Re: [sfc] IBN Path Configuration solution for draft-dolson-sfc-hierarchical-05
VictorVu <minowar91@gmail.com> Sat, 18 June 2016 16:09 UTC
Return-Path: <minowar91@gmail.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06E3612D674 for <sfc@ietfa.amsl.com>; Sat, 18 Jun 2016 09:09:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.429
X-Spam-Level:
X-Spam-Status: No, score=-2.429 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0w7GRGvIbneE for <sfc@ietfa.amsl.com>; Sat, 18 Jun 2016 09:09:33 -0700 (PDT)
Received: from mail-pa0-x232.google.com (mail-pa0-x232.google.com [IPv6:2607:f8b0:400e:c03::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5FEF412D5D8 for <sfc@ietf.org>; Sat, 18 Jun 2016 09:09:33 -0700 (PDT)
Received: by mail-pa0-x232.google.com with SMTP id bz2so37396204pad.1 for <sfc@ietf.org>; Sat, 18 Jun 2016 09:09:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to; bh=q3dSb6Jvy9+p0riA3lhcg21nqEsnu5WB0WMm2rPYS9w=; b=tVMLp+RE6T4y1xJ/tG5B1SnXllImZw50zT1+SvM6fKFnNezfgKWrq9yntRxcuObU3r LwCtneRNstI+JYY8YPEOU9/UYxV0+/F296foFCJDrS0QoIIIkHeScB3IQ3FQw/6SrFL/ Q5rw0rBXMB7Kt1pWe8UiYxX5wCxhtuzoHKRGFPCfVVN0cAR1mx+bj6yO14bmZkTMbEMA VkWD/VHDbpJOJkvVTbab+4CUc4QzXR1GYuK6pDFt//s23VzeKh0qusAtn/Qo/bmR7NCI q1kkHHimdwrP6DG/UpWgTbQdrr74QLWBxpdym4hk3Lw2f2vqm6HrBVUOZZVDkF3ywDfF oZrw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to; bh=q3dSb6Jvy9+p0riA3lhcg21nqEsnu5WB0WMm2rPYS9w=; b=mSMVv83UwEsNVG+mQQeRRPG+TX9bJnZHISe43n+DUAuziEojG0gpafkhwBqsDo9i9M p1WCkMZT6CkG1ZGL87fQrHOOpZ5KDsbLEZqJSl5fJMDAw5BDe6nH8ueOOQtg6K18U03L TQB/jHm9wxiX0ZiGDmQ1hTfJ2D5VD4tIvGw1b1/e8OgZg241IhO8KhsuFiawj1QKnVuN /7IaGpJRkO4/oBP730IUkUrkhQ0glmeDPplTtWAFXPI/mwNLlLtsvq6V0YrpH5iC558Y RgPOh2odY6EcC9NBw9CbkNYZ/iuq3YWC3WHmB8wTPHFgvetoURtzaqYJIC26czYvDMWe C/og==
X-Gm-Message-State: ALyK8tJf+ax4gFHPbHqgdMPItLZ/QKnRWXePG6qT/ARfGTOguSGNu6nGRhnhoSXrlG6vVA==
X-Received: by 10.66.75.72 with SMTP id a8mr9272778paw.99.1466266172566; Sat, 18 Jun 2016 09:09:32 -0700 (PDT)
Received: from [127.0.0.1] ([39.115.19.131]) by smtp.googlemail.com with ESMTPSA id p1sm76604989paz.8.2016.06.18.09.09.30 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 18 Jun 2016 09:09:31 -0700 (PDT)
To: DIEGO LOPEZ GARCIA <diego.r.lopez@telefonica.com>
References: <e6376b08-505d-b279-3067-bb92bb858302@dcn.ssu.ac.kr> <E8355113905631478EFF04F5AA706E9830FB1EEE@wtl-exchp-2.sandvine.com> <399F8E53-ADAD-49AD-94CF-214CA236F786@telefonica.com>
From: VictorVu <minowar91@gmail.com>
Message-ID: <d5d16390-fd1d-7ba7-2ebc-9c202dc8c9cc@gmail.com>
Date: Sun, 19 Jun 2016 01:09:34 +0900
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <399F8E53-ADAD-49AD-94CF-214CA236F786@telefonica.com>
Content-Type: multipart/alternative; boundary="------------F206944783059F1A6BEC407C"
X-Antivirus: avast! (VPS 160618-1, 06/18/2016), Outbound message
X-Antivirus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/4vjnRTrHsPLF8Ga_Nj0DQZV2jf0>
Cc: "sfc@ietf.org" <sfc@ietf.org>
Subject: Re: [sfc] IBN Path Configuration solution for draft-dolson-sfc-hierarchical-05
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jun 2016 16:09:36 -0000
