Re: [spring] WG Last Call draft-ietf-spring-nsh-sr

bruno.decraene@orange.com Tue, 08 June 2021 16:18 UTC

Return-Path: <bruno.decraene@orange.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D5DB3A3576; Tue, 8 Jun 2021 09:18:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.995
X-Spam-Level:
X-Spam-Status: No, score=-1.995 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F9IK2t2acGN5; Tue, 8 Jun 2021 09:18:50 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98EAC3A3573; Tue, 8 Jun 2021 09:18:49 -0700 (PDT)
Received: from opfedar03.francetelecom.fr (unknown [xx.xx.xx.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by opfedar25.francetelecom.fr (ESMTP service) with ESMTPS id 4FzwQv1n2tz8tc1; Tue, 8 Jun 2021 18:18:47 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1623169127; bh=6xTwaKgwjabFDISLspPa+eb+8lGOsK3Qkh/jyMNvgyo=; h=From:To:Subject:Date:Message-ID:Content-Type:MIME-Version; b=vPNFsQ+lEYwWwcwcJV31v/1Y409bJJd5VEIGLmnEM3pGGNCfdwys4/DXtmbg7+Kqn eElr0qnRRQNGPWJ4e8+NQCTC9bkeWx4YWXjphS0nPxrtRIpfVjxClRpaSOhFRrBtqc 81OiEPp9AckXskhxvnAAJSP/FqNgSqYcIU0oCtHYl8UguNC0g3M5XZ1A77J+0g0IH7 /RPZ2Gh+6gBtxp6ue1oU63ZHvcS4v1xos3hSeIShblfwxZCo+WUmOOx/D6uHgs+ZKt mHD897sWVeW+ce30/MeGpqdXy+cqKOqdqY7uNTuZB8RHcJnJL77fgVDASDC27rGbDF Ff8t57UwE0M+A==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by opfedar03.francetelecom.fr (ESMTP service) with ESMTPS id 4FzwQv0CWbzCqkT; Tue, 8 Jun 2021 18:18:47 +0200 (CEST)
From: <bruno.decraene@orange.com>
To: James Guichard <james.n.guichard@futurewei.com>, "spring@ietf.org" <spring@ietf.org>
CC: "draft-ietf-spring-nsh-sr@ietf.org" <draft-ietf-spring-nsh-sr@ietf.org>
Thread-Topic: WG Last Call draft-ietf-spring-nsh-sr
Thread-Index: Adb/EbzdQyDXcLfTRQ6v+vtwpmiyOgAABBewEhO1tZAFRL5gMA==
Date: Tue, 8 Jun 2021 16:18:46 +0000
Message-ID: <28823_1623169127_60BF9867_28823_29_1_53C29892C857584299CBF5D05346208A4CDC8DB3@OPEXCAUBM43.corporate.adroot.infra.ftgroup>
References: <25012_1612895472_6022D4F0_25012_72_1_53C29892C857584299CBF5D05346208A490C4A3A@OPEXCAUBM43.corporate.adroot.infra.ftgroup> <3058_1612896034_6022D722_3058_18_1_53C29892C857584299CBF5D05346208A490C4AE4@OPEXCAUBM43.corporate.adroot.infra.ftgroup> <MN2PR13MB420694920BB2C388FF833387D22C9@MN2PR13MB4206.namprd13.prod.outlook.com>
In-Reply-To: <MN2PR13MB420694920BB2C388FF833387D22C9@MN2PR13MB4206.namprd13.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: multipart/alternative; boundary="_000_53C29892C857584299CBF5D05346208A4CDC8DB3OPEXCAUBM43corp_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/v-mixSGl9Ig69PrPuUnTRlHCzkc>
Subject: Re: [spring] WG Last Call draft-ietf-spring-nsh-sr
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jun 2021 16:18:55 -0000

Hi Jim,

Thanks for your reply.
Please see inline [Bruno]

From: spring [mailto:spring-bounces@ietf.org] On Behalf Of James Guichard
Sent: Tuesday, May 18, 2021 5:13 PM
To: DECRAENE Bruno TGI/OLN <bruno.decraene@orange.com>om>; spring@ietf.org
Cc: draft-ietf-spring-nsh-sr@ietf.org
Subject: Re: [spring] WG Last Call draft-ietf-spring-nsh-sr

Hi Bruno,

Following up on this. Please see inline.

