[spring] 答复: 答复: Comments on draft-geng-spring-sr-redundancy-protection

"Yangfan (IP Standard)" <shirley.yangfan@huawei.com> Fri, 14 May 2021 01:21 UTC

Return-Path: <shirley.yangfan@huawei.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A951A3A1BFE for <spring@ietfa.amsl.com>; Thu, 13 May 2021 18:21:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.786
X-Spam-Level:
X-Spam-Status: No, score=-1.786 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jKcPNLhuh6TN for <spring@ietfa.amsl.com>; Thu, 13 May 2021 18:20:59 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C8533A1BFB for <spring@ietf.org>; Thu, 13 May 2021 18:20:59 -0700 (PDT)
Received: from fraeml744-chm.china.huawei.com (unknown [172.18.147.200]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4Fh9YV5D8Zz6W08x; Fri, 14 May 2021 09:14:54 +0800 (CST)
Received: from dggeme753-chm.china.huawei.com (10.3.19.99) by fraeml744-chm.china.huawei.com (10.206.15.225) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.2176.2; Fri, 14 May 2021 03:20:55 +0200
Received: from nkgeml701-chm.china.huawei.com (10.98.57.156) by dggeme753-chm.china.huawei.com (10.3.19.99) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2176.2; Fri, 14 May 2021 09:20:52 +0800
Received: from nkgeml701-chm.china.huawei.com ([10.98.57.156]) by nkgeml701-chm.china.huawei.com ([10.98.57.156]) with mapi id 15.01.2176.012; Fri, 14 May 2021 09:20:52 +0800
From: "Yangfan (IP Standard)" <shirley.yangfan@huawei.com>
To: "Jeffrey (Zhaohui) Zhang" <zzhang@juniper.net>, 'Rishabh Parekh' <rishabhp@gmail.com>
CC: "Gengxuesong (Geng Xuesong)" <gengxuesong@huawei.com>, "'Rishabh Parekh (riparekh)'" <riparekh@cisco.com>, "'Arvind Venkateswaran (arvvenka)'" <arvvenka@cisco.com>, "'spring@ietf.org'" <spring@ietf.org>
Thread-Topic: [spring] 答复: Comments on draft-geng-spring-sr-redundancy-protection
Thread-Index: AdchqNboBkzcTc+pQz2/1sLPSorrgABEdhUgAIVha+AAAImLwAHmSsLgASzOUAAAAaZygAIiMz4AAJKP04AAM75J8AAIDMiAAB7YCQACO6iLAABeC7xQ
Date: Fri, 14 May 2021 01:20:52 +0000
Message-ID: <f2e1983d56614907ba3d934ad1c073bd@huawei.com>
References: <MN2PR05MB59812099F115C3FF43CA9077D4629@MN2PR05MB5981.namprd05.prod.outlook.com> <59384be985ae4d3bb9563bed2642bff1@huawei.com> <BYAPR11MB300030B313D45266695FA702DE7E9@BYAPR11MB3000.namprd11.prod.outlook.com> <MN2PR05MB5981AA3B0A5E0D6DDB60F46FD47E9@MN2PR05MB5981.namprd05.prod.outlook.com> <1e2ad2d64da24714bc50f64b3d39361f@huawei.com> <CABjMoXbTqmqPg6n7No1u7g3KZPFDDb8RX6CQgxZc1oWQnykTng@mail.gmail.com> <MN2PR05MB598197148CCF3C8F3C679836D44E9@MN2PR05MB5981.namprd05.prod.outlook.com> <d135ba6e0fbd452391922a0f26db00b7@huawei.com> <MN2PR05MB598195F475E282394FCE2E6FD4409@MN2PR05MB5981.namprd05.prod.outlook.com> <1940cc0fea6647bdb3bf6743e1edc4f6@huawei.com> <MN2PR05MB598120A50B2AF4E0FE75A38DD45F9@MN2PR05MB5981.namprd05.prod.outlook.com> <45e6f85736f145d08c430df0e3d6cb28@huawei.com> <MN2PR05MB5981071A7142D1260AC75FB5D4539@MN2PR05MB5981.namprd05.prod.outlook.com>
In-Reply-To: <MN2PR05MB5981071A7142D1260AC75FB5D4539@MN2PR05MB5981.namprd05.prod.outlook.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.108.243.115]
Content-Type: multipart/alternative; boundary="_000_f2e1983d56614907ba3d934ad1c073bdhuaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/Jr1S9QgniiyXSj9vdx53WmN-qog>
Subject: [spring] 答复: 答复: Comments on draft-geng-spring-sr-redundancy-protection
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 May 2021 01:21:08 -0000

Hi Jeffrey,
Please see Fan4>> below.

