Re: [spring] Violation of the SRv6 architecture concern //RE: WGLC for draft-ietf-spring-sr-replication-segment

2023-02-21 Thread James Guichard 
Hi Jingrong,

As stated in my previous email, let me once again draw your attention to the 
following text from RFC 8754:

4.3.1.  FIB Entry Is 
a Locally Instantiated SRv6 
SID
This document and section define a single SRv6 SID. Future documents may define 
additional SRv6 SIDs. In such a case, the entire content of this section will 
be defined in that document.
It is the opinion of the chairs that this text explicitly provides the latitude 
to define a new SID and specify its behavior/s in a separate document, 
replacing all of the section 4.3.1.x text from RFC 8754. The fact that existing 
standardized behaviors follow a particular set of actions does not mean that a 
newly defined SID must also do so.

Thanks!

Jim, Joel & Bruno

From: Xiejingrong (Jingrong) 
Sent: Monday, February 20, 2023 10:39 PM
To: James Guichard ; Joel Halpern 
; bruno.decra...@orange.com
Cc: SPRING WG ; spring-cha...@ietf.org
Subject: Violation of the SRv6 architecture concern //RE: [spring] WGLC for 
draft-ietf-spring-sr-replication-segment

Hi Jim, Joel & Bruno,

For the “Violation of the SRv6 architecture” concern, I have checked *all* the 
behaviors of SRv6 SID that is following with another SID:


l  End,

l  End.X,

l  End.T,

l  End.B6.Encaps,

l  End.B6.Encaps.Red,

l  End.BM

l  The SID defined in RFC 8754


I find that *all* of them are aligned with the meaning & semantics of 
SRv6/SRH/SID-list/Segment-Left:  process the next SID by updating the DA before 
submitting the packet to the IPv6 module. See below:


Example Pseudo-code of End SID (and also End.X, End.T):
S01. When an SRH is processed {
S12.   Decrement IPv6 Hop Limit by 1
S13.   Decrement Segments Left by 1
S14.   Update IPv6 DA with Segment List[Segments Left]
S15.   Submit the packet to the egress IPv6 FIB lookup for transmission to the 
new destination
S16. }


Example Pseudo-code of End.B6.Encaps (and also End.B6.Encaps.Red, End.BM):
S01. When an SRH is processed {
S12.   Decrement IPv6 Hop Limit by 1
S13.   Decrement Segments Left by 1
S14.   Update IPv6 DA with Segment List[Segments Left]
S15.   Push a new IPv6 header with its own SRH containing B
S16.   Set the outer IPv6 SA to A
S17.   Set the outer IPv6 DA to the first SID of B
S18.   Set the outer Payload Length, Traffic Class, Flow Label,
  Hop Limit, and Next Header fields
S19.   Submit the packet to the egress IPv6 FIB lookup for
  transmission to the new destination
S20. }


Example Pseudo-code of “The SID defined in RFC8754” (which is a general example 
of processing by the meaning of SRv6/SRH/SID-List/Segment-Left) :
S01. When an SRH is processed {
S14. Else {
S15.   Decrement Segments Left by 1.
S16.   Copy Segment List[Segments Left] from the SRH to the destination 
address of the IPv6 header.
S17.   If the IPv6 Hop Limit is less than or equal to 1 {
S18. Send an ICMP Time Exceeded -- Hop Limit Exceeded in
 Transit message to the Source Address and discard
 the packet.
S19.   }
S20.   Else {
S21. Decrement the Hop Limit by 1
S22. Resubmit the packet to the IPv6 module for transmission
 to the new destination.
S23.   }
S24. }
S25.   }
S26. }


Please allow me to list the main meaning & semantics of 
SRv6/SRH/SID-list/Segment-Left (below):
SRv6(8986): The Segment Routing over IPv6 (SRv6) Network Programming framework 
enables a network operator or an application to specify a packet processing 
program by encoding a sequence of instructions in the IPv6 packet header.
SRH(8754): Segment Routing can be applied to the IPv6 data plane using a new 
type of Routing Extension Header called the Segment Routing Header (SRH).
RH(8200): The Routing header is used by an IPv6 source to list one or more 
intermediate nodes to be "visited" on the way to a packet's destination.
Segment Left(8200): 8-bit unsigned integer.  Number of route segments 
remaining, i.e., number of explicitly listed intermediate nodes still to be 
visited before reaching the final destination.


For Replication-SID with an SRv6 VPN SID after it, there is still  an SRv6 SID 
“to be visited” as the (Segment-Left==1) indicates, the behavior is not 
“processing” it but is overriding by the state of the Replication-SID.

SRv6 architecture, in my understanding, is built on the meaning & semantics of 
the above SRv6/SRH/RH/SID-list/Segment-Left, and has proven by *all* the SRv6 
SID that is in RFC8754 & 8986.

That’s an additional argument for my concern about “Violation of the SRv6 
architecture”.

