[sfc] Benjamin Kaduk's Discuss on draft-ietf-sfc-hierarchical-09: (with DISCUSS and COMMENT)
Benjamin Kaduk <kaduk@mit.edu> Thu, 21 June 2018 01:45 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: sfc@ietf.org
Delivered-To: sfc@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A052130FA8; Wed, 20 Jun 2018 18:45:03 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benjamin Kaduk <kaduk@mit.edu>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-sfc-hierarchical@ietf.org, Behcet Sarikaya <sarikaya@ieee.org>, sfc-chairs@ietf.org, sarikaya@ieee.org, sfc@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.81.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152954550322.28624.14636040697546417914.idtracker@ietfa.amsl.com>
Date: Wed, 20 Jun 2018 18:45:03 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/5kWZ1y2qLfcG5A_XbsDHdxpz3v4>
Subject: [sfc] Benjamin Kaduk's Discuss on draft-ietf-sfc-hierarchical-09: (with DISCUSS and COMMENT)
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.26
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jun 2018 01:45:04 -0000
Benjamin Kaduk has entered the following ballot position for draft-ietf-sfc-hierarchical-09: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-sfc-hierarchical/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- This does seem like an interesting and potentially useful idea -- thanks for doing the work! However, I am not sure that the document as-is is suitable for publication. In Section 4.1.5 we hear that preserving metadata and applying metadata to injected packets is not special and is "usual" functionality, but section 4.1.2 calls out that the 4.1.2 approach requires the SFs in the path to be capable of forwarding metadata and attaching metadata to injected packets as if it is a nontrivial requirement. This apparent internal inconsistency needs to be resolved before publication. Why does Section 4.1 offer five different choices with no guidance on how to make a cost/benefit analysis amongst them? Is the full spread of five choices really necessary? Complexity breeds implementation bugs which breed security issues, so I feel that this breadth of choice needs to be justified. This also ties into some confusion I have as to the goal of this document (which currently targets Informational status), akin to what is stated in Alvaro's ballot position: is it just providing information on how to assemble existing pieces in a novel way, or presenting a new protocol specification that is not yet fit for Proposed Standard status, or is it listing out potential solutions to a problem so that they can be implemented and experience gained as to which are useful in practice and which are not? Accordingly, I would be interested to hear about what deployment experience exists already and whether this abstraction proves to be as useful as the use cases seem to promise; if there is little implementation experience, perhaps Experimental status is more appropriate. I further am uncertain as to whether the approach described in Section 4.1.3 even merits consideration at all; the technique it describes seems to have a very leaky abstraction barrier (e.g., w.r.t TTL modifications). This seems especially poignant given the already large size of candidate approaches. The approach described in Section 4.1.5 also seems to be incompletely specified, in that the hSFC Flow ID semantics are not covered at all. On my initial reading I assumed that this field's encoding and semantics were intended to be left as entirely local matters to the lower domain, avoiding a need to specify them in this document. However, I'm not sure that it's actually true, since we generally want multiple vendors to be able to interoperate, and this scheme does not appear to require that the node applying the hSFC Flow ID (and saving state) is the same node that removes it (and restores state). That is, these two nodes could potentially be implemented by different vendors. Even once the above issues are resolved, I will only be able to move to an Abstain position, since this document proposes additional usage of (meta)data in the NSH headers that is not subject to mandatory integrity protection, as was discussed at length for RFC 8300 and is mandated to be available by RFC 7665. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Section 4 To achieve the benefits of hierarchy, the IBN should be applying more granular traffic classification rules at the lower level than the traffic passed to it. This means that the number of SFPs within the lower level is greater than the number of SFPs arriving to the IBN. "more granular" and "less granular" are unfortunately ambiguous in practical usage; I suggest "fine-grained" as an alternative for this usage. Section 4.1.5 Figure 4's caption should indicate where the base NSH fixed-length context header is originally defined. Section 4.4 presents another operational choice that contributes to exponential complexity growth, and further highlights unique properties of the Section 4.1.3 approach that may render it unsuitable for inclusion. Section 7.2 Other fundamental functions required as IBN (e.g., maintaining metadata of upper level or decrementing Service Index) are same as normal usage. nit: "the same as in normal usage" Also, I think the two occurrences of "to permit specific metadata types" should be "to *only* permit specific metadata types". Section 10.1 Security considerations related to the control plane should be discussed in the corresponding control specification documents (e.g., [I-D.ietf-bess-nsh-bgp-control-plane], [I-D.wu-pce-traffic-steering-sfc], or [I-D.maglione-sfc-nsh-radius]). I'm going to call this a nit, but "should be discussed" sounds as if this document is trying to direct the behavior of the other listed documents; maybe "are discussed" is better. Section A.1 could perhaps note the potential drawback that the classification functionality is now distributed across the domains instead of being totally centralized at the initial entry, which requires greater coordination between the different classifers. (This is, of course, not necessarily a drawback for all deployments, but could be for some.)
- Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-… mohamed.boucadair
- [sfc] Benjamin Kaduk's Discuss on draft-ietf-sfc-… Benjamin Kaduk
- Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-… mohamed.boucadair
- Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-… Benjamin Kaduk
- Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-… mohamed.boucadair
- Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-… Benjamin Kaduk