IETF Logo Mail Archive

Re: [sfc] clarification on Service Path ID for draft-penno-sfc-packet

"Joel M. Halpern" <jmh@joelhalpern.com> Fri, 14 July 2017 20:08 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13E1C13193F for <sfc@ietfa.amsl.com>; Fri, 14 Jul 2017 13:08:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.702
X-Spam-Level:
X-Spam-Status: No, score=-2.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uj2T8FCZC89j for <sfc@ietfa.amsl.com>; Fri, 14 Jul 2017 13:08:07 -0700 (PDT)
Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6721513191C for <sfc@ietf.org>; Fri, 14 Jul 2017 13:08:07 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id 43B35240412; Fri, 14 Jul 2017 13:08:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1500062887; bh=uH05ZLcZ2sOeZy3moJNGH1eiLRSZnWoBMJEgcUFUPHo=; h=Subject:To:References:From:Date:In-Reply-To:From; b=H/axb3sBUf8pNNDvksnoIqoH4UuJyLCPef2mzJBYIYr7m9i4GubLrtnp9K7hohniG aRqETPZ739SHr218AsYxD9cIUjnF8zJFyzOWXMbzfptBifWFSLg0Mx857o/Yqqpszn Tdo1Rme/+GzLYBLgPVxE0cyvhxa6DscJMbstZzhM=
X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net
Received: from Joels-MacBook-Pro.local (unknown [50.225.209.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 0179824503B; Fri, 14 Jul 2017 13:08:05 -0700 (PDT)
To: Dave Dolson <ddolson@sandvine.com>, James N Guichard <james.n.guichard@huawei.com>, "Kent Leung (kleung)" <kleung@cisco.com>, "sfc@ietf.org" <sfc@ietf.org>
References: <91d8a4564df24299a24bee2688c9f6a6@XCH-RTP-006.cisco.com> <BF1BE6D99B52F84AB9B48B7CF6F17DA3EF0D62@SJCEML702-CHM.china.huawei.com> <E8355113905631478EFF04F5AA706E98A9060316@wtl-exchp-2.sandvine.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <e063629f-b3a0-cdbf-6450-3a442399a720@joelhalpern.com>
Date: Fri, 14 Jul 2017 16:08:05 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <E8355113905631478EFF04F5AA706E98A9060316@wtl-exchp-2.sandvine.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/u50Iy1PNltyP6CeKmn8YB424Vcg>
Subject: Re: [sfc] clarification on Service Path ID for draft-penno-sfc-packet
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jul 2017 20:08:09 -0000

I find myself torn.  (And speaking personally in all that follows.)

There are actually two issues buried onder here.
Unless the reverse SFP is set up, and is congurent, the forwarding state 
may not exist.
Congruent reverse is only required when the nature of the SFP is such 
that reverse traffic must go through the same seqeunce of SFs, albeit in 
the reverse order, as the forward traffic.  That is not mandatory.  Even 
if some elements are common (as for example a TCP proxy), that doe snot 
mean that all are common and that full congruence is required.

To make this clearer, given an SFP that goes through SFFs A, B, and C, 
there is no requirement that SFF B have forwarding state for any 
specific SPI / SI to take reverse traffic.

So one of the points is to be explicit that a backwards path needs to be 
established (by control, routing, magic, ...) from those entities which 
need to send such reverse packets.  Which means that someone has to be 
able to determine where that is required.

Now, if we assume that piece of knowledge gets communicated, and the 
path is established, the quesiton you are asking is how to identify that 
reverse path.

I take Dave's point that there is a simplicity and efficiency in using 
the same SPI.  I find it conflicts with my personal view on how SPIs 
work.  But that is my problem, not the WGs.  The strong argument in 
favor is in fact that there can only be 64 different SIs in each 
direction, so there is plenty of room to keep things far enough apart 
that accidental wrap is not possible.

Net: using the SI grates on my nerves, but is probably sufficiently 
robust that it is a very reasonable choice.

Yours,
Joel


On 7/14/17 2:50 PM, Dave Dolson wrote:
> There is not actually forwarding ambiguity, since SFF forwarding depends 
> on **both** SPI and SI.
> 
> So for example, there is no ambiguity in forwarding to use SI in the 
> range [0,127] of up-link and range [128,255] for down-link, on the same SPI.
> 
> The limitation is ~127 SFs per path instead of ~255.
> 
> As I see it, Kent’s question is one of aesthetics. Do folks like the 
> same SPI used for two directions?
> 
> Personally, I find use of a single SPI to be more elegant,  consuming 
> only one path ID instead of two. (section 5.4.1).
> 
> It may make debugging easier as well.
> 
> Also, for what it’s worth, we demonstrated this method of section 5.4.1 
> at a previous IETF hackathon.
> 
> -Dave
> 
> *From:*sfc [mailto:sfc-bounces@ietf.org] *On Behalf Of *James N Guichard
> *Sent:* Friday, July 14, 2017 2:25 PM
> *To:* Kent Leung (kleung); sfc@ietf.org
> *Subject:* Re: [sfc] clarification on Service Path ID for 
> draft-penno-sfc-packet
> 
> Hi Kent,
> 
> [personal opinion …] I have always assumed that the service path ID 
> would be uni-directional given that it would be difficult to avoid 
> collision in all forwarding scenarios. If you look at a basic SFC a-b-c 
> and the service index is set to 255 at the classifiers a & c (which imho 
> will be the normal practice) then at b you would have a conflict if the 
> same service path ID is used in both directions.
> 
> Jim
> 
> *From:* sfc [mailto:sfc-bounces@ietf.org] *On Behalf Of *Kent Leung (kleung)
> *Sent:* Friday, July 14, 2017 1:58 PM
> *To:* sfc@ietf.org <mailto:sfc@ietf.org>
> *Subject:* [sfc] clarification on Service Path ID for draft-penno-sfc-packet
> 
> Hi. We are working on a revision for this draft. There were 4 proposed 
> solution options in section 5. During some discussions, most folks seem 
> to favor the use of algorithmic method in section 5.4. However, there 
> are 2 sub-options. One is based on same Service Path ID and using 
> Service Index to determine flow direction (sect. 5.4.1). The other is 
> based on setting high order bit on Serve Path ID, which determines flow 
> direction (sect. 5.4.2). There are mixed opinions. One reason is that 
> there may be the assumption the Service Path ID is uni-directional. No 
> explicit wording of that nature has been encountered in the RFCs, maybe 
> we missed something?
> 
> If Serve Path ID is required to be uni-directional, then the answer is 
> easy (=> 5.4.2). We would like to solicit WG comments to get rough 
> consensus and revised the next version with that solution. This problem 
> is critical to address for Service Function that generate packet in 
> reverse direction, especially security service functions as mentioned in 
> draft-wang-sfc-ns-use-cases.
> 
> Thanks.
> 
> Kent
> 
> 
> 
> _______________________________________________
> sfc mailing list
> sfc@ietf.org
> https://www.ietf.org/mailman/listinfo/sfc
>

v2.23.0 | Report a Bug | By Email