Hi Erik, Yes, per other discussions resulting from IESG review and Directorate reviews, we need to clarify our use of the word "domain".
The context of an "SR domain" in RFC 8402 is "all nodes participating in an SR system" and that is assumed to include nodes that are not physically adjacent but which have tunnels between them, even including regular IP forwarding without inspection of the SRH (the IP nodes are not in the domain, but the segment end points are). Our use of "domain" was broken in this view of the world and we are fixing it. We will use the word "site" to describe the end locations (such as DCs) in a way that models the naming for VPNs. In an 8402 context, all interconnected sites are part of the same SR domain. Thus, I think, the question of filtering at the domain boundary is unchanged. Thanks, Adrian -----Original Message----- From: Erik Kline via Datatracker <[email protected]> Sent: 18 May 2021 07:24 To: The IESG <[email protected]> Cc: [email protected]; [email protected]; [email protected]; Matthew Bocci <[email protected]>; [email protected] Subject: Erik Kline's No Objection on draft-ietf-bess-datacenter-gateway-10: (with COMMENT) Erik Kline has entered the following ballot position for draft-ietf-bess-datacenter-gateway-10: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-bess-datacenter-gateway/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- [[ comments ]] [ section 8 ] * My understanding is that this will allow a packet from "Ingress" with an SRH that includes SRv6 SIDs associated with either GW1 or GW2 in "Egress". RFC 8754 (sections 5.1 and 7) discusses the necessity to filter SRH packets at the SR domain ingress point. If my understanding above is correct, I think it could be more clear that deliberately not filtering SRH at the domain boundaries is a choice being made here which, further, may have consequences of the sort described in RFC 5095. But maybe I've misunderstood. _______________________________________________ BESS mailing list [email protected] https://www.ietf.org/mailman/listinfo/bess
