Re: [Detnet] IP Solution problem: Use of DSCP and ECN fields in IP headers for detnet flow identification
Lou Berger <lberger@labn.net> Wed, 07 November 2018 13:07 UTC
Return-Path: <lberger@labn.net>
X-Original-To: detnet@ietfa.amsl.com
Delivered-To: detnet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3A121274D0 for <detnet@ietfa.amsl.com>; Wed, 7 Nov 2018 05:07:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (768-bit key) header.d=labn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t2I0O3fFGMQL for <detnet@ietfa.amsl.com>; Wed, 7 Nov 2018 05:07:08 -0800 (PST)
Received: from gproxy1-pub.mail.unifiedlayer.com (gproxy1-pub.mail.unifiedlayer.com [69.89.25.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 477FC127133 for <detnet@ietf.org>; Wed, 7 Nov 2018 05:07:08 -0800 (PST)
Received: from cmgw11.unifiedlayer.com (unknown [10.9.0.11]) by gproxy1.mail.unifiedlayer.com (Postfix) with ESMTP id 2BB7640288935 for <detnet@ietf.org>; Wed, 7 Nov 2018 06:07:07 -0700 (MST)
Received: from box313.bluehost.com ([69.89.31.113]) by cmsmtp with ESMTP id KNY2gbHM7d20TKNY2gVlGI; Wed, 07 Nov 2018 06:07:07 -0700
X-Authority-Reason: nr=8
X-Authority-Analysis: $(_cmae_reason
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=labn.net; s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version :Date:Message-ID:From:References:To:Subject:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=m8VykCOcRF0h4CBA3GNnqsUI0kwMdTsoi8dHsaUv8PU=; b=aJGjbnz8c9TUfyAi7rYK3fY0k+ tRx4CWHkPRP1toyLSjmTcRcyISPi78oeNI6qoXYsvnxEzq14dHFkj5EM3QBsM/neSwStGTo6svPvn 4QWEQyEsy04eZGWQ4o0H90MsZ;
Received: from pool-100-15-106-211.washdc.fios.verizon.net ([100.15.106.211]:41638 helo=[IPv6:::1]) by box313.bluehost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.91) (envelope-from <lberger@labn.net>) id 1gKNY2-001DBr-Es; Wed, 07 Nov 2018 06:07:06 -0700
To: "Black, David" <David.Black@dell.com>, Balázs Varga A <balazs.a.varga@ericsson.com>, "detnet@ietf.org" <detnet@ietf.org>
References: <CE03DB3D7B45C245BCA0D243277949363032B993@MX307CL04.corp.emc.com> <VI1PR0701MB25253F5A9AB8890CAE3A8FDCACCA0@VI1PR0701MB2525.eurprd07.prod.outlook.com> <CE03DB3D7B45C245BCA0D243277949363033031C@MX307CL04.corp.emc.com>
From: Lou Berger <lberger@labn.net>
Message-ID: <4ce74c7f-09c0-cd54-c128-9405687b9d5e@labn.net>
Date: Wed, 07 Nov 2018 20:07:00 +0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <CE03DB3D7B45C245BCA0D243277949363033031C@MX307CL04.corp.emc.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - box313.bluehost.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - labn.net
X-BWhitelist: no
X-Source-IP: 100.15.106.211
X-Source-L: No
X-Exim-ID: 1gKNY2-001DBr-Es
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: pool-100-15-106-211.washdc.fios.verizon.net ([IPv6:::1]) [100.15.106.211]:41638
X-Source-Auth: lberger@labn.net
X-Email-Count: 3
X-Source-Cap: bGFibm1vYmk7bGFibm1vYmk7Ym94MzEzLmJsdWVob3N0LmNvbQ==
X-Local-Domain: yes
Archived-At: <https://mailarchive.ietf.org/arch/msg/detnet/lL-J5I53W5D1cvLWo8jWEQogyy4>
Subject: Re: [Detnet] IP Solution problem: Use of DSCP and ECN fields in IP headers for detnet flow identification
X-BeenThere: detnet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions on Deterministic Networking BoF and Proposed WG <detnet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/detnet>, <mailto:detnet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/detnet/>
List-Post: <mailto:detnet@ietf.org>
List-Help: <mailto:detnet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/detnet>, <mailto:detnet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Nov 2018 13:07:16 -0000
