Re: [mpls] Review of draft-song-mpls-extension-header-09
Haoyu Song <haoyu.song@futurewei.com> Mon, 29 August 2022 23:44 UTC
Return-Path: <haoyu.song@futurewei.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5345C14CE46; Mon, 29 Aug 2022 16:44:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.008
X-Spam-Level:
X-Spam-Status: No, score=-2.008 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CrBSbFkRg4n0; Mon, 29 Aug 2022 16:44:43 -0700 (PDT)
Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam04on2101.outbound.protection.outlook.com [40.107.102.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5F42C14F723; Mon, 29 Aug 2022 16:44:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Uu8rbtvzva9P7AxlddLjoRJbPZTapsFTIM5YCDnfCJtylkCZRhHPeoXFUsPcJ1jwZ2Yfs8rK7QPJ6cEoxdfGPYmlAaDPzhxh4vw2CjyNTQuspUlWxZHW7AS2pp/K4K5PDhd8oEt0wK0xC3DFJWEEB243dQQBtjFRqcX7RCMmSEU+rq2j4DaQAAFikeKsZmpmbQPnRgiWHCwBuNltWd/VQN2eqApb+uCWAM0LilTfZdS1VPvONgHsBnLL1AWUq0V4fNMT+zGfMbUKYtQ7BfiRSIB8ftYDi0FjQ2JLcT4WS+JPHpm1bHf/TbLLHvyhNWX3HhEvnfTM5InEiLhtWxEQKg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yy2lWZigJY2Vecg+uMhot83dhifOm44ZItAZxnYESYs=; b=nu8ejBW0n3TxYUtpuIb5Nb3OAXj9vaIvwFrXEGmJ0rbytle15mi9hw/P6dapGC1NwUUfZGX8oROzBL3RnftTvq4IfJr84fK8CRGAE0Gce46kgjDWNUqUxeTX7OOskooqarjG1pwGnvpujgLmZDjJfwsWbCkFHFtcEOLRreUlohiBHY/+og1znoFugRhijJ2gdLNVTPtN4CMEwrY/FX5GCpfXyWqqn61Okk9k3ydvnmS1eWvesrUhlmtr/UrlaQvjQ/mEdYW0oXM4nGNf3LomJZ2oMcU3fWdDmciceyQbbhLQbSreLOeCqj5U7m4xGekg2231SNHQtwPxbiFlDIqQSw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yy2lWZigJY2Vecg+uMhot83dhifOm44ZItAZxnYESYs=; b=KgPcVpGt8sf0yaKMJNmG07rPzfbUXh/UBK3tvGvzJkK7GsT0voBgfPoTNVl23XWM4ZY9wXy8MYUOB4Dd+W2+spl+/gwmJ4KEtl9UwnTuevFQXBEtbfNm1+HFGELeAqN9GCGCQVFhU2GA/G0HrODoCIkfHwp8oRj3vst3Lqzya00=
Received: from BY3PR13MB4787.namprd13.prod.outlook.com (2603:10b6:a03:357::13) by CH2PR13MB4475.namprd13.prod.outlook.com (2603:10b6:610:62::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.10; Mon, 29 Aug 2022 23:44:40 +0000
Received: from BY3PR13MB4787.namprd13.prod.outlook.com ([fe80::fde0:afb9:b741:93d8]) by BY3PR13MB4787.namprd13.prod.outlook.com ([fe80::fde0:afb9:b741:93d8%6]) with mapi id 15.20.5588.010; Mon, 29 Aug 2022 23:44:39 +0000
From: Haoyu Song <haoyu.song@futurewei.com>
To: Stewart Bryant <stewart.bryant@gmail.com>, mpls <mpls@ietf.org>
CC: "draft-song-mpls-extension-header@ietf.org" <draft-song-mpls-extension-header@ietf.org>
Thread-Topic: Review of draft-song-mpls-extension-header-09
Thread-Index: AQHYt95dKYIH5E1vGUapB8kmNt97fK3GQibw
Date: Mon, 29 Aug 2022 23:44:39 +0000
Message-ID: <BY3PR13MB47875C41BFBB9FBE5DF994789A769@BY3PR13MB4787.namprd13.prod.outlook.com>
References: <E0C8D31B-8F8D-496B-B7E9-AEEC087DDB7A@gmail.com>
In-Reply-To: <E0C8D31B-8F8D-496B-B7E9-AEEC087DDB7A@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=futurewei.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2c48be95-4ca8-4454-7abd-08da8a187084
x-ms-traffictypediagnostic: CH2PR13MB4475:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Zmaffi/UeD9WXcNNOdPpXqzNhC72yMn1DqQEbpCpou61gPEv/ZzRNEBJ1HJ3xhQQHVpr+ls4vI9JDh8qUPGacR2KJf+wi5TSoR+DWRM+qiNy8IFZ9BbwzuVbKa5L4Qpy5yFyET0Yzp5PcSbvs/2R2mx4DJRezKKTXDAKATiKOoSko2TpsoyY7Mcd7TUtnlL32ENUiA8b++SPWMWzuL1GZj38WZCr4CZqjwCSQVvbEKa8UU0FhSWBBaTSRJ8U44GtcDoQ02aUhRmC4fonbrUiEqX2eQJBmrH2QsSEwMWUWALOPnyryBu6RvqZEbDVOdbtGNQcyBGuczlCD8aI/liNEjNYmW0jU0sFrruHbYwEmmWaAEP5h0Ib9QEHQojEMF3GiAu9SeimEUht2XCqE80iIm6MADjrH4fxj+/gTrk+ldtrMSVZqYEOywunA7YcUcd6S6Wjwqy2F0MFmOVNaXkfNs1IZi/aqm/uKz0QQ0b9TTFBIXhXyGY1VrLQ0NzxY9RGkLcpMm0LNOYsLroVybRbx1YQrLUmXhU2r9llNxe0WWUxpp33dU17+I99tJME/41iu8KabC7ltyiH/bgIyI8GQGl2p8KHvfV9WgRrGnvJ4ogfGWEeGKcoA4ozspfvBi4Fymd6hewsEYb9nKjjesigCR661+NKGCfumIjySjGUY8gc0DfAPy3GZshy0mowuBQyS7fRqCU1FD4P68mA7XaNctgVkx7YFS4R/l3gye0yo3LL4ymSw4iXyhaNCvc3hMERnfE4jHMNULDB23JAHbkf2c0x8+RI3whDwt750Hoc/l936SXBIHr0X936A226wYC7zNUR39HAqSD+eCQjCLpf0A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY3PR13MB4787.