IETF Logo Mail Archive

Re: [spring] WGLC for draft-ietf-spring-segment-routing-policy

Gyan Mishra <hayabusagsm@gmail.com> Fri, 30 April 2021 07:07 UTC

Return-Path: <hayabusagsm@gmail.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10F8C3A179A; Fri, 30 Apr 2021 00:07:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.086
X-Spam-Level:
X-Spam-Status: No, score=-2.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bg06_TZxEsb6; Fri, 30 Apr 2021 00:06:59 -0700 (PDT)
Received: from mail-pj1-x1032.google.com (mail-pj1-x1032.google.com [IPv6:2607:f8b0:4864:20::1032]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7774F3A1793; Fri, 30 Apr 2021 00:06:59 -0700 (PDT)
Received: by mail-pj1-x1032.google.com with SMTP id lp8so5905441pjb.1; Fri, 30 Apr 2021 00:06:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=aJxHodq9h/g3xP2LX6MG63ZTrN/R8DKgpcz6K4TsGJA=; b=epx3U31IKmIModO2CFVRv1C3HCNDphQQnfQ1x4hNG8fbtrZkKq8gTRjUi66HFme66e aCak1sbOKkQOos9OZk+G37vrpD15UAYtWqzNaaq90EwfTSK9jpWkMLiwOme1W217wbf3 MOxkaE71MJMcu/a9PRA7moFJwXKvZEkf0DSrO9z2Ooe+j3KSUHPhp5Fe67hZklH777Ay TIFwrpd9UDoftpvPUMh6DlZ+cUoQtR7kCNPSj1YHNHcjDDU3/8EZySjBb6ZAnVJBz6z+ NV4++VrcNF+UKaQ2UAgJtDUxWzfRKISOHqboNtGGaE8U5XAr4Z/bWeh1WBkMFjGmPEaE JjgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=aJxHodq9h/g3xP2LX6MG63ZTrN/R8DKgpcz6K4TsGJA=; b=c9ePyEjOSXGMzU0+5UN0BK9gjORlJTNkmnhhusdQ+NS8YI/yxknaztdWN12HEhZ1EB mBo1AU4EtXXmQx0aXIXWV9jDS4L6HSFrnhM3+C3uCjiKUabYKAp/SkVSKlfv1lwnzMq6 Yqwht4MEY67a/KlnJYeP/xrLSK2oYtTwxPNOrwq2EMMzd1+YrTnCvMKKwocQup+zptHV IP0pNGbeLXKT0XhMX+0P+C79jFmCDJgCeAFfxqYsMvvv3RAfQzkztO010ZINEezM6RLg 4EvnqztLS5y8SVteZiR8zwd+wFW7fHPnQJB0UCC7I8t3IjZveuQNd3nJ7vJX2k8SdOkA jEzQ==
X-Gm-Message-State: AOAM5328GWXG0qat0USYm+D82jTOLKAOiMrATS4zVq3Vjhrd4aTkAK8L xhPi+7FToteA9tZSy5PHjKJ1tKUXyc+aHBz6ddb+UDTms/M=
X-Google-Smtp-Source: ABdhPJwLzcRyV4ApJ5D+hAM5jsIIL9z+fUoAfOX7BBiRbTYqkPjH+dOirnYIJgGbH01WheGQlSxBadd3AdYTUe2FuT0=
X-Received: by 2002:a17:90b:88c:: with SMTP id bj12mr3866433pjb.112.1619766417656; Fri, 30 Apr 2021 00:06:57 -0700 (PDT)
MIME-Version: 1.0
References: <MN2PR13MB4206EF1F6E9B1C01BDDCDD76D24D9@MN2PR13MB4206.namprd13.prod.outlook.com> <CAB75xn6mV0b6AT_6DQEGNBvhMw1bLm7Hr-X71+afe+zPMBxaPg@mail.gmail.com> <MW3PR11MB4570B64CAD44377A56D5C0EDC15F9@MW3PR11MB4570.namprd11.prod.outlook.com> <CAB75xn6rcP7QbCZEgANgT15956M5GW0RkGN7FcT+-DTQnAPs0w@mail.gmail.com> <MW3PR11MB457062613B7F61B6D977BB39C15F9@MW3PR11MB4570.namprd11.prod.outlook.com> <CAB75xn5-4p5rbgSOEmNcu9=e3wAwb+7ENxxzAN=iBVik4GkORA@mail.gmail.com>
In-Reply-To: <CAB75xn5-4p5rbgSOEmNcu9=e3wAwb+7ENxxzAN=iBVik4GkORA@mail.gmail.com>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Fri, 30 Apr 2021 03:06:46 -0400
Message-ID: <CABNhwV0Ppv+9pzVW+=enqNj6HbChE53K0ePYpuTVQMUNTwEpdw@mail.gmail.com>
To: Dhruv Dhody <dhruv.ietf@gmail.com>
Cc: James Guichard <james.n.guichard@futurewei.com>, "Ketan Talaulikar (ketant)" <ketant@cisco.com>, "spring-chairs@ietf.org" <spring-chairs@ietf.org>, "spring@ietf.org" <spring@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f18f8e05c12b41d9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/dUfrqiYOOwVqp4vgiwKDFVqVvFI>
Subject: Re: [spring] WGLC for draft-ietf-spring-segment-routing-policy
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Apr 2021 07:07:08 -0000

Dear WG Authors

This draft is very well written and I support publication.

Few minor comments

Abstract and Introduction

I would reword “ Intermediate per-flow states are eliminated thanks to
source routing.”

I would reword saying the header of a packet is steered into an SR policy
as it’s the entire packet including overlay payload and not just the
header.  Also saying that intermediate per flow state is eliminated is not
accurate even though RFC 8402 does state so it’s not accurate.  So the
concept of “per flow” implies per packet used in EVPN MHD/MHN or with IPv6
flow label stateless uniform load balancing.  Flow based implies flow based
load balancing of the entire flow which is subject to polarization uneven
load balancing. In MPLS framework which SR-MPLS reused the MPLS data plane
even with entropy label the ECMP control and data plane extra per path
label state is eliminated but the flows are still flow based load balanced
and not per packet as is implied with “per flow” statement.  In the MPLS
framework all interesting packets flow along LSP path to egress PE FEC
destination for all VPNs unless per VPN to TE next hop rewrite feature is
utilized and then each VPN can map to a different RSVP tunnel.  Long story
short - reasons above as to the rewrite of Abstract as well as Introduction
sentence where “per flow” is mentioned.

What is eliminated with SR is LDP and RSVP TE control plane signaling state
not flow state.  In both SR and MPLS the flow state exist but now with SR
the per flow steering has much more granularity.  This does bring up
another very critical point.  I can understand SRv6 as it used the IPv6
data plane and with RFC 6437 flow label you get per flow per packet uniform
distribution load balancing however with SR-MPLSv4 you would still be
subject to flow based load balancing hash meaning all packets that are part
of the same flow would be steered along the same ECMP prefix sid path
instantiated as oppose to SRv6 which can take advantage of flow label
uniform load balancing.  At the bottom of the draft where you get into
coloring of flows per destination coloring would work but section 8.6 per
flow steering would not work as you are still subject to IPv4 flow based
load balancing polarization of packets.  On the other hand if SR-MPLSv6 was
used that would be MPLS over v6 core and you now have flow label providing
entropy for load balancing now the per flow load balancing per flow
coloring would now work.

In the draft you mentioned that all of the draft uses MPLS data plane for
the examples but given the issue I am bringing up I think maybe at least
mention SRv6 if you don’t want to mention SR-MPLSv6 which would be not as
common. As their can be more nuances between MPLS data plane and IPv6 data
plane I think having both examples and taking into account both throughout
the draft for consistency and also to ensure nothing technical get
overlooked in the specification.

NEW Abstract

   Segment Routing (SR) allows a headend node to steer a packet flow
   along any path.  Intermediate node control plane signaling is eliminated
   by source routing.  The headend node can now steer any discrete flow into an

   instantiated SR Policy path.

   The per flow packets are now steered into an SR Policy made up of an
   ordered list of transport topological segments .  This
   document details the forwarding plane concepts of SR Policy and per
flow steering into an SR
   Policy explicit path.


Section 2 minor typo

An instruction is a segment so I think you meant binding of the topological
SID instructions advertised in the IGP extension is what is bound to the
prefix FEC binding in the case of MPLS
data plane and SRv6 a binding.

OLD

   The Segment Routing architecture.

[RFC8402 <https://tools.ietf.org/html/rfc8402>] specifies that any
   instruction can be bound to a segment.  Thus, an SR Policy can be
   built using any type of Segment Identifier (SID) including those
   associated with topological or service instructions.


NEW


The Segment Routing architecture [RFC8402
<https://tools.ietf.org/html/rfc8402>] specifies that any
   Prefix can be bound to a segment.  Thus, an SR Policy can be
   built using any type of Segment Identifier (SID) including those
   associated with topological or service instructions.


