RE: [Apn] Questions about draft-li-6man-app-aware-ipv6-network-02
Lizhong Jin <lizho.jin@gmail.com> Tue, 13 October 2020 10:43 UTC
Return-Path: <lizho.jin@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 354503A0F26; Tue, 13 Oct 2020 03:43:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ilZOnvsLTpyc; Tue, 13 Oct 2020 03:43:01 -0700 (PDT)
Received: from mail-oo1-xc30.google.com (mail-oo1-xc30.google.com [IPv6:2607:f8b0:4864:20::c30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4ACD73A0F1E; Tue, 13 Oct 2020 03:43:01 -0700 (PDT)
Received: by mail-oo1-xc30.google.com with SMTP id z1so4772775ooj.3; Tue, 13 Oct 2020 03:43:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=qNkMoZmyh2yCWdqU4vPZ+HZ8wLSXy/HyabaVdP43ggg=; b=XqhkC9/WcjQHz7xJoIxfFMa4d4v/eVTh6I3ikZfJTwkJKX0K5W118WZXXriB7kEMLR LcmqPdnfn7Bs3bth+Sv9ZkcLZl3UISjVn+kXmv/UccMKNqyR7ixBx91fJ2niPZKpg0Vd TgDZ4FSTq/sC+5KYkDjgKX9btTb/0sqX4Brix0Q8qgDs4lWwaacw1pzOIZnAjKLbY/p4 2HOphrOBth+0nWLsARdVxPRTlbKS8kKLb68krOegi9b5X/1GnhV7yN538gCUOklbNHxm qTwEGh+Y9SBv7P+8s0qDBNHcGjvN1PGFZPqSkF6gYs5Grw4+vrDtsjNeK187Bak4ZvN9 bacQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=qNkMoZmyh2yCWdqU4vPZ+HZ8wLSXy/HyabaVdP43ggg=; b=Gp8RuD0TT6aaW4BSUOgT0nu64t/fMSPxoDl0fRe9K4LBPcnMkj8RGa/y/8PvwBNQYf F3pNpVbbiVKzaPLu4ODIWtcq7bigQBUpESSPyGuO52L31G8S1nsj0IHhNg3wOMWouclE JqJ4aMgrtqt+BOrxi7/26pmupLOs5o7cmKhFSo1DlZLE+hCuSRmQPR+LkIypWpwzUWea 8wDEzqErujjUAnTHmIJAoyIEo+lDMzoWfQShjtPmlymAeFVR8J3FUrqCOlJ5AMiRz0Vv t8HjSDt2y78bKEONfKOwr01Esli5bVvyizemQbo3MB0AB24YZxpxCUWXwS5E3q8GyNwm ux6Q==
X-Gm-Message-State: AOAM530pwe2Dvf+PY8Z7bDV3LQAhzFbxcQAAFtk8f7It8JxH26n839NK fTTqyaftP/ySDVSUvyaeojDF36PRfOXLmG1+PcQ=
X-Google-Smtp-Source: ABdhPJzVSYMIzK0+SGf9qX6LoimRimE1DIOvLU81DwjfPIqJEWpWFMkWg4p8bH0gNmj+5j9xGjcg8FuCo1nO4hFL7Ws=
X-Received: by 2002:a4a:5258:: with SMTP id d85mr21634231oob.13.1602585780376; Tue, 13 Oct 2020 03:43:00 -0700 (PDT)
MIME-Version: 1.0
From: Lizhong Jin <lizho.jin@gmail.com>
Date: Tue, 13 Oct 2020 03:42:48 -0700
Message-ID: <CAH==cJz9S8ojWR5h8+yHWAFvJ9CTGYmM6ov5PeECfngbjUgcbA@mail.gmail.com>
Subject: RE: [Apn] Questions about draft-li-6man-app-aware-ipv6-network-02
To: Lizhenbin <lizhenbin@huawei.com>, "Eric Vyncke (evyncke)" <evyncke=40cisco.com@dmarc.ietf.org>, Linda Dunbar <linda.dunbar@futurewei.com>, IPv6 List <ipv6@ietf.org>, draft-li-6man-app-aware-ipv6-network@ietf.org
Cc: apn@ietf.org
Content-Type: multipart/alternative; boundary="00000000000029572d05b18b1408"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/duzUraX-L5ScSLR7B3On5CdQUFg>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Oct 2020 10:43:04 -0000
Hi Robin, One more question as below. Thanks. ==================snipped============= 1. How can residential/enterprise intranet VLAN information traverse the CE device? Or should the CE device use the ‘internal/private network’ VLAN tag to mark the traffic ? [Robin] I propose the following example for your reference: Host/App ------- residential gateway ------------------ DSLAM ------------------Metro PE -------- P ---------- Metro PE -------------- BRAS Packet S-VLAN + Packet C-VLAN + S-VLAN + Packet L2VPN/MPLS L2VPN/MPLS C-VLAN + S-VLAN + Packet >From the above topology, DSLAM can be seen as the CE which adds the C-VLAN and access the PE of the metro network. [Lizhong] If DSLAM is as CE in APN, how does DSLAM identify every application traffic? That will conflict the promise stated in [draft-li-apn-problem-statement-usecases-01]. One of the key objectives of APN is for network operators to provide fine-granularity SLA guarantees instead of coarse-grain traffic operations. Regards Lizhong *From:* Lizhenbin <lizhenbin@huawei.com> *Sent:* Thursday, October 8, 2020 23:15 *To:* Eric Vyncke (evyncke) <evyncke=40cisco.com@dmarc.ietf.org>; Linda Dunbar <linda.dunbar@futurewei.com>; IPv6 List <ipv6@ietf.org>; draft-li-6man-app-aware-ipv6-network@ietf.org *Cc:* apn@ietf.org *Subject:* Re: [Apn] Questions about draft-li-6man-app-aware-ipv6-network-02 Hi Eric, Thanks for your greetings. Please refer to my reply inline. Best Regards, Robin *From:* Apn [mailto:apn-bounces@ietf.org] *On Behalf Of *Eric Vyncke (evyncke) *Sent:* Thursday, October 8, 2020 7:52 PM *To:* Lizhenbin <lizhenbin@huawei.com>; Linda Dunbar < linda.dunbar@futurewei.com>; IPv6 List <ipv6@ietf.org>; draft-li-6man-app-aware-ipv6-network@ietf.org *Cc:* apn@ietf.org *Subject:* Re: [Apn] Questions about draft-li-6man-app-aware-ipv6-network-02 Hello Robin, I hope that you and your family were able to enjoy a nice family time ! About the VLAN, if you consider that the APN6 ‘tag’ is originated by the CE device, then indeed it will stay intact accross the SP access network and could be propagated across L2VPN/EVPN but then: 1. It really requires deep packet inspection to get access to the .1Q tag in the SP network in case of L2VPN/EVPN [Robin] This is related with the possible new work items for APN to encapsulate the user information with MPLS/SRv6. That is, if the VLAN tagging information is acquired in the PE, when encapsulate the VLAN tagged packet with the outer MPLS/SRv6, the user information from the VLAN tagging will be mapped to the user information encapsulated with MPLS/SRv6. So the user information can be acquired from the outer encapsulation instead of deep packet inspection. 2. How can residential/enterprise intranet VLAN information traverse the CE device? Or should the CE device use the ‘internal/private network’ VLAN tag to mark the traffic ? [Robin] I propose the following example for your reference: Host/App ------- residential gateway ------------------ DSLAM ------------------Metro PE -------- P ---------- Metro PE -------------- BRAS Packet S-VLAN + Packet C-VLAN + S-VLAN + Packet L2VPN/MPLS L2VPN/MPLS C-VLAN + S-VLAN + Packet >From the above topology, DSLAM can be seen as the CE which adds the C-VLAN and access the PE of the metro network. I will need to think more about the ‘user’ information but it appears to me that is rather ‘SP subscriber’ and not "individual user" (such as a student in a University). Did I get the high-level view right? [Robin] I like the name of ‘SP subscriber‘. The ‘user’ information of the ‘SP subscriber‘ can be used in the SP network without propagating to the open internet. This is one of the right cases for APN. I wonder if there is pure ‘individual user’ which can directly access the open Internet since these users may have to pass through some of the AAA (Authentication, Authorization and Accounting) in a limited domain before their packets can access the open Internet. These users needs to provide the necessary user information in the limited domain though these information may be not the direct user information in the packet. e Regards -éric *From: *Lizhenbin <lizhenbin@huawei.com> *Date: *Thursday, 8 October 2020 at 10:28 *To: *Eric Vyncke <evyncke@cisco.com>, Linda Dunbar < linda.dunbar@futurewei.com>, IPv6 List <ipv6@ietf.org>, " draft-li-6man-app-aware-ipv6-network@ietf.org" < draft-li-6man-app-aware-ipv6-network@ietf.org> *Cc: *"apn@ietf.org" <apn@ietf.org> *Subject: *RE: Questions about draft-li-6man-app-aware-ipv6-network-02 Hi Eric, Sorry for the delayed reply because we are having an 8-day holiday. Please refer to my reply inline. Best Regards, Robin *From:* Eric Vyncke (evyncke) [mailto:evyncke@cisco.com] *Sent:* Tuesday, September 29, 2020 4:07 PM *To:* Lizhenbin <lizhenbin@huawei.com>; Linda