Re: [sfc] Proposal for congestion control in draft-farrel-sfc-convent
"Adrian Farrel" <adrian@olddog.co.uk> Fri, 16 February 2018 21:31 UTC
Return-Path: <adrian@olddog.co.uk>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0451912D7F0 for <sfc@ietfa.amsl.com>; Fri, 16 Feb 2018 13:31:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R3sVvlE5us3V for <sfc@ietfa.amsl.com>; Fri, 16 Feb 2018 13:31:41 -0800 (PST)
Received: from mta6.iomartmail.com (mta6.iomartmail.com [62.128.193.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E3A0124207 for <sfc@ietf.org>; Fri, 16 Feb 2018 13:31:40 -0800 (PST)
Received: from vs1.iomartmail.com (vs1.iomartmail.com [10.12.10.121]) by mta6.iomartmail.com (8.14.4/8.14.4) with ESMTP id w1GLVZNc007927; Fri, 16 Feb 2018 21:31:35 GMT
Received: from vs1.iomartmail.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 52C2F2203B; Fri, 16 Feb 2018 21:31:35 +0000 (GMT)
Received: from asmtp1.iomartmail.com (unknown [10.12.10.248]) by vs1.iomartmail.com (Postfix) with ESMTPS id 3D6432203A; Fri, 16 Feb 2018 21:31:35 +0000 (GMT)
Received: from 950129200 ([12.250.207.42]) (authenticated bits=0) by asmtp1.iomartmail.com (8.14.4/8.14.4) with ESMTP id w1GLVWWH024027 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 16 Feb 2018 21:31:34 GMT
Reply-To: adrian@olddog.co.uk
From: Adrian Farrel <adrian@olddog.co.uk>
To: "'Carlos Pignataro (cpignata)'" <cpignata@cisco.com>
Cc: mls.ietf@gmail.com, ietf@kuehlewind.net, sfc@ietf.org, 'Adrian Farrel' <afarrel@juniper.net>
References: <BLUPR05MB370BC7BDC9E741CC09ABD47BBF70@BLUPR05MB370.namprd05.prod.outlook.com> <ED75774E-F3DC-456D-96DA-2009F9275B35@cisco.com>
In-Reply-To: <ED75774E-F3DC-456D-96DA-2009F9275B35@cisco.com>
Date: Fri, 16 Feb 2018 21:31:32 -0000
Message-ID: <02ff01d3a76d$85334540$8f99cfc0$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQEeAghMA36BwNs7P4hKcgh5BznyYQGbi9COpQXvVkA=
Content-Language: en-gb
X-Originating-IP: 12.250.207.42
X-Thinkmail-Auth: adrian@olddog.co.uk
X-TM-AS-GCONF: 00
X-TM-AS-Product-Ver: IMSVA-9.0.0.1623-8.2.0.1013-23668.003
X-TM-AS-Result: No--30.159-10.0-31-10
X-imss-scan-details: No--30.159-10.0-31-10
X-TMASE-Version: IMSVA-9.0.0.1623-8.2.1013-23668.003
X-TMASE-Result: 10--30.159200-10.000000
X-TMASE-MatchedRID: j4nUk6F+aLYkzrQfI6wWyOYAh37ZsBDCQnVGRb78vpAY0A95tjAn+1tE UzPReCEC7Ka5xr4UMFfvvUvE5L64eAldMc3Hj8/o8eSmTJSmEv2Zf5btvM85AQ2G3vz8l/IElaO mlCPm7PAfVoLo68RF+mD78H21qaZBM47ELEmzJqbFlCgYxEaGExyDrkIwjihbIFBEE5CFomK3WR FfMFpqrUXz+wEVxyExZ/ZB0hmIptxEiFIhxLPRUZ+EzsRrGT9IQKuv8uQBDjpCu3iUFrX0Dl4rZ +EaD3uZZpbK16kfjQFZHhlaIqB7ziP0K6pQJfW4syNb+yeIRAq7atxTbKDEIEENV4Lwnu7B1sTl zu9ctp2SQFK8SNZ7c4JnAxoBUhxpb4ixR8bvk/an1yJegn+laxSpYqhygmjpSgJpILqp94b6CmP nGAtSvo/m9lOHU6+/RzwG8ij76Rd5BTB1IjcvAqtK3oodxPaxM3PBQtDBME+hUoducQu06aVDtq tHNwDxWubHxfhv8egjrJgzgUvPOT879zET5UZxMIiU395I8H2KbuU19+RNrkfLNMv2kATUNVjVq 6WuIRSKbolQvMkWPGO1TJ3jzuz4X5sgyCY2UIRZluvuHEedhEGtrAxy5ENO8oXqbPkdKPKg0hWz UrznJxyZmuozlKyT+/ydMNttdO96+aDWc6WLsC97pb4g5HCtk9atiES99p1ct5jgLX72gKtpFYo Fv0AyfPldzhHm79vnz4Gg73O3vrGfCGOAcoovOp/QO0+WfieH7D1bP/FcOuVjd+HgnRW+xUkhFM O+oXssDZiXoLHVAF+24nCsUSFNt7DW3B48kkHdB/CxWTRRuyUIayx+Skid