Hi, Actually, it only requires 1 metadata slot for as many layers as you want. Lower-level IBNs simply save upper-level hSFC flow ID in metadata and overwrite it. Flow-stateful IBNs can even save all upper-level metadata and recover later, so lower-level domains at any layer are free to use 3 metadata slots. Regards, On 6/18/16 9:55 PM, DIEGO LOPEZ GARCIA wrote: > Hi, > > The only possible objection someone could come with is the fact that > we are limiting a possible hierarchy recursion to three layers (a > fourth one could not use any metadata slots) But I would not say that > is something I feel very much concerned about (hence the impersonal > “someone” rather than a personal “I”) > > Be goode, > >> On 14 Jun 2016, at 16:18 , Dave Dolson <ddolson@sandvine.com >> <mailto:ddolson@sandvine.com>> wrote: >> >> Victor, >> Yes, I agree this is a good idea. I intend to add it to the list of >> alternatives in the draft. >> I think it is probably the best of the stateful ideas. >> I think to the list of benefits we can also add: >> - has potential for security advantages in that it may be harder for >> a sub-domain SF to attack upper-level paths because the upper-level >> path is obscured by the flow ID, and the flow ID can be validated as >> it returns. >> I intend to update the draft soon including some changes from the >> other authors. >> If anyone on the list has other feed-back, please let me know. >> -Dave >> P.S. Victor, it doesn’t appear that your request made it to the list. >> Hopefully this reply does. >> *From:*Victor Vu [mailto:vuva@dcn.ssu.ac.kr] >> *Sent:*Friday, June 10, 2016 11:16 PM >> *To:*sfc@ietf.org <mailto:sfc@ietf.org>; Dave Dolson >> *Subject:*[sfc] IBN Path Configuration solution for >> draft-dolson-sfc-hierarchical-05 >> >> Hi, >> >> In draft-dolson-sfc-hierarchical-05, there have been 4 method for >> restoring upper-level SF path when packets exit lower-level domain, >> each of them has its disadvantage: >> >> 1. Saving SPI and SI in transport-layer flow state => could not work >> with SFs wich can change 5-tuple (NAT for example) >> >> 2. Pushing SPI and SI into metadata => MD-type 1 has only 4 metadata >> slots >> >> 3. Using unique lower-level paths per upper-level path coordinates >> => too many service paths in lower-level domain >> >> 4. Nesting NSH headers, encapsulating the higher-level NSH headers >> within the lower-level NSH headers => require SFs in the lower-level >> domain to be able to parse multiple layers of NSH >> >> Therefore, I would like to propose the Flow-stateful/metadata hybrid >> solution. The basic idea is to make IBN save top-domain flow >> information (flow-stateful IBN), and assign each flow an “h-sfc flow >> ID” mapped to its info and store in 1 Mandatory context header. When >> packet exit sub-domain, get upper-domain’s info back by the h-sfc >> flow ID and restore it at the service last hop. >> >> In this way: >> >> * Upper domain metadata is preserved, and sub-domains can change it >> just like a SFs does >> * Does NOT depend on 5-tuple => work well with NAT >> * Does NOT require all domains have a same metadata scheme >> * Scalable: could restore any top-domain information, not just >> service path >> * Top domain could use full 4 metadata slots, while sub-domains can >> use up to 3 >> * Does not require any special functionalities from SFs >> * ID can be used to differentiate H-SFC and non-H-SFC flows >> >> I would like to listen to your opinions. >> Thank you very much. >> >> Best