IETF Logo Mail Archive

[Teas] Re: issue on multiple match-criterion on the same time for a connectivity-group

Vishnu Pavan Beeram <vishnupavan@gmail.com> Fri, 23 August 2024 10:31 UTC

Return-Path: <vishnupavan@gmail.com>
X-Original-To: teas@ietfa.amsl.com
Delivered-To: teas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE496C180B62; Fri, 23 Aug 2024 03:31:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YvKrNCZTT46P; Fri, 23 Aug 2024 03:31:03 -0700 (PDT)
Received: from mail-pf1-x431.google.com (mail-pf1-x431.google.com [IPv6:2607:f8b0:4864:20::431]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D784C15109C; Fri, 23 Aug 2024 03:31:03 -0700 (PDT)
Received: by mail-pf1-x431.google.com with SMTP id d2e1a72fcca58-714226888dfso1591248b3a.1; Fri, 23 Aug 2024 03:31:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1724409063; x=1725013863; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=n7CJ7Mzaqy7wvjdtAJH+JfCKJKQtxt6ZDtW93YKRGEI=; b=aod3shwf9igIvN18Y3kqI53WSXYLUdET8tzEABoVMvDJ+Ii2s2QrZNWUpJwNoIVDV0 0zi1ErcJ0kircTotsr0eLZYnPhE5bOuerJQMOI/16J7f1Z2bqylpwExQvXeFc6HhikuC aC3MDwBviRy1QZWrzkOxfIocucODvC2m4f8AHtCq1lGXc3WvDay2NBsdNqMhxej5F46f 9S0/E8JvOST5kIZCoNUza0tlvOoNfr2UzUJ0i+Qj9JTGw58niiuA6y/0ucSxsAC/Col0 xg6AJGe4eRJOwxDXjK405JblEayQmV3Jm3KdYyvu0UhxZaxO6Mg+aMbGvOMcON3heOSf 9Rqg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724409063; x=1725013863; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=n7CJ7Mzaqy7wvjdtAJH+JfCKJKQtxt6ZDtW93YKRGEI=; b=Ga1dMR32FEaAxS09UPeEdTtdlfATbTDTnNBQ8zDCI/WuUEh5KGwhfb0Ncy8XUxNONz y2NnibVNU8oQVV7FqEVJgWGH72ljV0eQbKfKOsC6aiHMWksBc4eXbeCxSG7sdk3W6SYm 4/qC6biyCl3k0yWvIaDC4U0/2juN7zlSXzM57iJcnMPyCw2zEEdwyyPjE3atl0IN3wc7 heAZ9J78/GJyNtTdmx2hAL00+N/7+gTyzEPcMp04JDxH+9esiWeGOWPWmhIpORD3W5Ri u6Ic/ljhR0/bspP4dPoeeih4zkjGRBkAfCgUTzCWuEFt60k+CoyDpbbmTy73JUbM9Dvw 1ejg==
X-Forwarded-Encrypted: i=1; AJvYcCUZv5WBpOV/J1gbd0M3giQM4BdFT2vbkogHo70rzUjlCSV58Q/ONyWaNDJ6tv1HXTQBuCRM0jSQija6wA==@ietf.org, AJvYcCXcXbqS8pOZWdUVL/YhSOO0PcGe/MFvwFtgi6nMxwfbuz3qFFojZV584dhtRnZvh3L2To837A==@ietf.org
