Re: [L2tpext] Propagating IP/ECN field when L2TP sits between IP as both L2 payload and PSN

"Carlos Pignataro (cpignata)" <cpignata@cisco.com> Wed, 31 May 2017 16:44 UTC

Return-Path: <cpignata@cisco.com>
X-Original-To: l2tpext@ietfa.amsl.com
Delivered-To: l2tpext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DF1A129572 for <l2tpext@ietfa.amsl.com>; Wed, 31 May 2017 09:44:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.522
X-Spam-Level:
X-Spam-Status: No, score=-14.522 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F1uTQBdg-Wxa for <l2tpext@ietfa.amsl.com>; Wed, 31 May 2017 09:44:30 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5711F1293DB for <l2tpext@ietf.org>; Wed, 31 May 2017 09:44:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=20999; q=dns/txt; s=iport; t=1496249070; x=1497458670; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=65aU0CisLZ6wYQeOznl9WI41+i+rwpa535hO6lR3q1c=; b=FxXppwavZPx1lSzmU9yN7Qoa9BgxL/LkxqI+3vELm+rdo4iv4k8uGyCl aw6L8x3rxL+NbhJSOqPfJ2ROt6yU+QlPUTLSMVRvQeQl/15HZ3FYQclQt NhyvxoKk1dttwTNpsITd79N8meeqLmKnaulhFD/y6vUGfrfaxBANZRHsK o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DcAAAG8i5Z/4YNJK1dGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1VigQ2FeIgSkU6DCpMQgg8hAQqEHoEQSgKCZj8YAQIBAQEBAQE?= =?us-ascii?q?BayiFGQIBAwEBbAQHEAIBCA4xBycLFBECBA4FiUZkEK5Qi1EBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEdhmGBYCsLgV2BDIUhBoMDgjEFlnmHKgGHH4wIggZViFOGSYk?= =?us-ascii?q?Bi0wBHzh/C3QVRhIBhDc5HBmBSQF2iVMBAQE?=
X-IronPort-AV: E=Sophos;i="5.39,275,1493683200"; d="scan'208,217";a="431771281"
Received: from alln-core-12.cisco.com ([173.36.13.134]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 31 May 2017 16:44:29 +0000
Received: from XCH-RTP-017.cisco.com (xch-rtp-017.cisco.com [64.101.220.157]) by alln-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id v4VGiSZ7016735 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 31 May 2017 16:44:29 GMT
Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-017.cisco.com (64.101.220.157) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 31 May 2017 12:44:28 -0400
Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1210.000; Wed, 31 May 2017 12:44:28 -0400
From: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
To: Bob Briscoe <ietf@bobbriscoe.net>
CC: Ignacio Goyret <ignacio.goyret@nokia.com>, "Black, David" <david.black@emc.com>, l2tp IETF list <l2tpext@ietf.org>
Thread-Topic: [L2tpext] Propagating IP/ECN field when L2TP sits between IP as both L2 payload and PSN
Thread-Index: AQHS2ZcTIeyponFXbEO090UycmlUEaIN8MsAgAAPs4CAAKaqpw==
Date: Wed, 31 May 2017 16:44:28 +0000
Message-ID: <B00A6885-6EB1-4361-8412-C408F23DC5E0@cisco.com>
References: <149618019740.19809.6421141487388928973.idtracker@ietfa.amsl.com> <435f45b8-9659-b06f-9adc-415f355ba743@bobbriscoe.net> <e4c97c52-36c9-3091-b005-06ef82ec58e3@bobbriscoe.net> <201705310154.v4V1sYQH013223@cliff.eng.ascend.com>, <67456091-a3e0-2db1-5f8a-5210a1f870f1@bobbriscoe.net>
In-Reply-To: <67456091-a3e0-2db1-5f8a-5210a1f870f1@bobbriscoe.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: multipart/alternative; boundary="_000_B00A68856EB143618412C408F23DC5E0ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/l2tpext/HxC6uNbHgqYzXiEa-5OEE4orcZY>
Subject: Re: [L2tpext] Propagating IP/ECN field when L2TP sits between IP as both L2 payload and PSN
X-BeenThere: l2tpext@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Layer Two Tunneling Protocol Extensions <l2tpext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/l2tpext/>
List-Post: <mailto:l2tpext@ietf.org>
List-Help: <mailto:l2tpext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 May 2017 16:44:32 -0000

Hi, Bob,

Adding on a couple of bits on top of Ignacio's response.

L2TPv2, RFC 2661, transports only PPP (and multi protocols within it, including of course IP) and runs over UDP. In contrast, L2TPv3 transports directly a variety of protocols (Ethernet, HDLC, etc.) and runs directly over IP protocol 115 or over UDP. RFC 3931 is the base L2TPv3 specification but needs a protocol companion document. Some of those protocols are finished, e.g. RFC 4719 but others like PPP or "raw" IP are in Internet-Drafts.

By the way you can find example of capabilities in subsections of Section 5.1.1 of https://tools.ietf.org/html/draft-ietf-l2tpext-l2tp-ppp-08

I do not understand however why "Update", or what that implies to a compliant implementation. Many features of L2TP are specified in various WGs, not "Updating" the base specs.

