Re: [sfc] PoT review/comments

"Frank Brockners (fbrockne)" <fbrockne@cisco.com> Mon, 27 May 2019 16:18 UTC

Return-Path: <fbrockne@cisco.com>
X-Original-To: sfc@ietfa.amsl.com
Delivered-To: sfc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59DC112015A for <sfc@ietfa.amsl.com>; Mon, 27 May 2019 09:18:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=ZidDM7gy; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=tlB5K3Df
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d0bQCfBhoP_0 for <sfc@ietfa.amsl.com>; Mon, 27 May 2019 09:18:12 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C4DF12018A for <sfc@ietf.org>; Mon, 27 May 2019 09:18:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=27120; q=dns/txt; s=iport; t=1558973892; x=1560183492; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=SuF2zRTV5amBc9sVYZmIisoK23K4xBBKC3Fl0QVPcDw=; b=ZidDM7gyC8EqrZRlKYI1+HPgagAPyy4d6/K/d7Xa+RC9WHAx4Cjgy1O6 YWlS+2iz4XLVKsEN92de0GQv4YlyOTbX8FqpPfJEU7E4BIHHoJCEr5w8w dFnomMaMt3q8A/8+uEf6oUlIeOj/Ox9AH5MA1TN8bULVANlyfsOxPePTE M=;
IronPort-PHdr: 9a23:bfQOARNKZRUocGVrDQsl6mtXPHoupqn0MwgJ65Eul7NJdOG58o//OFDEu6w/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETBoZkYMTlg0kDtSCDBj1JuTtZC88EexJVURu+DewNk0GUMs=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AOAADaDOxc/5tdJa1bChkBAQEBAQEBAQEBAQEHAQEBAQEBgVMCAQEBAQELAYEOLyknA2lVIAQLKAqECYNHA455gld+iEONaoEuFIEQA1QJAQEBDAEBJQgCAQGEQAIXgj8jNgcOAQMBAQQBAQIBBG0cDIVKAQEBBBIRChMBATcBDwIBBgIRBAEBKwICAh8ICR0IAgQBDQUIGoMBgR1NAx0BAgyMGpBgAoE4iF9xgS+CeQEBBYEGAYN0DQuCDwMGgTQBijSBHheBQD8ma0aBTkk1PoIaRwEBAgGBIgQFAQcLASErgl0ygiaLIwEIgmCEYyCVCz0JAoINhjSESIF/gjYgg1+CH4ZmgnSBDIlEi1KBHIEohVqBWo0cAgQCBAUCDgEBBYFWCClmcXAVO4Jsgg8MF4ECAQgBgkGFFByEbAE2cgGBKIs5gSIBgSABAQ
X-IronPort-AV: E=Sophos;i="5.60,519,1549929600"; d="scan'208,217";a="568510653"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 27 May 2019 16:18:10 +0000
Received: from XCH-RCD-003.cisco.com (xch-rcd-003.cisco.com [173.37.102.13]) by rcdn-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id x4RGIAT5022460 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 27 May 2019 16:18:10 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-RCD-003.cisco.com (173.37.102.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 27 May 2019 11:18:09 -0500
Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 27 May 2019 12:18:03 -0400
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 27 May 2019 11:18:03 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SuF2zRTV5amBc9sVYZmIisoK23K4xBBKC3Fl0QVPcDw=; b=tlB5K3DfzYhzBwVQnT7RqqM89EDQzNlqhsIxlHXC7C0sOjXO0976YIQvVpqD39rk9CWH/dlV2BeCVIQ7s/PY5t9zChX4xjTXm9koG6YtzrLSJzo5cz/oJVtLyPvnKXo41zP7HKgo0Hsttf6tj0AiswNSG6Co16aOSn+MXLrwUn0=
Received: from MN2PR11MB3629.namprd11.prod.outlook.com (20.178.252.31) by MN2PR11MB4158.namprd11.prod.outlook.com (20.179.150.224) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1922.16; Mon, 27 May 2019 16:18:02 +0000
Received: from MN2PR11MB3629.namprd11.prod.outlook.com ([fe80::6984:de23:3bf2:38a4]) by MN2PR11MB3629.namprd11.prod.outlook.com ([fe80::6984:de23:3bf2:38a4%7]) with mapi id 15.20.1922.021; Mon, 27 May 2019 16:18:02 +0000
From: "Frank Brockners (fbrockne)" <fbrockne@cisco.com>
To: ALEJANDRO AGUADO MARTIN <alejandro.aguadomartin.ext@telefonica.com>, "Diego R. Lopez" <diego.r.lopez@telefonica.com>, "Carlos Pignataro (cpignata)" <cpignata@cisco.com>, "Shwetha Bhandari (shwethab)" <shwethab@cisco.com>, Tal Mizrahi <tal.mizrahi.phd@gmail.com>
