IETF Logo Mail Archive

[sfc] Proposal for congestion control in draft-farrel-sfc-convent

Adrian Farrel <afarrel@juniper.net> Mon, 12 February 2018 22:33 UTC

Return-Path: <afarrel@juniper.net>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E10C127010 for <sfc@ietfa.amsl.com>; Mon, 12 Feb 2018 14:33:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Oevl-93Ry5C4 for <sfc@ietfa.amsl.com>; Mon, 12 Feb 2018 14:33:27 -0800 (PST)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7ECFE126D74 for <sfc@ietf.org>; Mon, 12 Feb 2018 14:33:27 -0800 (PST)
Received: from pps.filterd (m0108160.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w1CMV06R030315; Mon, 12 Feb 2018 14:33:25 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : content-type : mime-version; s=PPS1017; bh=WfXDq8xVZRra47ge49GjL75kvk1Vrwwpbcjauqv6Ags=; b=gIu3eNyU6vr4oF8h3OtKwv5KKQOgDHEByrGTWNgbDcq4piXq1+qSDZax5U7HIU379BgR 1l4xSiwoXYRLI1MqzHek0OZrlE+bEEcNvniQfCzE0ZBxo9Yd0uh6mY5EGvOKBUwVukZG r1PXOcVsmHb8rj19Vy41w2P51I9lpK6yVKdZRLWmvWonInZ6PBRowWaFiG4O3GOZsp8R S2oC/+nQBW8dA+mQ4EXzR3MoHvuFfCHhr8dEx5Oq5/pMiwjz0s3xMhwDmmmo4mgIPrM9 zY9mSux9C0YmyCTcxJ838v0UQfAizUOX3Jvr6LoMM9mp277zfdjtiFtPqhPXMHOuW5UG Lw==
Received: from nam01-sn1-obe.outbound.protection.outlook.com (mail-sn1nam01lp0120.outbound.protection.outlook.com [207.46.163.120]) by mx0b-00273201.pphosted.com with ESMTP id 2g3hkt86b0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 12 Feb 2018 14:33:25 -0800
Received: from BLUPR05MB370.namprd05.prod.outlook.com (10.141.25.150) by BLUPR05MB259.namprd05.prod.outlook.com (10.141.22.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.506.7; Mon, 12 Feb 2018 22:33:22 +0000
Received: from BLUPR05MB370.namprd05.prod.outlook.com ([fe80::b531:7948:784b:9cfb]) by BLUPR05MB370.namprd05.prod.outlook.com ([fe80::b531:7948:784b:9cfb%18]) with mapi id 15.20.0506.007; Mon, 12 Feb 2018 22:33:22 +0000
From: Adrian Farrel <afarrel@juniper.net>
To: "ietf@kuehlewind.net" <ietf@kuehlewind.net>, "mls.ietf@gmail.com" <mls.ietf@gmail.com>
CC: "sfc@ietf.org" <sfc@ietf.org>
Thread-Topic: Proposal for congestion control in draft-farrel-sfc-convent
Thread-Index: AdOkUWieWeFX83LaRmCLcmak7P8lwg==
Date: Mon, 12 Feb 2018 22:33:22 +0000
Message-ID: <BLUPR05MB370BC7BDC9E741CC09ABD47BBF70@BLUPR05MB370.namprd05.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.129.239.12]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BLUPR05MB259; 7:W2VpE2TG7hoVvg7tBzKmQu/2ZhOZ60pMqpshycQ8EA/qvIYAQpqUbobWOeIcVYTjhFfd9N64vCvEXezJescAVvS46aYJXsefKW+cRGF1M0T4M9fTGOqvSDPxqEGeVY3UlOAUS+RPoFCdQMIrFZV69WhkJk50ck5oRrOmXqDwSJL2Busbc4U8YiuMl9ms+EIIYY7TaBCPTX9T/6TqmGqfgZBWqOq84NtM2TxpTp6IHeXq+vm0g7Na6DyyoQ7GQ8+M
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 5be572cc-845e-47d5-f4d0-08d572689fd6
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603307)(7153060)(7193020); SRVR:BLUPR05MB259;
x-ms-traffictypediagnostic: BLUPR05MB259:
x-microsoft-antispam-prvs: <BLUPR05MB2592C5FB3C9392BBE180218BBF70@BLUPR05MB259.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(93006095)(93001095)(3231101)(2400082)(944501161)(3002001)(10201501046)(6055026)(6041288)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123562045)(20161123560045)(6072148)(201708071742011); SRVR:BLUPR05MB259; BCL:0; PCL:0; RULEID:; SRVR:BLUPR05MB259;
x-forefront-prvs: 0581B5AB35
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(396003)(346002)(39380400002)(366004)(39860400002)(189003)(199004)(68736007)(5660300001)(9686003)(105586002)(55016002)(305945005)(6506007)(102836004)(3660700001)(59450400001)(316002)(26005)(4326008)(6306002)(2906002)(7696005)(186003)(25786009)(53936002)(7736002)(3280700002)(6116002)(39060400002)(74316002)(3846002)(6436002)(2501003)(561944003)(33656002)(99286004)(966005)(66066001)(14454004)(97736004)(2900100001)(86362001)(478600001)(81156014)(8936002)(106356001)(81166006)(110136005)(5250100002)(8676002); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR05MB259; H:BLUPR05MB370.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: EoZpEqqciHvc1DhfyNA1gSexZFPFTbemuvPBrtxsO4oxZDYjClO3qxET/J2+0Ow8Rp5Z0IIVZwtlT2Wu3NC3ew==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BLUPR05MB370BC7BDC9E741CC09ABD47BBF70BLUPR05MB370namprd_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 5be572cc-845e-47d5-f4d0-08d572689fd6
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Feb 2018 22:33:22.6154 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR05MB259
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-02-12_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1802120284
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/LRQ1ese52AzlOL_PRri0_9ouMvs>
Subject: [sfc] Proposal for congestion control in draft-farrel-sfc-convent
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Feb 2018 22:33:30 -0000

