Re: [6tsch] architecture with remote BBR
Thomas Watteyne <watteyne@eecs.berkeley.edu> Fri, 21 June 2013 00:02 UTC
Return-Path: <twatteyne@gmail.com>
X-Original-To: 6tsch@ietfa.amsl.com
Delivered-To: 6tsch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCBA121F9EE5 for <6tsch@ietfa.amsl.com>; Thu, 20 Jun 2013 17:02:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QnuVDbelCmYg for <6tsch@ietfa.amsl.com>; Thu, 20 Jun 2013 17:02:35 -0700 (PDT)
Received: from mail-pb0-x234.google.com (mail-pb0-x234.google.com [IPv6:2607:f8b0:400e:c01::234]) by ietfa.amsl.com (Postfix) with ESMTP id DC85D21E80A9 for <6tsch@ietf.org>; Thu, 20 Jun 2013 17:02:34 -0700 (PDT)
Received: by mail-pb0-f52.google.com with SMTP id xa12so6862001pbc.39 for <6tsch@ietf.org>; Thu, 20 Jun 2013 17:02:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; bh=r1z5bTWTDJz8oxqhtdw+491NfsyIA+hkFfa/IEga1R4=; b=hRRyIZlhpeZA2i++84utu4DCYht+yhKc4AgN4adNh3/NF25EzyylSRIzqqcpyDU7Mq 4EdJ3HupqcYq1nU35++hPz9WQV+8LU3MDNt5YkYR7zF+gARNRZ191RasQA2aFnvw8zdu XemKTkjpcgX78RIPEFjFRGFurG7mUowr3Pna7099J/dUQM8wDsytAm9wykJ19Or3+xmx n39M+ld0H8YPECEC/m0GqV5PyfTJGVsHeklEGHBJkcWHWNSZlgU2KRIaGn/2EtwMLlor xTT1tOuXy6nZASS7tJg0OGYqS9+0fM7/BGNfkK9zj9h2mV7LQCBzaizLBt7TdYFQqJl2 vM6w==
X-Received: by 10.66.240.7 with SMTP id vw7mr3412983pac.70.1371772954621; Thu, 20 Jun 2013 17:02:34 -0700 (PDT)
MIME-Version: 1.0
Sender: twatteyne@gmail.com
Received: by 10.66.191.161 with HTTP; Thu, 20 Jun 2013 17:02:14 -0700 (PDT)
In-Reply-To: <E045AECD98228444A58C61C200AE1BD841318A15@xmb-rcd-x01.cisco.com>
References: <CADPqcJJfiO0Va7mvHAFTEH5yRWiCD3LYf5Ajh-fXcugNgzbgYQ@mail.gmail.com> <2C3A8CAFDCAFCA41B8BF705CD9471C5B184C2E33@xmb-rcd-x04.cisco.com> <CADJ9OA9_YafLAfraengBu4NcFDypJHvJVCtQSBjG0QhnZMtcBg@mail.gmail.com> <E045AECD98228444A58C61C200AE1BD841318A15@xmb-rcd-x01.cisco.com>
From: Thomas Watteyne <watteyne@eecs.berkeley.edu>
Date: Thu, 20 Jun 2013 17:02:14 -0700
X-Google-Sender-Auth: 1_BuNvHh-OFqKUI-9TU80JCsf2Q
Message-ID: <CADJ9OA_D05hOS9gfJq0p4r=83YzzEsk2Cn_aP-LLSq+OfA6Uew@mail.gmail.com>
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
Content-Type: multipart/alternative; boundary="047d7b15a54dac425204df9ec76e"
Cc: 6TSCH <6tsch@ietf.org>
Subject: Re: [6tsch] architecture with remote BBR
X-BeenThere: 6tsch@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discuss link layer model for Deterministic IPv6 over the TSCH mode of IEEE 802.15.4e, and impacts on RPL and 6LoWPAN such as resource allocation" <6tsch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tsch>, <mailto:6tsch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tsch>
List-Post: <mailto:6tsch@ietf.org>
List-Help: <mailto:6tsch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tsch>, <mailto:6tsch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jun 2013 00:02:37 -0000
Pascal, You need the BB to be a MAC-level broadcast domain to be able to do the proxy ND functionality, right? (see min 17:02 of https://cisco.webex.com/ciscosales/lsr.php?AT=pb&SP=MC&rID=66409322&rKey=254105c68fefa880). But you're absolutely right, I can see how this property affects the PCE discovery functionality. The case where there are many little PCEs covering different segment makes perfect sense. In other cases (mobility?), we might imagine an architecture where a single PCE is managing multiple LLNs in parallel. Thomas On Thu, Jun 20, 2013 at 7:00 AM, Pascal Thubert (pthubert) < pthubert@cisco.com> wrote: > Hello Thomas:**** > > ** ** > > If I understand you well, your reference to the multicast domain has to do > specifically with the PCE discovery, is that correct?**** > > Even so, the product of the discussion is probably useful in the > architecture document.**** > > ** ** > > My initial mind was to emulate the model of DHCP, though we probably need > to extend it quite a bit to scale and distribute.**** > > For all I know – but I’m not JP -, there is art for distributed PCE, in > particular between ISPs so that each PCE can compute a local segment of a > global route.**** > > In your case 1, it could make sense that there is at least one PCE on each > subdomain so as to avoid crossing boundaries for local route computation.* > *** > > ** ** > > In the future, we can probably expect to find many virtualized PCE > available wherever needed via virtual service engines anyway.**** > > ** ** > > What do you think?