SPRING @IETF-118

Thursday 9 November 2023

Room: Congress Hall 1

09:30-11:30, Local

Log into the IETF datatracker to access:

SPRING WG Meeting Agenda

09:30 SPRING Status - Chairs (5 mins)

09:35 Compressed SRv6 Segment List Encoding in SRH (10 mins)

Presenter: Francois Clad (Remote)
draft-ietf-spring-srv6-srh-compression

Nobody in the queue.

Joel: Talked with people and they are comfortable with the updates.
Appreciate the authors and reviewers for their work. We want to move
this work along.

09:45 Circuit Style Segment Routing Policies (10 mins)

Presenter: Christian Schmutzer
draft-ietf-spring-cs-sr-policy

Weiqiang Cheng: Valuable draft. New work called MTN published by ITU-T.
Please consider to include it which will operators who are using MTN.

Bruno: More comments and reviews needed in the mailing list before a WG
Last Call. To the authors, please ask for reviews in the mailing list.

09:55 SRv6 Security Considerations (15 mins)

Presenter: Nick Buraglio

draft-bdmgct-spring-srv6-security

Yingsong Liu: We proposed a draft. Please check. We have deployed SRv6
and think that there is no risk. Please read the draft.
draft-liu-spring-srv6-security-experience

Eric Vyncke: RFC6169 (Security Concerns with IP Tunneling) is very
similar. RFC9099 (Operational Security Considerations for IPv6 Networks)
is also important. Please have a look.

Darren Dukes: Looks good. Happy to help if you need. (From chatbox:
Security analysis was done in the context of RFC8754 with 6man and the
IESG. This continued in subsequent specifications in their security
considerations as needed. So there has been security analysis before
now.)

Zhenbin Li: It has been 7 years since SRv6 is proposed. Not a paper work
anymore. More than 160 deployments around the world. Six important banks
in China have deployed SRv6 but few security issues. Please talk with
the operators of the enterprises who have deployed SRv6 and learn from
them. In the SRv6 ops side meeting, operators have introduced their
experience. Please communicate.

Bruno: To Robin, please introduce the SRv6 ops side meeting in the
mailing list.

Jim Guichard: Thank you for the work. Appreciated. The only purpose of
this draft is that we want to well document the security considerations
and for operators to make their own choices. Not expecting solutions.

Joel: Agree, this draft also serves as inputs to other documents that
need security considerations. It is not a survey of the field.

Weiqiang Cheng: In the SRv6 ops side meeting, 5 operators worldwide have
shared their experience of operating SRv6 networks. There are some very
good materials. Basic conclusion is that there are no deployment or
security issues if it operates in a trusted domain.

Bruno: Thank you for the work and please continue.

Presenter: Yao Liu
draft-liu-6man-icmp-verification

Zafar Ali: SRv6 OAM is a RFC now (RFC9259). We discussed before and
concluded that we should rely on the exisiting IPv6 OAM. Please consider
RFC5837. Should we rely on IPv6 or create something new? We learned from
MPLS lessons. It is very difficult and complex to introduce new OAM
mechanisms. We should carefully think about whether we need this or not.

Yao: Will check this RFC. The proposed method is intended to be simple.
We could add some more comparison and analysis.

Zafar: Good. We can talk more.

Ketan: We have the capability of exposing topologies using BGP-LS, and
this is more scalable for operators to use for validation of the control
plane, and then the existing ICMPv6 will validate the data plane.

Yao: Different from BGP-LS which is a push mechanism. BGP-LS cannot
commodate with the sudden errors.

Ketan: Control plane validation is based on the topology being exposed,
and the ICMPv6 is for the data plane validation. Both together.

Bruno: Feedbacks from operators who deployed SRv6 are good to have.

10:20 EVPN Fast Reroute (5 mins)

Presenter: Luc Andr ¦ Burdet
draft-burdet-bess-evpn-fast-reroute

Zhaohui: Is this discussed in the mailing list? There is an alternative
mechanism. Do we prefer a flag or a new behavior?
draft-liu-bess-multihome-srv6-service-sid-flag

Luc: Proposed in the mailing list but no responses and have not checked
the new messages.

