> <CAOj+MMFGRjevpYLGxwiRs1GP-yN8eAxE6a7JKxuhbsYrJgUyLA@mail.gmail.com> <0d911d38-b939-692a-9b8b-24ff752672bc@joelhalpern.com> <CAOj+MMEnYR-ORvtUg+mrq=TW=QXrKYRXoJx=eaFhv2rc+rb+WQ@mail.gmail.com> <CAN-Dau1iOPn5kiu1nxNmp7U+ziCqN1m+isadBwQTZfz1WTFgiQ@mail.gmail.com>
In-Reply-To: <CAN-Dau1iOPn5kiu1nxNmp7U+ziCqN1m+isadBwQTZfz1WTFgiQ@mail.gmail.com>
From: Robert Raszuk <robert@raszuk.net>
Date: Mon, 10 Oct 2022 17:05:07 +0200
Message-ID: <CAOj+MMHWGVDKO5NAzP=hcb3swoO-i+PKz+dkb7j-AZ5CY=DYWQ@mail.gmail.com>
To: David Farmer <farmer@umn.edu>
Cc: Joel Halpern <jmh.direct@joelhalpern.com>, 6man <ipv6@ietf.org>, SPRING WG List <spring@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ee53bf05eaaf7c40"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/yhLDa-wxyODBv1pkxAGGLyS-inY>
Subject: Re: [spring] 6MAN WGLC: draft-ietf-6man-sids
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Oct 2022 15:05:26 -0000
David, No, that is not what I am saying. I am saying that the concept of limited domains is very loosely defined in rfc8799 and using it as a base to drop packets which contain SRH is not right. For example are my enterprise sites interconnected with SD-WAN a limited domain - surely is for me even if I use vanilla IPv6 Interconnect to talk between them. And let's not worry about such sites' security ... This is a completely different topic. Let's agree that dropping IPv6 packets somewhere in transit only because they contain specific extension header is illegal. Thx, R. On Mon, Oct 10, 2022 at 4:56 PM David Farmer <farmer@umn.edu> wrote: > If you are saying the concept of Limited Domains does not apply to SRH > since it isn't an IETF consensus document, then I believe that calls the > consensus for SRH into serious question. Furthermore, if the SRH consensus > is questionable, the idea that operators might filter it shouldn't be > surprising. > > Thanks > > On Mon, Oct 10, 2022 at 9:24 AM Robert Raszuk <robert@raszuk.net> wrote: > >> Joel, >> >> Am I wrong understanding that definition of "limited domain" was never >> approved by any formal IETF process ? >> >> If so do you really think we should be bounded on something which has >> been defined outside of IETF ? >> >> Cheers, >> Robert >> >> On Mon, Oct 10, 2022 at 4:03 PM Joel Halpern <jmh.direct@joelhalpern.com> >> wrote: >> >>> SRH was explicitly defined for use in limited domains. That is why I >>> think dropping it is acceptable. Certainly not required, but permitted. >>> The closest equivalent is NSH, which is also defined for limited domains. >>> In my personal opinion (not speaking for the SFC working group) I think it >>> would be legitimate for a domain, particularly one that is using NSH, to >>> drop packets where the IP carried protocol is NSH. (I would prefer that >>> they block only packets to their domain with carried protocol of NSH, but >>> that is up to the operator.) >>> >>> You have said that you consider the limited domain requirement to be >>> wrong and irrelevant. Whether you agree with it or not, it is in the RFC. >>> Operators may reasonably act on that. >>> >>> Yours, >>> >>> Joel >>> On 10/10/2022 9:59 AM, Robert Raszuk wrote: >>> >>> > it seems acceptable to block all packets with SRH >>> >>> And such statements you are making are exactly my point. >>> >>> Just curious - Is there any other extension header type subject to being >>> a good enough reason to drop packets at any transit node in IPv6 ? >>> >>> Thx, >>> R. >>> >>> On Mon, Oct 10, 2022 at 3:53 PM Joel Halpern <jmh.direct@joelhalpern.com> >>> wrote: >>> >>>> Protection from leaking inwards is required by the RFCs as far as I >>>> know. >>>> >>>> Note that there are multiple ways to apply such protection. It is >>>> sufficient for the domain only to block packets addressed to its own SID >>>> prefixes. If the domain is using SRv6 without compression or reduction, it >>>> seems acceptable to block all packets with SRH. After all, they should not >>>> be occurring. But we do not tell operators how to perform the filtering. >>>> It is up to them what they do. >>>> >>>> Yours, >>>> >>>> Joel >>>> >>>> -------------------------------------------------------------------- >> IETF IPv6 working group mailing list >> ipv6@ietf.org >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 >> -------------------------------------------------------------------- >> > > > -- > =============================================== > David Farmer Email:farmer@umn.edu > Networking & Telecommunication Services > Office of Information Technology > University of Minnesota > 2218 University Ave SE Phone: 612-626-0815 > Minneapolis, MN 55414-3029 Cell: 612-812-9952 > =============================================== >
- [spring] 6MAN WGLC: draft-ietf-6man-sids Jen Linkova
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Brian E Carpenter
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Acee Lindem (acee)
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Adrian Farrel
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Adrian Farrel
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Acee Lindem (acee)
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Adrian Farrel
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Gyan Mishra
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Brian E Carpenter
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Gyan Mishra
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Michael Richardson
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Brian Carpenter
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Xiejingrong (Jingrong)
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Gyan Mishra
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Gyan Mishra
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Gyan Mishra
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Gyan Mishra
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Gyan Mishra
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Mark Smith
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Chengli
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Chongfeng Xie
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Fred Baker
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Mark Smith
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Dhruv Dhody
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Nick Buraglio
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Vasilenko Eduard
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Dhruv Dhody
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Xiejingrong (Jingrong)
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Nick Buraglio
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Dale W. Carder
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Nick Buraglio
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Dhruv Dhody
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Chongfeng Xie
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Chengli
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Brian E Carpenter
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Brian E Carpenter
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Brian E Carpenter
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Eric Vyncke (evyncke)
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Eric Vyncke (evyncke)
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Ole Troan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids David Farmer
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids David Farmer
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Dirk Steinberg
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Robert Raszuk
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Brian E Carpenter
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Dirk Steinberg
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Eduard Metz
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Joel Halpern
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Suresh Krishnan
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Eduard Metz
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Nick Buraglio
- Re: [spring] 6MAN WGLC: draft-ietf-6man-sids Erik Kline