IETF Logo Mail Archive

Re: [Detnet] Last Call: <draft-ietf-detnet-yang-18.txt> (Deterministic Networking (DetNet) YANG Model) to Proposed Standard

Florian Kauer <florian.kauer@linutronix.de> Wed, 06 December 2023 13:21 UTC

Return-Path: <florian.kauer@linutronix.de>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC6C2C14F5FF; Wed, 6 Dec 2023 05:21:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.996
X-Spam-Level:
X-Spam-Status: No, score=-5.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTML_TAG_BALANCE_BODY=0.1, MANY_SPAN_IN_TEXT=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_HTML_ATTACH=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=linutronix.de header.b="ciAnrIcc"; dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=linutronix.de header.b="PqVvqSXn"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tCl8210gKLs7; Wed, 6 Dec 2023 05:21:37 -0800 (PST)
Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BAB60C14F5F4; Wed, 6 Dec 2023 05:21:36 -0800 (PST)
Content-Type: multipart/mixed; boundary="------------r70uFWVifYX8kiHiVridKWRE"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1701868894; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=T6pLM1P405w9Zpl377nMlGIUQg8098HgdIwTsiVNrbc=; b=ciAnrIccU/Nub/h9YFliF5ONfsR60LCGpL/CitFdKCv7M+9LM9k+wxl4U7we5CtWkW0rsU 3BwtHNMjMHTmwt0cIo3GcVAMqD2el5rA6b541OBoZ1TzS1jUfihMKlNSGvJMMDUrS8umLC YdNLIxbbgb7lC2ZhQnosivv0mnTwQ5qpovBjdalrcl1AKyjglZDGuQkAwAI1HyCG6tULyu D6k7ocDw3TFRx4KG6Gj8wXTnhnyKOtOEPUjN52B7/CHCXr9G3eKYmnCIvKV75l57hO8TQt E8+5cZ8v15K9BL2zgiXcyb+23n5k92Z82f5O4WSbW9JRm7339m8Z08WGcDCJQg==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1701868894; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=T6pLM1P405w9Zpl377nMlGIUQg8098HgdIwTsiVNrbc=; b=PqVvqSXnmx4usirvT3VVcYaemEQfA0Nih0g/o9qlWVRxJnpaLGatVacj88pWG9r9Ct822o VOiTX4UAXiO8XfBQ==
Message-ID: <01caf93f-efdf-4293-89fd-e296cd3465f9@linutronix.de>
Date: Wed, 06 Dec 2023 14:21:33 +0100
MIME-Version: 1.0
Content-Language: en-US
To: last-call@ietf.org, draft-ietf-detnet-yang@ietf.org
Cc: detnet-chairs@ietf.org, detnet@ietf.org, janos.farkas@ericsson.com, jgs@juniper.net
References: <170180619452.981.2657917158901639039@ietfa.amsl.com>
From: Florian Kauer <florian.kauer@linutronix.de>
Autocrypt: addr=florian.kauer@linutronix.de; keydata= xsFNBGO+z80BEADOSjQNIrfbQ28vjDMvs/YD/z0WA/iJNaD9JQDXNcUBDV1q+1kwfgg5Cc7f rZvbEeQrO7tJ+pqKLpdKq6QMcUW+aEilXBDZ708/4hEbb4qiRl29CYtFf8kx4qC+Hs8Eo1s3 kkbtg/T4fmQ+DKLBOLdVWB88w6j/aqi66r5j3w9rMCaSp0eg7zG3s/dW3pRwvEsb+Dj7ai2P J1pGgAMKtEJC6jB+rE17wWK1ISUum22u17MKSnsGOAjhWDGiAoG5zx36Qy5+Ig+UwIyYjIvZ lKd8N0K35/wyQaLS9Jva0puYtbyMEQxZAVEHptH1BDd8fMKD/n03GTarXRcsMgvlkZk1ikbq TL9fe2u9iBI861ATZ4VwXs48encOl3gIkqQ/lZbCo8QRj7pOdvOkx/Vn20yz809TTmRxCxL1 kdSbHROfEmUCAQdYSLUUfPYctCIajan/zif/W3HZKJJ3ZTbxdsYonLF9+DSlkFU+BSL147in tDJ83vqqPSuLqgKIdh2E/ac2Hrua0n80ySiTf7qDwfOrB8Z2JNgl1DlYLbLAguZJ4d608yQZ Tidmu22QopA47oQhpathwDpEczpuBBosbytpIG7cNvn98JnEgWAwRk0Ygv9qhUa/Py4AcYG8 3VEkoTZ9VNSP1ObMxcraF+KH5YYkR6Rd2ykmTulh4FqrvyOyMwARAQABzStGbG9yaWFuIEth dWVyIDxmbG9yaWFuLmthdWVyQGxpbnV0cm9uaXguZGU+wsGUBBMBCgA+FiEE8X2LVBM8IilJ PmSgtZdt1lJRlE4FAmO+z80CGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ tZdt1lJRlE41Kw/9EMsgm3D6a4a8J4iKw5UGyDu31LbVW83PKIZ8lALdtzNuT/1Q85IKc7lT +hFtYYLos05tjo0lQ2SCf5qRP7FY/hGnk+1Hqnog9eloG+Eh522iojId2rPL4I9w0XvlN4Mm BleqCvBn3YPVGW0kxJXTwZDRQfReVLeFSKTvXwWYJYrvleF2Cgyom/tcNrugHJfVPOYOe/qN NpiIawhF8Q/9YnGeW0FydhrIB+A4jJvuk36mt6/D/Mqj7kbYp0vGYXmt7lbp/n8luApzNwbZ gJzMa+a8l2+5b+95zaJMcxYSP9M26uS5khTCWDs9PcasFB9IfU0uHAhIPxV6SNVXK1A0R8VY 2gxtprowtbnWBCIRh2xJls6sOUn4EJH0S0/tlTM/wOH2n3wrKqhz+8gQF5hj3f8P5B5UL/05 uhZg3zyeTFhQl2zqaD+a1KI4Dm0vf1SfnCpsvJvimfWoyRgMnSuosN+JC2b9LuR7Leq3g0lC okVY6546ccr7i4YaGKcdQX8/+0tFECNlhKPjR3ycQXToCquzkuMuHW/5ugmcFaebAOZ1nPT8 v/IdeuephUj4Xa8GUHmly/t44k1SH8xh2GHYAav43Yo7an2eJwBhRx+4vJioFK134fFTzBET DelXAoM5z9A21h1ZTEHHxro2DLbmzEmfDf97Hjhvwytupf1fHwbOwU0EY77PzQEQANDDECcC GPzSBAbMY56gUC7pLSy4+2KSRWS4cz3fNb6HHEmdSvhu+oq0zxm3Q04eJO2Mcu5DfTWEng+d u2rxRAGqDu/b/EVC0AbQLuDL2kvnO5LOVR9JPcyrsTGyrfq84QspY/KzTZaWkDbTX2G3yLmz AJs19LyehFC3kfSyQBcsvPR3fb/gcuU+fYhJiAFrHERovnSCA/owKRrY4aBzp7OGJQ2VzjbT g81rWnJY2WJGSzu5QPbU4n/KT+/NrkNQ91/Qsi8BfHmg4R1qdX7vNkMKWACttQKHm38EdwaH cX4hzYXad0GKzX219qeExt83dSiYmzLO8+ErJcCQPMIHViLMlLQVmY3u7QLE2OTHw51BRyhl i3Yjeqwzh5ScIOX3Fdhlb18S2kPZQZ/rRUkrcMUXa/AAyKEGFZWZhpVBTHSn+tum7NlO/koh t4OKO84xkaoa+weYUTqid86nIGOfsgUOZ192MANK/JggQiFJTJ2BMw/p3hxihwC1LUsdXgqD NHewjqJhiTjLxC6ER0LdrTURG4MS2tk5WjRgpAaAbKViXLM/nQ7CVlkyzJsdTbiLflyaHHs2 s18O+jiXDGyQQBP5teBuYFZ3j5EB2O+UVbQMBHoeZJQrtKgxHyyj9K0h7Ln/ItTB3vA9IRKW ogvwdJFhrSZBwoz+KQoz3+jo+PcBABEBAAHCwXwEGAEKACYWIQTxfYtUEzwiKUk+ZKC1l23W UlGUTgUCY77PzQIbDAUJA8JnAAAKCRC1l23WUlGUTq6wD/4zGODDbQIcrF5Z12Cv7CL2Qubb 4PnZDIo4WNVmm7u+lOXciEVd0Z7zZNZBClvCx2AHDJyPE8/ExqX83gdCliA2eaH2qPla1mJk iF6U0rDGGF5O+07yQReCL2CXtGjLsmcvYnwVvB5o70dqI/hGm1EKj1uzKRGZSe6ECencCIQ4 2bY8CMp+H5xoETgCw90FLEryr+3qnL0PEfWXdogP4g+IQ9wSFA3ls4+4xn6+thpWNhVxEv/l gEAES2S7LhgDQUiRLusrVlqPqlpQ51J3hky56x5p5ems42vRUh6ID/0mMgZQd+0BPgJpkovs QoaQAqP2O8xQjKdL+YDibmAPhboO1wSoy0YxxIKElx2UReanVc06ue22v0NRZhQwP9z27wwE Bp9OJFE0PKOM5Sd5AjHRAUoFfMvGSd8i0e3QRQHEcGH1A9geAzY+aw7xk8I2CUryjAiu7Ccd I6tCUxSf29+rP4TKP+akaDnjnpSPwkZKhPjjEjPDs9UCEwW3pKW/DtIMMVBVKNKb5Qnbt02Z Ek1lmEFP3jEuAyLtZ7ESmq+Lae5V2CXQ121fLwAAFfuaDYJ4/y4Dl1yyfvNIIgoUEbcyGqEv KJGED0XKgdRE7uMZ4gnmBjh4IpY6a2sATFuBiulI/lOKp43mwVUGsPxdVfkN/RRbFW7iEx63 ugsSqUGtSA==
In-Reply-To: <170180619452.981.2657917158901639039@ietfa.amsl.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/LGsB5n_dJSNyHTnD1B6OdXtdjwY>
Subject: Re: [Detnet] Last Call: <draft-ietf-detnet-yang-18.txt> (Deterministic Networking (DetNet) YANG Model) to Proposed Standard
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Dec 2023 13:21:42 -0000

