Re: [ippm] WGLC for IOAM Direct Exports
Greg Mirsky <gregimirsky@gmail.com> Wed, 06 October 2021 23:30 UTC
Return-Path: <gregimirsky@gmail.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 265A63A0A60; Wed, 6 Oct 2021 16:30:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s2vI09ZodSoo; Wed, 6 Oct 2021 16:30:28 -0700 (PDT)
Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B74F53A0A64; Wed, 6 Oct 2021 16:30:27 -0700 (PDT)
Received: by mail-ed1-x531.google.com with SMTP id g10so15463413edj.1; Wed, 06 Oct 2021 16:30:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DyWtm6VQ1DeQEMATbLmGyzyKAmUd18yvpwnh0SqFlaw=; b=J/6EB5G6u35yl8F15Cua4QgkSk7GzZl3SjA6fPptKDr8/1DEdo47C95Bv4PtUuyKXz B+geCP7rPAkis4fy1IIAKMelGq200s+JHClScyClONwyVIDYyljsxmas+mnaBKQ/erzX A3wh20wNG6Thn8Ykr2kaCKrEgSgGbqhGtmft7OpeUKFtBG2Y2RW6rZuQiC2Z7QV+VFC2 8aYQthCmra2nLUfF/56ifjyFzzR8LDnZQkz8fruDphLOAGu0Pd2tDmC/q5ezaTTKWUIL FFHb8HTXbtit8j0rREGxW+XyOxuZToRk4vpFe02DAb+IzI2GyeaiphMqx2sMx/jPXD/v 4D4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DyWtm6VQ1DeQEMATbLmGyzyKAmUd18yvpwnh0SqFlaw=; b=o+agJD58PySlMdM+XIFHwPqiATYXKm7vFnlCThMj2horKioakvVw6FEfsFhofvCMJu 5uqFainqAHLRNKBj/eLOQHJCfWbKPCQBDp9qeq6lZGhOkVj0+VXu6GEu67ZpKen9ifew oozW7+erTLTI4Cp/GjBe9A4QmLfeDiZkmQGTmIusDpRHg/v+OBUI1SIqBIMkAsoaHhld YtBeWN66UAEvZf7ATPoxsAjhwJZccxTIfTXEM+5OYdd34RFfvhCIAmv1W83PKa5tzwHa 7pWu7Nxb7E0trZPEQmZwfWDiZ646MTh9YyV5ZQ1JxHml+/w/dCIOvZ66d+FRt1CAi+Kg KK+A==
X-Gm-Message-State: AOAM533DYFVAHrkugbskTKt0ChihJTxwlO7VVP0lxIUFvw+S1KZX9NuD I4jYQIZo/ipi+LOfR3t6BGSHVLK9DF1x3aoFrPmjOb5/t/M=
X-Google-Smtp-Source: ABdhPJzvxAhsVSw8rZS5W8VNDGV4zkRtukP3bterxmYOmppllu/O2RRQXpSVH6mA9EOmEoNMtAIoanQtMv4PBhNeJWw=
X-Received: by 2002:a17:906:369a:: with SMTP id a26mr1302204ejc.539.1633563025613; Wed, 06 Oct 2021 16:30:25 -0700 (PDT)
MIME-Version: 1.0
References: <A4F59F82-7F47-452B-9E63-0FDFBB812CEC@apple.com> <CA+RyBmW3nKqMftmEZ+e=7OcZ_jukc71BHBt0BgVCxB8S9QvCRQ@mail.gmail.com> <CABUE3XnQLraizDGnH7NhYO9jfTbN_-G01RwnxH1H9xMitv+mUA@mail.gmail.com>
In-Reply-To: <CABUE3XnQLraizDGnH7NhYO9jfTbN_-G01RwnxH1H9xMitv+mUA@mail.gmail.com>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Wed, 06 Oct 2021 16:30:15 -0700
Message-ID: <CA+RyBmVtas_araRAiTiwJGfOH1O9OZEBJoXBxguQLsq4p7MSZw@mail.gmail.com>
To: Tal Mizrahi <tal.mizrahi.phd@gmail.com>
Cc: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>, IPPM Chairs <ippm-chairs@ietf.org>, "IETF IPPM WG (ippm@ietf.org)" <ippm@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000dc276d05cdb7878e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/33ApjF2fD8V-xmrRq7YPEffylq8>
Subject: Re: [ippm] WGLC for IOAM Direct Exports
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Oct 2021 23:30:34 -0000
Hi Tal, thank you for your kind consideration of my comments and constructive proposals. Please find my notes in-lined below under the GIM>> tag. Regards, Greg On Thu, Sep 30, 2021 at 12:17 AM Tal Mizrahi <tal.mizrahi.phd@gmail.com> wrote: > Hi Greg, > > Many thanks for the thorough review. > Below you can find responses to your comments, and in some cases > proposed text edits. > > If there are no further comments we will update the document accordingly. > > Thanks, > The authors. > > > On Wed, Sep 8, 2021 at 1:01 AM Greg Mirsky <gregimirsky@gmail.com> wrote: > > > > Dear Authors, WG Chairs, and All, > > I've read the latest version of the draft and have several comments and > questions to share with you. None of these are blocking, I support > progressing this draft to publication. Please consider the notes below as > an invitation to a discussion: > > > > It seems that the characterization of the Direct Export IOAM option in > the following is not entirely accurate: > > > > The DEX option is used as a trigger to collect and/or export IOAM data. > > > > I propose re-wording: > > The DEX option is used