Re: [spring] “SRV6+” complexity in forwarding

Ron Bonica <rbonica@juniper.net> Tue, 17 September 2019 01:59 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D9881200F8; Mon, 16 Sep 2019 18:59:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yGxRDh-wd7OD; Mon, 16 Sep 2019 18:59:30 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2E0D1200D7; Mon, 16 Sep 2019 18:59:29 -0700 (PDT)
Received: from pps.filterd (m0108160.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x8H1xG2j007900; Mon, 16 Sep 2019 18:59:18 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=XMrbHbswFYhCgrXVhh89SBDtPI4i6Z7h96ZE96LubF4=; b=ASsg5og/dZ1LiOPbdJK9qEaNENYZPvbS5IKEVN1VSMY+ISo241T5BUCY2i5ppUedaSAX u8Zoh8DJ3rKegE2mmhv6q3mEe554JHlZcdq8V68I8ptUI6w2WlOdnUQmdfX9jIRG9YhH 07naZU6nJyc5F6oR8J4fANcA5GuDKFYXeJDTpr5jG8jwy5JS1acBQjHM8VayKneGJVWD 9R18j6nhgeLMJSolJEyXb5ud3CZw5YzmaBMseTpCCmC9QLTAw4Fh5p+bW2ExeZ04Y5Yu lNqQLWhm+PK38KGejLH5tHlaU5B0gw/mp3kAK48b+OPERi58ODMgJ11ziK3KcFOhk8ME vg==
Received: from nam01-bn3-obe.outbound.protection.outlook.com (mail-bn3nam01lp2052.outbound.protection.outlook.com [104.47.33.52]) by mx0b-00273201.pphosted.com with ESMTP id 2v2dar0uxw-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 16 Sep 2019 18:59:18 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TyCkJdo8FKgiqpTAAAIqb9UyD6ZiBvxqEqqSOOMKxDyDNU8eogP0tO56EEcErUe1IiPUc+ahNXms+HasT6h3BKRcXywsOlomxiu0w7euX1g5K2lSsvk99gpKpdqMZr+nqvdyIQWTzGp5IBxTKGywF1kEfYezfQT6wBDw2oChJG3S8rrWL+JYQKSagl1dmfVX2QvuSgDmhyOxgqsEXVm9WG5WQ4vPfqtzb6BuTf4ah0F4gMnJoFXg0fxqFz6RbvvMg6F1fh5yDixklLSJ6kU7WWiXTKB55MhfBdwr30Al9iX0qjw6QDENK+R5MS+sqGW9vHm6nPsNn3yoxpZJ9E9Htg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XMrbHbswFYhCgrXVhh89SBDtPI4i6Z7h96ZE96LubF4=; b=fjid/VKOemUVTCmzAdXYXBAAckmTtwQdFkFWr+3nDnpzu5QpqaUqtzUV0KC1zh3W9n2IeoAP8EPF99AHfxwISnRqsIa8yAI7zYlDrxw1PifpyKQbY0XNNj1xbjdvJajxJIRAHH1C5K3pa1b8GVn57pi5kUis2VhJEaiWoN7OikhQxowSC2dy1DwKp6x6HKLJtAjLtXK1IBfGiMrn+syU0TsDEvx12eovZrw0j1dXAqKXWL7yp63l+5kjtxTcXAKreTmSUZ4+/zBvVfG7UecqVS4bnG/NlYn9MdA2olh7BAShXhXOzYq7pW2AmdixgEqNHk87SdExePlndwYGz0VWHQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
Received: from BYAPR05MB5463.namprd05.prod.outlook.com (20.177.185.144) by BYAPR05MB6120.namprd05.prod.outlook.com (20.178.54.213) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2284.15; Tue, 17 Sep 2019 01:59:14 +0000
Received: from BYAPR05MB5463.namprd05.prod.outlook.com ([fe80::f4f2:f284:d49a:890a]) by BYAPR05MB5463.namprd05.prod.outlook.com ([fe80::f4f2:f284:d49a:890a%4]) with mapi id 15.20.2284.009; Tue, 17 Sep 2019 01:59:14 +0000
From: Ron Bonica <rbonica@juniper.net>
To: "Darren Dukes (ddukes)" <ddukes@cisco.com>
CC: Mark Smith <markzzzsmith@gmail.com>, "EXT - daniel.bernier@bell.ca" <daniel.bernier@bell.ca>, "xiechf@chinatelecom.cn" <xiechf@chinatelecom.cn>, SPRING WG <spring@ietf.org>, 6man <6man@ietf.org>, Robert Raszuk <robert@raszuk.net>, Rob Shakir <robjs@google.com>, Tarek Saad <tsaad.net@gmail.com>
Thread-Topic: =?Windows-1252?Q?=93SRV6+=94_complexity_in_forwarding?=
Thread-Index: AQHVbM6iBD2vmdhhC0CHW2Z2/PIyC6cvDt0w
Content-Class:
Date: Tue, 17 Sep 2019 01:59:14 +0000
Message-ID: <BYAPR05MB5463426F1668202EE5F183EFAE8F0@BYAPR05MB5463.namprd05.prod.outlook.com>
References: <CAHd-QWtA21+2Sm616Fnw0D-eB7SNb_BeG8-A-MCLLFgTwSpOsg@mail.gmail.com> <BYAPR05MB54632F09C712ADB30138CFA9AEBE0@BYAPR05MB5463.namprd05.prod.outlook.com> <BYAPR19MB3415D21403394F8129A4BAD8FCB90@BYAPR19MB3415.namprd19.prod.outlook.com> <30491F13-C652-45C3-AB2B-95F765FBB4EA@juniper.net> <65C5CB04-3A2F-4F83-A7C8-2045154F93AE@cisco.com> <BYAPR05MB5463EC3250F2A303A3641839AEBA0@BYAPR05MB5463.namprd05.prod.outlook.com> <91CBADAD-EFE6-46E1-A9D3-DAA111357179@juniper.net> <CAOj+MMGyUFRPDqCBo5SbLX486o_9GLpM6Zxf8KSt1voWiqhkGQ@mail.gmail.com> <E8D473B5-3E8D-4339-9A79-0CAE30750A55@juniper.net> <CAOj+MMFOy5PyTo=jPJkVrQOctdWjsTbD=7ix-2n89vodKzT3gQ@mail.gmail.com> <2F604D74-51CF-4F2F-AEA9-1CBDEEA9B9F7@gmail.com> <F09C2D09-D769-4817-AF73-97D6ED1BC4BF@lapishills.com> <201909120857387140042@chinatelecom.cn> <1568259664564.62561@bell.ca> <CAO42Z2wQ_8GEE+=nAMFBj+ape9Vf7fARVoOwGdCiUxdffkyXgw@mail.gmail.com> <BYAPR05MB5463A04B05B4BD6AA294F7F0AEB00@BYAPR05MB5463.namprd05.prod.outlook.com> <6EA6F7C0-BEB2-4749-A6AB-62B1337213B2@cisco.com>
In-Reply-To: <6EA6F7C0-BEB2-4749-A6AB-62B1337213B2@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=True; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Owner=rbonica@juniper.net; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2019-09-17T01:59:12.1392774Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=Juniper Business Use Only; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Application=Microsoft Azure Information Protection; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=3dca3a38-fef0-4171-8438-7d7fdc0809a7; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Extended_MSFT_Method=Automatic
dlp-product: dlpe-windows
dlp-version: 11.2.0.14
dlp-reaction: no-action
x-originating-ip: [66.129.241.10]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 00bb3b97-5531-44cd-76dc-08d73b12a42c
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:BYAPR05MB6120;
x-ms-traffictypediagnostic: BYAPR05MB6120:
x-ms-exchange-purlcount: 2
x-ld-processed: bea78b3c-4cdb-4130-854a-1d193232e5f4,ExtAddr
x-microsoft-antispam-prvs: <BYAPR05MB61204270FC35A5F5D2E59E96AE8F0@BYAPR05MB6120.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 01630974C0
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(346002)(136003)(39860400002)(376002)(396003)(366004)(51444003)(199004)(189003)(66446008)(25786009)(4326008)(71190400001)(71200400001)(486006)(790700001)(6116002)(14454004)(6246003)(3846002)(86362001)(5660300002)(229853002)(11346002)(74316002)(8936002)(7696005)(446003)(102836004)(7736002)(316002)(476003)(26005)(99286004)(53546011)(33656002)(6506007)(76176011)(54906003)(186003)(81156014)(55016002)(81166006)(6436002)(478600001)(76116006)(66946007)(66066001)(9686003)(9326002)(6306002)(54896002)(236005)(2906002)(64756008)(52536014)(256004)(66476007)(66556008)(6916009); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR05MB6120; H:BYAPR05MB5463.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: KLSikzQKZ9zicLdadLun00EjEXb2zhWms5U/shC6WAdW/Fwr1z4V6nsi+ALg3uXJS56P4KogNhzhGF6nLTLbNrINelsxnoxY0FVlKu/f1PxSm3jPOv4FExYbOovbsw5sucpp/gA0JpzhcQcHm5A+Ji+UWCey//JHS7AKcOVPJHbsrsnumoR8krCzLzk0BNl7MYoSWX4Po8CU8QradlRCFKsLrj0SOStlhkz7Oc5LNjN88jDjg+sffaQlwYmEMuQbba4WpLpI8gtU3ULH9+Qz93/QvMiZ403RrVJFaaR1fuN2sHeXVgu0yBTyJbyeMEMhfzWVkx63pacUR41kkpl46DxvHPZLPKeCovI/KzF892aFjZ3NRGQY3Ep+4swAqA+IVrhaXXP9KMNwIuWZwgewe6nelK+vkcTHwwRgqkBvMGo=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BYAPR05MB5463426F1668202EE5F183EFAE8F0BYAPR05MB5463namp_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 00bb3b97-5531-44cd-76dc-08d73b12a42c
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Sep 2019 01:59:14.3811 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Rk81Q9LfJrwfa4pVTarum5LLYvLgmJPUj6z0Qg46jVe6ZjuZetP21KH99Yl+3ZQjFMcstOzsUJFzlrHPIoHzaQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR05MB6120
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.70,1.0.8 definitions=2019-09-16_09:2019-09-11,2019-09-16 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 mlxscore=0 mlxlogscore=999 spamscore=0 clxscore=1015 bulkscore=0 adultscore=0 priorityscore=1501 impostorscore=0 suspectscore=1 lowpriorityscore=0 malwarescore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1908290000 definitions=main-1909170021
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/aLhIQ2btTfNkJ4ghruuXbm3zY30>
Subject: Re: [spring] =?windows-1252?q?=93SRV6+=94_complexity_in_forwarding?=
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Sep 2019 01:59:33 -0000

