IETF Logo Mail Archive

Re: [spring] “SRV6+” complexity in forwarding

Tom Herbert <tom@herbertland.com> Thu, 19 September 2019 01:16 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CDB612011B for <ipv6@ietfa.amsl.com>; Wed, 18 Sep 2019 18:16:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I6pYa6Oue4nA for <ipv6@ietfa.amsl.com>; Wed, 18 Sep 2019 18:16:05 -0700 (PDT)
Received: from mail-ed1-x541.google.com (mail-ed1-x541.google.com [IPv6:2a00:1450:4864:20::541]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 259FA1200EC for <6man@ietf.org>; Wed, 18 Sep 2019 18:16:05 -0700 (PDT)
Received: by mail-ed1-x541.google.com with SMTP id g12so1639224eds.6 for <6man@ietf.org>; Wed, 18 Sep 2019 18:16:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=LOf9Eti/dsLctqy6CiJjPgA2sHE+ap/nkweN2ga5MTw=; b=wU1J73QHjfhhgVa7324vUO16nB3BCZG/AYQtGTE0QVG4LWD91B9FU0Kca41c7HqKkL RjCuqPuQo2Drc8P1IPpb5XuWY/wUkqkU5QgmeKkkA1G7HN46ZHzfbGgXSKTqwQgmtxDY 3VumMbYNUMLSDpgUW+oCVQfq3qpNRYUgKLglt212DheSfsuQGEkfn4VnVOhnJiQNsIQY 7gA7mv+vDxA3ta+X3+mDoghPDlSL43QHk+zo6Oesbd0Uc+qP2CzO4p8q/pVBGpUB8Hk6 5YveJzztmNsAk2YS3LfxeUaop8N0BYevsXAUUiv1dX8xbihxbRU/oAKpShWhIaBUDNhv v7eg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=LOf9Eti/dsLctqy6CiJjPgA2sHE+ap/nkweN2ga5MTw=; b=o1trozGs3x1V0xQNvuJ1ffBbj3CzE3xf/+qFi6g2APlvL/76o9sknFXM+jaPrKPil0 sAnpRmX3YEU2NGC9cFgX+q7EwXtxqRbi6/OiXZyHc6xjgzfQhW/CCNcxns1xwRfXRlbN RiOcIv6mPl0Un8fbIvC9ECasBccolBiShldzhxGbnfK7fLawHSphwiSWG5eRrS5Um41U VuW2hOfAddG2c3Nlu83GUnQLCeIAZVxms3vZ+mSIcy8zthD1SROUD097vFnhAEfcOafP j5Rcths9+Gm8pboSE6eji8TSUl+fU+OjpiT2QdJNDANktSNYf1CIsYcXwHPzYANQNir9 qsBQ==
X-Gm-Message-State: APjAAAUo0RJ5VUSEI4QHIWBzstBbvaLOW+PfRP+9BIEKDhrR+r00yWz4 /V76nNwpGUUAvC3C1qmmNyflyJPAtKFDiQwDZqxfKQ==
X-Google-Smtp-Source: APXvYqzr3ZxuGPSAIYVF0WhWp7fAZXeI8rOCkB/UkaELZdiW2lHMt1hHrLD2CIMwAkQNddelledPfqBjqUJgbx/zPYc=
X-Received: by 2002:a50:dac2:: with SMTP id s2mr13450858edj.26.1568855763525; Wed, 18 Sep 2019 18:16:03 -0700 (PDT)
MIME-Version: 1.0
References: <CAHd-QWtA21+2Sm616Fnw0D-eB7SNb_BeG8-A-MCLLFgTwSpOsg@mail.gmail.com> <BYAPR05MB54632F09C712ADB30138CFA9AEBE0@BYAPR05MB5463.namprd05.prod.outlook.com> <BYAPR19MB3415D21403394F8129A4BAD8FCB90@BYAPR19MB3415.namprd19.prod.outlook.com> <30491F13-C652-45C3-AB2B-95F765FBB4EA@juniper.net> <65C5CB04-3A2F-4F83-A7C8-2045154F93AE@cisco.com> <BYAPR05MB5463EC3250F2A303A3641839AEBA0@BYAPR05MB5463.namprd05.prod.outlook.com> <91CBADAD-EFE6-46E1-A9D3-DAA111357179@juniper.net> <CAOj+MMGyUFRPDqCBo5SbLX486o_9GLpM6Zxf8KSt1voWiqhkGQ@mail.gmail.com> <E8D473B5-3E8D-4339-9A79-0CAE30750A55@juniper.net> <CAOj+MMFOy5PyTo=jPJkVrQOctdWjsTbD=7ix-2n89vodKzT3gQ@mail.gmail.com> <2F604D74-51CF-4F2F-AEA9-1CBDEEA9B9F7@gmail.com> <F09C2D09-D769-4817-AF73-97D6ED1BC4BF@lapishills.com> <201909120857387140042@chinatelecom.cn> <1568259664564.62561@bell.ca> <CAO42Z2wQ_8GEE+=nAMFBj+ape9Vf7fARVoOwGdCiUxdffkyXgw@mail.gmail.com> <BYAPR05MB5463A04B05B4BD6AA294F7F0AEB00@BYAPR05MB5463.namprd05.prod.outlook.com> <6EA6F7C0-BEB2-4749-A6AB-62B1337213B2@cisco.com> <BYAPR05MB5463426F1668202EE5F183EFAE8F0@BYAPR05MB5463.namprd05.prod.outlook.com> <634900D2-FBCE-47CF-8907-C8B9CB3A4102@cisco.com> <CALx6S34=Tw-u4Hz-07-Rs-GjsungkqnD_fMoQnGc17u3VJhY1g@mail.gmail.com> <CAFqxzqYr7g2jzwJrhvjL_DXYZsDzbzqx01cy0zB1aBweDde1XQ@mail.gmail.com> <CAO42Z2yrjwRMykWxmEo5=18fMvuZdMtuyz5g1p=8oSzp_ro9Vw@mail.gmail.com>
In-Reply-To: <CAO42Z2yrjwRMykWxmEo5=18fMvuZdMtuyz5g1p=8oSzp_ro9Vw@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Wed, 18 Sep 2019 18:15:52 -0700
Message-ID: <CALx6S37cC7wT+=x2e=YD-7O+s2H5a-ksMpRGxwL_Wf_Qb2cD4A@mail.gmail.com>
Subject: Re: [spring] “SRV6+” complexity in forwarding
To: Mark Smith <markzzzsmith@gmail.com>
Cc: Dirk Steinberg <dirk@lapishills.com>, Rob Shakir <robjs@google.com>, SPRING WG <spring@ietf.org>, 6man <6man@ietf.org>, "Darren Dukes (ddukes)" <ddukes@cisco.com>, Robert Raszuk <robert@raszuk.net>, Ron Bonica <rbonica@juniper.net>, "xiechf@chinatelecom.cn" <xiechf@chinatelecom.cn>, Tarek Saad <tsaad.net@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/BwGxYGjibZlHh7U4fBzZX0ciMyE>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Sep 2019 01:16:09 -0000