Hi, David and I took advantage of being together this week and came up with a proposed resolution to this. The proposal is as follows: - ECN bits will *not* be mentioned as being used as part of flow identifications - DSCP configuration will use value lists, not masks - For the same 5-tuple value sender SHOULD NOT mix DSCP values used for DetNet with non-DetNet (DSCP) values Please let me/us know what you think, Lou Thanks to David for the discussion. On 11/6/2018 10:48 AM, Black, David wrote: > > Hi Varga, > > I’m pleased that we mostly agree, and I’ll be happy to discuss the PHB > further. > > This discussion may also provide insight into my concern about 5-tuple > vs. 6-tuple flow identification – it looks like we have two different > sorts of “flow identification” under discussion: > > - Identification of a flow in the network in general (network flow or > microflow in RFC 2475). > > - Identification of a flow that undergoes DetNet processing at a > DetNet node (DetNet flow). > > At the moment, we’re using 5-tuples (src & dst addresses, protocol, > src & dst ports) for network flow identification and 6-tuples (5-tuple > + DSCP) for Detnet flow identification. In other words, we’re > effectively saying that a network flow (defined by a 5-tuple), becomes > a DetNet flow when a DetNet DSCP is added to request DetNet forwarding > by the network. There’s a level of indirection here caused by the > Diffserv architecture – a DetNet DSCP designates a DetNet PHB, and any > a packet marked with a DetNet DSCP receives DetNet forwarding at a > DetNet node. > > That said, my concern is that the 6-tuple term for a DetNet flow seems > counter-intuitive to me, even though the DetNet forwarding plane in a > DetNet node may well be matching on all 6 elements involved in order > to decide whether to provide DetNet forwarding to each arriving packet. > > IMHO, a better description would be that a network flow (5-tuple) is > being uniformly marked with a DetNet DSCP to request DetNet treatment > from the network (and presumably DetNet router hardware is matching on > DetNet DSCPs to dispatch inbound packets to DetNet forwarding logic > instead of conventional forwarding logic). The counter-intuitivity > of the 6-tuple term arises in the error case when someone uses a > “clever” marking of a single 5-tuple flow with a mixture of DetNet and > non-DetNet DSCPs. I believe that the result of that “cleverness” is > not multiple flows (which would be implied by the “6-tuple” term), > even though it may look like that in a DetNet node implementation. I > think the result is better described as a single not-entirely-DetNet > flow (defined by a 5-tuple) that receives bizarre forwarding treatment > at DetNet nodes - some of the packets get DetNet forwarding treatment > and some get other forwarding treatment, so in a loaded network, > significant reordering is likely, and the receiver is probably not > going to be happy with the resulting packet arrival order. > > If this all makes sense, that “clever” mixing of DetNet and non-DetNet > DSCPs in a single flow (hence mixing DetNet and non-DetNet forwarding > behavior in a single flow) deserves a “SHOULD NOT” statement in the > draft, with a warning about the bizarre forwarding behavior at DetNet > nodes that is a likely result, which seems like a better thing to do > than my original suggestion for some sort of prohibition on mixing > DetNet and non-DetNet packets in the same 5-tuple. > > Thanks, --David > > *From:* Balázs Varga A [mailto:balazs.a.varga@ericsson.com] > *Sent:* Sunday, November 4, 2018 11:13 PM > *To:* Black, David; detnet@ietf.org > *Subject:* RE: IP Solution problem: Use of DSCP and ECN fields in IP > headers for detnet flow identification > > Hi David, > > Many thanks for your comments and suggestions. This is definitely > something we must fix. > > Just two general statement as background: > > - ECN was not considered so far to be useful for DetNet flows. DetNet > flows expect zero congestion loss. > > DetNet sources do not consider to react on ECN. > > - Masking for flow identification was considered as a general rule for > the “tuples” (i.e. not DSCP specific). > > So, regarding your proposals > > A, No usage of ECN for flow identification: AGREE > > B, DSCP list instead of bitmask: AGREE, it can provide the same result. > > C, New DiffServ PHB for DetNet: Agree in principle, let’s discuss the > details > > Thanks > > Bala’zs > > *From:* detnet <detnet-bounces@ietf.org> *On Behalf Of *Black, David > *Sent:* Sunday, November 4, 2018 11:27 PM > *To:* detnet@ietf.org > *Subject:* [Detnet] IP Solution problem: Use of DSCP and ECN fields in > IP headers for detnet flow identification > > We have a problem here … > > The detnet IP solution draft (draft-ietf-detnet-dp-sol-ip-01.txt) has > this to say about > > use of DSCP and ECN fields in IP headers for detnet flow