Re: [Detnet] IP Solution problem: Use of DSCP and ECN fields in IP headers for detnet flow identification
Lou Berger <lberger@labn.net> Thu, 08 November 2018 06:46 UTC
Return-Path: <lberger@labn.net>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02583130F46 for <detnet@ietfa.amsl.com>; Wed, 7 Nov 2018 22:46:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (768-bit key) header.d=labn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ePMUAWv5CrYj for <detnet@ietfa.amsl.com>; Wed, 7 Nov 2018 22:46:45 -0800 (PST)
Received: from gproxy9-pub.mail.unifiedlayer.com (gproxy9-pub.mail.unifiedlayer.com [69.89.20.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C7A1130EA1 for <detnet@ietf.org>; Wed, 7 Nov 2018 22:46:45 -0800 (PST)
Received: from cmgw11.unifiedlayer.com (unknown [10.9.0.11]) by gproxy9.mail.unifiedlayer.com (Postfix) with ESMTP id 551051E0840 for <detnet@ietf.org>; Wed, 7 Nov 2018 23:46:44 -0700 (MST)
Received: from box313.bluehost.com ([69.89.31.113]) by cmsmtp with ESMTP id Ke5Ugz8m1d20TKe5UgtWJE; Wed, 07 Nov 2018 23:46:44 -0700
X-Authority-Reason: nr=8
X-Authority-Analysis: $(_cmae_reason
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=labn.net; s=default; h=Content-Type:MIME-Version:Subject:References:In-Reply-To: Message-ID:Date:CC:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=0KqY1e7Xs1uThG9a/aEVCwYMgGb6xs+L0USLXnhV8Sw=; b=KuX8fEtUsYCLvyVzuu8+nPBCcN jspeqBFZJwaaPUaOWdCfYdvycvFSKJqezifwAuQ/HW4umjSngo4v3K2/PTgrkO87w8313q535Q/5X nWZUqRsCldGdjho6XsgRMg5p2;
Received: from [1.47.45.53] (port=62262 helo=[10.3.36.4]) by box313.bluehost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.91) (envelope-from <lberger@labn.net>) id 1gKe5R-001WQJ-JZ; Wed, 07 Nov 2018 23:46:44 -0700
From: Lou Berger <lberger@labn.net>
To: Greg Mirsky <gregimirsky@gmail.com>
CC: "Black, David" <David.Black@dell.com>, Balázs Varga <balazs.a.varga@ericsson.com>, DetNet WG <detnet@ietf.org>
Date: Thu, 08 Nov 2018 13:46:32 +0700
Message-ID: <166f2128540.27ce.9b4188e636579690ba6c69f2c8a0f1fd@labn.net>
In-Reply-To: <CA+RyBmXCe1MJJD-9NPsN7eOz=jq2CDT+rX_BvtgYsiby8_vZ+A@mail.gmail.com>
References: <CE03DB3D7B45C245BCA0D243277949363032B993@MX307CL04.corp.emc.com> <VI1PR0701MB25253F5A9AB8890CAE3A8FDCACCA0@VI1PR0701MB2525.eurprd07.prod.outlook.com> <CE03DB3D7B45C245BCA0D243277949363033031C@MX307CL04.corp.emc.com> <4ce74c7f-09c0-cd54-c128-9405687b9d5e@labn.net> <CA+RyBmXCe1MJJD-9NPsN7eOz=jq2CDT+rX_BvtgYsiby8_vZ+A@mail.gmail.com>
User-Agent: AquaMail/1.17.0-1318 (build: 101700009)
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------166f21288041a7627cef5dc016"
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - box313.bluehost.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - labn.net
X-BWhitelist: no
X-Source-IP: 1.47.45.53
X-Source-L: No
X-Exim-ID: 1gKe5R-001WQJ-JZ
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: ([10.3.36.4]) [1.47.45.53]:62262
X-Source-Auth: lberger@labn.net
X-Email-Count: 1
X-Source-Cap: bGFibm1vYmk7bGFibm1vYmk7Ym94MzEzLmJsdWVob3N0LmNvbQ==
X-Local-Domain: yes
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/dzbW48XKSUBGi6LTDvSiQwQoA0E>
Subject: Re: [Detnet] IP Solution problem: Use of DSCP and ECN fields in IP headers for detnet flow identification
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2018 06:46:57 -0000
---------- On November 8, 2018 1:23:38 PM Greg Mirsky <gregimirsky@gmail.com> wrote: > Hi Lou, et al., > one clarification question: > > - is it expected that DetNet flows will use several DSCP values or all > DetNet services will use one? > DetNet may use different/multiple values and there is (not yet at least) a DetNet dscps/phb. Lou > Regards, > Greg > > On Wed, Nov 7, 2018 at 8:07 PM Lou Berger <lberger@labn.net> wrote: > >> Hi, >> >> David and I took advantage of being together this week and came up >> with a proposed resolution to this. The proposal is as follows: >> >> - ECN bits will *not* be mentioned as being used as part of flow >> identifications >> - DSCP configuration will use value lists, not masks >> - For the same 5-tuple value sender SHOULD NOT mix DSCP values used for >> DetNet with non-DetNet (DSCP) values >> >> Please let me/us know what you think, >> >> Lou >> >> Thanks to David for the discussion. >> >> On 11/6/2018 10:48 AM, Black, David wrote: >> > >> > Hi Varga, >> > >> > I’m pleased that we mostly agree, and I’ll be happy to discuss the PHB >> > further. >> > >> > This discussion may also provide insight into my concern about 5-tuple >> > vs. 6-tuple flow identification – it looks like we have two different >> > sorts of “flow