IETF Logo Mail Archive

Re: [spring] “SRV6+” complexity in forwarding

"Darren Dukes (ddukes)" <ddukes@cisco.com> Wed, 18 September 2019 13:41 UTC

Return-Path: <ddukes@cisco.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4922212004E; Wed, 18 Sep 2019 06:41:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Level:
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=NTF2yZdv; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=xA0HTB6J
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ex31D8R4AJ1C; Wed, 18 Sep 2019 06:41:49 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D88E12009E; Wed, 18 Sep 2019 06:41:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=29679; q=dns/txt; s=iport; t=1568814109; x=1570023709; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=kNAOTbi40knFD7zSm7QW+qRm2Go4ZAGygGHeCggRpYo=; b=NTF2yZdvmDgCUAEfy1bHrbN8KeEna1YkTIR0fk2ySLDr6G59uMhZfmkd tXw+ZXwsWgeKStA4cyVqZ4Wl4jNhF8dgY1j64CAbK8FQSmKYf6xGCmOOZ S0KPhsp2z8Tzs30rCgqZJQWwjI1ZFtFd/AJCq4xAfHm3RcHHJFqEVZGKH Q=;
IronPort-PHdr: 9a23:h17cCB8c5GOlaP9uRHGN82YQeigqvan1NQcJ650hzqhDabmn44+/bR7E/fs4iljPUM2b8P9Ch+fM+4HYEW0bqdfk0jgZdYBUERoMiMEYhQslVcKJFE72N9bhbjcxG4JJU1o2t3w=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DdAQDZM4Jd/5tdJa1mGwEBAQEDAQEBBwMBAQGBZ4EWL1ADgUMgBAsqCoQYg0cDineCNyWJZo4NgUKBEANUCQEBAQwBAS0CAQGEPwIXgmwjOBMCAwkBAQQBAQECAQUEbYUtDIVKAQEBAQMSER0BATcBDwIBCA4DBAEBIQcDAgICHxEUBgMIAgQOBR8DgwCBHk0DHQECpTACgTiIYXOBMoJ9AQEFhQkNC4IXCYE0jAkYgUA/gREnDBOCTD6CGkcEgSwBEgFVglUygiaMX0SBfDWFJ4kgjiBBCoIikQOEABuCNodLhCWKeoM9lGiOcwIEAgQFAg4BAQWBaSE3MHFwFTsqAYJBUBAUgU6DcoRZhXpzAYEojQiBIgGBIgEB
X-IronPort-AV: E=Sophos;i="5.64,520,1559520000"; d="scan'208,217";a="545687546"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 18 Sep 2019 13:41:41 +0000
Received: from XCH-ALN-014.cisco.com (xch-aln-014.cisco.com [173.36.7.24]) by rcdn-core-4.cisco.com (8.15.2/8.15.2) with ESMTPS id x8IDff8e013134 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 18 Sep 2019 13:41:41 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-ALN-014.cisco.com (173.36.7.24) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 18 Sep 2019 08:41:41 -0500
Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 18 Sep 2019 08:41:40 -0500
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 18 Sep 2019 08:41:40 