Dunbar < linda.dunbar@futurewei.com>; IPv6 List <ipv6@ietf.org>; draft-li-6man-app-aware-ipv6-network@ietf.org *Cc:* apn@ietf.org *Subject:* Re: Questions about draft-li-6man-app-aware-ipv6-network-02 Robin, About Linda’s interesting questions about APN, I also wonder why using VLAN tagging as this tag will be lost quickly after a couple of hops while the IPv6 prefix will be kept (this is what DT Terastream did if not mistaken). [Robin] The VLAN tagging will truly be lost after a couple of hops. This is why we call it is used in the limited domains. In fact the VLAN tagged packet may traverse the metro network where L2VPN/EVPN + MPLS/SR are used before it arrives at the BRAS device. After the VLAN tagged packet are used for accounting at the BRAS, the packet whose VLAN tagging is removed maybe enter the IP core network where L3VPN + MPLS/SR are used for the transport. In the process, the packet will traverse a trusted domain under the control of one carrier. And it is possible that the user and service identification information represented by the VLAN tagging can be mapped to the possible MPLS encapsulated information or IPv6 encapsulated information if SRv6 is used as the transport tunnel for the purpose of fine-granularity services. This is an example that the user/service information can be acquired at the edge of network without interfering the original user packet though the information is not as accurate as that could be carried by the original packet. Else, I agree with you that Flow-Id should not be used as it is assumed to be opaque. Still puzzled though about the ‘user’ information as if the traffic is encrypted it is also often to hide the user identity. [Robin] The above example show how to get the ‘user’ information (VLAN tagging) and how to use the ‘user’ information (in the limited domains). The information will be lost after traversing the limited domains. If still hope to use the user information, the only possibility is the possible user information encrypted. It is another problem beyond the scope of APN and face much challenges of security, privacy, etc. In order to explain the issue clearly, I will try use another method. In fact the packet traverse the network can adopt the form of ‘X in Y’ where Y is the original packet and X is the outer encapsulation. You mentioned the user information in X. In fact, the outer encapsulation Y (here VLAN tagging is the example of Y) can also provide some user information besides the original user information in X. In the limited domains, the ‘X in Y’ can be changed to ‘X in Y in Z’ (IP in VLAN in MPLS/SRv6) or ‘X in Z’ (IP in MPLS/SRv6) where Y (VLAN tagging) is mapped to Z (MPLS/SRv6). APN work focuses on the user information in the ‘X in Y’, ‘X in Y in Z’ and ‘X in Z’. There is other work, especially in the APP/TSV area, which focuses directly on the user information in X. They seems similar, but are different in essence. Regards -éric *From: *ipv6 <ipv6-bounces@ietf.org> on behalf of Lizhenbin < lizhenbin@huawei.com> *Date: *Monday, 28 September 2020 at 19:33 *To: *Linda Dunbar <linda.dunbar@futurewei.com>, IPv6 List <ipv6@ietf.org>, "draft-li-6man-app-aware-ipv6-network@ietf.org" < draft-li-6man-app-aware-ipv6-network@ietf.org> *Cc: *"apn@ietf.org" <apn@ietf.org> *Subject: *RE: Questions about draft-li-6man-app-aware-ipv6-network-02 Hi Linda, Please refer to my reply inline. APN mailing list is copied. Best Regards, Zhenbin (Robin) *From:* Linda Dunbar [mailto:linda.dunbar@futurewei.com] *Sent:* Saturday, September 26, 2020 2:23 AM *To:* IPv6 List <ipv6@ietf.org>; draft-li-6man-app-aware-ipv6-network@ietf.org *Subject:* Questions about