Re: [Lsr] A new version of I-D, draft-liu-lsr-isis-ifit-node-capability-02

[Tianran Zhou <zhoutianran@huawei.com>]

Hi Chris,

Please see in line.

Thanks,
Tianran

-----Original Message-----
From: Lsr [mailto:lsr-bounces@ietf.org] On Behalf Of Christian Hopps
Sent: Tuesday, March 31, 2020 7:00 PM
To: wangyali <wangyali11@huawei.com>
Cc: Les Ginsberg (ginsberg) <ginsberg@cisco.com>; Christian Hopps <chopps@chopps.org>; lsr@ietf.org
Subject: Re: [Lsr] A new version of I-D, draft-liu-lsr-isis-ifit-node-capability-02



> On Mar 31, 2020, at 6:31 AM, wangyali <wangyali11@huawei.com> wrote:
> 
> Hi Christian,
> 
> Many thanks for your interest and question. I think netconf could also be a valid option.
> 
> However, this draft is not "configuring applications in the network".

Yes, and please note that I recognized that later in my email. However, while this particular draft is not trying to directly configure an application, it's only use is in support of that function, so in a sense it *is* about configuring an application in the network.

> The proposed solution is an easy and efficient way to advertise and collect IFIT node capabilities. The method is same as discussed in RFC8491 to signal MSD information.

MSD is directly related to forwarding packets. Monitoring the network is generally seen as a separate application. The IGPs always represent an "easy" way to advertise anything you want about a node, but that's not justification to do so.

ZTR> I actually do not understand how "directly related to forwarding packets" relates to *suitable for IGP*, otherwise not. But IFIT is a special monitoring application. It will add telemetry instructions directly into the forwarding packets. So that device can process the packet when forwarding it. Since the instruction is attached at the ingress, the egress node need to remove it to prevent the info leak.  In this sense, I would conclude this IFIT capability is directly related to forwarding packets.

There are other ways to query a router for it's capabilities for configuring applications that run on it, YANG is an industry standard low-bar solution, that doesn't require you change the routing protocols.

ZTR> Let's not boil the ocean to compare NETCONF/YANG or routing protocol, which is better. But I did not see the modification to routing protocol with some TLVs is a heavy work, or more complex than NETCONF/YANG.  I see both are available and useful.

> One use case is to add IFIT into SR-policy through both PCEP and BGP. So when SR-policy is deployed, IFIT functionality can be triggered automatically for the candidate path. From this point, both the path computation and IFIT option selection may take the IFIT node capability into consideration.

Perhaps this isn't the right way to go about configuring IFIT, as it requires changes to all the routing protocols. There are other ways to do this that doesn't require changing or impacting all the routing protocols.

ZTR> I feel it's very elegant to integrate IFIT into SR-Policy. So that the monitoring works close with the traffic engineering. There are already BGP and PECP extensions for SR-Policy (WG adopted). Very small changes are needed for IFIT extensions, e.g. 
https://datatracker.ietf.org/doc/draft-qin-idr-sr-policy-ifit/

Cheers,
Tianran


Thanks,
Chris.
[as WG member]

