Re: [Banana] Updated Charter

["Sri Gundavelli (sgundave)" <sgundave@cisco.com>]

Hi Mingui,

You talked about three new technical requirements for “Banana” solution. I thought I will provide my comments on those three requirements and how they are realized today. See inline …



From: "Zhangmingui (Martin)" <zhangmingui@huawei.com<mailto:zhangmingui@huawei.com>>
Date: Friday, September 29, 2017 at 4:49 AM
To: Margaret Cullen <margaretw42@gmail.com<mailto:margaretw42@gmail.com>>, Microsoft Office User <sgundave@cisco.com<mailto:sgundave@cisco.com>>
Cc: "philip.eardley@bt.com<mailto:philip.eardley@bt.com>" <philip.eardley@bt.com<mailto:philip.eardley@bt.com>>, "wim.henderickx@nokia.com<mailto:wim.henderickx@nokia.com>" <wim.henderickx@nokia.com<mailto:wim.henderickx@nokia.com>>, "david.i.allan@ericsson.com<mailto:david.i.allan@ericsson.com>" <david.i.allan@ericsson.com<mailto:david.i.allan@ericsson.com>>, "banana@ietf.org<mailto:banana@ietf.org>" <banana@ietf.org<mailto:banana@ietf.org>>
Subject: RE: [Banana] Updated Charter

Hi Margaret,

> [With the caveat that I don’t think anything should be DSL/LTE-specific, though, or assume that there are exactly two links, or that there is only one “N2” that can reach a given end-node]

This is a good point. It’s common that providers use multiple aggregation BANANA boxes to achieve load balance. N2 would be a branch router (not the aggregation BANANA box) that adopts anycast mechanism. Suppose the aggregation BANANA boxes behind N2 are N3 and N4, then the tunnel endpoints would be N1-N3 or N1-N4 rather than N1-N2. For this reason, N3 needs to let N1 know he is the real tunnel endpoint. To me, this feature has to be realized by a BANANA control protocol. DNS does not support this feature.

[Sri] Your ingress prefix comes from an anchor. Now, if you have 10 remote sites with an anchor in each site and if you want the CPE to use all the anchors, you need prefixes from each of those anchors. So, its not clear how the source address selection works, or many prefixes will you host on the network behind the CPE. May be you meant some thing else, but this requirement is not clear to me.

But, if you are pointing to an anchor-less model, probably LISP is the protocol for you. There, encap selection is based on destination address.  LISP has no concept of an anchor, but uses tunnels and encap selection is based on destination address. LISP  also has multipath support and so that would be a great protocol for this solution.



We can also identify several other features that require BANANA control protocol(s).
Bypass is another important feature that requires BANANA control protocol(s). Basically, this requirement requires the two BANANA boxes to use the control protocol to timely exchange the traffic types that need to bypass the two bonding tunnels.


[Sri] This property is there in mobile architecture and typically referred to as SIPTO. Look at RFC 6909 (https://tools.ietf.org/html/rfc6909)
is a good starting point.  Note that the ingress prefixes are topologically anchored on the anchor and so for that traffic to skip the tunnel, they need to be NAT translated.



Providers want performance measurement probes to be transmitted along the same path as data packets. These probes will be defined as control messages. Think about the above anycast mechanism. Providers do not expect these probes to be exchanged between N1 and N2. In order to make the probes be exchanged between N1 and N3 (or N4), these control messages (better all the control messages) need to take the same tunnels as data packets. I do not know an existing standard control protocol that meets this requirement and can be used in the BANANA scenario.

If the quality of one of the tunnels downgrades below a certain level (e.g., the measured RTT exceeds 300ms), the two BANANA boxes have to agree on to disable this tunnel instantly while remain the other tunnel. This action has to be executed relying on the control protocol. Is there an existing standard control protocol already supports this feature. I don’t think so.


[Sri] As Florin pointed out, there are many performance measurement tools/probes that are out there.  IPPM guys have published a number of RFC’s in this space.

https://datatracker.ietf.org/wg/ippm/documents/

These tools can measure various aspects at a very granular level. You can send probes over L3/L4  tunnels, or non-tunnel path. You can send probes of certain protocol type, frequency, with certain DSCP markings, certain packet sizes .. and you can measure various performance aspects (jitter, MOS, packet loss …etc). You can configure these tools independent of the multipath feature, but the reports from these measurements influence the protocol states of other protocols.

You may want the tunnel to be torn down when the latency exceeds 300 milli-secs, but in some other deployment they want the tunnel to be torn down when the voice MOS measurement falls below certain value. So, this is not about a “standard", its more about configuration and a deployment knob.

We do use these tools in cisco products supporting hybrid access solutions.



