Re: [Gen-art] Review: draft-ietf-pcn-sm-edge-behaviour-08

Tom Taylor <> Mon, 02 January 2012 14:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E538821F84DC for <>; Mon, 2 Jan 2012 06:21:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 1N6dunr2IqsY for <>; Mon, 2 Jan 2012 06:21:15 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id A815A21F84AD for <>; Mon, 2 Jan 2012 06:21:15 -0800 (PST)
Received: by ggnk5 with SMTP id k5so10737849ggn.31 for <>; Mon, 02 Jan 2012 06:21:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=/Hg4P9KmHfRR/HH61dbRGPgh0NPTY7JDLIMQ5gcpJsw=; b=n6D5QKs9bJSiPnFzC66B8EDWEb92vKFHrlRK5MKSIWsq7nu0vYtKdr6ITE7zOc5c93 iX1kjX3cuAA1SVhKrAvN8c+AG1iafEiTQXgYFvdWEjSBu+T2+4/yArMhP3buX2ryFGZz DDjHqWIJa7JPkd231ng5OnrnzPf8z2x7k6tgY=
Received: by with SMTP id x15mr18777038ano.63.1325514075307; Mon, 02 Jan 2012 06:21:15 -0800 (PST)
Received: from [] ( []) by with ESMTPS id n5sm69207817yhk.1.2012. (version=TLSv1/SSLv3 cipher=OTHER); Mon, 02 Jan 2012 06:21:14 -0800 (PST)
Message-ID: <>
Date: Mon, 02 Jan 2012 09:21:12 -0500
From: Tom Taylor <>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
To: "Joel M. Halpern" <>
References: <> <> <BLU0-SMTP18EE1E01EAA97CC44A44FFD8900@phx.gbl> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc:, David Harrington <>,, Steven Blake <>
Subject: Re: [Gen-art] Review: draft-ietf-pcn-sm-edge-behaviour-08
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 02 Jan 2012 14:21:17 -0000

It shall be as you say, subject to comment from my co-authors when they 
get back from holiday.