Kind Regards

Gyan

On Fri, Apr 30, 2021 at 2:13 AM Dhruv Dhody <dhruv.ietf@gmail.com> wrote:

> Hi Ketan
>
> Thanks for handling the comments. Just a final comment on the
> security/manageability considerations that explains my reasoning. I would
> let you/shepherd take a call!
>
> This draft describes the SR Policy with a common informational model which
> has proven to be quite useful. I would like to see this approach extended
> to also capture the security and manageability aspects in a
> protocol-agnostic way. The configuration of SR policy, the verification
> rules, SR-DB handling, various policies that control active path selection,
> are all common and should be listed in this I-D. You could also give clear
> requirements for the protocols to build on. There have been cases where the
> protocols have differed leading to issues. Having a section in this I-D
> that lays out clearly for protocols would be useful. As the work is
> distributed across WG, IMHO having a SPRING WG consensus on such a text
> would be nice.
>
> Just my 2 paisa :)
> Stay Safe!
>
> Thanks!
> Dhruv
>
>
> On Thu, Apr 29, 2021 at 7:40 PM Ketan Talaulikar (ketant) <
> ketant@cisco.com> wrote:
>
>> Hi Dhruv,
>>
>>
>>
>> Please check inline below.
>>
>>
>>
>> *From:* Dhruv Dhody <dhruv.ietf@gmail.com>
>> *Sent:* 29 April 2021 15:46
>> *To:* Ketan Talaulikar (ketant) <ketant@cisco.com>
>> *Cc:* James Guichard <james.n.guichard@futurewei.com>; spring@ietf.org;
>> spring-chairs@ietf.org
>> *Subject:* Re: [spring] WGLC for draft-ietf-spring-segment-routing-policy
>>
>>
>>
>> Hi Ketan,
>>
>>
>>
>> Thanks for the discussion. Sniping to -
>>
>>
>>
>>
>>
>> If a node is identified by multiple addresses, from the point of view of
>> the SR policy they would be considered as different nodes, correct?
>>
>> *[KT] This relates to the computation of SR Policy which is outside the
>> scope of this document. There was some text around computation aspects in
>> an earlier version of the draft that has been moved into
>> draft-filsfils-spring-sr-policy-considerations around the WG adoption time.
>> To answer your question, the endpoint address can be mapped to a node which
>> becomes the tail-end and then path is computed to that node. In that case,
>> multiple addresses may all map to a single node. This would be an
>> implementation aspect.*
>>
>>
>>
>> [Dhruv]: I was thinking from the SR policy identification point of view,
>> i.e. <H1-IP1, color, endpoint> and <H1-IP2, color, endpoint> will be
>> considered as different SR policies even though H1-IP1 and H1-IP2 belong to
>> the same headend H1.
>>
>> *[KT] Yes, they would be different SR Policies.*
>>
>>
>>
>>
>> - Section 2.3, What are the 8-bit values for the Protocol-Origin, is
>> there an existing registry that is used here? Is it -
>> https://datatracker.ietf.org/doc/html/draft-ietf-idr-te-lsp-distribution-14#section-9.4
>> , should it be listed in this document perhaps?
>>
>> *[KT] These are not code points but suggested default values for the
>> Priority assigned to each protocol. An implementation may use a completely
>> different scheme and/or make theme configurable. I see that
>> https://datatracker.ietf.org/doc/html/draft-ietf-pce-segment-routing-policy-cp-04#section-5.2.2
>> <https://datatracker.ietf.org/doc/html/draft-ietf-pce-segment-routing-policy-cp-04#section-5.2.2>
>> does not clearly indicate this and perhaps the authors should clarify that
>> the Protocol Origin in that PCEP TLV is used to tweak/signal the Priority
>> value to be used for that particular CP in the tiebreaker.*
>>
>>
>>
>>
>> [Dhruv]: I am referring to this text -
>>
>>    Protocol-Origin of a candidate path is an 8-bit value which
>>    identifies the component or protocol that originates or signals the
>>    candidate path.
>>
>> Which says that an "8-bit value" identifies the protocol as PCEP, BGP,
>> etc. What you are describing is the priority associated with the protocol.
>> I feel the term "Protocol-Origin" and "Protocol-Origin Priority" is used
>> interchangeably, leading to this misunderstanding.
>>
>> To confirm, in the example - Candidate-path CP1 <protocol-origin = 20,
>> originator = 100:1.1.1.1, discriminator = 1>. The value 20 identify BGP or
>> the Priority value associated with BGP? I am assuming it is the
>> priority!
>>
>> In which case some cleanup of text is needed to make things clear.
>>
>> *[KT] I see your point. The use of “priority” and that too inconsistently
