Re: [spring] Understanding the replication draft

"Joel M. Halpern" <jmh@joelhalpern.com> Wed, 01 July 2020 19:42 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03C423A0CA3 for <spring@ietfa.amsl.com>; Wed, 1 Jul 2020 12:42:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hJSwkb82gx-0 for <spring@ietfa.amsl.com>; Wed, 1 Jul 2020 12:42:39 -0700 (PDT)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56EB53A0CA2 for <spring@ietf.org>; Wed, 1 Jul 2020 12:42:39 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 49xs7z1Phmz1ntlm; Wed, 1 Jul 2020 12:42:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1593632559; bh=QwzNBk2vC2+i/3P89bbd8CD6p0+WD1PSIIH/H9hVWEE=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=K9bs7j11qOIBjFVaEYI2E0oStG/kYmFQYeqCSdMOdvLFq4Q44wA6BVQt/L/wfg+Nx ehp2/buMre65XGSyriskIFOKvp40e+0pUwC32bdbusUGCCazw83kudPyesm9YPKebR nsFcEl0h4eLyoVxpAf429BKTqVQvx4PThwvcVtaA=
X-Quarantine-ID: <rfLV7KXMBmMw>
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from [192.168.128.43] (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 49xs7y4sW1z1ny1d; Wed, 1 Jul 2020 12:42:38 -0700 (PDT)
To: Rishabh Parekh <rishabhp@gmail.com>
Cc: "spring@ietf.org" <spring@ietf.org>
References: <94415742-fc4e-1774-bf96-01eac3672bfb@joelhalpern.com> <CABjMoXYCsXb-iP55PsNWHBG187Lm7-2PXfgD3qRn_aD6ppDuMw@mail.gmail.com> <b3aaaa47-af61-6fc0-1086-bfd59efea061@joelhalpern.com> <CABjMoXY5S1Bx3rQM-0eyJfzh9iOgAZoGshs1wFqebnkVZ++G0w@mail.gmail.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <9b09cf1e-2cdf-850e-fd20-187421d3d4b3@joelhalpern.com>
Date: Wed, 1 Jul 2020 15:42:36 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0
MIME-Version: 1.0
In-Reply-To: <CABjMoXY5S1Bx3rQM-0eyJfzh9iOgAZoGshs1wFqebnkVZ++G0w@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/NYXM__I_jFetSnrI_H2TtkKTmKY>
Subject: Re: [spring] Understanding the replication draft
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jul 2020 19:42:41 -0000

Any SID behavior needs to be defined in a SPRING draft as far as I can 
tell.  PIM defines how those behaviors are triggered / associated.  At 
least, that is how I have understood all the other behavioral and 
routing protocol handling.  It is, for example, why the network 
programming draft was a SPRING draft and not an IDR or LSR draft.
So if "continue" is a new behavior, it needs to be defined here, not in 
a PIM draft.

And from everything you describe, this draft should require that the 
replication segment be the last element in the SID stack (label stack, 
...) as it appears in the packet at the time of reception and processing 
of the replication segment identifier.  That can result in local 
processing of the underlying packet, gatewaying of the packet to other 
multicast, replication of the packet with new SID stacks on the 
different replicas, etc.  But having a stack after the replication 
segment sure sounds like a recipe for disaster.

