IETF Logo Mail Archive

Re: [nvo3] [ippm] [Int-area] encapsulation of IOAM data in various protocols - follow up from WG discussion in London

Tom Herbert <tom@herbertland.com> Fri, 13 April 2018 05:17 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: nvo3@ietfa.amsl.com
Delivered-To: nvo3@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC6CC12D7F9 for <nvo3@ietfa.amsl.com>; Thu, 12 Apr 2018 22:17:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WKVbHincouea for <nvo3@ietfa.amsl.com>; Thu, 12 Apr 2018 22:17:23 -0700 (PDT)
Received: from mail-yb0-x233.google.com (mail-yb0-x233.google.com [IPv6:2607:f8b0:4002:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E24CE124239 for <nvo3@ietf.org>; Thu, 12 Apr 2018 22:17:22 -0700 (PDT)
Received: by mail-yb0-x233.google.com with SMTP id p126-v6so3695834ybg.8 for <nvo3@ietf.org>; Thu, 12 Apr 2018 22:17:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=sUmey24NZdS7vfnHRBWjRaLNzCpVoPI2x+yXlWUbWgA=; b=Sbm6QGbIawbJzWx7UNYmgBvxSZuW7D2NG2Dj85FMiWhkw3CBaYNXCb8PSZhedyDrnP WmmK+FWmZ6Z1YscCuEc0iQCLtcSqAnO2IhD+2U9zj+EaZx373vzNf8EYifZtCUk5Ss6l TGfcExFJnlT6ST1jLzHTox12j7+83MNd20bamJnObMcRI3lnIV9EEHzy1GejN8Pfgc/H DaqIESm8YLnzraTx38IntZ/Z/q0lI67qOWse7o/1HyvB4nLL1YVVK7QS/5cdIsoNWiUS MLNgc/a91kzbIfcGLAO6TwPaCkeyuldljpWwBFSWLn3v/C6x+1mmwMKecOsoArij5vZa 4mkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=sUmey24NZdS7vfnHRBWjRaLNzCpVoPI2x+yXlWUbWgA=; b=btqKpnZ4qh9mEQOnmJvOHLSLiP50cV98TGB61Fv3ubzW9HJu8qf1O8/QmVeLU73O/E UkXku5+qHzk/XjQDAIPvxZsBNtFq7Th3c+hteqvAcEdok8NA2SzFp9aWqbWu8G+HiqNd cjBSRdmHH9t4xInt5i/YoNI76Q4nov0SM3cExsIRX82RlzijnTgAwE/MVqdsItFvGXzT O378gLeHk+8FPMts+sAH579TUkH0aHeb9TEKq2hbyTpWvAPyW6RlQIgGoUZSLu9lAVxk c51gxgR/MW0L++KmVFy0hPawlEuNABRaZJUXW7jDktjU3TDde7AkThaMB1i/4NontJfl 0/Kw==
X-Gm-Message-State: ALQs6tD6zwKnohwLoQjvv+0zqi3UzdFjwYzJd41abDYTZA+76q9YEZfu nm7yEAwDcl2tG9go31O/vTfS1eGZ1hOUOlsYbqZkB0zK
X-Google-Smtp-Source: AIpwx4/SbrRovuGFyKUCHjips16i6iURR+Xa6tK4aC++49FkJBFBp0fDJYzYeQgh6YrRxb4HJyT4ilnvfODeCZV6+Y4=
X-Received: by 2002:a25:b2a3:: with SMTP id k35-v6mr3203144ybj.259.1523596641773; Thu, 12 Apr 2018 22:17:21 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.200.26.135 with HTTP; Thu, 12 Apr 2018 22:17:21 -0700 (PDT)
In-Reply-To: <CACYmcDqd2gwUTmjj-BssB1Bh7EAVi6v_Uu6Qq9XXd2RbdMnGGw@mail.gmail.com>
References: <ff0c9182d1f14ec48b352e41fedaf58e@XCH-RCD-008.cisco.com> <CA+RyBmUNHcQZtTGJj67V=DqPkwV6GXWDUQJGjwT7ODEFg_QQFA@mail.gmail.com> <CALx6S36ojk0z+iOhNhFqF2A+acXC1=xHPEN7G0Y_9+itC+WiGQ@mail.gmail.com> <CACYmcDqd2gwUTmjj-BssB1Bh7EAVi6v_Uu6Qq9XXd2RbdMnGGw@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 12 Apr 2018 22:17:21 -0700
Message-ID: <CALx6S37aig+JJ8WPgC6NDeNExJ_qS9LZweSL2TOgD1EPqZRwTQ@mail.gmail.com>
To: Mickey Spiegel <mspiegel@barefootnetworks.com>
Cc: Greg Mirsky <gregimirsky@gmail.com>, NVO3 <nvo3@ietf.org>, int-area@ietf.org, Service Function Chaining IETF list <sfc@ietf.org>, IETF IPPM WG <ippm@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/nvo3/SRzS8C0tAnmfJOBoT-NRGGMzs2o>
Subject: Re: [nvo3] [ippm] [Int-area] encapsulation of IOAM data in various protocols - follow up from WG discussion in London
X-BeenThere: nvo3@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Network Virtualization Overlays \(NVO3\) Working Group" <nvo3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3>, <mailto:nvo3-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nvo3/>
List-Post: <mailto:nvo3@ietf.org>
List-Help: <mailto:nvo3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3>, <mailto:nvo3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Apr 2018 05:17:26 -0000

Mickey,

Looking at these ippm drafts more closely, I have a much more
fundamental concern.

