Right, let's get the text clarified. Whether or not the IETF (not just these 
two WGs, which plainly cannot agree) accepts or refuses this interpretation of 
RFC 8200 is a separate question.

Regards
   Brian

On 04-Mar-20 09:37, Pablo Camarillo (pcamaril) wrote:
> Brian, Bruno,
> 
>  
> 
> Many thanks for your comments.
> 
> Based on the feedback I would propose to add Brian's proposed text as is into 
> the draft.
> 
>  
> 
> 4.16.1.  PSP: Penultimate Segment Pop of the SRH
> 
>  
> 
>    SR Segment Endpoint Nodes advertise the SIDs instantiated on them via
> 
>    control plane protocols as described in Section 8.  Different
> 
>    behavior ids are allocated for flavored and unflavored SIDs [Table 4]
> 
>    such that an SR Source Node can identify PSP-flavored SIDs as such.
> 
>  
> 
>    The PSP flavor is specifically used by the Source SR Node when it
> 
>    needs to instruct the penultimate SR Segment Endpoint Node listed in
> 
>    the SRH to remove the SRH from the IPv6 header.
> 
>  
> 
>    SR Segment Endpoint Nodes receive the IPv6 packet with the
> 
>    Destination Address field of the IPv6 Header equal to its SID
> 
>    address.  A penultimate SR Segment Endpoint Node is one that, as part
> 
>    of the SID processing, copies the last SID from the SRH into the IPv6
> 
>    Destination Address and decrements Segments Left value from one to
> 
>    zero.
> 
>  
> 
>    The PSP operation only takes place at a penultimate SR Segment
> 
>    Endpoint Node and does not happen at any Transit Node.
> 
>  
> 
>    The SRH processing of the End, End.X and End.T behaviors are
> 
>    modified: after the instruction "S14.  Update IPv6 DA with Segment
> 
>    List[Segments Left]" is executed, the following instructions must be
> 
>    executed as well:
> 
>  
> 
> S14.1.   If (Segments Left == 0) {
> 
> S14.2.      Update the Next Header field in the preceding header to the
> 
>                 Next Header value of the SRH
> 
> S14.3.      Decrease the IPv6 header Payload Length by the Hdr Ext Len
> 
>                 value of the SRH
> 
> S14.4.      Remove the SRH from the IPv6 extension header chain
> 
> S14.5.   }
> 
>  
> 
>    The usage of PSP does not increase the MTU of the IPv6 packet and
> 
>    hence does not have any impact on the PMTU discovery mechanism.
> 
>  
> 
>    As a reminder, [I-D.ietf-6man-segment-routing-header] defines in
> 
>    section 5 the SR Deployment Model within the SR Domain [RFC8402].
> 
>    Within this framework, the Authentication Header (AH) is not used to
> 
>    secure the SRH as described in Section 7.5 of
> 
>    [I-D.ietf-6man-segment-routing-header].
> 
>  
> 
> *<NEW>*
> 
> *This behavior does not contravene section 4 of [RFC8200]*
> 
> *because the current destination address of the incoming packet*
> 
> *is the address of the node executing the PSP behavior.*
> 
> *</NEW>*
> 
>  
> 
> Additionally, please find some replies inline to the comments from Bruno 
> [PC2].
> 
>  
> 
> Thanks,
> 
> Pablo.
> 
>  
> 
> -----Original Message-----
> 
> From: "bruno.decra...@orange.com" <bruno.decra...@orange.com>
> 
> Date: Tuesday, 3 March 2020 at 15:49
> 
> To: "Pablo Camarillo (pcamaril)" <pcama...@cisco.com>, Brian E Carpenter 
> <brian.e.carpen...@gmail.com>
> 
> Cc: "Darren Dukes (ddukes)" <ddukes=40cisco....@dmarc.ietf.org>, 6man WG 
> <i...@ietf.org>, SPRING WG List <spring@ietf.org>
> 
> Subject: RE: PSP and a logical application of RFC8200
> 
>  
> 
>     Pablo,
> 
>     
> 
>     My reading is that Brian is asking for a clarification of the text, not a 
> change in the behavior.
> 
>     In general, I think that clarification is good and that Brian's request 
> is reasonable.
