IETF Logo Mail Archive

Re: [spring] Network Programming Interface for Provisioning of Underlay Services to Overlay Networks Using SRv6 (draft-xie-spring-srv6-npi-for-overlay)

Eduard Metz <etmetz@gmail.com> Tue, 15 March 2022 13:03 UTC

Return-Path: <etmetz@gmail.com>
X-Original-To: spring@ietfa.amsl.com
Delivered-To: spring@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5546E3A1BBF for <spring@ietfa.amsl.com>; Tue, 15 Mar 2022 06:03:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dyD_PEq__hZf for <spring@ietfa.amsl.com>; Tue, 15 Mar 2022 06:03:11 -0700 (PDT)
Received: from mail-yb1-xb30.google.com (mail-yb1-xb30.google.com [IPv6:2607:f8b0:4864:20::b30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 221CF3A1BC5 for <spring@ietf.org>; Tue, 15 Mar 2022 06:02:39 -0700 (PDT)
Received: by mail-yb1-xb30.google.com with SMTP id j2so37257019ybu.0 for <spring@ietf.org>; Tue, 15 Mar 2022 06:02:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YrFIam4jtd7Xnr6E5gLB+sjVp1desxpIdrZEwNxTqD0=; b=f7KD1HHy14SWexrull/ajG6frBMoX1I8Op60cnDk5+iUgglnr8rltYjKP6e2Q+Cwgo BD6zNf8yNNeSfs4oBavc/cLejLs+kqVtcgNHAtmCj3xjf5a/AOPHTd2WmUrf2hq9tH/S 4am0ydTa+UteZn1+A4YXBtjfFuLBf5mRXD7/taAv90TytURBZGuyGdduu5aH7wjsHSDj UgowS90VI+tru7d+26Uvb4Rh99cCBR/XS8WP8DGDSvkhOHpSoAvOKrfO/1p/UNWN4Nfi wa3ejPM2N6eILRCBzu+jKFm6KhQYX/pCEPCTQ/GXW0K9HPMQlcecmFbhr0WkM00tmTet 1ZBw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YrFIam4jtd7Xnr6E5gLB+sjVp1desxpIdrZEwNxTqD0=; b=bA16TQempULg4NeavwVAllPoZztUJ7/9vPUwFtEb/GT3kk8sM7Er6EEAkpwL2lcKSD mggSOBkqS8ItwM2TozpdkYRrv6+134hhi35awM/F5wfUjWF/ffjZTFozv95Ekptox1RO OiWZptVlL7Xhy5indxtso1rb+PX7OWUvobVong5Fhg7cpZJXksIUysK2a3qPnm4XDGDF xzZMSZCAIgSBkMghI1Ojn7ases0thXF/xD7lExxcYBfEAgaZzMEyk6L3Lpz7bpiwyOti T1l+vscsHe6hAuRCwW1qoDcVOgGDAVB/1a985+1/Veeprw31mowZKPmMC3N2Fjhvh+wW GwNg==
X-Gm-Message-State: AOAM5322amygtqX/nitDO+TyBoaRRgocCSJ8UeFQ8+u8m1mFE+hn5Mtx kOA6KTVB+PoCbkbbrZ1L9BhsukfrLGd3P6hhESE=
X-Google-Smtp-Source: ABdhPJy9XZlI/rEv8US3tM3rL/eZSJ6H+Wvkw9pwUpufVq4d+xRWWQTbJOB1rO2gJ2di1HCWpgBFLt9iCgbkJdFo0m0=
X-Received: by 2002:a5b:20f:0:b0:628:6a2b:ee2c with SMTP id z15-20020a5b020f000000b006286a2bee2cmr23579652ybl.175.1647349357994; Tue, 15 Mar 2022 06:02:37 -0700 (PDT)
MIME-Version: 1.0
References: <5138b23393b7434fa674eefd1886385d@huawei.com> <f2ba3c4a-e30d-d3f2-211b-0b42d99cd876@ninjabadger.net> <bdff393fee4e484fb364baf56b0391e6@huawei.com> <AM7PR03MB64513AEDE5ED62ECE0F50280EE0B9@AM7PR03MB6451.eurprd03.prod.outlook.com> <CABNhwV3aw2SO6TBA+bXkpqNbmDSag+k+oL3soE=eMLDgufshSw@mail.gmail.com> <b8627f4a8a6d4cdba18db4f37ee4e219@huawei.com> <AM7PR03MB6451A51344B38A670D4A8AF9EE0F9@AM7PR03MB6451.eurprd03.prod.outlook.com>
In-Reply-To: <AM7PR03MB6451A51344B38A670D4A8AF9EE0F9@AM7PR03MB6451.eurprd03.prod.outlook.com>
From: Eduard Metz <etmetz@gmail.com>
Date: Tue, 15 Mar 2022 14:02:27 +0100
Message-ID: <CAG=3OHc7vqx68v4VN00W5=059+gSj5-KmOd+z6sjhvm8+-yqxQ@mail.gmail.com>
To: Andrew Alston - IETF <andrew-ietf=40liquid.tech@dmarc.ietf.org>
Cc: "Xiejingrong (Jingrong)" <xiejingrong=40huawei.com@dmarc.ietf.org>, Gyan Mishra <hayabusagsm@gmail.com>, Andrew Alston - IETF <andrew-ietf@liquid.tech>, "spring@ietf.org" <spring@ietf.org>, Tom Hill <tom@ninjabadger.net>
Content-Type: multipart/related; boundary="0000000000004dfcb005da416966"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spring/zke7ch-nybnEuh78LDOjYGVZACQ>
Subject: Re: [spring] Network Programming Interface for Provisioning of Underlay Services to Overlay Networks Using SRv6 (draft-xie-spring-srv6-npi-for-overlay)
X-BeenThere: spring@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Source Packet Routing in NetworkinG \(SPRING\)" <spring.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spring>, <mailto:spring-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spring/>
List-Post: <mailto:spring@ietf.org>
List-Help: <mailto:spring-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spring>, <mailto:spring-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2022 13:03:17 -0000

