IETF Logo Mail Archive

Re: [sfc] IBN Path Configuration solution for draft-dolson-sfc-hierarchical-05

VictorVu <minowar91@gmail.com> Sat, 18 June 2016 16:09 UTC

Return-Path: <minowar91@gmail.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06E3612D674 for <sfc@ietfa.amsl.com>; Sat, 18 Jun 2016 09:09:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.429
X-Spam-Level:
X-Spam-Status: No, score=-2.429 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0w7GRGvIbneE for <sfc@ietfa.amsl.com>; Sat, 18 Jun 2016 09:09:33 -0700 (PDT)
Received: from mail-pa0-x232.google.com (mail-pa0-x232.google.com [IPv6:2607:f8b0:400e:c03::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5FEF412D5D8 for <sfc@ietf.org>; Sat, 18 Jun 2016 09:09:33 -0700 (PDT)
Received: by mail-pa0-x232.google.com with SMTP id bz2so37396204pad.1 for <sfc@ietf.org>; Sat, 18 Jun 2016 09:09:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to; bh=q3dSb6Jvy9+p0riA3lhcg21nqEsnu5WB0WMm2rPYS9w=; b=tVMLp+RE6T4y1xJ/tG5B1SnXllImZw50zT1+SvM6fKFnNezfgKWrq9yntRxcuObU3r LwCtneRNstI+JYY8YPEOU9/UYxV0+/F296foFCJDrS0QoIIIkHeScB3IQ3FQw/6SrFL/ Q5rw0rBXMB7Kt1pWe8UiYxX5wCxhtuzoHKRGFPCfVVN0cAR1mx+bj6yO14bmZkTMbEMA VkWD/VHDbpJOJkvVTbab+4CUc4QzXR1GYuK6pDFt//s23VzeKh0qusAtn/Qo/bmR7NCI q1kkHHimdwrP6DG/UpWgTbQdrr74QLWBxpdym4hk3Lw2f2vqm6HrBVUOZZVDkF3ywDfF oZrw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to; bh=q3dSb6Jvy9+p0riA3lhcg21nqEsnu5WB0WMm2rPYS9w=; b=mSMVv83UwEsNVG+mQQeRRPG+TX9bJnZHISe43n+DUAuziEojG0gpafkhwBqsDo9i9M p1WCkMZT6CkG1ZGL87fQrHOOpZ5KDsbLEZqJSl5fJMDAw5BDe6nH8ueOOQtg6K18U03L TQB/jHm9wxiX0ZiGDmQ1hTfJ2D5VD4tIvGw1b1/e8OgZg241IhO8KhsuFiawj1QKnVuN /7IaGpJRkO4/oBP730IUkUrkhQ0glmeDPplTtWAFXPI/mwNLlLtsvq6V0YrpH5iC558Y RgPOh2odY6EcC9NBw9CbkNYZ/iuq3YWC3WHmB8wTPHFgvetoURtzaqYJIC26czYvDMWe C/og==
X-Gm-Message-State: ALyK8tJf+ax4gFHPbHqgdMPItLZ/QKnRWXePG6qT/ARfGTOguSGNu6nGRhnhoSXrlG6vVA==
X-Received: by 10.66.75.72 with SMTP id a8mr9272778paw.99.1466266172566; Sat, 18 Jun 2016 09:09:32 -0700 (PDT)
Received: from [127.0.0.1] ([39.115.19.131]) by smtp.googlemail.com with ESMTPSA id p1sm76604989paz.8.2016.06.18.09.09.30 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 18 Jun 2016 09:09:31 -0700 (PDT)
To: DIEGO LOPEZ GARCIA <diego.r.lopez@telefonica.com>
References: <e6376b08-505d-b279-3067-bb92bb858302@dcn.ssu.ac.kr> <E8355113905631478EFF04F5AA706E9830FB1EEE@wtl-exchp-2.sandvine.com> <399F8E53-ADAD-49AD-94CF-214CA236F786@telefonica.com>
From: VictorVu <minowar91@gmail.com>
Message-ID: <d5d16390-fd1d-7ba7-2ebc-9c202dc8c9cc@gmail.com>
Date: Sun, 19 Jun 2016 01:09:34 +0900
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <399F8E53-ADAD-49AD-94CF-214CA236F786@telefonica.com>
Content-Type: multipart/alternative; boundary="------------F206944783059F1A6BEC407C"
X-Antivirus: avast! (VPS 160618-1, 06/18/2016), Outbound message
X-Antivirus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/4vjnRTrHsPLF8Ga_Nj0DQZV2jf0>
Cc: "sfc@ietf.org" <sfc@ietf.org>
Subject: Re: [sfc] IBN Path Configuration solution for draft-dolson-sfc-hierarchical-05
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jun 2016 16:09:36 -0000

Hi,

Actually, it only requires 1 metadata slot for as many layers as you 
want. Lower-level IBNs simply save upper-level hSFC flow ID in metadata 
and overwrite it. Flow-stateful IBNs can even save all upper-level 
metadata and recover later, so lower-level domains at any layer are free 
to use 3 metadata slots.

