IETF Logo Mail Archive

Re: [bess] Alvaro Retana's Discuss on draft-ietf-bess-srv6-services-10: (with DISCUSS and COMMENT)

Ketan Talaulikar <ketant.ietf@gmail.com> Wed, 16 February 2022 18:29 UTC

Return-Path: <ketant.ietf@gmail.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F26963A0F04; Wed, 16 Feb 2022 10:29:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 4.145
X-Spam-Level: ****
X-Spam-Status: No, score=4.145 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, GB_SUMOF=5, HTML_MESSAGE=0.001, NORMAL_HTTP_TO_IP=0.001, NUMERIC_HTTP_ADDR=1.242, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q-NZgu7i_LZu; Wed, 16 Feb 2022 10:28:56 -0800 (PST)
Received: from mail-vk1-xa2b.google.com (mail-vk1-xa2b.google.com [IPv6:2607:f8b0:4864:20::a2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 291013A14C6; Wed, 16 Feb 2022 10:28:45 -0800 (PST)
Received: by mail-vk1-xa2b.google.com with SMTP id v192so1734800vkv.4; Wed, 16 Feb 2022 10:28:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=TtA+jIAlqddsV6Hf6rERIfK3O9LKcZD8zm2ADS82DiY=; b=IEyO5lplVrO4XJmGNa4Bsh5/V14O8gpN5apifqP2uWQ948txVmiQy3/jhuTooJv9kP LZR6IKIq1+bjBmwGwTplEvypFpxuoqFsqp43JCEFDyEdhFULgFP/fzAifRLzH18Y/ho5 FESfR/EwCjbOWIUZ965IpSWWNcI5eycurjCgleWh9zFupc+z9q0fIhmHzCvXGXQNNQzi jjBwVFVZxT3RuN62scKeKr9VPWf/Ciebg6PByp0x7yDB+QBQ3p1TytRrYswWEdly3wxw PKXkvyicyhQ3sIF1yJyLinupK/HvUqNkxVg5cZN/JWLs+dSbAIs37Og7X/lxdXW4Zms4 rDtA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=TtA+jIAlqddsV6Hf6rERIfK3O9LKcZD8zm2ADS82DiY=; b=z7nRRmWsLDXDf8bnJ5vBlFyqye4/tf/cKTUmTAJBNQRmw5HMpi8O3+jR+UyTweuCGl v0UBaPLvYb/P14eCDYBH/BEa0cpD4rAd86ZxC+knv92YrxjVndadS1PSB0SwKrQvqO+0 9JxQuQOWtfNao69Aj98MQWd59cAKVt8KRmTwqB4DCQ17vp4Bz79hWz+t1EI0gAMYWBLH RKZG+EJOjEbNesyL/3nRG15Dcwpt5NIopWSrXrjWbQg8K5SF/KBv0RHX/C484R3KYNyk T25gKS83O7/7qQNO5VmdKvftPo6HwZbUwNYDmJl4exEwxF8FQZH3CC8B0iD/Evz5rRUO ElNQ==
X-Gm-Message-State: AOAM530XeEBrDirSf9o4gk6DLSb9wxj3wbNHEMKDZDzhZ+Gnn0tGHZBD Wcoreg9Wepw8+UCsdURwngPJW2PqjEACEPFLKxU=
X-Google-Smtp-Source: ABdhPJyaeSVSl4mA9BhPzDdXNlYw4g+Xpdba+CGudN1QvYPq+1ju0VPmNgF3gvD/B2+KPb1RtXPP/XVwCwQQWNcCLoQ=
X-Received: by 2002:a1f:2355:0:b0:32a:e5bb:29a1 with SMTP id j82-20020a1f2355000000b0032ae5bb29a1mr42417vkj.2.1645036122919; Wed, 16 Feb 2022 10:28:42 -0800 (PST)
MIME-Version: 1.0
References: <164494796487.31930.7636138656008278664@ietfa.amsl.com>
In-Reply-To: <164494796487.31930.7636138656008278664@ietfa.amsl.com>
From: Ketan Talaulikar <ketant.ietf@gmail.com>
Date: Wed, 16 Feb 2022 23:58:31 +0530
Message-ID: <CAH6gdPzvdae5sGOS982OLdQbYv-qGBnC9BwF_LePhTjaUW+Ghg@mail.gmail.com>
To: Alvaro Retana <aretana.ietf@gmail.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-bess-srv6-services@ietf.org, bess-chairs@ietf.org, BESS <bess@ietf.org>, "Bocci, Matthew (Nokia - GB)" <matthew.bocci@nokia.com>
Content-Type: multipart/alternative; boundary="000000000000bfd56b05d826d1cf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/6fcqDMccu3g_fqv3ub_tjgDHsKc>
Subject: Re: [bess] Alvaro Retana's Discuss on draft-ietf-bess-srv6-services-10: (with DISCUSS and COMMENT)
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Feb 2022 18:29:01 -0000

Hi Alvaro,

Thanks for your detailed review and comments. Please check inline below for
responses.