**** > > ** ** > > Pascal**** > > ** ** > > *From:* 6tsch-bounces@ietf.org [mailto:6tsch-bounces@ietf.org] *On Behalf > Of *Thomas Watteyne > *Sent:* mercredi 19 juin 2013 06:13 > *To:* 6TSCH > > *Subject:* Re: [6tsch] architecture with remote BBR**** > > ** ** > > Pascal, Raghuram,**** > > ** ** > > I'm fully aware that VPN/tunnels are a proven technique. Obviously, this > discussion only covers the case where a PCE is used.**** > > ** ** > > I want to make sure that we don't add unnecessary complexity. The easiest > thing is for 6TSCH not to define how the PCE and the BBRs discover each > other, neither how they communicate, and just give "examples" in the > architecture draft. This might be the right thing to do to start with, but > it would be awfully nice if I could connect my BBR to a third-party PCE. > I'm happy to talk about this on the phone on Friday.**** > > ** ** > > Thomas**** > > ** ** > > On Tue, Jun 18, 2013 at 8:53 PM, Raghuram Sudhaakar (rsudhaak) < > rsudhaak@cisco.com> wrote:**** > > Thomas,**** > > I agree conceptually with the cons that you mention for option 1. However, > tunneling and VLANs are a well understood concept in the network > setup/administration and used widely by IT teams. Pascal has pointed out > the specific Cisco technologies too. So, in the practical world tunneling > is the best/proven solution. **** > > ** ** > > In Option 2, the reliance of the BBR on the PCE to identify its peer may > be a cause for concern. It means that we implicitly mandate a PCE. This may > not be applicable to certain deployments that may want to use 6TSCH without > a PCE. Or a different routing computation technique/protocol/standard. *** > * > > ** ** > > IMO, the PCE, ND must be maintained as separate elements for the above > reasons as well as applicability to wider range of scenarios.**** > > ** ** > > I lean toward the idea that 6TSCH does not need to define anything to > create the connectivity between the BBRs. Instead the requirement can be > detailed along with possible solutions leaving the decision open. This will > hopefully help in wider applicability and interoperability.**** > > ** ** > > -raghuram **** > > ** ** > > ** ** > > *From: *Pascal Thubert <pascal.thubert@gmail.com> > *Date: *Tuesday, June 18, 2013 10:08 AM > *To: *Thomas Watteyne <watteyne@eecs.berkeley.edu> > *Cc: *6TSCH <6tsch@ietf.org> > *Subject: *Re: [6tsch] architecture with remote BBR**** > > ** ** > > Hello Thomas:**** > > And then we need to add the case of the backhaul that looks like your case > 1 but has applications on the other side of the VPN as opposed to another > wlan.**** > > This is actually being studied at ISA100.15 ...**** > > For your option 1, is it often (/ sometimes?) mandatory that the 2 LLNs > share a same L2 domain ( / IPv6 subnet) ? When they do not, we are back in > classical routing, with VPN iff crossing an untrusted area ( ; eg the IT > network from an OT perspective ; )**** > > The case of a single subnet crossing layer 3 boundaries is very classical > in datacenters. We use overlays to solve the issue; e.g. cisco OTV, but > also LISP, L2TP, and pseudowires in general.**** > > We should probably describe the case in the architecture and explain how > this can be achieved with the above technologies; and that probably 6TSCH > does not need to add anything new. Or does it? **** > > About option 2, I see the links to the PCE as either a single vlan or a > mix of vlan and vpn, depending on which domain must be crossed. The > structure has its benefits, but we probably need to come up with the same > model and multiple disjoint paths via multiple PCEs for high availability > and load balancing.**** > > what do you think?**** > > Pascal**** > > ** ** > > 2013/6/17 Thomas Watteyne <watteyne@eecs.berkeley.edu>**** > > All, **** > > ** ** > > There is a case I believe we are not covering explicitly in the > architecture.**** > > ** ** > > The architecture draft now considers the following topology:**** > > ** ** > > ---+------------------------**** > > | External Network**** > > |**** > > +-----+ +-----+**** > > | | Router | | PCE**** > > | | | |**** > > +-----+ +-----+**** > > | |**** > > | Subnet Backbone |**** > > +--------------------+------------------+**** > > | | |**** > > +-----+ +-----+ +-----+**** > > | | Backbone | | Backbone | | Backbone**** > > o | | router | | router | | router**** > > +-----+ +-----+ +-----+**** > > o o o o o**** > > o o o o o o o o o o o**** > > o o o LLN o o o o**** > > o o o o o o o o o o o o**** > > ** ** > > ** ** > > The backbone needs to be one broadcast domain for the ND proxy operations > defines in draft-thubert-6lowpan-backbone-router-03 to work.