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(366004)(396003)(136003)(376002)(39840400004)(346002)(38100700002)(6506007)(53546011)(41300700001)(110136005)(478600001)(316002)(71200400001)(86362001)(26005)(122000001)(7696005)(9326002)(38070700005)(9686003)(166002)(83380400001)(186003)(66574015)(52536014)(2906002)(8936002)(33656002)(5660300002)(30864003)(4326008)(66446008)(66556008)(44832011)(8676002)(64756008)(66476007)(66946007)(76116006)(55016003)(559001)(579004); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: dSeJbwccUv48xbf1USWt2uaQ7+HboT0qOFfzQG5cMJCG+SQ7NiGeo/b+jPVbsTXNHXu2Tq3yAvrFZjLJ/PDSStBOGfl0tOO12er+pixLC/jsjz6e9tvGnlFcOb9sWt4azpu5tL+PLRM1Gw3H86tFIo+uQO1eyTdXQUUgOT+QQqwDdYGAnL5rtoZzhEAWJPRlLvoMNbxqnUozHNgOT9TB5IP/D5YkybeTextsFQ9ZilNihnqSDkUFLxaB0tvN8ypP3GpLHDXRCH2ECUUdmt9wKBxWwMIfsdaeEdRCjtDfNX6081s2md38Cu2Et2ZHZv0NlLDbgVT6tLM2VvaNUlNrx4FbhrnJ7SdvM7ApND9/eGCxE7vdfBc/YDXNf9FeeyP2uvYFTM1uCBip+g3Dv8iGiNXmEpklWJCs2KAFqPNAvbxsBbYhP7nLA3U+FUctpbw/JrlpzMNxWtypIczUFhWPRm6bN0fLua4ma/wl/ecWo1soeSawU62UU8rgBtayKTmefJ4Vbnk8RJbUUBobzlhqI8UA49mtqZ8DU8giPxp3JXxpwMZNtU4BtDWqfh48dPLjldFuMPyngzPgDQlR59FiZwTLLr3xMtyuKmvvJ941CgPxkNk4rHpVPrLVlj9QVh3Fz/hR0SZd9Id7IXdc/ZTYDyEIa6yPuq82r2A5+nYmKgxJzOOXUmUm7Y/ewNjnelgz3+ifGIQUVazLkFjQK+9UtVPovS2jKJWI4B+yYdWTZdCt1SocIsWG9P4b00OBCF+jfvT+UPE+irBuoqJA7kE5Sb09Ky5vGi+9XRtjGnJbXbmxUwvsrsnTew4WcCxZxOJKsWNH12f4XXSredg+EAQm3Ka+ukJXlFjBTtGIcGulYeceZK0PbQYMGlvKbwBCmpSawkUhRV7k/ybqGBLabvD0/Ehqau+Y03M2gIzPRz8xmaTr94pcWat6X0onZRmtttoyim7IyGJdGr2H/YhNBFOOF5GONH1r54jlwmwU80fYydXsFYW2/CZ5qSL7Mdmxmr9uHviuUlaxZtHLS2Pat1XPP36Fliju599n20C5QblIyC4aLfDDPBmN7xLo4sEQC3M4L3orCyWUjBkIFCLJsJ55qU30yr+5wrZ4a9oiDQr4FYwhxZqYIU4p4AIs8FkcPmJcYLjYNEhi/ArcxpxqOER01XRWa2vCxY6SL+oXzu8aTbsA2okS4ixx/saACntM7gcsnhsOONRh0YcAQMsgZOKMo5UN2z0Q9Ib0NU7jd87uwRK385iMieqgGFsrVN848x5wodHwo8i78wcTgi5vOP4Lmecb6ajl5nzCNlZjgcqi3YgRvgO4i6VOIyrv3lQDaIPK6qPmlbsV/2BsxADtuUrFjiJj30XqonjrTsmN/vclUQBNaCA5zoG58XkEkkDQq+LWbx/dGjnMCRxT6eCAwyi6Jn8rRs8RjvbImOIMIzx3Bh1NjVWS377QkjJqctkRPrt0vClKHrIV/tvHUVOEC0u6mV4y1RCfBFPnlKlZEFjjPXjIpknV9Gp1ZWfmeE86JILKg2Ofo4XlwO1AEopmj56o4Hxc3svyorx0yEV65CLh0bY=
Content-Type: multipart/alternative; boundary="_000_BY3PR13MB47875C41BFBB9FBE5DF994789A769BY3PR13MB4787namp_"
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY3PR13MB4787.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2c48be95-4ca8-4454-7abd-08da8a187084
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Aug 2022 23:44:39.7612 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: cuYKUyUjRW034Y4kExc+mmKckM57gQcoS0tuVMUfamphBBLVEgz0gDckvSoGF/4PqTdNK7+oTjgaImw/2sBFqw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR13MB4475
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/84ubllPjtknFC8zpFFg3A-SJGHs>
Subject: Re: [mpls] Review of draft-song-mpls-extension-header-09
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Aug 2022 23:44:48 -0000
Hi Stewart, Thank you for the review. Please see my feedback below marked with [HS]. Best regards, Haoyu From: Stewart Bryant <stewart.bryant@gmail.com> Sent: Wednesday, August 24, 2022 10:24 AM To: mpls <mpls@ietf.org> Cc: Stewart Bryant <stewart.bryant@gmail.com>; draft-song-mpls-extension-header@ietf.org Subject: Review of draft-song-mpls-extension-header-09 I know that I was involved in the text in the very early days, but I am worried about it. Things have moved on and it is not clear that the approach which is basically to clone an IPv6 EH is the right approach for where we are now. Certainly there are a lot of things that the OTD needs to consider in detail before committing to this design. I do not think we should adopt this draft at the stage. Detailed comments below. Stewart [HS] After ODT's work in one year and a half, the adopted use case, requirement, and framework drafts have set a clear demand for the PSD and this draft has also made a lot of progress to meet the requirements and comply with