IETF Logo Mail Archive

Re: [spring] Per segment service instructions

Tarek Saad <tsaad.net@gmail.com> Tue, 17 September 2019 16:56 UTC

Return-Path: <tsaad.net@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20441120044; Tue, 17 Sep 2019 09:56:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JbE3RCtwf4D0; Tue, 17 Sep 2019 09:56:16 -0700 (PDT)
Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com [IPv6:2607:f8b0:4864:20::d36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A57B31200EC; Tue, 17 Sep 2019 09:56:16 -0700 (PDT)
Received: by mail-io1-xd36.google.com with SMTP id k5so9313660iol.5; Tue, 17 Sep 2019 09:56:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:thread-topic:thread-index:date:message-id :references:in-reply-to:accept-language:content-language :mime-version; bh=lKTFZWHS9d4uTwcU5KrOTX5v/HE/skZKgAHOWg0mY1M=; b=p5zEgNmjtkdvKlWDZonvgTWtMejbu8QufatZYZVHhbjU+2IjXNhE/Sq5WLtUrRss4j M9mHjp0mQsVsZ1wV9gvJRBBK8PnHqT6NMM5RExgdf3eS7QlBZM2w+a6GH4Li44jAQzoW uBn2poQFck48TgZUp+YxL20xzDfj3JujehE1esvUtsyOELUvrouWlo/tueW2Hg/BB3lO 33SLBYjVivwTpuUVuhgceN/lUtVxtWy78kcswsddyFos7y642nCQNp+WeHGEHXZYRNJo RgS57HvhE7Tw7JqNAgVt2FVaREFPEUnVCMvrpqegC9HTh6zZ22OrawKNBx6ADKe6QjGp viiw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:thread-topic:thread-index :date:message-id:references:in-reply-to:accept-language :content-language:mime-version; bh=lKTFZWHS9d4uTwcU5KrOTX5v/HE/skZKgAHOWg0mY1M=; b=nJ/2hJcqtCLn3gAN/Ve1+XdI70KQAJfTf0zF1tkA/Uy3m+fV53wPcAlZn2FAnrCIx9 Uv3VJ3Mz/4/wvJHSbJB90QIvA35HzKUY1+PCp02TQqrVEnFGn2/YoQXHxfhGiwEb2yEI Ci1YdX/RbLDX9uUnFOcfE69y/leH9QnKd4E4PSugD0tZyOVgq36XGBaL+SYr78FGv4lG 8IRGNfX02fdNWi45K0T757uB7bK34veFq5mV0uXJftYhQY/nAb0wfGOzhOrIrXWz7ZRP mvRz6ZS4eISnikpjp+7vi1jvua7Zh+4nMK5tpXPOCzDw/t0OcAA6UR94qralRF52yae6 MTyQ==
X-Gm-Message-State: APjAAAXpLJRoOqpNvhlCMXr16Ke3dRQmBwwFDlFEqWGPCQIlwsWo8EI1 4BmeNWtrPjk91UZeQuoXK1M=
X-Google-Smtp-Source: APXvYqyJaszGwWvdhsLMhv6zEEjuVlvLFmg9vas354f/q7kMpUjxmQIG4mVy7EAmtxSbQ6f3hrObOQ==
X-Received: by 2002:a02:ce2b:: with SMTP id v11mr2544339jar.134.1568739375614; Tue, 17 Sep 2019 09:56:15 -0700 (PDT)
Received: from BYAPR19MB3415.namprd19.prod.outlook.com ([2603:1036:307:293b::5]) by smtp.gmail.com with ESMTPSA id v3sm2652411ioh.51.2019.09.17.09.56.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Sep 2019 09:56:15 -0700 (PDT)
From: Tarek Saad <tsaad.net@gmail.com>
To: "Bernier, Daniel" <daniel.bernier@bell.ca>, Ron Bonica <rbonica@juniper.net>, Robert Raszuk <robert@raszuk.net>
CC: SPRING WG <spring@ietf.org>, 6man <6man@ietf.org>
Subject: Re: [spring] Per segment service instructions
Thread-Topic: [spring] Per segment service instructions
Thread-Index: AUI1MTQ29al7pmY0IbR9dpqBdiofeaZwjzfj
X-MS-Exchange-MessageSentRepresentingType: 1
Date: Tue, 17 Sep 2019 16:56:13 +0000
Message-ID: <BYAPR19MB3415C64F7051394C38877E1EFC8F0@BYAPR19MB3415.namprd19.prod.outlook.com>
References: <7064CDD6-B591-446B-AB13-BD8157AD591B@bell.ca>
In-Reply-To: <7064CDD6-B591-446B-AB13-BD8157AD591B@bell.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-Exchange-Organization-SCL: -1
X-MS-TNEF-Correlator:
X-MS-Exchange-Organization-RecordReviewCfmType: 0
Content-Type: multipart/alternative; boundary="_000_BYAPR19MB3415C64F7051394C38877E1EFC8F0BYAPR19MB3415namp_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Vch5l_qI9H3zMLOyVX-YIwFOzvE>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Sep 2019 16:56:20 -0000

Dan,

Inline..

From: "Bernier, Daniel" <daniel.bernier@bell.ca>
Date: Tuesday, September 17, 2019 at 10:30 AM
To: Ron Bonica <rbonica@juniper.net>, Tarek Saad <tsaad.net@gmail.com>, Robert Raszuk <robert@raszuk.net>
Cc: SPRING WG <spring@ietf.org>, 6man <6man@ietf.org>
Subject: RE: [spring] Per segment service instructions

Tarek,

My feeling is it kind of defeats the purpose. The value prop of SRv6+ was the separation of forwarding (LOCATOR) from service (FUNCTION) in different EH. Now to avoid having domain-wide alignment of PSSI values, you would re-introduce a SID in the 32bit section of PSSI to make it unique again.
[TS]: indeed, topological and service SID separation is maintained in different EHs. The idea was to limit the scope of a PSSI to per node by optionally namespacing it (encoding a node ID).