We have also posted an update for the draft to address comments from you
and other reviewers:
https://datatracker.ietf.org/doc/html/draft-ietf-bess-srv6-services-11


On Tue, Feb 15, 2022 at 11:29 PM Alvaro Retana via Datatracker <
noreply@ietf.org> wrote:

> Alvaro Retana has entered the following ballot position for
> draft-ietf-bess-srv6-services-10: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/
> for more information about how to handle DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-bess-srv6-services/
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
> I am balloting DISCUSS because the document underspecifies the use of
> Endpoint
> Behaviors. As a result, it is unclear when they should be checked,
> enforced,
> or needed. Details follow.
>
>
> The descriptions of the TLVs in §2 say (twice) that the "SRv6 Endpoint
> behaviors which MAY be encoded, but not limited to, are...etc."
>
>    The text above ends with "etc." which means there are other possible
>    behaviors. That's not a great use of normative language, even if
> optional.
>

KT> Agree. We have removed the "etc".


>    My initial instinct was to ask you to be specific, BUT...
>
>    The description of the SRv6 SID Information Sub-TLV (§3.1) says that "an
>    unrecognized endpoint behavior MUST NOT be considered invalid", which
> seems
>    to mean that any behavior is ok, AND...
>
>    There's no validation specified, except for the description of the SRv6
> SID
>    Structure Sub-Sub-TLV (§3.2.1), where it says that the "Argument length
>    MUST be set to 0 for SIDs where the Argument is not applicable". AND...
>
>    Several of the service descriptions in §5/§6 say that "The SRv6 Endpoint
>    behavior of the SRv6 SID is entirely up to the originator of the
>    advertisement. In practice, the SRv6 Endpoint behavior is..."
>
>
> The result is that any endpoint behavior (even unrecognized) can be used,
> while also requiring a specific setting for the argument length in some
> cases.
>
> How can the argument length be validated if the endpoint behavior is
> unknown?
>

KT> The argument length cannot be validated unless the endpoint behavior is
known. The ingress PE needs to actually write the ARG part of the SID into
the SRv6 SID advertised by the egress PE when sending packets for that
service to the egress PE. Therefore, knowing that the behavior involves
argument and validating the argument length is important. We have clarified
this in the text.


>
> Clearly (from looking at rfc8986), not all endpoint behaviors apply to the
> services defined in this document. Should a receiver accept any endpoint
> behavior? What should a receiver do if a known but unrelated behavior (End,
> for example) is received?
>
> What should the receiver do if the endpoint behavior is known and
> applicable,
> but the attribute length is not set correctly?
>

KT> Could you clarify which attribute length you are referring to?


>
> For any specific service (IPv4 VPN Over SRv6 Core, for example, to pick
> one),
> should the behaviors used "in practice" be enforced? What if different
> behavior
> is advertised? Can it safely be ignored?
>
> Why is the Endpoint Behavior included in the Sub-TLV if (from the above) it
> looks like it doesn't matter?
>

KT> The endpoint behavior is something that is associated with the SID
instantiated on the Egress PE. In most cases for VPN services, the ingress
PE simply needs to use the SID to send the packet to the egress PE. This is
much like how a context/instruction is associated with the VPN label for
MPLS - it could be per-vrf or per-ce or per-prefix - normally the ingress
PE does not care. However, with SRv6, we have behaviors that have arguments
that do require the ingress PE to be aware since it needs to set up the ARG
part of the SID in the packet encapsulation. In certain other cases, the
knowledge of the behavior on the ingress PE could enable local optimization
which we do want to preclude. Having the ability to signal the SRv6
Endpoint behavior also helps in troubleshooting and monitoring.


>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> (1) To make sure, the new "BGP SRv6 Service SID Flags" registry is
> intended to document the allocations for the "SRv6 SID Flags" field in the
> SRv6 SID Information Sub-TLV (§3.1), right?
>

KT> Correct.