发件人: Jeffrey (Zhaohui) Zhang [mailto:zzhang@juniper.net]
发送时间: 2021年5月12日 2:37
收件人: Yangfan (IP Standard) <shirley.yangfan@huawei.com>; 'Rishabh Parekh' <rishabhp@gmail.com>
抄送: Gengxuesong (Geng Xuesong) <gengxuesong@huawei.com>; 'Rishabh Parekh (riparekh)' <riparekh@cisco.com>; 'Arvind Venkateswaran (arvvenka)' <arvvenka@cisco.com>; 'spring@ietf.org' <spring@ietf.org>
主题: RE: [spring] 答复: Comments on draft-geng-spring-sr-redundancy-protection

Hi Fan,

Sorry it took longer than expected, but I am continuing my email response that I started before your long weekend. If you had read that partial message that I sent accidentally, you can skip to where I my partial message ended last time.

Please see zzh5> below.

From: Yangfan (IP Standard) <shirley.yangfan@huawei.com<mailto:shirley.yangfan@huawei.com>>
Sent: Thursday, April 29, 2021 11:16 PM
To: Jeffrey (Zhaohui) Zhang <zzhang@juniper.net<mailto:zzhang@juniper.net>>; Rishabh Parekh <rishabhp@gmail.com<mailto:rishabhp@gmail.com>>
Cc: Gengxuesong (Geng Xuesong) <gengxuesong@huawei.com<mailto:gengxuesong@huawei.com>>; Rishabh Parekh (riparekh) <riparekh@cisco.com<mailto:riparekh@cisco.com>>; Arvind Venkateswaran (arvvenka) <arvvenka@cisco.com<mailto:arvvenka@cisco.com>>; spring@ietf.org<mailto:spring@ietf.org>
Subject: 答复: [spring] 答复: Comments on draft-geng-spring-sr-redundancy-protection

[External Email. Be cautious of content]

Hi Jeffrey,
I add some explanations start with Fan3>>.
BTW, from 1st to 5th May, I will be on Labor Day holiday and may not be available to respond in time. ☺
Best regards,
Fan


发件人: Jeffrey (Zhaohui) Zhang [mailto:zzhang@juniper.net]
发送时间: 2021年4月30日 3:06
收件人: Yangfan (IP Standard) <shirley.yangfan@huawei.com<mailto:shirley.yangfan@huawei.com>>; Rishabh Parekh <rishabhp@gmail.com<mailto:rishabhp@gmail.com>>
抄送: Gengxuesong (Geng Xuesong) <gengxuesong@huawei.com<mailto:gengxuesong@huawei.com>>; Rishabh Parekh (riparekh) <riparekh@cisco.com<mailto:riparekh@cisco.com>>; Arvind Venkateswaran (arvvenka) <arvvenka@cisco.com<mailto:arvvenka@cisco.com>>; spring@ietf.org<mailto:spring@ietf.org>
主题: RE: [spring] 答复: Comments on draft-geng-spring-sr-redundancy-protection

Hi Yangfan,

Let me pull up a few points to the top, and respond with zzh4>.


Zzh3> No. Just put the your merging segment after the replication segment. The only change to replication segment is that for the replication node, you may augment it with the semantics of adding FI/SN. No other changes at all.

Fan2>> Draft-ietf-spring-sr-replication-segment states“Notice that the segment on the leaf node is still referred to as a Replication segment for the purpose of generalization.” In other word, segment on merging node is always replication segment, no way to perform the merging behavior defined in merging segment.
Fan3>> I see your point. I will explain it by taking an example. Let’s say we have a path starts from A to D, A is redundancy node and D is elimination node. In between there are two paths A-B-D and A-C-D.
You were assuming Node B and C are the downstream nodes, followed by elimination node D.
I have different thought that D is the downstream node, B and C are not aware of any state or capability for redundancy protection, only A and D are aware of redundancy protection.
In your design, not only the redundancy node and elimination node are involved, the nodes preceding the elimination node on different paths should also be involved and further managed by controller. IMHO it is complicated.
Zzh5> That understanding is not correct.
Zzh5> The replication segment could have two branches, both to the same downstream node D. B/C are just transit nodes not aware of either replication or redundancy or merging.
Zzh5> Alternatively, the replication segment could have two branches to B and C respectively. The replication SID will have a following D node-SID and merging segment. In this case, B and C just have regular replication segment (as leaves) and not aware of merging.
Zzh5> Either way, the merging segment does not have topological semantics.

