Re: [Gen-art] Genart last call review of draft-ietf-bess-nsh-bgp-control-plane-12

Brian E Carpenter <> Tue, 10 December 2019 22:49 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6C0181200B3; Tue, 10 Dec 2019 14:49:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 8iiJYB6a4YtN; Tue, 10 Dec 2019 14:49:51 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::42b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4EFD8120071; Tue, 10 Dec 2019 14:49:51 -0800 (PST)
Received: by with SMTP id 4so585046pfz.9; Tue, 10 Dec 2019 14:49:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=KNlJL1gmd0aSip770GzRrjqVJtgVarQq4qrKQGh3A5k=; b=khyhtH+7+KYtoIEhkmSu4pAbZHMl20kZYBeIbcH7vGhaVnW9Gt7AyiXQskSTVlgXh0 YfuC8I9pAG0C0iGDRNsKaxvieP56vqnzSCB+Kkd3uDto8fDFDHR7feD38c92XifuQfkq PzQ6bicTzYoNpKPHi3bXewFTm7ywMLJuNmnguJ9cBhOhqezHV2xEevc3jziiVNi7dyXO 9UIjzzPvkkDneSr81vdvQtoNAOkfimfYJD0qeIRuEg/AXsatHMkiHVekPxgTC9opf4V3 pwPWwwkKlnVDitsfXLRhILjPEso3spPT3mhH/I49HiTH1fj8W7iCdCxwRKlUbFQafYXb FGVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=KNlJL1gmd0aSip770GzRrjqVJtgVarQq4qrKQGh3A5k=; b=fAC13nIq/MHmGi6T/ezEUXinVLUFMpPIrkgH7DcMCQgmfRMO+K8u/Ww2jCO/97INae NbE1W/QFjtMaISZir6Zp1f4o4CshcX7NMRvWdLGU/F10zzIzsXiiLrtO0H6Bh5Tl1A6g mEZa+3lPQqYSYTEJcDIZEBD8oP6h/t+KF1k8ODYzzwEbfUPMWVY0bQtQtVr/Y4YGkwml VqLMkGdKAm7cg4r3xmqD869YIkuqWx2bLepXPUOpFDBoUgP57WF5a+IAyYGqgYO9o5w9 BfCFketgkRcQe/3oJ8YOHFdjK1KGw+My/xIGRSlc5TKcRvytEoprjJOI38chVm6AswJ7 lULQ==
X-Gm-Message-State: APjAAAU8L1NQzrD+MKRA8MBxqMX7X0C4qNeItuUNF6PwFWbNqhUcigwp IxXjvkMgq7p07EeTn0PSzGT6sLYJ
X-Google-Smtp-Source: APXvYqyoozRMqavxMO4v08Il9/1xuvVi76ZQGsDzFOjoZM2CeEs7KJLAmJ92GvJv1aeMKDay7jLrTQ==
X-Received: by 2002:aa7:9205:: with SMTP id 5mr280197pfo.213.1576018190514; Tue, 10 Dec 2019 14:49:50 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id a26sm90319pfo.5.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 Dec 2019 14:49:49 -0800 (PST)
References: <> <030601d5af41$b31b8d40$1952a7c0$>
From: Brian E Carpenter <>
Message-ID: <>
Date: Wed, 11 Dec 2019 11:49:45 +1300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <030601d5af41$b31b8d40$1952a7c0$>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [Gen-art] Genart last call review of draft-ietf-bess-nsh-bgp-control-plane-12
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 10 Dec 2019 22:49:53 -0000

Thanks Adrian. All OK for me, with one inserted comment below.


