Re: [ippm] [sfc] WGLC for https://datatracker.ietf.org/doc/draft-ietf-sfc-ioam-nsh/

[mohamed.boucadair@orange.com]

Hi Shwetha,

I suggest you simply add the following: “The O-bit MUST be handled following the rules in [I-D.ietf-sfc-oam-packet].”

Cheers,
Med

De : Shwetha Bhandari <shwetha.bhandari@thoughtspot.com>
Envoyé : mardi 12 avril 2022 16:56
À : BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com>
Cc : Frank Brockners (fbrockne) <fbrockne=40cisco.com@dmarc.ietf.org>; Greg Mirsky <gregimirsky@gmail.com>; sfc-chairs@ietf.org; sfc@ietf.org; ippm@ietf.org; James Guichard <james.n.guichard@futurewei.com>; Tal Mizrahi <tal.mizrahi.phd@gmail.com>; draft-ietf-sfc-ioam-nsh@ietf.org
Objet : Re: [sfc] WGLC for https://datatracker.ietf.org/doc/draft-ietf-sfc-ioam-nsh/

Med,

Thanks for the details: this is exactly what we had before the latest revision:

4.2<https://datatracker.ietf.org/doc/html/draft-ietf-sfc-ioam-nsh-06#section-4.2>.  IOAM and the use of the NSH O-bit



   [RFC8300] defines an "O bit" for OAM packets.  Per [RFC8300<https://datatracker.ietf.org/doc/html/rfc8300>] the O

   bit must be set for OAM packets and must not be set for non-OAM

   packets.  Packets with IOAM data included MUST follow this

   definition, i.e. the O bit MUST NOT be set for regular customer

   traffic which also carries IOAM data and the O bit MUST be set for

   OAM packets which carry only IOAM data without any regular data

   payload.

This was removed as per the discussion in this thread. Please check https://mailarchive.ietf.org/arch/msg/sfc/srMit5zE8UseNOhxknAw_dqvj6M/

It looks like we are going in a loop here. This definition of SFC OAM packet to include the OAM data that comes in inner packets via the next protocol header chain is introduced in draft-ietf-sfc-oam-packet to update the RFC8300.
Jim, What are you thoughts on this? Should we reintroduce the above text ?

Thanks,
Shwetha



On Tue, Apr 12, 2022 at 8:09 PM <mohamed.boucadair@orange.com<mailto:mohamed.boucadair@orange.com>> wrote:
Hi Franck,

Thank you for the clarification even if I don’t think there is a confusion.

Please note that SFC OAM packet is defined as follows:

==
      Such a packet
      is any NSH-encapsulated packet that exclusively includes OAM data.
      An OAM data can be included in the Fixed-Length Context Header,
      optional Context Headers, and/or the inner packet.
==

Things are pretty clear (as per draft-ietf-sfc-oam-packet) that the O bit must be unset when IOAM data is included + user data.

The concern I had is that you are pointing to RFC8300 for the IOAM next protocol, which makes both “none” (i.e., no payload) and IOAM (as you request a new code) legitimate values.

Cheers,
Med

De : sfc <sfc-bounces@ietf.org<mailto:sfc-bounces@ietf.org>> De la part de Frank Brockners (fbrockne)
Envoyé : mardi 12 avril 2022 13:55
À : BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com<mailto:mohamed.boucadair@orange.com>>; Shwetha Bhandari <shwetha.bhandari@thoughtspot.com<mailto:shwetha.bhandari@thoughtspot.com>>; Greg Mirsky <gregimirsky@gmail.com<mailto:gregimirsky@gmail.com>>
Cc : sfc-chairs@ietf.org<mailto:sfc-chairs@ietf.org>; sfc@ietf.org<mailto:sfc@ietf.org>; ippm@ietf.org<mailto:ippm@ietf.org>; James Guichard <james.n.guichard@futurewei.com<mailto:james.n.guichard@futurewei.com>>; Tal Mizrahi <tal.mizrahi.phd@gmail.com<mailto:tal.mizrahi.phd@gmail.com>>; draft-ietf-sfc-ioam-nsh@ietf.org<mailto:draft-ietf-sfc-ioam-nsh@ietf.org>
Objet : Re: [sfc] WGLC for https://datatracker.ietf.org/doc/draft-ietf-sfc-ioam-nsh/<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-ietf-sfc-ioam-nsh/__;!!MZ3Fw45to5uY!JpBZ4H2-MNm5lJDGjooVj_3Sq-aX7gdh5qeoNPyZ69CXOFRhgdYmSOyreClzKvZDgPAiwaGN2YTO2qUw70GqHI4QEKQpGnBw0LXBXQ$>

Hi Med,

Sorry for arriving late to the party. Reading through your message below, there seems to be a confusion about the scope and concept of different OAM mechanisms.

