IETF Logo Mail Archive

Re: [sfc] Proposal for congestion control in draft-farrel-sfc-convent

"Carlos Pignataro (cpignata)" <cpignata@cisco.com> Fri, 16 February 2018 13:48 UTC

Return-Path: <cpignata@cisco.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D2E61273B1 for <sfc@ietfa.amsl.com>; Fri, 16 Feb 2018 05:48:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.531
X-Spam-Level:
X-Spam-Status: No, score=-14.531 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dai9rTEcVD5O for <sfc@ietfa.amsl.com>; Fri, 16 Feb 2018 05:48:43 -0800 (PST)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF113127023 for <sfc@ietf.org>; Fri, 16 Feb 2018 05:48:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7440; q=dns/txt; s=iport; t=1518788922; x=1519998522; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=tA4CYxlVpubLVmyxLocV3jJRTTdJMeN6uE3rBqJT2FE=; b=Xm+ARWeW/GxNvjXBMsX7or7ZdZzCbC5efDzTNCVAT25va6RHmbf34kiJ bOtXDZ7I+dlbElOD0aRSEg0PXKwl/ilMtPVqTPZiSlKqp/XPBYY8rd0kL CsH4JcQU8kYkzL+Xp36zrtd/nqQFilnetMNiIcqYAuA3QcgAJWGcTmGm3 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0A2AQDc34Za/4kNJK1cGQEBAQEBAQEBAQEBAQcBAQEBAYNPZnAoCoNKiiWOAoICgReWSYIWChgLhRgCGoIsVBgBAgEBAQEBAQJrKIUjAQEBAQIBAQEhETMHCwULAgEIDgoCAiYCAgIlCxUQAQEEDgWKGQgQrWeCJ4h7ghMBAQEBAQEBAQEBAQEBAQEBAQEBAQEYBYEPg3WCKIFXghGDBYMwAQGBShoNgxcxgjQFmXc1igkJApYIDoIShiqLfpdyAhEZAYE7AR85gVFwFToqAYIYhHZ4izICJYENgRkBAQE
X-IronPort-AV: E=Sophos;i="5.46,519,1511827200"; d="scan'208";a="349868289"
Received: from alln-core-4.cisco.com ([173.36.13.137]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Feb 2018 13:48:41 +0000
Received: from XCH-RTP-018.cisco.com (xch-rtp-018.cisco.com [64.101.220.158]) by alln-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id w1GDmfSO005231 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 16 Feb 2018 13:48:41 GMT
Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-018.cisco.com (64.101.220.158) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Fri, 16 Feb 2018 08:48:40 -0500
Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Fri, 16 Feb 2018 08:48:40 -0500
From: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
To: Adrian Farrel <afarrel@juniper.net>
CC: "ietf@kuehlewind.net" <ietf@kuehlewind.net>, "mls.ietf@gmail.com" <mls.ietf@gmail.com>, "sfc@ietf.org" <sfc@ietf.org>
Thread-Topic: [sfc] Proposal for congestion control in draft-farrel-sfc-convent
Thread-Index: AdOkUWieWeFX83LaRmCLcmak7P8lwgDBVocA
Date: Fri, 16 Feb 2018 13:48:40 +0000
Message-ID: <ED75774E-F3DC-456D-96DA-2009F9275B35@cisco.com>
References: <BLUPR05MB370BC7BDC9E741CC09ABD47BBF70@BLUPR05MB370.namprd05.prod.outlook.com>
In-Reply-To: <BLUPR05MB370BC7BDC9E741CC09ABD47BBF70@BLUPR05MB370.namprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.150.6.116]
Content-Type: text/plain; charset="utf-8"
Content-ID: <9B0B5C5AE6C87D42917B5EF8431D5241@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/3hf1Ez_tmJHW4rcdvzhXgLKvLPc>
Subject: Re: [sfc] Proposal for congestion control in draft-farrel-sfc-convent
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Feb 2018 13:48:45 -0000

Hi, Adrian,

Thank you for producing this text and actively addressing all comments and review input on this document! Many thanks also because “soon” was very soon indeed!

Some of this text, however, seems pretty heavy-handed. Please find some comments inline.

—
Carlos Pignataro, carlos@cisco.com

> On Feb 12, 2018, at 5:33 PM, Adrian Farrel <afarrel@juniper.net> wrote:
> 
> Hi Mirja and Martin,
>  
> Here is a proposal to address Mirja’s Discuss. It is a new top-level section.
>  
> It is for discussion, so please tell me what it is missing and how we should work on it.
>  
> It makes sense (to me) for the WG to comment about this as well.
>  
> Thanks,
> Adrian
>  
> ====
> 6. Management and Congestion Control Considerations
>  
> The mechanisms described in this document allow SFC-aware nodes in an SFC network to generate additional packets.  While these packets are in the nature of in-band control packets

Are these “control” packets? These are packets with a specific characteristic (not with a specific function), and according to the Abstract, “this document illustrates some of the functions that may be achieved”. It does not say “These are control packets …"

> and not intended to be sent frequently for any flow

Might be useful to define flow (by way of a pointer at least), since it’s not used in RFC 8300.

> , there is still a risk that they might flood the network.

Flood the whole network?

> For example, if an attempt is made to use this mechanism for “per-packet metadata” (Section 5.6) then this might double the number of packets in the network. Similarly, if this mechanism is used for a form of aliveness detection OAM that requires very frequent test messages, then the number of additional messages may be very high. Such additional messages risk causing congestion in the network. 
>  
> The underlay network (that is the tunnels across the underlay between SFC nodes) will not

:s/will/may/g ?

> distinguish between data-carrying packets and those packets with next protocol set to none. All packets will be treated the same and will need to fall within the capabilities of the underlay network to process and forward packets.

:s/will/may/g ?

>  
> Nodes in the SFC overlay network will need to perform special processing on the additional packets according to their roles and according to the application for the metadata. For example, an SFF will likely only have to forward per-SFC metadata, while an SF

per-SFP instead of per-SFC?

>  will need to extract it and process it as it would if the metadata was carried in a packet with user data. On the other hand, metadata might also be used to cause actions at all nodes (see Sections 5.3, 5.4 and 5.5) and could increase the processing load.
>  
> In view of these potential issues, all implementations SHOULD implement rate limits on the generation of SFC packets with next protocol set to none. Furthermore, these rate limits SHOULD be configurable and applied per SFC and per application so that one application on one SFC does not encumber a different application on a different SFC.

I think “per-SFC” means “per-SFP”  throughout above. However, what is the mapping of applications? Not all nodes may have per-application visibility (or knowledge). 

> When an implementation finds that it is unable to generate or send a packet it SHOULD increment a counter that is accessible by the operator, and MAY raise an alert (although such alerts SHOULD, themselves, be rate limited).
>  

From an operational standpoint what are the defaults for these proposed configuration knobs?

Another important consideration: if the protocol-none packet is for a specific function, what are the implications to that application or function leveraging this mechanism? For example, if, as mentioned above, this is used for OAM, rate-liming without visibility to the OAM rate limiting or function can result in actually more congestion with false-negatives, oscillations, instability, etc.

I strongly recommend some per-use implications, and a SHOULD understand implications before blindly rate-limiting.

> Additionally, an SFC node needs to protect itself against another node in the network not applying suitable rate limits. Therefore, implementations SHOULD apply incoming rate limits for SFC packets with next protocol set to none.

This places an interesting requirement: it does not allow for incremental deployment. Not only protocol-none feature generating nodes need to be upgraded, but every node at once.

> Such rate limits SHOULD be application-aware, per SFC or interface,

This granularity seems beyond what might be possible. Per-SFC should be per-SFP. Not always there’s app-awareness. What’s an interface in this context?

> and SHOULD be configurable, but implementations MAY be more subtle if they are aware of internal processing loads and have access to queues/buffers. In any case, when an implementation drops a received packed because of these rate limits it SHOULD increment a counter that is accessible by the operator, and MAY raise an alert (although such alerts SHOULD, themselves, be rate limited).
> ====
>  


Thanks again, Adrian!

Carlos.

>  
>  
> _______________________________________________
> sfc mailing list
> sfc@ietf.org
> https://www.ietf.org/mailman/listinfo/sfc

v2.23.0 | Report a Bug | By Email