IETF Logo Mail Archive

Re: [spring] Request comments/feedback on https://datatracker.ietf.org/doc/draft-zzhang-spring-microtap-segment/01/

Eduard Metz <etmetz@gmail.com> Mon, 04 March 2024 18:42 UTC

Return-Path: <etmetz@gmail.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CA80C14F5EA; Mon, 4 Mar 2024 10:42:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.004
X-Spam-Level:
X-Spam-Status: No, score=-7.004 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zTCLZu0dIJkN; Mon, 4 Mar 2024 10:42:28 -0800 (PST)
Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95476C17C89D; Mon, 4 Mar 2024 10:42:28 -0800 (PST)
Received: by mail-lj1-x22e.google.com with SMTP id 38308e7fff4ca-2d29111272eso77549991fa.0; Mon, 04 Mar 2024 10:42:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709577746; x=1710182546; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=invcNnMNtk9yZqWSBRyuHGj/lm5SPs38kREEcVW7+qM=; b=k/PscLy6daU5I5bDvjXwP8IFW6ruEOd9yDJ2yt00iw9L8XG4j7F0hHYUhrdhdTiudb AgyVF5NUTi2949hoN9zn/Kg0KZNV8eojkANdBmsP4pS6AVB4SkSn0ixy2T2wOJuEWPyZ XeyKM0V970Pg7KB+gqu4/dYC63x41Y1rpGrcFN5hKeXhhWlpWZVJM2caSbu/bnQKgc5R lws5AEJ+hBO447CfzfDTvRyfAu/Hs/PTkHyp5TQ78jQwfegX5D+Q7tXoMXGhxRnlraJt w2RQzWl3d5wy7x3dGJUxZt74NEVpVSpzxVv3xdr85aniq9XXyS/Upid3Vlg4T5yP5BDI jQIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709577746; x=1710182546; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=invcNnMNtk9yZqWSBRyuHGj/lm5SPs38kREEcVW7+qM=; b=Cp7a71CbpdNPKxkasvTIgfhcLt4PUh1oLHPPjpKAOd0hsDddB/FCSNhEVMhLofHDDb 2MdE+A9LHXS8S9qPQ67/VFnqlGjjWki30O5M1ZOh5HSz8ixXmkh0lzcFhshUCi1YGhtt Iyucb8NYzSqhQFuYv2oby4r6Vz9JC42jSxTxyl5auGemsSD4z+8qkjm7Ek8lchfvC0GN pf2ViNFuycS4XG7rVUvpS/fovf2mHVGeF9KWCkkWteoRVUR0d5Z0W3NB4DnJQMt4gNCd uMk1IBUAQL14uBXOIIzxLoTaS+YKh9IwL4dMTowdlfLFEpFMb3+TVcpTPPskR9Abst9P cwmQ==
X-Forwarded-Encrypted: i=1; AJvYcCU64v6w9KzPvs4ds/p6SATrXOdd8ddNWATnMc5OsV8EwmN7ZRm3xT1ZQ/2OBgy6d5R+9gdb/gQ260rJ/a1h4qlkpZH8Xj/2gRa15FXCkSNCG9xHgF4OvvXSfTYHJ2f9dzm1L8RCvyjZh7ChQMHidQ==
X-Gm-Message-State: AOJu0YysPxhG8Amdo92u2hvTIVx+qPKLlW75kgbwTTcz73FNJ50vbzN7 nG9KMaDaR3FnJ/DtnFwgX9CRi1BFeeluLdAApzNCHqKW1Q9wdynxe024vSb+v7D0m9VAwR0bmUc JgfE57yXGrTHzCya9uButd1mz6WM+5g8i4HA=
X-Google-Smtp-Source: AGHT+IH1NCxlqzmheJ9/xw9Rlz+biiGpGEaaKGVz0W6X+Tp2m3y2RAKkBrqkLJJrJapfdyaOefH6zau7rQcN0BhVJk4=
X-Received: by 2002:a05:6512:3f2a:b0:513:472c:1f50 with SMTP id y42-20020a0565123f2a00b00513472c1f50mr2916351lfa.52.1709577746187; Mon, 04 Mar 2024 10:42:26 -0800 (PST)
MIME-Version: 1.0
References: <CAKsJ_vjpjKC=9wDboxVK0UZFE=_SnogrwWKso-AaQ0eezq4WBw@mail.gmail.com> <3187342B-DA67-4857-A4E6-926CF54861D2@gmail.com> <CAG=3OHdWa_iVxJtB_VpdWDHdPqa3KgYsBstBnff1qxyHP-m=mw@mail.gmail.com> <IA1PR05MB9550E87D724EE6BF856122CFD45E2@IA1PR05MB9550.namprd05.prod.outlook.com> <CAG=3OHceBJnFMQbzqXKiSX5hY_-=hNnYEkACzxCijAVG+sC=+Q@mail.gmail.com> <IA1PR05MB9550D177461210A5DE0DA7B7D45C2@IA1PR05MB9550.namprd05.prod.outlook.com>
In-Reply-To: <IA1PR05MB9550D177461210A5DE0DA7B7D45C2@IA1PR05MB9550.namprd05.prod.outlook.com>
From: Eduard Metz <etmetz@gmail.com>
Date: Mon, 04 Mar 2024 19:42:14 +0100
Message-ID: <CAG=3OHcYTaL1s-Ujqi_7M=VuJFoaUDkGd2sfp+-LCyGWj8vxVA@mail.gmail.com>
To: "Jeffrey (Zhaohui) Zhang" <zzhang@juniper.net>
Cc: Jeff Tantsura <jefftant.ietf@gmail.com>, Ryan Hoffman <ryan.hoffman=40telus.com@dmarc.ietf.org>, "spring@ietf.org" <spring@ietf.org>, "draft-zzhang-spring-microtap-segment@ietf.org" <draft-zzhang-spring-microtap-segment@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004712be0612da161c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/WOEYJ2D1nPELu1MsBhz5UA2BAcU>
Subject: Re: [spring] Request comments/feedback on https://datatracker.ietf.org/doc/draft-zzhang-spring-microtap-segment/01/
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2024 18:42:32 -0000

Zzh2> For comparison, the method in the draft is that an additional
microtap SID is inserted after S2: (S1, S2, Tm, S3, S4). Tm is the microtap
SID advertised by the node connecting to the monitor.

Indeed, I was suggesting something like:

S1, S2’, S3, S4, for SRv6, where "Tm" is encoded in the argument of S2'

Or

S1, S2’, Tm, S3, S4; where S2' points to the microtap function in N2 (and
takes Tm as the "argument")


Zzh2> Not due to the SID type, but due to the fact that the SID is simply
an IPv6 address, so a less specific route may be matched

Understood, this is what I would expect for SRv6.
And for SR-MPLS the desired behaviour is that "Tm" will be installed only
by nodes with microtap capability, based on the advertised type of the "Tm"
SID?

 cheers,
  Eduard






On Sun, Mar 3, 2024 at 2:06 PM Jeffrey (Zhaohui) Zhang <zzhang@juniper.net>
wrote:

> Hi Eduard,
>
>
>
> Please see zzh2> below.
>
>
>
> Juniper Business Use Only
>
> *From:* Eduard Metz <etmetz@gmail.com>
> *Sent:* Sunday, March 3, 2024 7:14 AM
> *To:* Jeffrey (Zhaohui) Zhang <zzhang@juniper.net>
> *Cc:* Jeff Tantsura <jefftant.ietf@gmail.com>; Ryan Hoffman <ryan.hoffman=
> 40telus.com@dmarc.ietf.org>; spring@ietf.org;
> draft-zzhang-spring-microtap-segment@ietf.org
> *Subject:* Re: [spring] Request comments/feedback on
> https://datatracker.ietf.org/doc/draft-zzhang-spring-microtap-segment/01/
>
>
>
> *[External Email. Be cautious of content]*
>
>
>
>
>
> Thanks, see inline / below.
>
>
>
> /Eduard
>
>
>
>
>
>
>
> Few comments after first read:
>
> - For SRv6 the procedure may be slightly different, ie steer traffic via
> MicroTAP capable node or have MicroTAP as integrated capability of
> "default" forwarding (of capable nodes) and indicate the parameter - this
> is the approach in the current draft if I understand correctly.
>
>
>
> Zzh> The microtap segment belongs to the node connected to the monitor,
> which is typically not in the path of most traffic. When a capable node in
> the normal traffic path encounters a microtap SID (which is not advertised
> by that node), it makes a copy and send the copy to the owner of the
> microtap SID (while continue to forward the original copy after removing
> the microtap SID).
>
> Zzh> Therefore, it is not an integrated capability of “default” forwarding
> (of capable nodes).
>
>
>
>
>
> [EM] Makling a copy based on the microtap SID (instead of simply
> forwarding it) is what I referred to as an integrated capabiltiy of the
> basic SR forwarding. In SRv6 alternatively one could add a SID that points
> (explicitly) to the microtap (replication) function (with the reference to
> the microtap SID as the argument) , instead of triggering a different
> behaviour based on the value of a SID.
>
>
>
> Zzh2> The microtap SID from the node that connects to the monitor does
> explicitly point to the microtap function on each tapping node. That is
> analogues to that a prefix SID from a node has a function on each node as
> “forward to the prefix”.
>
> Zzh2> If I understand you correctly, let’s say if the normal explicit path
> is (S1, S2, S3, S4) where each Sx is a node SID for a node Nx, you’d use
> S1, S2’, S3, S4 when you want N2 to tap it, where S2’ is N2’s microtap SID
> for a particular monitor.
>
> Zzh2> This means that each tapping-capable node needs to advertise an
> additional SID. That may not be desired, but we can discuss if that should
> be a preferred solution or an alternative.
>
> Zzh2> For comparison, the method in the draft is that an additional
> microtap SID is inserted after S2: (S1, S2, Tm, S3, S4). Tm is the microtap
> SID advertised by the node connecting to the monitor.
>
> - Section 2.3 describes that if a MicroTAP SID becomes the active on the a
> node not supporting the MicroTAP capability, the packet would be dropped. I
> wondered if this is correct? Wouldnt the packet be forwarded to the
> "monitor" node? This breaks the communication effectively, but not a drop
> at the node not supported MicroTAP.
>
>
>
> Zzh> A node not supporting MicroTAP will not advertise its capability or
> install the forwarding state for MicroTAP SIDs (advertised by the nodes
> connected to the monitors).
>
> Zzh> As a result, other nodes SHOULD NOT place a MicroTap SID after the
> node/adj SID for the incapable node. In the unlikely case if that happened,
> in the case of MPLS the packet will simply be dropped (there is no
> corresponding state). In the case of SRv6, there might not be a
> corresponding IPv6 route either and traffic will also be dropped. But if
> there is a less specific route covering that MicroTap SID, then it will be
> forwarded accordingly. We will add that clarification.
>
>
>
> [EM] Ah, this is due to the SID type? Some clarification would be useful
> indeed.
>
> Zzh2> Not due to the SID type, but due to the fact that the SID is simply
> an IPv6 address, so a less specific route may be matched.
>
> Zzh2> Thanks!
>
> Zzh2> Jeffrey
>
>
>
>
>
> - In general, or least for intercept, one would be interested in both
> directions of a traffic stream (e.g to / from a specific IP). To
> address this, the MicroTAP SID would need to inserted on all relevant
> ingresses. And the monitor may receive packets from different MicroTAP
> capable nodes. This may have implications for the use of IOM header (e.g.
> to avoid duplicate sequence ids)
>
>
>
> Zzh> A monitor is going to receive tapped packets from all over the places
> (it all depends on which packets carry the MicroTap SID and where in the
> SID list), but unless a MicroTap SID is repeated (in different places of
> the SID list) in the packet, the monitor will only receive one tapped copy
> for a particular packet. I also imagine that an ingress is likely
> coordinating with the monitor when it places the MicroTap SID, even though
> that’s outside the scope of this draft.
>
> Zzh> Can you explain the implications for the use of IOM header?
>
>
>
> [EM] I wondered whether the sequence ID would be sufficient or additional
> info is needed, e.g. to identify a tapped traffic stream and establish if
> all tapped packets have been received at the monitor. At the source one may
> want to add additional information anyway to identify a tapped traffic
> stream, e.g. to combine and/or demultiplex packets at the monitor.
>
>
>
>
>
>
>
>
>
> Zzh> Thanks.
>
> Zzh> Jeffrey
>
>
>
> cheers,
>
>   Eduard
>
>
>
>
>
> On Wed, Feb 28, 2024 at 4:52 AM Jeff Tantsura <jefftant.ietf@gmail.com>
> wrote:
>
> Seems like a very useful feature indeed.
>
>
>
> Cheers,
>
> Jeff
>
>
>
> On Feb 27, 2024, at 07:15, Ryan Hoffman <ryan.hoffman=
> 40telus.com@dmarc.ietf.org> wrote:
>
> 
>
> TELUS intends to deploy this microTap segment feature once available in
> vendor NOS after thorough testing in our lab.  We'd expedite TELUS testing
> and deployment when available from vendors, as this is a much needed
> feature in our network.
>
>
>
> Thanks,
>
> Ryan Hoffman
>
>
>
> On Wed, Apr 5, 2023 at 3:28 PM Jeffrey (Zhaohui) Zhang <zzhang@juniper.net>
> wrote:
>
> Hi,
>
> The authors of this draft would like to get your feedback on this draft.
>
>    This document specifies a microTap segment that can be used to
>    instruct a transit node to make a copy of a segment-routed packet and
>    deliver it to a specified node for the purpose of network monitoring,
>    trouble shooting, or lawful intercept.
>
> Due to the limit of Spring WG session time we have not been able to
> present it but we submitted slides before:
> https://datatracker.ietf.org/meeting/115/materials/slides-115-spring-slides-115-spring-microtap-segment-00
> <https://urldefense.com/v3/__https:/datatracker.ietf.org/meeting/115/materials/slides-115-spring-slides-115-spring-microtap-segment-00__;!!NEt6yMaO-gk!EKhg-4oZEfTFYJNmgp8IGr1V5a4BR45VWyFGE1yjXKX5wyy_b1J1I5V1a1TwceJBWn4B_S11vdYmbIo$>
> .
>
> Thanks.
> Jeffrey
>
> Juniper Business Use Only
>
> _______________________________________________
> spring mailing list
> spring@ietf.org
> https://www.ietf.org/mailman/listinfo/spring
> <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spring__;!!NEt6yMaO-gk!EKhg-4oZEfTFYJNmgp8IGr1V5a4BR45VWyFGE1yjXKX5wyy_b1J1I5V1a1TwceJBWn4B_S11CmS-d-Q$>
>
> _______________________________________________
> spring mailing list
> spring@ietf.org
> https://www.ietf.org/mailman/listinfo/spring
> <https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spring__;!!NEt6yMaO-gk!EKhg-4oZEfTFYJNmgp8IGr1V5a4BR45VWyFGE1yjXKX5wyy_b1J1I5V1a1TwceJBWn4B_S11CmS-d-Q$>
>
>

v2.23.0 | Report a Bug | By Email