IETF Logo Mail Archive

Re: [ippm] draft-ioametal-ippm-6man-ioam-ipv6-deployment-00 feedback (Re: v6 option types for IOAM data fields)

Mikael Abrahamsson <swmike@swm.pp.se> Mon, 01 April 2019 11:16 UTC

Return-Path: <swmike@swm.pp.se>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73EF31200FD; Mon, 1 Apr 2019 04:16:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=swm.pp.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QnLSzDT2zPTH; Mon, 1 Apr 2019 04:16:29 -0700 (PDT)
Received: from uplift.swm.pp.se (ipv6.swm.pp.se [IPv6:2a00:801::f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34C7712011E; Mon, 1 Apr 2019 04:16:29 -0700 (PDT)
Received: by uplift.swm.pp.se (Postfix, from userid 501) id 0BF64B0; Mon, 1 Apr 2019 13:16:26 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=swm.pp.se; s=mail; t=1554117386; bh=ZeZqsp91NOk0wuvXkoCeCynKnYf+WNmAr0EgCd6Lf54=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=AcO/Xxg4+I6qyByUxBVJ5rdVKWvHItGzsoVyYcfdO8mzV8xqpz0NBX6hT/8xnQMAy fqIQUOr1yYTlnvS6SNGx1CliP3QrszGp3T4UBTcmdAS5ObF16QQwQKBQIaoEfAU3zU o6OU+dwLC/DSsK0cK8HbF6TY6q0O8QcV9lMDCSgg=
Received: from localhost (localhost [127.0.0.1]) by uplift.swm.pp.se (Postfix) with ESMTP id 09D30AF; Mon, 1 Apr 2019 13:16:26 +0200 (CEST)
Date: Mon, 01 Apr 2019 13:16:26 +0200
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: "Frank Brockners (fbrockne)" <fbrockne@cisco.com>
cc: Mark Smith <markzzzsmith@gmail.com>, "C. M. Heard" <heard@pobox.com>, 6man WG <ipv6@ietf.org>, "ippm@ietf.org" <ippm@ietf.org>
In-Reply-To: <DM6PR11MB362528DB0EADA21493CC49A3DA590@DM6PR11MB3625.namprd11.prod.outlook.com>
Message-ID: <alpine.DEB.2.20.1904011139550.3490@uplift.swm.pp.se>
References: <CACL_3VGxyn-PYosFsKPVdd8C=P5AbE6HD1zrimHKuh2MPkhnuQ@mail.gmail.com> <505272eac2dd44fa891d4d36d14da9af@XCH-RCD-008.cisco.com> <CAO42Z2wGMzc_RT=eWTx9Ve-5reS0nCWiteGOuE16=MB4Fg8mkg@mail.gmail.com> <f50040ab52d04867b9a5cefa1c3131c3@XCH-RCD-008.cisco.com> <CAO42Z2zgguekybwVuCh8Az3mK8gHp292BYnWYhJq-8KEyfKzOA@mail.gmail.com> <7ea9049fe6f44a40aefe4801bd796322@XCH-RCD-008.cisco.com> <CAO42Z2y5TS1+8YxNsr=BKz5v8-ZPTiO-M7CU2k6FzNqVZoU4VA@mail.gmail.com> <CY4PR11MB1335960AD9BF9A4B990F7E10DA4A0@CY4PR11MB1335.namprd11.prod.outlook.com> <CAO42Z2xqq=uksNQPxvF_CRSxf1V_MADbFurzW4hqQW0v478cyw@mail.gmail.com> <DM6PR11MB36254EAC97ACF07F5BAD43CADA5F0@DM6PR11MB3625.namprd11.prod.outlook.com> <DM6PR11MB362528DB0EADA21493CC49A3DA590@DM6PR11MB3625.namprd11.prod.outlook.com>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
Organization: People's Front Against WWW
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/932bQkUwGakZbZ6jISDOvkJfyTI>
Subject: Re: [ippm] draft-ioametal-ippm-6man-ioam-ipv6-deployment-00 feedback (Re: v6 option types for IOAM data fields)
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2019 11:16:33 -0000

On Thu, 28 Mar 2019, Frank Brockners (fbrockne) wrote:

>
> FYI - A new draft including Mark's comments below just got posted:
> https://tools.ietf.org/html/draft-ioametal-ippm-6man-ioam-ipv6-deployment-01

I watched the tech deep dive video recording in conjunction with this. 
This is a really hard problem to solve with all those factors to take into 
account. Some random thoughts:

There seems to be overlap of this problem space with SRv6, these seem to 
have almost identical properties. They insert something, the forwarding 
devices need to interact with it and it needs to be stripped before it 
leaves the domain.

Though, in the SRv6 space the forwarding information is in the header, 
whereas for the IOAM space the forwarding device should actually ignore 
whatever is in the IOAM header as the desire is for it to treat packets 
identically regardless if they have the header or not. Considering how 
routers forward packets based on 5-tuple (or even deeper), what's the 
thinking been on this so far?

The MTU issue should be the least problematic, recommendations on using a 
considerable higher MTU on the internal links compared to the external 
links is identical to what has been used for encapsulation networks for a 
long time. We use 9180 IP MTU on the internal links and external links are 
9000 MTU. This leaves room for several layers of encap without affecting 
the customer visible MTU.

I like the fact that the IOAM information is attached to the real packet 
being forwarded as opposed to just using test traffic.

I think the C1-C6 requirements make a lot of sense, but following them is 
hard. I have myself run networks that ran IPv4 and IPv6 Internet packets 
native (no encap) internally, and only encapsulated VPN overlay packets. 
It'd of course be nice to support IOAM also for those deployment 
scenarios, but then it becomes harder to assure no leakage (C5) and 
identifying the leaker. Otoh when doing MPLS if you leak labeled packets 
they are probably dropped at the other end (do we have research on this?). 
So leaking IOAM enabled packets might be less of a disaster compared to 
other encaps?

Doing IOAM only based on some other forwarding scheme (MPLS, SRv6 etc) and 
embedding meaning into whatever forwarding information is used for that 
might help (IOAM information lives within that forwarding plane), but also 
makes IOAM less deployable for other networks that just run native.

Reading https://tools.ietf.org/html/draft-ietf-ippm-ioam-data-05 and 
considering the C5 requirement, how do I as an end receiver of a packet 
with an IOAM header in it identify even what operator to contact about 
these leaked packets? It looks like the namespace/identifier is 
operator-internal, but how do I identify what operator it is?

-- 
Mikael Abrahamsson    email: swmike@swm.pp.se

v2.23.0 | Report a Bug | By Email