On 01/01/2012 5:43 PM, Joel M. Halpern wrote:
> In-line...
> On 1/1/2012 4:06 PM, Tom Taylor wrote:
>> On 01/01/2012 2:58 PM, Joel M. Halpern wrote:
>>> Thank you for responding promptly Tom. Let me try to elaborate on the
>>> two issues where I was unclear.
>>> On the ingress-egress-aggregate issue and ECMP, the concern I have is
>>> relative to the third operational alternative where routing is used to
>>> determine where the ingress and egress of a flow is. To be blunt, as far
>>> as I can tell this does not work.
>>> 1) It does not work on the ingress side because traffic from a given
>>> source prefix can come in at multiple places. Some of these places may
>>> claim reachability to the source prefix. Some may not. While a given
>>> flow will use only one of these paths, there is no way to determine from
>>> routing information, at the egress, which ingress that flow used.
>>> 2) A site may use multiple exits for a given destination prefix. Again,
>>> while the site will only use one of these egresses for a given flow,
>>> there is no way for the ingress to know which egress it will be on the
>>> basis of routing information.
>>> Thus, the text seems to allow for a behavior that simply does not work.
>> [PTT] I think the disconnect here is that you read the text to say that
>> an individual node uses routing information to determine the IEA. That
>> wasn't the intention. Instead, administrators use routing information to
>> derive filters that are installed at the ingress and egress nodes.
> As far as I can tell, your response describes a situation even less
> effective than what I assumed.
> Firstly, it does not matter whether it is the edge node, the decision
> node, or the human administrator. Routing information is not enough to
> determine what the ingress-egress pairing is. The problems I describe
> above apply no matter who is making the decision.
> Secondly, having a human make the decision means that as soon as routing
> changes, the configured filters are wrong.
> I would suggest that the text in question be removed, and replaced with
> a warning against attempting what is currently described.
>>> I am still confused about the relationship of section 3.3.2 to the
>>> behavior you describe. 3.3.2 says that as long as any excess traffic is
>>> being reported, teh decision point shall direct the blocking of
>>> additional flows. That does not match 3.3.1, and does not match your
>>> description.
>> [PTT] I can't see the text in section 3.3.2 that says you continue to
>> block as long as any excess traffic is being reported. What I think it
>> says is that as long as excess traffic is reported, the decision point
>> checks to see whether the traffic being admitted to the aggregate
>> exceeds the supportable level. Excess traffic may be non-zero, yet no
>> termination may be required (i.e., traffic is below the second
>> threshold).
> I think I see what you are saying. If I am reading this correctly, the
> decision process must re-calculate to determine if there is termination
> every time it receives a report with non-zero excess and the port is
> already blocked. But it does not have to actually block anything.
> This however seems to depend upon the correct relative configuration of
> the limit that flips it into blocked state, the value of U, and maybe
> some other values.
> Put differently, I understand that the two are not contradictory.
> However, since the two things use different calculations, it is not at
> all clear that they are consistent. This may well be acceptable. But the
> difference in methods is likely to lead to confusion. So, as a minor
> (rather than major) comment, I would suggest that you provide clarifying
> text explaining why it is okay to use one condition to decide if there
> is blocking, but a different condition (which could produce a lower
> threshold) to decide how much to get rid of.
> Yours,
> Joel
>>> Yours,
>>> Joel
>>> On 1/1/2012 2:48 PM, Tom Taylor wrote:
>>>> Thanks for the review, Joel. Comments below, marked with [PTT].
>>>> On 31/12/2011 4:50 PM, Joel M. Halpern wrote:
>>>>> I am the assigned Gen-ART reviewer for this draft. For background on
>>>>> Gen-ART, please see the FAQ at
>>>>> <>.
>>>>> Please resolve these comments along with any other Last Call comments
>>>>> you may receive.
>>>>> Document: draft-ietf-pcn-sm-edge-behaviour-08
>>>>> PCN Boundary Node Behaviour for the Single Marking (SM) Mode of
>>>>> Operation
>>>>> Reviewer: Joel M. Halpern
>>>>> Review Date: 31-Dec-2011
>>>>> IETF LC End Date: 13-Jan-2012
>>>>> IESG Telechat date: N/A
>>>>> Summary: This documents is almost ready for publication as an
>>>>> Informational RFC.
>>>>> Question: Given that the document defines a complex set of behaviors,
>>>>> which are mandatory for compliant systems, it seems that this ought to
>>>>> be Experimental rather than Informational. It describes something that
>>>>> could, in theory, later become standards track.
>>>> [PTT] OK, we've wobbled on this one, but we can follow your suggestion.
>>>>> Major issues:
>>>>> Section 2 on Assumed Core Network Behavior for SM, in the third
>>>>> bullet,
>>>>> states that the PCN-domain satisfies the conditions specified in RFC
>>>>> 5696. Unfortunately, look at RFC 5696 I can not tell what conditions
>>>>> these are. Is this supposed to be a reference to RFC 5559 instead? No
>>>>> matter which document it is referencing, please be more specific about
>>>>> which section / conditions are meant.
>>>> [PTT] You are right that RFC 5696 isn't relevant. It's such a long time
>>>> since that text was written that I can't recall what the intention was.
>>>> My inclination at the moment is simply to delete the bullet.
>>>>> It would have been helpful if the early part of the document indicated
>>>>> that the edge node information about how to determine
>>>>> ingress-egress-aggregates was described in section 5.
>>>>> In conjunction with that, section 5.1.2, third paragraph, seems to
>>>>> describe an option which does not seem to quite work. After describing
>>>>> how to use tunneling, and how to work with signaling, the text
>>>>> refers to
>>>>> inferring the ingress-egress-aggregate from the routing
>>>>> information. In
>>>>> the presence of multiple equal-cost domain exits (which does occur in
>>>>> reality), the routing table is not sufficient information to make this
>>>>> determination. Unless I am very confused (which does happen) this
>>>>> seems
>>>>> to be a serious hole in the specification.
>>>> [PTT] I'm not sure what the issue is here. As I understand it,
>>>> operators
>>>> don't assign packets randomly to a given path in the presence of
>>>> alternatives -- they choose one based on values in the packet header.
>>>> The basic intent is that packets of a given microflow all follow the
>>>> same path, to prevent unnecessary reordering and minimize jitter. The
>>>> implication is that filters can be defined at the ingress nodes to
>>>> identify the packets in a given ingress-egress-aggregate (i.e. flowing
>>>> from a specific ingress node to a specific egress node) based on their
>>>> header contents. The filters to do the same job at egress nodes are a
>>>> different problem, but they are not affected by ECMP.
>>>>> Minor issues:
>>>>> Section 3.3.1 states that the "block" decision occurs when the CLE
>>>>> (excess over total) rate exceeds the configured limit. However,
>>>>> section
>>>>> 3.3.2 states that the decision node must take further stapes if the
>>>>> excess rate is non-zero in further reports. Is this inconsistency
>>>>> deliberate? If so, please explain. If not, please fix. (If it is
>>>>> important to drive the excess rate to 0, then why is action only
>>>>> initiated when the ratio is above a configured value, rather than any
>>>>> non-zero value? I can conceive of various reasons. But none are
>>>>> stated.)
>>>> [PTT] We aren't driving the excess rate to zero, but to a value
>>>> equal to
>>>> something less than (U - 1)/U. (The "something less" is because of
>>>> packet dropping at interior nodes.) The assumption is that (U - 1)/U is
>>>> greater than CLE-limit. Conceptually, PCN uses two thresholds. When the
>>>> CLE is below the first threshold, new flows are admitted. Above that
>>>> threshold, they are blocked. When the CLE is above the second
>>>> threshold,
>>>> flows are terminated to bring them down to that threshold. In the SM
>>>> mode of operation, the first threshold is specified directly on a
>>>> per-link basis by the value CLE-limit. The second threshold is
>>>> specified
>>>> by the same value (U - 1)/U for all links. With the CL mode of
>>>> operation
>>>> the second threshold is also specified directly for each link.
>>>>> Nits/editorial comments: