IETF Logo Mail Archive

Re: [IPv6] Progress of comments resolution on draft-ietf-6man-enhanced-vpn-vtn-id

Ketan Talaulikar <ketant.ietf@gmail.com> Mon, 18 December 2023 16:42 UTC

Return-Path: <ketant.ietf@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52EDBC14F616; Mon, 18 Dec 2023 08:42:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EA8uEYeqBdlB; Mon, 18 Dec 2023 08:42:40 -0800 (PST)
Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC7B4C14F689; Mon, 18 Dec 2023 08:42:39 -0800 (PST)
Received: by mail-lf1-x130.google.com with SMTP id 2adb3069b0e04-50e3845abdaso1698836e87.3; Mon, 18 Dec 2023 08:42:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702917757; x=1703522557; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=OEsvC1TKN+dwPuw9ydwEZFr682CKMwYy5Ldf5QyDn5o=; b=ZqRXD09FxuEqWT4mdCq9CblsAGVjUph2dut/kF2g8URp0b6xJiPaqkSnRyN/hu1Pe7 Dmp5bNGl+mA/6egwO7KX7q29UfDSKUWHXFjd38Udk7v6Gmuq4as/CGlMDVYwT9G+Of2H 2klMlBbUjfRwMjBcwMiM1ZoSS6cQENB2Of8EH+MREEKpnkrLLkF3GqDCrGO7E6NamvPQ Bt46biIzZUM2emn3vliRVv7613RSpwcMsJhPTsk4VUgdw/0eMxc27qa64PbW3T2TKR+P Offf7E9qcQKm81O6Z51jzTq9jhNs9s9It8BpukAsQd7JC+R+xh198W0dRTfSnEbn3OL1 FxbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702917757; x=1703522557; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=OEsvC1TKN+dwPuw9ydwEZFr682CKMwYy5Ldf5QyDn5o=; b=qFAbRr/i9X+Wrnv0eyj8lPuepmomKMD3tXH7IRSI5qhALCGYfZg0uZlH+aJtwJh+yk F9SIzgIFbZLUETeInVNYPX7gdJ/YFMZQsotTDuGzGCaQSSIEZ+ZscDR5qiCZ04Gt41hc wB2H4AET+D2pst/YnGi1PQMhnIpAQ9kbOXOKIeeCqs85dmO0jgwD1A+MUN2iAUDhPvTa ESHBPr6bfTA2cY85pn+BnaN0m/wnp+kTqLso8nfVl1qfrtaoy6lfCnXTPC7khIWlulZU eA91Y0CR9wCMrTA+qFf67cqHhIqsrZezYABmKDx7VskFQa8LR47M/pwV6ZzwOARupTDI jGVQ==
X-Gm-Message-State: AOJu0Yy2JJ+Y/1X9EMtsKoBsSkgREGi1uGf1IJpXEczLIKAaU6zJwQ67 fdTWhSlH3wexq8T6L3b0prNdDg7PzQW4tf3POq6/3l6+
X-Google-Smtp-Source: AGHT+IFa/37ZeeAfp6nGikw4vhLx29/2yBeV/BSW4ht1wwlSV67/wlUX+jmqFSKlEzlhmwCkDuStk8UtFPYVyXOUX3w=
X-Received: by 2002:a05:6512:b07:b0:50d:1b99:5034 with SMTP id w7-20020a0565120b0700b0050d1b995034mr9757230lfu.112.1702917757258; Mon, 18 Dec 2023 08:42:37 -0800 (PST)
MIME-Version: 1.0
References: <165d35ecaaa44a3daff0783cd161eb12@huawei.com> <014c01da2cde$f6e31510$e4a93f30$@olddog.co.uk> <2fcc89b28bc64c7cb5cf2abf20319006@huawei.com> <021e01da2d1d$2efc2930$8cf47b90$@olddog.co.uk> <DU2PR02MB1016002CC68F1D799A4562D9D888CA@DU2PR02MB10160.eurprd02.prod.outlook.com> <fc34b0f89c3f4af2b4fb5c5dc5d9f7bd@huawei.com>
In-Reply-To: <fc34b0f89c3f4af2b4fb5c5dc5d9f7bd@huawei.com>
From: Ketan Talaulikar <ketant.ietf@gmail.com>
Date: Mon, 18 Dec 2023 22:12:25 +0530
Message-ID: <CAH6gdPyxjcRZjKcwZ7GckdR-APubTVU4WvRAjjBTStSqx_URnA@mail.gmail.com>
To: "Dongjie (Jimmy)" <jie.dong=40huawei.com@dmarc.ietf.org>
Cc: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, "adrian@olddog.co.uk" <adrian@olddog.co.uk>, 6man <ipv6@ietf.org>, "draft-ietf-6man-enhanced-vpn-vtn-id@ietf.org" <draft-ietf-6man-enhanced-vpn-vtn-id@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000000d1bd060ccb700f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/MH8-KfQbBmdB0ld5bTD-u_mPMgA>
Subject: Re: [IPv6] Progress of comments resolution on draft-ietf-6man-enhanced-vpn-vtn-id
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Dec 2023 16:42:44 -0000

Hi Jie,

I concur with Med on this one and don't see the need for the S-flag. We've
had TOS/DSCP/EXP for QoS where exactly the same scenario exists and we've
never had the need for such a flag/indication on the packet.

