Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-sfc-hierarchical-09: (with DISCUSS and COMMENT)
<mohamed.boucadair@orange.com> Mon, 25 June 2018 14:06 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDC79124C04; Mon, 25 Jun 2018 07:06:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iMoaznmUIsl3; Mon, 25 Jun 2018 07:06:28 -0700 (PDT)
Received: from orange.com (mta241.mail.business.static.orange.com [80.12.66.41]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80C8D130DF1; Mon, 25 Jun 2018 07:06:28 -0700 (PDT)
Received: from opfedar04.francetelecom.fr (unknown [xx.xx.xx.6]) by opfedar24.francetelecom.fr (ESMTP service) with ESMTP id 090EEC047E; Mon, 25 Jun 2018 16:06:27 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.61]) by opfedar04.francetelecom.fr (ESMTP service) with ESMTP id C1A6440058; Mon, 25 Jun 2018 16:06:26 +0200 (CEST)
Received: from OPEXCLILMA3.corporate.adroot.infra.ftgroup ([fe80::60a9:abc3:86e6:2541]) by OPEXCLILM7E.corporate.adroot.infra.ftgroup ([fe80::b91c:ea2c:ac8a:7462%19]) with mapi id 14.03.0399.000; Mon, 25 Jun 2018 16:06:26 +0200
From: mohamed.boucadair@orange.com
To: Benjamin Kaduk <kaduk@mit.edu>
CC: The IESG <iesg@ietf.org>, "draft-ietf-sfc-hierarchical@ietf.org" <draft-ietf-sfc-hierarchical@ietf.org>, Behcet Sarikaya <sarikaya@ieee.org>, "sfc-chairs@ietf.org" <sfc-chairs@ietf.org>, "sfc@ietf.org" <sfc@ietf.org>
Thread-Topic: Benjamin Kaduk's Discuss on draft-ietf-sfc-hierarchical-09: (with DISCUSS and COMMENT)
Thread-Index: AQHUClXBB89+3jWS4ECsf8GN2V37E6RxBJ2g
Date: Mon, 25 Jun 2018 14:06:26 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93302DF4B5E3@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
References: <152954550322.28624.14636040697546417914.idtracker@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93302DF49B65@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <20180622182042.GJ64617@kduck.kaduk.org>
In-Reply-To: <20180622182042.GJ64617@kduck.kaduk.org>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.6]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/BgH4cDZ2CFHfEVQhDFubWT-xVoM>
Subject: Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-sfc-hierarchical-09: (with DISCUSS and COMMENT)
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jun 2018 14:06:33 -0000
Hi Benjamin, Please see inline. Cheers, Med > -----Message d'origine----- > De : Benjamin Kaduk [mailto:kaduk@mit.edu] > Envoyé : vendredi 22 juin 2018 20:21 > À : BOUCADAIR Mohamed IMT/OLN > Cc : The IESG; draft-ietf-sfc-hierarchical@ietf.org; Behcet Sarikaya; sfc- > chairs@ietf.org; sfc@ietf.org > Objet : Re: Benjamin Kaduk's Discuss on draft-ietf-sfc-hierarchical-09: (with > DISCUSS and COMMENT) > > Hi Med, > > I see that you already uploaded a -10 that moves the intended status to > Experimental, with a nice clear introduction that lays out the scope and > goals of the proposed experiment(s). That's a big improvement, so I will > clear my DISCUSS. [Med] Thank you. More inline... > > On Thu, Jun 21, 2018 at 06:42:11AM +0000, mohamed.boucadair@orange.com wrote: > > Hi Benjamin, > > > > Thank you for the review. > > > > Please see inline. > > > > Cheers, > > Med > > > > > -----Message d'origine----- > > > De : Benjamin Kaduk [mailto:kaduk@mit.edu] > > > Envoyé : jeudi 21 juin 2018 03:45 > > > À : The IESG > > > Cc : draft-ietf-sfc-hierarchical@ietf.org; Behcet Sarikaya; sfc- > > > chairs@ietf.org; sarikaya@ieee.org; sfc@ietf.org > > > Objet : Benjamin Kaduk's Discuss on draft-ietf-sfc-hierarchical-09: (with > > > DISCUSS and COMMENT) > > > > > > Benjamin Kaduk has entered the following ballot position for > > > draft-ietf-sfc-hierarchical-09: Discuss > > > > > > When responding, please keep the subject line intact and reply to all > > > email addresses included in the To and CC lines. (Feel free to cut this > > > introductory paragraph, however.) > > > > > > > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > > > > The document, along with other ballot positions, can be found here: > > > https://datatracker.ietf.org/doc/draft-ietf-sfc-hierarchical/ > > > > > > > > > > > > ---------------------------------------------------------------------- > > > DISCUSS: > > > ---------------------------------------------------------------------- > > > > > > This does seem like an interesting and potentially useful idea -- thanks > > > for doing the work! > > > > [Med] Thank you. > > > > However, I am not sure that the document as-is is > > > suitable for publication. > > > > > > In Section 4.1.5 we hear that preserving metadata and applying metadata > to > > > injected packets is not special and is "usual" functionality, but > > > section 4.1.2 calls out that the 4.1.2 approach requires the SFs in the > > > path to be capable of forwarding metadata and attaching metadata to > > > injected packets as if it is a nontrivial requirement. This apparent > > > internal inconsistency needs to be resolved before publication. > > > > [Med] I guess you are referring to: > > > > (4.1.2) > > > > "This approach requires the SFs in the path to be capable of > > forwarding the metadata and appropriately attaching metadata to any > > packets injected for a flow." > > > > And > > > > (4.1.5) > > > > "No