as a trigger to collect and export or only > collect locally the IOAM data. > > > > Using "exporting and/or collecting" reflects the use of the Direct > Export option type technically accurate but the order of actions is > backward. What are your thoughts? > > > > [TM] Right. The following text edit is proposed in the introduction. > > OLD: > This option is used as > a trigger for IOAM nodes to locally aggregate and process IOAM data, > and/or to export it to a receiving entity (or entities). > NEW: > This option is used as > a trigger for IOAM nodes to locally aggregate and process IOAM data, > and/or to export it to a receiving entity (or entities). Throughout > the document this functionality is referred to as collection and/or > exporting. > GIM>> Thank you, the new text is very helpful. > > > > I find references to RFC 5475 and 7014 very appropriate and helpful. But > I don't see these RFCs being referenced in draft-ietf-ippm-ioam-data. I > think that excessive use of not only the Direct Export IAOM option but the > IOAM method, in general, may adversely affect a network and the > recommendations listed in RFC 5475 and 7014 are equally applicable. > > Similarly, the good and helpful discussion of how to practically control > the use of the Direct Export option is, in my opinion, equally applicable > to other IOAM trace options and should be in the Security Considerations > section of draft-ietf-ippm-ioam-data. > > > [TM] The last two comments are about draft-ietf-ippm-ioam-data, which > is currently in IESG review. I will take this feedback with the other > authors to see how we can address this input at this point. > GIM>> Thank you. > > > > The second paragraph in Section 3.1.2 is re-phrasing if not repeating > what is already expressed in the last paragraph of the previous sub-section > (though the limit is applied to exporting telemetry information). I think > that it can be removed without any loss to the document. > > [TM] The second par of 3.1.2 refers to *exporting*, while the last par > of 3.1.1 refers to *encapsulating*, so these are two complementary > requirements. > GIM>> Thank you for clarifying that to me. > > > > I think that it will be helpful to provide some recommendations, i.e., > SHOULD do this, how an implementation handles the excess of packets to > export. Drop silently, drop and log notification, or try to shape that flow? > > [TM] Assuming an amplification scenario, a large number of packets may > be dropped, so logging each drop may defeat the purpose. A drop > counter may be a good idea here, but this document does not really > define counter requirements in general, so it seems like more of an > implementation-specific aspect, or possibly can be considered as part > of the YANG model. > GIM>> I think that logging a warning with the throttling control is a good option. What is your opinion? A counter of throttled DEX packets is helpful. Perhaps both mechanisms can be recommended. > > > I was really puzzled by this requirement in Section 3.1.2 > > > > Exported packets SHOULD NOT be exported over a path or a tunnel that > > > > is subject to IOAM direct exporting. > > > > I hope you can clarify it for me. > > > [TM] As explained later in that paragraph: "This requirement is > intended to prevent nested exporting and/or exporting loops." > This was thoroughly discussed in the working group, and came out of > the security-related review. > GIM>> As I understand IOAM DEX, packets with telemetry information are out-of-band relative to the monitored data flow and encapsulated to avoid being taken for an IOAM packet. I imagine that exported telemetry data can be collected via, for example, Kafka or gRPC. Am I missing something? > > > > > This requirement > > > > Furthermore, IOAM encapsulating > > nodes that can identify a packet as an