Fan 4>>: I agree with the two options, right now both of them are workable. Let’s analyze it one by one.

1)       D is the downstream node.
According to replication segment draft “Notice that the segment on the leaf node is still referred to as a Replication segment for the purpose of generalization.” I understand this sentence indicates that D would be represented as Replication SID. In this case, the problem is that there will be no Merging SID. Which node will process Merging SID? How do you solve it?

2)       B and C are the downstream nodes
I assume the SL can include <A,B,D>, A is replication SID, B is replication SID as leaf, D is Merging SID, all the SID are service type of SID, not topology type. But on the replication SID of B, there is no routing/forwarding semantics for B to  forward the packet to D. How does B and C forward the packets to D?

For the questions in either case, I didn’t think them through. That’s why I am not convinced that replication segment can be used in redundancy protection.

Fan3>> Another pending issue here is at the downstream node B or C, the MPLS label or IPv6+SRH header is removed, how to concatenate with merging segment is not clear for me.
Zzh5> This is actually related to whether the ingress node or the replication node should add the FI/SN. I believe it should be the ingress node itself, but I will defer that to a separate email (it is coming).
Fan 4>>: I re-thought the adding of FI/SN last week. Adding FI at the SR ingress node may also bring benefits. Ingress node usually identifies the service, for example L3VPN service, or L3VPN service with a specific DSCP value. Thus, for some services, it would be easier for ingress node to identify a flow needing redundancy protection. I don’t deny this possibility.  However, I believe FI can be added equally either at ingress node or at redundancy node.
With regards to SN, redundancy node is still the best choice. There is another thread in DetNet discussing about the sequence number state. https://mailarchive.ietf.org/arch/msg/detnet/zDBweFj3g4L2KtukueMBD_tclpM/
People believe there is sequence number state maintenance in replication function, elimination function and reordering function. In this case, SN had better to be added at redundancy node.

Zzh4> draft-geng has a merging segment defined:
   … two types of
   Segment including Redundancy Segment and Merging Segment are
   introduced.
Zzh4> The discussions in this email thread is only about using/augmenting the replication segment for the redundancy segment. It does not replace the merging segment. In the redundancy use case, there will be a merging segment after the replication segment, and it is the merging segment not the leaf node’s replication segment that does the merging.


Fan2>> IMHO SR P2MP policy and Tree-SID is totally unnecessary for redundancy protection.  SR P2MP policy is identified by tuple <Root, Tree-ID>. The two parameters are meaningless and inappropriate for redundancy protection service. There isn’t a tree or root at all.

Zzh4> In a network that provides redundancy protection, you will likely need multiple replication nodes (for traffic from different sources); on each replication node, you will likely need different replication behaviors (e.g., replicating to different downstream nodes because traffic could be going to different destinations).
Zzh4> You will also need to advertise those binding SIDs for the replication/redundancy segments, whether they are advertised by routing protocols or simply programmed from controllers, so that an upstream node can correctly put in a redundancy/replication SID. For that, you will either use a control plane identifier (e.g., <root-id, tree-id> in case of replication segment) or simply use the SID itself as the control plane identifier.
Zzh4> So far, separate control plane identifiers are normally used (e.g. prefix for a SID, endpoint addresses for a P2P policy, or <root-id, tree-id> for a p2mp policy). I assume something similar would be needed for redundancy segment if you insist not to reuse/augment the replication segment, but you can see that replication segment already provides all you need.
Fan3>> Yes, you are right, in control plane redundancy SID itself is the identifier. Similar to replication segment, Redundancy segment is also a Binding SID associated to a Redundancy Policy, which is identified through the tuple <redundancy node, redundancy ID, merging node>. Different from SR P2MP policy, SR policy key structure <headend, color, endpoint> and the semantics is not changed. The particular color value is used to identify the redundancy ID. No separate identifier is imported.
Zzh5> The point is that things similar to <root-id, tree-id> is needed (instead of unnecessary as you said earlier) – you’re calling them <headend, color, endpoint>. Just different representation of the same thing.

Fan4>> :
Agree, there must be an identifier to identify and direct the service flow, no matter it is a Redundancy SID or <root-id, tree-id>.
I try to compare the two solutions redundancy protection and P2MP replication as follows, hope it can help the understandings.

