IETF Logo Mail Archive

Re: [sfc] IBN Path Configuration solution for draft-dolson-sfc-hierarchical-05

DIEGO LOPEZ GARCIA <diego.r.lopez@telefonica.com> Sat, 18 June 2016 12:56 UTC

Return-Path: <diego.r.lopez@telefonica.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E21D312D0CA for <sfc@ietfa.amsl.com>; Sat, 18 Jun 2016 05:56:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.026
X-Spam-Level:
X-Spam-Status: No, score=-4.026 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MtuwBtW4Z-vS for <sfc@ietfa.amsl.com>; Sat, 18 Jun 2016 05:56:14 -0700 (PDT)
Received: from smtptc.telefonica.com (smtptc.telefonica.com [195.76.34.108]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00E3812D0F3 for <sfc@ietf.org>; Sat, 18 Jun 2016 05:56:14 -0700 (PDT)
Received: from smtptc.telefonica.com (tgtim3c04.telefonica.com [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 956E2881E9; Sat, 18 Jun 2016 14:56:11 +0200 (CEST)
Received: from ESTGVMSP111.EUROPE.telefonica.corp (unknown [10.92.4.9]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client CN "ESTGVMSP111", Issuer "ESTGVMSP111" (not verified)) by smtptc.telefonica.com (Postfix) with ESMTPS id 7C598881DE; Sat, 18 Jun 2016 14:56:11 +0200 (CEST)
Received: from emea01-db3-obe.outbound.protection.outlook.com (10.92.5.139) by tls.telefonica.com (10.92.6.54) with Microsoft SMTP Server (TLS) id 14.3.266.1; Sat, 18 Jun 2016 14:56:10 +0200
Received: from DB4PR06MB0624.eurprd06.prod.outlook.com (10.161.13.142) by DB4PR06MB0622.eurprd06.prod.outlook.com (10.161.13.140) with Microsoft SMTP Server (TLS) id 15.1.517.2; Sat, 18 Jun 2016 12:55:11 +0000
Received: from DB4PR06MB0624.eurprd06.prod.outlook.com ([10.161.13.142]) by DB4PR06MB0624.eurprd06.prod.outlook.com ([10.161.13.142]) with mapi id 15.01.0511.017; Sat, 18 Jun 2016 12:55:11 +0000
From: DIEGO LOPEZ GARCIA <diego.r.lopez@telefonica.com>
To: Dave Dolson <ddolson@sandvine.com>
Thread-Topic: [sfc] IBN Path Configuration solution for draft-dolson-sfc-hierarchical-05
Thread-Index: AQHRw4+4AcOmVNasS0K5NgFlHY5aJZ/pBRQQgAY1FwA=
Date: Sat, 18 Jun 2016 12:55:09 +0000
Message-ID: <399F8E53-ADAD-49AD-94CF-214CA236F786@telefonica.com>
References: <e6376b08-505d-b279-3067-bb92bb858302@dcn.ssu.ac.kr> <E8355113905631478EFF04F5AA706E9830FB1EEE@wtl-exchp-2.sandvine.com>
In-Reply-To: <E8355113905631478EFF04F5AA706E9830FB1EEE@wtl-exchp-2.sandvine.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=diego.r.lopez@telefonica.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [82.203.205.227]
x-ms-office365-filtering-correlation-id: a49ee035-1fea-4d92-edda-08d39777c8e3
x-microsoft-exchange-diagnostics: 1; DB4PR06MB0622; 6:r3LCXRXPqOxL2UZofM6WI1sUTHcpDBlkNu0xpEIM6iTbLioIP7OiqxJ3dCNfze/n9T77Ai1m+Qd7RvEUzCe7+JDG0KZ1ibDrELma9vPOYYXX2M6YSdglpCpZeFU19BRPFp81jXU0QRtnTJh4TWEMjJCucUCoA2Wz/Kb5TVZRGYGBayOmlqykU5tpFms0r2ITxDlUthdiNgSdflLphPNNJcrkOor1YvPcRzdCjWM/rmVeND0Hfmui/0OOLG1PJ575xez1a4z5nrVu3m2JkenyaM6Tv3HRFrb2eov6DwTuACc=; 5:/JQZZKJG/btn6v/lVrIJ8TJEtx+tKWiRcVZGy2aCQY2+hnc05Ms6vHRvP5kHwsLxQY3qkL8DT6abHUhZ/2kanTUoiFISYl2mbITB2SAwRHDA0Ee2QaB+PDY4tPdk9Xu4C4h6FFU2gLM0sf5yLxC6kg==; 24:bUHeFpIv+p2mLHaYHLSjA0EiN14fNa0ftsGKxhyf3p1reHElH108iKH3niD70pJZWQL48pj7X/gr0R4pWWb1nj7RYav4ii1hOD6XwNtc1GU=; 7:esoSdVK45Nt3yBypJ83maXKTBRRxcUZ99ptrbrDKSgdxNNSdK2WaHBJ2sS6I0o51fGkMfJjJ6QzgbcBa5q90ofJOPcxExOldf/0AhmAXTJHT8ILZovHP0yoQClHuLrykHGvSKdq6B96n9NUl2CYIuXvFKtQaVlnzBiQToZWBrlbUPbhOyBZvlHoObrxepqcsUbZqchNgJwJiWPSmz3RkKQ==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB4PR06MB0622;
x-microsoft-antispam-prvs: <DB4PR06MB0622C86F8E67947F2A9DCBD3DF280@DB4PR06MB0622.eurprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(40392960112811)(192374486261705)(202971688547567);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046); SRVR:DB4PR06MB0622; BCL:0; PCL:0; RULEID:; SRVR:DB4PR06MB0622;
x-forefront-prvs: 09778E995A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(24454002)(377454003)(45984002)(189002)(199003)(252514010)(10400500002)(50986999)(54356999)(76176999)(87936001)(7906002)(2906002)(19580395003)(7846002)(5004730100002)(101416001)(19580405001)(81156014)(8676002)(92566002)(4326007)(81166006)(230783001)(8936002)(3846002)(6116002)(586003)(97736004)(110136002)(102836003)(3280700002)(36756003)(19617315012)(33656002)(106356001)(16236675004)(68736007)(66066001)(11100500001)(105586002)(106116001)(189998001)(83716003)(77096005)(2900100001)(3660700001)(2950100001)(122556002)(15975445007)(86362001)(82746002)(18206015028)(5002640100001)(7099028)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:DB4PR06MB0622; H:DB4PR06MB0624.eurprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; CAT:NONE; LANG:en; CAT:NONE;
received-spf: None (protection.outlook.com: telefonica.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_399F8E53ADAD49AD94CF214CA236F786telefonicacom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jun 2016 12:55:09.7009 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9744600e-3e04-492e-baa1-25ec245c6f10
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4PR06MB0622
X-OriginatorOrg: telefonica.com
X-TM-AS-GCONF: 00
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/4tbmQJ4ZYreXYa4jhTgKSZebe6s>
Cc: "sfc@ietf.org" <sfc@ietf.org>, Victor Vu <vuva@dcn.ssu.ac.kr>
Subject: Re: [sfc] IBN Path Configuration solution for draft-dolson-sfc-hierarchical-05
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jun 2016 12:56:17 -0000

