Re: [sfc] AD review for draft-ietf-sfc-hierarchical-07
Dave Dolson <ddolson@acm.org> Sun, 22 April 2018 03:23 UTC
Return-Path: <ddolson@golden.net>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E65112D958; Sat, 21 Apr 2018 20:23:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Level:
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dR7U3xrhZTXl; Sat, 21 Apr 2018 20:23:47 -0700 (PDT)
Received: from smtp3.execulink.net (smtp3.execulink.net [69.63.44.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C3B0126B7E; Sat, 21 Apr 2018 20:23:47 -0700 (PDT)
Received: from 224-216.speede.golden.net ([216.59.224.216] helo=[192.168.123.13]) by smtp3.execulink.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89) (envelope-from <ddolson@golden.net>) id 1fA5bN-00038z-J1; Sat, 21 Apr 2018 23:23:46 -0400
From: Dave Dolson <ddolson@acm.org>
To: Martin Vigoureux <martin.vigoureux@nokia.com>, draft-ietf-sfc-hierarchical@ietf.org
Cc: sarikaya@ieee.org, "sfc-chairs@ietf.org" <sfc-chairs@ietf.org>, sfc@ietf.org
References: <49f64a48-cd4c-db01-7741-66f6c613c77d@nokia.com>
Message-ID: <31459972-303b-004d-2b8d-2138916876d3@golden.net>
Date: Sat, 21 Apr 2018 23:23:44 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <49f64a48-cd4c-db01-7741-66f6c613c77d@nokia.com>
Content-Type: multipart/alternative; boundary="------------1FF2099E06219B59EF26ABFB"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/P9fV6VnTLnTBSbbHW4OAS6l4y4g>
Subject: Re: [sfc] AD review for draft-ietf-sfc-hierarchical-07
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Apr 2018 03:23:51 -0000
Martin, Thank you for the careful review. My comments below are as an individual contributor. As an editor, I welcome feedback from the working group. -Dave On 2018-04-10 6:11 AM, Martin Vigoureux wrote: > Hello, > > I have reviewed this document, thanks to all of you for putting it > together. Please see my comments below. > > Thank you > -m > > > General: > I am in two minds about this document and maybe because the document > itself seems to not have clear intent. > > It is not clear whether this is simply describing what could be done > or prescribing what should be done. I take the fact that this is an > Informational document as leaning towards "description" but there are > pieces of text which clearly look like prescriptive > protocol/functional behaviour (although some are not detailed enough > to allow for an implementation). > > I would really appreciate if the objective of this document could be > clarified so that the reader knows what to expect. As an original author, my intention was to show a network architecture that allows SFC to scale. Hence it would be informational and optional. We could make that explicit in the introduction and abstract. > > Also, I am not advocating for making this a Standard Track document as > I believe it would require a lot of rework but on the other hand I am > not sure how much help it provides to the persons that would want to > use the concept of hierarchy when deploying SFC in a large domain, nor > to those that would need to implement it before that. You'll find > specific comments below but that bigger question remains. > > Also, the Shepherd write-up does not seem to follow the template. > Any reason for that? I'd prefer if it was re-written according to the > template. Thanks. > > > Specific: > Header: > please write the submission date in the correct format Agreed. > > 1. Introduction > Service Function Chaining (SFC) is a technique for prescribing > differentiated traffic forwarding policies within an SFC-enabled > domain. > I am concerned by the fact that this document seems to give another > definition to SFC. I'm not saying this is wrong but I'd be much more > comfortable if it was simply saying: > > The SFC architecture is described in detail in [RFC7665], and is not > repeated here. This document simply uses that architecture. > > > We assume that some Service Function Paths (SFPs) need to be selected > on the basis of application-specific data visible to the network > What are the security implications of this assumption? Can we remove > that? I think SFC has had it's share of security related discussions. I think that can be changed to We assume that some Service Function Paths (SFPs) need to be selected on the basis of transport-layer coordinates. > > So instead of considering a single SFC Control Plane ([I-D.ietf- > sfc-control-plane]) > I'd prefer not to reference a document which has been abandoned by the WG I propose leaving the discussion of control plane, and just removing the document references. > > Decomposing a network into multiple SFC-enabled domains should permit > end-to-end visibility of SFs and SFPs. > Is that a wishful outcome or a requirement? I'm not sure myself what that means. I think it can be removed. > > The criteria for decomposing a domain into multiple SFC-enabled > sub-domains are beyond