CC: "a.aguadom@fi.upm.es" <a.aguadom@fi.upm.es>, "sfc@ietf.org" <sfc@ietf.org>
Thread-Topic: PoT review/comments
Thread-Index: AQHU85/HK9qO4vOhlEqoCKo0+zvT3aZ/X7Iw
Date: Mon, 27 May 2019 16:18:02 +0000
Message-ID: <MN2PR11MB3629EB529A5DB900CAD60295DA1D0@MN2PR11MB3629.namprd11.prod.outlook.com>
References: <BN8PR11MB3618217F7960C3A6C4BC2599DA430@BN8PR11MB3618.namprd11.prod.outlook.com> <etPan.5cb4a2da.124d485a.174@telefonica.com>
In-Reply-To: <etPan.5cb4a2da.124d485a.174@telefonica.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=fbrockne@cisco.com;
x-originating-ip: [173.38.220.33]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 650c91a8-8a0e-4ded-8058-08d6e2bee459
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:MN2PR11MB4158;
x-ms-traffictypediagnostic: MN2PR11MB4158:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <MN2PR11MB4158686DD42F9F40704A7360DA1D0@MN2PR11MB4158.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0050CEFE70
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(366004)(346002)(136003)(376002)(39860400002)(40134004)(51914003)(189003)(199004)(14444005)(5024004)(3846002)(6116002)(74316002)(790700001)(486006)(478600001)(71200400001)(71190400001)(102836004)(54906003)(99286004)(76176011)(53546011)(6506007)(256004)(25786009)(110136005)(2906002)(7696005)(6306002)(54896002)(55016002)(6436002)(9686003)(236005)(66066001)(86362001)(33656002)(4326008)(64756008)(52536014)(11346002)(229853002)(53936002)(186003)(68736007)(81166006)(26005)(6246003)(9326002)(8676002)(8936002)(81156014)(606006)(7736002)(66574012)(3480700005)(966005)(476003)(66446008)(66946007)(66556008)(66476007)(5660300002)(296002)(73956011)(76116006)(14454004)(446003)(316002); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4158; H:MN2PR11MB3629.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: ex5X2nAEP8prmjFkuau9T3V9pgQebMBpU7L3jctH/z8HaXCVF6gY+frDoEsJZbIgJTG0Vi8GcxLpdeneoX78oVNRB3OEEWXz79j0TmMXzDJOTg5p9blJQqPYO9ceADx69K9bzA6H0IR7yv0odu51+1RoevXyqJQw2A6bRF1k02APybmgEm8+NdbUVozdfvz2QiGLITLikK1oN2jZbeJRySrud8b8jbdIWSsS4wUFmREVNBxX2GB+tx2wy+A2CQeOSbo+zZJ6slI41YzbYej9PeeATJc0g2V9JzaEiORXsSmrvA7OLpIPZ0iUqRrWqYzOiEWMNl0qI4wz1EAP3YY/qEdrThgj+jg3TdOqcxWAku0c75OM4DHptolxL8k9wXZjLUUHzEI1CScj2azuTSg3d7BDI7UN/umJp7RZBeJOzb8=
Content-Type: multipart/alternative; boundary="_000_MN2PR11MB3629EB529A5DB900CAD60295DA1D0MN2PR11MB3629namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 650c91a8-8a0e-4ded-8058-08d6e2bee459
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 May 2019 16:18:02.0939 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: fbrockne@cisco.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4158
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.13, xch-rcd-003.cisco.com
X-Outbound-Node: rcdn-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/sfc/uvmDqTIEeSVddHC9gHg8IrjBz78>
Subject: Re: [sfc] PoT review/comments
X-BeenThere: sfc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Service Chaining <sfc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sfc>, <mailto:sfc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sfc/>
List-Post: <mailto:sfc@ietf.org>
List-Help: <mailto:sfc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sfc>, <mailto:sfc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 May 2019 16:18:27 -0000

Hi Alejandro,

Many thanks for the comments – and sorry for the delay – unfortunately your email somehow got dropped from my todo list. Please see inline…

(cc’ing the list as well).