Format: <solution> ,  <identifier of service> ,  <how it works>
<redundancy protection> , <Redundancy SID> ,  <service is identified by Red-SID, Red-SID triggers redundancy policy to assign candidate paths between redundancy node and merging node>
<P2MP replication> ,  <P2MP policy identifier (root-id, tree-id)> ,  <P2MP policy gives the tree structure of the P2MP service, replication segment is an atomic building block for packet replication and stays in root, bud and leaf>

Although each solution includes a SID and a SR-Policy, there are totally different mechanisms. I don’t think it is just a representation difference.

Zzh4> Even if you simply use the SID itself as the control plane identifier, a p2mp tree (and its replication segments) can already be set up that way – please see https://tools.ietf.org/html/draft-ietf-bess-bgp-multicast-controller-06#section-3.3.2<https://urldefense.com/v3/__https:/tools.ietf.org/html/draft-ietf-bess-bgp-multicast-controller-06*section-3.3.2__;Iw!!NEt6yMaO-gk!WHw9iR3vA7toDm76OT4tJGqF5AIyX1Cu7_-gh0DqmT8jdtChMi9QyFU_r7V3y7ZI$>.
Fan3>> I admit R-SID itself can be building blocks for a replication use case, but the control plane is designed for multicast only. BGP MVPN family may not even be used if there is only redundancy protection required.
Zzh5> My points are the following:
Zzh5> 1. Your point about “IMHO SR P2MP policy and Tree-SID is totally unnecessary for redundancy protection.  SR P2MP policy is identified by tuple <Root, Tree-ID>. The two parameters are meaningless and inappropriate for redundancy protection service. There isn’t a tree or root at all” is not valid. Whatever you call it, you still need the similar things in the control plane to identify the replication node and distinguish different segments that go to different downstream nodes. No difference between replication segment and redundancy segment at all.

Fan4>>: from an architect point of view, you can regard redundancy protection topo as a tree with root and leaf. But from the service point of view, redundancy protection has no meaning of a tree. I don’t deny P2MP policy and Tree-SID/Replication SID can be the solution to provide replication part of redundancy protection. However, I just feel our solution would be more straightforward and easier to understand. Why don’t we use a simple one?

Zzh5> 2. Even if you manage to only use a single SID in the control plane to identify, replication segment can also support that. The web link is an example that uses BGP signaling. The bgp-multicast-controller draft specifies a way to signal replication segments, which can be used for both true multicast and for redundancy protection purpose.

Fan4>>: Again, if only redundancy protection is needed between R node and M node, from the semantics point of view, it is weird to establish a BGP MVPN peer between R node and M node.
Thanks for the clarification and discussion.
Best,
Fan
Zzh5> Jeffrey

Zzh4> Talking about the signaling, we only need one sub-tlv added to existing replication segment signaling to indicate that FI/SN should be added.
Zzh4> Jeffrey

From: Yangfan (IP Standard) <shirley.yangfan@huawei.com<mailto:shirley.yangfan@huawei.com>>
Sent: Thursday, April 29, 2021 6:31 AM
To: Jeffrey (Zhaohui) Zhang <zzhang@juniper.net<mailto:zzhang@juniper.net>>; Rishabh Parekh <rishabhp@gmail.com<mailto:rishabhp@gmail.com>>
Cc: Gengxuesong (Geng Xuesong) <gengxuesong@huawei.com<mailto:gengxuesong@huawei.com>>; Rishabh Parekh (riparekh) <riparekh@cisco.com<mailto:riparekh@cisco.com>>; Arvind Venkateswaran (arvvenka) <arvvenka@cisco.com<mailto:arvvenka@cisco.com>>; spring@ietf.org<mailto:spring@ietf.org>
Subject: 答复: [spring] 答复: Comments on draft-geng-spring-sr-redundancy-protection

[External Email. Be cautious of content]

Hi Jeffrey,
Please see inline reply starts with Fan2>>.
Regards,
Fan


-----邮件原件-----
发件人: spring [mailto:spring-bounces@ietf.org] 代表 Jeffrey (Zhaohui) Zhang
发送时间: 2021年3月26日 3:19
收件人: Gengxuesong (Geng Xuesong) <gengxuesong@huawei.com<mailto:gengxuesong@huawei.com>>; spring@ietf.org<mailto:spring@ietf.org>; Rishabh Parekh (riparekh) <riparekh@cisco.com<mailto:riparekh@cisco.com>>; Arvind Venkateswaran (arvvenka) <arvvenka@cisco.com<mailto:arvvenka@cisco.com>>
主题: [spring] Comments on draft-geng-spring-sr-redundancy-protection



Hi Xuesong, Mach, Fan,

Some comments/questions on the proposal.