> 
>    
> 
>     Related to Brian's comment, but on top of them, I have further points on 
> this section 4.16.1:
> 
>    
> 
>     1)
> 
>     " S14.1.   If (Segments Left == 0) {"
> 
>    
> 
>     Although I agree that reading the whole pseudo code (split across the 
> whole document) is self-descriptive, there is the opportunity for people to 
> misread and confuse "Segment Left in the received packet" with "Updated 
> Segment Left". I'd like to avoid misunderstanding similar to the ones in RFC 
> 8200. Could you propose something? E.g.  :s/ Segments Left/ Updated Segments 
> Left.
> 
>  
> 
> PC2: In previous versions of this document we used the term “updated SL”. As 
> part of the WGLC we changed this text in December to “Segments Left” since it 
> is the name of the field defined in the SRH. While I do find the “Updated 
> Segments Left” easier to understand, the working group feedback wasn’t the 
> same in December. Hence I would tend to keep it as is. But no strong 
> preference on my side really.
> 
>  
> 
>     2)
> 
>     As a possible change to try to address Brian's comment
> 
>     OLD:
> 
>        The PSP operation only takes place at a penultimate SR Segment
> 
>        Endpoint Node and does not happen at any Transit Node.
> 
>    
> 
>     NEW:
> 
>        The PSP operation only takes place at a penultimate SR Segment
> 
>        Endpoint Node (where Segment Left == 1) and does not happen at any 
> Transit Node.
> 
>  
> 
> PC2: Given the new text added, and given that we already have this, do we 
> need it?
> 
> *A penultimate SR Segment Endpoint Node*is one that, as part
> 
>    of the SID processing, copies the last SID from the SRH into the IPv6
> 
>    Destination Address and *decrements Segments Left value from one to*
> 
> *   zero.*
> 
>  
> 
>     More inline
> 
>    
> 
>     > From: ipv6 [mailto:ipv6-boun...@ietf.org] On Behalf Of Brian E Carpenter
> 
>     >
> 
>     > On 03-Mar-20 09:02, Pablo Camarillo (pcamaril) wrote:
> 
>     > > Brian,
> 
>     > >
> 
>     > > The PSP pseudocode is presented as a modification to the End 
> pseudocode starting at line S14 of such.
> 
>     > > Please go through the PSP pseudocode in conjunction with the End 
> pseudocode (Section 4.1).
> 
>     > > You will see that the ingress state of the packet is (Segments Left 
> == 1 and Destination Address == the PSP node's address).
> 
>     >
> 
>     > Exactly my point. With SL == 1, you are not at the ultimate 
> destination, so according to what I'll call "Fernando's reading" of RFC8200, 
> you are not entitled to delete the header. That is the point that IMHO needs 
> to be stated explicitly in the draft. You are using "Darren's reading" of 
> RFC8200.
> 
>     >
> 
>     > I really think you need to say so explicitly. Something like:
> 
>     >
> 
>     > Note: this behavior does not contravene section 4 of [RFC8200]
> 
>     > because the current destination address of the incoming packet
> 
>     > is the address of the node executing the PSP behavior.
> 
>     >
> 
>     > This will not change the argument, but it will make the issue clear so 
> that we (the IETF) can decide whether to accept it or not. And that is 
> orthogonal to whether RFC 8200 is wrong.
> 
>    
> 
>     3)
> 
>     Given that there is even heated discussions on the text/wording in 
> RFC8200, I'm afraid that whatever text be inserted in 
> draft-ietf-spring-srv6-network-programming would trigger controversy and that 
> in the end be asked to be removed.
> 
>     However, I'm also in favor of making the issue clear.
> 
>    
> 
>     Brian, I would personally prefer to stick as close as possible to the 
> text from RFC 8200, plus that we make clear that we are not changing it but 
> only referring to. So I would propose something along the following:
> 
>    
> 
>                 As indicated in RFC 8200 section 4, extension headers [...] 
> are not [to be]
> 
>                    processed, inserted, or deleted by any node along a 
> packet's delivery
> 
>                    path, until the packet reaches the node [...] identified 
> in the Destination Address field
> 
>                    of the IPv6 header.
> 
>       
> 
>                 The PSP behavior defined in this section specifies that, the 
> node identified in the Destination Address field of the IPv6 header (as 
> restricted by RFC 8200 section 4), when Segment Left is received as 1 and 
> when specifically instructed by the source node, removes the SRH header.
