IETF Logo Mail Archive

Re: [sfc] TR: I-D Action: draft-boucadair-sfc-oam-packet-00.txt

mohamed.boucadair@orange.com Thu, 17 February 2022 07:13 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1EBE3A14B9 for <sfc@ietfa.amsl.com>; Wed, 16 Feb 2022 23:13:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.785
X-Spam-Level:
X-Spam-Status: No, score=-0.785 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL=1.31, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AJ1piMxf2QBy for <sfc@ietfa.amsl.com>; Wed, 16 Feb 2022 23:13:53 -0800 (PST)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01E7F3A14D3 for <sfc@ietf.org>; Wed, 16 Feb 2022 23:13:52 -0800 (PST)
Received: from opfedar02.francetelecom.fr (unknown [xx.xx.xx.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by opfedar25.francetelecom.fr (ESMTP service) with ESMTPS id 4JzmJv3Wrpz8t4v; Thu, 17 Feb 2022 08:13:51 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1645082031; bh=ZymAtUJgU30Ete+wwBZsP2DeiNnD6oqbeoFNOc+D+yQ=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=rSTSlmZkM1oyCIwnA09a6uajJWiqHnMGdo7vm7euUVojZ4GiG8oF4/f76FZHNu6UN v6cHW6bjfbKbWlkFumY8WenDdz+dUeuzlkRnc3/ksYudSYQ8IzjYNIOrhdegd7Pv+C 5tty/eOvsCexQAnB3zaBaXef4Tz/KHaiou8Ie/J5yD+5X2rZb339L9SC1xDeiqFSuN Sc4XRZhejcthJOORALq/qTkv+XHQshpAagZg/uttlvBZNHG2xqW9TcYBfBsEFR9AJg tz/jNkIIP9GxFD3CCpf+MmwiaQ6nzo4q7S4ZStbzDCFqZ+gap6fJoB8v7r8x9tlDmg OQYP5f4YkiQbA==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by opfedar02.francetelecom.fr (ESMTP service) with ESMTPS id 4JzmJv2TYQzCql0; Thu, 17 Feb 2022 08:13:51 +0100 (CET)
From: <mohamed.boucadair@orange.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>, Greg Mirsky <gregimirsky@gmail.com>
CC: "sfc@ietf.org" <sfc@ietf.org>
Thread-Topic: [sfc] TR: I-D Action: draft-boucadair-sfc-oam-packet-00.txt
Thread-Index: AQHYI0LOqTeC5k5EYkSp4mi5aRUmyqyWXkqZgADrEJA=
Content-Class:
Date: Thu, 17 Feb 2022 07:13:50 +0000
Message-ID: <26440_1645082031_620DF5AF_26440_39_1_787AE7BB302AE849A7480A190F8B9330354954F7@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <164502226599.23621.11371897310173936133@ietfa.amsl.com> <14238_1645022412_620D0CCC_14238_64_1_787AE7BB302AE849A7480A190F8B933035494D1E@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CA+RyBmXTSUdfovvnSpQjoo_Svwm-amC-bRm0eyscUHgY2hYx9g@mail.gmail.com> <30956_1645025435_620D189B_30956_353_1_787AE7BB302AE849A7480A190F8B933035494DD5@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CA+RyBmWg=-ksKup=-7UkCAW_wxWHUFYF3Q6_pven6=tCMCjRPQ@mail.gmail.com> <3535_1645028520_620D24A8_3535_225_1_787AE7BB302AE849A7480A190F8B933035494EAE@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <5efa6354-4396-d1b1-bec3-122d2aa148c2@joelhalpern.com>
In-Reply-To: <5efa6354-4396-d1b1-bec3-122d2aa148c2@joelhalpern.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Enabled=true; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SetDate=2022-02-17T06:31:14Z; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Method=Privileged; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Name=unrestricted_parent.2; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ActionId=15096efe-dcb1-49ad-82e0-c36509479261; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ContentBits=0
x-originating-ip: [10.114.13.245]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/Or3IHPNEP7R-NTQlN4PymL0s8tk>
Subject: Re: [sfc] TR: I-D Action: draft-boucadair-sfc-oam-packet-00.txt
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Feb 2022 07:13:58 -0000

Hi Joel, 

> If the NSH payload is an IP packet, and that packet is addressed to
> something other than this node, and that packet is carrying  an ICMP
> echo, is that an SFC OAM packet requiring the O-bit being set?

Med: The NSH can be added by a classifier or directly by an SFC OAM controller that issues the packet. If the original IP/ICMP packet is received by a classifier, the classifier must not set the O bit as per draft-boucadair-sfc-oam-packet because that packet is seen as data packet. 

Let's now focus on the SFC OAM controller case: 
* Does it makes sense for an SFC OAM controller to "leverage" IP/ICMP for SFC OAM purposes while it can do it directly using ICMP (without the IP header)? 

I personally don't see any. 

* Does it makes sense for an SFC OAM controller to "supply" an IP/ICMP as an input for specific OAM purposes?  

This is in theory possible for SF testing purposes (e.g., test the behavior of a firewall against such packet. The output of the test will be used to assess if the FW configuration is OK/NOK). However, such test OAM packets have to be unambiguously identified as such. The Next Protocol won't be set to IP but to the value assigned to an OAM protocol.  

  And
> conversely, is an SFF required to check for that case if it sees an NSH
> with the O-bit set?

Med: SFFs have to support policies whether some OAM messages can be forwarded to SFs. These policies may include a filter on valid next protocol values. I don't have an objection to discard by default packets with O bit set and next protocol = IP/MPLS/Ethernet

Cheers,
Med

> -----Message d'origine-----
> De : Joel M. Halpern <jmh@joelhalpern.com>
> Envoyé : mercredi 16 février 2022 17:30
> À : BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com>om>; Greg
> Mirsky <gregimirsky@gmail.com>
> Cc : sfc@ietf.org
> Objet : Re: [sfc] TR: I-D Action: draft-boucadair-sfc-oam-packet-00.txt
> 
> Thank you for writing this.  I look forward to more dscussion by more WG
> members.
> 
> I want to ask one clarifying quesiton about an example that was raised
> earlier.
> 
> If the NSH payload is an IP packet, and that packet is addressed to
> something other than this node, and that packet is carrying  an ICMP
> echo, is that an SFC OAM packet requiring the O-bit being set?  And
> conversely, is an SFF required to check for that case if it sees an NSH
> with the O-bit set?
> 
> Yours,
> Joel
> 
> On 2/16/2022 11:21 AM, mohamed.boucadair@orange.com wrote:
> > Re-,
> >
> > This is determined by the entity that issues the OAM packet. This is
> > typically a dedicated OAM controller or an SFC element (classifier for
> > the ioam case, for example).
> >
> > BTW, I updated the draft to reflect your comments and also those from
> > Jim:
> > https://www.ietf.org/rfcdiff?url2=draft-boucadair-sfc-oam-packet-01
> > <https://www.ietf.org/rfcdiff?url2=draft-boucadair-sfc-oam-packet-01>
> >
> > Cheers,
> >
> > Med
> >
> > *De :* Greg Mirsky <gregimirsky@gmail.com> *Envoyé :* mercredi 16
> > février 2022 16:52 *À :* BOUCADAIR Mohamed INNOV/NET
> > <mohamed.boucadair@orange.com> *Cc :* sfc@ietf.org *Objet :* Re: [sfc]
> > TR: I-D Action: draft-boucadair-sfc-oam-packet-00.txt
> >
> > Hi Med,
> >
> > thank you for your expedient response. I have a follow-up question:
> >
> >     How does one determine the nature, OAM or not-OAM, of data
> elements
> >     in the NSH Context header?
> >
> > As I understand it, draft-ietf-sfc-nsh-tlv does not provide that. Do
> > we need to add it? Appreciate your thoughts on that.
> >
> > Regards,
> >
> > Greg
> >
> > On Wed, Feb 16, 2022 at 7:30 AM <mohamed.boucadair@orange.com
> > <mailto:mohamed.boucadair@orange.com>> wrote:
> >
> >     Hi Greg,
> >
> >     Please see inline.
> >
> >     Cheers,
> >
> >     Med
> >
> >     *De :* Greg Mirsky <gregimirsky@gmail.com
> >     <mailto:gregimirsky@gmail.com>>
> >     *Envoyé :* mercredi 16 février 2022 16:13
> >     *À :* BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com
> >     <mailto:mohamed.boucadair@orange.com>>
> >     *Cc :* sfc@ietf.org <mailto:sfc@ietf.org>
> >     *Objet :* Re: [sfc] TR: I-D Action:
> >     draft-boucadair-sfc-oam-packet-00.txt
