Re: [L2tpext] Propagating IP/ECN field when L2TP sits between IP as both L2 payload and PSN

Bob Briscoe <ietf@bobbriscoe.net> Fri, 02 June 2017 14:50 UTC

Return-Path: <ietf@bobbriscoe.net>
X-Original-To: l2tpext@ietfa.amsl.com
Delivered-To: l2tpext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE880129524 for <l2tpext@ietfa.amsl.com>; Fri, 2 Jun 2017 07:50:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=bobbriscoe.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yxktFdz-TVX1 for <l2tpext@ietfa.amsl.com>; Fri, 2 Jun 2017 07:50:43 -0700 (PDT)
Received: from server.dnsblock1.com (server.dnsblock1.com [85.13.236.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1DBD128D3E for <l2tpext@ietf.org>; Fri, 2 Jun 2017 07:50:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bobbriscoe.net; s=default; h=Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:References:Cc:To:Subject:Sender :Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=Z7KEyuFiZglQEl082/pTTc75LPuuNm+JGmbbhLgQ8O0=; b=ttqvLE0p7C+7ejWcrGAZL4J/RJ MnjrzzmLq2CzhCLoSUBMRO/g96ntVeFBPtpi+T3jkkn93aBXc7wQ3FnVaum+b0IVf6mH+lHAmjoNk 47oX2Ws0IAtu5XQ/vjVmJmOo4zr3ETU1PCv/n+aalrsP6S4sVldHlTSKdt/wku0Ow+ynKOd0R8H9H 73wKtBa1lDxY6ex9vmnsoNz9wDALFQLd2Q0TGqG/p245z3uV073aQfOhu+2Y2/hhkdDmbgftg+azW 0UhyDlLbHtdRIarvq7u2tF5NvSR4tTvk1yYccjsIGE95dhbQ5+csk2w9UcBvnj4ocFAeBqtHQ8QqJ 2xvxyTmg==;
Received: from 110.139.199.146.dyn.plus.net ([146.199.139.110]:34300 helo=[192.168.0.2]) by server.dnsblock1.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89) (envelope-from <ietf@bobbriscoe.net>) id 1dGnuS-0000iD-Tw; Fri, 02 Jun 2017 15:50:41 +0100
To: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
Cc: Ignacio Goyret <ignacio.goyret@nokia.com>, "Black, David" <david.black@emc.com>, l2tp IETF list <l2tpext@ietf.org>
References: <149618019740.19809.6421141487388928973.idtracker@ietfa.amsl.com> <435f45b8-9659-b06f-9adc-415f355ba743@bobbriscoe.net> <e4c97c52-36c9-3091-b005-06ef82ec58e3@bobbriscoe.net> <201705310154.v4V1sYQH013223@cliff.eng.ascend.com> <67456091-a3e0-2db1-5f8a-5210a1f870f1@bobbriscoe.net> <B00A6885-6EB1-4361-8412-C408F23DC5E0@cisco.com> <70866121-f350-d6d2-d89a-89ca1315f5ab@bobbriscoe.net> <31104AD6-BE38-45D1-A148-67DF4D73529C@cisco.com>
From: Bob Briscoe <ietf@bobbriscoe.net>
Message-ID: <fa3cb9b0-9a6b-bd94-fbc8-c8fc3eab0ddc@bobbriscoe.net>
Date: Fri, 02 Jun 2017 15:50:40 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1
MIME-Version: 1.0
In-Reply-To: <31104AD6-BE38-45D1-A148-67DF4D73529C@cisco.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-GB
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server.dnsblock1.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bobbriscoe.net
X-Get-Message-Sender-Via: server.dnsblock1.com: authenticated_id: in@bobbriscoe.net
X-Authenticated-Sender: server.dnsblock1.com: in@bobbriscoe.net
Archived-At: <https://mailarchive.ietf.org/arch/msg/l2tpext/_UWjOVje-Eiz2_gUyCLzmFbUmLw>
Subject: Re: [L2tpext] Propagating IP/ECN field when L2TP sits between IP as both L2 payload and PSN
X-BeenThere: l2tpext@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Layer Two Tunneling Protocol Extensions <l2tpext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/l2tpext/>
List-Post: <mailto:l2tpext@ietf.org>
List-Help: <mailto:l2tpext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l2tpext>, <mailto:l2tpext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jun 2017 14:50:47 -0000

