Re: [Idr] Magnus Westerlund's Discuss on draft-ietf-idr-tunnel-encaps-20: (with DISCUSS)

John Scudder <jgs@juniper.net> Tue, 12 January 2021 16:22 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B17E3A0AE1; Tue, 12 Jan 2021 08:22:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.348
X-Spam-Level:
X-Spam-Status: No, score=-2.348 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=bnqrh3QI; dkim=pass (1024-bit key) header.d=juniper.net header.b=InhA0+XO
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zroJYvfjRaNd; Tue, 12 Jan 2021 08:22:02 -0800 (PST)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BACFC3A0AD6; Tue, 12 Jan 2021 08:22:01 -0800 (PST)
Received: from pps.filterd (m0108160.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 10CGLo7a013490; Tue, 12 Jan 2021 08:21:58 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=XObnVnNnc/as+C453k4jRO9EcTdE/mFP2by7K35fj0I=; b=bnqrh3QINMUOerSfF/aWs842xKA0QCfKC8/4gKrFecLBok88+dS9licloDYut9KVq32K NHorFNOj/CmqrwJxkIrgrY3LWzaQmm7rWvvKyZ5YK0EJ+ByuW4eAITfmLrqFjeZXEzKI qQFDFvmsavYGNCfsgNxR7u5RJjLbsw+Jg6lmd84fbclMA+B/mgiBqH7g1zvfYjXDJwt+ 5j9M80gLeUSs0rgeOUdvPl8jp+d/oOrr+OAY1CNRPWrZR7oIQuLT244DAqqa8EAOGqWj c7qPxG76g7Ghf4vKonTJuc1t0mF7J223EAwW6mwJIe97bH6ONGM0s+jS7ow0QETyM7nM Kw==
Received: from nam12-mw2-obe.outbound.protection.outlook.com (mail-mw2nam12lp2045.outbound.protection.outlook.com [104.47.66.45]) by mx0b-00273201.pphosted.com with ESMTP id 360h2hk065-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Jan 2021 08:21:57 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l831uOAGLS/BNj3da9f87lHr2E5Z1m5Itu94A0XxcB7xXyTinsTfP+jf73j4SU02oDh9Iw8fhk/+DRqZ3Qj81I+nY7TfmxdUQVdLTTeDhTnkr6hI18j5QUcRo8v5IAGQcpghoz4DFEjuYEe7YeTewq6b3n/NFSDWlA8YureqHFs7bL4evAdGMGB0Ur0+p92r3+zTOTN1mok72yHBJmdkzj+79Q7BnX4s5pPVaenW5HgiVJFNWoBNBp3HlIVOlJfDxr/KKhgNQl5xinER/O8/mF6j3wFmvodSeuJn4R1dtPN9UEHutZ4avbBsEpd4zDKPCd15f9Uo//EBIXFmW4ktgA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XObnVnNnc/as+C453k4jRO9EcTdE/mFP2by7K35fj0I=; b=TTw7GasN1gvuNC0+Mddni0twO41XslU1BcHUcZXjcdSSqj4hrTfLBvJufTHAkvCf2IkemVqkyflT3rcuNES2D9VnZ/7SUhIMOxFQd7W0t/ajl2Jna+wSf+6SolulzSaXBtppDHphPSu7Gcsi6rxyFITyco/87MSZKHur6/jfKCxWzMTNWtPEM3wyFiGWnmOVRmME1KYOFgehliTbBg1iSztUg+ngp+u4QBlHVqZmnrnZ92IC1Dhf0cHoeS0TQV/IdljS5W3Evzh5HXsOxUphzdOmYgJ52jcefWrL9Np4O9i3fyZr1qUx7qvp0mGpsK6BFInWmwUA/Rxf4O8acmwecA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XObnVnNnc/as+C453k4jRO9EcTdE/mFP2by7K35fj0I=; b=InhA0+XOd6OCHP3heyMP6EOH28bCYapvv4mUqUzcu2kuknqu4P0oS9/pdxrq/qtTiDvILxYDFX1bbDp2/jwq2QpbRxRiQzy3hPPMVHRCCg1tx7DLk3fbxn5orKZ12TyWfyo6ocorBiDqUZKmDgZP2c3INIl51C4t30fx1Y6arNg=
