IETF Logo Mail Archive

Re: [sfc] Additional AD review comments on draft-ietf-sfc-nsh-20

Alia Atlas <akatlas@gmail.com> Fri, 22 September 2017 20:25 UTC

Return-Path: <akatlas@gmail.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD35A1323B8; Fri, 22 Sep 2017 13:25:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oFzUNxfcy-SV; Fri, 22 Sep 2017 13:25:30 -0700 (PDT)
Received: from mail-wr0-x22d.google.com (mail-wr0-x22d.google.com [IPv6:2a00:1450:400c:c0c::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A965A1241F3; Fri, 22 Sep 2017 13:25:29 -0700 (PDT)
Received: by mail-wr0-x22d.google.com with SMTP id l22so1721637wrc.10; Fri, 22 Sep 2017 13:25:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=1VAXZuonXdYWNDerNvNajJ2WtzK7Z2wIKhV2qufihgo=; b=amPn7rQjN8jAKnB20M60ovjVBs280M/JPSU6KBntRLgHkqinGVw2vAobw2l35tL3Ja raQumeWmOMtzryUtF8fVtTd0bTY02xS0NQej0Zk7LsKP3NMJVwqRoK/kXEnIT4RG0nTw CAUtkpEgXZfiHOy+huTi6IRnEjkPf6HXny/faknTXH9D8ueFcJG6Zq8aGe5wnKG+LXOz rbvle2woedmapqfwM9iZe3OoWCx4gFKBn23XTjDl4i4UoQkkp7gZF7y4Jpfsx4A+XCKF qntvv3CEh0J8BiqziYHcDqYRu85wrmPGUmhKZPVXtKyn3jK7ViShvau7fCvGw46kfOR9 Y45g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=1VAXZuonXdYWNDerNvNajJ2WtzK7Z2wIKhV2qufihgo=; b=GLHlcWnDHS5kXkwG5Pn1tEWwdSHP/yoSSr27JReaPEOoGElke9KIbHnHfB/HLVrQAu YkgEBZxPjAK+qmFAcbWim2IC4O3EkDPFzRGsL4bDBNUZN0eqGzMpBb9e9apEBPxZ214V SuIkFH4taGYiQjIR64gcgZZ9qBYrk3w8EvOVNWrDhItXcMq8ySilVlGLXe7tBsLZYPz5 6LZ09yKv+sAybbgBzf+fx9X8iMmEtL4miQ5IJ1WcvU6yYyxhOERFiERiIzVpZEbu04kz oBCiA9ClfxHCueu2dUDN8H6DiZb72zas+AMcwuNFx7dcIJN1iTjl9DB07PnML5+Mhdx9 Wcig==
X-Gm-Message-State: AHPjjUgsy2f4R9aXjHQfuqHrI+BMkUnXp47j9M0BfQ/Tit4kZRH5UuW0 5q6jCm11Cyir5P05/DSN97zfht+6Zhe4ITuyeR4=
X-Google-Smtp-Source: AOwi7QC5/+7zbt9zKWJG9O8QvI+2iwwZoAhYM5sqGs/Un9l5UJPbie8Wl4EbeGqf0v0hz6lYedgvTxZBO8/sQySupKk=
X-Received: by 10.223.169.51 with SMTP id u48mr236588wrc.270.1506111927923; Fri, 22 Sep 2017 13:25:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.136.153 with HTTP; Fri, 22 Sep 2017 13:25:27 -0700 (PDT)
In-Reply-To: <29A6B17C-F815-4A03-A63C-CB265F0175A2@cisco.com>
References: <CAG4d1rdTfPAD38u++W+OysGz7W76iaZQnzea0U7EFOLE9oHh5A@mail.gmail.com> <29A6B17C-F815-4A03-A63C-CB265F0175A2@cisco.com>
From: Alia Atlas <akatlas@gmail.com>
Date: Fri, 22 Sep 2017 16:25:27 -0400
Message-ID: <CAG4d1rfh5XQXqBjsUWkrGudSGCnaBAaaS1dO+GcfpX9Wig3f3w@mail.gmail.com>
To: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
Cc: "sfc@ietf.org" <sfc@ietf.org>, "draft-ietf-sfc-nsh@ietf.org" <draft-ietf-sfc-nsh@ietf.org>
Content-Type: multipart/alternative; boundary="f403045cf4da74b8620559cd02e9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/5jz_yZuf_5B6vfBPyxhNsLQ0wq0>
Subject: Re: [sfc] Additional AD review comments on draft-ietf-sfc-nsh-20
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Sep 2017 20:25:33 -0000

Hi Carlos,

First, thanks for the updated version -21.

The rest is inline.

On Mon, Sep 18, 2017 at 2:14 PM, Carlos Pignataro (cpignata) <
cpignata@cisco.com> wrote:

> Hi, Alia,
>
> You addressed this email to me, but I just noticed I failed to respond —
> apologies!
>
> > On Sep 7, 2017, at 3:39 PM, Alia Atlas <akatlas@gmail.com> wrote:
> >
> > Carlos,
> >
> > The draft is much improved.  Thank you for your hard work.  I still see
> the following three issues.
> >
>
> Thanks, let’s see those three, inline.
>
> >
> > 1) Sec 2.2: "The O bit MUST be set for OAM packets and MUST NOT be set
> for non-OAM
> >    packets.  The O bit MUST NOT be modified along the SFP."
> > What happens if the packet is reclassified - potentially to a different
> SFP?
> >
> > Sec 3 doesn't clarify this."When the logical classifier performs re-
> >        classification that results in a change of service path, it MUST
> >        replace the existing NSH with a new NSH with the Base Header and
> >        Service Path Header reflecting the new service path information
> >        and MUST set the initial SI.  Metadata MAY be preserved in the
> >        new NSH."
> >
>
> I do not think Sec 3 needs to clarify it. Section 2.2 already says:
>
> “O bit: […] The actual format and processing of SFC
>    OAM packets is outside the scope of this specification”
>
> So we should not attempt to specify the processing here.
>
> If you believe it helps, we can add “The value of the O bit MUST be
> preserved in the new NSH”, but that would go against S2.2’s scope.


My concern is the following example.  Say that an operator wants to do the
equivalent of a traceroute to see how a packet is put into an SFP and what
SFs it goes through (or maybe just SFFs).  Assume that is done by setting
the O bit in the first NSH and then the encapsulated packet has duplicated
contents to be guided properly.  If that packet then is reclassified, is
the O bit cleared?

I have a real hesitation here about the future interoperability of
something like traceroute,  if the behavior for the treatment of the O bit
isn't specified for (re)classifiers.  For instance, if an SF or SFF doesn't
support this new NSH-traceroute, then a hop would be skipped in the report
back - but if the (re)classifier does it wrong, then all the hops
downstream of the (re)classifier will suffer.

Do you or others have data on what current implementations are doing as
part of reclassification? My interest isn't in changing the behavior
(hopefully it is being done consistently) but in clearly documenting the
expectations.



> > It would be good to specify the behavior for the unassigned flags as
> well; that way there will be consistent assumptions for future extensions,
> if needed.
> >
>
> Since they are Unassigned, the have no behavior specified, other than
> what’s already there:
>
> “Unassigned bits MUST
>    be set to zero upon origination, and MUST be ignored and preserved
>    unmodified by other NSH supporting elements.  At reception, all
>    elements MUST NOT modify their actions based on these unknown bits.”
>
> What else is missing?


Survival through a reclassifier is what I am thinking about.
In one model, there is the ability to pass along flags with a packet from
the initial classification until the end of the SFC.
In another model, the flags only survive until the first reclassifier.
What one can do with these flags is different.
IMHO, it'd be better to clarify that unassigned flags should be copied
transparently from an old NSH to a new/updated NSH.
Then, when and if the flags are assigned meanings, that can inform and
change what classifiers that understand the flag
meaning will do.


> > 2) Sec 7.1: "For example, if the metadata conveys tenant information,
> that information may need to be authenticated and/or encrypted between the
> originator and the
> >    intended recipients (which may include intended SFs only)."
> > A reference to draft-reddy-sfc-nsh-encrypt, which defines how to encrypt
> the meta-data would be most helpful in making this sound less aspirational;
>
> Sure. It’s already cited in the Security Considerations section, but we
> can add another citation. Done in the working copy.
>
> > so would having that draft not be 2 years expired and ignored by the WG.
> >
> > 3) Sec 11.2.5: Guidance for the expert review is needed.
>
> Good point. Thanks.
>
> Here’s an attempt, please complete. I am hesitant to request discussion on
> the SFC list, do you think we should (and request in that document that the
> list is kept open)?
>
> <t>
> Expert Review requests MUST include a single code point per request.
>    Designated Experts evaluating new allocation requests from this registry
>    should consider the potential scarcity of code points for an 8-bit
> value,
>    and check both for duplications as well as availability of
> documentation.
> </t>
>

This is a good start.  I'd add that standardized protocols should have
preference and
if the range goes over 50% allocated, then IANA should alert the
responsible AD so
that a new policy can be considered.

Thanks,
Alia


> >
> > Regards,
> > Alia
>
> —
> Carlos Pignataro, carlos@cisco.com
>
> “Sometimes I use big words that I do not fully understand, to make myself
> sound more photosynthesis."
>
>

v2.23.0 | Report a Bug | By Email