Bruno: Discussed in SPRING or BESS?

Luc: BESS.

Ketan: The SID is the same even if we define a new behavior. This
proposal scales better. We dont need to allocate extra SIDs.

Bruno: BESS Chairs want to check whether it is ok with SPRING. Please
review on the new behavior to be defined and provide comments in the
mailing list.

10:25 SRH Reduction for SRv6 End.M.GTP6.E Behavior (10 mins)

Presenter: Yuya Kawakami
draft-kawakami-dmm-srv6-gtp6e-reduced

Bruno: Not a work for SPRING but for DMM.

No comments.

10:35 4map6 Segments for IPv4 Service delivery over IPv6-only underlay networks (10 mins)

Presenter: Guozhen Dong (Remote)
draft-dong-spring-sr-4map6-segments

Chongfeng Xie: Provide more background information. We need to consider
how to carry IPv4 traffic in an IPv6 network. We adopted the mapping
solution and defined the SID behaviour. The draft is at the early stage.
Looking for more comments and suggestions.

Bruno: Please check with the Chairs of the BESS WG.

Chongfeng Xie: Will do.

Ketan: Already solved with BGP RFC 5549/8950, and documented in RFC9252.
The End.DT4 SIDs are defined in RFC8986. Discuss offline.

Bruno: Please send to the list, Ketan.

10:45 Encapsulation of BFD for SRv6 Policy (10 mins)

Presenter: Changwang Lin/Yisong Liu
draft-liu-spring-bfd-srv6-policy-encap

Joel: To clarify as a Chair, are the two modes two different ways for
the originators within the domain to generate packets or this is
something happening at the edge that inserts an SRH into an existing
SRv6 BFD packets which is not aligned with RFCs?

Yisong: The BFD packets are within the SRv6 domain.

Joel: That is fine, just to be sure.

Greg Mirsky: Go to the 2nd slide. BFD only monitors candidate path which
is already reflected in a working group document. You are extending and
changing RFC5880. Your expectations are beyond what BFD does. Which BFD
mode do you imply when you use the term "unidirectional"?

Yisong Liu: We called the packets as unidirectional to indicate that the
packets does not return to the headend.

Greg Mirsky: Please use the agreed terminologies. Check and align with
RFC5880. No definition yet on the BFD echo in SR.

Yisong: We have proposed another draft on the BFD echo.

Bruno: Please reply in the mailing list.

Zafar Ali: To correct, BFD runs in the segment list level.

Greg Mirsky: That changes the RFC5880. Please make the community agree
with this first. Policy is not monitored by BFD.

Gao Fang: How to realise the monitoring in the reverse path?

Yisong Liu: You could use reverse binding SID or path segment. Not
specified in this draft but other drafts.

Dan Voyer @Chatbox: why not using PM to monitor SR policy ?

10:55 Validity of SR Policy Candidate Path (10 mins)

Presenter: Ran Chen
draft-chen-spring-sr-policy-cp-validity

No comments.

Louis Chan @Chatbox: for validity subject, I'd rather see vendor
specific contraints encapsulated since there could be diversity of use
cases.

11:05 SR-MPLS FRR Extension (5 mins)

Presenter: Huaimo Chen
draft-chen-spring-srmpls-frr-ex

Bruno: Comments in the mailing list please.

Ketan: Already a draft on this problem. This is an alternative
mechanism.

Huaimo: That was long time ago. There were two solutions at almost the
same time. To go in parallel was what had been decided before.

Bruno: Why the second solution?

Huaimo: This one is simpler.

Bruno: Please be clear about the benefits.

11:10 SR Path Binding Protection Architecture (10 mins)

Presenter: Huaimo Chen
draft-chen-spring-sr-bind-protect-arch

Bruno: Discussions in the mailing list are needed. Please reuse the
terminologies that have been defined in the SR Architecture and SR
Policy.

Speaker Shuffling Time/Buffer: 5 minutes
Total Presentation Time: 115 minutes