> 
> Best regards,
> Yali
> 
> 
> -----邮件原件-----
> 发件人: Christian Hopps [mailto:chopps@chopps.org] 
> 发送时间: 2020年3月30日 17:48
> 收件人: wangyali <wangyali11@huawei.com>
> 抄送: Christian Hopps <chopps@chopps.org>; Les Ginsberg (ginsberg) <ginsberg@cisco.com>; lsr@ietf.org
> 主题: Re: [Lsr] A new version of I-D, draft-liu-lsr-isis-ifit-node-capability-02
> 
> Hi Yali,
> 
> I think the overall concept of ifit is interesting enough. My concern is that we aren't adding things to routing protocols (in particular IGPs) simply to allow for another way of configuring applications in the network. This is what netconf/YANG etc, are for.
> 
> If I were trying to code this system up as a solution to sell it to customers (I'm not but..), rather than starting off by trying to modify all the IETF routing protocols to add capability advertisements (hard sell), I'd use the protocols for router discovery (already done, no standards action needed), and then netconf/restconf/whatever YANG to determine the router's capability for doing IFIT stuff, just as I would to configure those same capabilities.
> 
> Since you aren't trying to enable/disable/configure IFIT protocols with the IGP/routing protocols (this is good!), why can't you just use the same mechanism you use for enable/disable/configure for discovery as well?
> 
> Thanks,
> Chris.
> [as WG member]
> 
> 
>> On Mar 10, 2020, at 4:57 AM, wangyali <wangyali11@huawei.com> wrote:
>> 
>> Dear Les,
>> 
>> Thanks a lot for your comments. I will take your suggestion to add description on how to use the IFIT Capability information when the submission is opened.
>> 
>> As described in my reply to Acee, following is my quick reply:
>> 
>> IFIT is deployed in a specific domain referred as the IFIT domain. One network domain may consists of multiple IFIT domain. Within the IFIT domain, one or more IFIT-options are added into packet at the IFIT-enabled head node that is referred to as the “IFIT encapsulating node”. Then IFIT data fields MAY be updated by IFIT transit nodes that the packet traverses. Finally, the data fields are removed at a device that is referred to as the “IFIT decapsulating node”. 
>> 
>> The IFIT data fields must not leak to other domains. So, the IFIT encapsulating node need to know if the decapsulating node is able to support the IFIT capability. So that it can decide whether to add the IFIT-option or not.
>> 
>> The solution is similar to RFC8491. We use IGP to advertise the capability, so that head node can use. By using BGP-LS, a centralized controller can also learn the IFIT Capability of nodes to determine whether a particular IFIT Option type can be supported in a given network.
>> 
>> Best regards,
>> Yali
>> 
>> 发件人: Les Ginsberg (ginsberg) [mailto:ginsberg@cisco.com] 
>> 发送时间: 2020年3月10日 5:07
>> 收件人: wangyali <wangyali11@huawei.com>; lsr@ietf.org
>> 主题: RE: A new version of I-D, draft-liu-lsr-isis-ifit-node-capability-02
>> 
>> Yali –
>> 
>> What is missing for me is an explanation of why IFIT Capability information is something that is appropriate to be sent using IGP Router Capability advertisements.
>> 
>> Generally speaking, we prefer to restrict IGP advertisements to information which is of direct use to the protocol. However, it is fair to say that we have relaxed this restriction in some cases e.g.:
>> 
>> https://www.iana.org/go/rfc7883
>> https://www.iana.org/go/rfc8491
>> 
>> However, even in these cases the information advertised is of value to some entity executing on the protocol peers – even if not directly by the IGP itself.
>> 
>> I see no such value add here i.e., the IFIT capability information may well be of value to a controller but I do not see any use case for any entity on protocol peers.
>> So why should we use IGPs to send this information to all other IGP peers when none of them can make use of this information?
>> 
>>    Les
>> 
>> 
>> From: Lsr <lsr-bounces@ietf.org> On Behalf Of wangyali
>> Sent: Monday, March 09, 2020 1:21 AM
>> To: lsr@ietf.org
>> Subject: [Lsr] A new version of I-D, draft-liu-lsr-isis-ifit-node-capability-02
>> 
>> Dear all,
>> 
>> I’m Yali. Following is a new version of I-D, draft-liu-lsr-isis-ifit-node-capability-02 I submitted recently.
>> 
>> Please let me know your questions and comments. Thank you.
>> 
>>>>>>>>>>> 
>> Name:               draft-liu-lsr-isis-ifit-node-capability
>> Revision:  02
>> Title:                  IS-IS Extensions for Advertising IFIT Node Capability
>> Document date:       2020-03-09
>> Group:               Individual Submission
>> Pages:               7
>> URL:            https://www.ietf.org/internet-drafts/draft-liu-lsr-isis-ifit-node-capability-02.txt
>> Status:         https://datatracker.ietf.org/doc/draft-liu-lsr-isis-ifit-node-capability/
>> Htmlized:       https://tools.ietf.org/html/draft-liu-lsr-isis-ifit-node-capability-02
>> Htmlized:       https://datatracker.ietf.org/doc/html/draft-liu-lsr-isis-ifit-node-capability
>> Diff:           https://www.ietf.org/rfcdiff?url2=draft-liu-lsr-isis-ifit-node-capability-02
>> 
>> Abstract:
>>   This document defines a way for an Intermediate System to
>>   Intermediate System (IS-IS) routers to advertise IFIT(in-situ Flow
>>   Information Telemetry) capabilities.  This document extends a new
>>   optional sub-TLV in the IS-IS Router CAPABILITY TLV [RFC7981], which
>>   allows a router to announce its IFIT node capabilities within an IS-
>>   IS level or the entire routing domain.  Such advertisements enable
>>   IFIT applications in the network domain.
>> 
>> 
>> Best Regards,
>> Yali WANG
>> E: wangyali11@huawei.com
>> 
>> _______________________________________________
>> Lsr mailing list
>> Lsr@ietf.org
>> https://www.ietf.org/mailman/listinfo/lsr
> 
> 

_______________________________________________
Lsr mailing list
Lsr@ietf.org
https://www.ietf.org/mailman/listinfo/lsr