identification: > > 6.1.1.4. IPv4 Type of Service and IPv6 Traffic Class Fields > > These fields are used to support Differentiated Services [RFC2474] > > and Explicit Congestion Notification [RFC3168]. Implementations of > > this document MUST support DetNet flow identification based on the > > IPv4 Type of Service field when processing IPv4 packets, and the IPv6 > > Traffic Class Field when processing IPv6 packets. Implementations > > MUST support bimask based matching, where one (1) values in the > > bitmask indicate which subset of the bits in the field are to be used > > in determining a match. Note that a zero (0) value as a bitmask > > effectively means that these fields are ignored. > > That bitmask approach won’t work, as it violates both RFC 2474 and RFC > 3168. > > Starting with ECN (RFC 3168) – the 2-bit ECN field is intended to > enable ECN functionality to be > > applied to any flow, and the contents of the ECN field can be changed > by any router. Using ECN > > field values to identify separate flows is wrong, see Section 5 of RFC > 3168, which specifies the > > current use of that field.. > > That leaves the 6-bit DSCP field, which is defined by RFC 2474. The > above bitmask approach is > > prohibited by the following paragraph in section 3 of RFC 2474: > > Implementors should note that the DSCP field is six bits wide. DS- > > compliant nodes MUST select PHBs by matching against the entire 6-bit > > DSCP field, e.g., by treating the value of the field as a table index > > which is used to select a particular packet handling mechanism which > > has been implemented in that device. The value of the CU field MUST > > be ignored by PHB selection. The DSCP field is defined as an > > unstructured field to facilitate the definition of future per-hop > > behaviors. > > The CU field is now the ECN field (see RFC 3168). My reading is that > the current section 6.1.1.4 text in > > the IP solutions draft has managed to violate all three “MUST” > requirements in that RFC 2474 > > paragraph, which is impressive … and not in a good way. > > I suggest that several things be done: > > a)Abandon use of the ECN field for detnet flow identification. > > b)For the DSCP field, change from a bitmask approach to a list of DSCPs. > > a.I would note that a carefully chosen DSCP list can be implemented > via a bitmask. > > c)Define one or more Diffserv PHBs that realize DetNet behavior. > > a.I suspect that much of the content needed for this already exists in the > detnet drafts, so this should not be a “from scratch” exercise. > > I would also caution that the current IP solution draft text on > 6-tuples for flow identification appears > > to allow multiple separate detnet flows that differ only in DSCP to > use the same IP 5-tuple (source & > > destination addresses, transport protocol, source & destination > ports). I believe that this also ought > > to be prohibited, as Diffserv uses 5-tuples for flow identification - > see the definition and use of the > > term “microflow” in RFC 2475. > > A quick glance at the MPLS solution suggests that it does not have an > analogous problem with the TC > > field in labels as the TC field does not appear to be used for detnet > flow identification. > > Thanks, --David > > ---------------------------------------------------------------- > > David L. Black, Senior Distinguished Engineer > > Dell EMC, 176 South St., Hopkinton, MA 01748 > > +1 (774) 350-9323 *New * Mobile: +1 (978) 394-7754 > > David.Black@dell.com <mailto:David.Black@dell.com> > > ---------------------------------------------------------------- > > > _______________________________________________ > detnet mailing list > detnet@ietf.org > https://www.ietf.org/mailman/listinfo/detnet
- [Detnet] IP Solution problem: Use of DSCP and ECN… Black, David
- Re: [Detnet] IP Solution problem: Use of DSCP and… Balázs Varga A
- Re: [Detnet] IP Solution problem: Use of DSCP and… Black, David
- Re: [Detnet] IP Solution problem: Use of DSCP and… Lou Berger
- Re: [Detnet] IP Solution problem: Use of DSCP and… Andrew G. Malis
- Re: [Detnet] IP Solution problem: Use of DSCP and… Lou Berger
- Re: [Detnet] IP Solution problem: Use of DSCP and… Greg Mirsky
- Re: [Detnet] IP Solution problem: Use of DSCP and… Lou Berger