Re: [Softwires] ietf-softwire: IPv4 + PSID primary key for lw4over6 binding

<> Tue, 12 July 2016 11:46 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4141512D7BD for <>; Tue, 12 Jul 2016 04:46:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.619
X-Spam-Status: No, score=-2.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 3lsJA-WqMEDM for <>; Tue, 12 Jul 2016 04:46:18 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2490A12D0F4 for <>; Tue, 12 Jul 2016 04:46:18 -0700 (PDT)
Received: from (unknown [xx.xx.xx.4]) by (ESMTP service) with ESMTP id 6960718C3B3; Tue, 12 Jul 2016 13:46:16 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown []) by (ESMTP service) with ESMTP id 49DFD2381B8; Tue, 12 Jul 2016 13:46:16 +0200 (CEST)
Received: from OPEXCLILMA3.corporate.adroot.infra.ftgroup ([fe80::60a9:abc3:86e6:2541]) by OPEXCLILM7F.corporate.adroot.infra.ftgroup ([fe80::c1d7:e278:e357:11ad%19]) with mapi id 14.03.0301.000; Tue, 12 Jul 2016 13:46:16 +0200
From: <>
To: Andy Wingo <>, "" <>
Thread-Topic: [Softwires] ietf-softwire: IPv4 + PSID primary key for lw4over6 binding
Thread-Index: AQHR3CiipR5Y2FcODk2CQ62+/8ZdqqAUqD8A
Date: Tue, 12 Jul 2016 11:46:16 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B933008DE5EB3@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
References: <>
In-Reply-To: <>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
x-originating-ip: []
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version:, Antispam-Engine:, Antispam-Data: 2016.7.12.110317
Archived-At: <>
Subject: Re: [Softwires] ietf-softwire: IPv4 + PSID primary key for lw4over6 binding
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: softwires wg discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 12 Jul 2016 11:46:21 -0000

Dear Andy,

Please see inline.


> -----Message d'origine-----
> De : Softwires [] De la part de Andy
> Wingo
> Envoyé : mardi 12 juillet 2016 12:32
> À :
> Objet : [Softwires] ietf-softwire: IPv4 + PSID primary key for lw4over6
> binding
> Hello list,
> I have a change request for the draft-sun-softwire-yang-05 Internet
> Draft that defines a standard YANG model for lightweight 4-over-6
> binding tables.
> This is my first post here, so allow me to introduce myself.  Together
> with some colleagues at Igalia we have made an open source
> implementation of the AFTR component of a lightweight 4-over-6
> deployment based on the Snabb toolkit for building software switches and
> other network functions.  This lwAFTR implementation is gradually
> wending its way upstream to
> To take a packet and look up a softwire in the binding table, the AFTR
> only has to look at one thing: the combination of the IPv4 address and
> port.  In the encapsulation direction you get this directly from the L3
> header.  In the decapsulation direction you get it from the encapsulated
> payload.  When decapsulating you also have to check that the B4 and BR
> addresses match the entries in the table, but you don't have to maintain
> a separate table that maps IPv6 B4 address to softwire: you just have
> the one IPv4+PSID-to-softwire table, along with a little side table that
> can map IPv4+port to PSID.
> OK, cool.  Just one table, great.  However, draft-sun-softwire-yang-05
> specifies a different hierarchy:
>   module: ietf-softwire
>      +--rw softwire-config
>         +--...
>         +--rw binding {binding}?
>            +--rw br {br}?
>               +--rw enable?                          boolean
>               +--rw br-instances
>                  +--rw br-instance* [id]
>                     +--rw binding-table-versioning
>                     |  +--rw binding-table-version?  uint64
>                     |  +--rw binding-table-date?     yang:date-and-time
>                     +--rw id                         uint32
>                     +--rw name?                      string
>                     +--rw softwire-num-threshold     uint32
>                     +--rw tunnel-payload-mtu         uint16
>                     +--rw tunnel-path-mru            uint16
>                     +--rw binding-table
>                        +--rw binding-entry* [binding-ipv6info]
>                           +--rw binding-ipv6info     union
>                           +--rw binding-ipv4-addr    inet:ipv4-address
>                           +--rw port-set
>                           |  +--rw psid-offset       uint8
>                           |  +--rw psid-len          uint8
>                           |  +--rw psid              uint16
>                           +--rw br-ipv6-addr         inet:ipv6-address
>                           +--rw lifetime?            uint32
> This is figure 2 from section 5.2 (Lightweight 4over6 Tree Diagrams).
> This YANG schema would make it necessary to map from B4 address to
> softwire in some cases, which would be inefficient and not necessary
> from a data-plane point of view.

[Med] Actually, the data model allows to map a B4 to one or multiple softwires. 

The rationale for using binding-ipv6info as an index is to ease enforcing per-subscriber policies (e.g., limit the number of softwires per B4).

> Additionally, this mapping prevents one B4 from having multiple
> softwires.

[Med] The data model in -05 allows for multiple softwires per B4 (distinct IPv6 addresses). This can even be controlled using softwire-num-threshold     

                     +--rw softwire-num-threshold     uint32

This design is relaxing the following restriction from RFC7596:

   Although it would be possible to extend lw4o6 to have more than one
   active lw4o6 tunnel configured simultaneously, this document is only
   concerned with the use of a single tunnel.

  It seems to me that one CPE could very well have multiple
> slices of IPv4 addresses.

[Med] That's possible with the current data model: distinct binding entries that belong to the same B4 may have distinct IPv4 addresses. Whether the same or distinct IPv4 addresses are bound to the same B4 is deployment-specific. IMHO, this should be considered with caution as it may lead to some applications failures e.g., RTP using IPv4@1 while companion RTCP flows are bound to another IPv4@2.

> Lightweight 4-over-6 maps a part of the IPv4 space to a set of B4s in
> such a way that one IPv4+port pair will map to one B4, but the reverse
> of that is not necessarily true: one B4 may map to many IPv4+port
> pairs.  The natural way (to my mind) to implement a lwAFTR is to key
> your table by IPv4+PSID or IPv4+port, and I think that's probably the
> most natural way to manage it too -- IPv4 is after all the scarce
> resource.  Allowing one CPE to have multiple softwires can allow an
> operator to dynamically add capacity for a customer, on-demand.

[Med] As mentioned above, this doable with the current model. Policies are per-subscriber, not based on the IPv4+port set.

> For all these reasons IMHO the binding-table subtree should look like:
>            +--rw binding-table
>               +--rw binding-ipv4* [ipv4-addr]
>                  +--rw ipv4-addr            inet:ipv4-address
>                  +--rw psid-offset          uint8
>                  +--rw psid-len             uint8
>                  +--rw binding-entry* [psid]
>                     +--rw psid              uint16
>                     +--rw binding-ipv6info  union
>                     +--rw br-ipv6-addr      inet:ipv6-address
>                     +--rw lifetime?         uint32
> OK, I drew it how I like it ;) This is an additional restriction where
> each IPv4 address corresponds in a one-to-one way with the "offset" and
> "len" PSID parameters.  If this restriction is feasible, it is certainly
> a simplification from the implementation point of view.  Otherwise if
> you allow each entry to have its own offset and len parameters, when you
> add a binding table entry it is difficult to validate that no other
> entry overlaps with that new PSID without doing a binding-table lookup
> for each port covered by that PSID.
> Thoughts are very welcome :)
> Regards,
> Andy
> _______________________________________________
> Softwires mailing list