X-TMASE-SNAP-Result: 1.821001.0001-0-1-12:0,22:0,33:0,34:0-0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/6qEwy1-tlLNRd_TdhUlXIYb97ig>
Subject: Re: [sfc] Proposal for congestion control in draft-farrel-sfc-convent
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Feb 2018 21:31:44 -0000
Hi Carlos,
Thanks for the mail. It is important, IMHO, that this sort of change is reviewed by the WG and not just slipped in through secret agreement between the document editor and a Discussing AD.
> Some of this text, however, seems pretty heavy-handed.
My hand has always been heavy - it is the secret of good childcare.
> > 6. Management and Congestion Control Considerations
> >
> > The mechanisms described in this document allow SFC-aware nodes in an SFC
> network to generate additional packets. While these packets are in the nature of
> in-band control packets
>
> Are these “control” packets? These are packets with a specific characteristic (not
> with a specific function), and according to the Abstract, “this document illustrates
> some of the functions that may be achieved”. It does not say “These are control
> packets …"
Are we sure this is a question of meaningful semantics and not philology?
The text you quoted does not say that the packets are control packets. But they *do* have that nature.
Of course, we could take this opportunity to open the debate as to whether OAM packets are control plane, data plane, or management plane packets. That might be fun, but if life has taught me anything, it is that we would not actually be advancing the discussion of the Internet.
So, we don't need the commentary and can reduce to "These are not intended to be sent frequently for any flow, but there is still a risk that they might flood the network."
> > and not intended to be sent frequently for any flow
>
> Might be useful to define flow (by way of a pointer at least), since it’s not used in
> RFC 8300.
I'm going to refer you back to Section 5.2, but not put a pointer in the text. A reader who gets this far without having first read Section 5.2 is lost.
> > , there is still a risk that they might flood the network.
>
> Flood the whole network?
English usage?
A single packet will not, of course, flood the whole network.
But the whole (SFC) network might be flooded with such packets.
> > For example, if an attempt is made to use this mechanism for “per-packet
> metadata” (Section 5.6) then this might double the number of packets in the
> network. Similarly, if this mechanism is used for a form of aliveness detection
> OAM that requires very frequent test messages, then the number of additional
> messages may be very high. Such additional messages risk causing congestion in
> the network.
> >
> > The underlay network (that is the tunnels across the underlay between SFC
> nodes) will not
>
> :s/will/may/g ?
Now we are really into English usage!
Did you mean "might" when you said "may", or did you mean to be proscriptive?
Anyway, I intended "will not". That is mainly because it "cannot" without a form of DPI that is, I suspect, beyond the powers of most routers today.
But it is more civilised to say what it will or will not do than it is to assert capability deficiencies :-)
> > distinguish between data-carrying packets and those packets with next
> protocol set to none. All packets will be treated the same and will need to fall
> within the capabilities of the underlay network to process and forward packets.
>
> :s/will/may/g ?
Text as intended.
When underlays start to make forwarding decisions based on the payload and not the encapsulation, then networking is in a mess!
> > Nodes in the SFC overlay network will need to perform special processing on
> the additional packets according to their roles and according to the application for
> the metadata. For example, an SFF will likely only have to forward per-SFC
> metadata, while an SF
>
> per-SFP instead of per-SFC?
Yes, per 5.1.
> > will need to extract it and process it as it would if the metadata was carried in a
> packet with user data. On the other hand, metadata might also be used to cause
> actions at all nodes (see Sections 5.3, 5.4 and 5.5) and could increase the
> processing load.
> >
> > In view of these potential issues, all implementations SHOULD implement rate
> limits on the generation of SFC packets with next protocol set to none.
> Furthermore, these rate limits SHOULD be configurable and applied per SFC and
> per application so that one application on one SFC does not encumber a different
> application on a different SFC.
>
> I think “per-SFC” means “per-SFP” throughout above. However, what is the
> mapping of applications? Not all nodes may have per-application visibility (or
> knowledge).
Yes, as above.
> > When an implementation finds that it is unable to generate or send a packet it
> SHOULD increment a counter that is accessible by the operator, and MAY raise an
> alert (although such alerts SHOULD, themselves, be rate limited).
>
> From an operational standpoint what are the defaults for these proposed
> configuration knobs?
I don't believe this text defines any configuration knobs.
I suppose you could make them so, but this text talks about implementation.
> Another important consideration: if the protocol-none packet is for a specific
> function, what are the implications to that application or function leveraging this
> mechanism? For example, if, as mentioned above, this is used for OAM, rate-
> liming without visibility to the OAM rate limiting or function can result in actually
> more congestion with false-negatives, oscillations, instability, etc.
>
> I strongly recommend some per-use implications, and a SHOULD understand
> implications before blindly rate-limiting.
Erm, the sentence previous to the one you quoted says...
Furthermore, these rate limits
SHOULD be configurable and applied per SFP and per application so that one application on
one SFP does not encumber a different application on a different SFP.
Change to ...
encumber a different application on this or a different SFP.
> > Additionally, an SFC node needs to protect itself against another node in the
> network not applying suitable rate limits. Therefore, implementations SHOULD
> apply incoming rate limits for SFC packets with next protocol set to none.
>
> This places an interesting requirement: it does not allow for incremental
> deployment. Not only protocol-none feature generating nodes need to be
> upgraded, but every node at once.
No, that would be crazy.
No one would do that, and I don't think anyone would read it like that.
Backward compatibility is what it is (see Section 4).
Besides, "SHOULD" is very useful :-)
> > Such rate limits SHOULD be application-aware, per SFC or interface,
>
> This granularity seems beyond what might be possible. Per-SFC should be per-
> SFP. Not always there’s app-awareness. What’s an interface in this context?
Obviously, this is different from packet generation, but surely the debate could center on where the rate limits are applied.
You specifically worried about "one size fits all" rate limits, and that is wise because you probably want to allow more packets for one use than for another.
OK to drop this to "MAY"?
Hope this helps,
Adrian
- [sfc] Proposal for congestion control in draft-fa… Adrian Farrel
- Re: [sfc] Proposal for congestion control in draf… Mirja Kuehlewind (IETF)
- Re: [sfc] Proposal for congestion control in draf… Carlos Pignataro (cpignata)
- Re: [sfc] Proposal for congestion control in draf… Adrian Farrel
- Re: [sfc] Proposal for congestion control in draf… Carlos Pignataro (cpignata)