[Apn] Issues to be closed #10-#12

["Pengshuping (Peng Shuping)" <pengshuping@huawei.com>]

Hi all,

All the issued to be closed is going to be listed in this link https://github.com/APN-Community/Issues/issues.

Following the issues we posted in the last week, we post our responses to the issues #10-#12 this week. Please either leave your comments in the mailing list or directly in the github, so we can finally close these issues. Thank you!


10. Is APN designed for a single domain or multiple domains? From: Charles Eckel #10
https://github.com/APN-Community/Issues/issues/10

APN is designed for a single operator's limited and controlled domain(s). There could be multiple domains within this operator. At the provider edge node of each domain, the APN attribute could be used to steer the traffic into corresponding network services such as an explicit SRv6 path.


11. Is it a normal case that 1 SP has multiple domains? From: Greg Mirsky #11
https://github.com/APN-Community/Issues/issues/11

Yes, it is a very normal case that one SP has multiple domains under its administration, especially when the network scale is large.


12. Is that the entire value of these APN tunnels is to communicate information across domains? From: Jana Iyengar #12
https://github.com/APN-Community/Issues/issues/12

We would not call these tunnels are APN tunnels. They are the normal tunnels such as SRv6 policies or MPLS tunnels. APN attributes are encapsulated in the outer tunnel header to trigger the policy enforcement for the network service provisioning in a flexible and efficient way in the various nodes along the tunnel.


**********************************************
How time flies! Another Christmas is coming.
Merry Christmas to all! :)
**********************************************

Best Regards,
Shuping


From: Apn [mailto:apn-bounces@ietf.org] On Behalf Of Pengshuping (Peng Shuping)
Sent: Monday, December 13, 2021 9:59 AM
To: apn <apn@ietf.org>
Cc: ted.ietf@gmail.com; rick@tropicalstormsoftware.com; watsonbladd@gmail.com; kaduk@mit.edu; farinacci@gmail.com; rtgwg@ietf.org
Subject: [Apn] Issues to be closed #5-#9

Hi all,

All the issued to be closed is going to be listed in this link https://github.com/APN-Community/Issues/issues.

Following the issues we posted in the last week, we post our responses to the issues #5-#9 this week. Please either leave your comments in the mailing list or directly in the github, so we can finally close these issues. Thank you!


5. If the APN is trying to make app get better service for it from the network, how does it do that? Especially when every app want better service? From: Dino Farinacci #5
https://github.com/APN-Community/Issues/issues/5

Following the APN framework as defined in the https://datatracker.ietf.org/doc/html/draft-li-apn-framework-04, the traffic are tagged with APN ID at the network edge, against which the traffic can be steered into the network services such as SRv6 policies that can satisfy their various SLA requirements.


6. What is the problem domain of APN? What is the problem APN is trying to solve? From: Rick Taylor #6
https://github.com/APN-Community/Issues/issues/6

In this problem statement draft https://datatracker.ietf.org/doc/html/draft-li-apn-problem-statement-usecases-04, the three challenges that APN is trying to target at are listed as followings,

1.         Challenges of lack of fine-granularity service information

2.         Challenges of Traditional Differentiated Service Provisioning

3.         Challenges of Supporting New 5G and Edge Computing Technologies


Several concrete use cases that could benefit from APN have also been recorded in IETF drafts and presented in previous meetings.

l  https://tools.ietf.org/html/draft-liu-apn-edge-usecase

l  https://tools.ietf.org/html/draft-zhang-apn-acceleration-usecase

l  https://tools.ietf.org/html/draft-yang-apn-sd-wan-usecase


The work items to be covered were presented in the following slides,
https://datatracker.ietf.org/meeting/111/materials/slides-111-apn-8-apn-work-items-00.


7. Why do we need an abstract container for service info across all tunneling mechanisms? From: Watson Ladd #7
https://github.com/APN-Community/Issues/issues/7

As presented in the APN BoF @IETF111, from this use case we can see that the carried information can be used to trigger the IOAM performance measurement or perform fine-granular traffic steering at the edge of the intermediate domain without the need to further resolve the 5-tuple of the inner packets.
https://datatracker.ietf.org/meeting/111/materials/slides-111-apn-apn-use-cases-01


8. Do we have a protocol mechanism to enforce what's in the APN marking and when it's removed? From: Benjamin Kaduk #8
https://github.com/APN-Community/Issues/issues/8

The draft https://datatracker.ietf.org/doc/draft-li-apn-header/ specifies the APN header which includes the APN ID and/or parameters, that is, the APN marking.