Hi,
sorry for being this late, but there are several things that still confuse me when I try to apply the YANG model in a TSN over IP over TSN scenario (i.e. using DetNet to connect several TSNs over IP tunnels in the industrial automation or professional audio context).

It is likely that my confusions are only based on misunderstandings and missing background knowledge (and that's I why I did not speak up before and tried to do more research first), but I still would like to raise them now and let others decide if they are valid concerns or not. In both cases, I still would love to get support clarifying these points.

I also fixed some things that look like typos to me, but take them with a grain of salt since I am not a native speaker.

Greetings,
Florian

--- draft-ietf-detnet-yang-18.txt       2023-07-10 21:24:35.000000000 +0200
+++ draft-ietf-detnet-yang-18-fk-comments.txt   2023-12-06 13:49:42.692711093 +0100
@@ -192,14 +192,14 @@
    |  r  |Forwarding S-L   |Forwarding S-L   | Forwarding S-L|
    +-----+-----------------+-----------------+---------------+
 
-                   Figure 1: Detnet Layers and Node Types
+                   Figure 1: DetNet Layers and Node Types
 
    All of the layers have ingress/incoming and egress/outgoing
    operations, but any instance may be configured as only
    unidirectional.  Ingress refers to any DetNet layer where a DetNet
    context is applied.  Ingress allows functions such as switching,
    aggregation and encapsulation.  Likewise, egress refers to any DetNet
-   layer where a Detnet context is removed.  Egress allows functions
+   layer where a DetNet context is removed.  Egress allows functions
    such as switching, disaggregation and decapsulation.  This means that
    each unidirectional flow identifier configuration is programmed
    starting at the ingress and flow status is reported at ingress on
@@ -454,7 +454,7 @@
 
    This YANG model imports typedefs from [RFC6991], [RFC8519],
    [RFC8294], [RFC8343], [IEEE8021Q], and [IEEE8021QCX].  This YANG
-   model also has the folowing references to RFCs that are not in the
+   model also has the following references to RFCs that are not in the
    document text body [RFC0791], [RFC4303], [RFC8349], [RFC8938],
    [RFC8960], [RFC8964], and [RFC8200].
 
