IETF Logo Mail Archive

Re: Per segment service instructions

Robert Raszuk <rraszuk@gmail.com> Fri, 13 September 2019 19:32 UTC

Return-Path: <rraszuk@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9911B120111; Fri, 13 Sep 2019 12:32:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mpc687eTpZBT; Fri, 13 Sep 2019 12:32:21 -0700 (PDT)
Received: from mail-pf1-x435.google.com (mail-pf1-x435.google.com [IPv6:2607:f8b0:4864:20::435]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A40791200FA; Fri, 13 Sep 2019 12:32:21 -0700 (PDT)
Received: by mail-pf1-x435.google.com with SMTP id x127so18681523pfb.7; Fri, 13 Sep 2019 12:32:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jxSvMNGCUBbkAD3vwlWYW4VE8U12l79zd2EnUCLkQBI=; b=ZRj+4n2dhrIjUBj3DdLQCwbuRjmFPSvHbceimEWtzx8Ew75iLhq1dyT30KtT+3eqgj XhjMS87h/2jehBvU7LyC6uXjSOf+xNYCzKfT8JC/pR/V32gFDv0gkObUrzhaqfrHHbSS KUWmrqvEJuTdMrJqU1OxcOxA2psXI/xjw1zjCQ2QB7sf2U97NBYB2Cf2FrIz7FguK5fl Owenm4MaDOE8h0TD5WA1ymxRFotPQui1Woin2KBWOSOfO7Lj+U8vYULYYSWObdp1SpqR R/YzF/3dNftBAdaTFp1raXfEYURKGFTgNQN6XKwV+ryYPHX39BE1tv1lLQC4VhXeNwoA yFvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jxSvMNGCUBbkAD3vwlWYW4VE8U12l79zd2EnUCLkQBI=; b=dayu6H73MyJhukGbQs9ii6JMJ0gQp9++agtNpI8VY8092S+f0Bd1kY5gJ9SN23jyTL lTftigihF+7v+8loEXvXhHkrQAUwU+U+yLqMFYpueMKyRg0uaAeCyLZHcactZiAX5+Cc iPRvDqlfRDM6E31J7jBASkfB1nLCMfVCLCNVfD6PfPlEsgDYF3SuVMIm6I27G0MX9JT5 vI4EW4SOeWt/OjGzNUB6z8Ir48vKV3qebQyra+h9idyaQohBmjzF4pTb8HFjIHF4o4CH /oQyZ2okv2HfXP4ZgO/K8AzuJNvsIavc+7kB9kX9xhTGCZi8DU7i7kVF4KbL1Bj1kvrA s4ng==
X-Gm-Message-State: APjAAAWQy19SZ/KlXxpJtm2w/ERiL1r5GumodZjzrIT9Q6JfCgzXBGwu vdtRQKNIfknEBe0AOXC0SIFqVLsx8pYStldVIM3w33/sPI0=
X-Google-Smtp-Source: APXvYqyS9nVKdTnC60GMtRhletLLFdNwE5Rb6kxPaUisd7LzueywN+ommgwbFq4WUoBnAlyA2JCRgr+RppkokYpMMpo=
X-Received: by 2002:aa7:9386:: with SMTP id t6mr59268441pfe.214.1568403140577; Fri, 13 Sep 2019 12:32:20 -0700 (PDT)
MIME-Version: 1.0
References: <CAOj+MMG7ZavvdDN3meoxe3TbJa2BoRnQknmfoYH=416KsT-3WA@mail.gmail.com> <BYAPR05MB5463FF952118009D5A996997AEB30@BYAPR05MB5463.namprd05.prod.outlook.com>
In-Reply-To: <BYAPR05MB5463FF952118009D5A996997AEB30@BYAPR05MB5463.namprd05.prod.outlook.com>
From: Robert Raszuk <rraszuk@gmail.com>
Date: Fri, 13 Sep 2019 21:32:11 +0200
Message-ID: <CA+b+ERmwpWEQi-WU7i5=9N8i=bdVDAD9ehuNAj6T7CSue86nTg@mail.gmail.com>
Subject: Re: Per segment service instructions
To: Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org>
Cc: SPRING WG <spring@ietf.org>, 6man <6man@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000f114705927450ef"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/tjfWR3hHQkIwAM7UHW4eQACiuAM>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Sep 2019 19:32:25 -0000

Dear Ron,

My note and choice of function descriptions was absolutely not binding. I
used it to simply illustrate my understanding how your SRv6+ architecture
works in regards to Segment End execution not to seek another replacement
solution for this specific set of requirements.

