IETF Logo Mail Archive

Re: [sfc] Éric Vyncke's Discuss on draft-ietf-sfc-multi-layer-oam-26: (with DISCUSS and COMMENT)

Greg Mirsky <gregimirsky@gmail.com> Wed, 05 July 2023 01:22 UTC

Return-Path: <gregimirsky@gmail.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E48CFC15153E; Tue, 4 Jul 2023 18:22:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.085
X-Spam-Level:
X-Spam-Status: No, score=-2.085 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_HTML_ATTACH=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vSik97o7bEtJ; Tue, 4 Jul 2023 18:22:11 -0700 (PDT)
Received: from mail-yw1-x112a.google.com (mail-yw1-x112a.google.com [IPv6:2607:f8b0:4864:20::112a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92C90C151551; Tue, 4 Jul 2023 18:21:49 -0700 (PDT)
Received: by mail-yw1-x112a.google.com with SMTP id 00721157ae682-57026f4bccaso73879507b3.2; Tue, 04 Jul 2023 18:21:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1688520109; x=1691112109; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=q74UIvYSquurthRNYbYJjbShj5aidIIaPVjWsIKamQA=; b=XSr00wK4qa9V5MzwRq9Cb4GZAcOGlwixpLcZs6as8XHuLYBlg0ukZXxBOgBkLuJPKh pAQHK7Vbdkki1TFCrhGWTwBLm+Zhwg1p5kDDh93R7x210S/uH11xRzqjbQIQcjcJAHg2 yA0dwR0ZQPy1DhXp3VA4Z1FKElL0Dv/mgCkrC7PmuqP/csBaR3bt7wioPJUhk6/lsAvY HWyg040xzh+wASsdlAJVfEv9lwM6umHYomSP3FbixUmRnhO1+ePgFHpQi8NExfsakd2J 55m0HcBEBz9+q0ORTAyXxSZko6Oy5YnvvXxzmQPLrPVzyjt5KBxELsJqkmpO/zXycav5 UVmA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688520109; x=1691112109; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=q74UIvYSquurthRNYbYJjbShj5aidIIaPVjWsIKamQA=; b=DIuJ5Ryx07PMFBc5bqL4EBOgjWjr5/ZvVX1T59UOZe2BKPayINRgqTPmIgCUE3TOYZ li/ofc+HjNc2nQzKxxf0YrkU0GB5jztXmYTh8ODp+6aQEaip45By7vO64p60OoiKVSy/ 6uWx3T86U4zvyoWgr1SHLSNjErauwepRRgZI5GU30+f2w2a8LdazV20rQZ3DFM/nsSCE rzMDnMPDNt7cHw0HmspVx6UzLlEB8NeKebcwxOESY5JO6tC5N3cHjh3N9S4lEkC0HEUo QoYXKKEgYu1l0ZFdJauF02qwp8BMZ2LA9sfKTmoaJiapdLq4jztmoqTspmrZuVZx5mXr 3Rew==
X-Gm-Message-State: ABy/qLbn1vfG1hG2yes5E4dbewE3LQOvHSmaEk6L7rItBEv5/C9JVplA Klob9mq6I3T5N4ObEvdLR9/j2l1hEH3EkK0OjlI=
X-Google-Smtp-Source: APBJJlHnkuFSjybKS8hhSTQN1qXK37tvyLsdfOnvzZfBDHLITpgQTvPnNEZZMUfv6RxdA5FMR2ruPNVLl52/y5muyjE=
X-Received: by 2002:a81:a187:0:b0:577:3cd0:384 with SMTP id y129-20020a81a187000000b005773cd00384mr13558817ywg.15.1688520108431; Tue, 04 Jul 2023 18:21:48 -0700 (PDT)
MIME-Version: 1.0
References: <168836524659.58404.6585102954286960584@ietfa.amsl.com>
In-Reply-To: <168836524659.58404.6585102954286960584@ietfa.amsl.com>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Tue, 04 Jul 2023 18:21:36 -0700
Message-ID: <CA+RyBmX7xNbzh7jaR0z-ztxic=duyB7Nekmm+VRbPoxKF44MDA@mail.gmail.com>
To: Éric Vyncke <evyncke@cisco.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-sfc-multi-layer-oam@ietf.org, sfc-chairs@ietf.org, sfc@ietf.org, donald.eastlake@futurewei.com, d3e3e3@gmail.com, cjbc@it.uc3m.es
Content-Type: multipart/mixed; boundary="00000000000042a11505ffb33993"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/NT6w1mX0PD4BdWSP-R5Rkjt8JVE>
Subject: Re: [sfc] Éric Vyncke's Discuss on draft-ietf-sfc-multi-layer-oam-26: (with DISCUSS and COMMENT)
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jul 2023 01:22:16 -0000