Carlos,

On 01/06/17 14:23, Carlos Pignataro (cpignata) wrote:
> Hi, Bob,
>
>> On May 31, 2017, at 6:11 PM, Bob Briscoe <ietf@bobbriscoe.net> wrote:
>>
>> Carlos,
>>
>> On 31/05/17 17:44, Carlos Pignataro (cpignata) wrote:
>>> Hi, Bob,
>>>
>>> Adding on a couple of bits on top of Ignacio's response.
>>>
>>> L2TPv2, RFC 2661, transports only PPP (and multi protocols within it, including of course IP) and runs over UDP. In contrast, L2TPv3 transports directly a variety of protocols (Ethernet, HDLC, etc.) and runs directly over IP protocol 115 or over UDP. RFC 3931 is the base L2TPv3 specification but needs a protocol companion document. Some of those protocols are finished, e.g. RFC 4719 but others like PPP or "raw" IP are in Internet-Drafts.
>> Yup, got all that. Thanks.
>>
>> I just didn't understand the implication of Ignacio's email that updating the v2 protocol (that solely supports PPP) could be more complex than updating the v3 protocol that I thought supported PPP and many more protocols. It implied (to me) that maybe v3 doesn't support PPP in some way.
> Admittedly, I have not read in detail RFC 6040 or draft-ietf-tsvwg-rfc6040update-shim — however, I do have some questions to better understand the applicability.
You will find that section 4 of RFC 6040 contains all the normative text 
(4 pages).
>
> draft-ietf-tsvwg-rfc6040update-shim talks about “IP-in-IP Tunnels with Tightly Coupled Shim Headers”.
>
> GRE can be thought of an IP-in-IP tunnel with a tightly coupled shim, when transporting IP directly (although GRE can transport multi-protocols).
>
> [and a small note that you might need a reference to RFC 7676].
>
> However, GRE can carry Something-in-IP, with “something" potentially carrying also IP. In that case, I do not believe that’s an IP-in-IP-with-shim.
See email to Ignacio just now (which included my response to a similar 
point from Tom Herbert on int-area)...

In summary, I intend to widen the scope of 
draft-ietf-tsvwg-rfc6040update-shim to include non-mandatory /guidance/ 
for when the shim encapsulates a L2 rather than L3 header (essentially, 
interpreting the guidance in draft-ietf-tsvwg-ecn-encap-guidance for the 
specific protocols in this draft like VXLAN, GRE, L2TP).
>
> For the L2TPv2 case, L2TP carries PPP. PPP can in turn carry IP, and/orsomething else, and usually a mixture. Is this really applicable to your draft?
Yes, very much so.

One of the main motivations is to be able to support ECN between an LNS 
and a LAC, as used in many broadband settings.

We have implemented a prototype of the ultra-low latency form of ECN 
(L4S-ECN) for the downstream queue of a BRAS.
For RTTs ranging from <5ms to >100ms, every packet has ultra-low queuing 
delay (in the hundreds of microseconds, whereas the best previous 
solution added 5-10ms of queuing and required thousands of per-microflow 
queues). ECN also gives zero congestion loss, of course. We have 
demonstrated interactive video processing in the cloud for virtual 
reality, remote presence, finger-gesture panning and zooming etc, along 
with many other delay sensitive apps - all running simultaneously over 
the same broadband line (all in the same queue on the BRAS). See video 
of demo here:
https://riteproject.eu/dctth/#1511dispatchwg

In the downstream queues of the BRAS, the IP packets have already been 
decapsulated from L2TP, so when they are ECN-marked they are only within 
their PPP encapsulation. However, there will be scenarios where the 
operator will want to deploy ECN on nodes within the L2TP tunnel. Then 
any outer ECN markings will need to be propagated to the IP header 
inside the PPP payload.


>
> For L2TPv3, L2TP carries a variety of protocols, one of which is IP directly. However, although there is running code, there’s no RFC for it (https://tools.ietf.org/html/draft-ietf-l2tpext-pwe3-ip-05.) Similarly, RFC 3931 seems outside scope.
See above, re adding guidance for widened scope.

>
> [and another question ,what about MPLS, with RFC 5129?]
Do you mean, "Is L2TP over an MPLS PSN outer header in the scope of this 
draft?"
It wasn't initially.

After I add guidance for what to do if the inner is a L2 header, I could 
also mention that there might be other PSN outers too. However, this 
draft was originally intended to clarify the scope of RFC6040, which is 
solely about IP-in-IP. So, whereas IP-shim-L2-IP can be legitimately 
included in scope, I think MPLS as the PSN is too much mission creep.