X-Gm-Message-State: AOJu0YyrXa7QNo+5LqsL93ddLXCHyA1IRBYP6AKNiZqPJp0wCKnjEc27 TYr9ImNWzPm1z8eBRimM1iN+7TKtO5SUeivcrIc05qDPZPH7pWQp110iaxBYm4eOk1DA0qMV+sQ F1rAk84PiP2SCAWhji5Lt0hYGL94=
X-Google-Smtp-Source: AGHT+IHAYWuASsX3QARtp85az4Ej152aANfggOktT6XNnPOUafSzo3PXWd4NiDmXWTjIRKqmMA7kz0RtN29XqQ9XLNU=
X-Received: by 2002:a05:6a20:9d8e:b0:1c4:a55b:8146 with SMTP id adf61e73a8af0-1cc89db9683mr2483421637.26.1724409062581; Fri, 23 Aug 2024 03:31:02 -0700 (PDT)
MIME-Version: 1.0
References: <PAVPR07MB93596F12B3E0E133470A58E891872@PAVPR07MB9359.eurprd07.prod.outlook.com> <63029379cde446eb8c6bf6f87ab7770e@huawei.com>
In-Reply-To: <63029379cde446eb8c6bf6f87ab7770e@huawei.com>
From: Vishnu Pavan Beeram <vishnupavan@gmail.com>
Date: Fri, 23 Aug 2024 16:00:50 +0530
Message-ID: <CA+YzgTt3x8gsvJyNVYEg-u6bXBEKeExaZstNxuDAmR+75Ajbfw@mail.gmail.com>
To: "Wubo (lana)" <lana.wubo@huawei.com>
Content-Type: multipart/alternative; boundary="0000000000009f6d6c06205745c2"
Message-ID-Hash: TI7LNSGL4QBPP7LZ5LYAMWZD4AY6JBGH
X-Message-ID-Hash: TI7LNSGL4QBPP7LZ5LYAMWZD4AY6JBGH
X-MailFrom: vishnupavan@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-teas.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Sergio Belotti (Nokia)" <sergio.belotti@nokia.com>, Oscar González de Dios <oscar.gonzalezdedios@telefonica.com>, TEAS WG Chairs <teas-chairs@ietf.org>, "teas@ietf.org" <teas@ietf.org>, "Peter Busschbach (Nokia)" <peter.busschbach@nokia.com>, "Swamynathan B (Nokia)" <swamynathan.b@nokia.com>, Qin Wu <bill.wu@huawei.com>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Teas] Re: issue on multiple match-criterion on the same time for a connectivity-group
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas/5--8USNAXAzUGAPo9lGaG8ra5H0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Owner: <mailto:teas-owner@ietf.org>
List-Post: <mailto:teas@ietf.org>
List-Subscribe: <mailto:teas-join@ietf.org>
List-Unsubscribe: <mailto:teas-leave@ietf.org>

