IETF Logo Mail Archive

Re: [Detnet] Alvaro Retana's Discuss on draft-ietf-detnet-architecture-11: (with DISCUSS and COMMENT)

Alvaro Retana <aretana.ietf@gmail.com> Wed, 20 February 2019 18:24 UTC

Return-Path: <aretana.ietf@gmail.com>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 941A7130E57; Wed, 20 Feb 2019 10:24:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JnP0Wq2AKogT; Wed, 20 Feb 2019 10:24:30 -0800 (PST)
Received: from mail-ot1-x335.google.com (mail-ot1-x335.google.com [IPv6:2607:f8b0:4864:20::335]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCE68130E2F; Wed, 20 Feb 2019 10:24:29 -0800 (PST)
Received: by mail-ot1-x335.google.com with SMTP id i5so41767929oto.9; Wed, 20 Feb 2019 10:24:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=Jx57uaHCor5dpnmiG6dSlz4DGnws+M1r1ztOfsU2r+Q=; b=J87dxuPZrC8Bpf5oIofNeXXLpL7keorVkHgI3tNddYwi5S7ggq5VaUhnDC5tk8yOWu gYrxxCxzjrmdaaKwbnSyvNr53IMVI/HfcbejLxhCKHQw915m717cbjTnI2ouAmBQHXeq 53wkkN97+kQQKN+q0ZcVOiAM72MMThANFkxq9g/JMlzJfVci01QwAdiLiXg4rOgKHHAC DcJHOhiMqoX+cEieAxbudB/Zh1qZiHl9U+k43iLyXxqLyNr4v3fpuk8i3GLKwq6AVQgc 5jZPyzECNU4Jy670EqVZSX6sHYbCf06+YeMY0q11S4XUujBVBMHSYfnXu2VMSln5iDf+ R6sg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=Jx57uaHCor5dpnmiG6dSlz4DGnws+M1r1ztOfsU2r+Q=; b=LTjOX3zXShr3Je0+bL8LyjylhZG7shhRFi1GuoE0tUQv1ach4i3SP7mshUgt6rkeI4 4Y1jBl0UCbrmWV3rOU/GOx9srAbmG+cLKAa6ryokGvOOR2iMtHTBwNL9hjRqCjLtWJqH PCIu2XjM9Sy7/eZBXI8Tl9Uyv08uKE5TUJ0C81jQOzQdQvMHhTeUV6l1lxUh2OhjXOLM DHBi8ukyK5zlKxM+pHrtw5f13k9DznsjAhzH5aq9E/nGZzl4ttFHUY7xeni2oLsMpwZo RkIE6ZORg1Ea8PEWIVyzPUST5rdNvf6oItRqdFUY46sakW41pwZRnttWYT4Ku9ASmGTZ Ym8w==
X-Gm-Message-State: AHQUAuZoN2sRWaDj0kRMsXRPXjaHdza6xBpxX5ZA8WlW+ZTWO44aDkjJ Fw5kMfyYcbGljzSkrzuMO3Pi9Xzu4vWxbQCGtqvstF8A
X-Google-Smtp-Source: AHgI3Ib9+WuLMDiavcRGB6ON+VDWj7qQKKEpr0yTiFZGuVWnhx0bPCy593vjlWSIrWcPXllSJcF2OqxJkTfzY5Jlpe4=
X-Received: by 2002:a9d:3de2:: with SMTP id l89mr22628633otc.239.1550687069074; Wed, 20 Feb 2019 10:24:29 -0800 (PST)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Wed, 20 Feb 2019 13:24:28 -0500
From: Alvaro Retana <aretana.ietf@gmail.com>
In-Reply-To: <108f9294-fb9d-557a-011a-6a53156bcb37@labn.net>
References: <155067820715.31361.3746519237969586434.idtracker@ietfa.amsl.com> <108f9294-fb9d-557a-011a-6a53156bcb37@labn.net>
MIME-Version: 1.0
Date: Wed, 20 Feb 2019 13:24:28 -0500
Message-ID: <CAMMESsx4juKOjPNPQW2iLDYRC6REr8jKWLJLBDUt-AsmC-eFmA@mail.gmail.com>
To: Lou Berger <lberger@labn.net>, The IESG <iesg@ietf.org>
Cc: detnet-chairs@ietf.org, detnet@ietf.org, draft-ietf-detnet-architecture@ietf.org
Content-Type: multipart/alternative; boundary="000000000000e9023005825777bb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/DyxsanAuYjygMoKL1IkuQE8fzAw>
Subject: Re: [Detnet] Alvaro Retana's Discuss on draft-ietf-detnet-architecture-11: (with DISCUSS and COMMENT)
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Feb 2019 18:24:33 -0000

On February 20, 2019 at 4:11:45 PM, Lou Berger (lberger@labn.net) wrote:

Hi Alissa,

…Alvaro… :-)

Hi!