Received: from MN2PR05MB6109.namprd05.prod.outlook.com (2603:10b6:208:c4::20) by MN2PR05MB6623.namprd05.prod.outlook.com (2603:10b6:208:e3::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3763.2; Tue, 12 Jan 2021 16:21:54 +0000
Received: from MN2PR05MB6109.namprd05.prod.outlook.com ([fe80::f91f:55f3:3130:d318]) by MN2PR05MB6109.namprd05.prod.outlook.com ([fe80::f91f:55f3:3130:d318%5]) with mapi id 15.20.3763.009; Tue, 12 Jan 2021 16:21:54 +0000
From: John Scudder <jgs@juniper.net>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
CC: "idr@ietf.org" <idr@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "idr-chairs@ietf.org" <idr-chairs@ietf.org>, "draft-ietf-idr-tunnel-encaps@ietf.org" <draft-ietf-idr-tunnel-encaps@ietf.org>, Hares Susan <shares@ndzh.com>, "aretana.ietf@gmail.com" <aretana.ietf@gmail.com>
Thread-Topic: Magnus Westerlund's Discuss on draft-ietf-idr-tunnel-encaps-20: (with DISCUSS)
Thread-Index: AQHWyWJjMseT+/0WmEGJNrlCAwQXqqnl5pOAgADbSwCAAKZBgIAEQZ+AgDjBkIA=
Date: Tue, 12 Jan 2021 16:21:53 +0000
Message-ID: <AE10B512-1F69-4164-AC31-63AE3E615E94@juniper.net>
References: <160699274176.32616.2646384288138693459@ietfa.amsl.com> <011B5202-4AA9-413F-B16C-C8BF9E43A0CA@juniper.net> <ad54d8b05747127c593aab0337f1496e4ee25dbd.camel@ericsson.com> <EA46DF01-A4C4-4E9E-883F-14C397F796DE@juniper.net> <8ea80e273da05fd44da75d9f092e9af9c63ea12b.camel@ericsson.com>
In-Reply-To: <8ea80e273da05fd44da75d9f092e9af9c63ea12b.camel@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.120.23.2.4)
authentication-results: ericsson.com; dkim=none (message not signed) header.d=none;ericsson.com; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [162.225.191.192]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 9e05a64e-48e8-4552-5501-08d8b7162cb5
x-ms-traffictypediagnostic: MN2PR05MB6623:
x-microsoft-antispam-prvs: <MN2PR05MB66233B2E122F3CD6F2030801AAAA0@MN2PR05MB6623.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 5ltF2tTfvN6CPy4UhN1R6WRDfjYHlZm2EWCukoqzLxJwhJzXB8O8NiF6Tl4dZi7CQMh1fbS4o0CXktHG1ILAga2oCXPLrmz3lX6GJl99tmKxCW+7FS90uxWRtew+KZoAVNoRin9OC+36JFkkkUwYaY3B18Rt6JQWEcqY8LX2i+vFP6crReCHxXhfS8h+FkuH5eGWuML2lR+8LJHVnSRtSoNpZaRTAxLKAn2bSm3IERUja1ZS2O68MUcUTd/QwGuKQfQvjggeh0npiUBDiZicgmaTpqMpwP98AegLJ9GUQ3BrYfcatvYY5Ycp7nTijCNB/BAj7ayiHuXCIdi2OpPqZOR44ZoTqKq6Fir5aPkMJ6UnBdx4fuAvJpSasRnNYNWvxNQKv4K3yAmpbDjAXxV01FWnaDBpIwpJAVxxSqm0RGP5DaYSkNX18lWWG4dVUYWH