IOAM exported packet MUST NOT > > push a DEX option into such a packet. > > brings up questions: > > > > How can a node identify a packet as the IOAM exported packet? > > [TM] The requirement means that if an encapsulating node's ACL can > detect exported packets, then DEX should not be applied. > GIM>> Please consider my previous note. I understand that that gets very close to an implementation choice but it seems that the document should be clear in its normative statements. > > > What should be done if the IOAM exported packet contains the IOAM header > with the DEX option? > > [TM] The current document does not require an IOAM transit node to > parse beyond the (external) IOAM encapsulation if there are nested > IOAM encapsulations. > GIM>> I have to admit that I'm lost with the reference to an "external IOAM encapsulation". What is the purpose of using IOAM in the exported packet? > > > > > What is special about the decapsulating node that is not DEX-capable? > > > > A decapsulating node that does not support the DEX option > > MUST remove it, along with any other IOAM options carried in the > > packet if such exist. > > Shouldn't that be a general behavior of a decapsulating IOAM node? > > [TM] Right. The following text edit is proposed: > > OLD: > A transit IOAM node that does not support the DEX option SHOULD > ignore it. A decapsulating node that does not support the DEX option > MUST remove it, along with any other IOAM options carried in the > packet if such exist. > NEW: > A transit or decapsulating IOAM node that does not support the DEX > option SHOULD > ignore it. Note that as per <xref target="I-D.ietf-ippm-ioam-data"/> a > decapsulating node removes the IOAM encapsulation and all its IOAM > options, > and specifically in the case where one of these options is a > (possibly unknown) > DEX option. > GIM>> What could be an alternative to ignoring IOAM DEX option? I feel that MUST is what is required here. Would you agree? > > > > > > The format of the first four-octet word in Figure 2 is different from > the format defined in draft-ietf-ippm-ioam-data: > > > > 0 1 2 3 > > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > > | Namespace-ID |NodeLen | Flags | RemainingLen| > > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > > | IOAM-Trace-Type | Reserved | > > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > > Is this intentional? If it is, how does an implementation know which > format to use? > > [TM] Each IOAM Option-Type has a different header format. The current > document defines a new Option-Type, which was not defined in > draft-ietf-ippm-ioam-data. > The IOAM-Type field in the lower layer header determines which > Option-Type is used and how its header should be parsed. > GIM>> How does an IOAM node differentiate between different Option-Types? Is that expected to be communicated to an IOAM node over the management or control plane and not part of the IOAM encapsulation? If that is the case, then, I imagine, changing between IOAM tracing modes will require reconfiguration of all IOAM nodes. Doesn't seem operationally friendly. > > > > > > It is stated in the draft that: > > > > The length of the DEX option is at least 8 octets. > > > > But the figure 2 in the draft does not include any field that reflects > the length of the IOAM option. Is that because the figure is out of sync? > If not, how can an implementation verify the length? Also, what is the > behavior if the length is less than 8 octets? > > > > [TM] Quoting the draft: > > The existence of the optional fields is > indicated by the corresponding flags in the Extension-Flags field. > ... > Thus, the Extension-Flags field explicitly indicates > the length of the DEX option. > > > > RE: PerformanceConsiderations > > > > I agree with you that a DEX-encapsulating node and