Hi,

The only possible objection someone could come with is the fact that we are limiting a possible hierarchy recursion to three layers (a fourth one could not use any metadata slots) But I would not say that is something I feel very much concerned about (hence the impersonal “someone” rather than a personal “I”)

Be goode,

On 14 Jun 2016, at 16:18 , Dave Dolson <ddolson@sandvine.com<mailto:ddolson@sandvine.com>> wrote:

Victor,

Yes, I agree this is a good idea. I intend to add it to the list of alternatives in the draft.
I think it is probably the best of the stateful ideas.
I think to the list of benefits we can also add:
- has potential for security advantages in that it may be harder for a sub-domain SF to attack upper-level paths because the upper-level path is obscured by the flow ID, and the flow ID can be validated as it returns.

I intend to update the draft soon including some changes from the other authors.
If anyone on the list has other feed-back, please let me know.

-Dave
P.S. Victor, it doesn’t appear that your request made it to the list. Hopefully this reply does.



From: Victor Vu [mailto:vuva@dcn.ssu.ac.kr]
Sent: Friday, June 10, 2016 11:16 PM
To: sfc@ietf.org<mailto:sfc@ietf.org>; Dave Dolson
Subject: [sfc] IBN Path Configuration solution for draft-dolson-sfc-hierarchical-05


Hi,

In draft-dolson-sfc-hierarchical-05, there have been 4 method for restoring upper-level SF path when packets exit lower-level domain, each of them has its disadvantage:

1.  Saving SPI and SI in transport-layer flow state => could not work with SFs wich can change 5-tuple (NAT for example)

2.  Pushing SPI and SI into metadata => MD-type 1 has only 4 metadata slots

3.  Using unique lower-level paths per upper-level path coordinates => too many service paths in lower-level domain

4.  Nesting NSH headers, encapsulating the higher-level NSH headers within the lower-level NSH headers => require SFs in the lower-level domain to be able to parse multiple layers of NSH

Therefore, I would like to propose the Flow-stateful/metadata hybrid solution. The basic idea is to make IBN save top-domain flow information (flow-stateful IBN), and assign each flow an “h-sfc flow ID” mapped to its info and store in 1 Mandatory context header. When packet exit sub-domain, get upper-domain’s info back by the h-sfc flow ID and restore it at the service last hop.

In this way:

  *   Upper domain metadata is preserved, and sub-domains can change it just like a SFs does
  *   Does NOT depend on 5-tuple => work well with NAT
  *   Does NOT require all domains have a same metadata scheme
  *   Scalable: could restore any top-domain information, not just service path
  *   Top domain could use full 4 metadata slots, while sub-domains can use up to 3
  *   Does not require any special functionalities from SFs
  *   ID can be used to differentiate H-SFC and non-H-SFC flows

I would like to listen to your opinions.
Thank you very much.

Best regards,


--

--------------------------------------------------------------

Vu Anh Vu (Victor Vu)

DCN Laboratory - School of Electronic Engineering - Soongsil University

Email: vuva@dcn.ssu.ac.kr<mailto:vuva@dcn.ssu.ac.kr> / vuvabk@gmail.com<mailto:vuvabk@gmail.com>

Phone: (+82)-2-820-0841

Mobile: (+82)-10-9763-0103

Address: 369 Sangdo-ro, Dongjak-gu (06978), Seoul, Korea


[https://ipmcdn.avast.com/images/2016/icons/icon-envelope-tick-round-orange_184x116-v1.png]<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=oa-2322-b>

Virus-free<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=oa-2322-b>


_______________________________________________
sfc mailing list
sfc@ietf.org<mailto:sfc@ietf.org>
https://www.ietf.org/mailman/listinfo/sfc

--
"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez
Telefonica I+D
http://people.tid.es/diego.lopez/

e-mail: diego.r.lopez@telefonica.com
Tel:    +34 913 129 041
Mobile: +34 682 051 091
----------------------------------


________________________________

Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição

v2.23.0 | Report a Bug | By Email