Re: [nvo3] Opsdir last call review of draft-ietf-nvo3-encap-10
Donald Eastlake <d3e3e3@gmail.com> Wed, 29 November 2023 22:48 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: nvo3@ietfa.amsl.com
Delivered-To: nvo3@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8FD6C151545; Wed, 29 Nov 2023 14:48:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.858
X-Spam-Level:
X-Spam-Status: No, score=-1.858 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0mfBStAgy-Bk; Wed, 29 Nov 2023 14:48:27 -0800 (PST)
Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1222DC15153F; Wed, 29 Nov 2023 14:48:27 -0800 (PST)
Received: by mail-wr1-x434.google.com with SMTP id ffacd0b85a97d-332ed02ccd9so222503f8f.0; Wed, 29 Nov 2023 14:48:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701298105; x=1701902905; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=A6i0WBCrw9GZou5n5nQVWwDatY+UjNSRnw20Vzb6U90=; b=IDnTGjRwxywFBvXVYv7Wal2PGTmMpvfprfBqoFgKAfZ0Sx70db9k87+dE9UiFFK0oP aRL0EfXWWVAYK87e9okXOUoR0ndupJzp2DwYBolXPUEIvwhYoBuCJRu6t7bfVxwmn0x1 JCh/nmadZF0W74mHSETlu7eX243FQ2ahOjyD+feqPjlrTrcisGwuvEuq4Fn6XgK2QTBt oaFD24bYYz2hQbSI/i1olqgP8ddfI5nAGM4vZ3EUkRN/OIZTlqWQpplBZkahvYR1q5mP q3WJVzkvqkdAtXvdFark6N73630s/M5Yh4CvO0W+FajvMZwUz7zup1/wPVIJ0RwQgkbE +6Tw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701298105; x=1701902905; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=A6i0WBCrw9GZou5n5nQVWwDatY+UjNSRnw20Vzb6U90=; b=TEsWAFSOtBReYyN3ojiooMLlOOl7IU2ikOq5mYgzW6ngqZ4xoJ1moQynFmPdYSsIWX C3UIV3M2RB+2gMUrc1BbpDc1VTR+UVMfFS3KN7CiZP6VvVTKtCHdV596cp4ifob4ydHy kqckRsR344qq/0PskILjog9BUpqGmLrk1lYrWEaI88RqFjoJGALz5G2SDdl9vwp9kB38 Rk0JNoSn/W7ymy5Axd28L3sN31+uEosc6ZyKotKvqopkZ7KXZCZq0a62+qFXEJm2IQqV IJQXktWfpKxEMG4c+JTVndOGfLCYU329ijq5wESiG3y1m2VUO+d2Yg+wXaObKg+2lGx5 4VeA==
X-Gm-Message-State: AOJu0YzyQu57Re8OOUIHZqLmfU5d+qM0lgJa3lBCZmuJMLe+C3urb/Zm Ayv0sBrjxjMuzXpnoT66pE/WSHaLJFOOdHW0B7c=
X-Google-Smtp-Source: AGHT+IEI+sluYj8kqkUcv57rnTXHyR9z78nhCY/kxOlo83NNDFZeChetMSxFcBQxECDK3/1wysWio3pvK1i19+cmKnc=
X-Received: by 2002:adf:dd8c:0:b0:332:c9c3:2cd3 with SMTP id x12-20020adfdd8c000000b00332c9c32cd3mr16022607wrl.47.1701298104720; Wed, 29 Nov 2023 14:48:24 -0800 (PST)
MIME-Version: 1.0
References: <c0001b2099864bea93a73207a522edf7@huawei.com>
In-Reply-To: <c0001b2099864bea93a73207a522edf7@huawei.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Wed, 29 Nov 2023 17:48:13 -0500
Message-ID: <CAF4+nEGoKKjWVoLZ3ay1NAvL5vpOzDR3SxCVssaiTFNKNAsvkw@mail.gmail.com>
To: Qin Wu <bill.wu@huawei.com>
Cc: "ops-dir@ietf.org" <ops-dir@ietf.org>, "draft-ietf-nvo3-encap.all@ietf.org" <draft-ietf-nvo3-encap.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "nvo3@ietf.org" <nvo3@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/nvo3/FaRZV2dtwQaMJ_mfEGQaqSsC_M4>
Subject: Re: [nvo3] Opsdir last call review of draft-ietf-nvo3-encap-10
X-BeenThere: nvo3@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Network Virtualization Overlays \(NVO3\) Working Group" <nvo3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3>, <mailto:nvo3-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nvo3/>
List-Post: <mailto:nvo3@ietf.org>
List-Help: <mailto:nvo3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3>, <mailto:nvo3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2023 22:48:27 -0000
Hi, I've posted a -11 version that I believe resolves your comments. On Fri, Nov 24, 2023 at 2:15 AM Qin Wu <bill.wu@huawei.com> wrote: > Hi, Donald: > Thanks for promptly answer and clarification, I think this draft is > useful work and could serve foundation for many future work to > improve interoperability, even though it has been progressed for > years. Thanks. > I think even some of my questions are related to reasoning of the > design team, it will be interesting to call out these reasons if > possible which really help new readers and later follower navigate > through the history of encapsulation and see they are evolved, shed > a light on some potential future work. A few follow up comments in > line below. OK. I've deleted some sections below where we are in agreement. > -----邮件原件----- > 发件人: Donald Eastlake [mailto:d3e3e3@gmail.com] > 发送时间: 2023年11月24日 12:40 > 收件人: Qin Wu <bill.wu@huawei.com> > 抄送: ops-dir@ietf.org; draft-ietf-nvo3-encap.all@ietf.org; last-call@ietf.org; nvo3@ietf.org > 主题: Re: Opsdir last call review of draft-ietf-nvo3-encap-10 > > Thanks for your thorough review. > > However, I think a few of your questions are not really about > document quality but rather about the reasoning of the Design Team. > I was not a member of the Design Team so I cannot answer those > questions. > > On Wed, Nov 22, 2023 at 4:14 AM Qin Wu via Datatracker > <noreply@ietf.org> wrote: > > > > Reviewer: Qin Wu > > Review result: Has Nits > > > > This document can be seen as NVO3 encapsulation design team report > > and compares 3 typical data plane encapsulation formats including > > GENEVE, GUE, VXLAN-GPE and explores technical problems and > > limitations and provides guidance and recommendation for common > > encapsulation design. It also lays foundation for future > > extension to Geneve encapsulation defined in RFC8926. > > > > I believe it is well written and ready for publication, here are a > > few comments to v-(10) I would like author to consider: > > > > Major issues: > > No > > > > Minor issues: > > > > ... > > > 2. Section 5.3 said: > > " > > * Security, e.g., of the VNI, has not been addressed by GPE. > > " > > [Qin]: I am wondering how this statement is related to section > > 6.2.2? Do we need add rationale here to explain why security of > > VNI can be be addressed? e.g., can we use UDP checksum to protect > > the payload including VNI carried in VXLAN-GPE header? or UDP > > checksum is always set to zero? or can we extend VXLAN-GPE to > > carry HMAC-like Message Authentication Code (MAC)? > > I don't think UDP checksum helps if someone is modifying a packet or > forging a packet as they can just modify or calculate the UDP > checksum appropriately for the packet content they want. > > It would be possible to extend some nvo3 candidate encapsulations > but the design team concluded that, as currently specified, > VXLAN-GPE does not provide for extension. Of course, VLAN-GPE could > be combined with a NSH and extended that way but so could almost > anything. > > [Qin Wu] If this statement is related to section 6.2.2, maybe adding > reference to specific paragraph of section 6.2.2 will be useful to > help reader understand the reasoning. OK, I'll add such a reference. > > 3. Section 5.3 said: > > " > > Although a shim header could be used for security and other > > extensions, this has not been defined yet and its implications on > > offloading in NICs are not understood. > > " > > [Qin]: Can we add rationale why offloading in NIC is not > > understood, is this > > because GPE is not extensible? > > I would say that it is not understood because it has not been > investigated sufficiently. This section is talking about adding a > shim supporting security to the nvo3 headers along with VXLAN-GPE > and using that to "extend" for security. I don't think that possible > difficulties / complexities in offload have much to do with > VXLAN-GPE not being extensible. > > [Qin Wu] As new reader to this paragraph, what I found is Geneve > encapsulation defined in RFC8926 supports offloading in NICs while > GPE not, but I don't know why, if this is outcome of design team > analysis, maybe add some text to say based on design team analysis > at that time, offloading in NICs are not understood. It's the shim that is a possible problem for offloading, not GPE. I'll try to clarify the wording. > > 4.Section 6.2.2 said: > > " > > This is desirable since we still have the UDP header for ECMP, the > > NVO3 header is in plain text so it can be read by network elements, > > and different security or other payload transforms can be supported > > " > > [Qin]: > > I can understand DTLS and IPSEC are two different security schemes. > > How do we understand transforms in the "payload transforms"? > > IPsec is one type of "payload transform". I think this section is > saying that you can send nvo3 packets with different "payload > transforms" to the same destination port because they can be > distinguished by the Next Protocol field or other information in the > VXLAN-GPE header. > > [Qin Wu] Clear. Transform is a strange wording. But never mind. OK. > > ... > > > 7.Section 6.6. TLV versus Bit Fields > > [Qin]: If we have already decided to choose geneve as common > > encapsulation and geneve chooses to use TLV for extension. Why > > should we discuss comparison between TLV and Bit Fields. Should > > common encapsulation consideration only focus on TLV? > > This report is