This draft https://datatracker.ietf.org/doc/draft-li-apn-framework/ specifies that the APN marking will be encapsulated in the outer tunnel encapsulation and removed together with the tunnel encapsulation at the end of each tunnel.


9. How large is the space of APN attributes? If the existing field is enough to identify and individual (e.g. by physical port), could the attribute carry a user identifier? From: Ted Hardie #9
https://github.com/APN-Community/Issues/issues/9

The draft https://datatracker.ietf.org/doc/draft-li-apn-header/ specifies two types of APN ID which have different lengths. APN is not used to identify individuals. Usually a physical port can be used to identify a group of users, and the user group ID can be carried in APN.


Best Regards,
Shuping


From: Pengshuping (Peng Shuping)
Sent: Tuesday, December 7, 2021 9:45 AM
To: apn <apn@ietf.org<mailto:apn@ietf.org>>
Cc: rtgwg@ietf.org<mailto:rtgwg@ietf.org>; Lars Eggert <lars@eggert.org<mailto:lars@eggert.org>>; 'sergey.fomin@nokia.com' <sergey.fomin@nokia.com<mailto:sergey.fomin@nokia.com>>; 'Bernier, Daniel' <daniel.bernier@bell.ca<mailto:daniel.bernier@bell.ca>>
Subject: Issues to be closed #1-#4

Hi all,

All the issued to be closed is going to be listed in this link https://github.com/APN-Community/Issues/issues.

In the following weeks, we are going to post our responses to the issues. Please either leave your comments in the mailing list or directly in the github, so we can finally close these issues. Thank you!


1. What happens to a flow if a hop can't meet the APN requirements? From: Lars Eggert #1
https://github.com/APN-Community/Issues/issues/1

As described in https://datatracker.ietf.org/doc/html/draft-li-apn-framework-04#section-5, the APN requirements include APN Attribute Conveying Requirements and APN attribute Handling Requirements.

In the APN attributes, the carrying of the APN parameters is optional as stated in https://datatracker.ietf.org/doc/html/draft-li-apn-header-00#section-3. The typical APN parameters are the network performance requirements such as bandwidth, latency, etc.

If a hop cannot meet the APN requirements, which would mean that the hop cannot handle the APN attributes, then it will be up to the local configuration. We can explore more on this topic, but generally the flow needs to be forwarded without any interruption, probably in a default mode.


2. Does APN introduce a new data plane when it is supposed to work with any data plane? From: Sergey Fomin #2
https://github.com/APN-Community/Issues/issues/2

APN does not introduce a new data plane. APN uses and makes necessary extensions to the existing data plane to carry the APN header as defined in https://datatracker.ietf.org/doc/draft-li-apn-header/. The encapsulation example on the IPv6 data plane is suggested in https://datatracker.ietf.org/doc/draft-li-apn-ipv6-encap/.


3. Do we need to define a new data plane to carry this info, while you could use existing mechanisms? From: Sergey Fomin #3
https://github.com/APN-Community/Issues/issues/3

Some extensions may be needed. For example, new IPv6 HBH or DOH options would need to be defined to carry the APN header in the IPv6 data plane.
In https://datatracker.ietf.org/doc/draft-peng-apn-scope-gap-analysis/, we listed existing mechanisms and made some analysis and comparisons.


4. Is it expected that the APN ID and parameters be "normalized' (standardized) or be defined domain specific From: Daniel Bernier #4

The draft https://datatracker.ietf.org/doc/draft-li-apn-header/ specifies the APN header which includes the APN ID and parameters. APN works within an operator's controlled and limited domain, so the APN ID and parameters can be defined as domain specific.


Best Regards,
Shuping



From: Architecture-discuss [mailto:architecture-discuss-bounces@ietf.org] On Behalf Of Pengshuping (Peng Shuping)
Sent: Monday, December 6, 2021 9:17 AM
To: apn <apn@ietf.org<mailto:apn@ietf.org>>
Cc: architecture-discuss@iab.org<mailto:architecture-discuss@iab.org>; rtgwg@ietf.org<mailto:rtgwg@ietf.org>
Subject: [arch-d] Issues to be closed

Dear all,

Following the summary report on the APN@IETF112 [1], we list the questions/comments we received during the BoF as recorded in the meeting minutes [2] as below. Please have a look at these questions and let us know if there are any other key questions being missed out.