In draft-brockners-ippm-ioam-geneve-00 for instance, there is the text
in the introduction:

"In-situ OAM (IOAM) records OAM information within the packet while
the packet traverses a particular network domain.  The term "in-situ"
refers to the fact that the IOAM data fields are added to the data
packets rather than is being sent within packets specifically
dedicated to OAM.  This document defines how IOAM data fields are
transported as part of the Geneve [I-D.ietf-nvo3-geneve]
encapsulation."

I assume this means that as packets with Geneve encapsulation traverse
the network they are interpreted by intermediate nodes as being
Geneve. Since Geneve is a UDP encapsulation, then the destination UDP
port number would be used to identify packets as being Geneve. So an
intermediate device might be looking for UDP packets destined to port
6081 (the assigned UDP port for Geneve). If my understanding is
correct, then this is a problem.

UDP port numbers do not have global meaning. An intermediate device
may very well see UDP packets destined to port 6081 that are not
actually Geneve. This scenario is discussed in RFC7605:

"...intermediate device interprets traffic based on the port number.
It is important to recognize that any interpretation of port numbers
-- except at the endpoints -- may be incorrect, because port numbers
are meaningful only at the endpoints."

If the UDP data is modified, as the draft would imply, then
misinterpretation may also mean silent data corruption of packets. A
protocol that would allow this seems pretty incorrect! Note that this
would be true also for any UDP encapsulation that the network tries to
interpret.

I am also wondering if hop-by-hop options been considered for this
application? Their interpretation in the network is unabiguous and
they also have the advantage that the work with any IP protocol or
encapsulation.