1. We don't need an additional "redundancy segment" for the replication semantics. Existing "replication segment" (draft-ietf-spring-sr-replication-segment) can be used as is, especially for the scenario where the original header already carries (FI, SN) information.

------[FY1]: three considerations here:

a). For the scenario you mentioned, that is correct, redundancy segment and replication segment share a common behavior of "packet duplication". The significant difference between two segments is the behavior of adding FI and SN. Unfortunately, there is no application in SRv6 required to carry (FI,SN) information in IPv6 header, which results in a more common scenario is where the original packet doesn't carry (FI, SN). So the current design of redundancy segment is based on this scenario.

 Zzh> Since the presentation talked about scenario where the (FI, SN) information is already carried, it is fair to discuss that in my initial comments; I understand that you want to focus on the other scenario, and that’s fine – see later comments below.

Fan1>> Before we dive into the detailed design, I would like to come back to discuss the two scenarios first. Before the traffic is about to be replicated,  we name scenario 1 is the traffic has Flow Identification (FI) already:

In this case, FI could be carried either as IPv6 Flow Label in IPv6 basic header or in other EH TLVs. RFC6437 specifies the usage of Flow Label for stateless load distribution, and many existing implementations follow. Since redundancy protection and ECMP can be needed in the network at the same time,  flow label is not possible to act with two semantics unless RFC6437 is extended. In other word, at present flow label cannot be used to carry FI for redundancy protection.

To carry FI in IPv6 EH TLVs, currently there is no RFC specifies it or similar idea. It is just based on imagination. The only reason I can understand is that controller has already recognized this flow to perform redundancy protection somewhere, but the replication is not planned to happen at headend. So it assigns FI at the headend in SRv6 policy together with SID list.  The potential reason could be the headend does not have branches itself, SID list represents an E2E path for the service, but the multiple redundant paths only exist as a subnet of the entire service path, or bandwidth saving in network. If it is the case, it just means two choices to assign FI, either at headend or redundancy node. Under this circumstance, we should discuss which place is better to mark FI into packet. In the draft, we insist on adding FI at redundancy node, as FI is not necessarily to be globally managed. So it comes back to the second scenario- there is no FI in packet. All in all, there is only one scenario, where FI is to be encapsulated at the redundancy node, not before.

I didn’t put SN here, because actually FI and SN are different. It is reasonable to assign FI from controller, as FI is flow-based parameter. But SN should be encapsulated on the endpoint itself as it is a packet-based parameter. Based on this, I am afraid no one will choose to assign FI at headend, then separately add SN and replicate packet at the redundancy node.

Thus, for redundancy protection, both (FI,SN) adding and packet replication should be included in the endpoint behavior of redundancy segment.

Zzh3> In the above long paragraphs you explain why you think it is better to add FI/SN at the replication node. Even in the case where the (FI,SN) is added at the replication node, using replication segment augmented with semantics of adding (FI,SN) still works well.

Fan2>> No problem. It is important to understand the actual scenario, so that redundancy protection can be properly designed based on correct assumptions .

Zzh3> As for whether it is desired to add FI/SN at the headend, I would say there are certainly good reasons to do so, but I will defer that to a separate discussion.

Fan2>> Sure, expect to start this topic.

Fan>> I read the draft of replication segment, and have two questions if replication segment is used in redundancy protection.

1) I believe merging node should be as the downstream node, since the nodes in precedence of merging node should not be redundancy protection aware. In this case, there will be at least two identical downstream nodes. In replication segment, there is no definition of such a situation.

Zzh2> That is not explicitly excluded, and that does not mean it can’t be used.

Fan2>> Yes, it will import more parameters to replication SID, although replication SID has already had a complex logical structure.

2) The draft states replication SID MUST only appear as the ultimate SID in a SID list. What if the merging node is not the last node of the SRv6 E2E path?

 Zzh2> There is a requirement that there must be no “topological” SID. The intention is to prevent the situation where a node side comes after the replication SID, causing duplicate packets to that node. That is reasonable for the original intention of replication segment, but now it is reasonable to remove that because of this new use case of replication segment where we do want the replicated packets to the same merging node. We’d rather remove the restriction instead of defining a new segment.



