IETF Logo Mail Archive

Re: [sfc] Gen rqts comments on draft-ietf-sfc-dc-use-cases-00

"Joel M. Halpern" <jmh@joelhalpern.com> Mon, 12 May 2014 01:07 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2D9E1A03AA for <sfc@ietfa.amsl.com>; Sun, 11 May 2014 18:07:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iMr4D3t2xtS2 for <sfc@ietfa.amsl.com>; Sun, 11 May 2014 18:07:03 -0700 (PDT)
Received: from mailc2.tigertech.net (mailc2.tigertech.net [208.80.4.156]) by ietfa.amsl.com (Postfix) with ESMTP id 75D321A03AE for <sfc@ietf.org>; Sun, 11 May 2014 18:07:03 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailc2.tigertech.net (Postfix) with ESMTP id 059C515A9; Sun, 11 May 2014 18:06:58 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at c2.tigertech.net
Received: from Joels-MacBook-Pro.local (pool-70-106-135-10.clppva.east.verizon.net [70.106.135.10]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mailc2.tigertech.net (Postfix) with ESMTPSA id 0C68215A8; Sun, 11 May 2014 18:06:56 -0700 (PDT)
Message-ID: <53701EAF.4020100@joelhalpern.com>
Date: Sun, 11 May 2014 21:06:55 -0400
From: "Joel M. Halpern" <jmh@joelhalpern.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Dave Hood <dave.hood@ericsson.com>, "sfc@ietf.org" <sfc@ietf.org>
References: <8D15A2BAF93E9C49AB037A0647E5FA643F3E7754@eusaamb105.ericsson.se>
In-Reply-To: <8D15A2BAF93E9C49AB037A0647E5FA643F3E7754@eusaamb105.ericsson.se>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/sfc/L62PZqkl3UmxLOSMr2bGSnPwJBo
Subject: Re: [sfc] Gen rqts comments on draft-ietf-sfc-dc-use-cases-00
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 May 2014 01:07:05 -0000

It strikes me that the solution to many of the issue Dave raises would 
be to remove the requirements from this document (as I have suggested in 
other documents).  Describe the use, but don't try to figure out to 
properly describe the requirements in the use case document.

Yours,
Joel

On 5/11/14, 8:42 PM, Dave Hood wrote:
> A few observations on the proposed requirements:
>
> GR1.   SFC polices MUST be applicable at the edges - network elements as
> well as the workloads.
>
> A good requirement specifies that 1) someone must do 2) something and 3)
> there should be a way to confirm whether 1 has done 2 or not. How would
> we test this requirement?
>
> GR2.   SFC policies MUST be applicable to either Ingress or Egress traffic.
>
> Ingress and egress are not well-defined. From the viewpoint of an SFC,
> the classifier is always an ingress point, and the conclusion of the
> service chain is always an egress point.
>
> Bidirectional flows are important, but if this requirement is meant to
> introduce that topic, it is wide of the mark.
>
> GR3.   SFC MUST support virtual as well as physical SNs.
>
> This is written as if physical SNs were primary, with virtual an
> afterthought. While recognizing the differences, it is probably better
> to grant them logical equivalence. Or if one is to be regarded as
> primary, surely it would be the virtual SN?
>
> GR4.   SFC SHOULD support the ability to mix virtual and physical SNs in
> the same SFC.
>
> Ok
>
> GR5.   SFC SNs MUST be deployable L2 or L3 hop away from each other or
> from the SFC starting entity.
>
> Not clear what is actually being asked for here. The first sentence in
> DB-3 actually states the requirement more crisply.
>
> GR6.   SFC traffic MUST be allowed to follow paths not constrained by
> the underlying static network topology.
>
> We are always tied to underlying topology, just as a zero-G space
> environment is still subject to the laws of gravity. Even within a DC,
> and certainly between DCs, there will always be better ways and worse
> ways of physically arranging the virtual SNs (ie static network topology
> constraints).
>
> The problem statement draft describes this better. A reqirement might
> better be written something along the lines that SFs [do we need SNs in
> the intended abstraction?] should be nodes in a virtual full-mesh
> topology, maybe accompanied with a requirement to be able to create new
> virtual topology nodes (ie instantiate new virtual SNs) on demand (see
> comment on GR11 below). Admittedly, this goes beyond the implications of
> the text describing fig 1, but still seems appropriate.
>
> GR7.   SFC SNs MUST be able to derive the tenant identification without
> being tied to the underlying topology
>
> SNs, rather than SFs? Derive, rather than being told? And the point
> about underlying topology seems to preclude the continued use of
> physical boxes with hard wiring that might already be in place.
>
> GR8.   SFCs MUST support the ability to pass metadata among the SNs or
> between the SNs and the network elements.
>
> It doesn’t say so, but presumably the metadata is associated with a
> particular [set of] flows. As written, this could be done with
> information conveyed out of band, at the time of flow allocation or
> per-packet. Are all of these options intended to be left open for later
> resolution?
>
> GR9.   A composite SFC SHOULD be achievable by way of joining sub SFCs,
> branching to sub SFCs where necessary.
>
> Is branching the only option? Why not nesting?
>
> GR10.  SFCs SHOULD NOT require SNAT inside the SFs to attract traffic
> back to them
>
> This seems like a fine-grained requirement that addresses only one small
> aspect of a larger issue, namely visibility of bidirectional flows. Are
> we content to chip away at the problem without considering it in its
> entirety?
>
> GR11.  SFCs SHOULD have the ability to choose SN instances dynamically,
> at the time of forwarding traffic to them.
>
> The last phrase is at best redundant but probably incorrect (appears to
> demand just-in-time; why not **prior to** forwarding traffic?).
>
> Also, although it is not justified by the use cases, one might hope for
> the ability to instantiate or destroy instances of at least some kinds
> of SN/SF on demand.
>
> GR12.  An OAM mechanism to easily troublshoot as well as validate the
> paths traversed by the SFCs SHOULD be supported.
>
> Given the expected intelligent controller, would we regard it as a
> sufficient response for the controller to be able to report its choices?
> Or would we expect some form of traceroute in the data path itself?
>
> And speaking of intelligent controllers, BTW, the drawbacks clause 4
> appears to be written with the intent to preclude the use of VLANs. As
> to scalability, VLANs might suffice for small to moderate enterprises.
> The argument is really based on the assumption of manual configuration.
> Given intelligence in the SFC controller, VLANs are one of many ways in
> which one could construct a valid solution. If we really intend to
> preclude VLANs, there needs to be a better argument than is presented.
>
> Dave
>
>
>
> _______________________________________________
> sfc mailing list
> sfc@ietf.org
> https://www.ietf.org/mailman/listinfo/sfc
>

v2.23.0 | Report a Bug | By Email