Re: [spring] Dynamic Proxy in SR service programming

Stefano Salsano <> Sun, 26 July 2020 00:31 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 222EE3A0143 for <>; Sat, 25 Jul 2020 17:31:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.b=LLE3Cw72; dkim=pass (2048-bit key) header.b=m2HgDo7p
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id FeYf-IC_JC-w for <>; Sat, 25 Jul 2020 17:31:56 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A70C53A0044 for <>; Sat, 25 Jul 2020 17:31:53 -0700 (PDT)
Received: from ( []) by (8.14.4/8.14.4/Debian-8) with ESMTP id 06Q0Viwe002928 for <>; Sun, 26 Jul 2020 02:31:50 +0200
Received: from [] (unknown []) by (Postfix) with ESMTPSA id CCFF21212B5 for <>; Sun, 26 Jul 2020 02:31:39 +0200 (CEST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed;; s=ed201904; t=1595723499; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dnJgdT0VBEIvF3oL5zug0iiifWYwzHrDHIF3TQtkNVc=; b=LLE3Cw722UEOe8RLEtIrkgxEbmLGufn9UXg0V3Szi2/5z6g/ChYA1QobkAzW4SlKn4YYjc 1+sY+RTbInmYgeCw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=rsa201904; t=1595723499; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dnJgdT0VBEIvF3oL5zug0iiifWYwzHrDHIF3TQtkNVc=; b=m2HgDo7pw6hrtK3MKtx6n34Hgg8+95zI9yR7jRE+zjMuFWXzi4I1KsryO26TbtRWb7WK60 B1bgYIJ1r6QjyrHVtHQI92lSPSjF0Sz5YEcXqbLdlfFhRlQ0/nVMBxMCfQEswEdfWtBzhx vtbltVshi3vez0vscgdWVHqqFW7Netf4Ik9iK8x4GNCWq/a2eHz0WbPcy0H+qxilG/Me1d 0kusbYpF3sz14fe2q/7ZGbs6EX3JqSSrNRIBBgQHdz7Wt4mCdjjZbQEAY2RI+0cn5I8SZi QcLIAl4Gj2G3PUd5i2Wdi/gEhPFNKE3JaomHJKAFUVLsI+NXBJ1o4rRRiCHRGA==
References: <>
From: Stefano Salsano <>
Message-ID: <>
Date: Sun, 26 Jul 2020 02:31:38 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=iso-8859-15; format=flowed
Content-Language: it-IT
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.100.0 at smtp-2015
X-Virus-Status: Clean
Archived-At: <>
Subject: Re: [spring] Dynamic Proxy in SR service programming
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 26 Jul 2020 00:32:00 -0000

Il 2020-07-25 19:49, Joel M. Halpern ha scritto:
> <chair hat off; speaking only as an individual member of the WG>
> In looking at the description of the dyanmic proxy behavior, I was 
> reminded of a problem that the SFC working group wrestled with and never 
> resolved to our satisfaction.  (In the SFC case, since we were not 
> specifying the behavior of the proxy, we could leave it to implementors. 
>   This document seems to be more specific.)
> As I understand the draft, the dyanicm proxy for a non-SR aware service 
> function can be handling packets subject ot multiple service policies. 
> That is desirable.  These separate policies will have separate cache 
> entries.  Also good.
> But as far as I can tell, the re-attachment of the cached header to the 
> returned packet (from the non-SR aware SF) is done based on first come, 
> first cache.

Hi Joel,

I'm speaking as an author of draft-ietf-spring-sr-service-programming-02 
(but I do not know if my opinion is agreed by all the authors)

my understanding of the dynamic proxy scenario is that a given "non-SR 
aware service function" (aka "legacy VNF") can be associated with a 
single Service Chain at a given time

so you can dynamically change the Service Chain by sending a Packet-2 
with a different SR policy with respect to Packet-1, but this is meant 
to change the Service Chain for the following packets of the flow, 
rather than to operate on a packet-by-packet basis

you are right that operating on a packet-by-packet basis leads to 
inconsistent behavior!

In draft-ietf-spring-sr-service-programming-02, the following limitation 
is associated to the static SR proxy, but it also applies to the dynamic 

    However, a static SR proxy
    segment can be used in only one service policy at a time.  As opposed
    to most other segment types, a static SR proxy segment is bound to a
    unique list of segments, which represents a directed SR service
    policy.  This is due to the cached SR information being defined in
    the segment configuration.  This limitation only prevents multiple
    segment lists from using the same static SR proxy segment at the same
    time, but a single segment list can be shared by any number of
    traffic flows.

This is he description of the dynamic proxy:

    The dynamic proxy is an improvement over the static proxy that
    dynamically learns the SR information before removing it from the
    incoming traffic.

Maybe it would be better to explicitly clarify that the same limitation 
of the static SR proxy is applicable: "only one service policy at a 
time"... the difference is that you can change this association 
dynamically, e.g. in the order of few seconds but NOT on a 
packet-by-packet basis

hope that it clarifies...


> What happens if, due to differences in internal processing, packets from 
> different service policies get swapped in time.  So packets go in 
> Packet-1, Packet-2, but come out Packet-2, Packet-1.  The text seems to 
> result in the proxy reattaching the SR information to the wrong packets?
> Am I misreading the text?
> Depending upon ones, reading, this may apply to a case where a single 
> device is service as multiple static proxies for a single non-SR aware 
> SF.  It was not clear if that was intended to be allowed, but if so the 
> same issue would seem to apply.
> Yours,
> Joel
> <chair hat returning to wherever it belongs.>
> _______________________________________________
> spring mailing list

Stefano Salsano
Professore Associato
Dipartimento Ingegneria Elettronica
Universita' di Roma Tor Vergata
Viale Politecnico, 1 - 00133 Roma - ITALY

E-mail  :
Cell.   : +39 320 4307310
Office  : (Tel.) +39 06 72597770 (Fax.) +39 06 72597435