Re: [sfc] Adopting draft-mirsky-sfc-pmamm

"Carlos Pignataro (cpignata)" <cpignata@cisco.com> Mon, 10 June 2019 05:10 UTC

Return-Path: <cpignata@cisco.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEF9C120189 for <sfc@ietfa.amsl.com>; Sun, 9 Jun 2019 22:10:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=UWX8xpuv; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=HXp+9k36
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wvVtusssYrgJ for <sfc@ietfa.amsl.com>; Sun, 9 Jun 2019 22:10:19 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA436120164 for <sfc@ietf.org>; Sun, 9 Jun 2019 22:10:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=21439; q=dns/txt; s=iport; t=1560143418; x=1561353018; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=dP2JfnlqAP0t17CU3Qg7Yav3qMtj+AoH5bBFvlGaiMU=; b=UWX8xpuvpQf1PtXuv2bkpsr092jxTuZyHbHPVCQPxfSgP8nOuo0YzgLT j+cALi0g4bbSQGrvAf/mLY8O9KEqxfInPrAVH5vkFYBEH2J7C2L0ApEUA CVUWTzUmlFFirlNfp7bhxMGXJl6eJURd/MjUE/vjnWutm0sTZbetAoEq6 s=;
IronPort-PHdr: 9a23:KSVyvxLq48ZhMDcoftmcpTVXNCE6p7X5OBIU4ZM7irVIN76u5InmIFeBvKd2lFGcW4Ld5roEkOfQv636EU04qZea+DFnEtRXUgMdz8AfngguGsmAXEbjLfHsZjAzNM9DT1RiuXq8NBsdFQ==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CjAAA95f1c/5hdJa1lHAEBAQQBAQcEAQGBUwUBAQsBgT1QA2pVIAQLKINVQINHA45dlTeEUoEuFIEQA1QJAQEBDAEBGAEKCgIBAYRAAheCVCM2Bw4BAwEBBAEBAgEEbRwMhUsCBAEBCgYLBh0BASwLAQ8CAQYCPwMCAgIlCxQRAgQOBRsHgwABgR1NAx0BAgyKVZBgAoE4iF9xgTGCeQEBBYFGQUCCMhiCDwMGgTQBi1wXgUA/gREnH4JMPoJhAQECAQGBJQUBEgEeLoJdMoImi0yCXIRsiD6Mb2oJAoIPhkSMfhuCJYZ8hASJdpQmjCCDBwIEAgQFAg4BAQWBVgIvZ3FwFTsqAYJBPoFRDBeDTYUUhT9yAYEojQGCQwEB
X-IronPort-AV: E=Sophos;i="5.63,573,1557187200"; d="scan'208,217";a="282471089"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 10 Jun 2019 05:10:15 +0000
Received: from XCH-ALN-017.cisco.com (xch-aln-017.cisco.com [173.36.7.27]) by rcdn-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id x5A5AFkI017610 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 10 Jun 2019 05:10:15 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-ALN-017.cisco.com (173.36.7.27) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 10 Jun 2019 00:10:14 -0500
Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 10 Jun 2019 00:10:14 -0500
Received: from NAM05-DM3-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 10 Jun 2019 00:10:14 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dP2JfnlqAP0t17CU3Qg7Yav3qMtj+AoH5bBFvlGaiMU=; b=HXp+9k36LUqlZOiXfPFHakEgdIdOqFFDKna8BNs/3mUYAN+IKKyMSql8/kR6759U2hjDMiowf+XIRNgwtj3txL8sKzCFekX5RFrzB1GZOmiDgjvWPXxbPKIKe7+D+OdrAScOEG2fhaqUvYiKnq3YaGE4FmfZSkHLxwLkzueuFhQ=
Received: from BL0PR11MB3028.namprd11.prod.outlook.com (20.177.204.138) by BL0PR11MB3137.namprd11.prod.outlook.com (20.177.206.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1965.17; Mon, 10 Jun 2019 05:10:13 +0000
Received: from BL0PR11MB3028.namprd11.prod.outlook.com ([fe80::ec33:f4c1:227a:fcb3]) by BL0PR11MB3028.namprd11.prod.outlook.com ([fe80::ec33:f4c1:227a:fcb3%5]) with mapi id 15.20.1965.017; Mon, 10 Jun 2019 05:10:13 +0000
From: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
CC: Greg Mirsky <gregimirsky@gmail.com>, Service Function Chaining IETF list <sfc@ietf.org>
Thread-Topic: [sfc] Adopting draft-mirsky-sfc-pmamm
Thread-Index: AQHVEl0awkZ/I9bk+kaAPjCqN+WKFqaUcNAA
Date: Mon, 10 Jun 2019 05:10:11 +0000
Message-ID: <5C9555F1-C9A2-44EA-AB25-52FDF11A5C8B@cisco.com>
References: <CA+RyBmXFfeoPd5jTqfvG7RAxgDxQePmuV4j4VuvVC1-H=p5OZA@mail.gmail.com> <b2c4ca07-e012-72b7-476c-2ca17c3f9748@joelhalpern.com>
In-Reply-To: <b2c4ca07-e012-72b7-476c-2ca17c3f9748@joelhalpern.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3445.104.11)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=cpignata@cisco.com;
x-originating-ip: [2001:420:c0c8:1001::506]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: bc9a4853-d460-47ef-0507-08d6ed61eb3f
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:BL0PR11MB3137;
x-ms-traffictypediagnostic: BL0PR11MB3137:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <BL0PR11MB3137C8E370912DC963E6966AC7130@BL0PR11MB3137.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0064B3273C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(346002)(39860400002)(366004)(396003)(376002)(199004)(189003)(14454004)(57306001)(446003)(2616005)(6246003)(486006)(476003)(256004)(14444005)(11346002)(7736002)(86362001)(68736007)(6116002)(53936002)(5660300002)(81166006)(81156014)(83716004)(82746002)(8936002)(8676002)(50226002)(66446008)(64756008)(76116006)(73956011)(66946007)(66476007)(66556008)(91956017)(71190400001)(71200400001)(6436002)(46003)(606006)(54906003)(6916009)(6486002)(229853002)(76176011)(99286004)(316002)(6306002)(25786009)(54896002)(53546011)(236005)(478600001)(6512007)(33656002)(4326008)(186003)(6506007)(102836004)(2906002)(966005)(36756003)(561944003); DIR:OUT; SFP:1101; SCL:1; SRVR:BL0PR11MB3137; H:BL0PR11MB3028.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: X8Mw6yAT1nKQTBi97Oj82vbIqfKcmp+iypjLt9S/b3uzOSQeJcspOaKtR3JjKnbQQOXHleh6ViumOQbc4cY9Ufe368K0P5WuIaG3UNa/IYhs0jsnb+9S/6qJpjxJXDRyZgi3BIG0Am1R2kXKx6aK9NcbqxGnSzWgTXv/t7QLFm2YipcD+YNNBeKC8xSrRRoHMSUrMZLoOQO/zkuWuQdhRZlDOJx4yOy13v24cMbjMxtronD+MolKjuO2aupTwO3kTKXjfWOEPi1F7x0T3NaW2gItcTZie2dFae3DEiAGlWsVlx95MWmHbzsV8411cG4J3h0MRKvfHQcD7A0mhWz5eEGei/mCLVZ/zPmQ+L1F/Mt+jAZ7eRh9fNaIm6eBLegQe+YsEipLtmUq81muVdx7I0qZMvDlykcBCBBL7EU2vok=
Content-Type: multipart/alternative; boundary="_000_5C9555F1C9A244EAAB2552FDF11A5C8Bciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: bc9a4853-d460-47ef-0507-08d6ed61eb3f
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jun 2019 05:10:11.2522 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: cpignata@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR11MB3137
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.27, xch-aln-017.cisco.com
X-Outbound-Node: rcdn-core-1.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/jVh2Fz9UJp3SlQ2kqxmVLRYxekw>
Subject: Re: [sfc] Adopting draft-mirsky-sfc-pmamm
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jun 2019 05:10:30 -0000

