Re: [ippm] Review on draft-ietf-ippm-ioam-data-06

On Thu, Aug 22, 2019 at 3:22 PM Anoop Ghanwani <anoop@alumni.duke.edu> wrote:
>
> Hi Barak/Tom,
>
> Using IP options would be cleaner but there are other issues that make it undesirable.  Most existing silicon will either blindly forward/discard/punt to CPU all packets with IP options.  If we pick the forward option, then it opens up a hole that allows packets with any other IP options through.  Additionally, when forwarding many will not parse beyond the option header so things like ACLs and hashing for LAG/ECMP will break.  Picking any of the other 2 options (discard/punt) means this protocol is no longer backwards compatible.

The problems are summarized in the famous "IP Options are not an
option" paper. https://www2.eecs.berkeley.edu/Pubs/TechRpts/2005/EECS-2005-24.html
>
> I may be wrong, but I think it may be hard to convince the IETF to move forward with a proposal that needs to extend IPv4 in any way, hence e.g. segment routing is supported only with IPv6.

Yes, that concern was raised. I think our argument would be something
like we're enabling an already defined protocol number to be used with
IPv4, we're not really extending or improving IPv4 protocol (Brian
Trammell's idea). The next draft on the IPv4 EH will highlight this
and narrow the use cases that were in last draft.

Tom

>
> Thanks,
> Anoop
>
> On Thu, Aug 22, 2019 at 2:28 PM Barak Gafni <gbarak@mellanox.com> wrote:
>>
>> Hi,
>> You may be interested to take a look on a draft that discusses the use of the IP options for IOAM: https://tools.ietf.org/html/draft-gafni-ippm-ioam-ipv4-options-00
>> I do agree that IP options is an area we should use for this application. The good thing about IP options is that the header architecture enable the implementations to easily go over the options without the need to be aware and parse them, as a backwards compatibility consideration.
>>
>> Thanks,
>> Barak
>>
>> -----Original Message-----
>> From: ippm <ippm-bounces@ietf.org> On Behalf Of Tom Herbert
>> Sent: Thursday, August 22, 2019 2:11 PM
>> To: OU, Heidi <heidi.ou@alibaba-inc.com>
>> Cc: draft-ietf-ippm-ioam-data@ietf.org; IETF IPPM WG <ippm@ietf.org>; Hugh Holbrook <holbrook@arista.com>; Anoop Ghanwani <Anoop.Ghanwani@dell.com>; Surendra Anubolu <surendra.anubolu@broadcom.com>
>> Subject: Re: [ippm] Review on draft-ietf-ippm-ioam-data-06
>>
>> On Thu, Aug 22, 2019 at 1:51 PM OU, Heidi <heidi.ou@alibaba-inc.com> wrote:
>> >
>> > Tom,
>> >
>> > Thanks for the reply. Anoop also gave some insight offline on the ASIC restriction.
>> >
>> > About adding  IOAM as an IP option, I thought it had been  proposed in
>> >
>> > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftool
>> > s.ietf.org%2Fhtml%2Fdraft-kumar-ippm-ifa-01%23page-10&amp;data=02%7C01
>> > %7Cgbarak%40mellanox.com%7Ce4ccee89b9bc4e1274ce08d727455b2a%7Ca652971c
>> > 7d2e4d9ba6a4d149256f461b%7C0%7C0%7C637021051167634230&amp;sdata=gt0iYj
>> > 8NTD2UVgTVshJ011ndwG46tHRcEhXQ5NGvDAE%3D&amp;reserved=0
>> > What prevent us from doing that?
>>
>> Yeah, IP options would be obstensibly be an obvious choice, but proper support in middleboxes is notoriously bad. Also, they're limited to forty bytes. In reality, I doubt no one is seriously considering use of new IPv4 options. However, IPv6 extension headers are an active area of development (including the definition of IOAM options). I've written a draft to allow IPv4 to carry the same HBH extension headers in IPv4 to bridge the gap between v4 and v6.
>>
>> Tom
>>
>> >
>> > From deployment point of view,  as long as the INT packet can go through the exact same path/queue as the  pre-encap'd packets, we are fine.
>> >
>> > Thanks
>> > - Heidi
>> >
>> > On 2019/8/22, 12:41 PM, "Tom Herbert" <tom@quantonium.net> wrote:
>> >
>> >     On Thu, Aug 22, 2019 at 12:21 PM OU, Heidi <heidi.ou@alibaba-inc.com> wrote:
>> >     >
>> >     > Hi Frank,
>> >     >
>> >     >
>> >     >
>> >     > I also have a question on the encapsulation: If you can get a new ethertype for IOAM, why not insert IOAM data directly after layer2 MAC?  instead of adding a GRE header for IOAM.
>> >     >
>> >     Because, we need a packet format that is compatible with existing
>> >     network devices. In light of that, GRE is more preferable than using
>> >     the new Ethertype directly in an Ethernet frame. There will also be
>> >     similar arguments made for using GRE/IP, and UDP encapsulation over
>> >     IP, and there was even a proposal to somehow insert the IOAM data
>> >     immediately after the TCP header and before the TCP data. All of these
>> >     are attempts to use protocol headers that are thought to be most
>> >     palatable to intermediate devices and maximize the chances of
>> >     efficient delivery.
>> >
>> >     IMO, all of the aforementioned techniques have some problem or aren't
>> >     clean (including the GRE solution). The best solution, and most
>> >     architecturally correct and generic one, is an IOAM option in
>> >     Hop-by-Hop extension headers.
>> >
>> >     Tom
>> >
>> >     >
>> >     >
>> >     > Thanks
>> >     >
>> >     > Heidi
>> >     >
>> >     >
>> >     >
>> >     > From: Vijay Rangarajan <vijayr@arista.com>
>> >     > Date: Thursday, August 22, 2019 at 7:22 AM
>> >     > To: "Frank Brockners (fbrockne)" <fbrockne@cisco.com>
>> >     > Cc: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>, Jai Kumar <jai.kumar@broadcom.com>, "draft-ietf-ippm-ioam-data@ietf.org" <draft-ietf-ippm-ioam-data@ietf.org>, IETF IPPM WG <ippm@ietf.org>, Hugh Holbrook <holbrook@arista.com>, Anoop Ghanwani <Anoop.Ghanwani@dell.com>, "OU, Heidi" <heidi.ou@alibaba-inc.com>, Surendra Anubolu <surendra.anubolu@broadcom.com>, John Lemon <john.lemon@broadcom.com>
>> >     > Subject: Re: [ippm] Review on draft-ietf-ippm-ioam-data-06
>> >     >
>> >     >
>> >     >
>> >     > Hi Frank:
>> >     >
>> >     > Thanks, I knew I was missing something.
>> >     >
>> >     > So basically what you are saying is - let's say we have a UDP packet, we are just going to stick in the GRE header and IOAM Header and Metadata in-between the original IP and UDP headers?
>> >     >
>> >     >
>> >     >
>> >     > So, the next protocol in the IOAM Header should indicate the L4 protocol - i.e UDP/TCP?
>> >     >
>> >     > Looking at https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-weis-ippm-ioam-eth%2F&amp;data=02%7C01%7Cgbarak%40mellanox.com%7Ce4ccee89b9bc4e1274ce08d727455b2a%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C637021051167634230&amp;sdata=PykE1LWuF5gfIvL3ZiS242rAKnh%2FEZ5PXjZrp6dQXy4%3D&amp;reserved=0, it actually defines the "Next protocol" in the IOAM header to be an ethertype value?
>> >     >
>> >     >
>> >     >
>> >     > Thanks,
>> >     >
>> >     > Vijay
>> >     >
>> >     >
>> >     >
>> >     >
>> >     >
>> >     > On Thu, Aug 22, 2019 at 6:22 PM Frank Brockners (fbrockne) <fbrockne@cisco.com> wrote:
>> >     >
>> >     > Hi Vijay,
>> >     >
>> >     >
>> >     >
>> >     > note that you don’t necessarily need to “tunnel” – you can just use the GRE header to sequence-in IOAM.
>> >     >
>> >     >
>> >     >
>> >     > Cheers, Frank
>> >     >
>> >     >
>> >     >
>> >     > From: Vijay Rangarajan <vijayr@arista.com>
>> >     > Sent: Donnerstag, 22. August 2019 05:31
>> >     > To: Carlos Pignataro (cpignata) <cpignata@cisco.com>
>> >     > Cc: Jai Kumar <jai.kumar@broadcom.com>; draft-ietf-ippm-ioam-data@ietf.org; IETF IPPM WG <ippm@ietf.org>; Frank Brockners (fbrockne) <fbrockne@cisco.com>; Hugh Holbrook <holbrook@arista.com>; Anoop Ghanwani <Anoop.Ghanwani@dell.com>; OU, Heidi <heidi.ou@alibaba-inc.com>; Surendra Anubolu <surendra.anubolu@broadcom.com>; John Lemon <john.lemon@broadcom.com>
>> >     > Subject: Re: [ippm] Review on draft-ietf-ippm-ioam-data-06
>> >     >
>> >     >
>> >     >
>> >     > Thanks Carlos, for pointing me to the draft.