>> might be the cause for the confusion. Will clean-up the text around this.*
>>
>>
>>
>>
>> - Section 10, It might be a good idea to acknowledge security
>> considerations from the SR policy architecture point of view: how various
>> SR policy parameters and attributes could be exploited to make a headend to
>> forward the traffic incorrectly. It is better to add details that clearly
>> show that the authors/WG have given it a thought and analyzed the
>> implications.
>>
>> *[KT] As a reminder the SR Policy has been introduced in RFC8402 which
>> covers these aspects of incorrect routing and other challenges associated
>> with source routing. This document is only providing the details of the
>> implementation construct/framework for the SR Policy.*
>>
>>
>>
>>
>>
>> [Dhruv]: In my reading, RFC 8402 security considerations are focused on
>> the data plane and not much on the interaction between the controller and
>> SR nodes where the SR policy architecture comes in.
>>
>> *[KT] This document does not cover the actual protocols used for
>> interactions between controller and routers – that is covered via PCEP and
>> BGP documents.*
>>
>>
>>
>>
>>
>> - Section 11, What is the range of the value for Segment Types? A-Z only?
>> It would be good to be clear about this. With A-K already allocated, worth
>> thinking if this is too restrictive and not future-proof. Perhaps we could
>> think of the value as a string that is currently populated with a single
>> alphabetic character.
>>
>> *[KT] String can become freeform. How about A-Z, then AA-AZ … ZA-ZZ –
>> that should be a large enough space?*
>>
>>
>>
>> [Dhruv]: That works. Maybe you could add this to the table to clearly
>> indicate the range:
>> L-Z: Unassigned
>> AA-ZZ: Unassigned
>>
>> *[KT] I’ll try to describe this in the text since the AA-ZZ might not be
>> very clear.*
>>
>>
>>
>> Related question: is there a value in putting aside a few of these for
>> Experimental Use?
>>
>> *[KT] I don’t think so because these are not signaled in any protocol.*
>>
>>
>>
>>
>> - Since the I-D talks about policy configuration, explicit candidate
>> paths, verification, SR-DB, etc. I don't want to add work for the authors
>> but I do feel in this case a dedicated manageability consideration section
>> would be useful :)
>>
>> *[KT] Good catch. I will add it. It is not much work really since we need
>> to point to RFC8402 which introduced the SR Policy and an informative
>> reference to draft-ietf-spring-sr-policy-yang that the WG is already
>> working on.*
>>
>>
>>
>>
>>
>> [Dhruv]: That helps, but also think in lines of documenting some key
>> considerations as per
>> https://datatracker.ietf.org/doc/html/rfc5706#section-2
>>
>> *[KT] This is not really a new protocol per-se and I am not sure if this
>> is necessary. However, if there are any text proposals, we can discuss
>> within the WG.*
>>
>>
>>
>> *Thanks,*
>>
>> *Ketan*
>>
>>
>>
>> Hope the authors and WG find these suggestions useful.
>>
>> *[KT] Yes, definitely.*
>>
>>
>>
>> Thanks!
>>
>> Dhruv
>>
>>
>>
>>
>>
>>
>>
>> *Thanks,*
>>
>> *Ketan*
>>
>> Thanks!
>> Dhruv
>>
>> On Fri, Apr 16, 2021 at 12:27 AM James Guichard <
>> james.n.guichard@futurewei.com> wrote:
>>
>> Dear WG:
>>
>>
>>
>> This email starts a 2 week Working Group Last Call for
>> draft-ietf-spring-segment-routing-policy [1].
>>
>>
>>
>> Please read this document if you haven’t read the most recent version and
>> send your comments to the SPRING WG list no later than April 29th 2021.
>>
>>
>>
>> If you are raising a point which you expect will be specifically debated
>> on the mailing list, consider using a specific email/thread for this point.
>>
>>
>>
>> Lastly, if you are an author or contributors for this document please
>> response to the IPR call in the previous email thread.
>>
>>
>>
>> Thanks!
>>
>>
>>
>> Jim, Joel & Bruno
>>
>>
>>
>> [1] https://datatracker.ietf.org/doc/draft-ietf-spring-segment-routing-policy/
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> spring mailing list
>> spring@ietf.org
>> https://www.ietf.org/mailman/listinfo/spring
>>
>> _______________________________________________
> spring mailing list
> spring@ietf.org
> https://www.ietf.org/mailman/listinfo/spring
>
-- 

<http://www.verizon.com/>

*Gyan Mishra*

*Network Solutions A**rchitect *

*Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>*



*M 301 502-1347*

v2.29.0 | Report a Bug | By Email | System Status