>
> Please say so somewhere.  It would also be nice if the name of the field
> (SRv6
> SID Flags) and the registry (SRv6 Service SID Flags) matched.  I realize
> that
> fitting the full name in the figure won't work, but you can either use
> multiple
> lines (as you have already) or call the field simply "Flags," then extend
> to the full name in the description of the field...or many other ways to
> avoid
> confusion.
>

KT> We have fixed the figure and description to match the registry name.


>
>
> (2) §3.1:
>
>       SRv6 SID Flags (1 octet): Encodes SRv6 SID Flags - none are
>       currently defined.  SHOULD be set to 0 by the sender and MUST be
>       ignored by the receiver.
>
> If/when the flags are defined, the behavior specified here won't be
> compatible.
> Instead, a behavior that assumes that some of the flags will be known in
> the
> future would be better.  For example: any unknown flags MUST be ignored by
> the
> receiver.
>

KT> Ack. Fixed.


>
>
> (3) §3.1: "SRv6 Endpoint Behavior...The opaque endpoint behavior (i.e.,
> value
> 0xFFFF)...MUST NOT be considered invalid by the receiver."
>
> Ok, but the opaque behavior is not defined as invalid in rfc8986 or
> anywhere
> else (AFAIK).  rfc8986 includes a note specifically for the cases in
> this document in §8.3. So this requirement is not needed.
>

KT> Ack. It is covered by RFC8986. We have rephrased the sentence.


>
>
> (4) §3.2.1: "Transposition Length of 0 ... In this case, the Transposition
> Offset MUST be set to 0."
>
> What should the receiver do if the offset is not set to 0?
>

KT> If the checks in sec 3.2.1 fail, then the error handling is done as per
sec 8. Please also see the next response.


>
>
> (5) §3.2.1: According to rfc8986, the sum of the Loc + Func + Agr <= 128.
> The
> inclusion of the transposition fields changes the formula to add the new
> length.  Please indicate the new constraints.  What should the receiver do
> if
> the sum of the lengths is not <= 128?
>

KT> Ack. We have added the constraints for the fields of this sub-sub-tlv
as also the clarification for handling in sec 8.


>
>
> (6) §3.2.1: "Arguments MAY be generally applicable for SIDs of only
> specific
> SRv6 Endpoint behaviors"  In this case, "MAY" is just stating a fact
> (specified
> in rfc8986): s/MAY/may
>

KT> Ack. Fixed.


>
>
> (7) §5: s/MUST choose to perform IPv6 encapsulation/MUST perform IPv6
> encapsulation
>
> To choose is not normatively enforceable; encapsulating is.
>

KT> Ack. Fixed.


>
>
> (8) §5:
>
>    The SRv6 Service SID SHOULD be routable within the AS of the egress
>    PE and serves the dual purpose of providing reachability between
>    ingress PE and egress PE while also encoding the SRv6 Endpoint
>    behavior.
>
> Is it ever ok for the SID to not be routable?  If so, when?  The "purpose
> of
> providing reachability" requires the SID to be routable.  IOW, why is this
> behavior recommended and not required?
>

KT> An SRv6 SID may not be routable across multiple IGP domains within a
provider network when routes are not leaked. There can be other mechanisms
like SR Policies (or other forms of tunneling) that provide reachability.
In other scenarios, due to local policy, the resolution may be desired over
an SR Policy instead of the best-effort reachability provided by IGPs.


>
>
> (9) Both §5/§6 say that the "ingress PE SHOULD perform resolvability check
> for
> the SRv6 Service SID before considering the received prefix for the BGP
> best
> path computation."
>
> By "resolvability check", do you mean the "Route Resolvability Condition"
> from
> §9.1.2.1/rfc4271??  If so, please be explicit.
>
> Given that we're talking about services, which table should be used to
> resolve
> the SID?  This question is something that rfc4271 doesn't cover [1].
> Please add
> something similar to this text from rfc9012 (where the resolvability
> condition
> is mentioned):
>
>    The reachability condition is evaluated as per [RFC4271].  If the IP
>    address is reachable via more than one forwarding table, local policy is
>    used to determine which table to use.
>

KT> Ack. Updated the text.


>
> [1]
> https://datatracker.ietf.org/doc/html/draft-ietf-idr-bgp-bestpath-selection-criteria
>
>
> (10) [nits]
>
> s/multiple instances...is encountered/multiple instances...are
> encountered/g
>

KT> Ack. Fixed.


>
> Please add figure numbers to all the packet formats, etc.
>

KT> Ack. Fixed.

Thanks,
Ketan

v2.23.0 | Report a Bug | By Email