Regards,


On 6/18/16 9:55 PM, DIEGO LOPEZ GARCIA wrote:
> Hi,
>
> The only possible objection someone could come with is the fact that 
> we are limiting a possible hierarchy recursion to three layers (a 
> fourth one could not use any metadata slots) But I would not say that 
> is something I feel very much concerned about (hence the impersonal 
> “someone” rather than a personal “I”)
>
> Be goode,
>
>> On 14 Jun 2016, at 16:18 , Dave Dolson <ddolson@sandvine.com 
>> <mailto:ddolson@sandvine.com>> wrote:
>>
>> Victor,
>> Yes, I agree this is a good idea. I intend to add it to the list of 
>> alternatives in the draft.
>> I think it is probably the best of the stateful ideas.
>> I think to the list of benefits we can also add:
>> - has potential for security advantages in that it may be harder for 
>> a sub-domain SF to attack upper-level paths because the upper-level 
>> path is obscured by the flow ID, and the flow ID can be validated as 
>> it returns.
>> I intend to update the draft soon including some changes from the 
>> other authors.
>> If anyone on the list has other feed-back, please let me know.
>> -Dave
>> P.S. Victor, it doesn’t appear that your request made it to the list. 
>> Hopefully this reply does.
>> *From:*Victor Vu [mailto:vuva@dcn.ssu.ac.kr]
>> *Sent:*Friday, June 10, 2016 11:16 PM
>> *To:*sfc@ietf.org <mailto:sfc@ietf.org>; Dave Dolson
>> *Subject:*[sfc] IBN Path Configuration solution for 
>> draft-dolson-sfc-hierarchical-05
>>
>> Hi,
>>
>> In draft-dolson-sfc-hierarchical-05, there have been 4 method for 
>> restoring upper-level SF path when packets exit lower-level domain, 
>> each of them has its disadvantage:
>>
>> 1.  Saving SPI and SI in transport-layer flow state => could not work 
>> with SFs wich can change 5-tuple (NAT for example)
>>
>> 2.  Pushing SPI and SI into metadata => MD-type 1 has only 4 metadata 
>> slots
>>
>> 3.  Using unique lower-level paths per upper-level path coordinates 
>> => too many service paths in lower-level domain
>>
>> 4.  Nesting NSH headers, encapsulating the higher-level NSH headers 
>> within the lower-level NSH headers => require SFs in the lower-level 
>> domain to be able to parse multiple layers of NSH
>>
>> Therefore, I would like to propose the Flow-stateful/metadata hybrid 
>> solution. The basic idea is to make IBN save top-domain flow 
>> information (flow-stateful IBN), and assign each flow an “h-sfc flow 
>> ID” mapped to its info and store in 1 Mandatory context header. When 
>> packet exit sub-domain, get upper-domain’s info back by the h-sfc 
>> flow ID and restore it at the service last hop.
>>
>> In this way:
>>
>>   * Upper domain metadata is preserved, and sub-domains can change it
>>     just like a SFs does
>>   * Does NOT depend on 5-tuple => work well with NAT
>>   * Does NOT require all domains have a same metadata scheme
>>   * Scalable: could restore any top-domain information, not just
>>     service path
>>   * Top domain could use full 4 metadata slots, while sub-domains can
>>     use up to 3
>>   * Does not require any special functionalities from SFs
>>   * ID can be used to differentiate H-SFC and non-H-SFC flows
>>
>> I would like to listen to your opinions.
>> Thank you very much.
>>
>> Best regards,
>>
>> -- 
>> --------------------------------------------------------------
>> Vu Anh Vu (Victor Vu)
>> DCN Laboratory - School of Electronic Engineering - Soongsil University
>> Email:vuva@dcn.ssu.ac.kr <mailto:vuva@dcn.ssu.ac.kr>  /vuvabk@gmail.com <mailto:vuvabk@gmail.com>
>> Phone: (+82)-2-820-0841
>> Mobile: (+82)-10-9763-0103
>> Address: 369 Sangdo-ro, Dongjak-gu (06978), Seoul, Korea
>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=oa-2322-b>
>> 	
>> Virus-free 
>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=oa-2322-b>
>>
>> _______________________________________________
>> sfc mailing list
>> sfc@ietf.org <mailto:sfc@ietf.org>
>> https://www.ietf.org/mailman/listinfo/sfc
>
> --
> "Esta vez no fallaremos, Doctor Infierno"
>
> Dr Diego R. Lopez
> Telefonica I+D
> http://people.tid.es/diego.lopez/
>
> e-mail: diego.r.lopez@telefonica.com
> Tel:    +34 913 129 041
> Mobile: +34 682 051 091
> ----------------------------------
>
>
> ------------------------------------------------------------------------
>
> Este mensaje y sus adjuntos se dirigen exclusivamente a su 
> destinatario, puede contener información privilegiada o confidencial y 
> es para uso exclusivo de la persona o entidad de destino. Si no es 
> usted. el destinatario indicado, queda notificado de que la lectura, 
> utilización, divulgación y/o copia sin autorización puede estar 
> prohibida en virtud de la legislación vigente. Si ha recibido este 
> mensaje por error, le rogamos que nos lo comunique inmediatamente por 
> esta misma vía y proceda a su destrucción.
>
> The information contained in this transmission is privileged and 
> confidential information intended only for the use of the individual 
> or entity named above. If the reader of this message is not the 
> intended recipient, you are hereby notified that any dissemination, 
> distribution or copying of this communication is strictly prohibited. 
> If you have received this transmission in error, do not read it. 
> Please immediately reply to the sender that you have received this 
> communication in error and then delete it.
>
> Esta mensagem e seus anexos se dirigem exclusivamente ao seu 
> destinatário, pode conter informação privilegiada ou confidencial e é 
> para uso exclusivo da pessoa ou entidade de destino. Se não é vossa 
> senhoria o destinatário indicado, fica notificado de que a leitura, 
> utilização, divulgação e/ou cópia sem autorização pode estar proibida 
> em virtude da legislação vigente. Se recebeu esta mensagem por erro, 
> rogamos-lhe que nos o comunique imediatamente por esta mesma via e 
> proceda a sua destruição


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

v2.23.0 | Report a Bug | By Email