IETF Logo Mail Archive

Re: [OPSAWG] FW: FW: WG adoption poll for In-Situ OAM drafts

"Frank Brockners (fbrockne)" <fbrockne@cisco.com> Tue, 10 January 2017 19:19 UTC

Return-Path: <fbrockne@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F17E412952C for <opsawg@ietfa.amsl.com>; Tue, 10 Jan 2017 11:19:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.71
X-Spam-Level:
X-Spam-Status: No, score=-17.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-3.199, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kUN5FgRXWEv1 for <opsawg@ietfa.amsl.com>; Tue, 10 Jan 2017 11:19:19 -0800 (PST)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3B2D129465 for <opsawg@ietf.org>; Tue, 10 Jan 2017 11:19:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=88364; q=dns/txt; s=iport; t=1484075958; x=1485285558; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=cAHMRx9Wx9534fPcE3tK5fjfmWiL3ngdldxKHUffKj4=; b=M1dfwd1lQubsJizVTHcKcf/ZsKLc7dQwrup9orNppoIJpsxPJxteNqKK iQeYk0HQPj7rgtJ9ebnj0cGrkQQfOM6M81vJif+IZRdPrdG7zrn7MKdJC 1a/mqzcCIXpqcScHeVEVCpe6mvLDHg9Bo2HkXl7F1I+9hPiqZ7o0QYKW2 E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AmAQBgMnVY/4kNJK1dGQEBAQEBAQEBAQEBBwEBAQEBgnFJAQEBAQEfX4ENB4NIigiSJ4d/jSiCCAMfAQyFLEoCGoFpPxQBAgEBAQEBAQFjKIRpAQEBAgIBASEKOgcEFwIBBgIRAwEBASEBBgMCAgIfBgsUCAEIAgQBEggTiDoDGA6TCZ1OgiUrhxcNgkgBAQEBAQEBAQEBAQEBAQEBAQEBAQEdhkWDWztLgjwSO4EPEQEGLQkWglKCXgWGSoIraItGhUg4AYZahi9Jg3aCAIULiV+KC4RAhBIBHzhwUBU4hi1zAYY3gSGBDQEBAQ
X-IronPort-AV: E=Sophos;i="5.33,344,1477958400"; d="scan'208,217";a="191117121"
Received: from alln-core-4.cisco.com ([173.36.13.137]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 10 Jan 2017 19:19:17 +0000
Received: from XCH-ALN-008.cisco.com (xch-aln-008.cisco.com [173.36.7.18]) by alln-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id v0AJJHRc000862 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 10 Jan 2017 19:19:17 GMT
Received: from xch-rcd-008.cisco.com (173.37.102.18) by XCH-ALN-008.cisco.com (173.36.7.18) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 10 Jan 2017 13:19:16 -0600
Received: from xch-rcd-008.cisco.com ([173.37.102.18]) by XCH-RCD-008.cisco.com ([173.37.102.18]) with mapi id 15.00.1210.000; Tue, 10 Jan 2017 13:19:16 -0600
From: "Frank Brockners (fbrockne)" <fbrockne@cisco.com>
To: Stewart Bryant <stewart.bryant@gmail.com>, "opsawg@ietf.org" <opsawg@ietf.org>
Thread-Topic: [OPSAWG] FW: FW: WG adoption poll for In-Situ OAM drafts
Thread-Index: AQHSYpoU2K8oP+EhpEeaHSg6nObX46EnKXuA//+cOtCAC65VAIAAFboA//+bxdA=
Date: Tue, 10 Jan 2017 19:19:16 +0000
Message-ID: <18a85eb482ed47aabe5541d3e83b3a44@XCH-RCD-008.cisco.com>
References: <96c75d75-6f97-fe68-071d-5567049de9e7@ece.iisc.ernet.in> <009501d25cf6$a4468180$ecd38480$@gmail.com> <003801d25d3b$4064d7d0$c12e8770$@gmail.com> <010d01d25dd6$19284620$4b78d260$@gmail.com> <BBA82579FD347748BEADC4C445EA0F21A228C30E@NKGEML515-MBX.china.huawei.com> <00c001d26299$f85d7b40$e91871c0$@gmail.com> <4A95BA014132FF49AE685FAB4B9F17F6588609BD@dfweml501-mbb> <834abd4a049840bca3a502bb8176896f@XCH-RCD-008.cisco.com> <4A95BA014132FF49AE685FAB4B9F17F6588648F4@dfweml501-mbb> <0fd47cc0-0be2-5de8-adee-f158459b434a@gmail.com>
In-Reply-To: <0fd47cc0-0be2-5de8-adee-f158459b434a@gmail.com>
Accept-Language: de-DE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.55.190.229]
Content-Type: multipart/alternative; boundary="_000_18a85eb482ed47aabe5541d3e83b3a44XCHRCD008ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/8TdvJpqRGk7-TinwSvLeJ7st93o>
Subject: Re: [OPSAWG] FW: FW: WG adoption poll for In-Situ OAM drafts
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jan 2017 19:19:22 -0000

We probably need to differentiate things based on the use case, i.e.

