IETF Logo Mail Archive

Re: [sfc] IBN Path Configuration solution for draft-dolson-sfc-hierarchical-05

DIEGO LOPEZ GARCIA <diego.r.lopez@telefonica.com> Sun, 19 June 2016 21:58 UTC

Return-Path: <diego.r.lopez@telefonica.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A130012D850 for <sfc@ietfa.amsl.com>; Sun, 19 Jun 2016 14:58:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.997
X-Spam-Level:
X-Spam-Status: No, score=-3.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5tREwpXXIkfa for <sfc@ietfa.amsl.com>; Sun, 19 Jun 2016 14:58:42 -0700 (PDT)
Received: from smtpjc.telefonica.com (smtpjc.telefonica.com [81.47.204.76]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8898E12D84C for <sfc@ietf.org>; Sun, 19 Jun 2016 14:58:41 -0700 (PDT)
Received: from smtpjc.telefonica.com (localhost6.localdomain6 [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 520CA1B829B; Sun, 19 Jun 2016 23:58:39 +0200 (CEST)
Received: from ESTGVMSP107.EUROPE.telefonica.corp (unknown [10.92.4.9]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client CN "ESTGVMSP107", Issuer "ESTGVMSP107" (not verified)) by smtpjc.telefonica.com (Postfix) with ESMTPS id 386611B826A; Sun, 19 Jun 2016 23:58:39 +0200 (CEST)
Received: from emea01-am1-obe.outbound.protection.outlook.com (10.92.5.139) by tls.telefonica.com (10.92.6.52) with Microsoft SMTP Server (TLS) id 14.3.266.1; Sun, 19 Jun 2016 23:58:37 +0200
Received: from DB4PR06MB0624.eurprd06.prod.outlook.com (10.161.13.142) by DB4PR06MB0622.eurprd06.prod.outlook.com (10.161.13.140) with Microsoft SMTP Server (TLS) id 15.1.517.2; Sun, 19 Jun 2016 21:58:35 +0000
Received: from DB4PR06MB0624.eurprd06.prod.outlook.com ([10.161.13.142]) by DB4PR06MB0624.eurprd06.prod.outlook.com ([10.161.13.142]) with mapi id 15.01.0511.017; Sun, 19 Jun 2016 21:58:35 +0000
From: DIEGO LOPEZ GARCIA <diego.r.lopez@telefonica.com>
To: VictorVu <minowar91@gmail.com>
Thread-Topic: [sfc] IBN Path Configuration solution for draft-dolson-sfc-hierarchical-05
Thread-Index: AQHRw4+4AcOmVNasS0K5NgFlHY5aJZ/pBRQQgAY1FwCAADZQAIAB89gA
Date: Sun, 19 Jun 2016 21:58:35 +0000
Message-ID: <F4D6B1A2-11DE-4001-919F-3EE039978DDC@telefonica.com>
References: <e6376b08-505d-b279-3067-bb92bb858302@dcn.ssu.ac.kr> <E8355113905631478EFF04F5AA706E9830FB1EEE@wtl-exchp-2.sandvine.com> <399F8E53-ADAD-49AD-94CF-214CA236F786@telefonica.com> <d5d16390-fd1d-7ba7-2ebc-9c202dc8c9cc@gmail.com>
In-Reply-To: <d5d16390-fd1d-7ba7-2ebc-9c202dc8c9cc@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=diego.r.lopez@telefonica.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [88.15.58.47]
x-ms-office365-filtering-correlation-id: ff30e6f4-17eb-4e45-8caf-08d3988cdcaa
x-microsoft-exchange-diagnostics: 1; DB4PR06MB0622; 6:+wrI/UXujx62PtP5tLIlYBfpz4JruKcqlgFhLE0yF0C9o7D12WZrxfpzLaqrsESYteeH+j3LRhG+Ch60F6LfCBNy46znpczP5ybKSmRr6GqldbYwcncm8Sv4H/bNOJxwNFXOJUwnkp37arH+PMsj6kaEncUMgY+25s+q8CXLTIqLZF8GCuuCfWumeVUJh5R7DADiTni/DXRAwf84MhA55izJ9Jb45GrwLW0IxzQeC3rXPOIkOv1eAJJBX32BbMtcBpbfMPxIjp4dSCG0wwyhs3c4L8lAsLok9KGckkBxPH0=; 5:9lZiQP2L5jvfthCH9fB7a5gRHrxJmxqlAyfJKllWJRtKO5RVXwHstj6mqkEk3eCsfoZ7H2hBumSWwRkgsr1uDaoRnl0KDMovNhqhSqGnHFzUZBV1LjjW2p9SXf/GANUywj+DqKET4ae5xRerPMFNkw==; 24:/I1T9A5PG/eFKNNA9H4zBW7hAqwhbG2ZcmbGOZ84QFI6ujAx4K4kaGAg2Mlkgivm4LIuqjc3AknrEGsP4fpJU1z0lFhTxObDkvOB684qHkQ=; 7:g3iCO/evVGAHWNQtmSijFIBK6UuFUfPNsxgCQ4EPYThMyUGJzXjtjbSQTx4zgXzIZeHBxBDQojzNq6cCk4tJbrr+PNwLfVGaMX+mmPsiOMD6R4QRLAJk7rBgyEEWS2hnbonyB5JCazBm0scbjFs+H9HM0J6ErkUutzrEP19e4EWfbW/3YDatc+XiEojCe30vWRryPo1tCzYEpJtn1Jsp2g==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB4PR06MB0622;
x-microsoft-antispam-prvs: <DB4PR06MB0622FCE796B22294509AFAA1DF290@DB4PR06MB0622.eurprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(40392960112811)(192374486261705)(202971688547567);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046); SRVR:DB4PR06MB0622; BCL:0; PCL:0; RULEID:; SRVR:DB4PR06MB0622;
x-forefront-prvs: 09781D4C35
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(40134004)(377454003)(25724002)(45984002)(189002)(199003)(24454002)(252514010)(10400500002)(87936001)(81156014)(50986999)(92566002)(93886004)(2906002)(81166006)(230783001)(7906002)(7846002)(5004730100002)(8676002)(54356999)(76176999)(101416001)(19580405001)(19580395003)(4326007)(8936002)(3280700002)(189998001)(3846002)(6116002)(97736004)(102836003)(36756003)(19617315012)(33656002)(106116001)(68736007)(11100500001)(105586002)(16236675004)(106356001)(66066001)(3660700001)(2950100001)(77096005)(2900100001)(122556002)(83716003)(15975445007)(86362001)(18206015028)(82746002)(110136002)(1411001)(586003)(5002640100001)(7099028)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:DB4PR06MB0622; H:DB4PR06MB0624.eurprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; CAT:NONE; LANG:en; CAT:NONE;
received-spf: None (protection.outlook.com: telefonica.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_F4D6B1A211DE4001919F3EE039978DDCtelefonicacom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Jun 2016 21:58:35.2918 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9744600e-3e04-492e-baa1-25ec245c6f10
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB4PR06MB0622
X-OriginatorOrg: telefonica.com
X-TM-AS-GCONF: 00
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/mlYkz6S_4XpNc92AP4XAmsSEAYM>
Cc: "sfc@ietf.org" <sfc@ietf.org>
Subject: Re: [sfc] IBN Path Configuration solution for draft-dolson-sfc-hierarchical-05
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Jun 2016 21:58:46 -0000