draft-li-6man-app-aware-ipv6-network-02 Zhenbin, et al, I have some questions on the draft-li-6man-app-aware-ipv6-network-02: Page 5: App-aware Edge Device: This network device receives packets from IPv6 enabled applications and obtains the application characteristic information. I am curious how does App-aware Edge Device derives the application characteristics information ? Your draft mentioned VLAN tagging, How VLAN tagging can provide Application characteristics information? [Robin] There are different ways for VLAN tagging to provide application characteristics information. Here I propose one example: the user hosts/apps can connect to the home gateway which can add different VLANs called S-VLAN to identify the different services. For example VLAN1 is used for Internet service and VLAN2 is used for IPTV service. The home gateway will connect to the DSLAM on which the VLAN call C-VLAN will be added to identify the home user. So when the IP-based edge network device receives the packet, it can derive the user ID and service type information from the VLAN tagging. We have explained that the APN work focuses on the limited domains rather than open Internet. The VLAN tagging shows that there is similar practice in the access network. Page 6: Is the Application-aware ID another extension field? Or part of existing extension header? Like a subTLV within the Hop-by-hop options Header Type? [Robin] Application-aware ID is an option which can be used in DOH/HBH/SRH. It is part of existing extension headers. It can be seen as a type of TLV. Questions about the Application-Aware ID structure in Figure 4: Why not use IPv6 Header "Priority/Traffic class" field to represent the SLA Level? [Robin] The design is to take integrity into account. That is, all the information can be obtained from the single Application-aware ID. Traditionally we can get different parts’ information to compose some type of tuple. The process has effect on the forwarding performance and the scalability of forwarding entries. Can you use IPv6 Header’s "Flow Label" field to represent the App ID and Flow ID? [Robin] Integrity is the same reason for the problem. In addition "flow label" will be used for ECMP. Reusing it may cause the compatibility issue. How can network acquire the information about "USER" information? I would think most applications encrypt their user information. [Robin] The above example shows that C-VLAN can be used to acquire USER information. Though the application may encrypt their user information, not only APN needs the USER information, but also the carriers need to learn the USER information for accounting to get revenue. There already exists the possible way to solve the issue. What kind of functions do you envision to be listed in the Figure 6’s Function ID? [Robin] Figure 6 is to reuse the SRv6 SID. The function ID means just the functions supported by the existing SRv6. The Application-aware ID is put into the arguments of the SRv6 SID. The function ID part will not have effect on the Application-aware ID. [Robin] Thanks for your comments and questions. Now the draft is in the early phase. The usage of the Application-aware ID option can be further discussed. Thank you very much. Linda Dunbar
- Questions about draft-li-6man-app-aware-ipv6-netw… Linda Dunbar
- RE: Questions about draft-li-6man-app-aware-ipv6-… Lizhenbin
- Re: Questions about draft-li-6man-app-aware-ipv6-… Eric Vyncke (evyncke)
- RE: Questions about draft-li-6man-app-aware-ipv6-… Lizhenbin
- Re: Questions about draft-li-6man-app-aware-ipv6-… Eric Vyncke (evyncke)
- RE: Questions about draft-li-6man-app-aware-ipv6-… Lizhenbin
- RE: [Apn] Questions about draft-li-6man-app-aware… Lizhong Jin