IETF Logo Mail Archive

Re: [Apn] Policy or forwarding behavior? [Was: Per flow state : [Was: Using IPv6 Flow Label for APN]]

"Jeffrey (Zhaohui) Zhang" <zzhang@juniper.net> Tue, 03 August 2021 14:28 UTC

Return-Path: <zzhang@juniper.net>
X-Original-To: apn@ietfa.amsl.com
Delivered-To: apn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 697783A25A9 for <apn@ietfa.amsl.com>; Tue, 3 Aug 2021 07:28:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.548
X-Spam-Level:
X-Spam-Status: No, score=-2.548 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=gIFIlnvS; dkim=pass (1024-bit key) header.d=juniper.net header.b=VpG2XBv9
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ssQyP0x2BXOY for <apn@ietfa.amsl.com>; Tue, 3 Aug 2021 07:27:55 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0ABF03A25A7 for <apn@ietf.org>; Tue, 3 Aug 2021 07:27:54 -0700 (PDT)
Received: from pps.filterd (m0108160.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 173EHaLR003647; Tue, 3 Aug 2021 07:27:42 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : content-type : content-transfer-encoding : mime-version; s=PPS1017; bh=+mncXh2uRCZk9S9Cd9XmZT96lEVBHjDWvxooIsGQ1iM=; b=gIFIlnvS+LU6pLgCQWtYymytLAamWgz+EaucNupCOmzf9v0m4gsBDKxGukC5x2l3jUjV hkET8tZitlO2VuIlYawa7jZhwFIElrRL3yE+BT5r0KnFHlaLo0TbZMhZ8qdtegk7rf0z 0zAmSG+GoR2fNp+qIqFTBQ1S6yveOIOSyNpnptfstrb9AOLAPmdsop99A/Pq1tvjIIz+ sDL0Vm91JQJ2q5HxGCMo0D72Z/lfhLbKI7XktmYf8X7tS9nyiSG6nxLyFHlVrgBLWYT0 ieeyhcWPimBJ/0hrve3KP9bh4S5AVbm/LdaNjvhKH7MwflvGcNm5LRSw+RAANNYQ1SGd 7Q==
Received: from nam11-bn8-obe.outbound.protection.outlook.com (mail-bn8nam11lp2173.outbound.protection.outlook.com [104.47.58.173]) by mx0b-00273201.pphosted.com with ESMTP id 3a70ta8p5c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 03 Aug 2021 07:27:42 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kO5CvrANcahlrDBoskUdoJPZkCQbYpk6LtKspIJRQhz3vaX9VvGiOSANnCnRhu0vWdszLSYeDWFOX6Nedeg1Pqtu52hcTakTmF6OxHDyEgCldq9MlBcx5Tu7Dlp0c9+NLjtwEdIYC9GVJSwQOY6WZlBbX2lYJQ7qhd2oZdWrrcYgMrfj/kWm8mQ7l+Fai3n+UKLERXfyOazsUTrXfNY2AWQKrgp9AtawjxBHoyNjk7qzSRtv7L1Va2GlATe2T9c5z9dWwMm8LI4o5HFdQrzE3lc78IIOk9bVIW5oZVgSjx1kNhh+WI1kH/iS/HdT04cHDZLmW+VjQbNU/49s7CiyKQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+mncXh2uRCZk9S9Cd9XmZT96lEVBHjDWvxooIsGQ1iM=; b=FyjLb8HxvnO7F5HqOyzgoSHaD0zVGZUqYGRClBMGBDhUbDcvJXRTM/QRSqDPirK6Pubf3pfyYttyWrbhUOauVtbhvtriCVvhZKZynSUA1GyVDfTCH+9+yYzI/sc8De4jRCOk4Rr9LO9tIPXAjtNJbilycuMiDL/LhzX/mSmuRSzLk9I+LZUUoWsU9sX5j55diyc/+ALoD64S8JHkN+N3Tk2J57AUafhCkG1Csno2AZl0S9YpUOQBqJchf0zOooPEQ2ZBLyvNa1/IEEnOk+SASm4Q9+80c2w5ERXEsl9K7ZFiyV1uh6UBL35ynZHWiYgXpfqFZA6PtNcTxvWAyHcdQQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+mncXh2uRCZk9S9Cd9XmZT96lEVBHjDWvxooIsGQ1iM=; b=VpG2XBv93Wo0tp7zUjW8TUQzN7WZkmW092TqteOQZZGIBDY7aQiOtGP9i6OyYyEsgFdebPN2yw3/+7CZeU/YAluPAk+n6sLbPntkCZJ2C1kIayV21lEFHEI9gruQiHhX0E4WAcyvhF75QhvRkssD3/yXpCJr6nCw/cDhCCf3kjs=