Thanks,
Tom


On Thu, Apr 12, 2018 at 3:31 PM, Mickey Spiegel
<mspiegel@barefootnetworks.com> wrote:
> Tom,
>
> On Thu, Apr 12, 2018 at 2:46 PM, Tom Herbert <tom@herbertland.com> wrote:
>>
>> On Thu, Apr 12, 2018 at 9:54 AM, Greg Mirsky <gregimirsky@gmail.com>
>> wrote:
>> > Hi Frank,
>> > thank you for sharing your points. Please find my notes in-line and
>> > tagged
>> > GIM>>. I believe that this is very much relevant to work of other
>> > working
>> > groups that directly work on the overlay encapsulations in the center of
>> > the
>> > discussion and hence I've added them to the list. Hope we'll have more
>> > opinions to reach the conclusion that is acceptable to all.
>> >
>> > Regards,
>> > Greg
>> >
>> > On Wed, Apr 11, 2018 at 12:02 PM, Frank Brockners (fbrockne)
>> > <fbrockne@cisco.com> wrote:
>> >>
>> >> Back at the IPPM meeting in London, we discussed several drafts dealing
>> >> with the encapsulation of IOAM data in various protocols
>> >> (draft-brockners-ippm-ioam-vxlan-gpe-00,
>> >> draft-brockners-ippm-ioam-geneve-00, draft-weis-ippm-ioam-gre-00). One
>> >> discussion topic that we decided to take to the list was the question
>> >> on
>> >> whether draft-ooamdt-rtgwg-ooam-header could be leveraged.  After
>> >> carefully
>> >> considering draft-ooamdt-rtgwg-ooam-header, I came to the conclusion
>> >> that
>> >> the “OOAM header” does not meet the needs of IOAM:
>> >>
>> >> * Efficiency: IOAM adds data to live user traffic. As such, an
>> >> encapsulation needs to be as efficient as possible. The “OOAM header”
>> >> is 8
>> >> bytes long. The approach for IOAM data encapsulation in the above
>> >> mentioned
>> >> drafts only requires 4 bytes. Using the OOAM header approach would add
>> >> an
>> >> unnecessary overhead of 4 bytes – which is significant.
>> Greg,
>>
>> I'm missing something here. I looked at the drafts you referenced and
>> each of them looks like the overhead for OAM is greater that four
>> bytes. In each there is some overhead equivalent to type/length, for
>> instance in Geneve four bytes are needed for option class, type, and
>> length. Unless the the OAM data is zero length, I don't see how this
>> adds up to only four bytes of overhead.
>
>
> The four versus eight bytes just refers to the fields in the four bytes of
> IOAM
> info, that is common to all IOAM options. Beyond that, there are IOAM option
> specific fields. For example if doing one of the IOAM trace options, there
> are
> four bytes of trace option header, including the IOAM-trace-type, NodeLen,
> Flags, and RemainingLen fields. These are followed by the node data list
> containing the per hop IOAM information.
>
> In looking at the OOAM header content, it has nothing to do with any of the
> IOAM information after the first four bytes. It contains another variant of
> the
> information in the first four bytes of IOAM info, spread out over eight
> bytes.
>
>>
>> Tom
>>
>> >
>> > GIM>> The difference in four octets is because OOAM Header:
>> >
>> > provides more flexibility, e.g. Flags field and Reserved fields;
>
>
> The flags field only has one defined flag at the moment, for a timestamp
> block. For IOAM trace we need per hop timestamps, which the timestamp
> block cannot address, i.e. the timestamp block is redundant for IOAM.
>
>>
>> > supports larger OAM packets than iOAM header;
>
>
> For IOAM purposes, 1020 octets is more than enough.
>
>>
>> > is future proof by supporting versioning (Version field).
>
>
> IMO, taking the first two bits of the IOAM-Type to define a Version field
> would be a good thing. This does not require adding four more bytes of
> overhead. 64 IOAM-Types is more than enough.
>
>>
>> >>
>> >> * Maturity: IOAM has several implementations, which were also shown at
>> >> recent IETF hackathons – and we’re expecting additional implementations
>> >> to
>> >> be publicized soon. Interoperable implementations need timely
>> >> specifications. Despite the question being asked, the recent thread on
>> >> OOAM
>> >> in the NVO3 list hasn’t revealed any implementation of the OOAM header.
>> >> In
>> >> addition, the thread revealed that several fundamental questions about
>> >> the
>> >> OOAM header are still open, such as whether or how active OAM
>> >> mechanisms
>> >> within protocols such as Geneve would apply to the OOAM header. This
>> >> ultimately means that we won’t get to a timely specification.
>> >
>> > GIM>> May I ask which encapsulations supported by the implementations
>> > you
>> > refer to. Until very recently all iOAM proposals were to use meta-data
>> > TLV
>> > in, e.g. Geneve and NSH. And if these or some of these implementations
>> > already updated to the newly proposed iOAM shim, I don't see problem in
>> > making them use OOAM Header. Would you agree?
>> >
>> >>
>> >> * Scope: It isn’t entirely clear to which protocols the OOAM header
>> >> would
>> >> ultimately apply to. The way the OOAM header is defined, OOAM uses a
>> >> 8-bit
>> >> field for “Next Prot”, the next protocol. Some protocols that IOAM data
>> >> needs to be encapsulated into use 16-bits for their next protocol code
>> >> points. See e.g. the GRE encapsulation – as specified in
>> >> draft-weis-ippm-ioam-gre-00.
>> >
>> > GIM>> The first paragraph of the Introduction section states:
>> >    New protocols that support overlay networks like VxLAN-GPE
>> >    [I-D.ietf-nvo3-vxlan-gpe], GUE [I-D.ietf-nvo3-gue], Geneve
>> >    [I-D.ietf-nvo3-geneve], BIER [I-D.ietf-bier-mpls-encapsulation], and
>> >    NSH [I-D.ietf-sfc-nsh] support multi-protocol payload, e.g.
>> >    Ethernet, IPv4/IPv6, and recognize Operations, Administration, and
>> >    Maintenance (OAM) as one of distinct types.  That ensures that
>> >    Overlay OAM (OOAM)packets are sharing fate with Overlay data packet
>> >    traversing the underlay.
>> > I'm updating the OOAM Header draft and along with cleaning nits will
>> > update
>> > reference to GUE. I think that the list and the statemnt are quite clear
>> > in
>> > identifying the scope of networks that may benefit from using not only
>> > common OOAM Header but common OOAM mechanisms, e.g. Echo Request/Reply.
>> >
>> >> With the above in mind, I’d suggest that the WG moves forward with
>> >> specific definitions for encapsulating IOAM data into protocols – per
>> >> the
>> >> above mentioned drafts.
>> >>
>> >>
>> >>
>> >> Regards, Frank
>> >>
>> >>
>> >> _______________________________________________
>> >> ippm mailing list
>> >> ippm@ietf.org
>> >> https://www.ietf.org/mailman/listinfo/ippm
>> >>
>> >
>> >
>> > _______________________________________________
>> > Int-area mailing list
>> > Int-area@ietf.org
>> > https://www.ietf.org/mailman/listinfo/int-area
>> >
>>
>> _______________________________________________
>> ippm mailing list
>> ippm@ietf.org
>> https://www.ietf.org/mailman/listinfo/ippm
>
>

v2.23.0 | Report a Bug | By Email