On 10-Dec-19 23:07, Adrian Farrel wrote:
> Hi Brian,
> Thanks for your time with this.
> In line...
>> Comments:
>> ---------
>> I am not a BGP expert and did not check the BGP details. This
>> is a pretty complex mechanism so I would have liked to hear of
>> at least a lab-scale implementation. I wouldn't be shocked if
>> this was diverted to Experimental.
> At the moment I don't have access to a lab, so I won't comment about that.
> I will note four things:
> 1. I don't consider the mechanism to be "pretty complex", but "rather simple". It may be that the difference is whether you have to pick up all of BGP to understand this draft or whether it comes as a small increment.
> 2. Obviously (?) the document has had eyes from a number of BGP experts especially a very careful review by the document shepherd. It was shared with IDR and caught comments from one of the IDR chairs.
> 3. It's an IBGP mechanism not an EBGP mechanism, so the exposure to the stability of the Internet is reduced.
> 4. The BESS chairs ran a poll on the list to determine whether to progress as is in advance of implementations.
>> Minor issues:
>> -------------
>> Actually these are mainly questions:
> Questions are good.
>> There are numerous references, starting in the Abstract, to the
>> "Controller" but it isn't defined or described in any one place.
>> I expected to find it in RFC8300, but no. So what is the Controller?
> Right. This is a good catch. A "controller" is a centralised component responsible for determining SFPs and maybe more. It is akin to an SDN controller. We definitely need to add text for this.
> It is not an 8300 concept. Indeed, 8300 is principally focused on the forwarding plane.
> Furthermore, the control plane and orchestration aspects of SFC are a bit sketchy in 7665.
> draft-ietf-sfc-control-plane might have been a good source of information, but the SFC WG appears to have given up on it.
> So, yes, we need a short definition in 1.2, and a paragraph in 2.2.
>> RFC8300 requires NSH+original_packet to be encapsulated in a Transport
>> Encapsulation. In section 2.1 we find:
>>>  Note that the presence of the NSH can make it difficult for nodes in
>>>  the underlay network to locate the fields in the original packet that
>>>  would normally be used to constrain equal cost multipath (ECMP)
>>>  forwarding.  Therefore, it is recommended that the node prepending
>>>  the NSH also provide some form of entropy indicator that can be used
>>>  in the underlay network.  How this indicator is generated and
>>>  supplied, and how an SFF generates a new entropy indicator when it
>>>  forwards a packet to the next SFF are out of scope of this document.
>> I would have expected that text to state that the entropy indicator is
>> a property of the Transport Encapsulation required by RFC8300. (Isn't
>> the Service Function Overlay Network in fact the embodiment of the
>> Transport Encapsulation?) 
> Well, yes and no.
> The entropy indicator is carried in the transport encapsulation, and is used by the transport (underlay) network.
> But it is a property of the payload. In particular, it is a property of what is encapsulated by the NSH.
> The mechanism that encapsulates for the transport would normally have visibility into the payload to create the entropy indicator (hashing on specific fields), but the inclusion of the NSH makes that harder. Hence the recommendation that the entropy indicator is provided by the mechanism that prepends the NSH.

Yes, understood. Of course IPv6 has its own header field precisely for this purpose and both RFC6437 and RFC6438 are there to help you ;-). Shame about IPv4.

> I think the text says this and that those skilled in the art (you have to understand the use of the entropy indicators and the inclusion of the NSH) will get this.
>> In section 2.2 we find:
>>>  When choosing the next SFI in a path, the SFF uses the SPI and SI as
>>>  well as the SFT to choose among the SFIs, applying, for example, a
>>>  load balancing algorithm or direct knowledge of the underlay network
>>>  topology as described in Section 4.
>> I'm probably missing something, but doesn't that risk a conflict with
>> the statement above about the entropy indicator? How would this choice
>> of path be guaranteed congruent with the choice of path by the underlay
>> network? Or doesn't that matter?
> No, this is a choice of SFIs, not a choice of paths between SFFs.
> The former is determining the path in the overlay, the latter (using the entropy indicator) is selecting the path through the underlay.
>>> 4.4.  Classifier Operation
>>>  As shown in Figure 1, the Classifier is a component that is used to
>>>  assign packets to an SFP.
>>>  The Classifier is responsible for determining to which packet flow a
>>>  packet belongs (usually by inspecting the packet header),...
>> Would it be better to state explicitly that the method of classification
>> is out of scope for this document? There is a whole world of complexity
>> in that "(usually...)".
> Yes, happy to say it is out of scope.
>>> 4.5.  Service Function Forwarder Operation
>> This section left me a bit puzzled. We've got the original packet,
>> the classifier puts an NSH in front, we've got forwarding state,
>> but we don't seem to have an IP header in front of the NSH to hand to
>> the fowarding engine. Where's the Transport Encapsulation?
> OK. We can tweak that. We are principally interested in the overlay forwarding in this section, but we should note that transmission between SFFs is across the underlay and so there is a "transport" encapsulation.
>> Nits:
>> -----
>> "such errors should be logged" ... "should log the event"
>> "should either withdraw the SFPR or re-advertise it"
>> Intentional lower case "should"?
> We'll go through these. The first few I looked at are reciting behaviour defined in 8300 and I don't think it is appropriate to use upper case for that. It is "as defined in RFC 8300" not new normative text.
>> IDnits said:
>>  -- The document has examples using IPv4 documentation addresses according
>>     to RFC6890, but does not use any IPv6 documentation addresses.  Maybe
>>     there should be IPv6 examples, too?
> Maybe. I think we would need to add some v6 examples rather than convert some of the existing (because there is a flow between the current examples).
> I'm not sure it is very important because there is no use of prefixes, but I'd be happy to include some v6 examples if someone wants to draft a couple.
> Best,
> Adrian