Received: from BYAPR05MB5654.namprd05.prod.outlook.com (2603:10b6:a03:18::17) by BY3PR05MB8578.namprd05.prod.outlook.com (2603:10b6:a03:3cd::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.9; Tue, 3 Aug 2021 14:27:38 +0000
Received: from BYAPR05MB5654.namprd05.prod.outlook.com ([fe80::2dc1:a70:5ee3:732a]) by BYAPR05MB5654.namprd05.prod.outlook.com ([fe80::2dc1:a70:5ee3:732a%5]) with mapi id 15.20.4373.021; Tue, 3 Aug 2021 14:27:38 +0000
From: "Jeffrey (Zhaohui) Zhang" <zzhang@juniper.net>
To: "adrian@olddog.co.uk" <adrian@olddog.co.uk>, "'Pengshuping (Peng Shuping)'" <pengshuping@huawei.com>, 'Bob Hinden' <bob.hinden@gmail.com>
CC: 'apn' <apn@ietf.org>, 'Jari Arkko' <jari.arkko@piuha.net>
Thread-Topic: [Apn] Policy or forwarding behavior? [Was: Per flow state : [Was: Using IPv6 Flow Label for APN]]
Thread-Index: AdeIcxowXYrvn3cLSHGzUHgp7tyqBg==
Date: Tue, 03 Aug 2021 14:27:38 +0000
Message-ID: <BYAPR05MB5654E0593CE00D6916F406BAD4F09@BYAPR05MB5654.namprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.6.100.41
dlp-reaction: no-action
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=bafd6d62-f012-478d-9823-baa699ebd45d; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=0; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=0633b888-ae0d-4341-a75f-06e04137d755; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2021-08-03T14:21:40Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4;
authentication-results: olddog.co.uk; dkim=none (message not signed) header.d=none;olddog.co.uk; dmarc=none action=none header.from=juniper.net;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7c813806-b4a8-42e3-5650-08d9568ad874
x-ms-traffictypediagnostic: BY3PR05MB8578:
x-microsoft-antispam-prvs: <BY3PR05MB8578C42E058BBF1F5A5D8A18D4F09@BY3PR05MB8578.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Nb9aRff5R4KZyA9OfzicO7k1lrcLoRCPiSlbR8IowIF56gL5slgw2fK9IFRokdxPYtCwrph2YVq69KYBU1RaPNOCBGz9Vc6UDvTFgNZRKaT8QqCXZfcvgnkEPXQKbE+9y45w60ke8KM+PXeAcS4qMzne3tgSVckfObty6nvIPVyn12GWx6HbrQM2f1BjCnDIWJgdyUu8tJuk+73JooaH3JBREnQE0s+XiDTPU4ncXL+z+8jDiW67PDIgeTd5JEB8u2ndGyaJOxoEdz3ajRVZ4FiEk4LvE5ttjMm7DqWNmMYnIH2XItBhkDzOppBcYlaa9qujBYmSz7HZPb1HjYHrncouO08oHTbauHmCzvAgieY9dbDZGOWhYaFAiqlXm//Ch7y5D1vh2WPpDvBAVs2cfumo8LCKgZPoWoBh9UHl2ZlnA0nKEFv13SdAhfa7oDvgG4PShnStircB4gnjG+69pJKuQLJmE8cxnQMi/zhuIBNT+2HQZLWFxQZMTIauGZCSM5ogvA+vL9MxEoIRNJbGsWrBxKaUz+3qJRcN3XDBL9o0KrNZ11fi2bNNmLC7caEcku/aU3cN2oOMp52wcmh1zbP9SeJU9V1CgqVJck/iMIMnmVART53bR85Et8F6kRO9tsh0GJjtaz/E5tr7AnG+et+5AEu90wlEQslIV/P7vRaPvavtqwpJrcsuPO0MNhEa43aVIpurvZ8kcCCFmvXEEvc9TLzjXDJ+5H3Af2s7asbR4tx+S+jtwbcbEw6d+ZsHOWpqpjHdARJvNNPuH8Q1Y9m14z7tRfTlmMm1avTwH8I=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR05MB5654.