Re: [bess] Warren Kumari's Discuss on draft-ietf-bess-datacenter-gateway-10: (with DISCUSS)
Warren Kumari <warren@kumari.net> Thu, 20 May 2021 14:42 UTC
Return-Path: <warren@kumari.net>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E25C73A1918 for <bess@ietfa.amsl.com>; Thu, 20 May 2021 07:42:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nsqiKYmCuoAW for <bess@ietfa.amsl.com>; Thu, 20 May 2021 07:42:52 -0700 (PDT)
Received: from mail-lf1-x136.google.com (mail-lf1-x136.google.com [IPv6:2a00:1450:4864:20::136]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9F543A1921 for <bess@ietf.org>; Thu, 20 May 2021 07:42:51 -0700 (PDT)
Received: by mail-lf1-x136.google.com with SMTP id j6so22232265lfr.11 for <bess@ietf.org>; Thu, 20 May 2021 07:42:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=erKqx7ArtEqnJzfnAG5UnFp3JoGOjoo/TnQyT++ZUuo=; b=SQkvsJWF6d05dhcgTpciHgXPk4Zn3wvlFbo511UTR/nGWmRPNmvQmqkgEC026nQgfG MuJ36fQEkZ1Eszq8PqH5DRcjuc7nNTwVU1FMJDtAS/2pFP91aMqWDOi/XsMxKVYfzOx/ lfbgQjhtNZgHISOnUXHyYjoAQeY/S6IxvKFLgANw+V5DwW7nqNKuun6TsHiPICuh4wZH PcpiOx93143btJ8+pccHW00JbPYL5IX8fDXh0RdN/x+yYsJ6W1q0Q/ES1pBEM/1P25mT D9Lj4xwwKPzRyKbx31mOH4Rcsc1b+KeYuhMxa3e5Q7u8t8bEuGx5usT1cj6iBh3ds+bM uzpA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=erKqx7ArtEqnJzfnAG5UnFp3JoGOjoo/TnQyT++ZUuo=; b=iuoJGD6F8pAw93vFDmoNMkuZFq/eLi+UdlcIv9Am3TYMlHCshMfSYMlqCgukLT7BBr eDi51NQNwZF2dCMjiUvamEgDsfijICdwbsgu0wcROyzNX6QTnVdXFMxMKqOLQWWEBrq4 zrtuDMVBKhxvwafzwtZ0PQWtbLVoKDiKvDupCXKkoArrV+ogfoFAD6KDwuQy+Cl064mQ NNaYgmldZNZJDRfySBWeuuGBcvr0WobwygmnM1ki/Ifn6C97JT0dHFon6MhHhPty+agR RUYAz8k7aLezValuvTZyM3lDNYaxDift3ILTkv3wfo7nzL+UhiuaXC4sKJlBGYPZ7xdH b8xQ==
X-Gm-Message-State: AOAM532DL20Wh/5HKtmJTfnN33yhZD12FI/zqO9SaF3kEsebIWQddofl bUgJIF8+8iW41/lpFgVarBjNIC5ltYj0gHWQBPBw6Z49AgV5dg==
X-Google-Smtp-Source: ABdhPJymaWfOtIUJS36ukUAYs32vAKRTb/D67ZSyMLx/Ey8o3b2YRRuucYygryw8TN7ZbwpnFQW5KozhLXyabZnDWdY=
X-Received: by 2002:ac2:5ded:: with SMTP id z13mr3382858lfq.484.1621521768490; Thu, 20 May 2021 07:42:48 -0700 (PDT)
MIME-Version: 1.0
References: <162138261155.16222.3642328553740974312@ietfa.amsl.com> <041b01d74c8b$95e3ac10$c1ab0430$@olddog.co.uk>
In-Reply-To: <041b01d74c8b$95e3ac10$c1ab0430$@olddog.co.uk>
From: Warren Kumari <warren@kumari.net>
Date: Thu, 20 May 2021 10:42:11 -0400
Message-ID: <CAHw9_iJRocHPhjEOdG-AMff+x96+VjZ-kgJKm-P+zsThQStVDg@mail.gmail.com>
To: Adrian Farrel <adrian@olddog.co.uk>
Cc: The IESG <iesg@ietf.org>, draft-ietf-bess-datacenter-gateway@ietf.org, bess-chairs@ietf.org, bess@ietf.org, Matthew Bocci <matthew.bocci@nokia.com>
Content-Type: multipart/alternative; boundary="00000000000001c06d05c2c3f516"
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/Gf_ZmOzOy3iv7UjYLpwOH-Ax6uY>
Subject: Re: [bess] Warren Kumari's Discuss on draft-ietf-bess-datacenter-gateway-10: (with DISCUSS)
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 May 2021 14:42:58 -0000
On Wed, May 19, 2021 at 4:47 AM Adrian Farrel <adrian@olddog.co.uk> wrote: > Hi Warren, > > Thanks for this. I'll try to unpick it. > > > DISCUSS: > > --------------------------------------------------------------- > > > > I hope that I'm just misunderstanding something obvious, but I strongly > support > > John's DISCUSS > > So far, so good: we are in discussions with John and believe we will reach > a resolution that satisfies him. > > > when SR was "approved" it was with the understanding that it > > would only be used within "real" limited domains, and would never be sent > > outside of closed/limited network. > > I fear that there may have been some slipperiness in the discussion that > led to this understanding. > I recall pushing back quite a bit on the definition of "SR domain" as it > appeared in 8402 during IETF last call. But I didn't see a lot of support > for my view and concluded I was in the rough. > > He definition we ended up with specifically allows for tunnelling of SR > over non-SR parts of the network. I suspect that part of this is this comes in the use of the term "tunnel" > And, indeed, the nature of SRv6 is that packets containing the SRH