Re: [ippm] [sfc] WGLC for https://datatracker.ietf.org/doc/draft-ietf-sfc-ioam-nsh/

mohamed.boucadair@orange.com Tue, 12 April 2022 15:05 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 786FB3A1717; Tue, 12 Apr 2022 08:05:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.004
X-Spam-Level:
X-Spam-Status: No, score=-2.004 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 353-js4NZzQb; Tue, 12 Apr 2022 08:04:57 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B2113A0ADC; Tue, 12 Apr 2022 08:04:57 -0700 (PDT)
Received: from opfedar01.francetelecom.fr (unknown [xx.xx.xx.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by opfedar27.francetelecom.fr (ESMTP service) with ESMTPS id 4Kd8CW58M0z2ybb; Tue, 12 Apr 2022 17:04:55 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1649775895; bh=nQXD8hp8zWocx/YIu09VUTkWxk+/rrBSqdFTotCmtYs=; h=From:To:Subject:Date:Message-ID:Content-Type:MIME-Version; b=MYLM7GcRJpLd9/kVJn/53Ac+nqG/icyf3P1FlTd2joqZvp4lnTVYv5TtvNDYeEED4 SnA7+HftTXolGehanjUbsiDqeTQrGMthp4D+pGP/3i1ENVyVR/kYKhzvntN9A1dmUg MhdkhTUs4EFPZ68DZQjh3+DhLcNhHyy5eCg8KBK2uVw41ecGRVK4INdBN2/LeVNv0J MTRCdnVSJpx6Pch1VSGmYmFDvekRcMmqFMPVY53fa/gW/SyTY8aCowlAqwGZkTFj3F jcrYg9fo7U/etarH3L53hM/moUi7rEy5UQlupAh11UvfcAfoad74nfvy6w452xQRUD uXP69BoNkv5rQ==
From: <mohamed.boucadair@orange.com>
To: Shwetha Bhandari <shwetha.bhandari@thoughtspot.com>
CC: "Frank Brockners (fbrockne)" <fbrockne=40cisco.com@dmarc.ietf.org>, "Greg Mirsky" <gregimirsky@gmail.com>, "sfc-chairs@ietf.org" <sfc-chairs@ietf.org>, "sfc@ietf.org" <sfc@ietf.org>, "ippm@ietf.org" <ippm@ietf.org>, "James Guichard" <james.n.guichard@futurewei.com>, Tal Mizrahi <tal.mizrahi.phd@gmail.com>, "draft-ietf-sfc-ioam-nsh@ietf.org" <draft-ietf-sfc-ioam-nsh@ietf.org>
Thread-Topic: [sfc] WGLC for https://datatracker.ietf.org/doc/draft-ietf-sfc-ioam-nsh/
Thread-Index: AdeULBhJRJPqyAEIQoSKEyRZsxugZSC95BWLAArMKUANy6ci2wAAN6Eg
Content-Class:
Date: Tue, 12 Apr 2022 15:04:55 +0000
Message-ID: <5208_1649775895_62559517_5208_327_1_1fd91873d16a4af4997b9516c02cb37f@orange.com>
References: <MN2PR13MB4206C91446BA5FBBDA69E233D2FF9@MN2PR13MB4206.namprd13.prod.outlook.com> <CA+RyBmVSrdCaO77P4=1vZ2LmxtR65OmspN_wozyGPNwtM5Uv3A@mail.gmail.com> <CAMFZu3PaLQrHcBULzsxbdnTJyr-bVDVs1WpnFwLuSkR7DbntuQ@mail.gmail.com> <CA+RyBmWeUiTsA7-CvpXSBViB00Y-tmAuSr-P=Vf3vB61zfn6bg@mail.gmail.com> <CAMFZu3P45x9Mt5-MUpGO1Puqz57DPcGE4aBsPNxczW-pw9n=AA@mail.gmail.com> <MN2PR13MB42066C22CA66B0E1F0FC3FFFD2269@MN2PR13MB4206.namprd13.prod.outlook.com> <CAMFZu3NO6J-MM_a7TZm+wTzxbKzY5t0OkW8QNLk0673Fkr16RQ@mail.gmail.com> <CA+RyBmVVWdvLZdANV_whtcwwMKVfVpM8VL7BYMM7NTnmooUpcQ@mail.gmail.com> <CAMFZu3PEmrarcsp4tXQsx4eKvai8+UvzKSFxfcakX4LUAcayJA@mail.gmail.com> <MN2PR13MB420615DA403388EA0144A9C1D22F9@MN2PR13MB4206.namprd13.prod.outlook.com> <CAMFZu3MUmuBEDEzdafw2UHEvsTE+7sQ=E1kik5TuQ=_NznFF9w@mail.gmail.com> <CA+RyBmW=ZT0EUmSYYfZJjcapBZ5-pg93um5t287LreONLOVnJQ@mail.gmail.com> <CAMFZu3NCCmj4u75taEzBiMmkMQ0YrmK5KsUToSOKfwX1yBxePA@mail.gmail.com> <26916_1649050778_624A849A_26916_245_1_aa5a0049026247d9980f4ebbc8c5ac0b@orange.com> <CY4PR11MB1672FCF27DA2A4822C6E1B40DAED9@CY4PR11MB1672.namprd11.prod.outlook.com> <11111_1649774342_62558F05_11111_493_4_a734de5265ca498bbabf9805a6eaf91d@orange.com> <CAMFZu3N03E-nWYJNik91e+X=gr3s2TVF03ZCM8i02ru4_Q82og@mail.gmail.com>
In-Reply-To: <CAMFZu3N03E-nWYJNik91e+X=gr3s2TVF03ZCM8i02ru4_Q82og@mail.gmail.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Enabled=true; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SetDate=2022-04-12T15:02:59Z; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Method=Privileged; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Name=unrestricted_parent.2; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ActionId=6ed5adda-9acd-420f-b156-e16ce4350856; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ContentBits=0
x-originating-ip: [10.115.26.50]
Content-Type: multipart/alternative; boundary="_000_1fd91873d16a4af4997b9516c02cb37forangecom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/6omuHOEgf8X5TG2d1VlZg3rdVqY>
Subject: Re: [ippm] [sfc] WGLC for https://datatracker.ietf.org/doc/draft-ietf-sfc-ioam-nsh/
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Apr 2022 15:05:07 -0000