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Wib0Zz6lX7qMUQMPa3+YCWYuilGLooVbBIbpT2n4qrX5LgvzXWXzN6nTmc1QLuP2GKPa4YWVoTpjKrdA/EXSqw64fZ7HYr2sTaV9Q/mIdGuc+ca6rBS1pLImGTDstB0qdUeG9i+AAyGEvpRVniHqKjZZBofoUtbZXLEwRDhkVQbZKgxvrXMkKq287LgArBBQVQGUgBIfy6N/h1uWqylWFuMp8bTds63iIPRVV8GyrQhSaRVoQXHIdVDDrFXH4l+cLeyPGK7E1HLO7PZnGBov+s6n9CNKRf1SR2umkO+/HWnXu2BTbXopvZO7M7O5OtxfRoyTYmwGK9Q+JjUFZG9PHA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kNAOTbi40knFD7zSm7QW+qRm2Go4ZAGygGHeCggRpYo=; b=VIx6dO6NYsqfckwMDjF8V8jxabvFA1V1+4fQHm+wZyLWGzKtK3VRy4gbjBVNR/Xfpfad90S1IGuKRvvUgGKJrVc65AiEBSn5ibQggb7W86lkYwZIiqYu3gzUqVhIrnEkYr5GD52KlLqEG5GTUCdQzbiqmeLmRhfWdPCHQ3+DAgywknjSUijwRu5ul9JWBfCjm5HueL4HGmFisiqEQ0ENHP1gM9xdJgdmy7IR1MrS+hC249tkQBZMXSbytPfUnegnq0PUZnnjlgoEBnBcyW9sJCSaKxK0VGpw6DMW5tgEo5CHkNS2Tn8XWf2c36EZcx2MrCn7OtL0QTRauYi5skbqNw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kNAOTbi40knFD7zSm7QW+qRm2Go4ZAGygGHeCggRpYo=; b=xA0HTB6JxKN3f44mDxJKCaJ0LTU6JI7OjiPkHCll+Rqr8nKexEhSNJ0yjY1YTwlqlgb9Kkd0+Ne5m30pZX1+M0cXTsFnlv36W65t30z5k3Ie/BV5OK/RyJc+Nkip4jyTfjsuanq1D1i+rJR3iY6hnvvYneQO1NJFMq3ILWSg5uU=
Received: from BN7PR11MB2594.namprd11.prod.outlook.com (52.135.246.159) by BN7PR11MB2658.namprd11.prod.outlook.com (52.135.255.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.21; Wed, 18 Sep 2019 13:41:39 +0000
Received: from BN7PR11MB2594.namprd11.prod.outlook.com ([fe80::b5f5:4cb9:14c0:618b]) by BN7PR11MB2594.namprd11.prod.outlook.com ([fe80::b5f5:4cb9:14c0:618b%4]) with mapi id 15.20.2263.023; Wed, 18 Sep 2019 13:41:39 +0000
From: "Darren Dukes (ddukes)" <ddukes@cisco.com>
To: Ron Bonica <rbonica@juniper.net>
CC: Mark Smith <markzzzsmith@gmail.com>, "EXT - daniel.bernier@bell.ca" <daniel.bernier@bell.ca>, "xiechf@chinatelecom.cn" <xiechf@chinatelecom.cn>, SPRING WG <spring@ietf.org>, 6man <6man@ietf.org>, Robert Raszuk <robert@raszuk.net>, Rob Shakir <robjs@google.com>, Tarek Saad <tsaad.net@gmail.com>
Thread-Topic: “SRV6+” complexity in forwarding
Thread-Index: AQHVbM6YPDYrgJo6HkCz+V5O1eYQGqcvHWUAgAJWlAA=
Date: Wed, 18 Sep 2019 13:41:39 +0000
Message-ID: <634900D2-FBCE-47CF-8907-C8B9CB3A4102@cisco.com>
References: <CAHd-QWtA21+2Sm616Fnw0D-eB7SNb_BeG8-A-MCLLFgTwSpOsg@mail.gmail.com> <BYAPR05MB54632F09C712ADB30138CFA9AEBE0@BYAPR05MB5463.namprd05.prod.outlook.com> <BYAPR19MB3415D21403394F8129A4BAD8FCB90@BYAPR19MB3415.namprd19.prod.outlook.com> <30491F13-C652-45C3-AB2B-95F765FBB4EA@juniper.net> <65C5CB04-3A2F-4F83-A7C8-2045154F93AE@cisco.com> <BYAPR05MB5463EC3250F2A303A3641839AEBA0@BYAPR05MB5463.namprd05.prod.outlook.com> <91CBADAD-EFE6-46E1-A9D3-DAA111357179@juniper.net> <CAOj+MMGyUFRPDqCBo5SbLX486o_9GLpM6Zxf8KSt1voWiqhkGQ@mail.gmail.com> <E8D473B5-3E8D-4339-9A79-0CAE30750A55@juniper.net> <CAOj+MMFOy5PyTo=jPJkVrQOctdWjsTbD=7ix-2n89vodKzT3gQ@mail.gmail.com> <2F604D74-51CF-4F2F-AEA9-1CBDEEA9B9F7@gmail.com> <F09C2D09-D769-4817-AF73-97D6ED1BC4BF@lapishills.com> <201909120857387140042@chinatelecom.cn> <1568259664564.62561@bell.ca> <CAO42Z2wQ_8GEE+=nAMFBj+ape9Vf7fARVoOwGdCiUxdffkyXgw@mail.gmail.com> <BYAPR05MB5463A04B05B4BD6AA294F7F0AEB00@BYAPR05MB5463.namprd05.prod.outlook.com> <6EA6F7C0-BEB2-4749-A6AB-62B1337213B2@cisco.com> <BYAPR05MB5463426F1668202EE5F183EFAE8F0@BYAPR05MB5463.namprd05.prod.outlook.com>
In-Reply-To: <BYAPR05MB5463426F1668202EE5F183EFAE8F0@BYAPR05MB5463.namprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ddukes@cisco.com;
x-originating-ip: [161.44.212.51]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2b794722-90a3-4fd4-c40c-08d73c3deeef
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:BN7PR11MB2658;
x-ms-traffictypediagnostic: BN7PR11MB2658:
x-microsoft-antispam-prvs: <BN7PR11MB26588F33B15381BB7AAF39FDC88E0@BN7PR11MB2658.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 01644DCF4A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(376002)(346002)(366004)(39860400002)(136003)(51444003)(199004)(189003)(71200400001)(6512007)(26005)(236005)(5660300002)(81156014)(81166006)(66066001)(4326008)(86362001)(2906002)(256004)(478600001)(54896002)(76176011)(33656002)(229853002)(6486002)(25786009)(6436002)(7736002)(8936002)(53546011)(76116006)(6506007)(102836004)(66476007)(66946007)(36756003)(71190400001)(14454004)(99286004)(486006)(476003)(186003)(6116002)(3846002)(66556008)(6916009)(2616005)(6246003)(1941001)(11346002)(446003)(64756008)(316002)(54906003)(66446008); DIR:OUT; SFP:1101; SCL:1; SRVR:BN7PR11MB2658; H:BN7PR11MB2594.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 6V4kJtSJQSnCLtWMq5iR4aYNgi/2QPXAtIJT3UFsX/xrd9lP0pn4R7X/xwnmEVWVIKN8YBwCXnUH5hNfqmI6RckBBmzXKuEfN7pIPaIUpdtWSZLSxMlu+2B4FAS0eBEdBtxmQFwDYeVZ1NCTyCtDCGNcM6dle0iJkjXMEsPVYfF15CqsNJhTPSZ9/g+s3pjdoBryW5hVpoWPylt+h1GTkgKq5yHDDDHgwg8uS1idOJNc4q0zlcqmnE65FX9hJOpvrTh3KUZuu0KVMJtqxs3hFO7yg7I6IHdxfISMdHE0Hohx6TGYsw+u0J3/mJektVEtw9Yg4/b1LnOSNXdrjPBlURAf8XNEhK+Tj/6d+mTsSKmk++pXj1CJiQEn0UfdfARk0uMpkVmrvFWzsGdTOKbRIcLBixHGH4wep9aKzeqfgDg=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_634900D2FBCE47CF8907C8B9CB3A4102ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 2b794722-90a3-4fd4-c40c-08d73c3deeef
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Sep 2019 13:41:39.3608 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: fLy2b1fd0ToZdqHH4xg3Gp35j5wGOAoPvAsbArI3bEA01K0KMyaVkCrtxmkFBacUoHQXlx06sBeiHreGnd+SgA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2658
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.24, xch-aln-014.cisco.com
X-Outbound-Node: rcdn-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/v8UAgBGQ0yp0VBwGkZ3RwzH1MME>
Subject: Re: [spring] “SRV6+” complexity in forwarding
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Sep 2019 13:41:53 -0000

Hi Ron.

I summarized my argument as follows:
"Regardless of ASIC capabilities there are two performance penalties you will not escape with PSSI+CRH+PPSI: TLV parsing and multiple lookups.”

You’ve confirmed this additional overhead for "SRv6+".  Thanks.

You then say "So long as the ASIC can process enough packets per second to saturate the line cards, we are forwarding at full line rate."

Yes this is true, but we can conclude: The complexity of "SRv6+" requires ASICs do much more work per packet vs SRv6.

Thanks
  Darren


On Sep 16, 2019, at 9:59 PM, Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>> wrote:

Hi Darren,

I think that your argument can be summarized as follows:


  *   SRv6 requires only two FIB searches
  *   SRv6+ requires 4 or more FIB searches
  *   Therefore, SRv6+ cannot possibly forward at line speed


Have I summarized your argument correctly? If not, please set me straight. If so, please read on.

First, SRv6+ never requires more than 4 FIB searches. The DOH that precedes the CRH contains, at most, one PSSI. Therefore SRv6+ requires four FIB searches, at most.

Second, SRv6+ only requires 4 FIB searches the following case:


  *   The packet contains two instances of the DOH. (Most use-cases require only one.)
  *   The processing node is configured to process the PSSI. (Many ASIC-based devices, because of their role in the network, won’t support any per segment service instructions. This nodes will be configured to ignore the PSSI. That is why it is optional.)


So, in most use-cases, SRv6+ requires only 3 FIB searches.

So, you might now argue that:


  *   SRv6 requires only two FIB searches
  *   SRv6+ requires three and sometimes four FIB searches
  *   Therefore, SRv6+ cannot possibly forward at line speed


Here, some slightly deeper thought might be required. A platform has two relevant resources:


  *   A route lookup ASIC, that can process some number of packets per second
  *   Some number of interfaces, that can forward some number of bits per second


So long as the ASIC can process enough packets per second to saturate the line cards, we are forwarding at full line rate. So long as a platform has a sufficiently capable ASIC, it will be able to forward at line speed. But it’s a matter of how the platform is designed. If the ASIC is not sufficiently capable, of course, it will not forward at line speed.

In your email, you say that I have been asked several times to report on the state of Juniper’s SRv6+ implementation. While I cannot provide details, you can assume that we wouldn’t be working on this if we thought that performance was going to be sub-optimal.

You also suggest that Juniper’s is the only implementation. Are you sure that this is correct?

                                                                                                                     Ron





Juniper Business Use Only
From: Darren Dukes (ddukes) <ddukes@cisco.com<mailto:ddukes@cisco.com>>
Sent: Monday, September 16, 2019 4:38 PM
To: Ron Bonica <rbonica@juniper.net<mailto:rbonica@juniper.net>>
Cc: Mark Smith <markzzzsmith@gmail.com<mailto:markzzzsmith@gmail.com>>; EXT - daniel.bernier@bell.ca<mailto:daniel.bernier@bell.ca> <daniel.bernier@bell.ca<mailto:daniel.bernier@bell.ca>>; xiechf@chinatelecom.cn<mailto:xiechf@chinatelecom.cn>; SPRING WG <spring@ietf.org<mailto:spring@ietf.org>>; 6man <6man@ietf.org<mailto:6man@ietf.org>>; Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>>; Rob Shakir <robjs@google.com<mailto:robjs@google.com>>; Tarek Saad <tsaad.net@gmail.com<mailto:tsaad.net@gmail.com>>
Subject: “SRV6+” complexity in forwarding

Hi Ron, I agree ASICs are always improving, indeed this is evident in the number of successful SRv6 deployments and multiple vendor implementations at line rate on merchant silicon, and multiple vendor ASICs.

Is “SRv6+” (PSSI+CRH+PPSI) implemented and deployed at line rate?
You’ve been asked this several times.  Since you’re the only implementor(?) and one operator is claiming deployment or testing, I am curious.

Regardless of ASIC capabilities there are two performance penalties you will not escape with PSSI+CRH+PPSI: TLV parsing and multiple lookups.

Requiring all segments in a CRH segment list to process an arbitrary length DOH+set of PSSI’s and other options is always very expensive.
- It is expensive in SRAM as previously discussed in these threads.
- It is expensive in parsing logic to know and process a set of TLVs in any ASIC or NP.

Spreading PSSI, CRH, PPSI operations in multiple headers and multiple identifiers you now have multiple lookups at a node.
1 - lookup destination address
2 - lookup one or more PSSI and future destination options.
3 - lookup the CRH label or PPSI label.
4 - lookup new destination address

Compare this with SRv6.
1 - lookup destination address
2 - lookup new destination address

While ASICs are more capable and will continue to be more capable, these technical performance problems you introduce with PSSI+CRH+PPSI will not go away.

Darren

On Sep 12, 2019, at 12:34 PM, Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org<mailto:rbonica=40juniper.net@dmarc.ietf.org>> wrote:

v2.23.0 | Report a Bug | By Email