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(83380400001)(71200400001)(38100700002)(8676002)(122000001)(52536014)(86362001)(33656002)(8936002)(38070700005)(55016002)(508600001)(2906002)(5660300002)(66476007)(66946007)(66446008)(76116006)(9686003)(64756008)(66556008)(966005)(110136005)(54906003)(186003)(4326008)(6506007)(7696005)(53546011)(316002)(26005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: iiZLAX+uaBDOE0WBX4xNR1ztrp0fOtc66pwUnwn1YRRwyx79YJVLBzvw+XI0KI0xdzzaIzr4H0ACt1t+1peVJd8d1mR9rHsttUpiqcnQWszC6tSE9WuAss/dUJ+8+QPSi3RcjFRFyooUkY8/SCUDbVsm5eUHUTdNNaJuO5ixwTXjqEEOQkaWH96xL591nqznoZiuKH1J0BXSYfRg5Rs2DDQ3T0vkBCB2kSR9/OOkDN7qEDo+jR4iZON3SMbtwXWvU9jNAPaoRtleO+Od3z4Ks8TpJaoq6XJFSDzNhEQuCvK60qGZlgb0/jI2GhYqq6x+U+7GdUQhiKfZUZbaWiWsPyCgCnbOFeHmD0bsYS0rj02GZkX+RTFYfQ1eE6BJHERqHkbJOb8QTrU2rGjPrG7taSor9+OPGXAt+4HmcIImxTxeLPi8NfkQ+9NtiyBsxxJomggZkrwBzUf0WmeVyMO2LGYyMZHopPawUpOP9mlRNFQG4laxYmJm0SsSdPDRr++8Rvzjxqn4Lojr7XNnuXXXaFcIsCzFJEfG6ZQGlIALFkO4/Be1zBrWOX8fOFAxhBEI2QCMxfdsw8Qpx5vEwJ8H2ajTE96n2gYU2MxiB7jW1IXqi1rT58cRgTYF3zf8jQicyHmqpywgxlEf7g+wu0uZSBRot3HRagfxe2PCdMwItQguZAvwXjKDlQrbnqInQOr5sJ0CzX4ee9AhC6aog/YklsLLTTsqIAl/Ty5fuBTCVY1Xk58PkccxaXRBnE2CQZo3BLmN/j8MRsH0XFKS9Y9PqoEFgNG7Ucg84f9JTLjn3iF3F9GW02QX6h7Qr9cwljvgUFIHGw2XNZEiS5zHYKfneRbr4ZsUb3X+7WMtqay/TYlLv+hF+3/TCw/kQ5IttreA90k9Uyv9FtrnnTVvcH62ma5djUA8etMTdqEVMpXRnp3rTKt1UvZ4niVHF9S38EbYBt8lKRjoAn9iqgHgBWZu0MsGUaArNvQuimlBwZIlnFWi9eDziIVYoyK1K2tybyQiyjSUMM4aXftEreOZ1j56XhQjcjQbAwVSe5XTa8zPWAzUtoHEvjfX9wK8JcwddhmRoEkZn0Wm8X52Ac1eO2NS5Hl4thdGlRqTX6nOGBumoJDP18tnXtoU446oB+DkEbclUotckFFyD3Eag19/m5a+0PZwrdrUVFI1hiRrkgurHXp1WTK1DqAVw/y0aYaSIOJmaKDo9adIi2tu4HeYfFR/20d2wBxGlzuT+tXwHPLz3ezwzaRfnYfe5WVVnjTru7f/21lmJTfI2EIL+Re4SycqO6YO2CHeFDATrdClQeGEL2xJ5ohCZ2drlaIRv4rMA7po
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR05MB5654.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7c813806-b4a8-42e3-5650-08d9568ad874
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Aug 2021 14:27:38.2906 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: yng1j2uYDAU2Xe5o9pMd8yyaHp24o2zyhT9PVsJbiMzYgQ/T1RfSKn448orhfqIv0jxKwCXrymYGsUIIAbnDAA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY3PR05MB8578
X-Proofpoint-GUID: jR0XbYu1sy1OG1FP_-y_UGLPQB4XoALF
X-Proofpoint-ORIG-GUID: jR0XbYu1sy1OG1FP_-y_UGLPQB4XoALF
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-08-03_03:2021-08-03, 2021-08-03 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 mlxscore=0 clxscore=1011 priorityscore=1501 suspectscore=0 adultscore=0 malwarescore=0 spamscore=0 mlxlogscore=999 lowpriorityscore=0 phishscore=0 impostorscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2107140000 definitions=main-2108030095
Archived-At: <https://mailarchive.ietf.org/arch/msg/apn/Fqr0enJxghHuA28XgVOfAQzdP28>
Subject: Re: [Apn] Policy or forwarding behavior? [Was: Per flow state : [Was: Using IPv6 Flow Label for APN]]
X-BeenThere: apn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Application-aware Networking <apn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apn>, <mailto:apn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/apn/>
List-Post: <mailto:apn@ietf.org>
List-Help: <mailto:apn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apn>, <mailto:apn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Aug 2021 14:28:01 -0000