1) *prove* in a secure way that a packet visited a particular set of nodes
2) *provide some hint* (e.g. to help operations) whether a packet visited a particular set of nodes

The POT mechanism in draft-brockners-proof-of-transit-02.txt is very much targeted at 1) – and the target box to perform these mechanisms is probably more like a firewall or similar, which would have the capabilities to do a bunch of operations on a packet – and differ from a core/backbone router.

Frank

From: OPSAWG [mailto:opsawg-bounces@ietf.org] On Behalf Of Stewart Bryant
Sent: Dienstag, 10. Januar 2017 20:10
To: opsawg@ietf.org
Subject: Re: [OPSAWG] FW: FW: WG adoption poll for In-Situ OAM drafts


I share that concern.

I think that for this to fly, there needs to be a hardware friendly version.

It also seems to me that lots of applications would be satisfied with an approach that assumes that all routers are honest, perhaps simply setting a bit in a bit field, reserving the ultra-cautious check for special faults or special operating environments.

Stewart

On 10/01/2017 17:52, Linda Dunbar wrote:
Frank,

Your suggested approach requires egress node to do the computation of “(Secret +RND) mod prime” and perform the comparison for every packet. For a node with hundreds of ports and each with 10G-100G capacity, the computation & comparison would be very heavy.

Linda

From: Frank Brockners (fbrockne) [mailto:fbrockne@cisco.com]
Sent: 2017年1月3日 7:43
To: Linda Dunbar <linda.dunbar@huawei.com><mailto:linda.dunbar@huawei.com>; Ram Krishnan <ramkri123@gmail.com><mailto:ramkri123@gmail.com>; Zhoutianran <zhoutianran@huawei.com><mailto:zhoutianran@huawei.com>; opsawg@ietf.org<mailto:opsawg@ietf.org>
Subject: RE: [OPSAWG] FW: FW: WG adoption poll for In-Situ OAM drafts

Hi Linda,

thanks for supporting https://tools.ietf.org/html/draft-brockners-inband-oam-requirements-02.txt.

On https://tools.ietf.org/html/draft-brockners-proof-of-transit-02.txt: Could you elaborate a bit more why you believe that the approach would be too complicated for the egress node? All it takes for the verifier node is to perform a “(Secret + RND) mod prime” operation and compare this to the CML number received in the packet (RND and CML are the two numbers carried within the packet).

Thanks, Frank


From: OPSAWG [mailto:opsawg-bounces@ietf.org] On Behalf Of Linda Dunbar
Sent: Dienstag, 3. Januar 2017 14:27
To: Ram Krishnan <ramkri123@gmail.com<mailto:ramkri123@gmail.com>>; Zhoutianran <zhoutianran@huawei.com<mailto:zhoutianran@huawei.com>>; opsawg@ietf.org<mailto:opsawg@ietf.org>
Subject: Re: [OPSAWG] FW: FW: WG adoption poll for In-Situ OAM drafts

I support WG Adoption of https://tools.ietf.org/html/draft-brockners-inband-oam-requirements-02.txt

But I don’t support the detailed mechanism described in https://tools.ietf.org/html/draft-brockners-proof-of-transit-02.txt to be adopted. I think the approaches described are too complicated for the egress nodes.



Linda Dunbar

From: OPSAWG [mailto:opsawg-bounces@ietf.org] On Behalf Of Ram Krishnan
Sent: 2016年12月30日 6:41
To: Zhoutianran <zhoutianran@huawei.com<mailto:zhoutianran@huawei.com>>; opsawg@ietf.org<mailto:opsawg@ietf.org>
Subject: Re: [OPSAWG] FW: FW: WG adoption poll for In-Situ OAM drafts

Hi Tianran,
I can see the new draft playing predominantly a complementary role. I have summarized some of the key areas and also added comments, please see below.

1)      https://tools.ietf.org/html/draft-brockners-inband-oam-requirements-02.txt
-       Complementary role of new draft:
o   Minimizing of In-band Telemetry Header for a specific use case such as latency measurement
o   Data export options
§  Summarizing monitoring information to build a scalable solution – for example, alert the central management system only when 99th percentile queue depth exceeds a high threshold for a flow
§  Flow mirroring
o   Service chaining use case (independent and coupled with underlay/overlay) – describes how network monitoring can help in identifying server side issues and pave the way to dynamic resource orchestration to remedy the issue



2)   https://tools.ietf.org/html/draft-brockners-inband-oam-data-02.txt
-       Complementary role of new draft:
o   Minimizing of In-band Telemetry Header format
o   Data export options format



-        Comments on above draft:

o I am surprised to see http://p4.org/wp-content/uploads/fixed/INT/INT-current-spec.pdf not being referenced.