From: bruno.decraene@orange.com<mailto:bruno.decraene@orange.com> <bruno.decraene@orange.com<mailto:bruno.decraene@orange.com>>
Sent: Tuesday, February 9, 2021 1:41 PM
To: spring@ietf.org<mailto:spring@ietf.org>
Cc: draft-ietf-spring-nsh-sr@ietf.org<mailto:draft-ietf-spring-nsh-sr@ietf.org>
Subject: RE: WG Last Call draft-ietf-spring-nsh-sr

Hi authors, WG,

Speaking as the shepherd.

Thanks for the -04 which answer my previous set of comments.

I've reviewed the document again, focusing on the new text. Please find below some additional comments.

===
SR-MPLS  §6.1

" At the end of the SR-MPLS path it is necessary to provide an
   indication to the tail-end that NSH follows the SR-MPLS label stack
   as described by [RFC8596]."

My understanding is that RFC8596 performs the above goal by adding an SFF label at the bottom of the stack. In which case it would not be mandatory to disable Penultimate Hop Popping on the prefix SID as draft-ietf-spring-nsh-sr-04 is mandating.

I"m seeing two options that you could either choose from or describe both:
- a prefix SID dedicated to NSH. In which case PHP needs to be disabled and there is no need for the SFF label specified in RFC8596 (alternatively, this prefix SID is _the_ SFF label defined in RFC8596, although 8596 refers to a local label(segment) while usually a prefix SID is a global segment)
- use a multi-purpose prefix SID. In which case, indeed " At the end of the SR-MPLS path it is necessary to provide an  indication to the tail-end that NSH follows the SR-MPLS label stack  as described by [RFC8596].

Jim> I believe this is clarified in -v05. The new text says:

   As described in [RFC8402], the IGP signaling extension for IGP-Prefix
   segment includes a flag to indicate whether directly connected
   neighbors of the node on which the prefix is attached should perform
   the NEXT operation or the CONTINUE operation when processing the SID.
   When NSH is carried beneath SR-MPLS it is necessary to terminate the
   NSH-based SFC at the tail-end node of the SR-MPLS label stack.  This
   is the equivalent of MPLS Ultimate Hop Popping (UHP) and therefore
   the prefix-SID associated with the tail-end of the SFC MUST be
   advertised with the CONTINUE operation so that the penultimate hop
   node does not pop the top label of the SR-MPLS label stack and
   thereby expose NSH to the wrong SFF.  This is realized by setting No-
   PHP flag in Prefix-SID Sub-TLV [RFC8667], [RFC8665].  It is
   RECOMMENDED that a specific prefix-SID be allocated at each node for
   use by the SFC application for this purpose.

   Alternatively, if NEXT operation is performed, then at the end of the
   SR-MPLS path it is necessary to provide an indication to the tail-end
   that NSH follows the SR-MPLS label stack as described by [RFC8596].

So there are two options as you indicate above. 1) use the prefix segment as the indicator as described by the 1st paragraph in the new text, or 2) use an SFF label as described by the second paragraph.

[Bruno] There are two options but the text currently says that the first option MUST be used ("the prefix-SID associated with the tail-end of the SFC MUST be advertised with the CONTINUE operation") which seems to nullifies the second paragraph ("Alternatively, ").
So may be some rephrasing may be needed to indeed allow both options.



Also
"   At the end of the SR-MPLS path it is necessary to provide an
   indication to the tail-end that NSH follows the SR-MPLS label stack
   as described by [RFC8596]."

In the scheme "SR-based SFC", "the end of the SR-MPLS" is only the last SF (not all other SF on the SF chain).
So how does others SFC have an indication that the NSH follows the SR-MPLS label stack?
Alternatively something along :s/ end of the SR-MPLS path/for all the SF along the SR-MPLS path

Jim> as far as I can tell "other SFC" do not need an indication as the prefix SID has End.NSH action so they will remove and cache the SR stack and forward the NSH packet to the SF associated with the prefix SID.

[Bruno] OK for SRv6.

For SR-MPLS, how does this work? Draft says "In the case of SR-MPLS this will be a prefix SID [RFC8402<https://datatracker.ietf.org/doc/html/rfc8402>]"

 - Can it use the "regular" prefix SID? (draft only says that It is RECOMMENDED that a specific prefix-SID be allocated at each node for use by the SFC application for this purpose.)

