Re: Review of draft-rtg-dt-encap-02 - Encapsulation Considerations

Erik Nordmark <nordmark@acm.org> Mon, 06 July 2015 09:48 UTC

Return-Path: <nordmark@acm.org>
X-Original-To: rtgwg@ietfa.amsl.com
Delivered-To: rtgwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 499A11AC402; Mon, 6 Jul 2015 02:48:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.934
X-Spam-Level:
X-Spam-Status: No, score=-1.934 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yAP1WRyCsqob; Mon, 6 Jul 2015 02:48:01 -0700 (PDT)
Received: from d.mail.sonic.net (d.mail.sonic.net [64.142.111.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06CA01AC3FC; Mon, 6 Jul 2015 02:48:01 -0700 (PDT)
Received: from [172.22.239.182] ([162.210.130.3]) (authenticated bits=0) by d.mail.sonic.net (8.15.1/8.15.1) with ESMTPSA id t669lnGr021495 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 6 Jul 2015 02:47:51 -0700
Subject: Re: Review of draft-rtg-dt-encap-02 - Encapsulation Considerations
To: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>, "rtgwg@ietf.org" <rtgwg@ietf.org>
References: <BF1047B0-1156-4AB0-A497-EDAB4C00B86E@cisco.com>
From: Erik Nordmark <nordmark@acm.org>
Message-ID: <559A4EC4.2010805@acm.org>
Date: Mon, 6 Jul 2015 11:47:48 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.0.1
MIME-Version: 1.0
In-Reply-To: <BF1047B0-1156-4AB0-A497-EDAB4C00B86E@cisco.com>
Content-Type: multipart/alternative; boundary="------------000800070804000609090806"
X-Sonic-CAuth: UmFuZG9tSVYEBSqR/qqOp6DgvcaArtFc6lZ056EjiSGtAituyYxuLbZjGV2QFAEe72fmDEdoWvg9ehXHnXTENTIuams76me6
X-Sonic-ID: C;/DztD8Qj5RGEEDDDQUxNRQ== M;dkgWEcQj5RGEEDDDQUxNRQ==
X-Sonic-Spam-Details: 0.0/5.0 by cerberusd
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtgwg/iUHKJADe62OBAQbQS3T68XwD9io>
Cc: "rtgwg-chairs@ietf.org" <rtgwg-chairs@ietf.org>
X-BeenThere: rtgwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Routing Area Working Group <rtgwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtgwg/>
List-Post: <mailto:rtgwg@ietf.org>
List-Help: <mailto:rtgwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jul 2015 09:48:06 -0000

On 6/9/15 5:25 AM, Carlos Pignataro (cpignata) wrote:
> Hi, RtgWG,
>
> Please find below some review comments on draft-rtg-dt-encap-02.
>
> https://datatracker.ietf.org/doc/draft-rtg-dt-encap/
>
> While this is not a comprehensive fine-tooth-comb review, I hope these (somewhat high-level) comments are useful.
Carlos,
Thanks for the comments and sorry for the delay in responding.

>
> General comments:
>
> Scanning through the document, I have two high-level concerns.
> 	• First, there is really no evident or apparent definition of what “Encapsulation” is. This is not a pedantic comment, but I think it is a root cause of the point that follows.
> 	• Many of the considerations on this document are not applicable to the scoped “encapsulation” per se. Instead, they relate to a specific layer underneath the encapsulation, to a layer that further encapsulates the encapsulation.
>
> For example, the document sets of explaining the need for understanding common requirements and considerations among groups of encaps. In addition to encaps in NOV3, these are also the BIER Header and NSH. Both these can be carried by multiple underlays each with different characteristics. However, the document conflates requirements and characteristics from the encap itself, and intertwines them with characteristics and requirements on the underlay.
You must have read a different document, because draft-rtg-dt-encap 
contains no requirements ;-)
More seriously, trying to come up with a strict definition of 
"encapsulation" or placing general requirements across a broad set of 
approaches would be quite futile since that tends to result in proxy 
discussions which are really about "I don't want that requirement on my 
protocol".

That is why the title and the content of the document "considerations". 
It seems like folks appreciate having captured this broad set of 
considerations in one place, and it might be useful *input* to working 
groups that want to draft their own requirements and protocols.

