Re: [Gen-art] Genart last call review of draft-ietf-bess-nsh-bgp-control-plane-12

"Adrian Farrel" <> Tue, 10 December 2019 10:08 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2A0AC12087A; Tue, 10 Dec 2019 02:08:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 1nAGvytxovod; Tue, 10 Dec 2019 02:08:08 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E751212083A; Tue, 10 Dec 2019 02:08:03 -0800 (PST)
Received: from ( []) by (8.14.4/8.14.4) with ESMTP id xBAA7wAb018020; Tue, 10 Dec 2019 10:08:00 GMT
Received: from (unknown []) by IMSVA (Postfix) with ESMTP id 6B89822058; Tue, 10 Dec 2019 10:08:00 +0000 (GMT)
Received: from (unknown []) by (Postfix) with ESMTPS id 5E3E022044; Tue, 10 Dec 2019 10:08:00 +0000 (GMT)
Received: from LAPTOPK7AS653V ([]) (authenticated bits=0) by (8.14.4/8.14.4) with ESMTP id xBAA7wil013293 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 10 Dec 2019 10:07:59 GMT
Reply-To: <>
From: "Adrian Farrel" <>
To: "'Brian Carpenter'" <>, <>
Cc: <>, <>, <>
References: <>
In-Reply-To: <>
Date: Tue, 10 Dec 2019 10:07:55 -0000
Organization: Old Dog Consulting
Message-ID: <030601d5af41$b31b8d40$1952a7c0$>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQCwhyABVHayXkDrI9VPh6MaaaWXHan9a7KQ
Content-Language: en-gb
X-TM-AS-Product-Ver: IMSVA-
X-TM-AS-Result: No--22.332-10.0-31-10
X-imss-scan-details: No--22.332-10.0-31-10
X-TMASE-Result: 10--22.331900-10.000000
X-TMASE-MatchedRID: IeZYkn8zfFqWfDtBOz4q23FPUrVDm6jtekMgTOQbVFtpcxKO2xxbzqML o6XddXOYqthi32DRSII/Gl2UPqGHkpE4FU2ZdQO4PE3khmVvHO7cnAUzOsgROaRea8wUAdQ629Z OxMmYyaN/v87kN0BM1xAaXgm//yaDFtJGbvylKB9FM72aEhcbjaUB+KILVUD9WGzy6KaAc0JNc6 PVcEC7cC3QzNqjZrGHjebzRsMmdSidVRGgWj1IHLlRS/TbY0kCrXkuON8pnlHDOS0FhcAXSmlys 1PDhWLorzHxmBR9jvgj9dQJVaMNBHDrA8J4/NO62Hlwa3CYC+QX2zxRNhh61basXQUyGDaEhoBN KnOJHc0eGZguMEuTyHLb3/mUN8sNRJvh65Il0okK4MBRf7I7pqm9/6ObPjnDTyIum5ulqublbMh sZmLJPQh7atgO71O/qzZBdxHBSCEXaCR9C71ygkfhraIl1XgxChdI4sLlrjh3Hzaw+nqcU86ISz vgBu6cmy1pYYi7ZRLhnd+5Z6zq+ZqNmRvxO4tz9FQh3flUIh54Xox68xVlQM6RYIECOWSqM8vgi lcueB41Rau3dzHkYwANC9d1skDljJBSOECLn6pfYa9W9OjitcsF0raalpiWuapkwRVL9c+EeESy uRtYoZ7yYyL/p+OSHUu1FmJyNNjW7oEd6Cf0L6JVTu7sjgg1QZpQRfyCdHyOIsAELqL7WC1XGeZ k+OFxtJex1ZH06oOSE/SuaCxJ9f3R19qvLSMokr0W/BDHWEV3IEDI4rhTzYKbSS1Fekhdi13N6/ pkNua0ByiCRhc2RS0SJhuejL+s2od7XHyOED2eAiCmPx4NwFkMvWAuahr8m5N2YHMD0b8MyrfP9 j+C1d934/rDAK3zUc1+O1X9AzE=
X-TMASE-SNAP-Result: 1.821001.0001-0-1-12:0,22:0,33:0,34:0-0
Archived-At: <>
Subject: Re: [Gen-art] Genart last call review of draft-ietf-bess-nsh-bgp-control-plane-12
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 10 Dec 2019 10:08:10 -0000

Hi Brian,

Thanks for your time with this.

In line...

> Comments:
> ---------
> I am not a BGP expert and did not check the BGP details. This
> is a pretty complex mechanism so I would have liked to hear of
> at least a lab-scale implementation. I wouldn't be shocked if
> this was diverted to Experimental.