3)   https://tools.ietf.org/html/draft-lapukhov-dataplane-probe-01



-        Comments on above draft:

o   The above id focusses on injected probe packets. The new draft is applicable to all packets including injected probe packets.



4)   Mapping in-band telemetry to different transport protocols – new contribution (this could be a separate draft or might be input to be above drafts)
o   Complementary role of new draft:
§  IPSEC use case for WAN and DC (beyond internet connectivity) and mapping
§  VXLAN-GPE/Geneve/NSH mapping

5)   https://tools.ietf.org/html/draft-brockners-proof-of-transit-02.txt



-        Comments on above draft:

o   One of the key reasons for packets following a path different from a traffic engineered/service chain path is misconfiguration. With that background,

§ With an administrative domain, practical service verification scheme(s) (https://datatracker.ietf.org/doc/draft-irtf-nfvrg-service-verification/?include_text=) could suffice

§ The elaborate proof of transit scheme suggested in this draft is possibly applicable across administrative domains where it may not be possible to mandate service verification. Additionally, when the path is changed dynamically based on intermediate node state it is not clear how this scheme will work.


Thanks,
Ramki

From: Zhoutianran [mailto:zhoutianran@huawei.com<mailto:zhoutianran@huawei.com>]
Sent: Sunday, December 25, 2016 10:57 PM
To: ram krishnan <ramkri123@gmail.com<mailto:ramkri123@gmail.com>>; opsawg@ietf.org<mailto:opsawg@ietf.org>
Subject: RE: [OPSAWG] FW: FW: WG adoption poll for In-Situ OAM drafts

Hi Ramki,

Thanks for bringing a new I-D to this WG.
Could you please state the relationship or potential overlay with the In Situ OAM serial I-Ds and also (https://tools.ietf.org/html/draft-lapukhov-dataplane-probe-01)?

Best,
Tianran

From: OPSAWG [mailto:opsawg-bounces@ietf.org] On Behalf Of ram krishnan
Sent: Saturday, December 24, 2016 7:09 PM
To: opsawg@ietf.org<mailto:opsawg@ietf.org>
Subject: [OPSAWG] FW: FW: WG adoption poll for In-Situ OAM drafts

I support adoption of these drafts.

In addition, I would like bring a closely related draft to your attention -- https://datatracker.ietf.org/doc/draft-krishnan-opsawg-in-band-pro-sla/?include_text=1

This draft brings some important contributions in the area of requirements and data formats for

-          IPSEC tunneling

-          Pre-construction/minimizing of Telemetry header

-          Service chaining – benefits beyond the network interconnect

I was hoping to get this draft out by Seoul timeframe and make it in person, unfortunately couldn’t. Looking forward to discussions and collaboration on this interesting topic.

Thanks,
Ramki

---------- Forwarded message ----------
From: ram krishnan <ramkri123@gmail.com<mailto:ramkri123@gmail.com>>
Date: Fri, Dec 23, 2016 at 1:59 PM
Subject: FW: [OPSAWG] WG adoption poll for In-Situ OAM drafts
To: Ram Krishnan <ramkri123@gmail.com<mailto:ramkri123@gmail.com>>

 On 12/7/16 01:36, Zhoutianran wrote:

Hi All,







In Seoul, we got enough interest on the In Situ OAM work and positive

response on related drafts.

So this email starts a formal poll for adoption the following I-Ds.







​​<https://tools.ietf.org/html/draft-brockners-inband-oam-requirements-02.txt>

https://tools.ietf.org/html/draft-brockners-inband-oam-requirements-02.txt

https://tools.ietf.org/html/draft-brockners-inband-oam-data-02.txt

https://tools.ietf.org/html/draft-brockners-proof-of-transit-02.txt







To be efficient, we have the poll for three I-Ds in one thread. But you

can give your opinion on each of them. And the result is per I-D.







The question is:

Do you think that the WG should adopt all or some of these drafts?





--
This message has been scanned for viruses and
dangerous content by MailScanner<http://www.mailscanner.info/>, and is
believed to be clean.



--
Thanks,
Ramki




_______________________________________________

OPSAWG mailing list

OPSAWG@ietf.org<mailto:OPSAWG@ietf.org>

https://www.ietf.org/mailman/listinfo/opsawg

v2.23.0 | Report a Bug | By Email