> >
> >     Hi Med,
> >
> >     many thanks for taking the lead and putting the proposal on the
> table.
> >
> >     I have a question on the proposed new text for the O bit and its
> >     possible effect on IOAM:
> >
> >         O bit:  Setting this bit indicates an SFC OAM packet.  Such a
> > packet
> >
> >            is any NSH-encapasulated packet that exclusively includes
> > an OAM
> >
> >            command and/or OAM data.
> >
> >     My understanding of the new definition of the O bit is that the
> NSH
> >     includes and/or encapsulates only OAM command and/or data. IOAM,
> as
> >     I understand its application in NSH, may follow the NSH and have
> >     user payload after the IOAM data.
> >
> >     *//*
> >
> >     */[Med] Packets that include also user data are not considered as
> >     “OAM packets” as per the new definition./*
> >
> >     And another scenario, if Flow ID TLV is used to influence user
> data
> >     through SFP, OAM will apply the same Flow ID value. Would such
> >     packet still be considered as "exclusively includes OAM command
> >     and/or data"?
> >
> >     *//*
> >
> >     */[Med] Yes, they are. Flow id is just a constraint, if you will,
> >     that is used to influence how OAM commands will be executed. /*
> >
> >     Regards,
> >
> >     Greg
> >
> >     On Wed, Feb 16, 2022 at 6:40 AM <mohamed.boucadair@orange.com
> >     <mailto:mohamed.boucadair@orange.com>> wrote:
> >
> >         Hi all,
> >
> >         A proposal to clarify the intent of SFC OAM packet. Comments
> are
> >         welcome.
> >
> >         Cheers,
> >         Med
> >
> >         -----Message d'origine-----
> >         De : I-D-Announce <i-d-announce-bounces@ietf.org
> >         <mailto:i-d-announce-bounces@ietf.org>> De la part de
> >         internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>
> >         Envoyé : mercredi 16 février 2022 15:38
> >         À : i-d-announce@ietf.org <mailto:i-d-announce@ietf.org>
> >         Objet : I-D Action: draft-boucadair-sfc-oam-packet-00.txt
> >
> >
> >         A New Internet-Draft is available from the on-line
> >         Internet-Drafts directories.
> >
> >
> >                  Title           : Clarifying Ambiguity related to
> >         Network Service Header (NSH) OAM Packet
> >                  Author          : Mohamed Boucadair
> >                  Filename        : draft-boucadair-sfc-oam-packet-
> 00.txt
> >                  Pages           : 5
> >                  Date            : 2022-02-16
> >
> >         Abstract:
> >             This document clarifies an ambiguity in the Network
> Service
> >         Header
> >             (NSH) specification related to the handling of O-bit.  In
> >         particular,
> >             this document clarifies the meaning of "OAM packet".
> >
> >             This document updates RFC8300.
> >
> >
> >         The IETF datatracker status page for this draft is:
> >         https://datatracker.ietf.org/doc/draft-boucadair-sfc-oam-
> packet/
> >
> > <https://datatracker.ietf.org/doc/draft-boucadair-sfc-oam-packet/>
> >
> >         There is also an htmlized version available at:
> >         https://datatracker.ietf.org/doc/html/draft-boucadair-sfc-oam-
> packet-00
> >
> > <https://datatracker.ietf.org/doc/html/draft-boucadair-sfc-oam-packet-
> > 00>
> >
> >
> >         Internet-Drafts are also available by rsync at
> >         rsync.ietf.org::internet-drafts
> >
> >
> >         _______________________________________________
> >         I-D-Announce mailing list
> >         I-D-Announce@ietf.org <mailto:I-D-Announce@ietf.org>
> >         https://www.ietf.org/mailman/listinfo/i-d-announce
> >         <https://www.ietf.org/mailman/listinfo/i-d-announce>
> >         Internet-Draft directories: http://www.ietf.org/shadow.html
> >         <http://www.ietf.org/shadow.html> or
> >         ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> >         <ftp://ftp.ietf.org/ietf/1shadow-sites.txt>