Hi Eric,
thank you for your thorough review and thoughtful comments. Please find my
responses below tagged GIM>>.

Regards,
Greg

On Sun, Jul 2, 2023 at 11:20 PM Éric Vyncke via Datatracker <
noreply@ietf.org> wrote:

> Éric Vyncke has entered the following ballot position for
> draft-ietf-sfc-multi-layer-oam-26: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to
> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
> for more information about how to handle DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-sfc-multi-layer-oam/
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
>
> # Éric Vyncke, INT AD, comments for draft-ietf-sfc-multi-layer-oam-26
>
> Thank you for the work put into this document.
>
> Please find below one blocking DISCUSS points (very easy to address), some
> non-blocking COMMENT points (but replies would be appreciated even if only
> for
> my own education).
>
> Other thanks to Carlos Bernardos, the Internet directorate reviewer (at my
> request), please consider this int-dir review:
>
> https://datatracker.ietf.org/doc/review-ietf-sfc-multi-layer-oam-26-intdir-telechat-bernardos-2023-06-28/
> (and I have read Greg's reply, still waiting for a revised I-D though)
>
GIM>> I'll be glad to upload the next version. Perhaps that can be done
right after your concerns get addressed.

>
> Special thanks to Don Eastlake for the shepherd's detailed write-up
> including
> the WG consensus and the justification of the intended status and the
> author
> counts.
>
> I hope that this review helps to improve the document,
>
> Regards,
>
> -éric
>
> # DISCUSS
>
> As noted in https://www.ietf.org/blog/handling-iesg-ballot-positions/, a
> DISCUSS ballot is a request to have a discussion on the following topics:
>
> ## Section 6
>
> As there two V header fields defined (one for Echo message and one for all
> OAM
> messages), it is unclear whether the Echo V-field is set back to 0 when
> SFC OAM
> header Version is incremented? Or in other words, should Echo with V=0 but
> with
> OAM V != 0 be interpreted as specified in this document ?
>
GIM>> A very interesting scenario. The intention is to have independent
versioning of the SFC OAM Header and SFC Echo Request/Reply (as well as any
other active OAM protocol applied to SFC). Based on that, in the scenario
you describe, SFC Echo with V == 0 just be interpreted as defined in this
document. Would you suggest that this scenario be added to the description
of the Version field of SFC Echo Request/Reply as an example of the
relationship?
NEW TEXT:
      Versioning of SFC Echo Request/
      Reply is independent of the versioning of the SFC Active OAM
      header (Section 5).  For example, if a new SFC Active OAM header
      format with V = 1 is defined, an SFC Echo Request/Reply packet
      with V = 0 MUST be handled as described in this document.

>
> Are the TLV type depending on the Version being 0 ?
>
GIM>> It seems unnecessary. Do you think that that should be explicitly
noted in the document?

>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
>
> # COMMENTS
>
> ## Multi-layer ?
>
> I wonder what is "multi-layer" (per the I-D title) aspect in the
> specification.
> Suggest to either explain the "multi-layer" aspect or drop it from the
> draft
> title.
>
GIM>> At the very early stage, the title of the draft did include
"multi-layer". Later, it was changed to "Active OAM for Service Function
Chaining (SFC)". Would you suggest that we change from
draft-ietf-sfc-multi-layer-oam to, for example, draft-ietf-sfc-active-oam,
at this stage?

>
> ## Section 3
>
> Suggest to write that SFFI stands for SFF Instance in Figure 1.
>
GIM>> A good point, thank you. Added to the Acronyms:
SFI:        Service Function Instance
Updated the second para in Section 3 as follows:
OLD TEXT:
   The architecture example depicted in Figure 1 considers a service
   function chain that includes three distinct service functions.  In
   this example, the SFP traverses SFF1, SFF2, and SFF3.  Each SFF is
   connected to two instances of the same service function.
NEW TEXT:
    The architecture example depicted in Figure 1 considers a service
   function chain that includes three distinct service functions.  In
   this example, the SFP traverses SFF1, SFF2, and SFF3.  Each SFF is
   connected to two service function instances (SFIs) of the same
   service function.

>
> Isn't `FM SFC OAM` a pleonasm ? I.e., either "FM" or "OAM" are redundant.
>
GIM>> OAM is a more general term that includes Fault Management and
Performance Monitoring protocols.

>
> `(e.g., NSH)` why `e.g.` when section 1 states the focus of this I-D to
> NSH ?
>
GIM>>  Our intention was to define an active OAM that is applicable to
different SFC mechanisms and use SFC NSH as an example to illustrate the
realization of SFC Echo Request/Reply.

>
> About REQ#1, should this be a "MUST" rather than a "SHOULD" ?
>
GIM>> We need to consider that active SFC OAM excludes SFIs along the SFP1.
On the other hand, the application of the SFI to a user packet can be
re-classified and switched to another SFP2. To examine that SFP2, a
different active SFC OAM packet can be transmitted from that Re-classifier.
that is different from, for example, tracing in an ECMP environment and is
why we feel that "SHOULD" is appropriate rather than MUST.

>
> In REQ#8, `the initiator of such a request` should probably be more
> specific.
>
GIM>> Would the following update make the requirement more clear:
OLD TEXT:
      REQ#8: SFC OAM MUST be able to trigger on-demand FM with responses
      being directed towards the initiator of such a request.
NEW TEXT:
       REQ#8: SFC OAM MUST be able to trigger on-demand FM remotely with
      responses being directed toward the initiator of the remote
      request.


> ## Section 4
>
> Isn't RFC 8300 a better reference for the O bit rather than an IETF draft ?
>
GIM>> Med helped me answer this question.

>
> ## Section 5
>
> Please add a justification / actual data about `But extra IP/UDP headers,
> especially in an IPv6 network, add noticeable overhead.`
>
GIM>> I propose the following update of that sentence:
OLD TEXT:
   But extra IP/
   UDP headers, especially in an IPv6 network, add noticeable overhead.
NEW TEXT:
   But an extra
   IP/UDP header, especially in an IPv6 network, adds overhead compared
   to the length of an active OAM control packet (e.g., BFD Control
   packet [RFC5880]).  In some environments, for example, when measuring
   performance metrics, it is beneficial to transmit OAM packets in a
   broad range of lengths to emulate application traffic closer.

Is the updated text acceptable?

>
> I am really concerned by having only 2 bits to indicate the version while
> there
> are 8 bits reserved on the side. This does not look too good for revisions.
>
GIM>> A very valid and practical point, thank you. Would you agree to
increase the Version field to a four-bit length?

>
> When can an implementation deviate from the SHOULD in Sender's Handle: `The
> sender of the Echo Request SHOULD use a pseudo-random number generator ` ?
> While I understand that this is an opaque value, and using a random number
> prevents fingerprinting, I would assume that some implementations would
> like to
> add some private semantics to this number.
>
GIM>> Yes, an implementation may use the Sender's Handle for some
proprietary signaling as long as the system that receives SFC Echo Request
doesn't alter the value of the Sender's Handle field but copies it into SFC
Echo Reply. Do you feel that a note with that example needs to be added?

>
> ## Section 6
>
> Suggest adding some text about the absence of TLVs based on the length of
> the
> SFC OAM header.
>
GIM>> Would the following update match your expectation:
OLD TEXT:
    TLV is a variable-length construct whose length is multiple of four-
   octet words.  Multiple TLVs MAY be placed in an SFC Echo Request/
   Reply packet.  None, one or more sub-TLVs may be enclosed in the
   value part of a TLV, subject to the semantics of the (outer) TLV.
NEW TEXT:
   TLV is a variable-length construct whose length is multiple of four-
   octet words.  Multiple TLVs MAY be placed in an SFC Echo Request/
   Reply packet.  None, one or more sub-TLVs may be enclosed in the
   value part of a TLV, subject to the semantics of the (outer) TLV.  If
   no TLVs are included in an SFC Echo Request/Reply, the value of the
   Length field in the SFC Active OAM header MUST be 16 octets.