may be > forwarded "transparently" by non-SR IPv6 routers. The domain is, therefore, > defined as the collection of interconnected SR-capable nodes. We ended up > with: > > Segment Routing domain (SR domain): the set of nodes participating in > the source-based routing model. These nodes may be connected to the > same physical infrastructure (e.g., a Service Provider's network). > They may as well be remotely connected to each other (e.g., an > enterprise VPN or an overlay). > > I read "same physical infrastructure (e.g., a Service Provider's network)." as something like an ISP network, operated by a single "operator"/entiy, so the SR traffic stays within what would commonly be called a "network". I read "remotely connected to each other (e.g., an enterprise VPN or an overlay)." as something where a packet (SR or whatever) is encapsulated as the payload of a new packet -- e.g a packet from my laptop on my enterprise VPN is encapsulated in the new packet by the VPN widget/software, and decapsulated by the other end. > This may go against your expectations (it may even go against reasonable > expectations), but it is what it is. > > In the light of this, and with the understanding of how overlays are built > and used (especially for VPNs), we explicitly looked in this document to > provide a simple way that SR-capable sites may be interconnected using a > concatenation of tunnels between SR-capable nodes in the wider network. Yup -- and I'm happy with this as a concatenation of actual tunnels (IPIP, GRE, IPSEC, etc) - my concern comes in if this is used for "raw" SR traffic (where the destination is an endpoint, and not a specific decapsulation device). The document says: "The various ASes that provide connectivity between the ingress and egress sites could each be constructed differently and use different technologies such as IP, MPLS with global table routing native BGP to the edge, MPLS IP VPN, SR-MPLS IP VPN, or SRv6 IP VPN." - if this is actually a VPN style or real overlay, I'm fine, but this isn't clear to me... > As you'll see from the document, this doesn't involve any changes to SR, > but does make use of SR's ability to use a SID to identify a node or a > tunnel. Our only new stuff is to allow BGP to distribute information in a > way that handles a site having multiple gateways and to cope with multiple > possible paths between sites. If an ASBR (BGP peer) is unable to process > the BGP extensions or is not SR-capable, it will not participate. > > > The document says: "The solution defined in this document can be seen in > the > > broader context of SR domain interconnection in > > [I-D.farrel-spring-sr-domain-interconnect]. ", which says: " Traffic > > originating in one SR domain often terminates in another SR domain, but > must > > transit a backbone network that provides interconnection between those > > domains." -- is it unclear to me if this is really what is being > proposed... > > Again (as per the many discussions during IESG review), s/domain/site/ > That was a bad mistake by the authors (who really love the use of the word > 'domain' as applied in all of the TEAS work). > To be clear, all interconnected SR sites form part of the same > 8402-SR-domain. > > Hmmm... This *might* address my concern, but I will need to reread this definition of domain. I have a horrible feeling that my concern/grump isn't with this draft, but rather with RFC8402... > We have fixed the use of site/domain in the working copy (which we hope to > post later today). > > > I'm hoping that I'm really misunderstanding something here -- please > educate me. > > Do you consider yourself educated now, or merely disciplined? đŸ˜‰ > Would you settle for "confused"? :-P W > > Cheers, > Adrian > > -- The computing scientist’s main challenge is not to get confused by the complexities of his own making. -- E. W. Dijkstra
- [bess] Warren Kumari's Discuss on draft-ietf-bess… Warren Kumari via Datatracker
- Re: [bess] Warren Kumari's Discuss on draft-ietf-… Adrian Farrel
- Re: [bess] Warren Kumari's Discuss on draft-ietf-… Warren Kumari