Re: [MBONED] MNAT draft
"Holland, Jake" <jholland@akamai.com> Sat, 14 November 2020 03:26 UTC
Return-Path: <jholland@akamai.com>
X-Original-To: mboned@ietfa.amsl.com
Delivered-To: mboned@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 438CE3A0EF1 for <mboned@ietfa.amsl.com>; Fri, 13 Nov 2020 19:26:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AJ5MadyOqMgv for <mboned@ietfa.amsl.com>; Fri, 13 Nov 2020 19:26:43 -0800 (PST)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D7D23A0EEB for <mboned@ietf.org>; Fri, 13 Nov 2020 19:26:42 -0800 (PST)
Received: from pps.filterd (m0122332.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0AE3IKGg017569; Sat, 14 Nov 2020 03:26:42 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=S1OLWatnSJarUjCgWigvP5i83q4hoM3jHZVBMmqnp7E=; b=T1eHbyyPAL2ebOjoWCKMbtlph4V7jnY8bSlN/PGF/p5ZaJxT2vvtQt6GvFIveuUkryfN jeeARZye6Vw7J3LfWf019Jh/M3a8FXjoikmoYTjnmvm3s4n0SLcDLJZOffkFA0IyFeDd 13HbFVeBx0iQKm5LGmX4z4ZMlOh/JV82wTW9ss4a5rlAI2WjM9n1wA4qlF6/4QO6EoMd PD03JS8lGseqqRMaS6Js6sTG0cbsKFPbSSy75wYN0X8sZkZJDtRYMYSldfsAOA2B2/NI ELvc3sDT89H5Ruk6rDVs7Fr6KQBE4bvibeaIZ2L820C80l6H0r2Sc4ghoUe8Plf8Ui7H Iw==
Received: from prod-mail-ppoint4 (a72-247-45-32.deploy.static.akamaitechnologies.com [72.247.45.32] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 34qvggb419-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 14 Nov 2020 03:26:42 +0000
Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.0.42/8.16.0.42) with SMTP id 0AE3K3n5004520; Fri, 13 Nov 2020 22:26:41 -0500
Received: from email.msg.corp.akamai.com ([172.27.165.118]) by prod-mail-ppoint4.akamai.com with ESMTP id 34ss2n4nnb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 13 Nov 2020 22:26:41 -0500
Received: from ustx2ex-dag1mb6.msg.corp.akamai.com (172.27.165.124) by ustx2ex-dag1mb2.msg.corp.akamai.com (172.27.165.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 13 Nov 2020 21:26:40 -0600
Received: from ustx2ex-dag1mb6.msg.corp.akamai.com ([172.27.165.124]) by ustx2ex-dag1mb6.msg.corp.akamai.com ([172.27.165.124]) with mapi id 15.00.1497.007; Fri, 13 Nov 2020 21:26:39 -0600
From: "Holland, Jake" <jholland@akamai.com>
To: Leonard Giuliano <lenny@juniper.net>
CC: "mboned@ietf.org" <mboned@ietf.org>
Thread-Topic: [MBONED] MNAT draft
Thread-Index: AQHWtr2ss/1yEolC40a95hFZfLlPwKnET/0A///EQ4CAAXnYAIAAYdoAgAEJzwD//+MmAA==
Date: Sat, 14 Nov 2020 03:26:38 +0000
Message-ID: <05BD7B72-2A4B-4D21-A5D1-450CBEB700EB@akamai.com>
References: <893D0BA2-37C6-4A43-A05D-8B63249F2B9F@akamai.com> <4a8c8590-3e35-afaa-c42a-e4f74feb997e@juniper.net> <4957CF9E-B91B-4593-B8F1-4A1B718E6E6F@akamai.com> <b62ff0f2-9bf-9aa-dec5-7741f4465083@juniper.net> <2C389481-7B76-4E72-AD19-35938D3BFBB6@akamai.com> <e19a992d-e923-683b-18e2-bd2bbbf261c2@juniper.net>
In-Reply-To: <e19a992d-e923-683b-18e2-bd2bbbf261c2@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.42.20101102
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.27.164.43]
Content-Type: text/plain; charset="utf-8"
Content-ID: <F76866D65501AD45A9EF8AC86C324DCD@akamai.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312, 18.0.737 definitions=2020-11-14_01:2020-11-13, 2020-11-14 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 mlxlogscore=999 mlxscore=0 adultscore=0 suspectscore=0 spamscore=0 phishscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2011140020
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312, 18.0.737 definitions=2020-11-14_01:2020-11-13, 2020-11-14 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 priorityscore=1501 mlxlogscore=999 phishscore=0 adultscore=0 clxscore=1015 suspectscore=0 lowpriorityscore=0 malwarescore=0 bulkscore=0 spamscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2011140020
X-Agari-Authentication-Results: mx.akamai.com; spf=${SPFResult} (sender IP is 72.247.45.32) smtp.mailfrom=jholland@akamai.com smtp.helo=prod-mail-ppoint4
Archived-At: <https://mailarchive.ietf.org/arch/msg/mboned/niMZYlgn4TMtBIi8l0BgBd1mqC4>
Subject: Re: [MBONED] MNAT draft
X-BeenThere: mboned@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Mail List for the Mboned Working Group <mboned.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mboned>, <mailto:mboned-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mboned/>
List-Post: <mailto:mboned@ietf.org>
List-Help: <mailto:mboned-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mboned>, <mailto:mboned-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Nov 2020 03:26:44 -0000
Hi Lenny, On 11/13/20, 1:09 PM, "Leonard Giuliano" <lenny@juniper.net> wrote: > Jake- OK, I'm starting to grasp this all, as I map the text to the right > buzzwords. So it seems the motivating use cases are the following: > > 1) v4 <-> v6 mcast translation > > 2) solving the problem of RPF with a BGP-free core > > 3) SSM mapping (turning ASM reports into SSM joins/subscribes) > > 4) static multicast routing > > Let me know if this is correct. See comments inline: Yes, exactly. > | As I understood it, in MVPN the PBR needs to have some new functionality > | that's not already present on the CMTS or CPE devices, and those can't > | easily be upgraded, so the PBR would have to be north of the CMTS. > > No, in GTM (RFC7716), no changes are needed on the attachment networks, > which in this case would include CPE and CMTS. Also, please try to avoid > thinking about MVPN, as GTM is explicitly designed to work in a non-VPN > environment (the "Global Table"). It borrows MVPN concepts and applies > them to the non-VPN Global Table case. Cool, thanks for the explanation. > | Maybe I'm not understanding something, but I don't see a place the > | MVPN functionality can be deployed at the receive side that solves > | the problem in this scenario, since it has to be both to the north > | and south of the same point in the network. > > Let me know if this diag is accurate and helpful: > > CPE--CMTS---AR1---MPLS_IR1---MPLS_TR1---MPLS_IR2---AR2---AR3---Src ... > forwards it to AR1. So this prevents the need for mcast NAT to avoid RPF > problems (#2), but from your context, I get the impression that you are > more concerned with the SSM mapping part (#3) here. Thanks for the explanation. Yes, in the problem I was outlining for this case, the SSM mapping was the focus. But this helps a lot for my understanding of how GTM can help with the RPF problem. I'm not sure I have the whole picture yet, but this is very helpful and gets me a lot closer. Of course I agree that networks that can ingest traffic and solve all their delivery constraints with GTM (or otherwise) would not need MNAT, and I agree that some of the problems MNAT can solve could be solved with GTM instead, and that networks that only have those problems would probably prefer GTM for at least the near future. > | A key representative scenario was: > | - There's an IPTV app that only uses ASM, and an access device that uses > | only IGMPv2. ... > This is a fairly common scenario for SSM mapping, where the end device > (usually a set-top box) only supports IGMPv2. Usually the LHR is > statically configured with a mapping for g1 = s1,g1, and that LHR sends a > join for s1,g1 upstream. DNS is also used sometimes as part of this to > avoid some of the manual provisioning of the mapping in the router. > > Still not seeing where translation would be needed here. OK, so imagine that I've got some externally sourced traffic that happens to use the same g1, so (s2,g1) is my traffic, while (s1,g1) is the local network's traffic, and LHR is configured to add s1 to (*,g1) joins, as above. Without MNAT, my app will try to join (s2,g1) from inside the CPE, the join propagates through the CPE becoming a join of (*,g1) due to IGMPv2, then at the LHR the