At the moment I don't have access to a lab, so I won't comment about that.
I will note four things:
1. I don't consider the mechanism to be "pretty complex", but "rather simple". It may be that the difference is whether you have to pick up all of BGP to understand this draft or whether it comes as a small increment.
2. Obviously (?) the document has had eyes from a number of BGP experts especially a very careful review by the document shepherd. It was shared with IDR and caught comments from one of the IDR chairs.
3. It's an IBGP mechanism not an EBGP mechanism, so the exposure to the stability of the Internet is reduced.
4. The BESS chairs ran a poll on the list to determine whether to progress as is in advance of implementations.

> Minor issues:
> -------------
> Actually these are mainly questions:

Questions are good.

> There are numerous references, starting in the Abstract, to the
> "Controller" but it isn't defined or described in any one place.
> I expected to find it in RFC8300, but no. So what is the Controller?

Right. This is a good catch. A "controller" is a centralised component responsible for determining SFPs and maybe more. It is akin to an SDN controller. We definitely need to add text for this.

It is not an 8300 concept. Indeed, 8300 is principally focused on the forwarding plane.
Furthermore, the control plane and orchestration aspects of SFC are a bit sketchy in 7665.
draft-ietf-sfc-control-plane might have been a good source of information, but the SFC WG appears to have given up on it.

So, yes, we need a short definition in 1.2, and a paragraph in 2.2.

> RFC8300 requires NSH+original_packet to be encapsulated in a Transport
> Encapsulation. In section 2.1 we find:
>>  Note that the presence of the NSH can make it difficult for nodes in
>>  the underlay network to locate the fields in the original packet that
>>  would normally be used to constrain equal cost multipath (ECMP)
>>  forwarding.  Therefore, it is recommended that the node prepending
>>  the NSH also provide some form of entropy indicator that can be used
>>  in the underlay network.  How this indicator is generated and
>>  supplied, and how an SFF generates a new entropy indicator when it
>>  forwards a packet to the next SFF are out of scope of this document.
> I would have expected that text to state that the entropy indicator is
> a property of the Transport Encapsulation required by RFC8300. (Isn't
> the Service Function Overlay Network in fact the embodiment of the
> Transport Encapsulation?) 

Well, yes and no.
The entropy indicator is carried in the transport encapsulation, and is used by the transport (underlay) network.
But it is a property of the payload. In particular, it is a property of what is encapsulated by the NSH.
The mechanism that encapsulates for the transport would normally have visibility into the payload to create the entropy indicator (hashing on specific fields), but the inclusion of the NSH makes that harder. Hence the recommendation that the entropy indicator is provided by the mechanism that prepends the NSH.

I think the text says this and that those skilled in the art (you have to understand the use of the entropy indicators and the inclusion of the NSH) will get this.

> In section 2.2 we find:
>>  When choosing the next SFI in a path, the SFF uses the SPI and SI as
>>  well as the SFT to choose among the SFIs, applying, for example, a
>>  load balancing algorithm or direct knowledge of the underlay network
>>  topology as described in Section 4.
> I'm probably missing something, but doesn't that risk a conflict with
> the statement above about the entropy indicator? How would this choice
> of path be guaranteed congruent with the choice of path by the underlay
> network? Or doesn't that matter?

No, this is a choice of SFIs, not a choice of paths between SFFs.
The former is determining the path in the overlay, the latter (using the entropy indicator) is selecting the path through the underlay.

>> 4.4.  Classifier Operation
>>  As shown in Figure 1, the Classifier is a component that is used to
>>  assign packets to an SFP.
>>  The Classifier is responsible for determining to which packet flow a
>>  packet belongs (usually by inspecting the packet header),...
> Would it be better to state explicitly that the method of classification
> is out of scope for this document? There is a whole world of complexity
> in that "(usually...)".

Yes, happy to say it is out of scope.

>> 4.5.  Service Function Forwarder Operation
> This section left me a bit puzzled. We've got the original packet,
> the classifier puts an NSH in front, we've got forwarding state,
> but we don't seem to have an IP header in front of the NSH to hand to
> the fowarding engine. Where's the Transport Encapsulation?

OK. We can tweak that. We are principally interested in the overlay forwarding in this section, but we should note that transmission between SFFs is across the underlay and so there is a "transport" encapsulation.

> Nits:
> -----
> "such errors should be logged" ... "should log the event"
> "should either withdraw the SFPR or re-advertise it"
> Intentional lower case "should"?

We'll go through these. The first few I looked at are reciting behaviour defined in 8300 and I don't think it is appropriate to use upper case for that. It is "as defined in RFC 8300" not new normative text.

> IDnits said:
>  -- The document has examples using IPv4 documentation addresses according
>     to RFC6890, but does not use any IPv6 documentation addresses.  Maybe
>     there should be IPv6 examples, too?

Maybe. I think we would need to add some v6 examples rather than convert some of the existing (because there is a flow between the current examples).
I'm not sure it is very important because there is no use of prefixes, but I'd be happy to include some v6 examples if someone wants to draft a couple.