Joel, Jim,

I reflected on this adoption call. In the end, I oppose adopting this draft as a working group document at this point.

After all consideration, my evaluation is that, at best, it is very premature.

Here’s some of the technical reasons for this:

1. Fundamental mis-assumptions.

1.1.

The whole basis of this document is using a “marking” method as a passive PM method. This is the only sentence in the Abstract:

   This document describes how the alternate marking method be used as
   the passive performance measurement method in a Service Function
   Chaining (SFC) domain.

However, the definition of a passive method from RFC 7799 is:

https://tools.ietf.org/html/rfc7799#section-3.6
   o  based solely on observations of an undisturbed and unmodified
      packet stream of interest (in other words, the method of
      measurement MUST NOT add, change, or remove packets or fields or
      change field values anywhere along the path).

This definition says MUST NOT change field values.

I understand the document says:
   alternate marking method in SFC layer can be viewed as a real example
   of passive performance measurement method.

However, that is not saying “it is a passive method because of this thorough analysis”.

I also understand that RFC 8321 gives guidance of when an alternate-marking method can be considered Hybrid vs. Passive.

I remember because I was Document Shepherd on that I-D to become RFC 8321.

However, the SFC NSH can be encapsulated in a number of transport encapsulation protocols. There is no analysis to explain how the changing of this field value will not result in a different forwarding (e.g., path, treatment) decision.

For example, there’s an MPLS SFC NSH encapsulation just published as RFC, and here this document attempts to define a bit in the first nibble. RFC 8300 carefully reserved version numbers to prevent ECMP treatment. Here, my point is no to move the bit around, but to exemplify how there’s been lack of captured thought about this proposal and approach.

1.2.

There’s been no discussion about whether this specific solution is what SFC needs for Passive OAM, or of the risks of this modifying forwarding. And weather the NSH Base Header is the best place for these measurements.


2. Solution looking for a problem.

This draft defines a solution, but it really does not indicate the scope or extend of the problem being solved. It does not explain how this specific solution fits in the potential constellation of OAM solutions for SFC.

And as such, it is impossible to compare it against other potential solutions, or to evaluate or understand how it fits in the overall OAM Framework.

Which exact function of OAM is this solving, and given the graph-nature of SFC, is this too simplistic of a solution for Performance Measurement, where other hybrid solutions can provide a large superset of this functionality?

This is compounded by one additional issue:

There seems to be a tendency of, without explanation, extrapolating RFCs and solutions into all possible protocols, regardless of their need.

For example, after RFC 7110, there were all kinds of specified-return-paths documents for many protocols — even for things that did not make full sense like for SFC. I would cautious us to develop standards based on needs.

And equally important, to understand the overall landscape of Performance Measurement before pushing too localized solutions.


3. Grossly underdefined and underspecified operations.

3.1.

The Theory of Operation in Section 4 does not really explain the role of any node (headend, tailed, midpoint) or (SF, SFF, Classifier). Which nodes can/must mark/read/change, etc. Sections 4.1, 4.2, 4.2 explains details of the Alternate Marking method, but not the SFC applicability or usage.

3.2.

What is the default value for the bit?

3.3.

The document says it creates sub-flows within SFC:

   Using the marking method a component of the SFC creates distinct sub-
   flows in the particular service traffic over SFC.

How does this interact with Flow concepts in SFC?


4. Effectively null considerations to security.

The security considerations reads:

   This document lists the OAM requirement for SFC domain and does not
   raise any security concerns or issues in addition to ones common to
   networking and SFC.

It is unclear if that is a copy/paste from another document, or what it really means.


5. Minor issues

The NSH [RFC 8300] does not have “R” bits. It has “U” bits.

Thanks,

Carlos.



On May 24, 2019, at 2:17 PM, Joel M. Halpern <jmh@joelhalpern.com<mailto:jmh@joelhalpern.com>> wrote:

This email starts the adoption call for draft-mirsky-sfc-pmamm (https://datatracker.ietf.org/doc/draft-mirsky-sfc-pmamm/).

Please speak up if you support or oppose adopting this document as a working group document.  Please provide reasons for that view.
Silence will not be considered consent.

The adoption call will end CoB 10 June 2019.

Yours,
Joel (and Jim

On 5/20/19 1:58 PM, Greg Mirsky wrote:
Dear Joel and Jim,
authors ofdraft-mirsky-sfc-pmamm believe that the draft, that defines how the Alternate Marking (RFC 8321) technique can be used in SFC NSH, is stable, and ready for the working group adoption. Much appreciate your consideration to start the WG AP.
Best regards,
Greg

_______________________________________________
sfc mailing list
sfc@ietf.org<mailto:sfc@ietf.org>
https://www.ietf.org/mailman/listinfo/sfc