[mpls] Proposed changes: Potential MNA technical issue

Adrian Farrel <adrian@olddog.co.uk> Fri, 21 February 2025 16:24 UTC

Return-Path: <adrian@olddog.co.uk>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35AFDC1519A7; Fri, 21 Feb 2025 08:24:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.802
X-Spam-Level:
X-Spam-Status: No, score=-2.802 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=olddog.co.uk
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZdRUY5lUHzdD; Fri, 21 Feb 2025 08:24:05 -0800 (PST)
Received: from mta6.iomartmail.com (mta6.iomartmail.com [62.128.193.156]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABC9CC15155C; Fri, 21 Feb 2025 08:24:02 -0800 (PST)
Received: from vs1.iomartmail.com (vs1.iomartmail.com [10.12.10.121]) by mta6.iomartmail.com (8.14.7/8.14.7) with ESMTP id 51LGO0pL007642; Fri, 21 Feb 2025 16:24:00 GMT
Received: from vs1.iomartmail.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 65AA14604B; Fri, 21 Feb 2025 16:24:00 +0000 (GMT)
Received: from vs1.iomartmail.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 507024603D; Fri, 21 Feb 2025 16:24:00 +0000 (GMT)
Received: from asmtp1.iomartmail.com (unknown [10.12.10.248]) by vs1.iomartmail.com (Postfix) with ESMTPS; Fri, 21 Feb 2025 16:24:00 +0000 (GMT)
Received: from LAPTOPK7AS653V (82-69-109-75.dsl.in-addr.zen.co.uk [82.69.109.75]) (authenticated bits=0) by asmtp1.iomartmail.com (8.14.7/8.14.7) with ESMTP id 51LGNx1T013856 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 21 Feb 2025 16:23:59 GMT
From: Adrian Farrel <adrian@olddog.co.uk>
To: draft-ietf-mpls-mna-hdr@ietf.org
References: <026801db83da$30a3ec40$91ebc4c0$@olddog.co.uk> <9D3BA859-A778-4DE6-9839-401ACA913861@tony.li> <027901db83e1$104f6300$30ee2900$@olddog.co.uk>
In-Reply-To: <027901db83e1$104f6300$30ee2900$@olddog.co.uk>
Date: Fri, 21 Feb 2025 16:23:59 -0000
Organization: Old Dog Consulting
Message-ID: <03aa01db847d$03447c80$09cd7580$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AduEd9S0HqRW7qJZQuqXoL5u0LGTfg==
Content-Language: en-gb
X-Originating-IP: 82.69.109.75
X-Thinkmail-Auth: adrian@olddog.co.uk
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=olddog.co.uk; h=reply-to :from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-type:content-transfer-encoding; s= 20221128; bh=0gKsxu4eILyX+yz0kSyQdNS4bo/4T5hweM3/VhlV0UA=; b=rc6 7olQ7iLUvX3OkZmo+K7J2im9PVLleEFIQuVW1hfjpdDQinkicuuOM5Qn0Slfjdjr QyRqK5RjWO+tph9IvlYPAAM2M1uiSHve7dwKAmtUtN1jgGfa9AlHbhAMcarWZW2I dhpOtc60tntAYU46LPZi1NKSPRMhILspjdk1P8SrYZBIASRqb1WHI1a739yu/jun 4Kq4ETyeJAtCL1/M5+I8M6d5MAMKCHjK5h7adfzd74Kwn+vjOgka0xubS4xSkG64 dVXJ2AVh3DGTokjTnPFYHYrsyTzAzLFgLFnk8fDoFAcR/3jUwxletgtvUCMPj8Lu iLMV48pNy6JbPlrIM2w==
X-TM-AS-GCONF: 00
X-TM-AS-Product-Ver: IMSVA-9.1.0.2090-9.0.0.1002-28352.003
X-TM-AS-Result: No--16.888-10.0-31-10
X-imss-scan-details: No--16.888-10.0-31-10
X-TMASE-Version: IMSVA-9.1.0.2090-9.0.1002-28352.003
X-TMASE-Result: 10--16.887700-10.000000
X-TMASE-MatchedRID: /hyYWLkd2SjwCP7/v7egpRqkhv3OdF4DeErBoNg0DmIVdewhX2WAAdvS BpmBATJq2YxUuwsx592vWBlXOmcI2EKry8ky4RfFrltvlARhKR3oqNj4K1y7OMNB4YZX+3pbtY4 N1nU8OYRZ1NRYCEhylCLP5OhpeCLF/0dTUjHNqgktMfCdg6KRDYmUzG0LF+jVbPfGfHxv+pFAqv gdqBfbi66cnsbQUiNrdXIESSxAXRz7U9PXpgaA5Tz6L+U/pejxNZEftOVQtYb5rdsLa10IzBHJK JsIYHnFc0FhGYg6BylHo97MUKMveg6IZXCOSM5Q30kDaWZBE1S0BDVQCdH2d3LWbnbHhz0tHGp2 3bat06AZ/eEBxuLq8rHYk2GsxjdbcVeYCqx1wVyuYt4ytygzqAFRpBuPwhimHBrNEnhfndMvu1l VcZKEoDOV3ihlG3DGBCW/VcdT9fZe2wadKADqqmArOQGGb1wvBaExZeqJZbJWCQv16moG8bCJpK lbdbeErbLzAFIELYgnhcxDj2B/mu9c3cDddfNUF3wQ0cu1bTPqcQyHuPAzJS196sn93sBvpc2xg JAY6LpktoLf8J4fd1X2PMKU+7NIvmCAomMA4BlM+xVFI1xtYxtXMWL63O8vB/eejAjH+qQnPUwe Bg4RH9OoPfgDvFcZUJKtNXZjzWWQJG5jUgOzA7hXT+72mpTNSXetUPeEqOEGc3zk9wc+RqPFjJE Fr+oloTCA5Efyn8D99OkOM4QuA90H8LFZNFG7/nnwJ52QYi+pygCGKFPC+ATfqJobXN64xgeQU9 5rzCOubKqWhz8x8fHHDIlHeUdBbZvD56atci4=
X-TMASE-SNAP-Result: 1.821001.0001-0-1-22:0,33:0,34:0-0
Message-ID-Hash: KB33LBITMO7CREE5IUCRCOMLNJWDZRZE
X-Message-ID-Hash: KB33LBITMO7CREE5IUCRCOMLNJWDZRZE
X-MailFrom: adrian@olddog.co.uk
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-mpls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: 'mpls' <mpls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Reply-To: adrian@olddog.co.uk
Subject: [mpls] Proposed changes: Potential MNA technical issue
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/edWs111GjIThz8rPt6iJseHjsMM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Owner: <mailto:mpls-owner@ietf.org>
List-Post: <mailto:mpls@ietf.org>
List-Subscribe: <mailto:mpls-join@ietf.org>
List-Unsubscribe: <mailto:mpls-leave@ietf.org>