On Wed, Sep 18, 2019 at 5:33 PM Mark Smith <markzzzsmith@gmail.com> wrote:
>
>
>
> On Thu, 19 Sep 2019, 09:40 Dirk Steinberg, <dirk@lapishills.com> wrote:
>>
>> SRv6 does not require TLV processing for normal forwarding (use case: SP core).
>
>
> +1
>
> The Internet scales because complexity is pushed towards the edges.
>
Mark,

I agree, but that begs the question as to why SRV6 contains its own
TLVs and authentication as opposed to using edge mechanisms like
destination options after the routing header or AH. The obvious intent
of putting TLVs in the routing header is that some intermediate
destinations will process them. So then these "some" intermediate
nodes will sustain the performance hit of TLV processing. If this is
so bad as expected that TLVs are relegated to the slow path, then
nobody turns them on because of the performance hit and the mechanism
likely becomes yet another extensibility mechanism with the same
demise as IPv4 options. History shows again and again that
extensibility mechanisms are "use it or lose it". Requiring an
extensibility mechanism is a good force function and motivation for
implementers to make the mechanism work and be feasible.

Tom

>>
>> - Dirk
>>
>> On Wed, Sep 18, 2019 at 5:57 PM Tom Herbert <tom@herbertland.com> wrote:
>>>
>>> On Wed, Sep 18, 2019 at 6:42 AM Darren Dukes (ddukes) <ddukes@cisco.com> wrote:
>>> >
>>> > Hi Ron.
>>> >
>>> > I summarized my argument as follows:
>>> > "Regardless of ASIC capabilities there are two performance penalties you will not escape with PSSI+CRH+PPSI: TLV parsing and multiple lookups.”
>>> >
>>> > You’ve confirmed this additional overhead for "SRv6+".  Thanks.
>>> >
>>>
>>> Darren,
>>>
>>> How does one escape the performance penalty of TLV processing in SRV6?
>>>
>>> Tom
>>>
>>>
>>> > You then say "So long as the ASIC can process enough packets per second to saturate the line cards, we are forwarding at full line rate."
>>> >
>>> > Yes this is true, but we can conclude: The complexity of "SRv6+" requires ASICs do much more work per packet vs SRv6.
>>> >
>>> > Thanks
>>> >   Darren
>>> >
>>> >
>>> > On Sep 16, 2019, at 9:59 PM, Ron Bonica <rbonica@juniper.net> wrote:
>>> >
>>> > Hi Darren,
>>> >
>>> > I think that your argument can be summarized as follows:
>>> >
>>> >
>>> > SRv6 requires only two FIB searches
>>> > SRv6+ requires 4 or more FIB searches
>>> > Therefore, SRv6+ cannot possibly forward at line speed
>>> >
>>> >
>>> > Have I summarized your argument correctly? If not, please set me straight. If so, please read on.
>>> >
>>> > First, SRv6+ never requires more than 4 FIB searches. The DOH that precedes the CRH contains, at most, one PSSI. Therefore SRv6+ requires four FIB searches, at most.
>>> >
>>> > Second, SRv6+ only requires 4 FIB searches the following case:
>>> >
>>> >
>>> > The packet contains two instances of the DOH. (Most use-cases require only one.)
>>> > The processing node is configured to process the PSSI. (Many ASIC-based devices, because of their role in the network, won’t support any per segment service instructions. This nodes will be configured to ignore the PSSI. That is why it is optional.)
>>> >
>>> >
>>> > So, in most use-cases, SRv6+ requires only 3 FIB searches.
>>> >
>>> > So, you might now argue that:
>>> >
>>> >
>>> > SRv6 requires only two FIB searches
>>> > SRv6+ requires three and sometimes four FIB searches
>>> > Therefore, SRv6+ cannot possibly forward at line speed
>>> >
>>> >
>>> > Here, some slightly deeper thought might be required. A platform has two relevant resources:
>>> >
>>> >
>>> > A route lookup ASIC, that can process some number of packets per second