>
> I think this document would greatly benefit from a cleaner separation of what happens at the encap, versus what is expected, required, or considered from the underlay (transport, network, tunnel, etc). This is particularly exacerbated in the ECMP and MTU sections, but present in others as well.
>
> Take for example ECMP — the BIER header has an Entropy field. Different encaps can provide Entropy fields to be used as a source for entropy, either at the encap (e.g., service) layer or by an underlay. One example is L2TPv3 session id and GRE Key (as per RFC 5640). However, the ECMP sections focus on IP and IP/UDP methods, which frankly are applicable generally and not only to these “Encapsulations”.
Note that the BIER entropy has nothing to do with the "transport" 
entropy; we tried to capture that in the document to avoid confusion.
The BIER entropy is how BIER selects paths. In theory there can be an 
MPLS entropy label in addition for the "transport" entropy.

We've tried to specify how the "transport" entropy fits in, and how that 
relates to using IP/UDP and MPLS transports.
That seems to result useful information in the draft, because when we 
started off the Design Team it wasn't clear to (at least us) how those 
things relate; whether one should have a single entropy field even with 
nested encaps etc.
If there are specific text in the considerations that you find unclear 
or incorrect, then please point them out so we can collectively improve 
the document.

And FWIW that is an ask from Alia and others that the WG add more 
information about MPLS to the document.


What are your specific concerns about the MTU considerations?
AFAICT any device along the path which adds (or grows) a header in a 
packet needs to be concerned about the MTU implications.

>
> And I believe some of these potential disconnects go back to the high-level concern #1, lack of definition/scope of what is an encap (and what is not).
>
> Just to be clear, I am all for inter-layer cooperation and requirement realization. However, if the goal is to understand encapsulation common requirements, then a more clean separation of the encapsulation headers versus a specific transport of said encapsulations will make it easier to understand if those requirements belong in an encap or in an underlay.

FWIW my take is that if the folks working on different encapsulations in 
different WGs consider what it in this document, then we can avoid 
endless discussions of where to draw lines in the sand by working on 
strict definitions.

>
> A smaller one: this document is titled "Encapsulation Considerations” (without any qualifiers), but the abstract narrowscopes it to a specific encaps.
Which encaps? The document focuses on three that are currently under 
development in the IETF. (Perhaps your definitions of "encaps" is what 
the document calls "transport", which would make our discussion rather 
confusing?)
>
>
> Some more specific comments, prefaced with “CMP":
>
> 2.  Overview
> …
>     o  SFC carries service meta-data which might be modified or
>        unmodified as the packets follow the service path.  SFC talks of
>        some loop avoidance mechanism which is likely to result in
>        modifications for for each hop in the service chain even if the
>        meta-data is unmodified.
>
> CMP: This is not complete (incorrect by omission). The SFC Encap is responsible first for Serfice Function Path Identification, and second, for Metadata. See Section 1.3 and 4.1 of https://tools.ietf.org/html/draft-ietf-sfc-architecture-09.
I'll reword it to include the Serfice Function Path Identification part.
>
>     o  SFC is all about carrying service meta-data along a path, and
>        different services might need different types and amount of meta-
>        data.
>
> CMP: It is true that metadata requires extensibility. However the SFC Encap is all about path identification *and* carrying metadata.
> CMP: Also, SFC’s extensibility has to do with OAM and graphs as well.
Ditto.

> CMP: By the way, encaps need to strike a balance between flexibility and performance. This point could be made more explicitly.

Suggestions how and where to do that and not make it sound like 
motherhood and apple pie?
What would you say to make a reader learn something they might not have 
already known about that tradeoff?


>
>     Most of the issues discussed in this document are not new.  The IETF
>     and industry as specified and deployed many different encapsulation
>     or tunneling protocols over time, ranging from simple IP-in-IP and
>     GRE encapsulation, IPsec, pseudo-wires, session-based approached like
>     L2TP, and the use of MPLS control and data planes.  IEEE 802 has also
>     defined layered encapsulation for Provider Backbone Bridges (PBB) and
>     IEEE 802.1Qbp (ECMP).  This document tries to leverage what we
>     collectively have learned from that experience and summarize what
>     would be relevant for new encapsulations like NVO3, SFC, and BIER.
>
> CMP: I think it would be much clearer here to specify terms around what is encap, transport, etc. L2TPv3 for example can run over IPv6 directly, over IP/UDP, etc. Those cases have key differences although the actual L2TPv3 header does not change.