Hi,

In the APN BoF, drafts, and discussions, the proponents always talk about "policy". I would like to ask if they specifically focus on "policy" as in "SR Policy" or "Firewall Policy", or would "Forwarding Behavior/Treatment" be a better word?

Thanks.
Jeffrey

-----Original Message-----
From: Apn <apn-bounces@ietf.org> On Behalf Of Adrian Farrel
Sent: Tuesday, August 3, 2021 5:24 AM
To: 'Pengshuping (Peng Shuping)' <pengshuping@huawei.com>; 'Bob Hinden' <bob.hinden@gmail.com>
Cc: 'apn' <apn@ietf.org>; 'Jari Arkko' <jari.arkko@piuha.net>
Subject: [Apn] Per flow state : [Was: Using IPv6 Flow Label for APN]

[External Email. Be cautious of content]


Hi,

I want to follow up on something Shuping just said because I don't think it cam over clearly in the discussion...

> Regarding the "states" for APN, it does not have to be a per-flow "state". The
> APN attribute is an indicator at the policy enforcement node for indicating
> policies to be enforced in the middle of a tunnel.

What this says is that the mapping of flow to APN attribute is n:1
The attribute is used to instruct the policy enforcement points about what policy they should apply to a packet. Packets from many flows may be subject to the same policy.
In that regard, it takes (some of) the policy decision computation from the policy enforcement nodes, and moves it to the APN edge where the APN attribute is computed.

I think this processing is "similar" to the use of DSCP. That is, there is not a different DSCP code point for each flow.

On the other hand, the value of an entropy indicator (IPv6 flow label, MPLS entropy label) for resolving ECMP decisions relies on:
1. All packets from one flow having the same entropy value.
    I think this holds for the APN attribute.
2. There being sufficient variation in entropy values across flows to enable
    sensible distribution of flows into the different ECMP buckets.
    I believe that for APN attributes this is a function of how the APN edges
    are instructed to create APN attribute values (by the controller/operator),
    but it would be possible for an operator to get this wrong by not introducing
    sufficient variation in the APN attribute values.

Best,
Adrian

--
Apn mailing list
Apn@ietf.org
https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/apn__;!!NEt6yMaO-gk!SMEllNP9DvTTdFc4oPuEOxry7goTHw3vByG1kUfG32uDcwGr0YH1GE6QD3LFyXTa$

Juniper Business Use Only

v2.23.0 | Report a Bug | By Email