>
>>> By the way you can find example of capabilities in subsections of Section 5.1.1 of https://tools.ietf.org/html/draft-ietf-l2tpext-l2tp-ppp-08
Thanks. I actually based my text on similar examples that I found in 
RFC2661 via the IANA registry of L2TP AVPs after Googling "L2TP 
capability AVP".

A question:
Do you think I should call this an LCCE Capability AVP to be more 
generic, then assign 1 bit for an ECN capability? (As opposed to an ECN 
Capability AVP that only uses 1 of 16 bits).

I doubt another LCCE capability will ever be added, since there have 
been none so far, and L2TP is already mature. However, would you agree 
that there is no harm in being generic like this?

Another question, I used 4-octet alignment for the AVP, cos other 
examples seemed to do that. Was I correct?


>>>
>>> I do not understand however why "Update", or what that implies to a compliant implementation. Many features of L2TP are specified in various WGs, not "Updating" the base specs.
>> By my understanding of the word extension, if a implementation that is compliant with RFC3931 does not implement an extension, it is still compliant with RFC3931. Is this how the word "extension" is used in L2TP land?
>>
> That’s my understanding of the unqualified word “extension” beyond L2TP land. Is that different anywhere?
So, to be clear, here's further questions:

Is your advice (and Ignacio's) that I should write the L2TP-specific 
text in my draft as a extension to L2TP, rather than an update?

Is there a distinction in L2TP between an "extension" and a "recommended 
extension" (as mentioned earlier in this thread)?

Should the safety guidance still be an update to the base L2TP specs (v2 
& v3)? By safety guidance, I mean text about the ingress zeroing the ECN 
field in an IP PSN outer if it does not check within the L2 payload, or 
does not check the egress ECN capability.

>
>> Whereas, if one IP header encapsulates another, if the ECN field were processed in any way other than RFC6040, it would be invalid (unless another RFC were written to update RFC6040). Therefore, whenever L2TP is tunnelling IP in IP, it is mandatory to comply with RFC6040. So I am asking the L2TPext WG for advice on how you guys would make a mandatory update to L2TP, rather than 'just' an optional extension.
>>
> I think first we probably need to understand the applicability because it is not an IP-in-IP encap, there’s a Layer 2 header in between, not tightly coupled but rather part of the transported payload.
>
> Now, what you describe in terms of level of mandatory applies to RFC 6040. If an implementation does not comply with RFC 6040 it is, well, not compliant with RFC 6040.
See my recent response to Ignacio on this.

