IETF Logo Mail Archive

Re: [nvo3] Carrying entropy, was: draft-ietf-nvo3-encap-00 should add considerations of traversing NAPT

Dan Wing <dwing@vmware.com> Fri, 21 July 2017 17:20 UTC

Return-Path: <dwing@vmware.com>
X-Original-To: nvo3@ietfa.amsl.com
Delivered-To: nvo3@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97BA0131A93 for <nvo3@ietfa.amsl.com>; Fri, 21 Jul 2017 10:20:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=onevmw.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bnhZ_NRWQ7xK for <nvo3@ietfa.amsl.com>; Fri, 21 Jul 2017 10:20:47 -0700 (PDT)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0058.outbound.protection.outlook.com [104.47.42.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64025127601 for <nvo3@ietf.org>; Fri, 21 Jul 2017 10:20:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=onevmw.onmicrosoft.com; s=selector1-vmware-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=i7CmaU2li2uahTNd+elXDbWFjUFgw0USqjDFU+C1VEo=; b=Bz/tbLoAz5tGbfsC2JO+Ip+hV8LBhLNoRnpcd3lrgQUiUo7MAjrgxJ+EUvDibgD2sG4zBCTedZgkH1+LNzlkj5FyZCwTTyJXC7SV+tcDwM6q2vkYRXOBd7k7+QsdBkQ8MRtUPY6BJqGs6+iZ7L2AS0Nks8owJWRqkLb8zvtvQzI=
Received: from CO2PR05MB2648.namprd05.prod.outlook.com (10.166.95.12) by CO2PR05MB652.namprd05.prod.outlook.com (10.141.199.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1282.4; Fri, 21 Jul 2017 17:20:45 +0000
Received: from CO2PR05MB2648.namprd05.prod.outlook.com ([10.166.95.12]) by CO2PR05MB2648.namprd05.prod.outlook.com ([10.166.95.12]) with mapi id 15.01.1282.008; Fri, 21 Jul 2017 17:20:45 +0000
From: Dan Wing <dwing@vmware.com>
To: "Dale R. Worley" <worley@ariadne.com>
CC: "nvo3@ietf.org" <nvo3@ietf.org>, "touch@isi.edu" <touch@isi.edu>
Thread-Topic: [nvo3] Carrying entropy, was: draft-ietf-nvo3-encap-00 should add considerations of traversing NAPT
Thread-Index: AQHTAcfWt5hFCXOkBkKkSboyLptTMqJeh82A
Date: Fri, 21 Jul 2017 17:20:45 +0000
Message-ID: <770BFB45-B66F-4AA0-96EC-96CF3EBB32F4@vmware.com>
References: <874lu6lef1.fsf@hobgoblin.ariadne.com>
In-Reply-To: <874lu6lef1.fsf@hobgoblin.ariadne.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dwing@vmware.com;
x-originating-ip: [208.91.1.34]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CO2PR05MB652; 20:YF+uLUKc3lBeJvYOmfRh2jPwq4tArlnYgmGQz6oZz3HpukFD2nnM/5pXOD2EPqSgVARDwfwAA0Ogcx9RqN8P2aN7QHc1trz9fQqCfiWfH/p81CO4TiRFcME0xYngbp+MDgBnu5dqgp+KaC7htiBK5i8pUinAkbZAvDlEfBSrwdg=
x-ms-office365-filtering-correlation-id: 5ce4d636-ec29-46ae-a303-08d4d05cd296
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:CO2PR05MB652;
x-ms-traffictypediagnostic: CO2PR05MB652:
x-exchange-antispam-report-test: UriScan:(61668805478150);
x-microsoft-antispam-prvs: <CO2PR05MB652F861BC43F7247711BE9BDCA40@CO2PR05MB652.namprd05.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(10201501046)(100000703101)(100105400095)(6041248)(20161123560025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123555025)(20161123564025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CO2PR05MB652; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CO2PR05MB652;
x-forefront-prvs: 0375972289
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39410400002)(39450400003)(39850400002)(39840400002)(39400400002)(24454002)(377454003)(189002)(199003)(54906002)(6916009)(50986999)(76176999)(81166006)(2950100002)(81156014)(105586002)(7736002)(54356999)(6506006)(8676002)(2906002)(6436002)(3280700002)(77096006)(53546010)(82746002)(8936002)(230783001)(6486002)(305945005)(66066001)(97736004)(6512007)(33656002)(102836003)(189998001)(99286003)(38730400002)(110136004)(36756003)(6116002)(2900100001)(25786009)(3846002)(3660700001)(4326008)(68736007)(53936002)(6246003)(106356001)(86362001)(478600001)(5660300001)(101416001)(14454004)(83716003)(229853002); DIR:OUT; SFP:1101; SCL:1; SRVR:CO2PR05MB652; H:CO2PR05MB2648.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: vmware.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-ID: <B86CC68346A31F46A0D05C80A9263776@namprd05.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: vmware.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Jul 2017 17:20:45.2394 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: b39138ca-3cee-4b4a-a4d6-cd83d9dd62f0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO2PR05MB652
Archived-At: <https://mailarchive.ietf.org/arch/msg/nvo3/97MUjd4og_TAXOeQye_16nLE9QM>
Subject: Re: [nvo3] Carrying entropy, was: draft-ietf-nvo3-encap-00 should add considerations of traversing NAPT
X-BeenThere: nvo3@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Network Virtualization Overlays \(NVO3\) Working Group" <nvo3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3>, <mailto:nvo3-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nvo3/>
List-Post: <mailto:nvo3@ietf.org>
List-Help: <mailto:nvo3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3>, <mailto:nvo3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jul 2017 17:20:50 -0000