**** > > ** ** > > Now, let's consider a campus-wide deployment, where the requirements is > that (1) all the nodes use the same IPv6 prefix, and (2) all are managed by > the same PCE. Since BBRs are "far apart", they will not all live on the > same (broadcast) backbone.**** > > ** ** > > This is a very realistic scenario that I have come across multiple times, > and which I believe 6TSCH group could/should address.**** > > ** ** > > I can see the following options:**** > > ** ** > > *Option 1*: "under-the-hood" tunneling**** > > ** ** > > When installing the network, network administrators interconnect the > different pieces of the BB using some VLAN solution, essentially recreating > a broadcast domain.**** > > ** ** > > pros:**** > > - This option does not require any change the ND operation.**** > > cons:**** > > - IMO, in most multi-BBR deployments, the remote BBR case is the rule > rather than the exception. Using tunnels looks more like a "patch" which > might be seen as overly complex if it needs to be applied all the time.*** > * > > ** ** > > ** ** > > ---+------------------------**** > > | External Network**** > > |**** > > +-----+ +-----+**** > > | | Router | | PCE**** > > | | | |**** > > +-----+ +-----+**** > > | |**** > > | Subnet Backbone | *==========***** > > +--------------------+-------------- *TUNNEL* ----+**** > > | | *==========* |**** > > +-----+ +-----+ +-----+ (*remote*)**** > > | | Backbone | | Backbone | | *Backbone***** > > o | | router | | router | | *router***** > > +-----+ +-----+ +-----+**** > > o o o o o**** > > o o o o o o o o o o o**** > > o o o LLN o o o o**** > > o o o o o o o o o o o o**** > > ** ** > > ** ** > > *Option 2*: PCE responsible for forwarding to correct BBR**** > > ** ** > > Each BBR establishes an explicit (and secure) connection to the PCE. Since > the PCE is aware of the nodes connected through each BBR, it can forward > some inbound packet to the appropriate BBR.**** > > ** ** > > The functionality of the PCE and Router can be merged. The PCE/Router gets > a packet for a particular node, and forwards it to the appropriate BBR over > the explicit connection to that BBR.**** > > ** ** > > ** ** > > --------------+-------------------**** > > | External Network**** > > |**** > > +-----+**** > > | | PCE/Router**** > > | |**** > > +-----+**** > > ^ ^ ^**** > > | | |**** > > ** ** > > ** ** > > +---------------+ | +----------------+**** > > | | |**** > > v v v**** > > +-----+ +-----+ +-----+**** > > | | Backbone | | Backbone | | Backbone**** > > o | | router | | router | | router**** > > +-----+ +-----+ +-----+**** > > o o o o o**** > > o o o o o o o o o o o**** > > o o o LLN o o o o**** > > o o o o o o o o o o o o**** > > ** ** > > *Option 3*: hybrid**** > > ** ** > > This is the same as option 2, but the router and the PCE as separate. The PCE acts as the ND proxy for all the nodes attached to all the BBRs it is managing. The router is a regular router.**** > > ** ** > > ---+-----------------------**** > > ** ** > > ** ** > > | External Network**** > > |**** > > +-----+ +-----+**** > > | | Router | | PCE**** > > | | +--| |**** > > +-----+ | +-----+**** > > | | ^ ^ ^**** > > ** ** > > ** ** > > | | | | |**** > > ------------------------ | | |**** > > | | |**** > > | | |**** > > ** ** > > ** ** > > +---------------+ | +----------------+**** > > | | |**** > > v v v**** > > +-----+ +-----+ +-----+**** > > | | Backbone | | Backbone | | Backbone**** > > o | | router | | router | | router**** > > +-----+ +-----+ +-----+**** > > o o o o o**** > > o o o o o o o o o o o**** > > o o o LLN o o o o**** > > o o o o o o o o o o o o**** > > ** ** > > ** ** > > Thoughts? > > **** > > ** ** > > ** ** > > Thomas**** > > > _______________________________________________ > 6tsch mailing list > 6tsch@ietf.org > https://www.ietf.org/mailman/listinfo/6tsch**** > > > > > -- > Pascal **** > > ** ** >
- [6tsch] architecture with remote BBR Thomas Watteyne
- Re: [6tsch] architecture with remote BBR Pascal Thubert
- Re: [6tsch] architecture with remote BBR Raghuram Sudhaakar (rsudhaak)
- Re: [6tsch] architecture with remote BBR Thomas Watteyne
- Re: [6tsch] architecture with remote BBR Pascal Thubert (pthubert)
- Re: [6tsch] architecture with remote BBR Thomas Watteyne
- Re: [6tsch] architecture with remote BBR Pascal Thubert (pthubert)