@@ -583,7 +583,7 @@
      identity none {
        base app-status;
        description
-         "This Application has no status. This identity is
+         "This application has no status. This identity is
           expected when the configuration is incomplete.";
        reference
          "RFC 9016 Section 5.8";
@@ -600,7 +600,7 @@
      identity failed {
        base app-status;
        description
-         "Application ingres/egress failed.";
+         "Application ingress/egress failed.";
        reference
          "RFC 9016 Section 5.8";
      }
@@ -608,7 +608,7 @@
      identity out-of-service {
        base app-status;
        description
-         "Application Administratively blocked.";
+         "Application administratively blocked.";
        reference
 
 
@@ -624,7 +624,7 @@
      identity partial-failed {
        base app-status;
        description
-         "This is an Application with one or more Egress ready, and one
+         "This is an application with one or more Egress ready, and one
           or more Egress failed.  The DetNet flow can be used if the
           Ingress is Ready.";
        reference
@@ -639,7 +639,7 @@
             + "/dnet:name";
        }
        description
-         "This is an Application Reference.";
+         "This is an application reference.";
      }
 
      typedef service-sub-layer-ref {
@@ -650,7 +650,7 @@
             + "/dnet:name";
        }
        description
-         "This is a Service sub-layer Reference.";
+         "This is a service sub-layer reference.";
      }
 
      typedef forwarding-sub-layer-ref {
@@ -661,7 +661,7 @@
             + "/dnet:name";
        }
        description
-         "This is a Forwarding sub-layer Reference.";
+         "This is a forwarding sub-layer reference.";
      }
 
      typedef traffic-profile-ref {
@@ -679,7 +679,7 @@
             + "/dnet:name";
        }
        description
-         "This is a Traffic Profile Reference.";
+         "This is a traffic profile reference.";
      }
 
      typedef ipsec-spi {
@@ -1113,6 +1113,79 @@
          description
            "The Application flow type choices.";
          container tsn-app-flow {
+---
+fk: In case of a tsn-app-flow, how does the actual encapsulation take place?
+
+For reference, lets look at a few cases and how I have understood them:
+
+1. ip-app-flow, nothing MPLS related in service or forwarding sub-layers:
+   -> Just transmit unmodified packet with new L2 header.
++---------------+      +----------+
+| Payload       |      | Payload  |
++---------------+      +----------+
+|   UDP         |      |   UDP    |
++---------------+  ->  +----------+
+|   IP          |      |   IP     |
++---------------+      +----------+
+| L2 (original) |      | L2 (new) |
++---------------+      +----------+
+
+2. ip-app-flow, but MPLS label is added:
+   -> Squeeze in MPLS header.
++---------------+      +----------+
+| Payload       |      | Payload  |
++---------------+      +----------+
+|   UDP         |      |   UDP    |
++---------------+  ->  +----------+
+|   IP          |      |   IP     |
++---------------+      +----------+
+| L2 (original) |      |   MPLS   |
++---------------+      +----------+
+                       | L2 (new) |
+                       +----------+
+
+3. mpls-app-flow:
+   -> Only optionally modify MPLS header
++-----------------+      +------------+
+| Payload         |      | Payload    |
++-----------------+      +------------+
+|   UDP           |      |   UDP      |
++-----------------+  ->  +------------+
+|   IP            |      |   IP       |
++-----------------+      +------------+
+| MPLS (original) |      | MPLS (new) |
++-----------------+      +------------+
+| L2 (original)   |      | L2 (new)   |
++-----------------+      +------------+
+
+4. tsn-app-flow:
+   -> In order to be able to reconstruct the full original L2 packet, we need
+      to retain the L2 header. So we need something like:
+
++---------------+      +-----------------+
+| Payload       |      |    Payload      |
++---------------+  ->  +-----------------+
+| L2 (Original) |      |  L2 (Original)  |
++---------------+      +-----------------+
+                       |      ???        |
+                       +-----------------+
+                       |   L2 (new)      |
+                       +-----------------+
+
+I know there are several different ways to realize this, including just
+transmitting the L2 packet over MPLS (apparently not IETF standardized?)
+or several others like L2TPv3 (RFC3931) or VXLAN (RFC 7348) if no MPLS labels are
+to be added (like in case 1 above).
+
+I would expect the YANG model (either this or a linked one) to somehow specify which
+of these options shall actually be applied. Otherwise, two DetNet routers might
+not be able to communicate with each other, because one might use L2TPv3 and
+the other one VXLAN. And also for example in the case of VXLAN,
+we would need the option to specify a VXLAN Network Identifier.
+
+What do you think about that?
+
+---
            uses l2-header;
 