> >
> >
> > ______________________________________________________________________
> > ___________________________________________________
> >
> >         Ce message et ses pieces jointes peuvent contenir des
> >         informations confidentielles ou privilegiees et ne doivent
> donc
> >         pas etre diffuses, exploites ou copies sans autorisation. Si
> >         vous avez recu ce message par erreur, veuillez le signaler
> >         a l'expediteur et le detruire ainsi que les pieces jointes.
> Les
> >         messages electroniques etant susceptibles d'alteration,
> >         Orange decline toute responsabilite si ce message a ete
> altere,
> >         deforme ou falsifie. Merci.
> >
> >         This message and its attachments may contain confidential or
> >         privileged information that may be protected by law;
> >         they should not be distributed, used or copied without
> >         authorisation.
> >         If you have received this email in error, please notify the
> >         sender and delete this message and its attachments.
> >         As emails may be altered, Orange is not liable for messages
> that
> >         have been modified, changed or falsified.
> >         Thank you.
> >
> >         _______________________________________________
> >         sfc mailing list
> >         sfc@ietf.org <mailto:sfc@ietf.org>
> >         https://www.ietf.org/mailman/listinfo/sfc
> >         <https://www.ietf.org/mailman/listinfo/sfc>
> >
> >
> > ______________________________________________________________________
> > ___________________________________________________
> >
> >     Ce message et ses pieces jointes peuvent contenir des informations
> > confidentielles ou privilegiees et ne doivent donc
> >
> >     pas etre diffuses, exploites ou copies sans autorisation. Si vous
> > avez recu ce message par erreur, veuillez le signaler
> >
> >     a l'expediteur et le detruire ainsi que les pieces jointes. Les
> > messages electroniques etant susceptibles d'alteration,
> >
> >     Orange decline toute responsabilite si ce message a ete altere,
> deforme ou falsifie. Merci.
> >
> >     This message and its attachments may contain confidential or
> > privileged information that may be protected by law;
> >
> >     they should not be distributed, used or copied without
> authorisation.
> >
> >     If you have received this email in error, please notify the sender
> and delete this message and its attachments.
> >
> >     As emails may be altered, Orange is not liable for messages that
> have been modified, changed or falsified.
> >
> >     Thank you.
> >
> > ______________________________________________________________________
> > ___________________________________________________
> >
> > Ce message et ses pieces jointes peuvent contenir des informations
> > confidentielles ou privilegiees et ne doivent donc pas etre diffuses,
> > exploites ou copies sans autorisation. Si vous avez recu ce message
> > par erreur, veuillez le signaler a l'expediteur et le detruire ainsi
> que les pieces jointes. Les messages electroniques etant susceptibles
> d'alteration, Orange decline toute responsabilite si ce message a ete
> altere, deforme ou falsifie. Merci.
> >
> > This message and its attachments may contain confidential or
> > privileged information that may be protected by law; they should not
> be distributed, used or copied without authorisation.
> > If you have received this email in error, please notify the sender and
> delete this message and its attachments.
> > As emails may be altered, Orange is not liable for messages that have
> been modified, changed or falsified.
> > Thank you.
> >
> >
> > _______________________________________________
> > sfc mailing list
> > sfc@ietf.org
> > https://www.ietf.org/mailman/listinfo/sfc

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

v2.8.7 | Report a Bug | By Email