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR05MB6109.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(346002)(39860400002)(136003)(376002)(396003)(316002)(36756003)(5660300002)(26005)(8936002)(6512007)(54906003)(4326008)(66574015)(186003)(478600001)(86362001)(8676002)(64756008)(6916009)(66556008)(66946007)(76116006)(33656002)(91956017)(2616005)(66476007)(66446008)(6486002)(6506007)(2906002)(53546011)(83380400001)(71200400001)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: L0ko6BfF/0oEQYQvVJCRPSkBX5Qe5+rIb+j7bhlAvM+AyLAmwagdL9W/pDmhfKKZvVzH3pofy1G4TXmJ6gGUEXJyg9n5fAC+T3JSphGHPzo4iuBjj0t6u9sJeyA5TTsxgON26jjJOIvyEfXNQ6TIXaYVf5SA9Bvdj/DPsRBXOI8eUq8Al4zGv5zNGEke0SQ41QdtjGvGOJ/5N31pWoCYo78TP8z1qObmJJpGRiaBkoW+hAHHddX41TqO6nzLkbz6UdZ2Jf7il9igQQVXvNl8JZKRcoQtJPDsOLgUlBJuwEGr85Sd0GOsnTqSEbVCJcjzDC8KtTlyDih5kiOJtMlFuSGzA0V/SllpI9mR+yxT46s/6ksV/YMJXURqOA7jUfo65PG1dJMleYEYrif7SQypi2DrfNtPTD1gXyfDJrJY0tXgHB1QJt8fLNM2sGzXlrGYk04UNPKqdiO8otrW4x9or1ZvaLTOepDD7AK8kNj3E2+5TIEtHmpE96Adwm4BEG62TUPD0nILIpo22HQ+ewmNUeQKy+ON93GK0+19CIlwRVrhxmEhxUkIEWuLOs57Sn7W6VOSWNzfq45fthGknK26F7siyOtdj6SLS9uHFR52aWFz66kAhqVsHucyeDlC4s/cf17zfpzKWUoWFXHkvuZIDt5+g1zPJcXVbb2wKawugrI1LXpSfbC+usQMLB+RVYVjweiToKrEdmIkmai3QSsp76U/bEjFphkL4QBVsyWtwi0gpm0W4zewqJKfiuATBuSQ9vy9bD1z4ZTf/RjnP+bIqPEPS8+hypMvpVdwjUlBbcELOYleX7dZ4jegY7rH+fW8S69qIc/xGWlt4ly2JeTxuMQtCKI6oDcowsaZKFhsnSg/f1vFiBOzaYLOXIwISs/UozJaxayDLB61910Ul8P8tCcRjBlRxDK+f1M45QhZD0EVahbQEQTy32kcvRfiAQKjRgeY76ra2VCuwfxOnrZaMFkFLZbLPW9YyDJmDCrmtxaX0TFGvJoFLew85RlL8pbq
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AE10B5121F694164AC3163AE3E615E94junipernet_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR05MB6109.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9e05a64e-48e8-4552-5501-08d8b7162cb5
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jan 2021 16:21:53.8630 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: WvmZkaa8MQZL39iPPwFwMflUjYRj+uOc5VRVtwDjhhCON3bmQlccPvoTU3CGEo9M
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR05MB6623
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2021-01-12_12:2021-01-12, 2021-01-12 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 mlxscore=0 adultscore=0 spamscore=0 impostorscore=0 malwarescore=0 suspectscore=0 bulkscore=0 mlxlogscore=999 clxscore=1011 phishscore=0 priorityscore=1501 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2101120092
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/TICTtZ0ik8GGoM7HMmpHjfd5nl4>
Subject: Re: [Idr] Magnus Westerlund's Discuss on draft-ietf-idr-tunnel-encaps-20: (with DISCUSS)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jan 2021 16:22:05 -0000