Regards,
Tarek

Regards,
Daniel Bernier



On 2019-09-16, 12:44 PM, "Ron Bonica" <rbonica@juniper.net<mailto:rbonica@juniper.net>> wrote:


Good idea!!




Juniper Business Use Only
From: Tarek Saad <tsaad.net@gmail.com>
Sent: Monday, September 16, 2019 11:59 AM
To: EXT - daniel.bernier@bell.ca <daniel.bernier@bell.ca>; Ron Bonica <rbonica@juniper.net>; Robert Raszuk <robert@raszuk.net>
Cc: SPRING WG <spring@ietf.org>; 6man <6man@ietf.org>
Subject: Re: [spring] Per segment service instructions

Hi all,

A possible way to avoid domain wide scope of PSSI, would be to encode a per node ID within the PSSI (per node namespace of Service IDs).
This allows the node parsing the DOH to identify PSSI(s) that needs to be invoked locally and to resolve the Service ID within its node scope. The per node ID can be a SRV6+ short SID that is instantiated locally on the node.

So, a PSSI = Short-SID.SE1

DOH can contain:
Short-SID1.SE1
Short-SID2.SE2
Etc.

Regards,
Tarek



From: spring <spring-bounces@ietf.org<mailto:spring-bounces@ietf.org>> on behalf of "Bernier, Daniel" <daniel.bernier@bell.ca<mailto:daniel.bernier@bell.ca>>
Date: Saturday, September 14, 2019 at 1:03 AM
To: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org<mailto:rbonica=40juniper.net@dmarc.ietf.org>>, Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>
Cc: SPRING WG <spring@ietf.org<mailto:spring@ietf.org>>, 6man <6man@ietf.org<mailto:6man@ietf.org>>
Subject: Re: [spring] Per segment service instructions

Hi Ron,

If PSSI provide non-routing services such as SE1 from Robert’s example which offers DPI, FW and Packet Replication then, I need a domain-wide PSSI defining DPI + FW + Sampling but if somewhere else in my network I just need FW, then I need another domain-wide PSSI for only FW.
In that model, I will end up with and endless list of permutations which must be agreed upon to ensure interop (i.e. vendor A cannot use a PSSI X for FW while vendor B think’s its DPI).
Thx
Dan B



On 2019-09-13, 2:10 PM, "ipv6 on behalf of Ron Bonica" <ipv6-bounces@ietf.org<mailto:ipv6-bounces@ietf.org> on behalf of rbonica=40juniper.net@dmarc.ietf.org<mailto:rbonica=40juniper.net@dmarc.ietf.org>> wrote:

Robert,

In your email, you ask how I would solve a TE problem with a Per Segment Service Instruction (PSSI).. In SRv6+:


-          The CRH and the SIDs that it contains are used to solve TE problems

-          The PSSI is used too provide non-routing services (e.g., firewalling, sampling, DPI)

This leaves the following questions to be answered:


-          How would I solve the TE problem that you describe in your email?

-          Given another example, explain how PSSI works?

Which question would you like me to tackle first?

                                                                    Ron


From: Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>
Sent: Friday, September 13, 2019 8:45 AM
To: Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>
Cc: SPRING WG <spring@ietf.org<mailto:spring@ietf.org>>; 6man <6man@ietf.org<mailto:6man@ietf.org>>
Subject: Per segment service instructions

Dear Ron,

I have read yet one more draft from the SRv6+ package defining another Destination Option type - this time Per Segment Service Instruction(s) described in draft-bonica-6man-seg-end-opt

I have one technical question regarding it.

Imagine I have following topology - drawing only what is relevant to the question:

PE1 - - P1 - - SE1 - - P2 - -  SE2 - - P3 - - PE2

When packet enters the network PE1 is instructed to program my flow A to execute following following functions on Segment End 1 (SE1) and Segment End 2 (SE2):

SE1 - When packet is routed out of SE1 consider only interfaces of bw 10G and up

SE2 - When packet is routed out of SE2 make sure that path to segment end node is no more then 2 hops away.

>From reading the draft I think the answer is that you mandated the segment end functions in SRv6+ to have domain-wide significance such that the function itself contains not only the instruction but also as it is of domain-wide significance the location of the instruction to execute it on.

So far so good ... Flow-A get's CRH and PSSI encoding the above requirement.

When packet enters SE1 Destination Options preceding RH is read and PSSIs are attempted to get executed ! Both instructions are tried but only one is known so only one get's executed on SE1. Same story on SE2.

Not sure if eveyone would be ok with such model to read and attempt to execute instructions which are not for a given end segment but let's assume some may accept it.

But now how unfortunate it may sound PE1 is receving the flow-B and for flow B the requirements are opposite:

SE1 - When packet is routed out of SE1 make sure that path to segment end node is no more then 2 hops away.

SE2 - When packet is routed out of SE2 consider only interfaces of bw 10G and up.

Well what do you - simple - you allocate another two domain wide functions and encode it in the packet at PSSI DOH on PE1.

But if my description matches the plan you now end up with per flow !!! state in the network which is the price to pay for splitting SIDs with its functions into completely different headers.

I don't know about others but I think we went in the past via multiple attempts to put any per flow state into the large network and it all failed when faced scale.

Also SR specifically in its architecture RFC8402 says that segment routing is "maintaining per-flow state only at the ingress node(s) to the SR domain."

Kind regards,
Robert.



Juniper Business Use Only

v2.23.0 | Report a Bug | By Email