identification” under discussion: >> > >> > - Identification of a flow in the network in general (network flow or >> > microflow in RFC 2475). >> > >> > - Identification of a flow that undergoes DetNet processing at a >> > DetNet node (DetNet flow). >> > >> > At the moment, we’re using 5-tuples (src & dst addresses, protocol, >> > src & dst ports) for network flow identification and 6-tuples (5-tuple >> > + DSCP) for Detnet flow identification. In other words, we’re >> > effectively saying that a network flow (defined by a 5-tuple), becomes >> > a DetNet flow when a DetNet DSCP is added to request DetNet forwarding >> > by the network. There’s a level of indirection here caused by the >> > Diffserv architecture – a DetNet DSCP designates a DetNet PHB, and any >> > a packet marked with a DetNet DSCP receives DetNet forwarding at a >> > DetNet node. >> > >> > That said, my concern is that the 6-tuple term for a DetNet flow seems >> > counter-intuitive to me, even though the DetNet forwarding plane in a >> > DetNet node may well be matching on all 6 elements involved in order >> > to decide whether to provide DetNet forwarding to each arriving packet. >> > >> > IMHO, a better description would be that a network flow (5-tuple) is >> > being uniformly marked with a DetNet DSCP to request DetNet treatment >> > from the network (and presumably DetNet router hardware is matching on >> > DetNet DSCPs to dispatch inbound packets to DetNet forwarding logic >> > instead of conventional forwarding logic). The counter-intuitivity >> > of the 6-tuple term arises in the error case when someone uses a >> > “clever” marking of a single 5-tuple flow with a mixture of DetNet and >> > non-DetNet DSCPs. I believe that the result of that “cleverness” is >> > not multiple flows (which would be implied by the “6-tuple” term), >> > even though it may look like that in a DetNet node implementation. I >> > think the result is better described as a single not-entirely-DetNet >> > flow (defined by a 5-tuple) that receives bizarre forwarding treatment >> > at DetNet nodes - some of the packets get DetNet forwarding treatment >> > and some get other forwarding treatment, so in a loaded network, >> > significant reordering is likely, and the receiver is probably not >> > going to be happy with the resulting packet arrival order. >> > >> > If this all makes sense, that “clever” mixing of DetNet and non-DetNet >> > DSCPs in a single flow (hence mixing DetNet and non-DetNet forwarding >> > behavior in a single flow) deserves a “SHOULD NOT” statement in the >> > draft, with a warning about the bizarre forwarding behavior at DetNet >> > nodes that is a likely result, which seems like a better thing to do >> > than my original suggestion for some sort of prohibition on mixing >> > DetNet and non-DetNet packets in the same 5-tuple. >> > >> > Thanks, --David >> > >> > *From:* Balázs Varga A [mailto:balazs.a.varga@ericsson.com] >> > *Sent:* Sunday, November 4, 2018 11:13 PM >> > *To:* Black, David; detnet@ietf.org >> > *Subject:* RE: IP Solution problem: Use of DSCP and ECN fields in IP >> > headers for detnet flow identification >> > >> > Hi David, >> > >> > Many thanks for your comments and suggestions. This is definitely >> > something we must fix. >> > >> > Just two general statement as background: >> > >> > - ECN was not considered so far to be useful for DetNet flows. DetNet >> > flows expect zero congestion loss. >> > >> > DetNet sources do not consider to react on ECN. >> > >> > - Masking for flow identification was considered as a general rule for >> > the “tuples” (i.e. not DSCP specific). >> > >> > So, regarding your proposals >> > >> > A, No usage of ECN for flow identification: AGREE >> > >> > B, DSCP list instead of bitmask: AGREE, it can provide the same result. >> > >> > C, New DiffServ PHB for DetNet: Agree in principle, let’s discuss the >> > details >> > >> > Thanks >> > >> > Bala’zs >> > >> > *From:* detnet <detnet-bounces@ietf.org> *On Behalf Of *Black, David >> > *Sent:* Sunday, November 4, 2018 11:27 PM >> > *To:* detnet@ietf.org >> > *Subject:* [Detnet] IP Solution problem: Use of DSCP and ECN fields in >> > IP headers for detnet flow identification >> > >> > We have a problem here … >> > >> > The detnet IP solution draft (draft-ietf-detnet-dp-sol-ip-01.txt) has >> > this to say about >> > >> > use of DSCP and ECN fields in IP headers for detnet flow identification: >> > >> > 6.1.1.4. IPv4 Type of Service and IPv6 Traffic Class Fields >> > >> > These fields are used to support Differentiated Services [RFC2474] >> > >> > and