Re: [Apn] Questions about draft-li-6man-app-aware-ipv6-network-02

Lizhong Jin <lizho.jin@gmail.com> Tue, 13 October 2020 10:43 UTC

Return-Path: <lizho.jin@gmail.com>
X-Original-To: apn@ietfa.amsl.com
Delivered-To: apn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 354503A0F26; Tue, 13 Oct 2020 03:43:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ilZOnvsLTpyc; Tue, 13 Oct 2020 03:43:01 -0700 (PDT)
Received: from mail-oo1-xc30.google.com (mail-oo1-xc30.google.com [IPv6:2607:f8b0:4864:20::c30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4ACD73A0F1E; Tue, 13 Oct 2020 03:43:01 -0700 (PDT)
Received: by mail-oo1-xc30.google.com with SMTP id z1so4772775ooj.3; Tue, 13 Oct 2020 03:43:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=qNkMoZmyh2yCWdqU4vPZ+HZ8wLSXy/HyabaVdP43ggg=; b=XqhkC9/WcjQHz7xJoIxfFMa4d4v/eVTh6I3ikZfJTwkJKX0K5W118WZXXriB7kEMLR LcmqPdnfn7Bs3bth+Sv9ZkcLZl3UISjVn+kXmv/UccMKNqyR7ixBx91fJ2niPZKpg0Vd TgDZ4FSTq/sC+5KYkDjgKX9btTb/0sqX4Brix0Q8qgDs4lWwaacw1pzOIZnAjKLbY/p4 2HOphrOBth+0nWLsARdVxPRTlbKS8kKLb68krOegi9b5X/1GnhV7yN538gCUOklbNHxm qTwEGh+Y9SBv7P+8s0qDBNHcGjvN1PGFZPqSkF6gYs5Grw4+vrDtsjNeK187Bak4ZvN9 bacQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=qNkMoZmyh2yCWdqU4vPZ+HZ8wLSXy/HyabaVdP43ggg=; b=Gp8RuD0TT6aaW4BSUOgT0nu64t/fMSPxoDl0fRe9K4LBPcnMkj8RGa/y/8PvwBNQYf F3pNpVbbiVKzaPLu4ODIWtcq7bigQBUpESSPyGuO52L31G8S1nsj0IHhNg3wOMWouclE JqJ4aMgrtqt+BOrxi7/26pmupLOs5o7cmKhFSo1DlZLE+hCuSRmQPR+LkIypWpwzUWea 8wDEzqErujjUAnTHmIJAoyIEo+lDMzoWfQShjtPmlymAeFVR8J3FUrqCOlJ5AMiRz0Vv t8HjSDt2y78bKEONfKOwr01Esli5bVvyizemQbo3MB0AB24YZxpxCUWXwS5E3q8GyNwm ux6Q==
X-Gm-Message-State: AOAM530pwe2Dvf+PY8Z7bDV3LQAhzFbxcQAAFtk8f7It8JxH26n839NK fTTqyaftP/ySDVSUvyaeojDF36PRfOXLmG1+PcQ=
X-Google-Smtp-Source: ABdhPJzVSYMIzK0+SGf9qX6LoimRimE1DIOvLU81DwjfPIqJEWpWFMkWg4p8bH0gNmj+5j9xGjcg8FuCo1nO4hFL7Ws=
X-Received: by 2002:a4a:5258:: with SMTP id d85mr21634231oob.13.1602585780376; Tue, 13 Oct 2020 03:43:00 -0700 (PDT)
MIME-Version: 1.0
From: Lizhong Jin <lizho.jin@gmail.com>
Date: Tue, 13 Oct 2020 03:42:48 -0700
Message-ID: <CAH==cJz9S8ojWR5h8+yHWAFvJ9CTGYmM6ov5PeECfngbjUgcbA@mail.gmail.com>
To: Lizhenbin <lizhenbin@huawei.com>, "Eric Vyncke (evyncke)" <evyncke=40cisco.com@dmarc.ietf.org>, Linda Dunbar <linda.dunbar@futurewei.com>, IPv6 List <ipv6@ietf.org>, draft-li-6man-app-aware-ipv6-network@ietf.org
Cc: apn@ietf.org
Content-Type: multipart/alternative; boundary="00000000000029572d05b18b1408"
Archived-At: <https://mailarchive.ietf.org/arch/msg/apn/5KD_u2QTR7GfTckAwiVvWCajTjw>
Subject: Re: [Apn] Questions about draft-li-6man-app-aware-ipv6-network-02
X-BeenThere: apn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Application-aware Networking <apn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apn>, <mailto:apn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/apn/>
List-Post: <mailto:apn@ietf.org>
List-Help: <mailto:apn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apn>, <mailto:apn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Oct 2020 10:43:04 -0000