One criteria that I found useful in thinking about that to include and 
exclude from the document was whether there is something non-obvious, or 
something known in one part of the IETF but not known in other parts, 
where sharing that knowledge would result in the IETF producing better 
protocols. If you think strict definitions of encap vs. transport would 
be an aid in such sharing and learning, then we should definitely get 
together (e.g., in Prague) so I can understand.

>
> 3.  Common Issues
> …
>     o  How to provide entropy for Equal Cost MultiPath (ECMP) routing
>
> CMP: And LAGs?
LAG isn't something we tend to standardize in the IETF.
One could add a note saying "Note that the same entropy might also be 
used at layer 2 e.g. for Link Aggregration (LAG)". But that belongs on 
the text and not in the

>
>     o  OAM - what support is needed in an encapsulation format?
>
> CMP: OAM in what context? fault management, performance management, all?

The question is broad, hence "all".
>
> CMP: Also, this section seems to lack an issue of “adaptation” of the payload.

Please explain further.

>
> 4.  Scope
>
>     o  Focus on the class of encapsulations that would run over IP/UDP.
>        That was done to avoid being distracted by the data-plane and
>        control-plane interaction, which is more significant for protocols
>        that are designed to run over "transports" that maintain session
>        or path state.
>
> CMP: I am not sure if the relationship between running over “transports” (which transports?) and control-plane - data-plane complexity is clear — it is not clear to me at least.
This was the scope that the design team set up to improve its 
probability of delivering a useful document on time.
Hence the "scope" section presumably needs to be done as the WG works on 
this document.
>
> 7.  Entropy
>
>     In many cases the encapsulation format needs to enable ECMP in
>     unmodified routers.  Those routers might use different fields in TCP/
>     UDP packets to do ECMP without a risk of reordering a flow.
>
> CMP: Is this an encap-supported requirements, or a requirement of IP/UDP in general, whatever is transported?

I'm not sure I understand your question. When Dino defined the LISP 
header he wanted LISP packets to take advantage of ECMP in unmodified 
routers. That same desire exists for other encapsulations that have been 
and are being defined in the IETF and elsewhere.

Note that the document isn't about requirements!
>
>     the ephemeral port range) plus the outer IP addresses which seems to
>     be sufficient for entropy; using outer IPv6 headers would give the
>     option for more entropy should it be needed in the future.
>
> CMP: And the IPv6 Flow Label and RFC 6438?
The section discusses IPv6 flow label a few paragraphs later.

The design team didn't discuss RFC6438 explicitly, but it seems like the 
approach (from LISP and VXLAN) to use a random UDP source port plus 
outer IPv6 flow label is consistent with RFC 6438. But I'll at least add 
a reference to RFC6438.

>
>     There is some interaction between entropy and OAM and extensibility
>     mechanism.  It is desirable to be able to send OAM packets to follow
>     the same path as network packets.  Hence OAM packets should use the
>
> CMP: This is having the underlying assumption that “OAM” is “OAM packets” as opposed to also fields in data packets. If OAM is in the packet, it fate-shares by definition.

But it is more subtle than that. The difference of OAM frames and the 
frames they should "monitor" must not affect the ECMP calculation. The 
document (tries to) point this out. Please suggest improved text if that 
is unclear.

>
>     Architecturally the entropy and the next header field are really part
>     of enclosing delivery header.  UDP with entropy goes hand-in-hand
>     with the outer IP header.  Thus the UDP entropy is present for the
>
> CMP: This is a very important point, and this clarity in demarcation should be throughout, to understand at which layer different requirements are.
>
> 8.  Next-protocol indication
>
>     Next-protocol indications appear in three different context for
>     encapsulations.
> …
>     Secondly, the encapsulation needs to indicate the type of its
>     payload, which is in scope for the design of the encapsulation.
>
> CMP: I believe that this section should not start assuming an explicit protocol indication. A demux context can provide protocol identification, or it could be explicitly carrier (self-defining package). And perhaps that is the first consideration.
Where does it assume it is explicit? Second paragraph has existing 
examples of both explicit and implicit.
>
>     We
>     have existing protocols which use Ethernet types (such as GRE).  Here
>     each encapsulation header can potentially makes its own choices
>     between:
>     o  Reuse Ethernet types - makes it easy to carry existing L2 and L3
>        protocols including IPv6, IPv6, and Ethernet.
>
> CMP: I do not believe that the options are Ethertype, IP protocol number, or own registry only.
What are the other options? Are you suggesting an implicit 
(session-based) identification?
That would assume some form of session identification.