Thanks,

Sent from my iPad

On May 30, 2017, at 10:48 PM, Bob Briscoe <ietf@bobbriscoe.net<mailto:ietf@bobbriscoe.net>> wrote:

Ignacio,

Thanks for your rapid response.

On 31/05/17 02:51, Ignacio Goyret wrote:
I am a little confused by the double negative in "non-optional".
Do you mean "mandatory"? If so, why not just say that?
Yes, mandatory.
That language was not in the draft; only in my email.

The lack of a capabilities AVP that you were looking for is mainly
because it hasn't been needed so far. You are welcome to submit a
draft with something like that. Generally speaking, adding a simple
binary AVP is easy and simpler to handle.
Good.

I have no problem with the new suggested AVP, but can you explain
why is it important to know if the remote supports or not this
extension? Can't a tunnel end deduce this information by observing
the IP header received?
I'm afraid not. It is critical for the ingress (in each direction) to check that the egress decap will correctly propagate the outer ECN field into the forwarded payload protocol. Otherwise explicit congestion signals added by a node within the tunnel could just get stripped at decap. With congestion feedback black-holed, the load would continue to increase until overload and tail drop.

BTW, the forwarded ECN field after decap has to be a combination of the ECN fields in the outer and inner IP headers (RFC6040 gives a 4x4 matrix of all the combinations of the two 2-bit ECN codepoints). So I am interested to know whether this might present problems for L2TP implementations (ECN propagation on decap has been implemented OK in Linux for similar structures like VXLAN).


Regarding the extension vs update question: if it is an update,
then why negotiate support? Wouldn't ECN propagation be mandated
by this update?
Unfortunately, a mandatory update still has to cope with the above incremental deployment problem.

There is no section for L2TPv2 (RFC2661) or any further suggestion
on how to handle it. I'm not saying that it is necessary, but since
it is mentioned earlier in the document, you may want to add a few
words. Note that things are a bit more complicated in v2 because
it transports PPP packets, which may include IP packets (or portions
of PPP packets if using Multilink). I have no issue punting on L2TPv2
details.
* Given you say L2TPv2 is more complicated cos it transports PPP packets, that seems to imply that L2TPv3 does not transport PPP, which doesn't sound right?

I don't fully understand the relationship between L2TPv2 & v3 (I have come across L2TP a lot in an operational context, but never really studied it as a protocol until now).

* Is there still a lot of L2TPv2 around?

* Would it be believable that a L2TPv2 implementation might be updated for ECN support but not updated to L2TPv3?

Cheers


Bob


-Ignacio


At 15:49 5/30/2017, Bob Briscoe wrote:

Hi l2tpext list,
[repeating previous post, but with self-explanatory subject line]

This is a plea for help on a short subsection of a short draft that updates L2TP (amongst other tunnel protocols).

In the Transport Area WG (tsvwg) we have been working on defining propagation of the ECN field between IP headers separated by shim header(s):
   draft-ietf-tsvwg-rfc6040update-shim

L2TP is one such protocol (when the payload of the L2 protocol is IP, and the outer PSN is IP). This is particularly relevant at the moment, because of the low latency (L4S) work based on ECN and because deployment of ECN has finally taken off {Note 1}.

I presented this tunnelling work in intarea just under a year ago. Since then tsvwg has adopted the draft and asked that we include specific update text for each affected tunnel protocol. I just posted my first attempt at L2TP update text:
   <https://tools.ietf.org/html/draft-ietf-tsvwg-rfc6040update-shim-01>draft-ietf-tsvwg-rfc6040update-shim-01

Specific questions:

Prize for the best answer to all 3 questions: you get to become a co-author (if you want :)

Q1. L2TP is meant for all sorts of outers and inners, so it is not clear where to define behaviour for the special (but very common) case of IP as the L2 payload and IP and as the PSN. That is:
    IP    :    [UDP]    :    L2TP    :    L2-specific-sublayer    :    L2    :    IP

I decided on updating <Specific%20questions:>S.4.5 of RFC3931, but suggestions for a better place are welcome.

Q2. L2TP is usually extended not updated. However, in this case, compliance with RFC6040 is non-optional, so I think update rather than extension is appropriate. Reason: Although RFC6040 is non-optional it includes a compatibility mode that defines what has to happen when a tunnel endpoint doesn't support ECN propagation.

Pls read the (short) draft and, if you disagree, suggest how an extension can be non-optional.

Q3. The tunnel initiator needs to check that the other end supports ECN propagation. I have proposed an Attribute Value Pair (AVP) for this that is effectively just a boolean choice from each end (Yes or silence). I expected to find an AVP with per-control-connection flags for tunnel endpoint capabilities that I could just extend with one more flag, but there doesn't seem to be such a thing already in L2TP. Did I miss it?


Cheers


Bob

{Note 1}: ~70% of Web servers, ~50% of Apple client devices on fixed or WiFi access, and now increasing router deployment of ECN is appearing.

--
________________________________________________________________
Bob Briscoe                               http://bobbriscoe.net/

_______________________________________________
L2tpext mailing list
L2tpext@ietf.org<mailto:L2tpext@ietf.org>
https://www.ietf.org/mailman/listinfo/l2tpext