Cheers



Bob
>
> Thanks!
>
> Carlos.
>
>> Bob
>>
>>> Thanks,
>>>
>>> Sent from my iPad
>>>
>>> On May 30, 2017, at 10:48 PM, Bob Briscoe <ietf@bobbriscoe.net> wrote:
>>>
>>>> Ignacio,
>>>>
>>>> Thanks for your rapid response.
>>>>
>>>> On 31/05/17 02:51, Ignacio Goyret wrote:
>>>>> I am a little confused by the double negative in "non-optional".
>>>>> Do you mean "mandatory"? If so, why not just say that?
>>>> Yes, mandatory.
>>>> That language was not in the draft; only in my email.
>>>>> The lack of a capabilities AVP that you were looking for is mainly
>>>>> because it hasn't been needed so far. You are welcome to submit a
>>>>> draft with something like that. Generally speaking, adding a simple
>>>>> binary AVP is easy and simpler to handle.
>>>> Good.
>>>>> I have no problem with the new suggested AVP, but can you explain
>>>>> why is it important to know if the remote supports or not this
>>>>> extension? Can't a tunnel end deduce this information by observing
>>>>> the IP header received?
>>>> I'm afraid not. It is critical for the ingress (in each direction) to check that the egress decap will correctly propagate the outer ECN field into the forwarded payload protocol. Otherwise explicit congestion signals added by a node within the tunnel could just get stripped at decap. With congestion feedback black-holed, the load would continue to increase until overload and tail drop.
>>>>
>>>> BTW, the forwarded ECN field after decap has to be a combination of the ECN fields in the outer and inner IP headers (RFC6040 gives a 4x4 matrix of all the combinations of the two 2-bit ECN codepoints). So I am interested to know whether this might present problems for L2TP implementations (ECN propagation on decap has been implemented OK in Linux for similar structures like VXLAN).
>>>>
>>>>> Regarding the extension vs update question: if it is an update,
>>>>> then why negotiate support? Wouldn't ECN propagation be mandated
>>>>> by this update?
>>>> Unfortunately, a mandatory update still has to cope with the above incremental deployment problem.
>>>>> There is no section for L2TPv2 (RFC2661) or any further suggestion
>>>>> on how to handle it. I'm not saying that it is necessary, but since
>>>>> it is mentioned earlier in the document, you may want to add a few
>>>>> words. Note that things are a bit more complicated in v2 because
>>>>> it transports PPP packets, which may include IP packets (or portions
>>>>> of PPP packets if using Multilink). I have no issue punting on L2TPv2
>>>>> details.
>>>> * Given you say L2TPv2 is more complicated cos it transports PPP packets, that seems to imply that L2TPv3 does not transport PPP, which doesn't sound right?
>>>>
>>>> I don't fully understand the relationship between L2TPv2 & v3 (I have come across L2TP a lot in an operational context, but never really studied it as a protocol until now).
>>>>
>>>> * Is there still a lot of L2TPv2 around?
>>>>
>>>> * Would it be believable that a L2TPv2 implementation might be updated for ECN support but not updated to L2TPv3?
>>>>
>>>> Cheers
>>>>
>>>>
>>>> Bob
>>>>
>>>>> -Ignacio
>>>>>
>>>>>
>>>>> At 15:49 5/30/2017, Bob Briscoe wrote:
>>>>>
>>>>>> Hi l2tpext list,
>>>>>> [repeating previous post, but with self-explanatory subject line]
>>>>>>
>>>>>> This is a plea for help on a short subsection of a short draft that updates L2TP (amongst other tunnel protocols).
>>>>>>
>>>>>> In the Transport Area WG (tsvwg) we have been working on defining propagation of the ECN field between IP headers separated by shim header(s):
>>>>>>     draft-ietf-tsvwg-rfc6040update-shim
>>>>>>
>>>>>> L2TP is one such protocol (when the payload of the L2 protocol is IP, and the outer PSN is IP). This is particularly relevant at the moment, because of the low latency (L4S) work based on ECN and because deployment of ECN has finally taken off {Note 1}.
>>>>>>
>>>>>> I presented this tunnelling work in intarea just under a year ago. Since then tsvwg has adopted the draft and asked that we include specific update text for each affected tunnel protocol. I just posted my first attempt at L2TP update text:
>>>>>>     <https://tools.ietf.org/html/draft-ietf-tsvwg-rfc6040update-shim-01>draft-ietf-tsvwg-rfc6040update-shim-01
>>>>>>
>>>>>> Specific questions:
>>>>>>
>>>>>> Prize for the best answer to all 3 questions: you get to become a co-author (if you want :)
>>>>>>
>>>>>> Q1. L2TP is meant for all sorts of outers and inners, so it is not clear where to define behaviour for the special (but very common) case of IP as the L2 payload and IP and as the PSN. That is:
>>>>>>      IP    :    [UDP]    :    L2TP    :    L2-specific-sublayer    :    L2    :    IP
>>>>>>
>>>>>> I decided on updating <Specific%20questions:>S.4.5 of RFC3931, but suggestions for a better place are welcome.
>>>>>>
>>>>>> Q2. L2TP is usually extended not updated. However, in this case, compliance with RFC6040 is non-optional, so I think update rather than extension is appropriate. Reason: Although RFC6040 is non-optional it includes a compatibility mode that defines what has to happen when a tunnel endpoint doesn't support ECN propagation.
>>>>>>
>>>>>> Pls read the (short) draft and, if you disagree, suggest how an extension can be non-optional.
>>>>>>
>>>>>> Q3. The tunnel initiator needs to check that the other end supports ECN propagation. I have proposed an Attribute Value Pair (AVP) for this that is effectively just a boolean choice from each end (Yes or silence). I expected to find an AVP with per-control-connection flags for tunnel endpoint capabilities that I could just extend with one more flag, but there doesn't seem to be such a thing already in L2TP. Did I miss it?
>>>>>>
>>>>>>
>>>>>> Cheers
>>>>>>
>>>>>>
>>>>>> Bob
>>>>>>
>>>>>> {Note 1}: ~70% of Web servers, ~50% of Apple client devices on fixed or WiFi access, and now increasing router deployment of ECN is appearing.
>>>> -- 
>>>> ________________________________________________________________
>>>> Bob Briscoe                               http://bobbriscoe.net/
>>>>
>>>> _______________________________________________
>>>> L2tpext mailing list
>>>> L2tpext@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/l2tpext
>> -- 
>> ________________________________________________________________
>> Bob Briscoe
>> http://bobbriscoe.net/

-- 
________________________________________________________________
Bob Briscoe                               http://bobbriscoe.net/