Re: [Spud] Multipath/Mobility (was Questions based on draft-trammell-spud-req-00)
Toerless Eckert <eckert@cisco.com> Mon, 10 August 2015 18:27 UTC
Return-Path: <eckert@cisco.com>
X-Original-To: spud@ietfa.amsl.com
Delivered-To: spud@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 3E90B1B3BFC
for <spud@ietfa.amsl.com>; Mon, 10 Aug 2015 11:27:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001,
T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id JEqHx5R4_zp0 for <spud@ietfa.amsl.com>;
Mon, 10 Aug 2015 11:27:51 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88])
(using TLSv1 with cipher RC4-SHA (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 9F6F61B3B2C
for <spud@ietf.org>; Mon, 10 Aug 2015 11:26:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=cisco.com; i=@cisco.com; l=5474; q=dns/txt; s=iport;
t=1439231210; x=1440440810;
h=date:from:to:cc:subject:message-id:references:
mime-version:in-reply-to;
bh=sG1BeXAdrs4MDJgsuecYhF8TLpLA/thfPMEw/J1Ozi4=;
b=WqDMwxIYPOE1KFg//mODqIrkWE5yUG9pJiX7xwVs4ak7PlpWQlvNX5Zk
DHX7aEOliAno3JfjeBvu1A9Fi7a3RbRdrZ6CCDTVKWQKJtjHJ2P+HyIjU
4TkHF4OF3TpunJr6y4EU1rKJbI1jKZsQToShJbBbRotX099UAMWI7afx8 o=;
X-IronPort-AV: E=Sophos;i="5.15,647,1432598400"; d="scan'208";a="177388495"
Received: from rcdn-core-11.cisco.com ([173.37.93.147])
by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA;
10 Aug 2015 18:26:50 +0000
Received: from mcast-linux1.cisco.com (mcast-linux1.cisco.com [172.27.244.121])
by rcdn-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id t7AIQnCp012918
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
Mon, 10 Aug 2015 18:26:49 GMT
Received: from mcast-linux1.cisco.com (localhost.cisco.com [127.0.0.1])
by mcast-linux1.cisco.com (8.13.8/8.13.8) with ESMTP id t7AIQnBP015167;
Mon, 10 Aug 2015 11:26:49 -0700
Received: (from eckert@localhost)
by mcast-linux1.cisco.com (8.13.8/8.13.8/Submit) id t7AIQmZb015164;
Mon, 10 Aug 2015 11:26:48 -0700
Date: Mon, 10 Aug 2015 11:26:48 -0700
From: Toerless Eckert <eckert@cisco.com>
To: Ted Hardie <ted.ietf@gmail.com>
Message-ID: <20150810182648.GU1667@cisco.com>
References: <CA+9kkMC2+=kyoU0JGVN65Nsvv3z0_wpJ8G8iQa1xU2DPWFt0HQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CA+9kkMC2+=kyoU0JGVN65Nsvv3z0_wpJ8G8iQa1xU2DPWFt0HQ@mail.gmail.com>
User-Agent: Mutt/1.4.2.2i
Archived-At: <http://mailarchive.ietf.org/arch/msg/spud/bJDfQHo7QdtFOGKpkEqrxPnS-IA>
Cc: Eric Rescorla <ekr@rtfm.com>, "Black, David" <david.black@emc.com>,
Mirja =?iso-8859-1?Q?K=FChlewind?= <mirja.kuehlewind@tik.ee.ethz.ch>,
Joe Hildebrand <jhildebr@cisco.com>, "spud@ietf.org" <spud@ietf.org>,
Jana Iyengar <jri@google.com>, Ken Calvert <calvert@netlab.uky.edu>,
Brian Trammell <ietf@trammell.ch>
Subject: Re: [Spud] Multipath/Mobility (was Questions based on
draft-trammell-spud-req-00)
X-BeenThere: spud@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Session Protocol Underneath Datagrams <spud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spud>,
<mailto:spud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spud/>
List-Post: <mailto:spud@ietf.org>
List-Help: <mailto:spud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spud>,
<mailto:spud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2015 18:27:53 -0000
On Mon, Aug 10, 2015 at 10:52:49AM -0700, Ted Hardie wrote:
> ???First, I'm guessing that you want a single tube-id for multiple flows
> because you want to tell the network that they are part of a single,
> multipath whole. If I have guessed that wrong and you have a different
> view, can you please explain????
Correct guess.
> > I can't see how we could have network elements understand multipath/mobile
> > connections without such a common identification. Sure, this means SPUD
> > would need to define a common multipath/mobility layer, but thats a good thng.
> >
> ???I think we need to understand what the network will do with this
> information.
a) Simplification of multi-path/mobility end-to-end operations. The Tube-ID
becomes the identifier for the multi-path flow. Its how additional
5-tuples indicate which flow they belong to. (thats pure end-to-end).
b) Diagnostics. Operator, management tools, statistics gatherings,
troubleshooting. As in: may also help the user if something goes wrong
and there is a common layer helping to idenfiy sub-flows of a connection.
c) ability to do less per-sub-flow signaling by using state data from another
sub-flow.
d) Ability to do resource tracking/assignment across a multi-path/mobile flow.
> It may infer what to do based on the idea of multipath, but it
> seems generally more effective to be direct. If you can be direct, to put
> this another way, there is no need to leak to the network element anything
> about the shape of the flow.
I don't follow.
> The same seems to me true for the mobility case. The layer at which to do
> session replacement seems to me the encrypted transport above SPUD; that
> provides better confidentiality.
Look at it the other way: application will try to game the network by
using more flows to get more bandwidth. So networks may want to limit
number of flows per subscriber or the like (ip-prefix, location, however
you want to bucketie flows) to counter that abuse.
How do we allow for applications to still do multi-path/mobility without
running into the trap of being throttled because they use more flows ?
By giving a network visibile identification of a flow that includes
mobility/multipath. Thats that the Tube-ID could ideally be IMHO.
> Now, if the API allows that higher layer
> to know what SPUD identifiers were assigned, then it may exercise the
> session replacement by saying "This new tube replaces the former tube
> identified by tube-id:XXX", but that has to be said in the
> cryptographically protected session and backed by something else (shared
> cryptographic credentials with the previous tube, most likely) to be
> accepted. But the use of a tube-id there is just an optimization for the
> higher layer protocol not generating its own identifiers, and it is
> completely opaque to SPUD itself.
For the end-to-end operations, use of SPUD signaling elements creates
commonality which IMHO is a good thing. And of course it does enable
network elements to easie interact with it.
> > a) SPUD signaling is built such that a network device only seeing a single
> > direction of the flow (asymmetric routing as common in the internet)
> > still gets all SPUD signaling information.
> >
> > ???If by "all" you mean "all of it passing it", then sure; if you mean "all"
> as in anything related to the tube, then I don't agree. If I relate
> information about the??? tube that is consumed by a path element on the
> forward path, then I don't see why it would be echoed to the reverse path
> at all.
I was not expressing an opinion of whether this should or should not be
supported by SPUD, i was just trying to classify an option, so no reason
yet to agree or disagree ;-)
What i meant to characterize is simple that currently middleboxes only
work for TCP if they see packets for both directions of a connection. So
a) means features in SPUD that would allow middleboxes to only see one
direction of a bidirectional flow and still see all SPUD signaling elements,
eg: because each signaling element is reflected back in the other direction
(or at least the ones necessary to have a middlebox understand the current
state of the connection).
> > ???I don't think I understand what value you think there is here.
Today the locations for middleboxes are engineered so that they see
bidirectional traffic. With this features, middleboxes could more easily
be deployed in parts of the topology subject to hot-potato routing.
> > ???I find myself on the complete opposite end of this--I think app-to-path
> signalling is inherently unidirectional for unicast traffic. You may have
> very different path requests for forward and reverse paths and you may have
> unidirectional unicast flows.
But there is no unidirectional traffic signaling to set up a "connection"
even for a unidirectional flow. And even if you want to set up a unidirectional
flow, its always one and the same app that owns the sockets for both directions,
so it looks a lot more logical to me to have just a single bidirectional Tube-ID
and just indicate the characteristics of both directions via different
attributes.
Another way to look at it: Show me a single transport protocol today that
can set up for the same 5 tuple two separate & independent unidirectional flows.
I am not aware of any. Why introduce it with SPUD ?
Cheers
Toerless
- [Spud] Multipath/Mobility (was Questions based on… Ted Hardie
- Re: [Spud] Multipath/Mobility (was Questions base… Toerless Eckert
- Re: [Spud] Multipath/Mobility (was Questions base… Toerless Eckert
- Re: [Spud] Multipath/Mobility (was Questions base… Christian Huitema
- Re: [Spud] Multipath/Mobility (was Questions base… Toerless Eckert
- Re: [Spud] Multipath/Mobility (was Questions base… Mirja Kühlewind
- Re: [Spud] Multipath/Mobility (was Questions base… Toerless Eckert