Re: [sfc] Éric Vyncke's Discuss on draft-ietf-sfc-multi-layer-oam-26: (with DISCUSS and COMMENT)
Greg Mirsky <gregimirsky@gmail.com> Wed, 05 July 2023 03:49 UTC
Return-Path: <gregimirsky@gmail.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B08BDC14CE47; Tue, 4 Jul 2023 20:49:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.084
X-Spam-Level:
X-Spam-Status: No, score=-2.084 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_HTML_ATTACH=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gPr_mves9lUr; Tue, 4 Jul 2023 20:49:15 -0700 (PDT)
Received: from mail-yw1-x1133.google.com (mail-yw1-x1133.google.com [IPv6:2607:f8b0:4864:20::1133]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5350C14CE39; Tue, 4 Jul 2023 20:49:14 -0700 (PDT)
Received: by mail-yw1-x1133.google.com with SMTP id 00721157ae682-57a1f51d7a7so17272557b3.1; Tue, 04 Jul 2023 20:49:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1688528954; x=1691120954; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ltdcB1ATlYfyZk9KoyBCu/smh2BmGuCW+5zXEm9b4Gg=; b=VldrCc9qLmug8yVYa+LVNfYDYy3V3IcqPnCEh4BFEoSz84fK0vxgsRu88qCgLzqKhN bpZ+IYkLiM+nqU0Xt8TB1bTGwsKLYplQ2KRRBBMJwGHquqkxPPrOHP0OYG3rCo9GecIh oiY/R224Rn71nrx11JZbneP2FH4C+yKm0YP4SPNjsCNgy+xjWQivEROZ5GeA4C6QAuhP QoaxcdzrR7110fUIzO6Kglb0fSCyMC/6MURyFjtreIYajSk7DEBp2LZ4qrpzoSFozsY6 wRKuZIe/EFqhfvN7eEkWg0OjivikeytzUEyOVZuc4ZX0QhEqQAgt6tzTtB1xABvOSswU foeg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688528954; x=1691120954; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ltdcB1ATlYfyZk9KoyBCu/smh2BmGuCW+5zXEm9b4Gg=; b=cKwX2l0AWlLjTRkHkiOcOQvv5ujxzcLvha0GcjGQNOhqtlaYd3a3csonKmSlVNl5aO ReeF9nR4sGw+ZDxc/UjaPtVSNAYpI4tqJxlaAhLp34iZ2zQ6N+yK7bntXS6194DeBNg9 65Z0ya2UhbbNph/V4RKA6VL0b2HAoRvF4y3bT1legsKfw2DDar3fkGIpYQp7xenhiIvR b+zuWG0U26XQ4cah8j6BLx84bHAtS9YTRyVjg/bk9q7TxbzL2M+/zbF1Vy08sBncXOt5 U96av7NofGKjMWdDIDvV25mU8+Ipt6JPO96L8vbECALl4DdAZ7/LmZQ/1cv1AYgcSJHB xX/Q==
X-Gm-Message-State: ABy/qLYms1lTzSG5byll1Ur+HhUndMFB/CXan14z6AoB8d6uwXbqvLGl be+V1Rkvy0pCo95iJ+LrTidZwtSv47eKiiFZlR531H1e
X-Google-Smtp-Source: APBJJlE1wRD50GG+SBFo7VlWmCtmgavyLD57XwcC4FPGADZ9s6o0z/T9krue8eoIocDzADBuBcQcmh5tABeLJm5rt2s=
X-Received: by 2002:a0d:f086:0:b0:56f:fa68:2e34 with SMTP id z128-20020a0df086000000b0056ffa682e34mr18554094ywe.35.1688528953565; Tue, 04 Jul 2023 20:49:13 -0700 (PDT)
MIME-Version: 1.0
References: <168836524659.58404.6585102954286960584@ietfa.amsl.com> <CA+RyBmX7xNbzh7jaR0z-ztxic=duyB7Nekmm+VRbPoxKF44MDA@mail.gmail.com>
In-Reply-To: <CA+RyBmX7xNbzh7jaR0z-ztxic=duyB7Nekmm+VRbPoxKF44MDA@mail.gmail.com>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Tue, 04 Jul 2023 20:49:02 -0700
Message-ID: <CA+RyBmUsDPoDj+OO8MYFa7ZkX9wpX7Z2YstAWb6rMp4hGsW7+g@mail.gmail.com>
To: Éric Vyncke <evyncke@cisco.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-sfc-multi-layer-oam@ietf.org, sfc-chairs@ietf.org, sfc@ietf.org, donald.eastlake@futurewei.com, d3e3e3@gmail.com, cjbc@it.uc3m.es
Content-Type: multipart/mixed; boundary="00000000000078a79a05ffb548ce"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/SAIFl1O2ZseI-LCkBzVJ-PALcF4>
Subject: Re: [sfc] Éric Vyncke's Discuss on draft-ietf-sfc-multi-layer-oam-26: (with DISCUSS and COMMENT)
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jul 2023 03:49:19 -0000
Hi Eric, upon further consideration, the authors decided: - to remove the Version field from the SFC Echo Request/Reply message - to extend the Version field in the SFC Active OAM reader to a four-bit length. Attached, please find the updated versions of the working document and its diff with the previous version (-26). Regards, Greg On Tue, Jul 4, 2023 at 6:21 PM Greg Mirsky <gregimirsky@gmail.com> wrote: > Hi Eric, > thank you for your thorough review and thoughtful comments. Please find my > responses below tagged GIM>>. > > Regards, > Greg > > On Sun, Jul 2, 2023 at 11:20 PM Éric Vyncke via Datatracker < > noreply@ietf.org> wrote: > >> Éric Vyncke has entered the following ballot position for >> draft-ietf-sfc-multi-layer-oam-26: Discuss >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut this >> introductory paragraph, however.) >> >> >> Please refer to >> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ >> for more information about how to handle DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here: >> https://datatracker.ietf.org/doc/draft-ietf-sfc-multi-layer-oam/ >> >> >> >> ---------------------------------------------------------------------- >> DISCUSS: >> ---------------------------------------------------------------------- >> >> >> # Éric Vyncke, INT AD, comments for draft-ietf-sfc-multi-layer-oam-26 >> >> Thank you for the work put into this document. >> >> Please find below one blocking DISCUSS points (very easy to address), some >> non-blocking COMMENT points (but replies would be appreciated even if >> only for >> my own education). >> >> Other thanks to Carlos Bernardos, the Internet directorate reviewer (at my >> request), please consider this int-dir review: >> >> https://datatracker.ietf.org/doc/review-ietf-sfc-multi-layer-oam-26-intdir-telechat-bernardos-2023-06-28/ >> (and I have read Greg's reply, still waiting for a revised I-D though) >> > GIM>> I'll be glad to upload the next version. Perhaps that can be done > right after your concerns get addressed. > >> >> Special thanks to Don Eastlake for the shepherd's detailed write-up >> including >> the WG consensus and the justification of the intended status and the >> author >> counts. >> >> I hope that this review helps to improve the document, >> >> Regards, >> >> -éric >> >> # DISCUSS >> >> As noted in https://www.ietf.org/blog/handling-iesg-ballot-positions/, a >> DISCUSS ballot is a request to have a discussion on the following topics: >> >> ## Section 6 >> >> As there two V header fields defined (one for Echo message and one for >> all OAM >> messages), it is unclear whether the Echo V-field is set back to 0 when >> SFC OAM >> header Version is incremented? Or in other words, should Echo with V=0 >> but with >> OAM V != 0 be interpreted as specified in this document ? >> > GIM>> A very interesting scenario. The intention is to have independent > versioning of the SFC OAM Header and SFC Echo Request/Reply (as well as any > other active OAM protocol applied to SFC). Based on that, in the scenario > you describe, SFC Echo with V == 0 just be interpreted as defined in this > document. Would you suggest that this scenario be added to the description > of the Version field of SFC Echo Request/Reply as an example of the > relationship? > NEW TEXT: > Versioning of SFC Echo Request/ > Reply is independent of the versioning of the SFC Active OAM > header (Section 5). For example, if a new SFC Active OAM header > format with V = 1 is defined, an SFC Echo Request/Reply packet > with V = 0 MUST be handled as described in this document. > >> >> Are the TLV type depending on the Version being 0 ? >> > GIM>> It seems unnecessary. Do you think that that should be explicitly > noted in the document? > >> >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> >> # COMMENTS >> >> ## Multi-layer ? >> >> I wonder what is "multi-layer" (per the I-D title) aspect in the >> specification. >> Suggest to either explain the "multi-layer" aspect or drop it from the >> draft >> title. >> > GIM>> At the very early stage, the title of the draft did include > "multi-layer". Later, it was changed to "Active OAM for Service Function > Chaining (SFC)". Would you suggest that we change from > draft-ietf-sfc-multi-layer-oam to, for example, draft-ietf-sfc-active-oam, > at this stage? > >> >> ## Section 3 >> >> Suggest to write that SFFI stands for SFF Instance in Figure 1. >> > GIM>> A good point, thank you. Added to the Acronyms: > SFI: Service Function Instance > Updated the second para in Section 3 as follows: > OLD TEXT: > The architecture example depicted in Figure 1 considers a service > function chain that includes three distinct service functions. In > this example, the SFP traverses SFF1, SFF2, and SFF3. Each SFF is > connected to two instances of the same service function. > NEW TEXT: > The architecture example depicted in Figure 1 considers a service > function chain that includes three distinct service functions. In > this example, the SFP traverses SFF1, SFF2, and SFF3. Each SFF is > connected to two service function instances (SFIs) of the same > service function. > >> >> Isn't `FM SFC OAM` a pleonasm ? I.e., either "FM" or "OAM" are redundant. >> > GIM>> OAM is a more general term that includes Fault Management and > Performance Monitoring protocols. > >> >> `(e.g., NSH)` why `e.g.` when section 1 states the focus of this I-D to >> NSH ? >> > GIM>> Our intention was to define an active OAM that is applicable to > different SFC mechanisms and use SFC NSH as an example to illustrate the > realization of SFC Echo Request/Reply. > >> >> About REQ#1, should this be a "MUST" rather than a "SHOULD" ? >> > GIM>> We need to consider that active SFC OAM excludes SFIs along the > SFP1. On the other hand, the application of the SFI to a user packet can be > re-classified and switched to another SFP2. To examine that SFP2, a > different active SFC OAM packet can be transmitted from that Re-classifier. > that is different from, for example, tracing in an ECMP environment and is > why we feel that "SHOULD" is appropriate rather than MUST. > >> >> In REQ#8, `the initiator of such a request` should probably be more >> specific. >> > GIM>> Would the following update make the requirement more clear: > OLD TEXT: > REQ#8: SFC OAM MUST be able to trigger on-demand FM with responses > being directed towards the initiator of such a request. > NEW TEXT: > REQ#8: SFC OAM MUST be able to trigger on-demand FM remotely with > responses being directed toward the initiator of the remote > request. > > >> ## Section 4 >> >> Isn't RFC 8300 a better reference for the O bit rather than an IETF draft >> ? >> > GIM>> Med helped me answer this question. > >> >> ## Section 5 >> >> Please add a justification / actual data about `But extra IP/UDP headers, >> especially in an IPv6 network, add noticeable overhead.` >> > GIM>> I propose the following update of that sentence: > OLD TEXT: > But extra IP/ > UDP headers, especially in an IPv6 network, add noticeable overhead. > NEW TEXT: > But an extra > IP/UDP header, especially in an IPv6 network, adds overhead compared > to the length of an active OAM control packet (e.g., BFD Control > packet [RFC5880]). In some environments, for example, when measuring > performance metrics, it is beneficial to transmit OAM packets in a > broad range of lengths to emulate application traffic closer. > > Is the updated text acceptable? > >> >> I am really concerned by having only 2 bits to indicate the version while >> there >> are 8 bits reserved on the side. This does not look too good for >> revisions. >> > GIM>> A very valid and practical point, thank you. Would you agree to > increase the Version field to a four-bit length? > >> >> When can an implementation deviate from the SHOULD in Sender's Handle: >> `The >> sender of the Echo Request SHOULD use a pseudo-random number generator ` ? >> While I understand that this is an opaque value, and using a random number >> prevents fingerprinting, I would assume that some implementations would >> like to >> add some private semantics to this number. >> > GIM>> Yes, an implementation may use the Sender's Handle for some > proprietary signaling as long as the system that receives SFC Echo Request > doesn't alter the value of the Sender's Handle field but copies it into SFC > Echo Reply. Do you feel that a note with that example needs to be added? > >> >> ## Section 6 >> >> Suggest adding some text about the absence of TLVs based on the length of >> the >> SFC OAM header. >> > GIM>> Would the following update match your expectation: > OLD TEXT: > TLV is a variable-length construct whose length is multiple of four- > octet words. Multiple TLVs MAY be placed in an SFC Echo Request/ > Reply packet. None, one or more sub-TLVs may be enclosed in the > value part of a TLV, subject to the semantics of the (outer) TLV. > NEW TEXT: > TLV is a variable-length construct whose length is multiple of four- > octet words. Multiple TLVs MAY be placed in an SFC Echo Request/ > Reply packet. None, one or more sub-TLVs may be enclosed in the > value part of a TLV, subject to the semantics of the (outer) TLV. If > no TLVs are included in an SFC Echo Request/Reply, the value of the > Length field in the SFC Active OAM header MUST be 16 octets. > >> >> ## Section 6.1 >> >> To avoid confusion s/TTL Exceeded/NSH TTL Exceeded/ (even if explained >> later in >> the text). >> > GIM>> A good point. True, the proposed SFC Echo Request/Reply mechanism > can be used in SFC NSH, we believe that it can also be applied in, for > example, SFC based on RFC 8595 > <https://www.rfc-editor.org/rfc/rfc8595.html>, would s/TTL Exceeded/SFC > TTL Exceeded/ be acceptable? > >> >> In `The receiver of said Echo Request can set it to one of the values` >> should >> the "can" be replaced by a "MUST" ? >> > GIM>> Indeed, thank you for pointing this out. Done. > >> >> ## Section 6.3 >> >> `If the NSH is used,` but section 1 specifies that this I-D is only about >> NSH. >> > GIM>> Our intention was to define an Echo Request/Reply mechanism for any > technology that can realize SFC. NSH is one such technology. RFC 8595 > defines how MPLS can be used to realize SFC. What would you suggest? > >> >> `Reply via an IPv4/IPv6 UDP Packet` is unclear when reading it. Please >> add a >> forward reference to section 6.3.1 (I would also prefer to have 6.3.1 >> earlier >> in the flow >> > GIM>> Added the reference as you suggested: > * Reply via an IPv4/IPv6 UDP Packet (2). If an SFC Echo Request is > not encapsulated in IP/UDP, then this value requests the use of > the Source ID TLV Section 6.3.1. > > >> ## Section 6.5.2 >> >> How `If the NSH of the received SFC Echo Request includes the MAC Context >> Header, the packet's authentication MUST be verified before using any >> data. `is >> different to the text of section 6.4 about the MAC ? >> > GIM>> Yes, it appears as unnecessary duplication. Would backreference to > Section 4 as follows to address your concern: > > If the NSH of the received SFC Echo Request includes the MAC Context > Header, the packet's authentication MUST be verified before using any > data as defined in Section 6.4. > >> >> `Sequence Number in the Echo Request sent matches to the Sequence Number >> in the >> Echo Reply received` should it rather be a window of sequence number ? >> I.e., >> pipelined requests could be sent. >> > GIM>> A very good point, thank you. Update as follows: > OLD TEXT: > the Sequence Number in the Echo > Request sent matches to the Sequence Number in the Echo Reply > received. > NEW TEXT: > the Sequence Number in the Echo Reply > received matches the Sequence Number of one of outstanding > transmitted Echo Requests. > >> >> ## Section 6.6 >> >> `Consistency Verification Request` this message is not defined before this >> section and not in RFC 8300. If specified in this section, may I suggest >> to >> rename the section to be about CVReq ? >> > GIM>> Thank you for the suggestion. Renamed the section to "The Use of > Consistency Verification Request Message" > >> >> ## Section 7 >> >> `if the underlay is an IPv6 network` what about IPv4 ? I would assume that >> IPv[46] underlays can support AH/ESP. >> > GIM>> IPv6 is used as an example. Of course, AH and ESP are equally > applicable in IPv4. Would you suggest re-wording like: > If the underlay is an IPv4 or IPv6 network, IP Authentication Header > [RFC4302] or IP Encapsulating Security Payload Header [RFC4303] can > be used to provide integrity protection. > >> >> Should this be a SHOULD in `an implementation MAY check that the source >> of the >> Echo Request is indeed part of the SFP`? >> > GIM>> In the course of the earlier discussion, that text got changed to > the following: > To protect against unauthorized sources trying to obtain information > about the overlay and/or underlay, an implementation MUST have means > to check that the source of the Echo Request is part of the SFP. > I hope that this change addresses your concern. >
- [sfc] Éric Vyncke's Discuss on draft-ietf-sfc-mul… Éric Vyncke via Datatracker
- Re: [sfc] Éric Vyncke's Discuss on draft-ietf-sfc… mohamed.boucadair
- Re: [sfc] Éric Vyncke's Discuss on draft-ietf-sfc… Greg Mirsky
- Re: [sfc] Éric Vyncke's Discuss on draft-ietf-sfc… Greg Mirsky
- Re: [sfc] Éric Vyncke's Discuss on draft-ietf-sfc… mohamed.boucadair
- Re: [sfc] Éric Vyncke's Discuss on draft-ietf-sfc… Eric Vyncke (evyncke)
- Re: [sfc] Éric Vyncke's Discuss on draft-ietf-sfc… Greg Mirsky
- Re: [sfc] Éric Vyncke's Discuss on draft-ietf-sfc… Eric Vyncke (evyncke)