>> >     >
>> >     >
>> >     >
>> >     > Based on my understanding of the two drafts I have the following questions and concerns:
>> >     >
>> >     > If I understand correctly, to deploy inband telemetry, we would need to construct GRE tunnels coinciding with the IOAM domain?
>> >     > GRE typically requires configuration to provision the tunnels. Provisioning and managing these tunnels and keeping these updated as the network grows/shrinks could be a significant overhead.
>> >     > In order to get the benefit of telemetry, we are imposing a change in forwarding protocol/topology and configuration - which, I feel is not desirable. For example, a customer might have basic L3 routing enabled and the expectation would be for inband telemetry to work seamlessly, without having to revamp the network with GRE tunnels and such. This could be a significant barrier to deployment.
>> >     > If sampling is used to select packets for performing IOAM encap, is the expectation that only sampled IOAM packets go through GRE encap? Or all data packets?
>> >     > Due to network nodes inserting the IOAM data, the inner L3/L4 headers keep getting pushed deeper. I would imagine this gets challenging for ASICs to access these fields for hashing/load balancing.
>> >     > Assuming only a subset of packets in a flow are subject to IOAM (based on sampling), how do we ensure these packets take the same network path as the rest of the packets in the flow?
>> >     >
>> >     > Thanks,
>> >     >
>> >     > Vijay
>> >     >
>> >     >
>> >     >
>> >     >
>> >     >
>> >     > On Wed, Aug 21, 2019 at 5:04 PM Carlos Pignataro (cpignata) <cpignata@cisco.com> wrote:
>> >     >
>> >     > Hello, Vijay,
>> >     >
>> >     >
>> >     >
>> >     > Please see https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-weis-ippm-ioam-eth%2F&amp;data=02%7C01%7Cgbarak%40mellanox.com%7Ce4ccee89b9bc4e1274ce08d727455b2a%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C637021051167634230&amp;sdata=PykE1LWuF5gfIvL3ZiS242rAKnh%2FEZ5PXjZrp6dQXy4%3D&amp;reserved=0, and the document this replaces.
>> >     >
>> >     >
>> >     >
>> >     > Thanks!
>> >     >
>> >     > Thumb typed by Carlos Pignataro.
>> >     >
>> >     > Excuze typofraphicak errows
>> >     >
>> >     >
>> >     > 2019/08/21 6:35、Vijay Rangarajan <vijayr@arista.com>のメール:
>> >     >
>> >     > Hello all:
>> >     >
>> >     > Apologise if this has been previously discussed.
>> >     >
>> >     > In reading "draft-ietf-ippm-ioam-data-06", I don't see mention of GRE encap. The draft, in fact in Sec 3, says the following - "The in-situ OAM data field can be transported by a variety of transport protocols, including NSH, Segment Routing, Geneve, IPv6, or IPv4.  Specification details for these different transport protocols are outside the scope of this document."
>> >     >
>> >     >
>> >     >
>> >     > Is there another document, or a description somewhere, that talks about how IOAM is proposed to be carried in GRE? what would be the GRE payload, the GRE protocol type etc?
>> >     >
>> >     >
>> >     >
>> >     > Thanks,
>> >     >
>> >     > Vijay
>> >     >
>> >     >
>> >     >
>> >     >
>> >     >
>> >     > On Wed, Aug 21, 2019 at 7:52 AM Jai Kumar <jai.kumar@broadcom.com> wrote:
>> >     >
>> >     > Hello Frank,
>> >     >
>> >     >
>> >     >
>> >     > This is in context of our conversation at IETF105. My goal is to provide input and improve current IOAM data draft with the learnings we had with IFA deployment.
>> >     >
>> >     > This feedback is based on various customer interactions and concerns raised by them wrt IOAM. Each feedback is a longer topic and I am starting this thread as a summary email. This is just highlighting the issues and not yet proposing any solution.
>> >     >
>> >     >
>> >     >
>> >     >
>> >     >
>> >     > Feedback 1:
>> >     >
>> >     > Section 4.2..1 Pre-allocated and Incremental Trace Options
>> >     >
>> >     > Pre-allocated and incremental trace option is 8Bytes long. This can be easily reduced to 4Bytes.
>> >     >
>> >     > There is a feedback that pre-allocated option is really not needed and either be removed or made optional.
>> >     >
>> >     > Given that deployments are sensitive to the IOAM overhead (specially in 5G deployments), it’s a 50% fixed overhead savings on a per packet basis.