Hi Robin,
One more question as below. Thanks.

==================snipped=============

   1. How can residential/enterprise intranet VLAN information traverse the
   CE device? Or should the CE device use the ‘internal/private network’ VLAN
   tag to mark the traffic ?


[Robin] I propose the following example for your reference:

Host/App ------- residential gateway ------------------ DSLAM
------------------Metro PE -------- P ---------- Metro PE --------------
BRAS

Packet S-VLAN + Packet C-VLAN + S-VLAN + Packet L2VPN/MPLS L2VPN/MPLS
C-VLAN + S-VLAN + Packet

>From the above topology, DSLAM can be seen as the CE which adds the C-VLAN
and access the PE of the metro network.

[Lizhong] If DSLAM is as CE in APN, how does DSLAM identify every
application traffic? That will conflict the promise stated in
[draft-li-apn-problem-statement-usecases-01].

One of the key objectives of APN is for network operators to provide
fine-granularity SLA guarantees instead of coarse-grain traffic operations.

Regards

Lizhong

*From:* Lizhenbin <lizhenbin@huawei.com>
*Sent:* Thursday, October 8, 2020 23:15
*To:* Eric Vyncke (evyncke) <evyncke=40cisco.com@dmarc.ietf.org>rg>; Linda
Dunbar <linda.dunbar@futurewei.com>om>; IPv6 List <ipv6@ietf.org>rg>;
draft-li-6man-app-aware-ipv6-network@ietf.org
*Cc:* apn@ietf.org
*Subject:* Re: [Apn] Questions about draft-li-6man-app-aware-ipv6-network-02

Hi Eric,

Thanks for your greetings. Please refer to my reply inline.

Best Regards,

Robin

*From:* Apn [mailto:apn-bounces@ietf.org] *On Behalf Of *Eric Vyncke
(evyncke)
*Sent:* Thursday, October 8, 2020 7:52 PM
*To:* Lizhenbin <lizhenbin@huawei.com>om>; Linda Dunbar <
linda.dunbar@futurewei.com>gt;; IPv6 List <ipv6@ietf.org>rg>;
draft-li-6man-app-aware-ipv6-network@ietf.org
*Cc:* apn@ietf.org
*Subject:* Re: [Apn] Questions about draft-li-6man-app-aware-ipv6-network-02

Hello Robin,

I hope that you and your family were able to enjoy a nice family time !

About the VLAN, if you consider that the APN6 ‘tag’ is originated by the CE
device, then indeed it will stay intact accross the SP access network and
could be propagated across L2VPN/EVPN but then:

   1. It really requires deep packet inspection to get access to the .1Q
   tag in the SP network in case of L2VPN/EVPN

   [Robin] This is related with the possible new work items for APN to
   encapsulate the user information with MPLS/SRv6. That is, if the VLAN
   tagging information is acquired in the PE, when encapsulate the VLAN tagged
   packet with the outer MPLS/SRv6, the user information from the VLAN tagging
   will be mapped to the user information encapsulated with MPLS/SRv6. So the
   user information can be acquired from the outer encapsulation instead of
   deep packet inspection.

   2. How can residential/enterprise intranet VLAN information traverse the
   CE device? Or should the CE device use the ‘internal/private network’ VLAN
   tag to mark the traffic ?


[Robin] I propose the following example for your reference:

Host/App ------- residential gateway ------------------ DSLAM
------------------Metro PE -------- P ---------- Metro PE --------------
BRAS

Packet S-VLAN + Packet C-VLAN + S-VLAN + Packet L2VPN/MPLS L2VPN/MPLS
C-VLAN + S-VLAN + Packet

>From the above topology, DSLAM can be seen as the CE which adds the C-VLAN
and access the PE of the metro network.