Hi, I think we have some agreement on the text changes necessary.

Since 5.2 is such a short section, it is probably easiest if I supply the changed text for the whole section.

OLD
5.2.  Data

   The data field carries opcode specific data.  This is ancillary data
   for a network action.  In the case of opcode 1, data field carries
   Flag-Based Network Action Indicators without ancillary data.

   To preserve backward compatibility, if a network action encodes data
   that will change during packet forwarding, then that data MUST be in
   the least significant 4 bits in the data field of a Format C LSE
   (Section 4.3) or the least significant 8 bits of a Format D LSE
   (Section 4.4).  Some legacy implementations may use the label field
   in all LSEs when computing ECMP decisions and modifying the label
   field might disrupt that packet's flow.

   This is also applicable to opcode 1 Flag-Based Network Action
   Indicators those need to be changed in flight.
NEW
5.2.  Data

   The data field carries opcode specific data.  This is ancillary data
   for a network action.  In the case of opcode 1, the data field carries
   Flag-Based Network Action Indicators without ancillary data.

   Some legacy implementations may use the label field in all LSEs
   when computing ECMP decisions and modifying the label field
   might disrupt that packet's flow.  To preserve backward
   compatibility, if a network action encodes data that may be
   different on different packets in the same flow or might change
   during packet forwarding, then that data MUST NOT be in the
   most significant 20 bits of a Format B LSE (Section 4.2), a 
   Format C LSE (Section 4.3), or a Format D LSE (Section 4.4).  Thus,
   this is also applicable to opcode 1 Flag-Based Network Action
   Indicators that need to be changed in flight.

   The available mitigations for this are to use additional Format D
   LSEs to carry the data, or to place the data in Post-Stack Data as
   described in [draft-ietf-mpls-mna-fwk].
END

Cheers,
Adrian

-----Original Message-----
From: Adrian Farrel <adrian@olddog.co.uk> 
Sent: 20 February 2025 21:48
To: 'Tony Li' <tony.li@tony.li>
Cc: 'mpls' <mpls@ietf.org>
Subject: [mpls] Re: Potential MNA technical issue

No, I personally don't have a problem with that solution.
Others may have, I don't know.

The text could, perhaps, be a little clearer in 5.2 to direct applications to use PSD. Yeah, I know one could possibly work out that having a lot of LSEs is not very wise (especially as we have a limit to the number of LSEs we can support because of the size of the NASL). Just a few words of advice: nothing heavy.