the scope of this document. These criteria > are deployment-specific. > While I understand this statement, it kind of defeats a good part of > the purpose of the document, doesn't it? I think the idea is that there are lots of ways one could divide functions into different sub-domains. We don't want to tell the operator why they would want to do different things, just explain the tools available. Like explaining a programming language without trying to explain all of the programs one could write... > > > 2. Hierarchical Service Function Chaining (hSFC) > > A hierarchy has multiple levels: the top-most level encompasses the > entire network domain to be managed, and lower levels encompass > portions of the network. These levels are discussed in the following > sub-sections. > Should it always be like that or is that just a way and there could be > other ways? Can we have more-than-two-levels hierarchies or should > they all be top-and-lower? Should it always be like that? Hierarchical is optional, if that's what you mean. I think "multiple levels" means more than two are possible. In a hierarchy the higher levels are more encompassing... I don't think I understand your concern. > > 2.1. Top Level > This section describes at length the figure/example but what are the > take-aways? > > Considering the example depicted in Figure 1, a top-level network > domain includes SFC data plane components distributed over a wide > area, including: > > o Classifiers (CFs), > o Service Function Forwarders (SFFs) and > o Sub-domains. > Is that an illustrative way to partition the components (e.g., CFs and > SFFs part of the top-level) or is that the recommended way? There would need to be CFs and SFFs at each level. Maybe I miss your point. > > We expect the system to include a top-level control plane having > responsibility for configuring forwarding policies and traffic > classification rules (see for example, [I-D.ietf-sfc-control-plane]). > again, I'd prefer not to reference this doc. More generally, is that > needed? I don't think so. We can remove the reference. > > 2.2. Lower Levels > Same general comment than 2.1. Also, in this section you largely > discuss the IBN, which is in fact only introduced after. The IBN is introduced here, and explained in greater detail in a later section. > > 3. Internal Boundary Node (IBN) > This is the core of the proposal, in my opinion, but it comes very > late in the document. If you don't want to rearchitect the whole > document you should at least have some text (a sentence at bare > minimum) early in the document that says something like : > we introduce the concept of an IBN which acts as the gateway between > the levels of the hierarchy. We also discuss the options for > realizing this function. Thanks. I think we can add this to the introduction. > > 3.1.x > Is there a recommended way of doing IBN Path Configuration out of the > 5 listed? We did not take any such conclusion. > > > 4. Sub-domain Classifier > Another goal of the hierarchical approach is to simplify the > mechanisms of scaling in and scaling out SFs. All of the > complexities of load-balancing among multiple SFs can be handled > within a sub-domain, under control of the classifier, allowing the > higher-level domain to be oblivious to the existence of multiple SF > instances. > I don't see the simplification here. You hide the complexity to the > higher level, but it remains in the lower one, doesn't it? If there are multiple sub-domains, they can each be managed independently, each dealing with a subset of the complexity. If the deployment were flat, a single controller would have to manage scaling of multiple clusters. So it is simpler in the scope handled by each controller. > > > 9.1 > Please remove: > Generic security considerations related to the control plane are > discussed in [I-D.ietf-sfc-control-plane]. These considerations > apply for both high-level and low-level domains. > OK > > > Nits: > s/NSH [RFC8300] or a similar/NSH [RFC8300] or a similar/ If you are complaining about the extra space, this is a function of the XML-->TXT rendering. The XML is "<xref target="RFC8300">NSH</xref> or a similar" > > One path is shown from edge classifier to SFF1 to Sub-domain#1 > (residing in data-center1) to SFF1 to SFF2 (residing in data-center > 2) to Sub-domain#2 to SFF2 to network egress. > Shouldn't this text be taken out of the figure and integrated in the > body of the doc? OK > > _______________________________________________ > sfc mailing list > sfc@ietf.org > https://www.ietf.org/mailman/listinfo/sfc
- [sfc] AD review for draft-ietf-sfc-hierarchical-07 Martin Vigoureux
- Re: [sfc] AD review for draft-ietf-sfc-hierarchic… Behcet Sarikaya
- Re: [sfc] AD review for draft-ietf-sfc-hierarchic… Dave Dolson
- Re: [sfc] AD review for draft-ietf-sfc-hierarchic… Dave Dolson
- Re: [sfc] AD review for draft-ietf-sfc-hierarchic… Martin Vigoureux