>> >     >
>> >     >
>> >     >
>> >     >
>> >     >
>> >     > Feedback 2:
>> >     >
>> >     > Section 4.1 IOAM Namespaces
>> >     >
>> >     > Namespaces should be treated as templates (similar to IPFIX template record formats). This is more flexible way of enumerating data. 64K namespace id is a very large namespace and can be reduced to 64 IANA specified name spaces. Separate private name space can be allowed instead of interleaving of opaque data in the IANA allocated name space as suggested in the current draft “opaque state snapshot”.
>> >     >
>> >     > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc7011%23section-3.4&amp;data=02%7C01%7Cgbarak%40mellanox.com%7Ce4ccee89b9bc4e1274ce08d727455b2a%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C637021051167634230&amp;sdata=WgPKon9dcPr2bhKG0amAA2rLs9DVKbQTUmjF7FZMYHs%3D&amp;reserved=0
>> >     >
>> >     >
>> >     >
>> >     > Feedback 3:
>> >     >
>> >     > Section 4.2.1 Pre-allocated and Incremental Trace Options
>> >     >
>> >     > IOAM-Trace-Type:  A 24-bit identifier which specifies which data
>> >     >
>> >     >       types are used in this node data list.
>> >     >
>> >     > This is the most contentious of all. In the current proposal, as new data fields are added, there is a corresponding trace type bit need in the header. This essentially means that all possible data fields need to be enumerated. Given that we there are 64K names spaces allowed, I don’t see how we can fit all possible data fields in this 24bit vector. I know there was a suggestion of keeping last bit as an extension bit but it is still scalable and/or easy to implement in hardware. Besides this the data fields are not annotated/encoded with the data type, something like in IPFIX https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc7011%23section-6.1&amp;data=02%7C01%7Cgbarak%40mellanox.com%7Ce4ccee89b9bc4e1274ce08d727455b2a%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C637021051167644216&amp;sdata=1lWHooNEDwt4Rh8oxXy2VlyyRgoWBZr6Ig%2BYvQQJfYk%3D&amp;reserved=0
>> >     >
>> >     >
>> >     >
>> >     > Feedback 4:
>> >     >
>> >     > There is no version field in the data header and this will make interoperability challenging. Standard will evolve and headers bit definition and/or trace type will change and without version field HW will not be able to correctly handle the IOAM data headers.
>> >     >
>> >     >
>> >     >
>> >     > Feedback 5:
>> >     >
>> >     > Handling of TCP/UDP traffic using GRE encap is not acceptable. Here are some of the issues I can think of
>> >     >
>> >     > GRE encaped IOAM packets will traverse a different network path then the original packet
>> >     > Not all packets can be GRE encaped to avoid the previous problem, due to wastage of network bandwidth (typically sampled traffic is used for IOAM). What about native GRE traffic, will it get further encaped in another GRE tunnel and so forth.
>> >     > IP header protocol will point to GRE IP proto and IOAM ethertype (pending allocation by IEEE) need to be read from the GRE header to detect an IOAM packet. This means parsing performance penalty for all regular GRE (non IOAM) traffic.
>> >     >
>> >     >
>> >     >
>> >     > Thanks,
>> >     >
>> >     > -Jai
>> >     >
>> >     >
>> >     >
>> >     > _______________________________________________
>> >     > ippm mailing list
>> >     > ippm@ietf.org
>> >     >
>> > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
>> > ietf.org%2Fmailman%2Flistinfo%2Fippm&amp;data=02%7C01%7Cgbarak%40mella
>> > nox.com%7Ce4ccee89b9bc4e1274ce08d727455b2a%7Ca652971c7d2e4d9ba6a4d1492
>> > 56f461b%7C0%7C0%7C637021051167644216&amp;sdata=VrxNh%2FdRh%2FYasyWtFXS
>> > et2I5iADIY0U5vDjLd6ObAmU%3D&amp;reserved=0
>> >
>> >
>> >
>>
>> _______________________________________________
>> ippm mailing list
>> ippm@ietf.org
>> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fippm&amp;data=02%7C01%7Cgbarak%40mellanox.com%7Ce4ccee89b9bc4e1274ce08d727455b2a%7Ca652971c7d2e4d9ba6a4d149256f461b%7C0%7C0%7C637021051167644216&amp;sdata=VrxNh%2FdRh%2FYasyWtFXSet2I5iADIY0U5vDjLd6ObAmU%3D&amp;reserved=0
>> _______________________________________________
>> ippm mailing list
>> ippm@ietf.org
>> https://www.ietf.org/mailman/listinfo/ippm