Explicit Congestion Notification [RFC3168]. Implementations of >> > >> > this document MUST support DetNet flow identification based on the >> > >> > IPv4 Type of Service field when processing IPv4 packets, and the IPv6 >> > >> > Traffic Class Field when processing IPv6 packets. Implementations >> > >> > MUST support bimask based matching, where one (1) values in the >> > >> > bitmask indicate which subset of the bits in the field are to be used >> > >> > in determining a match. Note that a zero (0) value as a bitmask >> > >> > effectively means that these fields are ignored. >> > >> > That bitmask approach won’t work, as it violates both RFC 2474 and RFC >> > 3168. >> > >> > Starting with ECN (RFC 3168) – the 2-bit ECN field is intended to >> > enable ECN functionality to be >> > >> > applied to any flow, and the contents of the ECN field can be changed >> > by any router. Using ECN >> > >> > field values to identify separate flows is wrong, see Section 5 of RFC >> > 3168, which specifies the >> > >> > current use of that field.. >> > >> > That leaves the 6-bit DSCP field, which is defined by RFC 2474. The >> > above bitmask approach is >> > >> > prohibited by the following paragraph in section 3 of RFC 2474: >> > >> > Implementors should note that the DSCP field is six bits wide. DS- >> > >> > compliant nodes MUST select PHBs by matching against the entire 6-bit >> > >> > DSCP field, e.g., by treating the value of the field as a table index >> > >> > which is used to select a particular packet handling mechanism which >> > >> > has been implemented in that device. The value of the CU field MUST >> > >> > be ignored by PHB selection. The DSCP field is defined as an >> > >> > unstructured field to facilitate the definition of future per-hop >> > >> > behaviors. >> > >> > The CU field is now the ECN field (see RFC 3168). My reading is that >> > the current section 6.1.1.4 text in >> > >> > the IP solutions draft has managed to violate all three “MUST” >> > requirements in that RFC 2474 >> > >> > paragraph, which is impressive … and not in a good way. >> > >> > I suggest that several things be done: >> > >> > a)Abandon use of the ECN field for detnet flow identification. >> > >> > b)For the DSCP field, change from a bitmask approach to a list of DSCPs. >> > >> > a.I would note that a carefully chosen DSCP list can be implemented >> > via a bitmask. >> > >> > c)Define one or more Diffserv PHBs that realize DetNet behavior. >> > >> > a.I suspect that much of the content needed for this already exists in >> the >> > detnet drafts, so this should not be a “from scratch” exercise. >> > >> > I would also caution that the current IP solution draft text on >> > 6-tuples for flow identification appears >> > >> > to allow multiple separate detnet flows that differ only in DSCP to >> > use the same IP 5-tuple (source & >> > >> > destination addresses, transport protocol, source & destination >> > ports). I believe that this also ought >> > >> > to be prohibited, as Diffserv uses 5-tuples for flow identification - >> > see the definition and use of the >> > >> > term “microflow” in RFC 2475. >> > >> > A quick glance at the MPLS solution suggests that it does not have an >> > analogous problem with the TC >> > >> > field in labels as the TC field does not appear to be used for detnet >> > flow identification. >> > >> > Thanks, --David >> > >> > ---------------------------------------------------------------- >> > >> > David L. Black, Senior Distinguished Engineer >> > >> > Dell EMC, 176 South St., Hopkinton, MA 01748 >> > >> > +1 (774) 350-9323 *New * Mobile: +1 (978) 394-7754 >> > >> > David.Black@dell.com <mailto:David.Black@dell.com> >> > >> > ---------------------------------------------------------------- >> > >> > >> > _______________________________________________ >> > detnet mailing list >> > detnet@ietf.org >> > https://www.ietf.org/mailman/listinfo/detnet >> >> _______________________________________________ >> detnet mailing list >> detnet@ietf.org >> https://www.ietf.org/mailman/listinfo/detnet >>
- [Detnet] IP Solution problem: Use of DSCP and ECN… Black, David
- Re: [Detnet] IP Solution problem: Use of DSCP and… Balázs Varga A
- Re: [Detnet] IP Solution problem: Use of DSCP and… Black, David
- Re: [Detnet] IP Solution problem: Use of DSCP and… Lou Berger
- Re: [Detnet] IP Solution problem: Use of DSCP and… Andrew G. Malis
- Re: [Detnet] IP Solution problem: Use of DSCP and… Lou Berger
- Re: [Detnet] IP Solution problem: Use of DSCP and… Greg Mirsky
- Re: [Detnet] IP Solution problem: Use of DSCP and… Lou Berger