 - If not, does it needs a specific & dedicated IP address? (RFC8402 seem to mandate that a Prefix Segment be an IGP prefix segment and that a single prefix-SID be advertised per tuple <prefix, topology, algorithm>

 - How does the ingress know that this Prefix SID is to be used for SR-based SFC? And only to be used for SR-based SFC?


===
This document defines two schemes: NSH-based SFC and SR-based SFC.

§5 is called "Packet Processing Details" but seems to only cover SRv6 and  the "SR-based SFC" scheme.

Jim> I will change the title to reflect these details are only applicable to SR-based SFC (see below).
[Bruno] OK


If so,
- it would be good if the title/section hierarchy could reflect this.

Jim> done (see below).
[Bruno] I'm assuming that this is 'done' in your local repo as I'm not seeing the change https://datatracker.ietf.org/doc/html/draft-ietf-spring-nsh-sr#section-5


- what about the behavior for SR-MPLS with the "SR-based SFC" scheme (a priori with SR-MPLS you equally need a cache in order to re-push the SR-MPLS header)

Jim> for SR-MPLS the label semantics indicates the same processing logic. I added some text and broke up the SR-based SFC packet processing section to make this clearer.
[Bruno] Ack but again, I'm not seeing the text so I don't know how much this cover my point. Could you publish your local version?

====
§4
For "SR-based SFC", my understanding is that the Service Chain (ordered list of SF) is specified in the list of segments.
Please forgive my lack of NSH knowledge, but it seems to me that the NSH SPI look up may return multiple next-hop within a service path for a given SF (e.g. for load balancing). (cf table 4 of RFC 8600).

Jim> yes that is true.

Here, if the NSH SPI change the SFC next-hop, the SR header on the packet will be completely wrong (well most probably the list of segment will override the choice from the NSH SPI look up). Is this a correct understanding?

Jim> no. The SR header is removed before the packet is forwarded to the SF so the SF next-hop is not relevant at the SFF when packets return as a lookup on the SPI will be performed (note: SPI does not change regardless of SF next-hop).
[Bruno] My original question was related to reclassification and branching but Greg raised the same question and you replied to him. So this close my question.

If so is this a bug or a feature? Either way, may be some text would need to be added. e.g. to warn that such SFC feature is not available anymore.

=====
Nits:
- I'm not a fan of the use of the term "details" which to me are "specifications". (e.g. "5. Packet Processing Details", "6. Encapsulation Details", "encapsulation details")

Jim> I can change "Encapsulation Details" to simply "Encapsulation", and "Packet Processing Details" to "Packet Processing for SR-based SFC". Would that satisfy your comment?
[Bruno] Yes, thank you.
--Bruno

- ID Nits still reports one error (**) on the new text (in the abstract).
https://tools.ietf.org/idnits?url=https://tools.ietf.org/id/draft-ietf-spring-nsh-sr-04.txt

Thanks,
Regards,
--Bruno

From: spring [mailto:spring-bounces@ietf.org] On Behalf Of bruno.decraene@orange.com<mailto:bruno.decraene@orange.com>
Sent: Tuesday, February 9, 2021 7:31 PM
To: spring@ietf.org<mailto:spring@ietf.org>
Cc: draft-ietf-spring-nsh-sr@ietf.org<mailto:draft-ietf-spring-nsh-sr@ietf.org>
Subject: [spring] WG Last Call draft-ietf-spring-nsh-sr

Dear WG,

This message starts a 2 weeks WG last call for draft-ietf-spring-nsh-sr [1].

After review of the document please indicate whether you believe this document should be progressed to the IESG.

In addition to yes/no, please consider providing a technical review of this document; in particular if you care for this document.
Indeed, since WG adoption, this document had benefited from little reviews from the WG, so we need more review from the SPRING WG.

If you are aware of an implementation of this document, please report the implementation either on the list or to the chairs so that the shepherd can report implementations in the writeup.

Note that I'll forward that call to the SFC WG.

Thanks!

[1] https://tools.ietf.org/html/draft-ietf-spring-nsh-sr<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-spring-nsh-sr&data=04%7C01%7Cjames.n.guichard%40futurewei.com%7C8c3e33b9b6bf412042ac08d8cd2a370e%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C0%7C637484928488404203%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=%2FlIPoy63MyqXq2zbGEdJFAsPVXRTIVU1aCXTesNho3I%3D&reserved=0>

--Bruno


_________________________________________________________________________________________________________________________



Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.



This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.

_________________________________________________________________________________________________________________________



Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.



This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.