This looks something like a local configuration/policy on the router to me
- drop or fallback.

We have very limited (8) flags on the SRH and there should be really strong
and compelling reasons for allocating one. This one doesn't look like such.

Thanks,
Ketan


On Mon, Dec 18, 2023 at 9:17 PM Dongjie (Jimmy) <jie.dong=
40huawei.com@dmarc.ietf.org> wrote:

> Hi Med and Adrian,
>
> Thanks for the discussion. Here I'd like to give some further explanation
> about the usage of the S bit and why it is considered useful.
>
> In normal IPv6 packet forwarding, the next-hop and outgoing interface are
> determined based on longest matching of the destination IPv6 address.
> Packets with unmatched destination address are always dropped.
>
> After the introduction of the VTN (or NRP, will use VTN just in this mail)
> option, the next-hop and outgoing interface are still determined based on
> the destination address, this is unchanged.
>
> Then for packets whose next-hop and outgoing interface are determined, the
> VTN ID in the packet is used to match with the sets of local resources
> allocated to VTNs on the outgoing interface. There are two possible results:
>
>   1) The VTN ID in the packet matches with the same VTN ID which is
> configured on the outgoing interface with a set of network resources, then
> the packet is forwarded using that set of resources.
>
>   2) The VTN ID in the packet does not match with any VTN ID configured on
> the outgoing interface. How should the node behave in this case? There are
> two options: 1) forward the packet with best effort. 2) discard the packet.
>
> The S flag is used to tell the node how to forward the packet when the
> VTN-ID is not configured on the outgoing interface.
>
> With the above, I hope the functionality of the S flag is clear.
>
> Then the possible question is can this be achieved by configuration?
>
> The answer is it can, but possibly with a relatively higher cost. Note
> this is to control the behavior for NRPs which are not provisioned on the
> node's outgoing interface. Usually devices do not provide control
> configuration for elements which are not enabled. Even if such
> configuration is supported, as the behavior can be different per NRP, this
> requires lots of configuration for NRPs which are not enabled. Then we also
> need to consider the case where the behavior may be different for different
> flows under the same NRP...
>
> One analogy (not quite the same) to the S flag is the bits in IPv6
> extension header options which are used to control the forwarding behavior
> when the option cannot be parsed by some node. That may also be achieved
> via configuration on the nodes, while it turns out a better choice is to
> use flags to indicate the behavior for unrecognized entities.
>
> With the above analysis, hope you also agree that the S flag is a more
> efficient approach for the required functionality.
>
> Best regards,
> Jie
>
> > -----Original Message-----
> > From: mohamed.boucadair@orange.com <mohamed.boucadair@orange.com>
> > Sent: Thursday, December 14, 2023 8:23 PM
> > To: adrian@olddog.co.uk; Dongjie (Jimmy) <jie.dong@huawei.com>
> > Cc: '6man' <ipv6@ietf.org>; draft-ietf-6man-enhanced-vpn-vtn-id@ietf.org
> > Subject: RE: [IPv6] Progress of comments resolution on
> > draft-ietf-6man-enhanced-vpn-vtn-id
> >
> > Hi Adrian,
> >
> > > If the reason for splitting was technical or made for a radical
> > > improvement in readability, I might buy it. But I think it is purely a
> > > documentation issue.
> >
> > It isn't.
> >
> > The issue is that the use of the S bit is not justified, including with
> the case you
> > mentioned below. This scan be handled by a local config parameter. I
> fail to see
> > valid arguments so far why a per-NRP per-packet behavior will needed to
> > process a packet.
> >
> > Cheers,
> > Med
> >
> > > -----Message d'origine-----
> > > De : ipv6 <ipv6-bounces@ietf.org> De la part de Adrian Farrel Envoyé :
> > > mardi 12 décembre 2023 18:04 À : 'Dongjie (Jimmy)'
> > > <jie.dong@huawei.com> Cc : '6man' <ipv6@ietf.org>;
> > > draft-ietf-6man-enhanced-vpn-vtn- id@ietf.org Objet : Re: [IPv6]
> > > Progress of comments resolution on draft-ietf-
> > > 6man-enhanced-vpn-vtn-id
> > >
> > > Hi Jie,
> > >
> > > I rather expected some more comments on this, and I sat back to watch
> > > them, but then it went quiet and I forgot.
> > >
> > > So, "better late than never".
> > >
> > > As an aside, I wonder whether you should follow the advice given by
> > > TEAS in its work on draft-ietf-teas-enhanced-vpn, and feeding into IDR
> > > on draft-dong-idr-sr-policy-nrp. That is, generalise the VTN use case
> > > to NRP. I don't think this makes any technical change to the document,
> > > but makes the applicability wider (more
> > > generic) in step with what TEAS is doing. This seems to in keeping
> > > with the suggestions in your Section 5. But it would require some
> > > editorial work.
> > >
> > > I am not enthusiastic about splitting out multiple documents. It just
> > > makes more work.
> > >
> > > While I understand that the authors and Med thought this might be a
> > > compromise, I doubt that the authors really want to do this (that is,