> 
>    
> 
>     
> 
>     As a reminder, the text from RFC 8200 is
> 
>     "   Extension headers (except for the Hop-by-Hop Options header) are not
> 
>        processed, inserted, or deleted by any node along a packet's delivery
> 
>        path, until the packet reaches the node (or each of the set of nodes,
> 
>        in the case of multicast) identified in the Destination Address field
> 
>        of the IPv6 header."
> 
>    
> 
>     I believe that my proposed edits are clearly indicated by "[]" and helps 
> the reader to focus on the relevant text. However, I'm also fine with copy 
> pasting the text verbatim from RFC 8200.
> 
>        
> 
>     4) There is an interesting comment on the 6MAN WG 
> https://mailarchive.ietf.org/arch/msg/ipv6/AJzOX97mUeHjEcDSIgpqUw8gNk0/
> 
>     Although not sent in the SPRING WG, and not mentioning to this document, 
> I think that I should be taken into account.
> 
>     More specifically
> 
>     " IMHO, any specification breaking AH (e.g., by modifying the NextHeader 
> in transport mode) should clearly note that it 'breaks AH' or constraints its 
> use; but, this is still acceptable for an IETF standard specification IMHO to 
> 'break AH'."
> 
>     
> 
>     I'd propose:
> 
>     OLD:
> 
>        As a reminder, [I-D.ietf-6man-segment-routing-header] defines in
> 
>        section 5 the SR Deployment Model within the SR Domain [RFC8402].
> 
>        Within this framework, the Authentication Header (AH) is not used to
> 
>        secure the SRH as described in Section 7.5 of
> 
>        [I-D.ietf-6man-segment-routing-header].
> 
>    
> 
>     NEW:
> 
>     Removing the SRH requires modifying the Next Header field which is 
> defined as Immutable by RFC 4302.  As indicated in 
> [I-D.ietf-6man-segment-routing-header], the use of RH with AH by an SR source 
> node, and processing at a SR
> 
>        segment endpoint node is not defined in this document.  Future 
> documents may define use of SRH with AH and its processing. Such future 
> document needs to take into account that the use of PSP requires the Next 
> Header field to not be Immutable.
> 
>    
> 
> PC2: Given the following text from RFC4301, and the quote above from the SRH, 
> do we really need this?
> 
>    IPsec implementations MUST support ESP and MAY
> 
>    support AH. (Support for AH has been downgraded to MAY because
> 
>    experience has shown that there are very few contexts in which ESP
> 
>    cannot provide the requisite security services.  Note that ESP can be
> 
>    used to provide only integrity, without confidentiality, making it
> 
>    comparable to AH in most contexts.)
> 
>  
> 
>  
> 
>  
> 
>     Or whatever text indicating the issue.
> 
>    
> 
>     Regards,
> 
>     --Bruno
> 
>    
> 
>     >
> 
>     > Regards
> 
>         > Brian
> 
>     > >
> 
>     > > Many thanks,
> 
>     > > Pablo.
> 
>     > >
> 
>     > > -----Original Message-----
> 
>     > > From: ipv6 <ipv6-boun...@ietf.org> on behalf of Brian E Carpenter 
> <brian.e.carpen...@gmail.com>
> 
>     > > Date: Monday, 2 March 2020 at 20:34
> 
>     > > To: "Darren Dukes (ddukes)" <ddukes=40cisco....@dmarc.ietf.org>, 6man 
> WG <i...@ietf.org>, SPRING WG List <spring@ietf.org>
> 
>     > > Subject: Re: PSP and a logical application of RFC8200
> 
>     > >
> 
>     > >     Darren,
> 
>     > >    
> 
>     > >     Regardless of whether you accept Fernando's comment about the 
> intention of RFC 8200, there is also the fact that the description of the PSP 
> flavor cheats by considering the packet to have
> 
>     > >      (Segments Left == 0 and Destination Address == the PSP node's 
> address).