Fan1>> if this restriction is removed, as draft-ietf-spring-sr-replication-segment states, the behavior at Downstream node of a replication segment is undefined. What is the solution here?

Zzh3> As I said already, the reason for that document to state so is because the topological segment would get duplicated packets. We did not think that makes sense in a regular replication situation, but obviously the redundancy use case is perfectly fine, so we will remove that text or modify accordingly to point out where it makes sense.



Fan2>> I understand there is actually a forwarding blackhole on merging node if it is not the last hop of SR path. Because in term of replication segment, merging node is the downstream node, and downstream node is also represented  as replication segment. For simplicity, merging node is assumed as leaf node. According to End.Replicate definition, MPLS label or IPv6+SRH header is removed at this time. There is no definition on how to forward the inner packet to next hop.

Unless End.Replicate is changed, simply removing the restriction of“MUST only appear as the ultimate SID in a SID-List”doesn’t work.



Moreover, as we discussed, if replication segment is used as redundancy segment,  the downstream node is actually the merging node. Merging node has its own endpoint behavior. I understand in replication segment definition, leaf node performs the endpoint behavior of replication segment.  Are you going to define another branch of merging segment endpoint behavior inside the replication segment?



Zzh3> No. Just put the your merging segment after the replication segment. The only change to replication segment is that for the replication node, you may augment it with the semantics of adding FI/SN. No other changes at all.

Fan2>> Draft-ietf-spring-sr-replication-segment states“Notice that the segment on the leaf node is still referred to as a Replication segment for the purpose of generalization.” In other word, segment on merging node is always replication segment, no way to perform the merging behavior defined in merging segment.

b). Even though IPv6 flow label could be encapsulated in header, it is used for ECMP or fragmentation, redundancy protection cannot simply reuse it since flow ID allocation has dependency on the merging node capability.

Zzh> IPv6 flow label is irrelevant here – it’s not discussed in either your draft/presentation or in my comments – so we can ignore this.

Fan>> I mentioned IPv6 flow label coz we had this discussion in DetNet WG. I agree we can come back to this thread when it is needed.

c). In protocol design, it is important to maximally reuse the existing implementation. However, instantiation of a segment is a different story. In RFC8986, there are 14 End behaviors and 4 headend behaviors defined. We understand the principle here is to keep the semantics of a segment and further functions definition neat to make the segment routing forwarding clear and efficient. To enhance the replication segment to support redundancy segment seems quite an opposite methodology.

 Zzh> RFC 8986 does specify additional flavors of End and End.X function with USP, PSP and USD behaviors which are modifications to base End and End.X function; exactly what we are proposing here – enhancing Replication Segment to add (FI,SN) when required.

Fan1>>If every function can be enhanced to one segment, it is really not necessary to define 15 End behaviors in RFC8986. One complex End behavior can do everything.

Fan>> can you explain more? I don’t see correlation between flavors and adding (FI,SN).

 2. Even for the scenario where the (FI, SN) information needs to be added by the redundancy node, the existing "replication segment" can be enhanced to add the (FI, SN) information.

-----[FY2]: Replication segment provides P2MP replication with target of supporting multicast service, and redundancy segment aims to provide redundant flow protection to URLLC services. Adding (FI, SN) doesn’t bring value to multicast services, and having the stitching capability of replication on redundancy node seems a waste and unpractical to URLLC service. Twisting them together in one segment results in a complicated function, where maybe only one type of service is required on the node.

 Zzh> Adding (FI, SN) information is only to replication segments that are used for replication for unicast redundancy purpose. It does not mean all replication segments will be added with (FI, SN) semantics.

 Fan>> How would you write the Boolean switch to differentiate the purpose of multicast replication and redundancy protection in one segment? And currently we don’t exclude the redundancy protection for multicast traffic.

Zzh2> There are two ways to do it.

Zzh2> 1. A replication segment now carries an additional attribute about adding FI/SN information. That does mean the redundancy node cannot use the same replication segment for both regular replication (w/o adding FI/SN information) and redundancy replication purposes. However, that does not mean we should not extend the existing replication segment for redundancy purpose. Also note an interesting use of replication segments here – say the redundancy node is N1 (who adds the FI/SN information) but the actual replication node could be N2. The replication tree does start at N1 but only one copy is sent to N2, who does the real replication. Now N1 will have two replication segments – one for regular multicast purpose and one for redundancy, but they will share the same replication segments downstream (because only the redundancy node adds the FI/SN information).

