Re: [spring] Lars Eggert's Discuss on draft-ietf-spring-sr-replication-segment-16: (with DISCUSS and COMMENT)
Rishabh Parekh <rishabhp@gmail.com> Wed, 23 August 2023 17:42 UTC
Return-Path: <rishabhp@gmail.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 371D2C1516E9; Wed, 23 Aug 2023 10:42:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BlaMfj_ShCFW; Wed, 23 Aug 2023 10:42:16 -0700 (PDT)
Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C182C15155E; Wed, 23 Aug 2023 10:42:16 -0700 (PDT)
Received: by mail-ed1-x52f.google.com with SMTP id 4fb4d7f45d1cf-52a1132b685so4171194a12.1; Wed, 23 Aug 2023 10:42:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1692812534; x=1693417334; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=UpMhE+p4JYAz13XpS3pt0hLLsyFa6sLv9jAX+bjIeTM=; b=I1e0jHpUQnGed3XnScFpOKml7DXVMkmI8GpCI0Xwgk2rREwcU8TJbijwzSCmU5Rc06 ts3tD7GnuXLijbmq9BfpEsA6u9GFDvUH2cx0pathZCrPq+1O9bvSwPMyM3VUx3/p8HQ7 NssdpIV0IVg9Ii6yCXjQWSDMUylrywc2FgMm/ypPhQ8p1ZqL3TFF0gmToIpLzRlHDK95 pC2CsH6Zq5gbI62qhapUCy/RbAWfkvcDjHQ+qvwzFfDNa9o12D1Mc9lC50Mn42IEGxqA YGRF8WEKUtegzK8Suvw/sjYa+Xxk5AH+SesIGiE0h5OEsMxrl5TBQh3ZoV8SB2LnTcAS 1Vyw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692812534; x=1693417334; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=UpMhE+p4JYAz13XpS3pt0hLLsyFa6sLv9jAX+bjIeTM=; b=HTnsFf4Njbf1ikybN35rkjcQr0dQMNdnNtsmbcXX4gj8bnTPcrIF/FUsEwaI2dLPjD GX0Zohx8Egf/arWMYZTJnQMm8bZvFygNFTte5oAPEGR7DnlGcbfnrj+MZtJVeqJPqni5 WkGoXFhwchQYgx8phkHjiROTeQyzV2dFYoCb74dWM9WU8TlF5v5sooDJw9c08xr293YK Pk1Rd1RZGtwUV+OQfiPNgxL+l7+pOS2VSa9nr4yUa7rn+lkhBaPP1aqM3fnYMkvHru4D Zvlmhtgg+gZo8PKCpnWdPHkrXYfOMnB7qKXKGE7gPIt7ZPF6TGNfeasyxvi6cmHhDTfc Zgdw==
X-Gm-Message-State: AOJu0Yxw5Ikrh7qu0bAztiLu4EdNF7AmKnsdjjoS65Jc8KnV0XElWpJb nks3IZ45P2NxzeaoYC7R9KwS0PrRH6XNIPGg8ow=
X-Google-Smtp-Source: AGHT+IFbw6R368/8GLTvFYHoIZoeKXbuTfrMchYPF+aZ7G8xMEaPtyCBdw2W0EE5y1Z29YXCUzwQhjUuYyu9BAHsb70=
X-Received: by 2002:aa7:d4cc:0:b0:523:5012:63d5 with SMTP id t12-20020aa7d4cc000000b00523501263d5mr10033985edr.16.1692812534280; Wed, 23 Aug 2023 10:42:14 -0700 (PDT)
MIME-Version: 1.0
References: <169113757232.15080.2703586835855766334@ietfa.amsl.com> <CABjMoXZPXeUYLwzfSr=sRVAqZQm1BOLB9KCPbXHrbqWrM769Vg@mail.gmail.com> <97A5A5D3-0E88-4F07-8072-91921E1540BD@eggert.org> <CABjMoXY865nJ_ET-QGAyULO=3WggrJ4Q7ZV0VjS9MGs1VaXF8Q@mail.gmail.com> <452FDC37-8151-46DA-8154-0EF1BD53CC64@eggert.org>
In-Reply-To: <452FDC37-8151-46DA-8154-0EF1BD53CC64@eggert.org>
From: Rishabh Parekh <rishabhp@gmail.com>
Date: Wed, 23 Aug 2023 10:42:02 -0700
Message-ID: <CABjMoXZ81nVQcRxxs7L4Y046MrsLeMX8jkVS0-DJy7tYMi=k3Q@mail.gmail.com>
To: Lars Eggert <lars@eggert.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-spring-sr-replication-segment@ietf.org, spring-chairs@ietf.org, spring@ietf.org, mankamis@cisco.com
Content-Type: multipart/alternative; boundary="000000000000c6f6cf06039aa156"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/O3SoRepMwT6sgwurmZ3QUTjSRmI>
Subject: Re: [spring] Lars Eggert's Discuss on draft-ietf-spring-sr-replication-segment-16: (with DISCUSS and COMMENT)
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Aug 2023 17:42:21 -0000
Lars, My point is this draft specifies behavior of a single replication segment which can be deployed for ingress replication like service (similar to End.DT2M for Layer 2 BUM) without needing a control plane - either by local provisioning on root and leaf nodes or by using overlay automatic discovery mechanisms like BGP MVPN procedures. Loops don't arise in this case unless underlying unicast point-to-point paths between a Root and Leaf nodes have loops, but this is out of scope of this document. Loops can only arise when replication segments are stitched together to form a P2MP tree. Typically, this requires a control plane; draft-ietf-pim-sr-policy is specification of one such control plane (using PCE as centralized P2MP compute). I think it is appropriate to document loop prevention or mitigation there. But it is not necessary to use a control plane to deploy a single replication segment. Hence I don't think this document needs to have a normative reference to the PIM WG draft. >> [RP2] No, it should not be forbidden, but left to other future documents that can address the MP2MP use-case or replication segment sharing, if required. >Those other documents should then update this one, allowing this option and describing the details. This is precisely why sharing of replication segment is out of scope of this document. Thanks, -Rishabh On Wed, Aug 23, 2023 at 2:59 AM Lars Eggert <lars@eggert.org> wrote: > Hi, > > On Aug 11, 2023, at 21:40, Rishabh Parekh <rishabhp@gmail.com> wrote: > > On Thu, Aug 10, 2023 at 12:54 AM Lars Eggert <lars@eggert.org> wrote: > > Hi, > > > > On Aug 10, 2023, at 00:24, Rishabh Parekh <rishabhp@gmail.com> wrote: > > > This document introduces packet replication functionality into SR > > > networks. This significantly increases and complicates the attack > > > surface of the technology while at the same time introducing severe > > > new misconfiguration possibilities (e.g., multicast amplification > > > loops that can lead to congestion collapse of the network.) This > > > document does not adequately describe and discuss these issues. > > > > > > [RP] May I ask what you think is missing in the Security section text > about loops? > > > > A way to detect and/or mitigate the effects of loop congestion. Or if > that cannot be done in this document, a requirement that this technology > MUST NOT be deployed without a control plane that either prevents loops or > detects and mitigates their effects, and a normative reference to those > control plane specs. > > > > [RP2] I will add a MUST requirement for a control plane to prevent or > detect/mitigate loops in steady state in the next revision. > > I'm missing a normative reference to at least one control plane that > satisfies this requirement. > > > Local provisioning of replication segments on SR nodes is valid too - > maybe we can add a SHOULD clause to prevent loops via local provisioning. > However, I don't think a normative reference to the control plane is > required because the behavior of a single replication segment - as > specified in this document does not necessitate a control plane. > > Safe deployment of this technology requires that loop congestion collapse > be prevented. If the only way to achieve this is by requiring a control > plane, that must be a normative reference. If there is some other way to > prevent loop congestion without a control plane, this document or a > normative reference must specify how this is done. > > > > Additionally, this documents needs to specify suitable > > > countermeasures - it is not sufficient to leave this up to > > > unspecified control plane mechanisms. > > > > > > [RP] This document is just specifying behavior of a single replication > segment. The use of PCE as a controller to create a tree by stitching > replication segments in specified in PIM WG document > (draft-ietf-pim-sr-p2mp-policy) and PCEP protocol extensions are described > in PCE WG doc (draft-ietf-pce-sr-p2mp-policy). > > > > draft-ietf-pim-sr-p2mp-policy is only cited informally, and > draft-ietf-pce-sr-p2mp-policy not at all. If they do contain these > countermeasures, they need to be cited normatively and their use needs to > be required. However, I just skimmed them and neither seems to discuss > loops or congestion? > > > > [RP] draft-ietf-pim-sr-p2mp-policy is really an "architecture" draft for > using PCE as a control plane for creating a tree by stichting replication > segments; draft-ietf-pce-sr-p2mp-policy is just PCEP signalling extensions > and hence not really referenced in this draft. Once we add the MUST > requirements in this draft, I will update draft-ietf-pim-sr-p2mp-policy to > satisfy this requirement. > > If draft-ietf-pim-sr-p2mp-policy is the control plane that contains the > loop congestion collapse protection, it must also become a normative > reference. > > > > ### Section 2, paragraph 18 > > > ``` > > > In principle it is possible for different Replication segments to > > > replicate packets to the same Replication segment on a Downstream > > > node. However, such usage is intentionally left out of scope of > this > > > document. > > > ``` > > > What was the intent of leaving this out? There seems to be complexity > > > here that can be abused, in which case I would have expected this to > > > either be explicitly forbidden or discussed in sufficient detail to > > > understand (and mitigate) the issues. > > > > > > [RP] This came up in WG discussion during WGLC about "sharing" a > downstream replication segment across multiple "upstream" replication > segments (possibly to enable Multipoint-to-Multipoint). Although this is > feasible, it is only possible to do this when a complex set of conditions > are satisfied. This adds complexity to both control plane and data plane > (like needing "outer" and "inner" replication segment context in packets). > Hence, it was kept out of scope of this document. > > > > So what you write seems to argue that this should then be explicitly > forbidden? > > > > [RP2] No, it should not be forbidden, but left to other future documents > that can address the MP2MP use-case or replication segment sharing, if > required. > > Those other documents should then update this one, allowing this option > and describing the details. > > Thanks, > Lars > >
- [spring] Lars Eggert's Discuss on draft-ietf-spri… Lars Eggert via Datatracker
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Lars Eggert
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Lars Eggert
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Lars Eggert
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh
- Re: [spring] Lars Eggert's Discuss on draft-ietf-… Rishabh Parekh