special functionality is required to be supported by an SFC- > > aware SF, other than the usual ability to preserve metadata and to > > apply metadata to injected packets." > > Yes, that's the spot(s). > > > > > "usual" is used in the sense that manipulating metadata (update context > header and service policy selection) is part of the roles of an SFC-aware SF. > Please refer to " Figure 8: NSH Action and Role Mapping" in RFC8300. > > > > I suggest to update 4.1.5 as follows: > > > > "No new SFC-related functionality is required to be supported by an SFC- > > aware SF, other than the ability to preserve metadata and to > > apply metadata to injected packets." > > "No new [...], other than <Y>" still can be read to say that the > functionality Y is in fact new. I think it would be more clear to say > something like "only the existing ability to preserve and apply metadata is > needed" or "The SFC-related functionality required by this approach in an > SFC-aware SF is to be able to preserve and apply metadata, which is a > requirement that was already present in RFC 8300". But your > explanation/pointer to 8300 suffices to clear my discuss point, so please > treat this as a non-blocking comment. > [Med] The second proposal works for me. > > > > > > Why does Section 4.1 offer five different choices with no guidance on how > > > to make a cost/benefit analysis amongst them? > > > > [Med] The rationale of the document is to describe options and leave it to > the taste of those who (will) deploy to decide which ones among those is more > appropriate for their deployment context. Key advantages and issues are > called out. > > > > We cannot speculate about cost analysis. Really. > > > > Is the full spread of five > > > choices really necessary? Complexity breeds implementation bugs which > > > breed security issues, so I feel that this breadth of choice needs to be > > > justified. > > > > [Med] I would agree with you if we are recommending all (or most) of them. > > > > This also ties into some confusion I have as to the goal of > > > this document (which currently targets Informational status), > > > > [Med] The main contributions of the document are as follows: > > - Define an architecture for hSFC (hierarchy level, introduce IBN, define > IBN role). This proposed hsFC architecture is generic enough. > > - Identify and describe options to glue levels > > > > The document is informational. As such, it does not make use of normative > language or pick a favorite option. > > > > akin to what > > > is stated in Alvaro's ballot position: is it just providing information > on > > > how to assemble existing pieces in a novel way, or presenting a new > > > protocol specification that is not yet fit for Proposed Standard status, > or > > > is it listing out potential solutions to a problem so that they can be > > > implemented and experience gained as to which are useful in practice and > > > which are not? > > > > [Med] As mentioned above, the document does not declare a favorite option > to be deployed (I have one though), but documents candidates that can be > considered when deploying hSFC. Some of the options are implementation- > specific (4.1.1), some of them are deployment-specific (4.1.3), some require > more standardization effort. > > The desire to get more deployment experience does seem to fit pretty well > with the Experimental status. [Med] Yes. > > > Accordingly, I would be interested to hear about what > > > deployment experience exists already and whether this abstraction proves > to > > > be as useful as the use cases seem to promise; if there is little > > > implementation experience, perhaps Experimental status is more > appropriate. > > > > > > I further am uncertain as to whether the approach described in Section > > > 4.1.3 even merits consideration at all; the technique it describes seems > to > > > have a very leaky abstraction barrier (e.g., w.r.t TTL modifications). > > > > [Med] Glad to see that the description of that section is clear enough > about the complications that are inherent with this option. Our target reader > is likely to have the same reaction as you. > > > > The question is whether it is harmful to have the option described. > > For an experiment, it seems okay to leave it in. [Med] OK. > > > > This seems especially poignant given the already large size of candidate > > > approaches. > > > > [Med] 5 is not a "large size" of candidates, IMO. If this is an issue, we > can consider moving some of the options into an appendix. > > I don't think 5 is a large size for an experiment, only for a final > protocol. [Med] In full agreement. (Sometimes we still end up with that many, but I remember at > least one case where I complained about it in my ballot position.) > > > > > > > The approach described in Section 4.1.5 also seems to be incompletely > > > specified, in that the hSFC Flow ID semantics are not covered at all. On > > > my initial reading I assumed that this field's encoding and semantics > were > > > intended to be left as entirely local matters to the lower domain, > avoiding > > > a need to specify them in this document. > > > > [Med] The semantic is local to a domain. > > Agreed, it will