And the fixes for points 1 and 2.

A

-----Original Message-----
From: Tony Li <tony1athome@gmail.com> On Behalf Of Tony Li
Sent: 20 February 2025 21:27
To: Adrian Farrel <adrian@olddog.co.uk>
Cc: mpls <mpls@ietf.org>
Subject: Re: [mpls] Potential MNA technical issue

[WG chair hat: off]

Hi Adrian,

I recall that we discussed this before and we reached the conclusion that actions that needed
more variable data should go the post-stack route. Do you have a problem with that?

Regards,
Tony


> On Feb 20, 2025, at 12:58 PM, Adrian Farrel - adrian at olddog.co.uk <mailforwards@cloudmails.net> wrote:
> 
> Hi all,
> 
> I thought the virtual interim was useful in airing some opinions.
> 
> I exchanged a few emails with Jie to try to better understand his concerns,
> and then Stewart and I sat down for a couple of hours to work through all of
> the possibilities.
> 
> This is mainly thinking aloud.
> 
> A big question surrounds how the NAS might be parsed by a non-MNA node.
> 
> The first part of the question is "What happens if a non-MNA node encounters
> the MNA label?" Well, it shouldn't! The MNA label should only rise to the
> top of stack at nodes known to be MNA capable. But, if it does, the MNA
> label is an SPL, and processing unknown SPLs at the top of stack is well
> defined.
> 
> The next part of this question is "What if part of the NSA looks like an
> SPL?" The most concerning case we have at the moment is if it looks like an
> ELI to a non-MNA node that searches ahead for an entropy label.
> This question is covered in the draft in two places:
> 6.1 tells us that Opcode 0 is not to be used. That means that LSE formats B
> and C can never be mistaken for bSPLs because they don't start with eight 0
> bits.
> 4.4 tells us that format D LSEs must always start with a 1 so they can never
> be mistaken for bSPLs.
> So all good here.
> 
> The last part of the question is "Suppose a (legacy) node does ECMP hashing
> by reading the first n labels on the stack?"
> Since it doesn't know about MNA, it will find Opcodes and ISD and treat them
> as labels.
> This is not a problem in itself, but if the ISD can vary from packet to
> packet in a flow, it can lead to packets taking different paths.
> This question is covered in section 5.2 which tells us to be careful which
> ISD bits are allowed to vary.
> 
> But it was in re-reading 5.2 that Stewart and I had some worries.
> 
> 1. The text says:
>       if a network action encodes data
>       that will change during packet forwarding
>    While this may be interesting for OAM, what is more interesting is when
> the
>    data is different on different packets in the same flow. So probably
> change 
>    this to:
>       if a network action encodes data
>       that may be different on different packets in the same flow
> 
> 2. s/Indicators those need/Indicators that need/
> 
> 3. There are not many bits that are allowed to contain variable data.
>     This is a bit grim. We reckon that:
>     - No bits in a type B LSE can be variable
>     - Only 7 bits in a type C LSE can be variable
>     - Just 11 bits in a type D LSE can be variable
>     If you wanted to carry something like a time stamp (RFC 8877) you need
> 32 bits
>     or even 64 bits. That would need 4 or 7 LSEs (BDDD or BDDDDDD/BCDDDDD) 
>     instead of 2 or 3 (BD or BDD/BCD).
>     There are some possible mitigations:
>     - Use an entropy label. This allows any implementation that supports
> entropy
>        labels to not hash. But:
>         * it costs two additional LSEs
>         * it doesn't help with implementations that don't support entropy
> labels
>     - Stop hashing when you reach an SPL. 
>       This advice would work for new implementations, but it doesn't help
> with
>       existing implementations which will hash their way through into the
> NAS.
>     - Follow the draft and restrict where variable data is placed.
>         * Use lots of LSEs. Not a very good answer.
>         * Don't send much variable data. A bit of an unfortunate
> limitation.
>         * Put variable data post-stack. 
>     - Decide that we don't care about legacy nodes. This is not ideal, but
> an
>       operator might know about the nodes in their network. If this is the
>       choice, then the document would need to be clear.
>     - Choose a behaviour based on knowledge of the nodes in the network
>       and the (potential) path of the LSP. This approach would require 
>       capabilities to be advertised (perhaps alongside the RLD ).
> 
> Cheers,
> Adrian
> 
> _______________________________________________
> mpls mailing list -- mpls@ietf.org
> To unsubscribe send an email to mpls-leave@ietf.org

_______________________________________________
mpls mailing list -- mpls@ietf.org
To unsubscribe send an email to mpls-leave@ietf.org