The document mentions that possibility and ends with "*Encapsulations 
might want to consider the tradeoffs between such more flexible versus 
more fixed approaches."*
> CMP: Nit — repeat IPv6.
Thanks.
>
>     In summary:
>     o  Would it be useful for the IETF come up with a common scheme for
>        encapsulation protocols?  If not each encapsulation can define its
>        own scheme.
>
> CMP: This seems to be a non-sequitur. Why would that be useful?
First of all, it is a question and not a statement.

I think it would make sense for the broader IETF to consider the 
cost/benefit tradeoffs.

There might be some benefits as we define X over Y, Y over X, X over W 
over Y, etc (which we seemed to have done with most existing protocols 
over the last few decades). But there would be some cost to defining 
this namespace across different active WGs.
>
> 9.  MTU and Fragmentation
>
> CMP: This is another key section that could use clarify between encap and transport.
See above.
>
>     In summary:
>     o  In some deployments an encapsulation can assume well-managed MTU
>        hence no need for fragmentation and reassembly related to the
>        encapsulation.
>     o  Even so, it makes sense for ingress to track any ICMP packet too
>        big addressed to ingress to be able to log any MTU
>        misconfigurations.
>
> CMP: This section seems to be conflating MTU with PMTUD. Cleary related, but those are different things. The area of pre-fragmentation vs. post-frag is also underspecified. See e.g., https://tools.ietf.org/html/rfc3931#section-4.1.4

I don't think it is useful to talk about PMTU because the first bullet 
is really about a common interface MTU across the whole underlay 
network. That underlay network will have lots of different paths. Hence 
to make it the text more specific I think one would need to introduce a 
notion of a some "topology MTU" accross the underlay topology. 
Introducing such a brand new concept and term doesn't seem to be 
worth-while in explaining the issue and choices.

This document has a number of considerations; I certainly don't expect 
it to specify all the details of how to handle MTU and frag/reass.

>
>
> 10.  OAM
>
>     In terms of what we have heard from the various working groups there
>     seem to be needs to:
>     o  Be able to send out-of-band OAM messages - that potentially should
>        follow the same path through the network as some flow of data
>        packets.
>
> CMP: It is not clear what are “out-of-band messages” that follow the same path as data packets…

TRILL has an example of this. Might exist elsewhere as well.
>
> CMP: Also, this section seems to imply that “OAM” is “separate OAM packets”, where there is OAM Performance Management (PM) considerations for in-band in-data-packets measurement. Those ought to be considered in the encap layer.
Oops. There is an issue with the nesting of the bullets. Should read:
    In terms of what we have heard from the various working groups there
    seem to be needs to:
    o  Be able to send out-of-band OAM messages - that potentially should
       follow the same path through the network as some flow of data
       packets.
       *  Such OAM messages should not accidentally be decapsulated and
          forwarded to the end stations.
    o  Be able to add OAM information to data packets that are
       encapsulated.  Discussions have been around:
       *  Using a bit in the OAM to synchronize sampling of counters
          between the encapsulator and decapsulator.
       *  Optional timestamps, sequence numbers, etc for more detailed
          measurements between encapsulator and decapsulator.
    o  Usable for both proactive monitoring (akin to BFD) and reactive
       checks (akin to traceroute to pin-point a failure)

Does that make it more clear?

>
>     There can be several ways to prevent OAM packets from accidentally
>     being forwarded to the end station using:
>     o  A bit in the frame (as in TRILL) indicating OAM
>     o  A next-protocol indication with a designated value for "none" or
>        "oam”.
>
> CMP: Or both! An OAM bit with an OAM proto allows for max flexibility.
With all the (hardware and software) implementations having to inspect both?
Anyhow, such details can be worked out in the WGs working on the actual 
encapsulations.

Thanks again for your comments.

I'll submit -00 with the changes I have so far.

    Erik

>
> Hope these help!
>
> — Carlos.
>
>
> _______________________________________________
> rtgwg mailing list
> rtgwg@ietf.org
> https://www.ietf.org/mailman/listinfo/rtgwg