Hi Shwetha,

I suggest you simply add the following: “The O-bit MUST be handled following the rules in [I-D.ietf-sfc-oam-packet].”

Cheers,
Med

De : Shwetha Bhandari <shwetha.bhandari@thoughtspot.com>
Envoyé : mardi 12 avril 2022 16:56
À : BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com>
Cc : Frank Brockners (fbrockne) <fbrockne=40cisco.com@dmarc.ietf.org>rg>; Greg Mirsky <gregimirsky@gmail.com>om>; sfc-chairs@ietf.org; sfc@ietf.org; ippm@ietf.org; James Guichard <james.n.guichard@futurewei.com>om>; Tal Mizrahi <tal.mizrahi.phd@gmail.com>om>; draft-ietf-sfc-ioam-nsh@ietf.org
Objet : Re: [sfc] WGLC for https://datatracker.ietf.org/doc/draft-ietf-sfc-ioam-nsh/

Med,

Thanks for the details: this is exactly what we had before the latest revision:

4.2<https://datatracker.ietf.org/doc/html/draft-ietf-sfc-ioam-nsh-06#section-4.2>.2>.  IOAM and the use of the NSH O-bit



   [RFC8300] defines an "O bit" for OAM packets.  Per [RFC8300<https://datatracker.ietf.org/doc/html/rfc8300>] the O

   bit must be set for OAM packets and must not be set for non-OAM

   packets.  Packets with IOAM data included MUST follow this

   definition, i.e. the O bit MUST NOT be set for regular customer

   traffic which also carries IOAM data and the O bit MUST be set for

   OAM packets which carry only IOAM data without any regular data

   payload.

This was removed as per the discussion in this thread. Please check https://mailarchive.ietf.org/arch/msg/sfc/srMit5zE8UseNOhxknAw_dqvj6M/

It looks like we are going in a loop here. This definition of SFC OAM packet to include the OAM data that comes in inner packets via the next protocol header chain is introduced in draft-ietf-sfc-oam-packet to update the RFC8300.
Jim, What are you thoughts on this? Should we reintroduce the above text ?

Thanks,
Shwetha



On Tue, Apr 12, 2022 at 8:09 PM <mohamed.boucadair@orange.com<mailto:mohamed.boucadair@orange.com>> wrote:
Hi Franck,

Thank you for the clarification even if I don’t think there is a confusion.

Please note that SFC OAM packet is defined as follows:

==
      Such a packet
      is any NSH-encapsulated packet that exclusively includes OAM data.
      An OAM data can be included in the Fixed-Length Context Header,
      optional Context Headers, and/or the inner packet.
==

Things are pretty clear (as per draft-ietf-sfc-oam-packet) that the O bit must be unset when IOAM data is included + user data.

The concern I had is that you are pointing to RFC8300 for the IOAM next protocol, which makes both “none” (i.e., no payload) and IOAM (as you request a new code) legitimate values.

Cheers,
Med

De : sfc <sfc-bounces@ietf.org<mailto:sfc-bounces@ietf.org>> De la part de Frank Brockners (fbrockne)
Envoyé : mardi 12 avril 2022 13:55
À : BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com<mailto:mohamed.boucadair@orange.com>>; Shwetha Bhandari <shwetha.bhandari@thoughtspot.com<mailto:shwetha.bhandari@thoughtspot.com>>; Greg Mirsky <gregimirsky@gmail.com<mailto:gregimirsky@gmail.com>>
Cc : sfc-chairs@ietf.org<mailto:sfc-chairs@ietf.org>; sfc@ietf.org<mailto:sfc@ietf.org>; ippm@ietf.org<mailto:ippm@ietf.org>; James Guichard <james.n.guichard@futurewei.com<mailto:james.n.guichard@futurewei.com>>; Tal Mizrahi <tal.mizrahi.phd@gmail.com<mailto:tal.mizrahi.phd@gmail.com>>; draft-ietf-sfc-ioam-nsh@ietf.org<mailto:draft-ietf-sfc-ioam-nsh@ietf.org>
Objet : Re: [sfc] WGLC for https://datatracker.ietf.org/doc/draft-ietf-sfc-ioam-nsh/<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-ietf-sfc-ioam-nsh/__;!!MZ3Fw45to5uY!JpBZ4H2-MNm5lJDGjooVj_3Sq-aX7gdh5qeoNPyZ69CXOFRhgdYmSOyreClzKvZDgPAiwaGN2YTO2qUw70GqHI4QEKQpGnBw0LXBXQ$>

Hi Med,

Sorry for arriving late to the party. Reading through your message below, there seems to be a confusion about the scope and concept of different OAM mechanisms.