From: ALEJANDRO AGUADO MARTIN <alejandro.aguadomartin.ext@telefonica.com>
Sent: Montag, 15. April 2019 17:27
To: Diego R. Lopez <diego.r.lopez@telefonica.com>; Carlos Pignataro (cpignata) <cpignata@cisco.com>; Frank Brockners (fbrockne) <fbrockne@cisco.com>; Shwetha Bhandari (shwethab) <shwethab@cisco.com>; Tal Mizrahi <tal.mizrahi.phd@gmail.com>
Cc: a.aguadom@fi.upm.es
Subject: PoT review/comments

Dear all,

I gave a quick review to the PoT document. Some comments:

- I read “The non-constant coefficients are used to generate the Lagrange Polynomial Constants (LPC).” As far as I understood, the points assigned to each node (Xi) are the ones used for generating the LPCi, aren’t they?
…FB: Good catch. The LPCs are of course computed using (x_i, y_i).

- If we go for including the YANG in the current document (which I agree), parameters should be described before the yang definition, and maybe it would be helpful to have the yang tree (see the current version attached).
…FB: Thanks. IMHO it makes sense to keep the YANG model in the current doc, given that the model and the description go hand in hand. We can of course also include the yang tree to make reading easier. This is consistent with other documents which specify YANG models.

- I include in the attached file few questions about naming of some parameters.

…FB:
- naming F_i(x_i, y_i) – I agree that a better name could be used. The only potential concern would be that the open source implementation in OpenDaylight uses this naming – changing it might lead to confusion. We can start with adding a comment to make things clearer.

- secret key – this is the constant part of the first polynomial which serves as the secret – and which is re-retrieved. Again, we can update the description to make things clearer.

- size of the random number: This is unrelated to OPOT. The random number is to uniquely identify a packet. There is a trade-off between the size of the random number and how often you need to re-key your system. At high speeds, the random number – which identifies a particular packet – is used up quite quickly if it is only 32-bit wide. See section 4  https://tools.ietf.org/html/draft-ietf-sfc-proof-of-transit-02#section-4

- number of profiles: For a deployment which is expected to renew keys every now and then (e.g. you run with 32-bit random numbers at reasonably high speeds), you need at least 2 profiles – an active one and one that you can activate once you run out of random numbers (which is what the encapsulating node would decide).

- I have checked some of the existing YANG files within the IETF to see in which it would be helpful to include. From the (not so) old OpenFlow, I assume that one match is necessary (for identify the iOAM/PoT header) whilst the source node can use any existing match field to identify packets where to apply the PoT scheme. In terms of actions, I would say that two may be required: for any node, an update-pot is necessary, while the verifier would need a verify-pot type of action, that would ideally either remove the header or drop the packet if fails (I do not know if you are thinking in more complex scenarios).

…FB: From an OF perspective, that sounds feasible. That said, we probably want to avoid making the spec specific to a technology like OF, hence would suggest that we don’t specify such a behavior as part of this document.

- For this last point, I have seen the definitions within draft-asechoud-rtgwg-qos-model-08, where matched could map (if I am not wrong) to classifiers/filters, and actions to actions. I send you the models in a zip file. In this sense the model to be defined in the PoT shall be an augment of the models defined in that document. I have not done a very deep revision on the model, but I think it could fit there. If you have check this or other models, let me know so I could also help.

…FB: Per my note above: In order to keep POT generic and not link it to a particular classification mechanism, I’d prefer to keep the classification question as out of scope for the current document. That way it can also apply to technologies which come with their own way to classify – and which might fully decouple the tunneling aspects from the classification aspects.

Thanks a lot and sorry for such long email.

..FB: Thanks again for all your comments. We’ll get them included in the next revision.

Cheers, Frank



Best,
Alejandro




________________________________

Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição