Re: [tcpm] [v6ops] Flow Label Load Balancing
Tom Herbert <tom@herbertland.com> Wed, 25 November 2020 20:05 UTC
Return-Path: <tom@herbertland.com>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 518A53A1C9C for <tcpm@ietfa.amsl.com>; Wed, 25 Nov 2020 12:05:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ksRQbPCNbOES for <tcpm@ietfa.amsl.com>; Wed, 25 Nov 2020 12:05:16 -0800 (PST)
Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47E523A1CA5 for <tcpm@ietf.org>; Wed, 25 Nov 2020 12:05:13 -0800 (PST)
Received: by mail-ej1-x633.google.com with SMTP id lt17so4213586ejb.3 for <tcpm@ietf.org>; Wed, 25 Nov 2020 12:05:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=fcooyIZCSMch3fTbFOLokrdujEjrdUAGttzOwcEB5tU=; b=IqGI+/ARxrRXUbowuvoNX4o+J1DVc/2mFsiy30gS02MSOOWJxSDrHcPzIA46kw6+Z4 yAVGqY7AZ2Bd9AjlncwVe/sbiYLOOP55H+3VHa90yXDQi7ErrSMNUvCs8xtd0osm192G KvmxVo5Ynf4Lx7EyOGljQ5hkk9O1AZifcChgS7LA+DqbGP5mWD/Kv8qxzSzcAdETwYh+ G9e0T+5w8c2elNOkFC+5AIuvd5EIY2NXpKVrHwYL0rt3STPlexoZBfyDMwXUWSMwArIo Ws7maAAyxKLVExWTWpV+6WOBqCJ7pUTmQTYrzyEWMYakPRwsSwCMeHF428CkEbaprZp1 ti8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fcooyIZCSMch3fTbFOLokrdujEjrdUAGttzOwcEB5tU=; b=X63mQN5GH7aDislB9DluFD3YZcnhM/HaRaVnkwZoRJfi/dkDkybJzkBj5cjmyrqyFx LCxAX0bY/0IGOD6iCxLqOYhiwzJ/FOgnU/RMAfpZVKbM5CxtckAhvyIHjM3J8+RYh7gH f5rMrXZSGAT7wjcYgwvghAygKe+47mhdikmCefmSXFMLFUtWMiNpDar7ZSP2gJJbvpLw 9GNAnU+Al4frmNl1yl9IzEEOmKsVY6qrK2s5sw3S8rQ8ZLICJrwIbSRAzq035r4F960j +KTSBovghx+C9Dj0CM89OVPM5pSWu+AzDhEHNNw4cFVOj2RYdEkYxGpqbzmj1X36JJeU IqAA==
X-Gm-Message-State: AOAM530DQ+eD3tfrfiVBMoILwXostGeR+46CiyHtyorI9zvjDUWeE6LL lr4HRgNjU+ViZV0aiDqAZh1YChOeNvnWvH9MJOOs4A==
X-Google-Smtp-Source: ABdhPJwx/znQ66iAKYmdAJEV4MnLbSaRZ1ZT/TpKPYbZpXPm7wOw19C9hZH7ijmbZM/ujPfIVZxHUjuyl2jFhYvWPCY=
X-Received: by 2002:a17:906:3294:: with SMTP id 20mr4584338ejw.239.1606334711385; Wed, 25 Nov 2020 12:05:11 -0800 (PST)
MIME-Version: 1.0
References: <CAEGSd=DY8t8Skor+b6LSopzecoUUzUZhti9s0kdooLZGxPEt+w@mail.gmail.com> <d29042a7-742b-a445-cf60-2773e5515ae5@gont.com.ar> <CALx6S37+1duoNGR3dZWesHsZvx15kX9wCWufPMh=esvMaSMF_g@mail.gmail.com> <63e7aad3-7094-7492-dbe4-3eefb5236de3@gont.com.ar> <CALx6S37t4jump6S-R5_xdo5DF+RnHtT4rU5-RuiC-2GQ0PXxkQ@mail.gmail.com> <239c4b67-1d9a-da00-7bb0-52019be1b7c1@joelhalpern.com>
In-Reply-To: <239c4b67-1d9a-da00-7bb0-52019be1b7c1@joelhalpern.com>
From: Tom Herbert <tom@herbertland.com>
Date: Wed, 25 Nov 2020 13:05:00 -0700
Message-ID: <CALx6S34uSAne_LyhrWDcjkR5p7MO6ggm_Ua_h+6nkX41S=Ge=A@mail.gmail.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
Cc: IPv6 Operations <v6ops@ietf.org>, tcpm <tcpm@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tcpm/vAnchClpk37Q-gObY7XaKOu0jlg>
Subject: Re: [tcpm] [v6ops] Flow Label Load Balancing
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2020 20:05:23 -0000
Joel, Is there an RFC that clearly and unambiguously states that a host MUST use the same flow label for the lifetime _and_ clearly defines exactly what a flow is with respect to such a requirement (for instance, how would you define a flow and enforce such a requirement in UDP? IPsec? other encapsulations?). If there is such a requirement then we'll change the code to be conformant. Tom On Wed, Nov 25, 2020 at 12:39 PM Joel M. Halpern <jmh@joelhalpern.com> wrote: > > This kind of thing is why, as I understand it, MPTCP has discovery > mechanisms ot know if both sides use it, and can select alternative > addresses for communication. > > Trying to guess flow labels that might avoid a problem because it might > be an ECMP problem, is just flailing about. Not a good design for > operational protocols. > > And in general, designing protocols around "I know exactly what is going > on" (the requirement for what you describe that goes well beyond just > "limited domains") is also a recipe for failure. > > The Flow Label RFCs are actually very explicit that a flow label is > supposed to be stable for the life of the flow. Otherwise, it isn't a > flow label. > > Yours, > Joel > > On 11/25/2020 2:35 PM, Tom Herbert wrote: > > Hi Fernando, comments in line... > > > > On Wed, Nov 25, 2020 at 12:13 AM Fernando Gont <fernando@gont.com.ar> wrote: > >> > >> Hi, Tom, > >> > >> On 24/11/20 16:43, Tom Herbert wrote: > >> [....] > >>> Modulating the flow label is a means to affect the routing of packets > >>> through the network that uses flow labels as input to the ECMP hash. > >> > >> What's the point? > >> > >> 1) You cannot tell *if* the FL is being used. > >> > > Generally true, but in a limited domain this information could be > > discerned. I'd note that it's also generally true that we don't know > > if there is a load balancer or stateful firewall in the path that > > requires consistent routing, but in a limited domain we could know > > that also. > > > >> 2) Changing the FL does not necessarily mean that packets will employ a > >> different link. > > > > It's an opportunistic mechanism. If a connection is failing and we get > > a better path that fixes it by simply changing the flow label then > > what's the harm? > > > >> > >> 3) If the network is failing, shouldn't you handle this via routing? > >> > > Sure, but then that requires an out of band feedback loop from a TCP > > implementation to the network infrastructure to indicate there is a > > problem and then the network needs to respond. That's significant > > infrastructure and higher reaction time than doing something in TCP > > and IP. Think of modulating the flow label is an inexpensive form of > > source routing within a limited domain that doesn't need any > > infrastructure or heavyweight protocols or something like segment > > routing. > > > >> > >> > >>> The basic idea is that the flow label associated with a connection is > >>> randomly changed when the stack observes that the connection is > >>> failing (e.g. and an RTO). There is nothing in the specs that prevents > >>> this since the source is at liberty to set the flow label as it sees > >>> fit. > >> > >> The FL is expected to remain constant for the life of a flow. A > >> retransmitted packet is part of the same flow as the > >> originally-transmitted packet. So this seems to be contradicting the > >> very specification of the FL. > >> > >> For instance, If a RTO for a flow causes the FL to change, then one may > >> possibly argue that the FL is not naming/labeling what is said/expected > >> to be anming/labeling. > > > > Specifically, RFC6437 states: > > > > "It is therefore RECOMMENDED that source hosts support the flow label > > by setting the flow label field for all packets of a given flow to the > > same value chosen from an approximation to a discrete uniform > > distribution." > > > > So that is clearly a just recommendation, and not a requirement (and > > definitely not a MUST). Furthermore, RFC6437 states: > > > > "A forwarding node MUST either leave a non-zero flow label value > > unchanged or change it only for compelling operational security > > reasons as described in Section 6.1." > > > > So there's no guarantee in the protocol specs that flow labels are > > consistent for the life of the connection, which means that the > > network cannot assume that and thus it would be incorrect if the > > network tried to enforce flow label consistency as a protocol > > requirement. As I said, it is prudent to try to be consistent with > > flow labels and the default behavior in Linux should be changed, > > however I do not believe there's a valid claim of non-conformance that > > motivates removal of the feature that is already deployed. > > > > Tom > > > > > > > > > >> > >> > >> > >>> The feature is useful in large datacenter networks, like > >>> pparently Facebook where the patches originate, since information > >>> discerned by TCP can opportunistically be applied to route selection. > >>> The practical issue is that there are stateful devices like firewalls > >>> that require consistent routing in the network in which case changing > >>> the flow label can confuse them. As I mentioned, the original intent > >>> was that the flow label randomization feature should be opt-in instead > >>> of on by default. > >> > >> So... where is the "source" of the packet that would be "modulating" the FL? > >> > >> Thanks, > >> -- > >> Fernando Gont > >> e-mail: fernando@gont.com.ar || fgont@si6networks.com > >> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 > >> > >> > >> > > > > _______________________________________________ > > v6ops mailing list > > v6ops@ietf.org > > https://www.ietf.org/mailman/listinfo/v6ops > >
- [tcpm] Flow Label Load Balancing Alexander Azimov
- Re: [tcpm] [v6ops] Flow Label Load Balancing Tom Herbert
- Re: [tcpm] [v6ops] Flow Label Load Balancing Alexander Azimov
- Re: [tcpm] [v6ops] Flow Label Load Balancing Fernando Gont
- Re: [tcpm] [v6ops] Flow Label Load Balancing Alexander Azimov
- Re: [tcpm] [v6ops] Flow Label Load Balancing Tom Herbert
- Re: [tcpm] [v6ops] Flow Label Load Balancing Brian E Carpenter
- Re: [tcpm] [v6ops] Flow Label Load Balancing Tom Herbert
- Re: [tcpm] [v6ops] Flow Label Load Balancing Fernando Gont
- Re: [tcpm] [v6ops] Flow Label Load Balancing Fernando Gont
- Re: [tcpm] [v6ops] Flow Label Load Balancing Tom Herbert
- Re: [tcpm] [v6ops] Flow Label Load Balancing Joel M. Halpern
- Re: [tcpm] [v6ops] Flow Label Load Balancing Brian E Carpenter
- Re: [tcpm] [v6ops] Flow Label Load Balancing Tom Herbert
- Re: [tcpm] [v6ops] Flow Label Load Balancing Joel M. Halpern
- Re: [tcpm] [v6ops] Flow Label Load Balancing Tom Herbert
- Re: [tcpm] [v6ops] Flow Label Load Balancing Brian E Carpenter
- Re: [tcpm] [v6ops] Flow Label Load Balancing Tom Herbert
- Re: [tcpm] [v6ops] Flow Label Load Balancing Alexander Azimov
- Re: [tcpm] [v6ops] Flow Label Load Balancing Yuchung Cheng
- Re: [tcpm] [v6ops] Flow Label Load Balancing Brian E Carpenter
- Re: [tcpm] [v6ops] Flow Label Load Balancing Alexander Azimov
- Re: [tcpm] [v6ops] Flow Label Load Balancing Brian E Carpenter
- Re: [tcpm] [v6ops] Flow Label Load Balancing Fernando Gont
- Re: [tcpm] [v6ops] Flow Label Load Balancing Fernando Gont
- Re: [tcpm] [v6ops] Flow Label Load Balancing Fernando Gont
- Re: [tcpm] [v6ops] Flow Label Load Balancing Tom Herbert
- Re: [tcpm] [v6ops] Flow Label Load Balancing Mark Smith
- Re: [tcpm] [v6ops] Flow Label Load Balancing Joseph Touch
- Re: [tcpm] [v6ops] Flow Label Load Balancing Fernando Gont
- Re: [tcpm] [v6ops] Flow Label Load Balancing Fernando Gont
- Re: [tcpm] [v6ops] Flow Label Load Balancing Mark Smith
- Re: [tcpm] [v6ops] Flow Label Load Balancing Fernando Gont
- Re: [tcpm] [v6ops] Flow Label Load Balancing Alexander Azimov
- Re: [tcpm] [v6ops] Flow Label Load Balancing Michael Tuexen
- Re: [tcpm] [v6ops] Flow Label Load Balancing Tom Herbert
- Re: [tcpm] [v6ops] Flow Label Load Balancing Fernando Gont
- Re: [tcpm] [v6ops] Flow Label Load Balancing Tom Herbert
- Re: [tcpm] [v6ops] Flow Label Load Balancing Fernando Gont
- Re: [tcpm] [v6ops] Flow Label Load Balancing Erik Kline
- Re: [tcpm] [v6ops] Flow Label Load Balancing Fernando Gont
- Re: [tcpm] [v6ops] Flow Label Load Balancing Tom Herbert
- Re: [tcpm] [v6ops] Flow Label Load Balancing Fernando Gont
- Re: [tcpm] [v6ops] Flow Label Load Balancing Tom Herbert
- Re: [tcpm] [v6ops] Flow Label Load Balancing Brian E Carpenter
- Re: [tcpm] [v6ops] Flow Label Load Balancing Tom Herbert
- Re: [tcpm] [v6ops] Flow Label Load Balancing Fernando Gont