Hello Jingrong,

I haven't read your draft in detail yet, but the question of how to expose
SRv6 based transport service / capabilities for consumption by overlay
networks I think is an interesting one.

I'm not sure whether the reference figure (5) already conflicts with
"limited domain", assuming one would expose such services only to a
controlled set of CPE I would say it doesn't. I have to agree with others
who commented that the scope of the draft is not fully clear though. It
suggests to aim to solve "interdomain" cases, while in the solution part
the focus seems to be again on the question of how to expose services.

It would help if the scope is clarified.
By the way, I interpreted the scope as described in the first sentence
above, is this correct?

cheers,
  Eduard



On Mon, Mar 14, 2022 at 4:17 PM Andrew Alston - IETF <andrew-ietf=
40liquid.tech@dmarc.ietf.org> wrote:

> Jingrong,
>
>
>
> Limited Domain (in my view) refers to a domain where all points are under
> single administrative control.  I.E the source, destination and anything in
> the middle must fall under the same administrative control, otherwise, you
> are not within the limited domain.  This can be extended using
> encapsulation (tunneling) where the packet is encapsulated and preferably
> cryptographically protected, such that any intermediate networks outside of
> the same administrative control cannot, either by error or deliberate
> action, act on the information contained within the routing headers.
>
>
>
> Anything else would run into issues with section 8.2 of RFC8402.
>
>
>
> Thanks
>
>
>
> Andrew
>
>
>
>
>
> *From:* spring <spring-bounces@ietf.org> *On Behalf Of *Xiejingrong
> (Jingrong)
> *Sent:* Monday, March 14, 2022 10:16 AM
> *To:* Gyan Mishra <hayabusagsm@gmail.com>; Andrew Alston - IETF
> <andrew-ietf@liquid.tech>
> *Cc:* spring@ietf.org; Tom Hill <tom@ninjabadger.net>
> *Subject:* Re: [spring] Network Programming Interface for Provisioning of
> Underlay Services to Overlay Networks Using SRv6
> (draft-xie-spring-srv6-npi-for-overlay)
>
>
>
> Hi,
>
>
>
> I think I now understand better the concern about "the use of SIDs over
> the public Internet".
>
> In my previous mail, the SID2/SID3 used between CPE2-Internet-CPE3 is to
> explain the layering model (over vs across), but it is not the proposal of
> the draft.
>
> The draft is talking about the interface (name NPI) that overlay networks
> use to access the underlying network in the last mile.
>
> There may be an Access Network (AN) in the last mile, and the AN may also
> connect to Internet backbone and/or multiple underlying networks, but it is
> distinct from the "open Internet".
>
> Make more sense if the AN can enhance (if no way to enforce) not to leak
> the SRv6 BSID to Internet backbone or other TNs ?
>
>
>
> For the control plane, it is still not clear if a controller is required,
> but one thing I considered is to use an IETF standard protocol because the
> PE need to implement the NPI.
>
>
>
> Regards,
>
> Jingrong
>
>
>
> *From:* Gyan Mishra [mailto:hayabusagsm@gmail.com <hayabusagsm@gmail.com>]
>
> *Sent:* Sunday, March 13, 2022 8:26 AM
> *To:* Andrew Alston - IETF <andrew-ietf@liquid.tech>
> *Cc:* Tom Hill <tom@ninjabadger.net>; Xiejingrong (Jingrong) <
> xiejingrong@huawei.com>; spring@ietf.org
> *Subject:* Re: [spring] Network Programming Interface for Provisioning of
> Underlay Services to Overlay Networks Using SRv6
> (draft-xie-spring-srv6-npi-for-overlay)
>
>
>
> Hi Jingrong
>
>
>
> I reads the draft and was trying to understand the problem statement as
> well as the solution.
>
>
>
> So I believe the problem statement is how to interconnect desperate sites
> over the internet using a managed IPSEC VPN or SDWAN solution or managed
> MPLS and complexity of provisioning CE attachment.
>
>
>
> The solution is an automated solution using SRv6 over the internet using
> BSID.  This involves running SRv6 over the internet, however SRv6 is
> limited to closed domains.  It appears an E2E pseudowire is used in
> provisioning the service.  Have you though of using NG L2 VPN EVPN all or
> single active multi home over SRv6.
>
>
>
> Does all the provisioning use a PCE / SDN controller?
>
>
>
>
>
> Thanks
>
>
>
> Gyan
>
>
>
> On Thu, Mar 10, 2022 at 9:59 AM Andrew Alston - IETF <andrew-ietf=
> 40liquid.tech@dmarc.ietf.org> wrote:
>
> Hi Jingrong,
>
>
>
> I’m struggling to entirely understand this.  I think the question for me
> is – if you are sending packets with SID’s over the open internet – are
> you encapsulating those packets and is this encapsulation cryptographically
> protected – I.E the SID’s are not visible outside of the encapsulation,
> to preserve the limited domain.
>
>
>
> Limited domains are typically extended via tunnel mechanisms, very often
> with cryptographic protection, hence the question
>
>
>
> Thanks
>
>
>
> Andrew
>
>
>
>
>
> *From:* spring <spring-bounces@ietf.org> *On Behalf Of *Xiejingrong
> (Jingrong)
> *Sent:* Thursday, March 10, 2022 9:40 AM
> *To:* Tom Hill <tom@ninjabadger.net>; spring@ietf.org
> *Subject:* Re: [spring] Network Programming Interface for Provisioning of
> Underlay Services to Overlay Networks Using SRv6
> (draft-xie-spring-srv6-npi-for-overlay)
>
>
>
> Hi Tom,
>
> Thanks for reading the draft and raise discussions.
>
> In the proposal the SRv6 domain is the overlay network, belonging to one
> administrative domain -- the overlay network operator(say ONO).
>
> For your concern about use of SIDs "across" the public Internet. Let me
> try to explain using following figure (hope it works):
>
> CPE1 CPE2 CPE3
> + + + +
> | +--------+ | | +----------+ |
> +---[1] TN1 [1]---+ +---+ Internet |---+
> +--------+ +----------+
>
> In the perspective of the ONO, it has the following SIDs:
> SID1/2/3: allocated on CPE1/CPE2/CPE3 by the ONO.
> SID4/5: allocated by TN operator but serves for the ONO (Tenant-1 of TN,
> marked [1] in the figure).
> The ONO can use these SIDs, and I would think they are all "in the overlay
> network", and are running "Over the Internet".
>
> You mentioned in the last sentence "the use of SIDs over the public
> Internet". That is what I am modeling above.
>
> Thanks
> Jingrong
>
>
> -----Original Message-----
> From: spring [mailto:spring-bounces@ietf.org <spring-bounces@ietf.org>]
> On Behalf Of Tom Hill
> Sent: Wednesday, March 9, 2022 10:43 PM
> To: spring@ietf.org
> Subject: Re: [spring] Network Programming Interface for Provisioning of
> Underlay Services to Overlay Networks Using SRv6
> (draft-xie-spring-srv6-npi-for-overlay)
>
> Hi Jinrong,
>
> On 08/03/2022 01:58, Xiejingrong (Jingrong) wrote:
> > I just posted a draft that specifies a framework and some more detail
> > of the idea for provisioning of underlay services
> > (Slice/SR-policy/Mcast/etc) to overlay networks(SD-WAN/CDN/etc), using
> SRv6.
> >
> > https://datatracker.ietf.org/doc/html/draft-xie-spring-srv6-npi-for-ov
> > erlay
> > <https://datatracker.ietf.org/doc/html/draft-xie-spring-srv6-npi-for-o
> > verlay>
> >
> > Please comment and send any feedback.
> >
> > I would like to discuss this document over e-mail/mail-list.
>
>
> I'm concerned that this draft is explicitly violating the concept of
> SRv6 as a protocol that operates within a Limited Domain.
>
> As per Section 3.2 of this draft, "... the network operator of AN, TN and
> Internet can be different from each other."
>
> Further, "In some scenarios, the AN can be an Internet exchange provider
> (IXP) independent of ISP and NSP. In some other scenarios, the AN can be
> an ISP that running Internet backbone as well."
>
> This would read to me that the proposal is explicitly intended to be
> inter-domain, and not at all limited to any one administrative domain.
> Additionally, I cannot determine if the draft implicitly requires the use
> of SIDs across the public Internet?
>
> Could I ask for some clarification on the scope of the draft, with respect
> to Limited Domains, and also the use of SIDs over the public Internet?
>
> Kind regards,
>
> --
> Tom
>
> _______________________________________________
> spring mailing list
> spring@ietf.org
> https://www.ietf.org/mailman/listinfo/spring
>
> _______________________________________________
> spring mailing list
> spring@ietf.org
> https://www.ietf.org/mailman/listinfo/spring
>
> _______________________________________________
> spring mailing list
> spring@ietf.org
> https://www.ietf.org/mailman/listinfo/spring
>
> --
>
> [image: 图像已被发件人删除。] <http://www.verizon.com/>
>
> *Gyan Mishra*
>
> *Network Solutions Architect *
>
> *Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>*
>
> *M 301 502-1347*
>
>
> _______________________________________________
> spring mailing list
> spring@ietf.org
> https://www.ietf.org/mailman/listinfo/spring
>

v2.23.0 | Report a Bug | By Email