DEX-transit nodes > must have rate-limiting controls (as noted earlier, the behavior of the > transit node needs more detailed specification). But I think that the > document should also note that exported packets could be sent over the > network out-of-band, relative to the monitored flow. As a result, the > impact of packets carrying telemetry information might be not direct and > harmful to the data flow. I see that as one of the important benefits of > the Direct Export method transporting on-path telemetry information. > > > > [TM] Right. The following new text is proposed: > > It should be noted that in some networks DEX data may be exported over > an out-of-band network, in which a large volume of exported traffic > does not compromise user traffic. In this case an operator may choose > to disable the exporting rate limiting. > GIM>> Thank you for the proposed update. I thought that the main advantage of the IOAM DEX mode is the ability to export the telemetry information out-of-band. And, as I've noted above, the mechanism to collect and transport the telemetry is outside the scope of this specification. I think that would significantly simplify the document without any adverse impact on the value it provides. > > > > > Regards, > > Greg > > > > On Mon, Aug 30, 2021 at 1:58 PM Tommy Pauly <tpauly= > 40apple.com@dmarc.ietf.org> wrote: > >> > >> Hello IPPM, > >> > >> This email starts a Working Group Last Call on two related IOAM > documents, draft-ietf-ippm-ioam-flags and > draft-ietf-ippm-ioam-direct-export. > >> > >> In-situ OAM Loopback and Active Flags > >> https://datatracker.ietf.org/doc/draft-ietf-ippm-ioam-flags/ > >> https://datatracker.ietf.org/doc/html/draft-ietf-ippm-ioam-flags-06 > >> > >> In-situ OAM Direct Exporting > >> https://datatracker.ietf.org/doc/draft-ietf-ippm-ioam-direct-export/ > >> > https://datatracker.ietf.org/doc/html/draft-ietf-ippm-ioam-direct-export-06 > >> > >> Please provide feedback by replying to this email with your reviews and > if you think these documents are ready to progress, by Wednesday, September > 15. > >> > >> Best, > >> Tommy & Ian > >> > >> _______________________________________________ > >> ippm mailing list > >> ippm@ietf.org > >> https://www.ietf.org/mailman/listinfo/ippm > > > > _______________________________________________ > > ippm mailing list > > ippm@ietf.org > > https://www.ietf.org/mailman/listinfo/ippm >
- [ippm] WGLC for IOAM Flags and Direct Exports Tommy Pauly
- Re: [ippm] WGLC for IOAM Flags and Direct Exports Tal Mizrahi
- Re: [ippm] WGLC for IOAM Flags and Direct Exports Frank Brockners (fbrockne)
- Re: [ippm] WGLC for IOAM Flags and Direct Exports Haoyu Song
- Re: [ippm] WGLC for IOAM Flags and Direct Exports Ramesh Sivakolundu (sramesh)
- Re: [ippm] WGLC for IOAM Flags and Direct Exports Srihari Raghavan (srihari)
- Re: [ippm] WGLC for IOAM Flags and Direct Exports xiao.min2
- Re: [ippm] WGLC for IOAM Flags Greg Mirsky
- Re: [ippm] WGLC for IOAM Direct Exports Greg Mirsky
- Re: [ippm] WGLC for IOAM Flags and Direct Exports Rakesh Gandhi (rgandhi)
- Re: [ippm] WGLC for IOAM Flags and Direct Exports Rakesh Gandhi (rgandhi)
- Re: [ippm] WGLC for IOAM Flags and Direct Exports Tommy Pauly
- Re: [ippm] WGLC for IOAM Direct Exports Tal Mizrahi
- Re: [ippm] WGLC for IOAM Flags Tal Mizrahi
- Re: [ippm] WGLC for IOAM Direct Exports Greg Mirsky
- Re: [ippm] WGLC for IOAM Flags and Direct Exports Jeff Tantsura
- Re: [ippm] WGLC for IOAM Direct Exports Tal Mizrahi
- Re: [ippm] WGLC for IOAM Flags Greg Mirsky
- Re: [ippm] WGLC for IOAM Direct Exports Greg Mirsky
- Re: [ippm] WGLC for IOAM Direct Exports Tal Mizrahi
- Re: [ippm] WGLC for IOAM Flags Tal Mizrahi
- Re: [ippm] WGLC for IOAM Flags Tal Mizrahi
- Re: [ippm] WGLC for IOAM Flags Greg Mirsky
- Re: [ippm] WGLC for IOAM Direct Exports Greg Mirsky