 
@@ -1143,7 +1216,7 @@
          "detnet-flow identification.";
        choice detnet-flow-type {
          description
-           "The Detnet flow type choices.";
+           "The DetNet flow type choices.";
          case ip-detnet-flow {
            uses ip-flow-id;
          }
@@ -1254,7 +1327,7 @@
              case mpls {
                uses rt-types:mpls-label-stack;
                description
-                 "The MPLS Label stack next hop case.";
+                 "The MPLS label stack next hop case.";
              }
            }
          }
@@ -1425,6 +1498,9 @@
            type string;
            description
              "An Aggregation group ID.";
+---
+fk: I would expect "The name of the traffic profile." here as it is similarly used for most other names.
+---
          }
          container traffic-requirements {
            description
@@ -1708,10 +1784,20 @@
            container egress {
              description
                "Route's next-hop attribute.";
+---
+fk: This description does not seem right at this place!?
+---
              uses data-flow-spec;
              choice application-type {
                description
                  "This is the application type choices.";
+---
+fk: This part is quite confusing to me, especially since it does not directly mirror the ingress since.
+I guess one reason for that is there could be multiple interfaces that could be selected based on the packet headers?
+But for the same reason you could also have multiple ingress interfaces.
+Also the "ethernet" application type is confusing. I would expect that it should mirror the "tsn-app-flow",
+but then it mentions "TSN unaware traffic"?
+---
                container ethernet {
                  description
                    "This is TSN unaware traffic that maps to an
@@ -1860,6 +1946,9 @@
                container forwarding-sub-layer {
                  description
                    "This service sub-layer is sent to the forwarding
+--
+fk: "sent" or "sending"?
+--
                     sub-layers of the lower layer for DetNet service
                     forwarding or service-to-forwarding aggregation at
                     the ingress node or relay node.  When the operation
@@ -1978,7 +2067,11 @@
          list sub-layer {
            key "name";
            description
-             "The List is one or more DetNet Traffic types.";
+             "The list is one or more DetNet traffic types.";
+---
+fk: I don't get the meaning of this sentence in this context!?
+This is the forwarding sub-layer name and not a traffic type!?
+---
            leaf name {
              type string;
              description
@@ -1996,6 +2089,9 @@
                 impose-and-forward, pop-and-forward,
                 pop-impose-and-forward, forward, pop-and-lookup.";
            }
+---
+fk: Since these are MPLS forwarding-operations, do we still use e.g. "forwarding" when using IP instead of MPLS or just leave this out?
+---
            container incoming {
              description
                "The DetNet forwarding sub-layer incoming
@@ -2206,9 +2302,18 @@
    be considered sensitive.
 
    /detnet/traffic-profile/member-app: This links traffic profiles to
-   applications, o this also could be considered more sensitive.  The
+   applications, so this also could be considered more sensitive.  The
    traffic profiles liked to service sub-layer and forwarding sub-layer
    are less sensitive.
+---
+fk: I am not so sure if that is the case. Being able to change a traffic
+profile could mean that you can for example change a DetNet flow that
+is specified as lossless into one that is lossy. Or one with a very small
+latency into one with a huge latency.
+If the DetNet flow carries data of a time-critical industrial control loop,
+I wouldn't be too happy if an attacker can occasionally crash my system
+by dropping packets or inducing additional latencies.
+---
 
    /detnet/service/sub-layer/incoming/app-flow: This links applications
    to services.
@@ -2608,6 +2713,14 @@
         |     +--rw operation?            operation
         |     +--rw incoming
         |     |  +--rw (incoming)?
+---
+fk: One thing I raised before, but it either my comment got lost or i missed the response:
+Why is there no incoming forwarding sub-layer for the service sub-layer?
+An app-flow has outgoing service-sub-layer and incoming service-sub-layer,
+a forwarding sub-layer has incoming service-sub-layer and outgoing service-sub-layer,
+a service sub-layer has incoming app-flow and outgoing app-flow
+and it has outgoing forwarding sub-layer, but NO incoming forwarding sub-layer.
+---
         |     |     +--:(app-flow)
         |     |     |  +--rw app-flow
         |     |     |     +--rw flow*   app-flow-ref
@@ -2976,7 +3089,7 @@
       by the configuration.
 
    The following are examples of aggregation and disaggregation at
-   various points in Detnet.  Figures are provided in the PDF and HTML
+   various points in DetNet.  Figures are provided in the PDF and HTML
    version of this document.
 
 B.1.  Example A-1 JSON Configuration/Operational

v2.23.0 | Report a Bug | By Email