Hi,

I see. So the price the pay would be only a metadata slot, what seems quite reasonable.

Be goode,

On 18 Jun 2016, at 18:09 , VictorVu <minowar91@gmail.com<mailto:minowar91@gmail.com>> wrote:


Hi,

Actually, it only requires 1 metadata slot for as many layers as you want. Lower-level IBNs simply save upper-level hSFC flow ID in metadata and overwrite it. Flow-stateful IBNs can even save all upper-level metadata and recover later, so lower-level domains at any layer are free to use 3 metadata slots.

Regards,

On 6/18/16 9:55 PM, DIEGO LOPEZ GARCIA wrote:
Hi,

The only possible objection someone could come with is the fact that we are limiting a possible hierarchy recursion to three layers (a fourth one could not use any metadata slots) But I would not say that is something I feel very much concerned about (hence the impersonal “someone” rather than a personal “I”)

Be goode,

On 14 Jun 2016, at 16:18 , Dave Dolson <<mailto:ddolson@sandvine.com>ddolson@sandvine.com<mailto:ddolson@sandvine.com>> wrote:

Victor,

Yes, I agree this is a good idea. I intend to add it to the list of alternatives in the draft.
I think it is probably the best of the stateful ideas.
I think to the list of benefits we can also add:
- has potential for security advantages in that it may be harder for a sub-domain SF to attack upper-level paths because the upper-level path is obscured by the flow ID, and the flow ID can be validated as it returns.

I intend to update the draft soon including some changes from the other authors.
If anyone on the list has other feed-back, please let me know.

-Dave
P.S. Victor, it doesn’t appear that your request made it to the list. Hopefully this reply does.



From: Victor Vu [mailto:vuva@dcn.ssu.ac.kr]
Sent: Friday, June 10, 2016 11:16 PM
To: <mailto:sfc@ietf.org> sfc@ietf.org<mailto:sfc@ietf.org>; Dave Dolson
Subject: [sfc] IBN Path Configuration solution for draft-dolson-sfc-hierarchical-05


Hi,

In draft-dolson-sfc-hierarchical-05, there have been 4 method for restoring upper-level SF path when packets exit lower-level domain, each of them has its disadvantage:

1.  Saving SPI and SI in transport-layer flow state => could not work with SFs wich can change 5-tuple (NAT for example)

2.  Pushing SPI and SI into metadata => MD-type 1 has only 4 metadata slots

3.  Using unique lower-level paths per upper-level path coordinates => too many service paths in lower-level domain

4.  Nesting NSH headers, encapsulating the higher-level NSH headers within the lower-level NSH headers => require SFs in the lower-level domain to be able to parse multiple layers of NSH

Therefore, I would like to propose the Flow-stateful/metadata hybrid solution. The basic idea is to make IBN save top-domain flow information (flow-stateful IBN), and assign each flow an “h-sfc flow ID” mapped to its info and store in 1 Mandatory context header. When packet exit sub-domain, get upper-domain’s info back by the h-sfc flow ID and restore it at the service last hop.

In this way:

  *   Upper domain metadata is preserved, and sub-domains can change it just like a SFs does
  *   Does NOT depend on 5-tuple => work well with NAT
  *   Does NOT require all domains have a same metadata scheme
  *   Scalable: could restore any top-domain information, not just service path
  *   Top domain could use full 4 metadata slots, while sub-domains can use up to 3
  *   Does not require any special functionalities from SFs
  *   ID can be used to differentiate H-SFC and non-H-SFC flows

I would like to listen to your opinions.
Thank you very much.

Best regards,


--

--------------------------------------------------------------

Vu Anh Vu (Victor Vu)

DCN Laboratory - School of Electronic Engineering - Soongsil University

Email: vuva@dcn.ssu.ac.kr<mailto:vuva@dcn.ssu.ac.kr> / vuvabk@gmail.com<mailto:vuvabk@gmail.com>

Phone: (+82)-2-820-0841

Mobile: (+82)-10-9763-0103

Address: 369 Sangdo-ro, Dongjak-gu (06978), Seoul, Korea


[https://ipmcdn.avast.com/images/2016/icons/icon-envelope-tick-round-orange_184x116-v1.png]<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=oa-2322-b>

Virus-free<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=oa-2322-b>


_______________________________________________
sfc mailing list
sfc@ietf.org<mailto:sfc@ietf.org>
https://www.ietf.org/mailman/listinfo/sfc

--
"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez
Telefonica I+D
http://people.tid.es/diego.lopez/

e-mail: diego.r.lopez@telefonica.com<mailto:diego.r.lopez@telefonica.com>
Tel:    +34 913 129 041
Mobile: +34 682 051 091
----------------------------------


________________________________

Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição

[https://ipmcdn.avast.com/images/2016/icons/icon-envelope-tick-round-orange_184x116-v1.png]<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=oa-2322-a> Virus-free. www.avast.com<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=oa-2322-a>

--
"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez
Telefonica I+D
http://people.tid.es/diego.lopez/

e-mail: diego.r.lopez@telefonica.com
Tel:    +34 913 129 041
Mobile: +34 682 051 091
----------------------------------


________________________________

Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição

v2.23.0 | Report a Bug | By Email