----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

I support Mirja's and Alissa's DISCUSSes...and have a related set of concerns
about the coexistence with non-DetNet traffic and privacy:

§3.3.1 talks about what I think is a hard to achieve balance between coexisting
with non-DetNet traffic and keeping that traffic from disrupting DetNet flows.
Because of the constraints, the intent of prioritizing DetNet flows is clear
(and that is ok), but that may result in starvation of non-DetNet
traffic...even if the text does explicitly say that it "must be avoided".

I would like to see the potential case of starving non-DetNet traffic called
out somewhere.

This is the objective of section 3.3.1.


I'm looking for something similar to the first paragraph in §5,
but focused on the non-DetNet traffic.

The current text reads:

3.3.1.  Coexistence with normal traffic

   A DetNet network supports the dedication of a high proportion of the
   network bandwidth to DetNet flows.  But, no matter how much is
   dedicated for DetNet flows, it is a goal of DetNet to coexist with
   existing Class of Service schemes (e.g., DiffServ).  It is also
   important that non-DetNet traffic not disrupt the DetNet flow, of
   course (see Section 3.3.2 and Section 5).  For these reasons:

   o  Bandwidth (transmission opportunities) not utilized by a DetNet
      flow is available to non-DetNet packets (though not to other
      DetNet flows).

   o  DetNet flows can be shaped or scheduled, in order to ensure that
      the highest-priority non-DetNet packet is also ensured a worst-
      case latency.

   o  When transmission opportunities for DetNet flows are scheduled in
      detail, then the algorithm constructing the schedule should leave
      sufficient opportunities for non-DetNet packets to satisfy the
      needs of the users of the network.  Detailed scheduling can also
      permit the time-shared use of buffer resources by different DetNet
      flows.

   Starvation of non-DetNet traffic must be avoided, e.g., by traffic
   policing functions (e.g., [RFC2475]).  Thus, the net effect of the
   presence of DetNet flows in a network on the non-DetNet flows is
   primarily a reduction in the available bandwidth.


I think we need a little bit more to understand what you'd like to see
changed or added.  Can you suggest text or what specific topic you'd
like to see added/addressed?

Yes, let me try to explain better…while comparing with the current text in
§5, which basically says that even though the objective of DetNet is to
provide bounded latency, a MIIM may delay the traffic and the objective may
not be achieved.

For non-DetNet traffic, the objective is to not starve it, while providing
specific guarantees to the DetNet flows — said other way (from the
Introduction): "Unused reserved resources are available to non-DetNet
packets as long as all guarantees are fulfilled.”  However, the algorithms
(maybe error, misconfiguration…or even maliciously) may end up*not*
constructing the schedule to leave sufficient opportunities for non-DetNet
packets (as suggested in the text above from §3.3.1).

I see a parallel in how there is a risk of the intention for DetNet flows
not being met (because of an attack) and how the intention for non-DetNet
traffic may also not be met.


Related to the above is the fact that the identification of flows could be used
to specifically *not* include some of them as DetNet flows.  This is a
variation of the concern outlined in §6, but applied to non-DetNet flows, with
the potential starvation mentioned above.  Again, I would like to at least see
some discussion of this risk.

I don't follow - what is the risk that should be addressed?

§6 talks about potential privacy concerns due to the identification of
flows.  I interpret that as potentially being able to identify the user
(application, or both maybe).

As far as I understand the architecture, DetNet flows are identified at the
edge and then assigned to specific paths.  If the identification of flows
can be used to identify the user (for example), then it can be used to not
only attack specific DetNet flow, but also to decide to not provide
guarantees to a specific flow based on who the user or the application may
be.

I’m trying to point at a scenario where the identification may lead to flag
a flow as non-DetNet — and then (back to the initial point) potentially
starve it: eliminating the ability of that user to communicate.

The use case and problem statement documents outline specific applications that
may not have non-DetNet traffic, and the Introduction supports that.  However,
the architecture described in this document may be used in more general
networks to provide guarantees to specific traffic...  IOW, even if the
intention is there, there is no guarantee that DetNet will only be used in the
expected use cases.

You're not requesting any change in the document here, right?

Right.  Just pointing out that not all deployments of DetNet may be in the
expected use cases, potentially exposing them to other risks, or other
applications.


Hope this makes more sense.

Thanks!

Alvaro.

v2.23.0 | Report a Bug | By Email