Thanks,
Jingrong


本邮件及其附件可能含有华为公司的保密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制、或散发)本邮件中的信息。如果您错收了本邮件,请您立即电话或邮件通知发件人并删除本邮件!
This e-mail and its attachments may contain confidential information from 
HUAWEI, which is intended only for the person or entity whose address is listed 
above. Any u

[spring] Violation of the SRv6 architecture concern //RE: WGLC for draft-ietf-spring-sr-replication-segment

2023-02-20 Thread Xiejingrong (Jingrong) 
Hi Jim, Joel & Bruno,

For the “Violation of the SRv6 architecture” concern, I have checked *all* the 
behaviors of SRv6 SID that is following with another SID:


l  End,

l  End.X,

l  End.T,

l  End.B6.Encaps,

l  End.B6.Encaps.Red,

l  End.BM

l  The SID defined in RFC 8754


I find that *all* of them are aligned with the meaning & semantics of 
SRv6/SRH/SID-list/Segment-Left:  process the next SID by updating the DA before 
submitting the packet to the IPv6 module. See below:


Example Pseudo-code of End SID (and also End.X, End.T):
S01. When an SRH is processed {
S12.   Decrement IPv6 Hop Limit by 1
S13.   Decrement Segments Left by 1
S14.   Update IPv6 DA with Segment List[Segments Left]
S15.   Submit the packet to the egress IPv6 FIB lookup for transmission to the 
new destination
S16. }


Example Pseudo-code of End.B6.Encaps (and also End.B6.Encaps.Red, End.BM):
S01. When an SRH is processed {
S12.   Decrement IPv6 Hop Limit by 1
S13.   Decrement Segments Left by 1
S14.   Update IPv6 DA with Segment List[Segments Left]
S15.   Push a new IPv6 header with its own SRH containing B
S16.   Set the outer IPv6 SA to A
S17.   Set the outer IPv6 DA to the first SID of B
S18.   Set the outer Payload Length, Traffic Class, Flow Label,
  Hop Limit, and Next Header fields
S19.   Submit the packet to the egress IPv6 FIB lookup for
  transmission to the new destination
S20. }


Example Pseudo-code of “The SID defined in RFC8754” (which is a general example 
of processing by the meaning of SRv6/SRH/SID-List/Segment-Left) :
S01. When an SRH is processed {
S14. Else {
S15.   Decrement Segments Left by 1.
S16.   Copy Segment List[Segments Left] from the SRH to the destination 
address of the IPv6 header.
S17.   If the IPv6 Hop Limit is less than or equal to 1 {
S18. Send an ICMP Time Exceeded -- Hop Limit Exceeded in
 Transit message to the Source Address and discard
 the packet.
S19.   }
S20.   Else {
S21. Decrement the Hop Limit by 1
S22. Resubmit the packet to the IPv6 module for transmission
 to the new destination.
S23.   }
S24. }
S25.   }
S26. }


Please allow me to list the main meaning & semantics of 
SRv6/SRH/SID-list/Segment-Left (below):
SRv6(8986): The Segment Routing over IPv6 (SRv6) Network Programming framework 
enables a network operator or an application to specify a packet processing 
program by encoding a sequence of instructions in the IPv6 packet header.
SRH(8754): Segment Routing can be applied to the IPv6 data plane using a new 
type of Routing Extension Header called the Segment Routing Header (SRH).
RH(8200): The Routing header is used by an IPv6 source to list one or more 
intermediate nodes to be "visited" on the way to a packet's destination.
Segment Left(8200): 8-bit unsigned integer.  Number of route segments 
remaining, i.e., number of explicitly listed intermediate nodes still to be 
visited before reaching the final destination.


For Replication-SID with an SRv6 VPN SID after it, there is still  an SRv6 SID 
“to be visited” as the (Segment-Left==1) indicates, the behavior is not 
“processing” it but is overriding by the state of the Replication-SID.

SRv6 architecture, in my understanding, is built on the meaning & semantics of 
the above SRv6/SRH/RH/SID-list/Segment-Left, and has proven by *all* the SRv6 
SID that is in RFC8754 & 8986.

That’s an additional argument for my concern about “Violation of the SRv6 
architecture”.

Thanks,
Jingrong


本邮件及其附件可能含有华为公司的保密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制、或散发)本邮件中的信息。如果您错收了本邮件,请您立即电话或邮件通知发件人并删除本邮件!
This e-mail and its attachments may contain confidential information from 
HUAWEI, which is intended only for the person or entity whose address is listed 
above. Any use of the information contained herein in any way (including, but 
not limited to, total or partial disclosure, reproduction, or dissemination) by 
persons other than the intended recipient(s) is prohibited. If you receive this 
e-mail in error, please notify the sender by phone or email immediately and 
delete it!

From: James Guichard [mailto:james.n.guich...@futurewei.com]
Sent: Monday, February 20, 2023 11:30 PM
To: Xiejingrong (Jingrong) ; Joel Halpern 
; bruno.decra...@orange.com
Cc: SPRING WG ; spring-cha...@ietf.org
Subject: RE: [spring] WGLC for draft-ietf-spring-sr-replication-segment

Hi Jingrong,

Please see inline.

From: Xiejingrong (Jingrong) 
mailto:xiejingr...@huawei.com>>
Sent: Monday, February 20, 2023 3:02 AM
To: James Guichard 
mailto:james.n.guich...@futurewei.com>>; Joel 
Halpern mailto:j...@joelhalpern.com>>; 
bruno.decra...@orange.com
Cc: SPRING WG mailto:spring@ietf.org>>; 
spring-cha...@ietf.org
Subject: RE: [spring] WGLC for draft-ietf-spring-sr-replication-segment

Hi Jim, and WG chairs:

For Jim’s comment: ”[Jim] Section 4.3.1 of RFC 8754 would appear to agree wi