Fan1>> in fact, I think you raise a very good example to explain why we should not put replication segment and redundancy segment together as one segment. It makes the service deployment so complicated and confused.

Replication SID and Tree SID is defined for the P2MP scenarios. Why there are two SIDs defined because multicast services have root, bud, and leaf roles. However in redundancy protection, redundancy node has very straightforward and unique semantics. The endpoint behavior can be defined simple and clean. Why would I abandon a new segment with clear endpoint behavior but choose to become a branch of another segment’s behaviors? The reason not to introduce another segment is not very sound. Because anyway, you need to differentiate the purposes of original replication and redundancy protection separately in replication segment. I don’t understand what exactly resources we are saving.

Zzh3> A replication segment is a simple building block that replicates packets to a bunch of downstream nodes (and each replication branch can have a segment list to specify the path). A replication tree made of concatenated replication segments provide P2MP service from a root to many leaves, potentially via intermediate nodes.

Zzh3> As such, a single replication segment can be used for redundancy purpose – w/o any changes at all if the replication node does not need to add (FI,SN), and w/ a simple augmentation (a Boolean indication) to add (FI,SN) if the replication nodes needs to add (FI,SN).



Fan2>> Agree. This part of modification is fine. The key problem is described above.



Zzh3> What I describe in the above zzh2> is another example of using an replication tree when you don’t want to put all the burden on a single node.



Fan2>> This example gives a hint that operator should pay more attention on service deployment when both multicast and redundancy protection services exist in network.



Zzh3> As you can see, the replication segment (w/ the (FI,SN) augmentation when needed) and SR-P2MP (aka tree-sid) provides all the redundancy needs.

Fan2>> IMHO SR P2MP policy and Tree-SID is totally unnecessary for redundancy protection.

SR P2MP policy is identified by tuple <Root, Tree-ID>. The two parameters are meaningless and inappropriate for redundancy protection service. There isn’t a tree or root at all.

In our draft, redundancy segment performs the packet replication and adds (FI,SN), redundancy policy provides multiple simultaneous paths. The mechanism is much simpler than SR-P2MP policy/Tree-SID.

We don’t want to put unnecessary burden on redundancy protection implementation.



Zzh2> 2. We can separate out the semantics of adding FI/SN. This is easy to do with SRv6 – just use the argument bits to indicate that. For MPLS, a separate label may be used before the regular replication SID – that label will add the FI/SN information and the following replication SID will do the replication.

Fan1>> Adding FI is flow based, I don’t think it is a good idea to use segment based argument to indicate it.

Zzh3> I don’t understand the logic here. If and only if the packets of a flow include a replication segment w/ the (FI,SN) indication, then you get the desired result.



Zzh2> Not excluding redundancy protection for multicast traffic is actually a good reason to use replication segment 😊 You can see that a replication segment, either with “adding FI/SN” semantics embedded or explicitly indicated by a preceding “add FI/SN” label or by a trailing “add FI/SN” SRv6 arg bits, can be used for both multicast and unicast traffic. In case of multicast, as long as two or more branches eventually converge to the merge node, redundancy protection is achieved.

Zzh> I don’t follow your argument about “seems a waste and unpractical to URLLC service”.

 Zzh> I don’t follow your argument about “Twisting them together in one segment results in a complicated function where maybe only one type of service is required on the node” either. If you only need regular multicast service, the replication segment does not need the semantics to add (FI, SN) information. If you need redundancy protection then the replication segment does have the semantics to add (FI, SN) information). If you need both, then some will have that semantics and some will not; and if you have a scenario where you don’t need to add (FI, SN) information for redundancy protection then the existing replication segment w/o the additional semantics to add (FI, SN) information can be used for both. All can be achieved with a simple Boolean switch added to the replication segment.

Fan>> after seeing all these “if, then” shown above, I even feel more strongly to support separating two segments. ☺ In RFC8986, there is no single Endpoint behavior having such “if, then” structure to specify different functions.

 Zzh> Note that Replication Segment is not tied to multicast either (the draft only mentioned multicast once as one use case):

   We define a new type of segment for Segment Routing [RFC8402<https://urldefense.com/v3/__https:/tools.ietf.org/html/rfc8402__;!!NEt6yMaO-gk!Xgth91A6kCK6jXojQgQDaqWbfJ99HWzdkEjEJg3Wt5JxGsQ9uLf_E9w2WwrIuotL$>], called

   Replication segment, which allows a node (henceforth called as

   Replication Node) to replicate packets to a set of other nodes

   (called Downstream Nodes) in a Segment Routing Domain. Replication

   segments provide building blocks for Point-to-Multipoint Service

   delivery …



Zzh> It is about replicating packets to a set of other nodes – quite applicable here as a building block.