not escape a single domain. > > > However, I'm not sure that it's > > > actually true, since we generally want multiple vendors to be able to > > > interoperate, > > > > [Med] Intermediate SFC elements do not need to understand the semantic of > flowID. They will handle the flowID as an opaque value. > > Agreed. I think it might help to call out (as is done in Section 4.1.1) > that if the egress IBN differs from the ingress IBN, there is a need for > state synchronization between those nodes. [Med] This is the intent of "state replication mentioned in Section 4.1.1". I changed the text to "state synchronization mentioned in Section 4.1.1". > > > and this scheme does not appear to require that the node > > > applying the hSFC Flow ID (and saving state) is the same node that > removes > > > it (and restores state). That is, these two nodes could potentially be > > > implemented by different vendors. > > > > > > > [Med] State sync/replication is indicated in the text: > > > > Disadvantages include those of other stateful approaches, including > > state timeout and replication mentioned in Section 4.1.1. > > I had read the Section 4.1.1 text as only applying to that particular > approach, implying that state synchronization would not necessarily be > needed for the other approaches. > > > > Even once the above issues are resolved, I will only be able to move to > an > > > Abstain position, since this document proposes additional usage of > > > (meta)data in the NSH headers that is not subject to mandatory integrity > > > protection, as was discussed at length for RFC 8300 and is mandated to be > > > available by RFC 7665. > > > > > > > [Med] The document does not specify any metadata. It does only define an > architecture for hSFC and explores deployment options. > > > > > > > > > > ---------------------------------------------------------------------- > > > COMMENT: > > > ---------------------------------------------------------------------- > > > > > > Section 4 > > > > > > To achieve the benefits of hierarchy, the IBN should be applying more > > > granular traffic classification rules at the lower level than the > > > traffic passed to it. This means that the number of SFPs within the > > > lower level is greater than the number of SFPs arriving to the IBN. > > > > > > "more granular" and "less granular" are unfortunately ambiguous in > > > practical usage; I suggest "fine-grained" as an alternative for this > usage. > > > > [Med] Fixed. Thank you. > > > > > > > > Section 4.1.5 > > > > > > Figure 4's caption should indicate where the base NSH fixed-length > context > > > header is originally defined. > > > > [Med] I added "[RFC8300], Section 2.4" > > > > > > > > Section 4.4 presents another operational choice that contributes to > > > exponential complexity growth, and further highlights unique properties > of > > > the Section 4.1.3 approach that may render it unsuitable for inclusion. > > > > > > > [Med] What about moving Section 4.1.3 into an appendix? > > I'd say leave it where it is, if we are going with Experimental status. > > > > Section 7.2 > > > > > > Other fundamental functions required as IBN (e.g., maintaining > > > metadata of upper level or decrementing Service Index) are same as > > > normal usage. > > > > > > nit: "the same as in normal usage" > > > > [Med] Fixed. > > > > > > > > Also, I think the two occurrences of "to permit specific metadata types" > > > should be "to *only* permit specific metadata types". > > > > > > > [Med] Agree. > > > > > > > > Section 10.1 > > > > > > Security considerations related to the control plane should be > > > discussed in the corresponding control specification documents (e.g., > > > [I-D.ietf-bess-nsh-bgp-control-plane], > > > [I-D.wu-pce-traffic-steering-sfc], or [I-D.maglione-sfc-nsh-radius]). > > > > > > I'm going to call this a nit, but "should be discussed" sounds as if this > > > document is trying to direct the behavior of the other listed documents; > > > maybe "are discussed" is better. > > > > [Med] Works for me. > > > > > > > > Section A.1 could perhaps note the potential drawback that the > > > classification functionality is now distributed across the domains > instead > > > of being totally centralized at the initial entry, which requires greater > > > coordination between the different classifers. > > > > [Med] The text in Section 4 is clear that the hSFC requires IBN to behave > as a classifier: > > > > To achieve the benefits of hierarchy, the IBN should be applying more > > granular traffic classification rules at the lower level than the > > traffic passed to it. > > > > We can add text to A.1 but IMHO this is redundant. > > I'm happy to defer to you here. [Med] OK, thanks. I'm planning to leave the text as it is. > > -Benjamin
- Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-… mohamed.boucadair
- [sfc] Benjamin Kaduk's Discuss on draft-ietf-sfc-… Benjamin Kaduk
- Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-… mohamed.boucadair
- Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-… Benjamin Kaduk
- Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-… mohamed.boucadair
- Re: [sfc] Benjamin Kaduk's Discuss on draft-ietf-… Benjamin Kaduk