I will need to think more about the ‘user’ information but it appears to me
that is rather ‘SP subscriber’ and not "individual user" (such as a student
in a University). Did I get the high-level view right?

[Robin] I like the name of ‘SP subscriber‘. The ‘user’ information of the
‘SP subscriber‘ can be used in the SP network without propagating to the
open internet. This is one of the right cases for APN.

I wonder if there is pure ‘individual user’ which can directly access the
open Internet since these users may have to pass through some of the AAA
(Authentication, Authorization and Accounting) in a limited domain before
their packets can access the open Internet. These users needs to provide
the necessary user information in the limited domain though these
information may be not the direct user information in the packet.

e
Regards

-éric

*From: *Lizhenbin <lizhenbin@huawei.com>
*Date: *Thursday, 8 October 2020 at 10:28
*To: *Eric Vyncke <evyncke@cisco.com>om>, Linda Dunbar <
linda.dunbar@futurewei.com>gt;, IPv6 List <ipv6@ietf.org>rg>, "
draft-li-6man-app-aware-ipv6-network@ietf.org" <
draft-li-6man-app-aware-ipv6-network@ietf.org>
*Cc: *"apn@ietf.org" <apn@ietf.org>
*Subject: *RE: Questions about draft-li-6man-app-aware-ipv6-network-02

Hi Eric,

Sorry for the delayed reply because we are having an 8-day holiday. Please
refer to my reply inline.

Best Regards,

Robin

*From:* Eric Vyncke (evyncke) [mailto:evyncke@cisco.com]
*Sent:* Tuesday, September 29, 2020 4:07 PM
*To:* Lizhenbin <lizhenbin@huawei.com>om>; Linda Dunbar <
linda.dunbar@futurewei.com>gt;; IPv6 List <ipv6@ietf.org>rg>;
draft-li-6man-app-aware-ipv6-network@ietf.org
*Cc:* apn@ietf.org
*Subject:* Re: Questions about draft-li-6man-app-aware-ipv6-network-02

Robin,

About Linda’s interesting questions about APN, I also wonder why using VLAN
tagging as this tag will be lost quickly after a couple of hops while the
IPv6 prefix will be kept (this is what DT Terastream did if not mistaken).

[Robin] The VLAN tagging will truly be lost after a couple of hops. This is
why we call it is used in the limited domains. In fact the VLAN tagged
packet may traverse the metro network where L2VPN/EVPN + MPLS/SR are used
before it arrives at the BRAS device. After the VLAN tagged packet are used
for accounting at the BRAS, the packet whose VLAN tagging is removed maybe
enter the IP core network where L3VPN + MPLS/SR are used for the transport.
In the process, the packet will traverse a trusted domain under the control
of one carrier. And it is possible that the user and service identification
information represented by the VLAN tagging can be mapped to the possible
MPLS encapsulated information or IPv6 encapsulated information if SRv6 is
used as the transport tunnel for the purpose of fine-granularity services.
This is an example that the user/service information can be acquired at the
edge of network without interfering the original user packet though the
information is not as accurate as that could be carried by the original
packet.

Else, I agree with you that Flow-Id should not be used as it is assumed to
be opaque.

Still puzzled though about the ‘user’ information as if the traffic is
encrypted it is also often to hide the user identity.

[Robin] The above example show how to get the ‘user’ information (VLAN
tagging) and how to use the ‘user’ information (in the limited domains).
The information will be lost after traversing the limited domains. If still
hope to use the user information, the only possibility is the possible user
information encrypted. It is another problem beyond the scope of APN and
face much challenges of security, privacy, etc.

In order to explain the issue clearly, I will try use another method. In
fact the packet traverse the network can adopt the form of ‘X in Y’ where Y
is the original packet and X is the outer encapsulation. You mentioned the
user information in X. In fact, the outer encapsulation Y (here VLAN
tagging is the example of Y) can also provide some user information besides
the original user information in X. In the limited domains, the ‘X in Y’
can be changed to ‘X in Y in Z’ (IP in VLAN in MPLS/SRv6) or ‘X in Z’ (IP
in MPLS/SRv6) where Y (VLAN tagging) is mapped to Z (MPLS/SRv6). APN work
focuses on the user information in the ‘X in Y’, ‘X in Y in Z’ and ‘X in
Z’. There is other work, especially in the APP/TSV area, which focuses
directly on the user information in X. They seems similar, but are
different in essence.

Regards

-éric

*From: *ipv6 <ipv6-bounces@ietf.org> on behalf of Lizhenbin <
lizhenbin@huawei.com>
*Date: *Monday, 28 September 2020 at 19:33
*To: *Linda Dunbar <linda.dunbar@futurewei.com>om>, IPv6 List <ipv6@ietf.org>rg>,
"draft-li-6man-app-aware-ipv6-network@ietf.org" <
draft-li-6man-app-aware-ipv6-network@ietf.org>
*Cc: *"apn@ietf.org" <apn@ietf.org>
*Subject: *RE: Questions about draft-li-6man-app-aware-ipv6-network-02

Hi Linda,

Please refer to my reply inline. APN mailing list is copied.

Best Regards,

Zhenbin (Robin)

*From:* Linda Dunbar [mailto:linda.dunbar@futurewei.com]
*Sent:* Saturday, September 26, 2020 2:23 AM
*To:* IPv6 List <ipv6@ietf.org>rg>;
draft-li-6man-app-aware-ipv6-network@ietf.org
*Subject:* Questions about draft-li-6man-app-aware-ipv6-network-02

Zhenbin, et al,

I have some questions on the draft-li-6man-app-aware-ipv6-network-02:

Page 5: App-aware Edge Device: This network device receives packets from
IPv6 enabled applications and obtains the application characteristic
information.

I am curious how does App-aware Edge Device derives the application
characteristics information ? Your draft mentioned VLAN tagging, How VLAN
tagging can provide Application characteristics information?

[Robin] There are different ways for VLAN tagging to provide application
characteristics information. Here I propose one example: the user
hosts/apps can connect to the home gateway which can add different VLANs
called S-VLAN to identify the different services. For example VLAN1 is used
for Internet service and VLAN2 is used for IPTV service. The home gateway
will connect to the DSLAM on which the VLAN call C-VLAN will be added to
identify the home user. So when the IP-based edge network device receives
the packet, it can derive the user ID and service type information from the
VLAN tagging. We have explained that the APN work focuses on the limited
domains rather than open Internet. The VLAN tagging shows that there is
similar practice in the access network.

Page 6: Is the Application-aware ID another extension field? Or part of
existing extension header? Like a subTLV within the Hop-by-hop options
Header Type?

[Robin] Application-aware ID is an option which can be used in DOH/HBH/SRH.
It is part of existing extension headers. It can be seen as a type of TLV.

Questions about the Application-Aware ID structure in Figure 4:

Why not use IPv6 Header "Priority/Traffic class" field to represent the SLA
Level?

[Robin] The design is to take integrity into account. That is, all the
information can be obtained from the single Application-aware ID.
Traditionally we can get different parts’ information to compose some type
of tuple. The process has effect on the forwarding performance and the
scalability of forwarding entries.

Can you use IPv6 Header’s "Flow Label" field to represent the App ID and
Flow ID?

[Robin] Integrity is the same reason for the problem. In addition "flow
label" will be used for ECMP. Reusing it may cause the compatibility issue.

How can network acquire the information about "USER" information? I would
think most applications encrypt their user information.

[Robin] The above example shows that C-VLAN can be used to acquire USER
information. Though the application may encrypt their user information, not
only APN needs the USER information, but also the carriers need to learn
the USER information for accounting to get revenue. There already exists
the possible way to solve the issue.

What kind of functions do you envision to be listed in the Figure 6’s
Function ID?

[Robin] Figure 6 is to reuse the SRv6 SID. The function ID means just the
functions supported by the existing SRv6. The Application-aware ID is put
into the arguments of the SRv6 SID. The function ID part will not have
effect on the Application-aware ID.

[Robin] Thanks for your comments and questions. Now the draft is in the
early phase. The usage of the Application-aware ID option can be further
discussed.

Thank you very much.

Linda Dunbar