> On Jul 20, 2017, at 7:19 PM, Dale R. Worley <worley@ariadne.com> wrote:
> 
> Dan Wing <dwing@vmware.com> writes:
>> Using Geneve VNI doesn't take us towards that goal, though.  On a
>> simple network, there is only one VNI (one virtual network), and if we
>> used solely VNI for underlay ECMP, all tunneled packets would go over
>> the same ECMP path.  We want each tunneled TCP flow to take one path,
>> and ideally the next tunneled TCP flow taking another ECMP path.
> 
> I'm mixing a number of points here.  In order from what I consider most
> important to least:
> 
> - It would be desirable to have a Geneve option to contain entropy, so
>  that in situations where outer headers don't provide a good place for
>  entropy, devices don't have to look further than the Geneve header.
> 
> - There is an unused octet in the Geneve header.  It might be useful to
>  define it to contain entropy for ECMP.  (Unfortunately, it's only one
>  byte.(

For both points above:   are there cases where the outer header can't provide entropy of the inner headers?  With IPv4, Geneve is carried over UDP and the UDP source port works fine.  With IPv6, Geneve is carried over UDP and the UDP source port and IPv6 flow label can both be used.  Is Geneve carried over something that isn't UDP?  Said another way, do we want to burn Geneve option bits (and MTU) with this entropy information?

> - ECMP can use as entropy any field which is "flow identification", that
>  is, where intermediate devices are allowed to disorder packets which
>  have different values of the flow identification field.  In
>  particular, any virtual network identifier serves as flow
>  identification.  Thus, we can specify in Geneve that any device
>  handling packets with Geneve headers can disorder packets with
>  different values of the VNI field.  But a consequence of *that* is
>  that in situations where the VNI field is not used to communicate
>  useful information (presumably the additional options are the reason
>  Geneve is being used), the VNI field can be used for entropy.

Feels like a lot of rules for a Geneve-aware router to follow for ECMP.  But it would be worth elaborating on this idea some more to see if it can become a simple rule for the Geneve-aware router.  I'm thinking:

  If packet is IPv6 and flow-label > 0 then EMCP hash of [ source IP || destination IP || flow-label ]
  elseif packet is UDP
      and packet is Geneve then ECMP using hash of [ source IP || Geneve VNI || Geneve-entropy option ]
      else ECMP using hash of [ source IP || destination IP || source UDP port || destination UDP port ]
  elseif packet is TCP or SCTP or DCCP
      ECMP hash of [ source IP || destination IP || source TCP/SCTP/DCCP port || destination TCP/SCTP/DCCP port ]
  else
      don't ECMP

(This is starting down the path of a Router Requirements spec.)

-d

v2.23.0 | Report a Bug | By Email