Fan>> I do think replication segment has a very elegant design, however identical downstream nodes, design of P2MP SR policy (indirectly involves Tree-ID) may seem burden too much on redundancy segment. But it is still very welcome to have further discussion on replication segment and redundancy segment.

Zzh2> Please see comments earlier 😊

Zzh2> Also tree-id is not a concern. Tree-ID is only needed when multiple replication segments need to be signaled to different tree nodes. A simple redundancy case is like ingress replication and only a single replication segment is needed so tree-id is just an internal thing on the redundancy node. Regardless, the key is that the existing redundancy segment concept can be used for redundancy purpose.

Fan1>> Tree SID and Tree-ID are useless for redundancy protection, what semantics it should be for redundancy protection?

Zzh3> The above has no base. Please see my earlier zzh3> comments.

Zzh3> Jeffrey



3. I wonder why (FI, SN) information is added as a TLV in the SRH. Would it be better to use DOH?

-----[FY3]: If the (FI,SN) is encapsulated in type of TLV, both SRH and DOH are feasible. Actually (FI,SN) information is only meaningful to merging node, putting them in the arg part of replication segment doesn't help.



Zzh> While I do think it is better to put the actual (FI, SN) information in the DOH, I did not talk about adding (FI, SN) information to the arg part of an SRv6 SID. I was saying that the argument of an SRv6 replication SID can serve as that Boolean switch to indicate if (FI, SN) information needs to be added.

Fan>> so far, this approach works for me.

Zzh2> It can work, but since only the merging node use the FI/SN information, it is more of a DOH thing instead of SRH thing.

Zzh2> Thanks!

Zzh2> Jeffrey

For #1, and #2, reusing/enhancing existing replication segment has the following benefits:



a. Reduce protocol/implementation work

b. Reduce the amount of state in the network (the same P2MP tunnel can be used for both multicast traffic and unicast redundancy)



b) can be achieved even with #2 (redundancy node needs to add (FI, SN) information): for SRv6, the semantics of adding (FI, SN) can be indicated by the arg part of the replication SID and for SR-MPLS it can be indicated by an additional label in front of the replication sid label. If using an addition label is a concern, then indeed a single label can be used to indicate both "add FI/SN information" and "replicate", but still the replication semantics can still be set up using the replication segment infrastructure.



For SR-MPLS, where would you put the (FI, SN) information? Seems that GDFH (draft-zzhang-intarea-generic-delivery-functions) is a good option and that can be used for SRv6 as well (anything in DOH that is actually independent of IP could be extracted out to GDFH).

-----[FY4]: For SR-MPLS, currently the authors plan to keep consistent with specification in RFC8964. The original intention of this draft is to provide a PREOF solution in SR data plane to DetNet. What's why the draft is discussed first in DetNet then comes to SPRING. And FYI, DetNet MPLS data plane uses a separate service label (S-Label) and PW MPLS Control Word [RFC4385] to carry FI and SN.



Zzh> I forgot that DETnet mpls data plane already reuses PW CW for SN information. That’s fine and no need to introduce GDFH for MPLS.

Zzh> Thanks.

Fan>> thanks for bring up this topic to a deeper discussion. Redundancy protection should be taken into consideration for both SP and vendor if URLLC services should be guaranteed.



Zzh> Jeffrey



Thanks.



Jeffrey



Juniper Business Use Only

_______________________________________________

spring mailing list

spring@ietf.org<mailto:spring@ietf.org>

https://www.ietf.org/mailman/listinfo/spring<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spring__;!!NEt6yMaO-gk!Rk0PGf0pg0nFb0yo3yrw4HCuRzBBn_xDVWjwUQ9HKkn1db_vI48SfuShKITTo6uG$>


Juniper Business Use Only
_______________________________________________
spring mailing list
spring@ietf.org<mailto:spring@ietf.org>
https://www.ietf.org/mailman/listinfo/spring<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spring__;!!NEt6yMaO-gk!Xgth91A6kCK6jXojQgQDaqWbfJ99HWzdkEjEJg3Wt5JxGsQ9uLf_E9w2W16NLBQX$>


Juniper Business Use Only


Juniper Business Use Only


Juniper Business Use Only


Juniper Business Use Only