the architecture, based on the ODT discussions and the hard work of the coauthors. The draft takes the common approach and so far is supported by people from all the major vendors. Certainly there are still a lot work to do and some issues need to solve and some design details may subject to change. But we think it's on the right track and there's no fundamental issue. We think it's time to engage with the WG to work on it together. MPLS H. Song, Ed. Internet-Draft Futurewei Technologies Intended status: Standards Track Z. Li Expires: 12 February 2023 T. Zhou Huawei L. Andersson Bronze Dragon Consulting Z. Zhang Juniper Networks R. Gandhi J. Rajamanickam J. Bhattacharya Cisco Systems 11 August 2022 SB> The author list exceeds the allowed number, so needs to be trimmed. It would be useful if this was done at adoption. [HS] We are aware of this and will conform with the IETF guidelines. ========== 1. Motivation Some applications require adding sizable instructions and/or metadata to user packets within a network. Such examples include In-situ OAM (IOAM) [RFC9197] and Service Function Chaining (SFC) [RFC7665]. SB> This is a big change that we are proposing to make to MPLS. Do we have any indication that there is planned deployment of those protocols and whether further use is stalled on this capability? [HS] We have several use case drafts to detail the schemes for supporting these use cases. We think these use cases are valuable and will be deployed. ========== New applications are emerging. It is possible that the instructions and/ or metadata for multiple applications are stacked together in one packet to support a compound service. Conceivably, such instructions and/or metadata would be encoded as new headers and encapsulated in user packets. Such headers may require to be processed in fast path due to performance considerations. Moreover, such headers may require being attended at each hop on the forwarding path (i.e., hop-by-hop or HBH) or at designated end nodes (i.e., end-to-end or E2E). SB> This is all a bit speculative. I think we need to state (or reference) a much tighter use case given the significant cost of putting this in Silicon. [HS] These are also covered in the use case/requirement/architecture documents. The need and requirements to support such applications in MPLS networks, i.e., MPLS Network Actions (MNA), are described in [I-D.ietf-mpls-mna-usecases] and [I-D.ietf-mpls-mna-requirements]. It is clear that some headers should be located after the MPLS label stack. We call such a header "post-stack extension header". The encapsulation of post-stack extension header(s) poses some challenges to MPLS networks, because the MPLS label stack contains no explicit indicator for the upper layer protocols by design. While the post-stack extension header needs some in-stack indicator to signal its presence, the mechanism specification is out of the scope of this document. The indication for the presence of the post- stack extension header can be achieved using several mechanisms, including carrying an SPL or signaling it with the label FEC as described in [I-D.ietf-mpls-mna-fwk]. In this document, we focus on the encoding and encapsulation of the post-stack extension headers in an MPLS packet. SB> The text to this point could usefully be trimmed and made less speculative. SB> At the time of publication as an RFC (if this is published as an RFC) the situation will be that: this information needs to be carried and this is the/one of the ways that it is to be carried. [HS] Yes, at the time of publication, the content here needs to be updated. By then, the indicator method should have be decided. The similar problem has been tackled for some applications before. SB> Need to cite the examples with references in the following: [HS] will do. ========== * Some previous work such as G-ACH [RFC5586] was explicitly defined for control channel only but what we need is for the user packets. SB> We can change that constraint if it is the right thing to do. It was introduced as a result to concern for the h/w likely to be available at the time, but it is not cast in stone. [HS] Yes it's possible. Here we only describe the current status. To solve these problems, we introduce post-stack extension header as a general and extensible means to support new MNAs which involve instructions and/or meta data. The concept is similar to IPv6 extension headers which offer a huge potential for extending IPv6's capability (e.g, network security, SRv6 [RFC8754], network programming [RFC8986], SFC [I-D.ietf-spring-sr-service-programming], etc.). Thanks to the existence of extension headers, it is straightforward to introduce new network services into IPv6 networks. For example, it has been proposed to carry IOAM header [I-D.ietf-ippm-ioam-ipv6-options] as a new extension header option in IPv6 networks. SB> I think the point is the the eh mechanism is a mechanism, whether that makes it easy to introduce new eh onto a forwarder or into an operating network is a different matter, particularly in the HxH case. [HS] Agree, the mechanism provides the possibility. Will rephrase. Nevertheless, when applying the extension header to MPLS, some issues of the IPv6 EH should be avoided: * IPv6's extension headers are chained with the original upper layer protocol headers in a flat stack. One must scan all the extension headers to access the upper layer protocol headers and the payload. This is inconvenient and raises some performance concerns for some applications (e.g., DPI and ECMP). The new scheme for MPLS header extension needs to improve this. * [RFC8200] enforces many constraints to IPv6 extension headers (e.g., EH can only be added or deleted by the end nodes specified by the IP addresses in the IPv6 header, and there is only one Hop- by-Hop EH that can be processed on the path nodes), which are not suitable for MPLS networks. For example, MPLS label stacks are added and changed in network, and there could be tunnel within tunnel, so the extension headers need more flexibility. SB> Be careful here. The constraints in IPv6 are MTU and Security. SB> MTU is less of an non-issue because of the domain specific nature of most MPLS deployments. The security issue may well apply to us as well. [HS] Yes, the security issues should be discussed in the security section. We welcome your input on this topic. 2. MPLS Extension Header The concept and design of the MPLS post-stack extension header comply with the requirements laid out in [I-D.ietf-mpls-mna-requirements]. We highlight some specific design requirements for the post-stack extension headers in MPLS networks: Performance: Unnecessary label stack scanning for a label and the full extension header stack scanning for the upper layer protocol should be avoided. The extension headers a node needs to process should be located as close to the MPLS label stack as possible. SB> How does the design achieve this? [HS] The design itself has several features to make the EH parsing and accessing faster. The actual performance also depends on the use case itself but that's out of the scope. Here we only define the mechanism for the general container. Each extension header is better to serve only one application to avoid the need of packing multiple TLV options in one extension header. Song, et al. Expires 12 February 2023 [Page 4] Internet-Draft MPLS Post-Stack Extension Header August 2022 Scalability: New applications can be supported by introducing new extension headers. Multiple extension headers can be easily stacked together to support multiple services simultaneously. SB> ... until you get to the max header length of the on path routers. [HS]Yes, up to the limit of hardware capability. Backward Compatibility: Legacy devices which do not recognize the extension header option should still be able to forward the packets as usual. SB> That may or may not be a good thing. [HS] We think this is important, otherwise we'll not have an incremental deployment scenario. If a device recognizes some of the extension headers but not the others in an extension header stack, it can process the known headers only while ignoring the others. SB> ... again which may or may not be a good thing. [HS] Such flexibility is good for incremental deployment. Of course, its potential implications should be considered. Your input is welcome. Flexibility: A node can be configured to process or not process any EH. Any tunnel end nodes in the MPLS domain can add new EH to the packets which shall be removed on the other end of the tunnel. SB> That is not unique to this proposal [HS] Here we mean the decouple of LSP and EHP so an action can be applied to a sub-path only. ========= Following the MPLS label stack is the 4-octet Header of Extension Headers (HEH), which indicates the total number of extension headers in this packet, the overall length of the extension headers, the type of the original upper layer header, and the type of the next header. The format of the HEH is shown in Figure 2. 0 1 2 3 0123 4567 89012345 67890123 45678901 +----+----+--------+--------+--------+ | R |EHC | EHTL | OUL | NH | +----+----+--------+--------+--------+ Figure 2: HEH Format The meaning of the fields in an HEH is as follows: R: 4-bit reserved. The nibble value means to avoid conflicting with IP version numbers and other well-defined semantics [I-D.kbbma-mpls-1stnibble]. EHC: 4-bit unsigned integer for the Extension Header Counter. This field keeps the total number of extension headers included in this packet. It does not count the original upper layer protocol headers. SB> What do you mean here? The payload headers? [HS] Yes, it means the original MPLS payload before EHs are added. At most 15 EHs are allowed in one packet. EHTL: 8-bit unsigned integer for the Extension Header Total Length in 4-octet units. This field keeps the total length of the extension headers in this packet, not including the HEH itself. OUL: 8-bit Original Upper Layer protocol number indicating the original upper layer protocol type. It can be set to "UNKNOWN" if unknown. SB> This is a different subject, and needs to be called out and explicitly agreed. There is no need for this as far as I can see, and I am not sure why it needs to be in every EH. [HS]This support the case that there's no any EHs but the HEH. The feature can be useful to indicate the payload type. NH: 8-bit indicator for the Next Header. This field identifies the type of the header immediately following the HEH. The value of the reserved nibble needs further consideration. The EHC field can be used to keep track of the number of extension headers when some headers are inserted or removed at some network nodes. SB> Has the WG agreed to inflight insertion and removal? [HS]Not yet. This is subject to further discussion. We think it's nice feature to have. SB> If we do this, which label does this apply to when we do nested tunnels? [HS]This should be configured through control plane. The EHTL field can help to skip all the extension headers in one step if the original upper layer protocol headers or payload need to be accessed. The OUL field can help identify the type of the original upper layer protocol. SB> These are capabilities that we have not as yet agreed that we need. I do not recall them being called up the use case or requirement drafts. [HS]As discussed in the other threads, this features is nice to have with little cost. The format of an Extension Header (EH) is shown in Figure 3. Song, et al. Expires 12 February 2023 [Page 6] Internet-Draft MPLS Post-Stack Extension Header August 2022 0 1 2 3 01234567 89012345 67890123 45678901 +--------+--------+--------+-------+ | NH | HLEN |EXT(opt)| | +--------+--------+--------+ | | | ~ Header Specific Data ~ | | +--------+--------+----------------+ Figure 3: EH Format The meaning of the fields in an EH is as follows: NH: 8-bit indicator for the Next Header. This field identifies the type of the EH immediately following this EH. SB> I am sure that you got the 8 bits by copying IPv6, but do we need 8 bits? [HS]Ideally we will use the same coding space as the Internet protocols, as suggested in the draft. SB> We are not operating in Internet scope. How many EH types do we think that we will need? Could we operate in domain scope? Could we use some of these bits to specify the action on an unknown EH, and to specify E2E and HxH? [HS]Sharing the same coding space can support the same number for the same protocol. Experimental EHs can also be supported. We also have the mechanism to expand the space. The E2E or HbH property should be an inherent feature of an EH type so there's no need to specify it again. HLEN: 8-bit unsigned integer for the Extension Header Length in 4-octet units, not including the first 4 octets. SB> Are we seriously considering 1KB of EH? That will break pretty much every forwarder. [HS]We think enough scalability should be preserved because future hardware might be unimaginably powerful. EXT: 8-bit optional type extension. To save the Next Header numbers and extend the number space, it is possible to use one "Next Header" code to cover a set of sub-types. Each sub-type is assigned a new code in a different name space. This field is optional and it is only specified for some specific EH type. SB> So are we saying that we need to make provision for 64K EH types? [HS] No. Only some EH types would need expansion. For example, IOAM has several different options. It's too expensive to assign an EH type for each of it. In this case, it's better to have a single EH type for IOAM, and use the EXT to specify the option types. SB> EH sub-types could be a concept that is private to a particular EH type, and that might be a more powerful design. [HS] Yes, in the case of private EH types, EXT can be used to define sub-types. Header Specific Data: Variable length field for the specification of the EH. This field is in length such that the EH is 4-octet aligned. SB> What you do not have here and which may be of use is a flag saying what to do if you do not understand. I also wonder if there needs to be a HxH flag. [HS]The currently thinking is that any EH that a node doesn't understand can be skipped. As for the HxH feature, it should be inherent to the EH. That is, once you know the EH, you know if it should be processed hop by hop or not. SB> The way this is laid out we need to parse the whole of the EH chain to find out if we are interested in any EH entry. I wonder if we should have a manifest of some sort so just looking at BoS we can find out if anything is of interest? [HS]Header chain is easy to parse. We avoid any catalog because it complicates the parser and is inflexible. On the other hand, the control plane can configure the node to tell it what to looks for and what it is capable of, so the parsing process can terminate earlier in some cases. The extension headers as well as the first original upper layer protocol header are chained together through the NH field in HEH and EHs. The encoding of NH can share the same value registry for IPv4/ IPv6 protocol numbers. Values for new EH types (i.e., NH number) shall be assigned by IANA from the same registry as for the ipv4 and ipv6 protocol numbers (https://www.iana.org/assignments/protocol-<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.iana.org%2Fassignments%2Fprotocol-&data=05%7C01%7Chaoyu.song%40futurewei.com%7C5353ae291c254699cdbd08da85f57d49%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637969586687824586%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Cncq%2B5uTyBw7gnJrqgzkAAu1LwQdCsHTP4%2FP3FDhGXc%3D&reserved=0> numbers/protocol-numbers.xhtml). SB> ... but is that the right registry to use? Do we really want to be tied to the IP protocol numbers registry and do they want us cluttering up their registry - which has to last the life of the Internet - with our extension system which could use its own registry? [HS] Many codepoints can be shared (e.g., MPLS and the original upper layer types). The shared codepoints are beneficial to both communities and make the implementation easier. Of course, we can resort to a dedicated registry if the WG decides to do so. SB> Indeed the result of using our own registry would be a more compact registry space which leads to more efficient forwarding. [HS] For scalability consideration, 8 bits are not too many. And a few bits less don't help for the efficiency because the header itself is much larger and the entire EH should be word-aligned. Specifically, the NH field of the last EH in a chain can have some special values, which shall be assigned by IANA as well: NONE (No Next Header): Indicates that there is no other header and payload after this header. This can be used to transport packets with only extension header(s), for example, the control packets for control or the probe packets for measurements. Note that value 59 was reserved for "IPv6 No Next Header" indicator. It may be possible for MPLS EH to share this value. SB> That needs discussion in 6man [HS] If we decide to use value 59, we need to discuss in 6man. Song, et al. Expires 12 February 2023 [Page 7] Internet-Draft MPLS Post-Stack Extension Header August 2022 UNKNOWN (Unknown Next Header): Indicates that the type of the header after this header is unknown. This is intended to be compatible with the original MPLS design in which the upper layer protocol type is unknown from the MPLS header alone. SB> Not quite true, it is known from the FEC of the BoS label. [HS]Yes payload type can be known through FEC. This statement is just for the general case. MPLS: Indicates that the original upper layer protocol is still MPLS and another MPLS label stack follows. Note that the original upper layer protocol can be of type "MPLS", which implies that in a packet there might be multiple label stacks separated by EHs. Having more than one independent label stack is not new. For example, A Bier header could separate the transport/ bier labels and the payload labels; An MPLS Pseudo Wire (PW) network could be implemented on the top of another infrastructure MPLS network. SB> I do not understand this point. [HS] This means two logically independent MPLS label stacks each with its own EHs. After the outer label stack and EHs are processed and removed, the inner one is exposed. In some cases, this can make the EHs more reachable. In such cases, we have the flexibility to apply different services to different label stacks. 3. Type of MPLS Extension Headers Basically, there are two types of MPLS EHs: HBH and E2E. E2E means that the EH is only supposed to be inserted/removed and processed at the MPLS tunnel end points where the MPLS header is inserted or removed. The EHs that need to be processed on path nodes within the MPLS tunnel are of the HBH type. However, any node in the tunnel can be configured to ignore an HBH EH, even if it is capable of processing it. If there are two types of EHs in a packet, the HBH EHs must take precedence over the E2E EHs. SB> I am worried about how we bind the scope of the EH to a label. SB> If I tunnel a packet by pushing a label are the EH in the scope of that tunnel or not? Is that a ubiquitous decision? [HS]This could be done through control plane configuration? If the pipe mode is used for a tunnel, we can also apply the multiple MPLS label stacks as discussed before to clarify the EH scope. Making a distinction of the EH types and ordering the EHs in a packet help improve the forwardidng performance. For example, if a node within an MPLS tunnel finds only E2E EHs in a packet, it can avoid scanning the EH list. The type of an EH (i.e., HBH or E2E) is an intrinsic property of the EH. In other words, EH type indicates if it needs to be processed on each hop or only on edge node. SB> Is that the optimum design? [HS] Currently we think so. 4. Operation on MPLS Extension Headers When the first EH X needs to be added to an MPLS packet, an EH indicator is inserted into the proper location in the MPLS label stack. A HEH is then inserted after the MPLS label stack, in which EHCNT is set to 1, EHTLEN is set to the length of X in 4-octet units, and NH is set to the header value of X. At last, X is inserted after the HEH, in which NH and HELN are set accordingly. Note that if this operation happens at a PE device, the upper layer protocol is known Song, et al. Expires 12 February 2023 [Page 8] Internet-Draft MPLS Post-Stack Extension Header August 2022 before the MPLS encapsulation, so its value can be saved in the NH field if desired. Otherwise, the NH field is filled with the value of "UNKNOWN". SB> I am wondering if there are cases, for example as a result of nested tunnels where some may be know and some unknown. [HS] only the last NH field indicating the original upper layer protocol can be set to "UNKNOWN", all other NH fields must be set to a regular type. ========= 5. Use Cases In this section, we show how MPLS extension header can be used to support several new network applications. In-situ OAM: In-situ OAM (IOAM) records flow OAM information within user packets while the packets traverse a network. The instruction and collected data are kept in an IOAM header [RFC9197]. When applying IOAM in an MPLS network, the IOAM header can be encapsulated as an MPLS extension header. Network Telemetry and Measurement: A network telemetry and instruction header can be carried as an extension header to instruct a node what type of network measurements should be done. For example, the method described in [RFC8321] can be implemented in MPLS networks since the EH provides a natural way to color MPLS packets. Network Security: Security related functions often require user packets to carry some metadata. In a DoS limiting network architecture, a "packet passport" header is used to embed packet authentication information for each node to verify. SB> You need to comment on the matter of NS and EH addition removal in the security case. We spent a little time thinking of this in the TCR case (draft-bcx-rtgwg-tcr), but there are probably others that have considered the problem of partial signatures in more detail. [HS]Here we just mention the possible use cases for network security. The actual application is better to be covered by some other drafts. Of course, if such use cases raises some special requirements, we'd like to know if our scheme has already supported them or not. Your input on this is welcome. Song, et al. Expires 12 February 2023 [Page 9] Internet-Draft MPLS Post-Stack Extension Header August 2022 Segment Routing and Network Programming: MPLS extension header can support the implementation of a new flavor of the MPLS-based segment routing, with better performance and richer functionalities. The details will be described in another draft. SB> Reference? [HS] We haven't published the draft yet. It's briefly mentioned in the use case draft. 6. Security Considerations SB> We need a security architecture or this will not get past first base. [HS] The major security concerns may come from the actions that encapsulated in the generic EH containers. So we need to be careful to admit actions and take measures to avoid the security threats. We welcome any suggestions on other related considerations. ========== ==========
- [mpls] Review of draft-song-mpls-extension-header… Stewart Bryant
- Re: [mpls] Review of draft-song-mpls-extension-he… Loa Andersson
- Re: [mpls] Review of draft-song-mpls-extension-he… Haoyu Song
- Re: [mpls] Review of draft-song-mpls-extension-he… Haoyu Song