configuration adds s1 due to the config above, and the join propagates as (s1,g1) within the core, so my app receives (s1,g1) traffic at layer 2 and discards it at the socket layer for not being (s2,g1), so no payloads are processed by the app. If instead MNAT operates in this scenario, my app would tell MNAT about the subscription to (s2,g1) and ask it whether there is a NAT mapping for this network. The MNAT server now has the opportunity to assign "(s3,g2) is the NAT for (s2,g1)", with g2 pulled from a pool configured by the network (perhaps from 239 or 233, or perhaps from a part of 232 that they're not using for their traffic). Since my app is operating as an MNAT egress, it learns that (s3,g2) is the mapping for (s2,g1) for this network over its connection to the MNAT server, so my app now issues a join for (s3,g2) to the network, which propagates to the ingress in the network. (The LHR would likely be configured to add s3 to the (*,g2) joins it sees, just like it's configured to add s1 for (*,g1) joins.) The ingress is likewise talking to the MNAT service, and thus also learns that (s2,g1) traffic should be ingested and should be forwarded in the network as (s3,g2). Now (s3,g2) traffic is forwarded to my app, which (as an MNAT egress) understands it to be traffic that was NATted from (s2,g1) and processes the payloads as (s2,g1) traffic. (s1,g1) joins from the network's TV service are unaffected, and the LHR continues to receive those as (*,g1) joins that it turns to (s1,g1) due to its config. > | The scenario is: > | - They've got an IPTV service running > | - They're using static routing. Each TV channel has its own group address. > | - I come along and say "I've got some receivers in your network trying to > | subscribe to my (S,G)s, can you please set up to ingest for it"? > | - They say "we're happy to set up some static channels and not run our own > | TV on them, and let you use those channels if you can put traffic on > | them. But we're not going to deploy PIM for you". > > This is also a fairly common scenario for video distribution, usually over > an MPLS network that doesn't want to run PIM. So P2MP MPLS LSPs are > provisioned and the multicast groups are statically routed down those > LSPs. > > Here again, I don't see where the translation is needed. The translation is needed so that my (s2,g1) traffic can be transported on those multicast groups. Suppose network in this scenario decides they would like to ingest external traffic. They have allocated (g1-g100) for their TV services, and now they add (g101-g200) and designate it for use with external traffic, provisioning the static routing in the core exactly like they did for (g1-100). My app is deployed in their network, and would like to join (s2,g300), which is my global (S,G) containing the traffic a user wants, ingestable with DRIAD+AMT, having metadata in DORMS, CBACC, etc. In order for (s2,g300) traffic to be carried in this network, it has to be somehow put in a packet with a destination in (g101-g200). (And something at the receive side has to know that traffic to g101 originally came from (s2,g300).) MNAT is the mechanism I'm proposing that would place the (s2,g300) traffic into (s3,g101) while it's inside this network, so it can be delivered to my app. Without some such mechanism, my app won't be able to get the traffic delivered as multicast in this network. HTH. -Jake
- [MBONED] MNAT draft Holland, Jake
- Re: [MBONED] MNAT draft zhang.zheng
- Re: [MBONED] MNAT draft zhang.zheng
- Re: [MBONED] MNAT draft Holland, Jake
- Re: [MBONED] MNAT draft Leonard Giuliano
- Re: [MBONED] MNAT draft Holland, Jake
- Re: [MBONED] MNAT draft Leonard Giuliano
- Re: [MBONED] MNAT draft Holland, Jake
- Re: [MBONED] MNAT draft Leonard Giuliano
- Re: [MBONED] MNAT draft Holland, Jake
- Re: [MBONED] MNAT draft Leonard Giuliano