>
> ## Section 6.1
>
> To avoid confusion s/TTL Exceeded/NSH TTL Exceeded/ (even if explained
> later in
> the text).
>
GIM>> A good point. True, the proposed SFC Echo Request/Reply mechanism can
be used in SFC NSH, we believe that it can also be applied in, for example,
SFC based on RFC 8595 <https://www.rfc-editor.org/rfc/rfc8595.html>, would
s/TTL Exceeded/SFC TTL Exceeded/ be acceptable?

>
> In `The receiver of said Echo Request can set it to one of the values`
> should
> the "can" be replaced by a "MUST" ?
>
GIM>> Indeed, thank you for pointing this out. Done.

>
> ## Section 6.3
>
> `If the NSH is used,` but section 1 specifies that this I-D is only about
> NSH.
>
GIM>> Our intention was to define an Echo Request/Reply mechanism for any
technology that can realize SFC. NSH is one such technology. RFC 8595
defines how MPLS can be used to realize SFC. What would you suggest?

>
> `Reply via an IPv4/IPv6 UDP Packet` is unclear when reading it. Please add
> a
> forward reference to section 6.3.1 (I would also prefer to have 6.3.1
> earlier
> in the flow
>
GIM>> Added the reference as you suggested:
   *  Reply via an IPv4/IPv6 UDP Packet (2).  If an SFC Echo Request is
      not encapsulated in IP/UDP, then this value requests the use of
      the Source ID TLV Section 6.3.1.


> ## Section 6.5.2
>
> How `If the NSH of the received SFC Echo Request includes the MAC Context
> Header, the packet's authentication MUST be verified before using any
> data. `is
> different to the text of section 6.4 about the MAC ?
>
GIM>> Yes, it appears as unnecessary duplication. Would backreference to
Section 4 as follows to address your concern:

   If the NSH of the received SFC Echo Request includes the MAC Context
   Header, the packet's authentication MUST be verified before using any
   data as defined in Section 6.4.

>
> `Sequence Number in the Echo Request sent matches to the Sequence Number
> in the
> Echo Reply received` should it rather be a window of sequence number ?
> I.e.,
> pipelined requests could be sent.
>
GIM>> A very good point, thank you. Update as follows:
OLD TEXT:
      the Sequence Number in the Echo
      Request sent matches to the Sequence Number in the Echo Reply
      received.
NEW TEXT:
      the Sequence Number in the Echo Reply
      received matches the Sequence Number of one of outstanding
      transmitted Echo Requests.

>
> ## Section 6.6
>
> `Consistency Verification Request` this message is not defined before this
> section and not in RFC 8300. If specified in this section, may I suggest to
> rename the section to be about CVReq ?
>
GIM>> Thank you for the suggestion. Renamed the section to "The Use of
Consistency Verification Request Message"

>
> ## Section 7
>
> `if the underlay is an IPv6 network` what about IPv4 ? I would assume that
> IPv[46] underlays can support AH/ESP.
>
GIM>> IPv6 is used as an example. Of course, AH and ESP are equally
applicable in IPv4. Would you suggest re-wording like:
   If the underlay is an IPv4 or IPv6 network, IP Authentication Header
   [RFC4302] or IP Encapsulating Security Payload Header [RFC4303] can
   be used to provide integrity protection.

>
> Should this be a SHOULD in `an implementation MAY check that the source of
> the
> Echo Request is indeed part of the SFP`?
>
GIM>> In the course of the earlier discussion, that text got changed to the
following:
   To protect against unauthorized sources trying to obtain information
   about the overlay and/or underlay, an implementation MUST have means
   to check that the source of the Echo Request is part of the SFP.
I hope that this change addresses your concern.

v2.23.0 | Report a Bug | By Email