Re: [sfc] Proposal for congestion control in draft-farrel-sfc-convent
"Carlos Pignataro (cpignata)" <cpignata@cisco.com> Fri, 16 February 2018 21:59 UTC
Return-Path: <cpignata@cisco.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EAF2124205 for <sfc@ietfa.amsl.com>; Fri, 16 Feb 2018 13:59:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.531
X-Spam-Level:
X-Spam-Status: No, score=-14.531 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fg918FMUiJPL for <sfc@ietfa.amsl.com>; Fri, 16 Feb 2018 13:59:53 -0800 (PST)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 741881241F3 for <sfc@ietf.org>; Fri, 16 Feb 2018 13:59:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=12690; q=dns/txt; s=iport; t=1518818393; x=1520027993; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=PuzlSo4KFbh1K5J6T3ORHSxc4Iph9/OEkRfx6O2m9OE=; b=Fs1mI1wXeXQT96tDu3HS4AejgX5JbEi/KW2b1RK1dafO1JeiHOUP6v6K CI1X61k7ULTrix1xSbY+xQE7Iw1GA5OIoWF9kZAsc7InYy/aL+gizxUOa 9SMyZVj6SiRPs0buG3AFxV/DZtY/5vmh1Hl6uYJx8xB5oDnAzmb8W+i7+ k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BGAQDaU4da/5pdJa1cGQEBAQEBAQEBAQEBAQcBAQEBAYNPgVYoCoNKiiWOBoICfBuWSYIWCoU7AhqCLFQYAQIBAQEBAQECayiFIwEBAQECASMRMxIFCwIBCBgCAiYCAgIwFRABAQQOBRmKAAitRYIniQGCEwEBAQEBAQEBAQEBAQEBAQEBAQEBAR2BD4N4giiBV4FoKYF3WDaEfAcBARGDJDGCNAWZdzWKCQkCi12KK4IgikKHZZdyAhEZAYE7AR85gVFwFToqAYIYglQcggZ4i20CDRiBDYEZAQEB
X-IronPort-AV: E=Sophos;i="5.46,520,1511827200"; d="scan'208";a="71417660"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Feb 2018 21:59:43 +0000
Received: from XCH-RTP-016.cisco.com (xch-rtp-016.cisco.com [64.101.220.156]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id w1GLxgJK017159 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 16 Feb 2018 21:59:43 GMT
Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-016.cisco.com (64.101.220.156) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Fri, 16 Feb 2018 16:59:42 -0500
Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1320.000; Fri, 16 Feb 2018 16:59:42 -0500
From: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
To: Adrian Farrel <adrian@olddog.co.uk>
CC: "mls.ietf@gmail.com" <mls.ietf@gmail.com>, "ietf@kuehlewind.net" <ietf@kuehlewind.net>, "sfc@ietf.org" <sfc@ietf.org>, Adrian Farrel <afarrel@juniper.net>
Thread-Topic: [sfc] Proposal for congestion control in draft-farrel-sfc-convent
Thread-Index: AdOkUWieWeFX83LaRmCLcmak7P8lwgDBVocAABAqWgAAAPs8AA==
Date: Fri, 16 Feb 2018 21:59:42 +0000
Message-ID: <C5D44EF8-573B-4ECA-B74B-32991E841653@cisco.com>
References: <BLUPR05MB370BC7BDC9E741CC09ABD47BBF70@BLUPR05MB370.namprd05.prod.outlook.com> <ED75774E-F3DC-456D-96DA-2009F9275B35@cisco.com> <02ff01d3a76d$85334540$8f99cfc0$@olddog.co.uk>
In-Reply-To: <02ff01d3a76d$85334540$8f99cfc0$@olddog.co.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.118.116.133]
Content-Type: text/plain; charset="utf-8"
Content-ID: <C483BCA85032004A81C3F6C0AF1585F7@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/uhziIgbKQGIOscsTBrB7ryWhwTQ>
Subject: Re: [sfc] Proposal for congestion control in draft-farrel-sfc-convent
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Feb 2018 21:59:56 -0000
Hi, Adrian, > On Feb 16, 2018, at 4:31 PM, Adrian Farrel <adrian@olddog.co.uk> wrote: > > Hi Carlos, > > Thanks for the mail. It is important, IMHO, that this sort of change is reviewed by the WG and not just slipped in through secret agreement between the document editor and a Discussing AD. Indeed. It is more than important and not a matter of opinion, IMHO. Thanks for the Cc to the list! > >> Some of this text, however, seems pretty heavy-handed. > > My hand has always been heavy - it is the secret of good childcare. > :-( Focusing again on the new “Congestion paragraph", I’d try to right-size it. Thanks for entertaining my feedback, see below. >>> 6. Management and Congestion Control Considerations >>> >>> The mechanisms described in this document allow SFC-aware nodes in an SFC >> network to generate additional packets. While these packets are in the nature of >> in-band control packets >> >> Are these “control” packets? These are packets with a specific characteristic (not >> with a specific function), and according to the Abstract, “this document illustrates >> some of the functions that may be achieved”. It does not say “These are control >> packets …" > > Are we sure this is a question of meaningful semantics and not philology? Is this question an answer to my question or a new question on its own right? Are we discussing the comment or the discussion? It really is quite simple, and I did not mean to hide any text in-between lines. The proposal says "are in the nature of in-band control packets” and I think that is too limiting. So... > > The text you quoted does not say that the packets are control packets. But they *do* have that nature. > > Of course, we could take this opportunity to open the debate as to whether OAM packets are control plane, data plane, or management plane packets. That might be fun, but if life has taught me anything, it is that we would not actually be advancing the discussion of the Internet. > > So, we don't need the commentary and can reduce to "These are not intended to be sent frequently for any flow, but there is still a risk that they might flood the network.” … that sounds great :-) > >>> and not intended to be sent frequently for any flow >> >> Might be useful to define flow (by way of a pointer at least), since it’s not used in >> RFC 8300. > > I'm going to refer you back to Section 5.2, but not put a pointer in the text. A reader who gets this far without having first read Section 5.2 is lost. > Fair enough. >>> , there is still a risk that they might flood the network. >> >> Flood the whole network? > > English usage? > A single packet will not, of course, flood the whole network. > But the whole (SFC) network might be flooded with such packets. Ah, I understood network to be *the* network (fabric all the way to layer zero), not the “SFC network”. In any case, you are right, there is a risk that the network might get flooded. No concern. > >>> For example, if an attempt is made to use this mechanism for “per-packet >> metadata” (Section 5.6) then this might double the number of packets in the >> network. Similarly, if this mechanism is used for a form of aliveness detection >> OAM that requires very frequent test messages, then the number of additional >> messages may be very high. Such additional messages risk causing congestion in >> the network. >>> >>> The underlay network (that is the tunnels across the underlay between SFC >> nodes) will not >> >> :s/will/may/g ? > > Now we are really into English usage! > Did you mean "might" when you said "may", or did you mean to be proscriptive? > > Anyway, I intended "will not". That is mainly because it "cannot" without a form of DPI that is, I suspect, beyond the powers of most routers today. Thinking the the spec might survive more than today, and knowing DPI capabilities that do this easily, as well as other potential mechanisms (such as reflecting the protocol into some underlay field), I think there are cases in which “it will”, and hence “will not” is incorrect as a definitive statement. I just intended some forward compatibility and wiggle room. > > But it is more civilised to say what it will or will not do than it is to assert capability deficiencies :-) > >>> distinguish between data-carrying packets and those packets with next >> protocol set to none. All packets will be treated the same and will need to fall >> within the capabilities of the underlay network to process and forward packets. >> >> :s/will/may/g ? > > Text as intended. > When underlays start to make forwarding decisions based on the payload and not the encapsulation, then networking is in a mess! > But you are assuming that decisions are based on the payload. It is possible that the encapsulation reflects / copies / lets-bleed-in fields from the payload and the decision is based on the encapsulation. Or other creative ways. I think that being too narrow in specs can backfire. >>> Nodes in the SFC overlay network will need to perform special processing on >> the additional packets according to their roles and according to the application for >> the metadata. For example, an SFF will likely only have to forward per-SFC >> metadata, while an SF >> >> per-SFP instead of per-SFC? > > Yes, per 5.1. Thanks./ > >>> will need to extract it and process it as it would if the metadata was carried in a >> packet with user data. On the other hand, metadata might also be used to cause >> actions at all nodes (see Sections 5.3, 5.4 and 5.5) and could increase the >> processing load. >>> >>> In view of these potential issues, all implementations SHOULD implement rate >> limits on the generation of SFC packets with next protocol set to none. >> Furthermore, these rate limits SHOULD be configurable and applied per SFC and >> per application so that one application on one SFC does not encumber a different >> application on a different SFC. >> >> I think “per-SFC” means “per-SFP” throughout above. However, what is the >> mapping of applications? Not all nodes may have per-application visibility (or >> knowledge). > > Yes, as above. Thanks! > >>> When an implementation finds that it is unable to generate or send a packet it >> SHOULD increment a counter that is accessible by the operator, and MAY raise an >> alert (although such alerts SHOULD, themselves, be rate limited). >> >> From an operational standpoint what are the defaults for these proposed >> configuration knobs? > > I don't believe this text defines any configuration knobs. I meant “these rate limits SHOULD be configurable”. I was thinking of RFC 5706, Appendix A.1, item #9, sub-item 1. > I suppose you could make them so, but this text talks about implementation. > >> Another important consideration: if the protocol-none packet is for a specific >> function, what are the implications to that application or function leveraging this >> mechanism? For example, if, as mentioned above, this is used for OAM, rate- >> liming without visibility to the OAM rate limiting or function can result in actually >> more congestion with false-negatives, oscillations, instability, etc. >> >> I strongly recommend some per-use implications, and a SHOULD understand >> implications before blindly rate-limiting. > > Erm, the sentence previous to the one you quoted says... > > Furthermore, these rate limits > SHOULD be configurable and applied per SFP and per application so that one application on > one SFP does not encumber a different application on a different SFP. > > Change to ... > encumber a different application on this or a different SFP. Thanks! > >>> Additionally, an SFC node needs to protect itself against another node in the >> network not applying suitable rate limits. Therefore, implementations SHOULD >> apply incoming rate limits for SFC packets with next protocol set to none. >> >> This places an interesting requirement: it does not allow for incremental >> deployment. Not only protocol-none feature generating nodes need to be >> upgraded, but every node at once. > > No, that would be crazy. > No one would do that, and I don't think anyone would read it like that. > Backward compatibility is what it is (see Section 4). > > Besides, "SHOULD" is very useful :-) > Ack. >>> Such rate limits SHOULD be application-aware, per SFC or interface, >> >> This granularity seems beyond what might be possible. Per-SFC should be per- >> SFP. Not always there’s app-awareness. What’s an interface in this context? > > Obviously, this is different from packet generation, but surely the debate could center on where the rate limits are applied. > > You specifically worried about "one size fits all" rate limits, and that is wise because you probably want to allow more packets for one use than for another. You got it. > > OK to drop this to "MAY”? That would be perfect. Many thanks again, Adrian! Carlos. > > Hope this helps, > Adrian >
- [sfc] Proposal for congestion control in draft-fa… Adrian Farrel
- Re: [sfc] Proposal for congestion control in draf… Mirja Kuehlewind (IETF)
- Re: [sfc] Proposal for congestion control in draf… Carlos Pignataro (cpignata)
- Re: [sfc] Proposal for congestion control in draf… Adrian Farrel
- Re: [sfc] Proposal for congestion control in draf… Carlos Pignataro (cpignata)