IETF Logo Mail Archive

Re: Lars Eggert's Discuss on draft-ietf-6man-ipv6-alt-mark-08: (with DISCUSS and COMMENT)

Lars Eggert <lars@eggert.org> Fri, 22 October 2021 07:27 UTC

Return-Path: <lars@eggert.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98B313A0835; Fri, 22 Oct 2021 00:27:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=eggert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YZETVs-lYl_o; Fri, 22 Oct 2021 00:26:57 -0700 (PDT)
Received: from mail.eggert.org (mail.eggert.org [91.190.195.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F0ED3A083F; Fri, 22 Oct 2021 00:26:57 -0700 (PDT)
Received: from smtpclient.apple (unknown [IPv6:2a00:ac00:4000:400:7957:ec0b:816c:4ae3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.eggert.org (Postfix) with ESMTPSA id CB881600CE8; Fri, 22 Oct 2021 10:26:05 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=eggert.org; s=dkim; t=1634887566; bh=NuMmh16zS1nx/Z50xBTH6u/er7DQWBZTBkBxE6qeGh8=; h=From:Subject:Date:In-Reply-To:Cc:To:References; b=A+YJfzHQg5scMtE1M228yYvMyPQTGXsk44MASPZmjMYLC7pA+5ZQRobIVTyPQFbRN Iyndk9AazyvalAUhfHJ0nCVLCnksXSIBR8QxTlzFJg+cD3DlhZsBE+hjG9eZDlAwCG xt6CG5GD/yZA9dlj8HbckhDutiLbu8QKDv3SySYQ=
From: Lars Eggert <lars@eggert.org>
Message-Id: <7015F886-4ED0-4F97-8473-AE9405A7157A@eggert.org>
Content-Type: multipart/signed; boundary="Apple-Mail=_9A0B1942-E6DD-42FF-AC1A-24BCC9B7F5D4"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
Subject: Re: Lars Eggert's Discuss on draft-ietf-6man-ipv6-alt-mark-08: (with DISCUSS and COMMENT)
Date: Fri, 22 Oct 2021 10:26:04 +0300
In-Reply-To: <c4c389d3716f4caeb990fde406364f62@huawei.com>
Cc: Bob Hinden <bob.hinden@gmail.com>, "draft-ietf-6man-ipv6-alt-mark@ietf.org" <draft-ietf-6man-ipv6-alt-mark@ietf.org>, "ipv6@ietf.org" <ipv6@ietf.org>, The IESG <iesg@ietf.org>, "6man-chairs@ietf.org" <6man-chairs@ietf.org>
To: Giuseppe Fioccola <giuseppe.fioccola@huawei.com>
References: <162824256748.9012.15703111505505730185@ietfa.amsl.com> <5A3DB972-AC12-40A2-970D-1846F916AD6E@eggert.org> <c8e1f6518f344594ab962947edda7948@huawei.com> <3402ee98-b072-b862-a55a-44ff9bfa9992@gmail.com> <dedd91aef6cc41ecb61b6a0bd835eb53@huawei.com> <FA0D9A71-49F8-4D48-B82D-C1B3375376F1@eggert.org> <884c9d3f52b7472ca123e056a9030290@huawei.com> <c4c389d3716f4caeb990fde406364f62@huawei.com>
X-MailScanner-ID: CB881600CE8.A6707
X-MailScanner: Found to be clean
X-MailScanner-From: lars@eggert.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/kOBE0Tej7Aoy7eFnWTEqn6XQF-c>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Oct 2021 07:27:03 -0000

Hi,

On 2021-10-21, at 16:49, Giuseppe Fioccola <giuseppe.fioccola@huawei.com> wrote:
> Please note that we just published a new revision of the draft. In section 5.3 we have clarified the recommended deployment mode based on matching FlowMonID with source and destination addresses.

I'm looking at the diff at https://www.ietf.org/rfcdiff?url2=draft-ietf-6man-ipv6-alt-mark-11.

There is now this paragraph in Section 5.3:

>    The value of 20 bits has been selected for the FlowMonID since it is
>    a good compromise and implies a low rate of ambiguous FlowMonIDs that
>    can be considered acceptable in most of the applications.  Indeed,
>    with 20 bits the number of combinations is 1048576.

You only get ~1M concurrent flows with centralized assignment of the FLowMonIDs. With uncoordinated local randomized assignment, you'll get much less, esp. since you'll want to require very low collision probabilities (do the math). The tradeoffs here are important to explain in detail, so that deployers realize they need to either look into using a controller and/or combining the FlowMonID with additional header fields.

>    The requirement
>    of the controlled domain also reduces the probability of FlowMonID
>    collisions, since the AltMark Option is not spread over the internet.


I don't understand how this is true. The collision probability only depends on flow creation rates?

>    A consistent approach MUST be used in the implementation to avoid the
>    mixture of different ways of identifying.

I think you mean "A consistent approach MUST be used ***in deployment***"?

>    By considering source and destination
>    addresses together with the the FlowMonID it can be possible to
>    monitor 1048576 concurrent flows per host pairs.  This allows finer
>    granularity and therefore adds even more flexibility to the flow
>    identification.

Again, this ~1M concurrent flows per host pair only holds for centralized assignment via a controller, not for randomized assignment.

Thanks,
Lars

v2.23.0 | Report a Bug | By Email