Thanks,
Mingui

From: Banana [mailto:banana-bounces@ietf.org] On Behalf Of Margaret Cullen
Sent: Friday, September 29, 2017 2:49 AM
To: Sri Gundavelli (sgundave)
Cc: philip.eardley@bt.com<mailto:philip.eardley@bt.com>; wim.henderickx@nokia.com<mailto:wim.henderickx@nokia.com>; david.i.allan@ericsson.com<mailto:david.i.allan@ericsson.com>; banana@ietf.org<mailto:banana@ietf.org>
Subject: Re: [Banana] Updated Charter

Hi Sri,

On Sep 28, 2017, at 12:18 PM, Sri Gundavelli (sgundave) <sgundave@cisco.com<mailto:sgundave@cisco.com>> wrote:

We cannot solve market fragmentation issue around protocol use and at least that cannot be the reason for defining a new protocol, or WG creation.  If that is the PS, Wim’s suggestion to focus on an information elements is a great proposal to get all solutions towards a common approach, but not by mandating a specific protocol use.

The point of standardization, at least IETF standardization, is so that there can be products from multiple vendors that _interoperate_.  In my opinion, this is a case where interoperability would be particularly desirable, especially for situations where bandwidth aggregation is performed over-the-top (as Dave Sinicrope would say), rather than terminating in an operator's network.  The good news is that we already have multiple options for bandwidth aggregation out there, with running code, and they work.  The downside is that they are all proprietary, so they don’t work _together_.  In your terminology, you can only get the benefits of bandwidth aggregation if N1 and N2 were bought from the same vendor, and the goal of this WG would be to fix that.


N1 wants to discover N2; It can be based on DNS FQDN, DNS SRV lookup, DHCP option, an attribute in AAA that comes to the device as part of the access authentication, or a static IP address configured locally.

Most of these choices require some sort of standards development work:  a DHCP option, defining a AAA attribute, defining a new DNS SRV type, etc…  None of these things can just magically be used to find “N2” in an interoperable fashion, without some standards work.  Having 6 options is about as useful, for interoperability, as having no option at all.  So, it would be good to define one way that N1 finds N2 (or a limited set of ways, and an order for trying them), so that boxes from different vendors can actually find each other without users having to populate multiple databases, deal with multiple boxes that do different things with the same configuration information,  or configure the same information into half-a-dozen places.

N1 wants to register with N2. N1 wants to presents its identity, authorize it self. N2 needs to use the identify and check AAA/local DB to authorize N1

Or it could use TLS, or DTLS, or…  There are numerous ways to authenticate between boxes, and we won’t get any interoperability until we pick exactly one.  If we wanted to use AAA (RADIUS or Diameter), we would also (at the very least) need to define a service name, and agree to at least one “mandatory to implement” method.  AAA might not be the best choice, though, given that we probably don’t want to limit bandwidth aggregation to the case where N1 and N2 have a single authority or overarching federation to run the AAA infrastructure.  So, a certificate-based or PKI system might be better?

N1 wants some flexible way to generate its identify, based on access network, hardware identifiers ..etc
N1 wants to register its reachability with N2. I have IP1 from LTE and IP2 from DSL
N1 wants a ask N2 for a set of prefixes for its ingress network from the anchor. It can obtain/register/negotiate Prefix P1, P2 and P3.
N1 wants an overlay tunnel to N2 over LTE. and another tunnel over DSL So, N2 can forward the traffic bound to N1’s ingress prefixes over an overlay path. Hiding the ingress prefix traffic from the transport topology
N1/N2 wants to continuously check path-reachability/peer-loss over DSL and also over LTE
[…]

These are the sorts of things that require the exchange of control information.  [With the caveat that I don’t think anything should be DSL/LTE-specific, though, or assume that there are exactly two links, or that there is only one “N2” that can reach a given end-node]  Perhaps you are saying that MIP already has a control-information-exchange mechanism that we could use for this?  If so, then great, you should propose it, and we should consider it!  We might need to extend a MIP control-information-exchange to include the information that is needed for per-packet load-balancing and recombination.  If we also used MIP as the tunnel-based Bandwidth Aggregation mechanism, we might also need to extend the MIP tunnel support to include per-packet load balancing and recombination functions — perhaps adding a packet sequence number, for example.  If the proposed BANANA WG decides this is the best approach, perhaps we could work with the DMM WG to standardize those extensions?  There may be other protocols we should consider for this role, though, that don’t have existing IETF WGs.  In those cases, we might do the extensions in the proposed BANANA WG.

I would also add something that you didn’t include:

There might be more than one Bandwidth Aggregation mechanism available on N1.  For example, we might have an MPTCP-Proxy-based mechanism available that can be used for Bandwidth Aggregation of TCP traffic, and a tunneling mechanism that can handle any IP traffic.  N1 might want to know which mechanisms are available on N2 (or potentially on N3 or N4 if they can be used to reach the same end node), and what types of traffic they can handle.  We might need some mechanism to resolve what traffic will be sent where, etc.  If we envision a world with multiple standard Bandwidth Aggregation mechanisms, we may need to choose at least one mandatory-to-implement Bandwidth Aggregation mechanism that all of N1…Nn will support, so that we can ensure interoperability.

Margaret