We are going to start answering these questions and try to close them one by one. Your attention and participation into the discussions are very welcomed. The tool would be the Github issue tracker. If you have better suggestion please let us know. Thank you!

[1] https://mailarchive.ietf.org/arch/msg/apn/OoOgezkAAbd2uFrY2Mk4ZxSbVzM/
[2] https://datatracker.ietf.org/meeting/111/materials/minutes-111-apn-00.txt

Part 1: General Questions

1.       What happens to a flow if a hop can't meet the APN requirements?

2.       Does APN introduce a new data plane when it is supposed to work with any data plane?

3.       Do we need to define a new data plane to carry this info, while you could use existing mechanisms?

4.       Is it expected that the APN ID and parameters be "normalized' (standardized) or be defined domain specific?

5.       If the APN is trying to make app get better service for it from the network, how does it do that? Especially when every app want better service?

6.       What is the problem domain of APN? What is the problem APN is trying to solve?

7.       Why do we need an abstract container for service info across all tunneling mechanisms?

8.       Do we have a protocol mechanism to enforce what's in the APN marking and when it's removed?

9.       How large is the space of APN attributes? If the existing field is enough to identify and individual (e.g. by physical port), could the attribute carry a user identifier?

Part 2: APN Domain

10.   Is APN designed for a single domain or multiple domains?

11.   Is it a normal case that 1 SP has multiple domains?

12.   Is that the entire value of these APN tunnels is to communicate information across domains?

Part 3: Opaque

13.   Is opaque used solely wrt privacy of info from which APN ID is derived? Is that just opaque lookup based on ID?

14.   What is opaque lookup? Which parameters are supposed to use? What exactly are you looking?

15.   Is opaque contradictory to the APN parameters? Does such a "treat as opaque" case actually use the full richness of attributes?

Part 4: Security/Privacy

16.   What is the mechanism that forces this attribute to be stripped at the network operator's boundary?

17.   Is this literally a mechanism for creating and sharing arbitrary metadata about arbitrary aggregates across arbitrary boundaries, which creates as much or more room for trouble?

Part 5: Flow Label

18.   Could the flow label be used for APN, which is designed for similar purpose?

Part 6: 5 Tuple

19.   Is that "structured attribute" more accurate than "tag"? How resulting resolution complexity will compare with 5-tuples being used?

20.   Does APN ID carry a piece of information that is potentially semantically *richer* than the five tuple and making that available to path elements that would not otherwise have that data?

21.   How can the edge routers estimate APN ID and parameters (latency, bandwidth, etc.) just from 5-tuple? Is there any interface or API between application and APN domain controller?

Part 6: Diffserv

22.   Why copying inner TOS to outer TOS and using existing equipment is not enough?

23.   Is APN able to express such "policies" so that a developer does not hardcode DSCP bits with a Excel spreadsheet on its desk to know what mapping means what?

Part 7: Network Slicing

24.   Is APN similar to or the same as Network Slice, just with a different name?

25.   Is the gap that existing approaches, e.g., Network Slice, only provide limited granularity but APN an unlimited one?

26.   Is slicing more general because addressing MULTI operator scenarios?

Part 8: DetNet

27.   What does APN bring that isn't already being done within DetNet?

Part 9: Open Mic

28.   What does the APN architecture add that isn't in existing IETF architectures and solutions?

29.   Why do we need an agnostic mechanisms instead of just hacking into existing mechanism individually? This adds to why having a single WG to focus on a technology agnostic mechanism would be useful before various data plane encapsulations are developed separately?

30.   If a problem does exist it does not have to be solved in the data plane, it could be the management plane.

31.   What different treatment will the network give my traffic if I'm in finance vs. marketing?

32.   Is there violation of the user's privacy/security?

Part 10: Chairs Summary (may overlap with previous questions as a summary)

33.   Why APN is needed when there are multiple existing mechanisms, just as DetNet and Network Slicing?

34.   How privacy affects APN, especially about accidental breach of privacy and subversion of decapsulation?

35.   Use cases need to explain more about what is needed from the APN attribute and what policies are applied in the network. We need more detailed "killer" use case examples.

36.   The APN attribute should not become a way of carrying arbitrary metadata. It is not clear at this stage what information needs to be in the APN attribute versus what information could be in the APN attribute.

37.   We also need more understanding of how APN is relevant in encrypted environments.

38.   Should APN be applied to multiple transport/underlay protocols or should it be better to pick just one and use it in all APN-enabled networks?

Best Regards,
Shuping