> 
>     > >     In fact that is *never* the state of the packet on the wire, 
> which is either
> 
>     > >      (Segments Left == 1 and Destination Address == the PSP node's 
> address)
> 
>     > >     or
> 
>     > >      (Segments Left == 0 and Destination Address == the final node's 
> address)
> 
>     > >    
> 
>     > >     OK, maybe it's not cheating, maybe it's only a side effect of the 
> pseudocode, but the fact is that the test "S14.1.   If (Segments Left == 0) 
> {" in section 4.16.1 is very confusing because it's applied to a packet that 
> is half way through processing of the routing header (Segments Left has been 
> updated, but Destination Address has not been updated). This makes it very 
> unclear how the spec is claiming to interpret RFC 8200.
> 
>     > >    
> 
>     > >     Regards
> 
>     > >        Brian Carpenter
> 
>     > >    
> 
>     > >     On 03-Mar-20 03:52, Darren Dukes (ddukes) wrote:
> 
>     > >     > What follows has been made clear on the list for a while,
> 
>     > >     > I am re-stating it.
> 
>     > >     >
> 
>     > >     > The draft-ietf-spring-srv6-network-programming PSP behavior
> 
>     > >     > strictly follows the letter of RFC 8200.
> 
>     > >     > 
> 
>     > >     >      RFC8200 section 4 says:
> 
>     > >     > 
> 
>     > >     >      Extension headers (except for the Hop-by-Hop Options 
> header) are not
> 
>     > >     >      *processed, inserted, or deleted* by any node along a 
> packet's delivery
> 
>     > >     >      path, until the packet reaches *the node* (or each of the 
> set of nodes,
> 
>     > >     >      in the case of multicast) *identified in the Destination 
> Address field*
> 
>     > >     >     * of the IPv6 header.*
> 
>     > >     >  
> 
>     > >     >
> 
>     > >     > The processing, insertion and deletion restrictions only apply
> 
>     > >     > “until the packet reaches the node identified in the Destination
> 
>     > >     > Address field of the IPv6 header”.
> 
>     > >     > 
> 
>     > >     > At the penuptimate segment of the segment list, the endpoint IS
> 
>     > >     > “the node identified in the Destination Address field of the 
> IPv6
> 
>     > >     > header” and hence the PSP operation programmed by the source SR
> 
>     > >     > node strictly follows the letter of RFC 8200.
> 
>     > >     >
> 
>     > >     >
> 
>     > >     > Thanks,
> 
>     > >     >   Darren
> 
>     > >     >
> 
>     > >     > 
> --------------------------------------------------------------------
> 
>     > >     > IETF IPv6 working group mailing list
> 
>     > >     > i...@ietf.org
> 
>     > >     > Administrative Requests: 
> https://www.ietf.org/mailman/listinfo/ipv6
> 
>     > >     > 
> --------------------------------------------------------------------
> 
>     > >     >
> 
>     > >    
> 
>     > >     
> --------------------------------------------------------------------
> 
>     > >     IETF IPv6 working group mailing list
> 
>     > >     i...@ietf.org
> 
>     > >     Administrative Requests: 
> https://www.ietf.org/mailman/listinfo/ipv6
> 
>     > >     
> --------------------------------------------------------------------
> 
>     > >    
> 
>     > >
> 
>     >
> 
>     > --------------------------------------------------------------------
> 
>     > IETF IPv6 working group mailing list
> 
>     > i...@ietf.org
> 
>     > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> 
>     > --------------------------------------------------------------------
> 
>    
> 
>     
> _________________________________________________________________________________________________________________________
> 
>    
> 
>     Ce message et ses pieces jointes peuvent contenir des informations 
> confidentielles ou privilegiees et ne doivent donc
> 
>     pas etre diffuses, exploites ou copies sans autorisation. Si vous avez 
> recu ce message par erreur, veuillez le signaler
> 
>     a l'expediteur et le detruire ainsi que les pieces jointes. Les messages 
> electroniques etant susceptibles d'alteration,
> 
>     Orange decline toute responsabilite si ce message a ete altere, deforme 
> ou falsifie. Merci.
> 
>    
> 
>     This message and its attachments may contain confidential or privileged 
> information that may be protected by law;
> 
>     they should not be distributed, used or copied without authorisation.
> 
>     If you have received this email in error, please notify the sender and 
> delete this message and its attachments.
> 
>     As emails may be altered, Orange is not liable for messages that have 
> been modified, changed or falsified.
> 
>     Thank you.
> 
>    
> 
>     
> 

_______________________________________________
spring mailing list
spring@ietf.org
https://www.ietf.org/mailman/listinfo/spring

Reply via email to