Sergio -- Thanks for bringing this to the WG's attention.

Bo and authors -- Thanks for the quick resolution. The changes to the
module and the associated examples seem to be straightforward. Adding
another example for this specific scenario would be useful to explain
the difference between the "OR" and "AND" application of the match
criteria. We (chairs) don't think this warrants another LC (or any change
to the shepherd write-up). That said, we'll review the changes when the new
revision is available and decide on the next steps.

Regards,
-Pavan and Oscar

On Fri, Aug 23, 2024 at 1:33 PM Wubo (lana) <lana.wubo@huawei.com> wrote:

> Dear Pavan, Oscar, Sergio, WG,
>
>
>
> After discussing among the authors, we agree that this match criterion
> enhancement can be added for flexibility without relying on the ACL model
> reference.
>
>
>
> And for ACL, since IETF has multiple ACL enhancement models, which can
> support many complex rule combinations.
>
> Therefore, it is recommended to leave the ACL as the match criteria as it
> is. We can add text stating that the ACL name can be used as the "value"
> when the ACL is used as a match criterion.
>
>
>
> We will post a new version to resolve this. At the same time, the authors
> think that the modification is an enhancement of YANG model and does not
> change the definition of “match criteria”. We hope this change does not
> require a second WGLC?
>
>
>
> Thanks,
>
> Bo
>
>
>
> *From:* Sergio Belotti (Nokia) <sergio.belotti@nokia.com>
> *Sent:* Wednesday, August 14, 2024 4:10 PM
> *To:* Vishnu Pavan Beeram <vishnupavan@gmail.com>; Oscar González de Dios
> <oscar.gonzalezdedios@telefonica.com>; TEAS WG Chairs <
> teas-chairs@ietf.org>
> *Cc:* teas@ietf.org; Wubo (lana) <lana.wubo@huawei.com>; Peter Busschbach
> (Nokia) <peter.busschbach@nokia.com>; Swamynathan B (Nokia) <
> swamynathan.b@nokia.com>; Sergio Belotti (Nokia) <sergio.belotti@nokia.com
> >
> *Subject:* issue on multiple match-criterion on the same time for a
> connectivity-group
>
>
>
> Hello Pavan,Oscar, authors, WG,
>
>
>
> I know draft-ietf-teas-ietf-network-slice-nbi-yang-14 has passed the WGLC
> but I’ve discovered a potential issue that heavily affects the model
> flexibility.
>
>
>
> For my understanding of the model there is no possibility to have a
> combination of match criteria. For example: IF source-ip-address = 1.2.3.4
> AND IF dscp = ef THEN map traffic onto target-connection-group X.
>
> So we’d like to obtain that at the same connection-group X, it can be
> applied two matching criteria at the same time.
>
>
>
> The model allows for the identification of multiple values (i.e. “value”
> is a leaf-list node). In principle, it is possible to identify an ip
> address and a dcsp value. The draft literally says “*Provides a value for
> the Slice Service match criteria, e.g., IP prefix and VLAN ID*”. However,
> you can only specify one match-type.
>
> The model permit to have  e.g. 2 match criteria   one with source IP
> address and another with DSCP values both pointing to same connection group
> or connectivity construct.
>
> So basically taking an example from the draft you could have :
>
>
>
>               "service-match-criteria": {
>
>                 "match-criterion": [
>
>                   {
>
>                     "index": 1,
>
>                     "match-type": "ietf-nss:dscp",
>
>                     "value": ["EF"],
>
>                     "target-connection-group-id": “matrix6”,
>
>                     "target-connectivity-construct-id": "2"
>
>                   },
>
>                   {
>
>                     "index": 2,
>
>                                 "match-type": "ietf-nss: source-ip-prefix",
>
>                                 “value”: “1.2.3.4”
>
>                     "target-connection-group-id": “matrix6”,
>
>                     "target-connectivity-construct-id": "2"
>
>                   }
>
>
>
> This type of encoding permits the OR of the matching criteria , I mean
> source-ip-address = 1.2.3.4 OR  dscp = ef., but how I can have the AND of
> the two ?
>
>
>
> I know that for complex combination it is suggested to use the matching
> criteria type of ACL, defining a specific identity to be used as match-type
>
>
>
>
>
>   identity acl {
>
>     base service-match-type;
>
>     description
>
>       "Uses Access Control List (ACL) as match criteria
>
>        for the Slice Service traffic.";
>
>     reference
>
>       "RFC 8519: YANG Data Model for Network Access Control
>
>                  Lists (ACLs)";
>
>   }
>
>
>
> But there is no guideline on how to use it, and how to encode the “value”
> field, that is not present in ACL model.
>
> ACL encodes a set of rules consisting of conditions and actions but there
> is no specific format that is able to capture a set of conditions .
>
>
>
> What I would propose to solve the problem would be a list of pairs
> “match-type” and “value” , with match-type as key and value as another
> leaf. In this case for any “index” you could have multiple match-type and
> for the same “index” of match-criterion a combination of more than one
> match-type.
>
>
>
> Something like:
>
>
>
> "service-match-criteria": {
>
>                 "match-criterion": [
>
>                   {
>
>                     "index": 1,
>
>                     “newlist” : [
>
>                           {
>
>                              "match-type": "ietf-nss:dscp",
>
>                              "value": ["EF"]
>
>                          },
>
>                          {
>
>                              "match-type": "ietf-nss: source-ip-prefix",
>
>                               “value”: “1.2.3.4”
>
>                          }
>
>                    ]
>
>                    "target-connection-group-id": “matrix6”,
>
>                    "target-connectivity-construct-id": "2"
>
>                  },
>
>
>
> I think the modification is not complex and the model would be more
> flexible and “ready to be used” for match combinations instead to exploit
> another model like ACL.
>
>
>
> Thanks
>
> Sergio
>

v2.45.0 | Report a Bug | By Email | System Status