IOAM is scoped and designed to be protocol agnostic. IOAM data can be encapsulated into various protocols – and NSH is one example – but there is no semantic link between IOAM and the protocol used to encapsulate IOAM data.

Protocols can have their protocol specific OAM methods and solutions, like SFC OAM. Those protocol specific solutions (like SFC OAM as an example) are orthogonal to IOAM from a concept and scope perspective.

From an SFC OAM perspective, your draft-ietf-sfc-oam-packet-00 clearly and rightly states that “O bit: Setting this bit indicates an SFC OAM packet.” The O bit is about SFC OAM, and as such is orthogonal to “anything IOAM”. In earlier versions of draft-ietf-sfc-ioam-nsh we had text which stated that the O bit remains unchanged whether IOAM is present or not. To avoid any confusion, in -08 we removed this statement – just to make it crystal clear that there is no link between “IOAM” and “SFC OAM”.

In addition, I don’t think that draft-ietf-sfc-ioam-nsh would be the appropriate place to discuss and restrict deployment options. E.g., I’m not sure why we’d want to restrict a deployment to using a single IOAM header only. E.g., one could think of using different headers for different namespaces or groups of namespaces for operational reasons. IMHO, such a discussion – if we really need it - would belong into draft-ietf-ippm-ioam-deployment, rather than into a draft that defines the encap of IOAM into NSH.

Hope this clarifies things – and we can finish up draft-ietf-sfc-ioam-nsh :-).

Cc’ing the ippm working group as an FYI.

Thanks & Cheers, Frank



From: mohamed.boucadair@orange.com<mailto:mohamed.boucadair@orange.com> <mohamed.boucadair@orange.com<mailto:mohamed.boucadair@orange.com>>
Sent: Monday, 4 April 2022 07:40
To: Shwetha Bhandari <shwetha.bhandari@thoughtspot.com<mailto:shwetha.bhandari@thoughtspot.com>>; Greg Mirsky <gregimirsky@gmail.com<mailto:gregimirsky@gmail.com>>
Cc: sfc-chairs@ietf.org<mailto:sfc-chairs@ietf.org>; Frank Brockners (fbrockne) <fbrockne@cisco.com<mailto:fbrockne@cisco.com>>; sfc@ietf.org<mailto:sfc@ietf.org>; James Guichard <james.n.guichard@futurewei.com<mailto:james.n.guichard@futurewei.com>>; Tal Mizrahi <tal.mizrahi.phd@gmail.com<mailto:tal.mizrahi.phd@gmail.com>>; draft-ietf-sfc-ioam-nsh@ietf.org<mailto:draft-ietf-sfc-ioam-nsh@ietf.org>
Subject: RE: [sfc] WGLC for https://datatracker.ietf.org/doc/draft-ietf-sfc-ioam-nsh/<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-ietf-sfc-ioam-nsh/__;!!MZ3Fw45to5uY!JpBZ4H2-MNm5lJDGjooVj_3Sq-aX7gdh5qeoNPyZ69CXOFRhgdYmSOyreClzKvZDgPAiwaGN2YTO2qUw70GqHI4QEKQpGnBw0LXBXQ$>

Hi Shwetha, all,

I agree with Greg that a statement is needed to be added to draft-ietf-sfc-oam-packet.

For example, the current text says the following:

      Next Protocol:  8-bit unsigned integer that determines the type of
         header following IOAM.  The semantics of this field are
         identical to the Next Protocol field in [RFC8300<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/rfc8300__;!!MZ3Fw45to5uY!JpBZ4H2-MNm5lJDGjooVj_3Sq-aX7gdh5qeoNPyZ69CXOFRhgdYmSOyreClzKvZDgPAiwaGN2YTO2qUw70GqHI4QEKQpGnDoYxXlRw$>].

which means that “None” is authorized. The O-bit must be set for such packets, while it should be unset for other values indicating user payload as per draft-ietf-sfc-oam-packet. Absent a pointer to the OAM packet, an implementer will have to guess the behavior to follow.

BTW, the text quoted above when combined with:

   IANA is requested to allocate protocol numbers for the following "NSH
   Next Protocol" related to IOAM:

…means that IOAM data can be encapsulated in IOAM data. I don’t think you want such a behavior. No?

One last comment: please update the security considerations with NSH-specific considerations. An approach is to simply refer to Section 5 of draft-ietf-sfc-oam-packet.

Cheers,
Med

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.