Yours,
Joel

On 7/1/2020 2:51 PM, Rishabh Parekh wrote:
> Joel,
> I now understand the question better with the example you provided.
> 
> The draft states that replication SID must be still part of the stack
> so that downstream node can process it appropriately. In your example,
> if replication SID is the same at all nodes, R-SID-1 will be in the
> label stack and will be the active SID when the packet reaches a given
> downstream node. In the use cases we describe, either the replication
> SID is the last SID in the stack and performs either a NEXT operation
> to process the payload, or a CONTINUE operation to stitch the packet
> to another replication segment as described in PIM WG draft, or both
> NEXT and CONTINUE. But the draft does not preclude NEXT operation of
> R-SID1 with the label stack in your example. Of course, care must be
> taken to avoid the "explosion" as you describe it. G-SID-2 has to map
> to a unique node; for example, it may be an Anycast-SID that takes
> packet to distinct nodes from each of the downstream node, or the
> downstream nodes can be border nodes connecting to other segment
> routing domains where G-SID-2 resolves to distinct nodes in each
> domain.
> 
> Although the use cases are not intended to cover the scenario you
> describe, maybe we can document this "explosion" in security
> considerations of the draft.
> 
> -Rishabh
> 
> 
> On Wed, Jul 1, 2020 at 9:24 AM Joel Halpern Direct
> <jmh.direct@joelhalpern.com> wrote:
>>
>> I am not sure I understand the answer.  I do see that the local
>> processing is described in the draft.  But that is not what I am asking.
>>
>> I am going to try to simplify the conventions to ask the question.  I
>> will list SIDs in the order they will be visited.  And mark G-SID-X for
>> a global SID, and R-SID-X for a replication SID.
>>
>> Suppose the stack looks like
>>
>> G-SID-1
>> R-SID-1
>> G-SID-2
>> G-SID-3
>> R-SID-2
>> G-SID-4
>>
>> So the packet gets delivered to the node identified by G-SID-1.  Great.
>> That node sees an R-SID which it understands.  So presumably it
>> replicates the packet, and sends the packet (possibly with some
>> prepended labels, presumably different prepended labels for different
>> destination, controlled by policy.  No problem with that part.)
>>
>> Now each of the packets geet to the end of the prepended labels, and
>> each copy sees G-SID-2.  At which point all of these various nodes that
>> have received copies of the packet all send it to the node identified by
>> G-SID-2.  Huh?  We just bombarded a node with useless and potentially
>> harmful copies of the packet.  then all those copies go to G-SID-3,
>> which then processes R-SID-2, and replicates each and every copy to some
>> set of destinations.  Which then eventually bombard the node identified
>> by G-SID-4.
>>
>> If the document said that the replication SID when it appears in the
>> stack must be the last SID in the stack, and was either terminal for SID
>> processing or was a binding SID, the above problem would be avoided.
>> But the draft does not say that.  Nor does your reply.
>>
>> Is there some other way this explosion is avoided?  This seems to need
>> to be described in the SPRING draft in order for any of us to understand
>> if the approach is what we want as a starting point.  just the idea of
>> replication segments is not, in my personal view, enough clarity or
>> value to be adopted as a working group document.
>>
>> Yours,
>> Joel
>>
>> On 7/1/2020 12:06 PM, Rishabh Parekh wrote:
>>> Joel,
>>> Your request was not "lost", but it fell between the cracks :)
>>>
>>> Anyway, responses inline.
>>>
>>> On Mon, Jun 29, 2020 at 3:17 PM Joel M. Halpern <jmh@joelhalpern.com> wrote:
>>>>
>>>> I asked the authors a version of this question, but apparently my
>>>> request got lost.
>>>>
>>>> For now, this is speaking as an individual.  And I sincerely hope that I
>>>> am merely missing something obvious.
>>>>
>>>> I can not figure out from the current draft how the replication segment
>>>> works in a SID (or label) stack.
>>>> Is there an unstated requirement that the segment must be the last one
>>>> in the stack?
>>>> If not, how is a global SID after teh replication SID understood?
>>>
>>> [RP] Replication SID does not need to be the last segment in the
>>> stack. Although Section 2 of draft does not state this explicitly, If
>>> there are other non-replication SIDs following the Replication SID,
>>> the NEXT operation at a downstream node of the segment should process
>>> those SIDs as normal.
>>>
>>>> Or is a replication SID implicitly also a binding SID, replacing the
>>>> rest of the stack no matter where it is in the stack?
>>>>       In which case it is implicitly effectively last?
>>>
>>> [RP] At a root or a Replication SID, when the active segment is a
>>> Replication SID, it does act like a Binding SID in that it steers the
>>> packet into the Replication segment towards downstream nodes. Note
>>> that additional SIDs might be added on top of the Replication SID to
>>> steer the packet from Root to a given downstream node. The Replication
>>> SID will be at bottom of any such SIDs added to steer the packet, but
>>> again it does not have to be the bottom most SID in the stack.
>>>
>>>> Given taht a replication segment is qualified to a node, what happens if
>>>> there is more than one in a stack?  Is it ignored when it hits a node it
>>>> does not apply to?
>>>
>>> [RP] On a given node, if an active SID in the stack is a Replication
>>> SID that the node does not understand, it cannot process the packet.
>>> This would be similar to any other kind of SID for which a node does
>>> not have any state.
>>>>
>>>> Do I believe this can be made to work?  Yes.
>>>> But I can not understand how the WG could adopt the work with its
>>>> current lack of clarity.
>>>> And this appears to me to be fundamental enough stuff that it can't be
>>>> left to documents in other WGs.  It seems central to the definition and
>>>> processing of replication SIDs.
>>>>
>>>
>>> [RP] Section 2 does specify behavior associated with Replication SID
>>> at different nodes in terms of PUSH, CONTINUE or NEXT operations. If
>>> it is not clear, we can enhance the text.
>>>>
>>>> Yours,
>>>> Joel - speaking as a participant
>>>>
>>>> _______________________________________________
>>>> spring mailing list
>>>> spring@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/spring
>>>
>>> _______________________________________________
>>> spring mailing list
>>> spring@ietf.org
>>> https://www.ietf.org/mailman/listinfo/spring
>>>