Hi Magnus,

I’ve read your comments a few times and given them some thought. As best I can determine, your biggest concern is that there are assumptions made about the forwarding plane, that aren’t signaled. I can see that this might pose real problems with deployments running across the big-I Internet, traversing uncoordinated infrastructure. This is presumably the same as tunnel deployment across uncoordinated infrastructure now. It seems to me though, that in the scope we’ve restricted applicability to (see Section 11), it’s reasonable to assume that the infrastructure is NOT uncoordinated. We are trying to provide an incremental improvement over configuring tunnels by hand. I agree a “do no harm” principle is good, and I *think* we’ve done no harm compared to the status quo.

I sympathize with your goals here:

But, I think the document needs to go in
either of two directions here. The first is to be specific on combinations of
tunnel and outer encapsualtion and document the assumptions about capabilities
and requirements on the network deployment to use these zero-checksum as well as
ECN field processing. The other direction is to make this into a framework, but
then you are going to have to discuss these matters in the abstract and likely
need to have signalling indicate what the egress will do in regards.

But it seems to me that (if I understand you correctly) this is a big scope increase that’s likely to set us back quite a long time, and comes down to perfect being the enemy of good. :-/

However, I might well still be misunderstanding you. If so, I think a voice call might be a better way forward than continuing to iterate in email. If you’d like to go that route, please unicast me with some times that work for you? (I’m in U.S. Eastern Time.)

Thanks,

—John

On Dec 7, 2020, at 8:38 AM, Magnus Westerlund <magnus.westerlund@ericsson.com<mailto:magnus.westerlund@ericsson.com>> wrote:

On Fri, 2020-12-04 at 20:38 +0000, John Scudder wrote:
Hi Magnus,

For now I’d like to talk just about your zero-checksum point (quoted below but
I’ll top-post my comments). It seems to me that the expected deployment model
for tunnel-encaps, detailed in Section 11 and further strengthened after my
discussion with Roman, exactly corresponds with "single administrative
control” or "closely cooperating network administrations”. Here’s the Section
11 text from the current candidate version 21, after the modification:

  The Tunnel Encapsulation attribute is defined as a transitive
  attribute, so that it may be passed along by BGP speakers that do not
  recognize it.  However the Tunnel Encapsulation attribute MUST be
  used only within a well-defined scope, for example, within a set of
  Autonomous Systems that belong to a single administrative entity.

Whether it would be nice to add a “should we use UDP checksums or not” sub-TLV
anyway, as an additional bell and whistle, is up for discussion. But I don’t
think it’s mandated by RFC 7510.

The above text clarifies the scope of this document. I think there are ways of
avoiding a TLV for RFC 7510 usages, however, I think that this is in fact
through documenting the assumption in regards to this protocol usage.

My point is that this document do need per tunnel protocol sections where these
aspect can be considered in this context of this tunnel configuration mechanism.
I am a bit uncertain in my understanding about how this BGP attribute is used.
However, it looks to me that a decapsulator will basically tell those other
entities in the other AS that it cooperates with that you can establish a tunnel
to the decapsulator in relation to a set of routes. However, if that is the
correct understanding then a number of assumptions are made. I think in the
context of RFC7510 you are assuming that zero-checksum is either MAY or MUST be
used for this to work. If it is the later then you also put a requirement on the
receiver of these attributes to not establish a tunnel if it thinks the
requirements in RFC7510 for zero-checksum is not met.

To conclude I don't think you get away from discussing these aspects in the
document. However, it can be so that there exist no need for defining additional
sub-tlvs for the aspects I brought up. But, I think the document needs to go in
either of two directions here. The first is to be specific on combinations of
tunnel and outer encapsualtion and document the assumptions about capabilities
and requirements on the network deployment to use these zero-checksum as well as
ECN field processing. The other direction is to make this into a framework, but
then you are going to have to discuss these matters in the abstract and likely
need to have signalling indicate what the egress will do in regards.

From my perspective not discussing zero-checksum and ECN behavior leaves
implementors unaware of relevant implementation requirements. And if a missmatch
occurrs those who sees the downside is likely not the nodes that causes the
issue. For the wrong ECN behaviors this has just casued a change in end-to-end
network flow behaviors as CE marks might be dropped in the egress. For zero-
checksum tunnels usage where the underlying network is corrupting enough packets
these affects those endpoints that receives corrupt packets.

Cheers

Magnus



Thanks,

—John

On Dec 4, 2020, at 5:43 AM, Magnus Westerlund <
magnus.westerlund@ericsson.com<mailto:magnus.westerlund@ericsson.com>> wrote:

My impression for example when it comes to zero-checksum for IPv6/UDP is
used
widely with little consideration about the potential issues. However, this
work
is done in a WG for inter domain routing. Thus, the general context is inter
domain routing, and that pushes the zero-checkum usage from within a single
domain into multiple ones. Thus, the risk for errors that checksum would
detect
is different and also the potential impact of failure to verify is
different.
Thus, there might actually exist a configuraiton need for this if one
intended
to pay attention to what might be written into the user plane specification.
Here actually we do have an issue with RFC 7510:

So your document states:

 MPLS-in-UDP [RFC7510] is also supported, but an
 Encapsulation sub-TLV for it is not needed since there are no
 additional parameters to be signaled.

While if you go read Section 3.1 of RFC 7510 it states the following in
regards
to zero-checksum:

 The UDP checksum MUST be implemented and MUST be used in accordance
 with [RFC768] and [RFC2460] for MPLS-in-UDP traffic over IPv6 unless
 one or more of the following exceptions applies and the additional
 requirements stated below are complied with.  There are three
 exceptions that allow use of UDP zero-checksum mode for IPv6 with
 MPLS-in-UDP, subject to the additional requirements stated below in
 this section.  The three exceptions are:

 a.  Use of MPLS-in-UDP in networks under single administrative
     control (such as within a single operator's network) where it is
     known (perhaps through knowledge of equipment types and lower-
     layer checks) that packet corruption is exceptionally unlikely
     and where the operator is willing to take the risk of undetected
     packet corruption.

 b.  Use of MPLS-in-UDP in networks under single administrative
     control (such as within a single operator's network) where it is
     judged through observational measurements (perhaps of historic or
     current traffic flows that use a non-zero checksum) that the
     level of packet corruption is tolerably low and where the
     operator is willing to take the risk of undetected packet
     corruption.

 c.  Use of MPLS-in-UDP for traffic delivery for applications that are
     tolerant of misdelivered or corrupted packets (perhaps through
     higher-layer checksum, validation, and retransmission or
     transmission redundancy) where the operator is willing to rely on
     the applications using the tunnel to survive any corrupt packets.

 These exceptions may also be extended to the use of MPLS-in-UDP
 within a set of closely cooperating network administrations (such as
 network operators who have agreed to work together in order to
 jointly provide specific services).  Even when one of the above
 exceptions applies, use of UDP checksums may be appropriate when VPN
 services are provided over MPLS-in-UDP; see Section 6.

 As such, for IPv6, the UDP checksum for MPLS-in-UDP MUST be used as
 specified in [RFC768] and [RFC2460] for tunnels that span multiple
 networks whose network administrations do not cooperate closely, even
 if each non-cooperating network administration independently
 satisfies one or more of the exceptions for UDP zero-checksum mode
 usage with MPLS-in-UDP over IPv6.

So this indicate to me that there is a significant likelyhood that for the
intended usage of these tunnel encapsulations would not qualify for the
exceptions and should use checksums. If that needs signalling or not is the
next
question. That comes back to how the configuring node knows about
capabilities
and how one can resolve lack of a capability when signalled.