regards, >> >> -- >> -------------------------------------------------------------- >> Vu Anh Vu (Victor Vu) >> DCN Laboratory - School of Electronic Engineering - Soongsil University >> Email:vuva@dcn.ssu.ac.kr <mailto:vuva@dcn.ssu.ac.kr> /vuvabk@gmail.com <mailto:vuvabk@gmail.com> >> Phone: (+82)-2-820-0841 >> Mobile: (+82)-10-9763-0103 >> Address: 369 Sangdo-ro, Dongjak-gu (06978), Seoul, Korea >> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=oa-2322-b> >> >> Virus-free >> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=oa-2322-b> >> >> _______________________________________________ >> sfc mailing list >> sfc@ietf.org <mailto:sfc@ietf.org> >> https://www.ietf.org/mailman/listinfo/sfc > > -- > "Esta vez no fallaremos, Doctor Infierno" > > Dr Diego R. Lopez > Telefonica I+D > http://people.tid.es/diego.lopez/ > > e-mail: diego.r.lopez@telefonica.com > Tel: +34 913 129 041 > Mobile: +34 682 051 091 > ---------------------------------- > > > ------------------------------------------------------------------------ > > Este mensaje y sus adjuntos se dirigen exclusivamente a su > destinatario, puede contener información privilegiada o confidencial y > es para uso exclusivo de la persona o entidad de destino. Si no es > usted. el destinatario indicado, queda notificado de que la lectura, > utilización, divulgación y/o copia sin autorización puede estar > prohibida en virtud de la legislación vigente. Si ha recibido este > mensaje por error, le rogamos que nos lo comunique inmediatamente por > esta misma vía y proceda a su destrucción. > > The information contained in this transmission is privileged and > confidential information intended only for the use of the individual > or entity named above. If the reader of this message is not the > intended recipient, you are hereby notified that any dissemination, > distribution or copying of this communication is strictly prohibited. > If you have received this transmission in error, do not read it. > Please immediately reply to the sender that you have received this > communication in error and then delete it. > > Esta mensagem e seus anexos se dirigem exclusivamente ao seu > destinatário, pode conter informação privilegiada ou confidencial e é > para uso exclusivo da pessoa ou entidade de destino. Se não é vossa > senhoria o destinatário indicado, fica notificado de que a leitura, > utilização, divulgação e/ou cópia sem autorização pode estar proibida > em virtude da legislação vigente. Se recebeu esta mensagem por erro, > rogamos-lhe que nos o comunique imediatamente por esta mesma via e > proceda a sua destruição --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
- Re: [sfc] IBN Path Configuration solution for dra… Dave Dolson
- Re: [sfc] IBN Path Configuration solution for dra… DIEGO LOPEZ GARCIA
- Re: [sfc] IBN Path Configuration solution for dra… VictorVu
- Re: [sfc] IBN Path Configuration solution for dra… DIEGO LOPEZ GARCIA
- Re: [sfc] IBN Path Configuration solution for dra… Dave Dolson
- Re: [sfc] IBN Path Configuration solution for dra… Joel M. Halpern
- Re: [sfc] IBN Path Configuration solution for dra… VictorVu
- Re: [sfc] IBN Path Configuration solution for dra… Joel M. Halpern
- Re: [sfc] IBN Path Configuration solution for dra… VictorVu
- Re: [sfc] IBN Path Configuration solution for dra… Dave Dolson