IOAM is scoped and designed to be protocol agnostic. IOAM data can be encapsulated into various protocols – and NSH is one example – but there is no semantic link between IOAM and the protocol used to encapsulate IOAM data.

Protocols can have their protocol specific OAM methods and solutions, like SFC OAM. Those protocol specific solutions (like SFC OAM as an example) are orthogonal to IOAM from a concept and scope perspective.

From an SFC OAM perspective, your draft-ietf-sfc-oam-packet-00 clearly and rightly states that “O bit: Setting this bit indicates an SFC OAM packet.” The O bit is about SFC OAM, and as such is orthogonal to “anything IOAM”. In earlier versions of draft-ietf-sfc-ioam-nsh we had text which stated that the O bit remains unchanged whether IOAM is present or not. To avoid any confusion, in -08 we removed this statement – just to make it crystal clear that there is no link between “IOAM” and “SFC OAM”.

In addition, I don’t think that draft-ietf-sfc-ioam-nsh would be the appropriate place to discuss and restrict deployment options. E.g., I’m not sure why we’d want to restrict a deployment to using a single IOAM header only. E.g., one could think of using different headers for different namespaces or groups of namespaces for operational reasons. IMHO, such a discussion – if we really need it - would belong into draft-ietf-ippm-ioam-deployment, rather than into a draft that defines the encap of IOAM into NSH.

Hope this clarifies things – and we can finish up draft-ietf-sfc-ioam-nsh :-).

Cc’ing the ippm working group as an FYI.

Thanks & Cheers, Frank



From: mohamed.boucadair@orange.com<mailto:mohamed.boucadair@orange.com> <mohamed.boucadair@orange.com<mailto:mohamed.boucadair@orange.com>>
Sent: Monday, 4 April 2022 07:40
To: Shwetha Bhandari <shwetha.bhandari@thoughtspot.com<mailto:shwetha.bhandari@thoughtspot.com>>; Greg Mirsky <gregimirsky@gmail.com<mailto:gregimirsky@gmail.com>>
Cc: sfc-chairs@ietf.org<mailto:sfc-chairs@ietf.org>; Frank Brockners (fbrockne) <fbrockne@cisco.com<mailto:fbrockne@cisco.com>>; sfc@ietf.org<mailto:sfc@ietf.org>; James Guichard <james.n.guichard@futurewei.com<mailto:james.n.guichard@futurewei.com>>; Tal Mizrahi <tal.mizrahi.phd@gmail.com<mailto:tal.mizrahi.phd@gmail.com>>; draft-ietf-sfc-ioam-nsh@ietf.org<mailto:draft-ietf-sfc-ioam-nsh@ietf.org>
Subject: RE: [sfc] WGLC for https://datatracker.ietf.org/doc/draft-ietf-sfc-ioam-nsh/<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-ietf-sfc-ioam-nsh/__;!!MZ3Fw45to5uY!JpBZ4H2-MNm5lJDGjooVj_3Sq-aX7gdh5qeoNPyZ69CXOFRhgdYmSOyreClzKvZDgPAiwaGN2YTO2qUw70GqHI4QEKQpGnBw0LXBXQ$>

Hi Shwetha, all,

I agree with Greg that a statement is needed to be added to draft-ietf-sfc-oam-packet.

For example, the current text says the following:

      Next Protocol:  8-bit unsigned integer that determines the type of
         header following IOAM.  The semantics of this field are
         identical to the Next Protocol field in [RFC8300<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/rfc8300__;!!MZ3Fw45to5uY!JpBZ4H2-MNm5lJDGjooVj_3Sq-aX7gdh5qeoNPyZ69CXOFRhgdYmSOyreClzKvZDgPAiwaGN2YTO2qUw70GqHI4QEKQpGnDoYxXlRw$>]$>].

which means that “None” is authorized. The O-bit must be set for such packets, while it should be unset for other values indicating user payload as per draft-ietf-sfc-oam-packet. Absent a pointer to the OAM packet, an implementer will have to guess the behavior to follow.

BTW, the text quoted above when combined with:

   IANA is requested to allocate protocol numbers for the following "NSH
   Next Protocol" related to IOAM:

…means that IOAM data can be encapsulated in IOAM data. I don’t think you want such a behavior. No?

One last comment: please update the security considerations with NSH-specific considerations. An approach is to simply refer to Section 5 of draft-ietf-sfc-oam-packet.

Cheers,
Med

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.