Hi Mirja and Martin,

Here is a proposal to address Mirja's Discuss. It is a new top-level section.

It is for discussion, so please tell me what it is missing and how we should work on it.

It makes sense (to me) for the WG to comment about this as well.

Thanks,
Adrian

====
6. Management and Congestion Control Considerations

The mechanisms described in this document allow SFC-aware nodes in an SFC network to generate additional packets.  While these packets are in the nature of in-band control packets and not intended to be sent frequently for any flow, there is still a risk that they might flood the network. For example, if an attempt is made to use this mechanism for "per-packet metadata" (Section 5.6) then this might double the number of packets in the network. Similarly, if this mechanism is used for a form of aliveness detection OAM that requires very frequent test messages, then the number of additional messages may be very high. Such additional messages risk causing congestion in the network.

The underlay network (that is the tunnels across the underlay between SFC nodes) will not distinguish between data-carrying packets and those packets with next protocol set to none. All packets will be treated the same and will need to fall within the capabilities of the underlay network to process and forward packets.

Nodes in the SFC overlay network will need to perform special processing on the additional packets according to their roles and according to the application for the metadata. For example, an SFF will likely only have to forward per-SFC metadata, while an SF will need to extract it and process it as it would if the metadata was carried in a packet with user data. On the other hand, metadata might also be used to cause actions at all nodes (see Sections 5.3, 5.4 and 5.5) and could increase the processing load.

In view of these potential issues, all implementations SHOULD implement rate limits on the generation of SFC packets with next protocol set to none. Furthermore, these rate limits SHOULD be configurable and applied per SFC and per application so that one application on one SFC does not encumber a different application on a different SFC. When an implementation finds that it is unable to generate or send a packet it SHOULD increment a counter that is accessible by the operator, and MAY raise an alert (although such alerts SHOULD, themselves, be rate limited).

Additionally, an SFC node needs to protect itself against another node in the network not applying suitable rate limits. Therefore, implementations SHOULD apply incoming rate limits for SFC packets with next protocol set to none. Such rate limits SHOULD be application-aware, per SFC or interface, and SHOULD be configurable, but implementations MAY be more subtle if they are aware of internal processing loads and have access to queues/buffers. In any case, when an implementation drops a received packed because of these rate limits it SHOULD increment a counter that is accessible by the operator, and MAY raise an alert (although such alerts SHOULD, themselves, be rate limited).
====

v2.23.0 | Report a Bug | By Email