>>> > Some number of interfaces, that can forward some number of bits per second
>>> >
>>> >
>>> > So long as the ASIC can process enough packets per second to saturate the line cards, we are forwarding at full line rate. So long as a platform has a sufficiently capable ASIC, it will be able to forward at line speed. But it’s a matter of how the platform is designed. If the ASIC is not sufficiently capable, of course, it will not forward at line speed.
>>> >
>>> > In your email, you say that I have been asked several times to report on the state of Juniper’s SRv6+ implementation. While I cannot provide details, you can assume that we wouldn’t be working on this if we thought that performance was going to be sub-optimal.
>>> >
>>> > You also suggest that Juniper’s is the only implementation. Are you sure that this is correct?
>>> >
>>> >                                                                                                                      Ron
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > Juniper Business Use Only
>>> > From: Darren Dukes (ddukes) <ddukes@cisco.com>
>>> > Sent: Monday, September 16, 2019 4:38 PM
>>> > To: Ron Bonica <rbonica@juniper.net>
>>> > Cc: Mark Smith <markzzzsmith@gmail.com>; EXT - daniel.bernier@bell.ca <daniel.bernier@bell.ca>; xiechf@chinatelecom.cn; SPRING WG <spring@ietf.org>; 6man <6man@ietf.org>; Robert Raszuk <robert@raszuk.net>; Rob Shakir <robjs@google.com>; Tarek Saad <tsaad.net@gmail.com>
>>> > Subject: “SRV6+” complexity in forwarding
>>> >
>>> > Hi Ron, I agree ASICs are always improving, indeed this is evident in the number of successful SRv6 deployments and multiple vendor implementations at line rate on merchant silicon, and multiple vendor ASICs.
>>> >
>>> > Is “SRv6+” (PSSI+CRH+PPSI) implemented and deployed at line rate?
>>> > You’ve been asked this several times.  Since you’re the only implementor(?) and one operator is claiming deployment or testing, I am curious.
>>> >
>>> > Regardless of ASIC capabilities there are two performance penalties you will not escape with PSSI+CRH+PPSI: TLV parsing and multiple lookups.
>>> >
>>> > Requiring all segments in a CRH segment list to process an arbitrary length DOH+set of PSSI’s and other options is always very expensive.
>>> > - It is expensive in SRAM as previously discussed in these threads.
>>> > - It is expensive in parsing logic to know and process a set of TLVs in any ASIC or NP.
>>> >
>>> > Spreading PSSI, CRH, PPSI operations in multiple headers and multiple identifiers you now have multiple lookups at a node.
>>> > 1 - lookup destination address
>>> > 2 - lookup one or more PSSI and future destination options.
>>> > 3 - lookup the CRH label or PPSI label.
>>> > 4 - lookup new destination address
>>> >
>>> > Compare this with SRv6.
>>> > 1 - lookup destination address
>>> > 2 - lookup new destination address
>>> >
>>> > While ASICs are more capable and will continue to be more capable, these technical performance problems you introduce with PSSI+CRH+PPSI will not go away.
>>> >
>>> > Darren
>>> >
>>> >
>>> >
>>> > On Sep 12, 2019, at 12:34 PM, Ron Bonica <rbonica=40juniper.net@dmarc.ietf..org> wrote:
>>> >
>>> >
>>> > --------------------------------------------------------------------
>>> > IETF IPv6 working group mailing list
>>> > ipv6@ietf.org
>>> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>> > --------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> spring mailing list
>>> spring@ietf.org
>>> https://www.ietf.org/mailman/listinfo/spring
>>
>> _______________________________________________
>> spring mailing list
>> spring@ietf.org
>> https://www.ietf.org/mailman/listinfo/spring

v2.23.0 | Report a Bug | By Email