> > > make more work for themselves) and since no one spoke up on the list,
> > > I wonder whether it the (perfectly valid) preference of only one
> > > person.
> > >
> > > If the reason for splitting was technical or made for a radical
> > > improvement in readability, I might buy it. But I think it is purely a
> > > documentation issue.
> > >
> > > It is worth noting that if the document was split then, without the S
> > > flag, the whole flags field would be unused in the remaining document.
> > > It is "unusual" for a spec to define a field that has no documented
> > > use. I'd be uncomfortable with that.
> > > Conversely, I think this drat should introduce a new registry to track
> > > the flags field
> > >
> > > Personally, I see some value in the S bit as defined. At least, I do
> > > in the context of the network slicing use of the NRP. Consider a
> > > network where some resources are strictly partitioned
> > > (reserved) at some transit nodes, but at other nodes (perhaps ones
> > > that are known to have plenty of capacity) no partitioning has been
> > > performed. In this case, you would want the nodes that have not done
> > > any partitioning to not be bothered by the VTN/NRP ID carried in the
> > > packet. But consider, instead, a network that is resource constrained
> > > where partitioning has been carefully performed on all nodes. In this
> > > case you would want to observe that the packet cannot be assigned to
> > > any partition and so should not use the resources of any other
> > > partition.
> > >
> > > Well, I think this might be softened for two reasons:
> > > 1. If a node does not understand the HBH option, it will skip over it
> > > (you have specified the highest-order 2 bits are set to 00), so the
> > > default behaviour is to try to forward the packet.
> > > 2. Assigning best-effort forwarding to packets seems like a reasonable
> > > default.
> > >
> > > So, I would keep the S bit in this, but I would change "drop" to
> > > "perform best effort forwarding". (Noting, of course, that the best
> > > you can do might still be to drop the packet.)
> > >
> > > Cheers,
> > > Adrian
> > >
> > > > From: ipv6 [mailto:ipv6-bounces@ietf.org] On Behalf Of Dongjie
> > > (Jimmy)
> > > > Sent: Wednesday, November 8, 2023 12:59 AM
> > > > To: 6man <mailto:ipv6@ietf.org>
> > > > Cc: draft-ietf-6man-enhanced-vpn-vtn-id@ietf.org
> > > > Subject: [IPv6] Progress of comments resolution on
> > > draft-ietf-6man-enhanced-vpn-vtn-id
> > > >
> > > > Hi WG,
> > > >
> > > > Regarding Med's review comments on
> > > > draft-ietf-6man-enhanced-vpn-vtn-id,
> > > the authors
> > > > and Med met in Prague and reach some agreement about the
> > > possible
> > > resolution of his
> > > > comments.
> > > >
> > > > The proposed approach is to split the definition of the S flag
> > > out
> > > > from
> > > this document, so
> > > > that this document will focus on the specification of the VTN
> > > option
> > > > with
> > > all the flags as
> > > > reserved, and the S Flag could be defined as an extension to
> > > the VTN
> > > option in a separate
> > > > document.
> > > >
> > > > Before updating this WG draft, we would like to know the WG's
> > > opinion
> > > > on
> > > this approach
> > > > to move forward. Any feedback is welcome.
> > >
> > > -----------------------------------------------------------------
> > > ---
> > > IETF IPv6 working group mailing list
> > > ipv6@ietf.org
> > > Administrative Requests:
> > > https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2
> > >
> > Fwww.ietf.org%2Fmailman%2Flistinfo%2Fipv6&data=05%7C01%7Cmohamed.
> > >
> > boucadair%40orange.com%7Cc7b66a0799ca41a4b00e08dbfb346dd5%7C90c
> > 7a
> > >
> > 20af34b40bfbc48b9253b6f5d20%7C0%7C0%7C638379974860934578%7CUn
> > know
> > > n%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1ha
> > >
> > WwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9bNvzWEsR9J86r5zy3V%
> > 2BD6Y
> > > Iv9ZsyazWDcIjP6aUlNA%3D&reserved=0
> > > -----------------------------------------------------------------
> > > ---
> > ___________________________________________________________________
> > _________________________________________
> > Ce message et ses pieces jointes peuvent contenir des informations
> > confidentielles ou privilegiees et ne doivent donc pas etre diffuses,
> exploites ou
> > copies sans autorisation. Si vous avez recu ce message par erreur,
> veuillez le
> > signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les
> messages
> > electroniques etant susceptibles d'alteration, Orange decline toute
> > responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
> >
> > This message and its attachments may contain confidential or privileged
> > information that may be protected by law; they should not be distributed,
> > used or copied without authorisation.
> > If you have received this email in error, please notify the sender and
> delete this
> > message and its attachments.
> > As emails may be altered, Orange is not liable for messages that have
> been
> > modified, changed or falsified.
> > Thank you.
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email