Sure you could perhaps invent Adj SID mapping grouping all links over 10G.
Inventing SID to indicate dynamic variable like hop count which changes in
time scale towards next destination is more involved if you want to push it
into CRH.

But bottom line is to highlight that DOH's PSSI containing segment end
functions in SRv6+ architecture are:

a) executed at each segment end regardless if function even applies or
makes sense on such segment end

b) are of domian-wide significance with all of the consequences of such
design choice

Many thx,
Robert.


On Fri, Sep 13, 2019 at 8:10 PM Ron Bonica <rbonica=
40juniper.net@dmarc.ietf.org> wrote:

> Robert,
>
>
>
> In your email, you ask how I would solve a TE problem with a Per Segment
> Service Instruction (PSSI). In SRv6+:
>
>
>
>    - The CRH and the SIDs that it contains are used to solve TE problems
>    - The PSSI is used too provide non-routing services (e.g.,
>    firewalling, sampling, DPI)
>
>
>
> This leaves the following questions to be answered:
>
>
>
>    - How would I solve the TE problem that you describe in your email?
>    - Given another example, explain how PSSI works?
>
>
>
> Which question would you like me to tackle first?
>
>
>
>                                                                     Ron
>
>
>
>
>
> *From:* Robert Raszuk <robert@raszuk.net>
> *Sent:* Friday, September 13, 2019 8:45 AM
> *To:* Ron Bonica <rbonica@juniper.net>
> *Cc:* SPRING WG <spring@ietf.org>; 6man <6man@ietf.org>
> *Subject:* Per segment service instructions
>
>
>
> Dear Ron,
>
>
>
> I have read yet one more draft from the SRv6+ package defining another
> Destination Option type - this time Per Segment Service Instruction(s)
> described in draft-bonica-6man-seg-end-opt
>
>
>
> I have one technical question regarding it.
>
>
>
> Imagine I have following topology - drawing only what is relevant to the
> question:
>
>
>
> PE1 - - P1 - - SE1 - - P2 - -  SE2 - - P3 - - PE2
>
>
>
> When packet enters the network PE1 is instructed to program my flow A to
> execute following following functions on Segment End 1 (SE1) and Segment
> End 2 (SE2):
>
>
>
> SE1 - When packet is routed out of SE1 consider only interfaces of bw 10G
> and up
>
>
>
> SE2 - When packet is routed out of SE2 make sure that path to segment end
> node is no more then 2 hops away.
>
>
>
> From reading the draft I think the answer is that you mandated the segment
> end functions in SRv6+ to have domain-wide significance such that the
> function itself contains not only the instruction but also as it is of
> domain-wide significance the location of the instruction to execute it on.
>
>
>
> So far so good ... Flow-A get's CRH and PSSI encoding the above
> requirement.
>
>
>
> When packet enters SE1 Destination Options preceding RH is read and PSSIs
> are attempted to get executed ! Both instructions are tried but only one is
> known so only one get's executed on SE1. Same story on SE2.
>
>
>
> Not sure if eveyone would be ok with such model to read and attempt to
> execute instructions which are not for a given end segment but let's assume
> some may accept it.
>
>
>
> But now how unfortunate it may sound PE1 is receving the flow-B and for
> flow B the requirements are opposite:
>
>
>
> SE1 - When packet is routed out of SE1 make sure that path to segment end
> node is no more then 2 hops away.
>
>
>
> SE2 - When packet is routed out of SE2 consider only interfaces of bw 10G
> and up.
>
>
>
> Well what do you - simple - you allocate another two domain wide functions
> and encode it in the packet at PSSI DOH on PE1.
>
>
>
> But if my description matches the plan you now end up with per flow !!!
> state in the network which is the price to pay for splitting SIDs with its
> functions into completely different headers.
>
>
>
> I don't know about others but I think we went in the past via multiple
> attempts to put any per flow state into the large network and it all failed
> when faced scale.
>
>
>
> Also SR specifically in its architecture RFC8402 says that segment routing
> is "maintaining per-flow state only at the ingress node(s) to the SR
> domain."
>
>
>
> Kind regards,
>
> Robert.
>
>
>
>
>
> Juniper Business Use Only
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email