Re: [spring] WG Last Call draft-ietf-spring-nsh-sr

bruno.decraene@orange.com Tue, 22 June 2021 12:33 UTC

Return-Path: <bruno.decraene@orange.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B4743A236C; Tue, 22 Jun 2021 05:33:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w6sZyyZACm9u; Tue, 22 Jun 2021 05:33:28 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70C243A236B; Tue, 22 Jun 2021 05:33:27 -0700 (PDT)
Received: from opfednr05.francetelecom.fr (unknown [xx.xx.xx.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by opfednr23.francetelecom.fr (ESMTP service) with ESMTPS id 4G8QmM6lCTz5vgM; Tue, 22 Jun 2021 14:33:23 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1624365203; bh=0OPXlJZ5n55iEGX/WJd+VYTQ/9fND55CSga6Ca7uW3Q=; h=From:To:Subject:Date:Message-ID:Content-Type:MIME-Version; b=OQOGOnVOeGns7vH5Tyg6CVyFEALKChxi7cD9gsh2bOxTGIz4cFp4MM9hdLZa00gi+ RyKK6cNAfx/JsOblgipGCHX9Yy8J1aTBCds4XzGBC3cyFhzW/E99Wi1xWjWBiOl6ZX ZTsNL3W++DqS++UkVavY7psV0R38UBNIKDIeCWUjLgmaoymBtXcTan7xazPAC8Nn95 9xq2hdtFM8hYkAULt8u/cUagXBfiQKugI+PNqjr01Ad7HbkNHWJgSbNbegJ1PYx7Nv YPHjMZ54gD9nClqzNoIGydYRI9xESyRwi6xym8nWlfdsiGY3zuYvVpNSkJRI2MgQ9M zhAeHY0V/oOnw==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by opfednr05.francetelecom.fr (ESMTP service) with ESMTPS id 4G8QmM5ZRZzyQT; Tue, 22 Jun 2021 14:33:23 +0200 (CEST)
From: <bruno.decraene@orange.com>
To: James Guichard <jguichar@futurewei.com>, "spring@ietf.org" <spring@ietf.org>
CC: "draft-ietf-spring-nsh-sr@ietf.org" <draft-ietf-spring-nsh-sr@ietf.org>
Thread-Topic: WG Last Call draft-ietf-spring-nsh-sr
Thread-Index: Adb/EbzdQyDXcLfTRQ6v+vtwpmiyOgAABBewEhO1tZAFRL5gMAH3kCIQAMPkpdA=
Date: Tue, 22 Jun 2021 12:33:23 +0000
Message-ID: <27549_1624365203_60D1D893_27549_177_1_53C29892C857584299CBF5D05346208A4CDF47BD@OPEXCAUBM43.corporate.adroot.infra.ftgroup>
References: <25012_1612895472_6022D4F0_25012_72_1_53C29892C857584299CBF5D05346208A490C4A3A@OPEXCAUBM43.corporate.adroot.infra.ftgroup> <3058_1612896034_6022D722_3058_18_1_53C29892C857584299CBF5D05346208A490C4AE4@OPEXCAUBM43.corporate.adroot.infra.ftgroup> <MN2PR13MB420694920BB2C388FF833387D22C9@MN2PR13MB4206.namprd13.prod.outlook.com> <28823_1623169127_60BF9867_28823_29_1_53C29892C857584299CBF5D05346208A4CDC8DB3@OPEXCAUBM43.corporate.adroot.infra.ftgroup> <MN2PR13MB42063DEA31BA4160BAA3034DC20D9@MN2PR13MB4206.namprd13.prod.outlook.com>
In-Reply-To: <MN2PR13MB42063DEA31BA4160BAA3034DC20D9@MN2PR13MB4206.namprd13.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: multipart/alternative; boundary="_000_53C29892C857584299CBF5D05346208A4CDF47BDOPEXCAUBM43corp_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/XmAl5FvY_K_U3IrKpict3I4Rq5s>
Subject: Re: [spring] WG Last Call draft-ietf-spring-nsh-sr
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Jun 2021 12:33:33 -0000

Hi Jim,

Thanks for the latest version and your replies.
Please see inline [Bruno2]

As an aside, I'm waiting for the reviews from the RTG and INT directorate. https://datatracker.ietf.org/doc/draft-ietf-spring-nsh-sr/history/
In the meantime, I'm initiated the shepherd write up.

From: James Guichard [mailto:jguichar@futurewei.com]
Sent: Friday, June 18, 2021 5:00 PM
To: DECRAENE Bruno INNOV/NET <bruno.decraene@orange.com>om>; spring@ietf.org
Cc: draft-ietf-spring-nsh-sr@ietf.org
Subject: RE: WG Last Call draft-ietf-spring-nsh-sr

Hi Bruno,

Latest version covers most of your comments I think. Please see inline.

From: bruno.decraene@orange.com<mailto:bruno.decraene@orange.com> <bruno.decraene@orange.com<mailto:bruno.decraene@orange.com>>
Sent: Tuesday, June 8, 2021 12:19 PM
To: James Guichard <jguichar@futurewei.com<mailto:jguichar@futurewei.com>>; spring@ietf.org<mailto:spring@ietf.org>
Cc: draft-ietf-spring-nsh-sr@ietf.org<mailto:draft-ietf-spring-nsh-sr@ietf.org>
Subject: RE: WG Last Call draft-ietf-spring-nsh-sr

Hi Jim,

Thanks for your reply.
Please see inline [Bruno]

From: spring [mailto:spring-bounces@ietf.org] On Behalf Of James Guichard
Sent: Tuesday, May 18, 2021 5:13 PM
To: DECRAENE Bruno TGI/OLN <bruno.decraene@orange.com<mailto:bruno.decraene@orange.com>>; spring@ietf.org<mailto:spring@ietf.org>
Cc: draft-ietf-spring-nsh-sr@ietf.org<mailto:draft-ietf-spring-nsh-sr@ietf.org>
Subject: Re: [spring] WG Last Call draft-ietf-spring-nsh-sr

Hi Bruno,

Following up on this. Please see inline.

From: bruno.decraene@orange.com<mailto:bruno.decraene@orange.com> <bruno.decraene@orange.com<mailto:bruno.decraene@orange.com>>
Sent: Tuesday, February 9, 2021 1:41 PM
To: spring@ietf.org<mailto:spring@ietf.org>
Cc: draft-ietf-spring-nsh-sr@ietf.org<mailto:draft-ietf-spring-nsh-sr@ietf.org>
Subject: RE: WG Last Call draft-ietf-spring-nsh-sr

Hi authors, WG,

Speaking as the shepherd.

Thanks for the -04 which answer my previous set of comments.

I've reviewed the document again, focusing on the new text. Please find below some additional comments.

===
SR-MPLS  §6.1

" At the end of the SR-MPLS path it is necessary to provide an
   indication to the tail-end that NSH follows the SR-MPLS label stack
   as described by [RFC8596]."

My understanding is that RFC8596 performs the above goal by adding an SFF label at the bottom of the stack. In which case it would not be mandatory to disable Penultimate Hop Popping on the prefix SID as draft-ietf-spring-nsh-sr-04 is mandating.

I"m seeing two options that you could either choose from or describe both:
- a prefix SID dedicated to NSH. In which case PHP needs to be disabled and there is no need for the SFF label specified in RFC8596 (alternatively, this prefix SID is _the_ SFF label defined in RFC8596, although 8596 refers to a local label(segment) while usually a prefix SID is a global segment)
- use a multi-purpose prefix SID. In which case, indeed " At the end of the SR-MPLS path it is necessary to provide an  indication to the tail-end that NSH follows the SR-MPLS label stack  as described by [RFC8596].

Jim> I believe this is clarified in -v05. The new text says:

   As described in [RFC8402], the IGP signaling extension for IGP-Prefix
   segment includes a flag to indicate whether directly connected
   neighbors of the node on which the prefix is attached should perform
   the NEXT operation or the CONTINUE operation when processing the SID.
   When NSH is carried beneath SR-MPLS it is necessary to terminate the
   NSH-based SFC at the tail-end node of the SR-MPLS label stack.  This
   is the equivalent of MPLS Ultimate Hop Popping (UHP) and therefore
   the prefix-SID associated with the tail-end of the SFC MUST be
   advertised with the CONTINUE operation so that the penultimate hop
   node does not pop the top label of the SR-MPLS label stack and
   thereby expose NSH to the wrong SFF.  This is realized by setting No-
   PHP flag in Prefix-SID Sub-TLV [RFC8667], [RFC8665].  It is
   RECOMMENDED that a specific prefix-SID be allocated at each node for
   use by the SFC application for this purpose.

   Alternatively, if NEXT operation is performed, then at the end of the
   SR-MPLS path it is necessary to provide an indication to the tail-end
   that NSH follows the SR-MPLS label stack as described by [RFC8596].

So there are two options as you indicate above. 1) use the prefix segment as the indicator as described by the 1st paragraph in the new text, or 2) use an SFF label as described by the second paragraph.

[Bruno] There are two options but the text currently says that the first option MUST be used ("the prefix-SID associated with the tail-end of the SFC MUST be advertised with the CONTINUE operation") which seems to nullifies the second paragraph ("Alternatively, ").
So may be some rephrasing may be needed to indeed allow both options.

Jim> Covered in latest version.
[Bruno2] In -06, I'm not seeing any change related to this section 6.1

Also
"   At the end of the SR-MPLS path it is necessary to provide an
   indication to the tail-end that NSH follows the SR-MPLS label stack
   as described by [RFC8596]."

In the scheme "SR-based SFC", "the end of the SR-MPLS" is only the last SF (not all other SF on the SF chain).
So how does others SFC have an indication that the NSH follows the SR-MPLS label stack?
Alternatively something along :s/ end of the SR-MPLS path/for all the SF along the SR-MPLS path

Jim> as far as I can tell "other SFC" do not need an indication as the prefix SID has End.NSH action so they will remove and cache the SR stack and forward the NSH packet to the SF associated with the prefix SID.

[Bruno] OK for SRv6.

For SR-MPLS, how does this work? Draft says "In the case of SR-MPLS this will be a prefix SID [RFC8402<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc8402&data=04%7C01%7Cjguichar%40futurewei.com%7Cdcd09bcf14b84c5ab81608d92a991953%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C1%7C637587659333473559%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=7p4OEBu%2Fztrqd3ZxPPAg0D4bSwgGSptR%2Ba%2FerR7zLkg%3D&reserved=0>]"

 - Can it use the "regular" prefix SID? (draft only says that It is RECOMMENDED that a specific prefix-SID be allocated at each node for use by the SFC application for this purpose.)

 - If not, does it needs a specific & dedicated IP address? (RFC8402 seem to mandate that a Prefix Segment be an IGP prefix segment and that a single prefix-SID be advertised per tuple <prefix, topology, algorithm>

 - How does the ingress know that this Prefix SID is to be used for SR-based SFC? And only to be used for SR-based SFC?

Jim> In MPLS (including SR-MPLS) nodes uses labels as they please.  So yes, an SFF that may also be an MPLS switch needs to advertise separate labels to indicate that they are used for SFF processing (looking at the NSH).  As far as I know, MPLS / SR-MPLS has never standardized how this is indicated / coordinated.  By assumption, the PCE / Ingress classifier knows what labels to use.
[Bruno2] OK.
--Bruno



Jim

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.