the conclusion of the Design Team from a time before > GENEVE was chosen. > > [Qin Wu] Works for me. OK. > > 8. Section 6.7. Control Plane Considerations > > [Qin] The 2nd paragraph of section 6.6 also discuss using > > control plane to control the order of the TLVs, which seems > > overlapping with section 6.7? Is this intentional? > > I do not see it as a problem that this consideration is mentioned in > both 6.6 and 6.7. > > [Qin Wu] I have no strong opinion about this, happy to leave this to > author. OK. > > 9. Section 6.9 > > If we need a larger VNI, an extension can > > be used to support that. > > [Qin]: In which case where we need a larger VNI? Can we provide a use case > > to demonstrate the limitation of 24 bit VNI. > > If the number of logical tenants exceeds 2**24 or if VNI identifiers > where assigned in a hierarchical (see [RFC1715]) or otherwise less > efficient manner. > > [Qin Wu] I still feel use case is not clear, e.g., if you tell me > that in telemetry case, we need larger VNI, I will be convinced, but > the current text is very brief, can not figure out the use case or > motivation. I can change the sentence in question to "If we need a larger VNI, perhaps for a telemetry case, an extension can be used to support that." > > 10.Section 7 said: > > "The DT studied whether VNI should be in the base header or in an > > extension header and whether it should be a 24-bit or 32-bit > > field."1. > > [Qin] Similarly, Not clear when we will use 32 bit field? > > See my answer immediately above. I'll add a reference to Section 6.9 in the first point in Section 7. > > 11.Section 7 said: > > " > > By using Geneve options it is > > possible to get in band parameters like switch id, ingress port, > > egress port, internal delay, and queue in telemetry defined > > extension TLV from switches. > > " > > [Qin] What is queue in telemetry defined extension TLV? Can not parse. > > Are you saying "queue in telemetry" defined in extension TLV? > > I believe it should say "queue size" rather than "queue". > > [Qin Wu] The proposed is much better, still wording needs further > improvement, e.g., > OLD TEXT: > " > By using Geneve options it is > possible to get in band parameters like switch id, ingress port, > egress port, internal delay, and queue in telemetry defined > extension TLV from switches. > " > NEW TEXT: > " > By using Geneve options it is > possible to get in band parameters like switch id, ingress port, > egress port, internal delay, and queue size using > TLV extension for telemetry purpose from switches. > " I'm OK with your suggested wording and will change to it. > > 12. Section 7 said: > > " > > 9. The DT has addressed the usage models while considering the > > requirements and implementations in general including software > > and hardware. > > " > > [Qin] Are usage models related to Useful Extensions Use Cases defined in > > Section 6.2? If Yes, please add referenced section. > > I think point 9 is just supposed to be a general catch-all. I will replace "usage models" with "usage requirements (see Section 6)". > > [Qin Wu] The proposed change looks good. OK. > > 13. With recommendation given in section 7, Do you think RFC8926 > > Geneve Document needs to be revised as RFC8926bis document, or you > > expect for each extension for OAM, performance measurement, security, > > a separate document is needed to extend RFC8926 to support each > > extension? > > This is a purely speculative question about my opinion as to the > process alternatives. I don't see what it has to do with whether or > not this draft is approved. > > [Qin Wu] Tend to agree, I just think it might be useful for this > document to provide hint for the developers or implementers who want > to propose some extension to geneve, how to proceed their work in > the future. If authors strongly believe it is beyond scope for this > document, I can live with this. Yes. The plan is to close down the nvo3 WG so a RTGWG or AD sponsored draft might be best. But I don't think that should be in this document. Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e3e3@gmail.com
- [nvo3] Opsdir last call review of draft-ietf-nvo3… Qin Wu via Datatracker
- Re: [nvo3] Opsdir last call review of draft-ietf-… Donald Eastlake
- Re: [nvo3] Opsdir last call review of draft-ietf-… Qin Wu
- Re: [nvo3] Opsdir last call review of draft-ietf-… Donald Eastlake