Hi Darren,

I think that your argument can be summarized as follows:


  *   SRv6 requires only two FIB searches
  *   SRv6+ requires 4 or more FIB searches
  *   Therefore, SRv6+ cannot possibly forward at line speed

Have I summarized your argument correctly? If not, please set me straight. If so, please read on.

First, SRv6+ never requires more than 4 FIB searches. The DOH that precedes the CRH contains, at most, one PSSI. Therefore SRv6+ requires four FIB searches, at most.

Second, SRv6+ only requires 4 FIB searches the following case:


  *   The packet contains two instances of the DOH. (Most use-cases require only one.)
  *   The processing node is configured to process the PSSI. (Many ASIC-based devices, because of their role in the network, won’t support any per segment service instructions. This nodes will be configured to ignore the PSSI. That is why it is optional.)

So, in most use-cases, SRv6+ requires only 3 FIB searches.

So, you might now argue that:


  *   SRv6 requires only two FIB searches
  *   SRv6+ requires three and sometimes four FIB searches
  *   Therefore, SRv6+ cannot possibly forward at line speed

Here, some slightly deeper thought might be required. A platform has two relevant resources:


  *   A route lookup ASIC, that can process some number of packets per second
  *   Some number of interfaces, that can forward some number of bits per second

So long as the ASIC can process enough packets per second to saturate the line cards, we are forwarding at full line rate. So long as a platform has a sufficiently capable ASIC, it will be able to forward at line speed. But it’s a matter of how the platform is designed. If the ASIC is not sufficiently capable, of course, it will not forward at line speed.

In your email, you say that I have been asked several times to report on the state of Juniper’s SRv6+ implementation. While I cannot provide details, you can assume that we wouldn’t be working on this if we thought that performance was going to be sub-optimal.

You also suggest that Juniper’s is the only implementation. Are you sure that this is correct?

                                                                                                                     Ron






Juniper Business Use Only
From: Darren Dukes (ddukes) <ddukes@cisco.com>
Sent: Monday, September 16, 2019 4:38 PM
To: Ron Bonica <rbonica@juniper.net>
Cc: Mark Smith <markzzzsmith@gmail.com>; EXT - daniel.bernier@bell.ca <daniel.bernier@bell.ca>; xiechf@chinatelecom.cn; SPRING WG <spring@ietf.org>; 6man <6man@ietf.org>; Robert Raszuk <robert@raszuk.net>; Rob Shakir <robjs@google.com>; Tarek Saad <tsaad.net@gmail.com>
Subject: “SRV6+” complexity in forwarding

Hi Ron, I agree ASICs are always improving, indeed this is evident in the number of successful SRv6 deployments and multiple vendor implementations at line rate on merchant silicon, and multiple vendor ASICs.

Is “SRv6+” (PSSI+CRH+PPSI) implemented and deployed at line rate?
You’ve been asked this several times.  Since you’re the only implementor(?) and one operator is claiming deployment or testing, I am curious.

Regardless of ASIC capabilities there are two performance penalties you will not escape with PSSI+CRH+PPSI: TLV parsing and multiple lookups.

Requiring all segments in a CRH segment list to process an arbitrary length DOH+set of PSSI’s and other options is always very expensive.
- It is expensive in SRAM as previously discussed in these threads.
- It is expensive in parsing logic to know and process a set of TLVs in any ASIC or NP.

Spreading PSSI, CRH, PPSI operations in multiple headers and multiple identifiers you now have multiple lookups at a node.
1 - lookup destination address
2 - lookup one or more PSSI and future destination options.
3 - lookup the CRH label or PPSI label.
4 - lookup new destination address

Compare this with SRv6.
1 - lookup destination address
2 - lookup new destination address

While ASICs are more capable and will continue to be more capable, these technical performance problems you introduce with PSSI+CRH+PPSI will not go away.

Darren

On Sep 12, 2019, at 12:34 PM, Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org<mailto:rbonica=40juniper.net@dmarc.ietf.org>> wrote: