IETF Logo Mail Archive

Re: [Teas] Thoughts about draft-nsdt-teas-ietf-network-slice-definition and isolation

Joel Halpern Direct <jmh.direct@joelhalpern.com> Mon, 09 November 2020 22:47 UTC

Return-Path: <jmh.direct@joelhalpern.com>
X-Original-To: teas@ietfa.amsl.com
Delivered-To: teas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EB423A14B5; Mon, 9 Nov 2020 14:47:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r3INlL-k2Jc5; Mon, 9 Nov 2020 14:47:55 -0800 (PST)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F3903A14B3; Mon, 9 Nov 2020 14:47:55 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 4CVR3H2rJnz1nsSm; Mon, 9 Nov 2020 14:47:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1604962075; bh=wcTRIeq641QfvYcFzMQowelerS+p5e1TUnkSGn7YeZk=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=QM2XcsFeRRZMpsr+gn5XN5yibq0ytK6l1hH2Crrr8vJT0hqKb/SW9QvFhFynzvA+x 4Za6Tccs/szsbK4cbuLXNgsgzBEPR6EvkoPEWoA6pc2fgFDgZyWBuKvSwUORZvFN1O Rha5py1M0sRg4rWbKDzFB10cARS8JvUEiBwwDCIY=
X-Quarantine-ID: <C1oMYiDNPQxB>
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from [192.168.128.43] (unknown [50.225.209.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 4CVR3G47BMz1nsT0; Mon, 9 Nov 2020 14:47:54 -0800 (PST)
To: Jeff Tantsura <jefftant.ietf@gmail.com>, adrian@olddog.co.uk, teas@ietf.org
Cc: draft-nsdt-teas-ietf-network-slice-definition@ietf.org
References: <059e01d6b6ce$0f74a830$2e5df890$@olddog.co.uk> <9e8170c6-399b-e954-2abb-5e5f425f172a@joelhalpern.com> <13178999-9168-46fb-8455-36d4d5683a2e@Spark>
From: Joel Halpern Direct <jmh.direct@joelhalpern.com>
Message-ID: <62c127a5-9230-d105-04b7-4b061fdd43c1@joelhalpern.com>
Date: Mon, 09 Nov 2020 17:47:53 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.4.1
MIME-Version: 1.0
In-Reply-To: <13178999-9168-46fb-8455-36d4d5683a2e@Spark>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas/PVbMaGPE7bqNEkLQrDg7CowxcIs>
Subject: Re: [Teas] Thoughts about draft-nsdt-teas-ietf-network-slice-definition and isolation
X-BeenThere: teas@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teas>, <mailto:teas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas/>
List-Post: <mailto:teas@ietf.org>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teas>, <mailto:teas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Nov 2020 22:47:57 -0000

If your security policy requires dedicated fiber, buy dedicated fiber. 
If you are going through shared routers, shared roadMs, etc. then 
dedicating the fiber seems to me to completely miss the point.

And none of the definitions I have seen for what "Isolation" could mean 
go to the requisite level of detail.  If it means "the entire 
infrastructure must be dedicated", then I do not think it belongs in the 
IETF.  If it means "dedicate something, please", then it is not an SLO.

The definitions and framework draft are explicit that they are 
technology agnostic.  So it is really hard to see how you can express 
any meaningful and useful isolation, assuming that there is such a thing.

More importantly, I would want to see an actual definition of what is to 
be described if we are to include it.

I am not asking that the placeholders be removed.  There may be a 
definition that is useful.  But what is there isn't it.  Saying that 
there may be some as yet undefined SLO that relates to som as yet 
undefined meaning of Isolation does not cut it for me.

And yes, I am getting tired of refighting the same discussion.  We 
agreed on leaving placeholders in the document.  I was hoping and 
expecting that we could get the result of that adopted.  I do not like 
having to object to the same draft again.

Yours,
Joel

On 11/9/2020 5:43 PM, Jeff Tantsura wrote:
> Joel,
> 
> Thanks for your comments.
> I respectively disagree with you, if my security policies require use of 
> dedicated infrastructure (fiber is a common one), it is a valid service 
> objective.
> 
> Cheers,
> Jeff
> On Nov 9, 2020, 1:45 PM -0800, Joel M. Halpern <jmh@joelhalpern.com>, wrote:
>> Thank you Adrian. I mostly agree with what you say (retained below.)
>>
>> The only point where I disagree is that the proposed text fro 9.1 still
>> keeps the notion that there may be an Isolation SLO.
>> As far as I can tell, Isolation is a mechanism. It is one of many
>> mechanisms that can be used to meet the SLOs. I have no idea what an
>> Isolation SLO element would be, or why a customer would ask for it.
>> So I would be inclined to go a step further and just get rid of 9.1.
>>
>> Yours,
>> Joel
>>
>> On 11/9/2020 2:25 PM, Adrian Farrel wrote:
>>> Hi,
>>>
>>> I'm not sure where the right place to discuss this document is. Since it
>>> replaces the previous terminology document, and since that was 
>>> proposed for
>>> adoption on the TEAS list, I think this is probably the right place (feel
>>> free to redirect me).
>>>
>>> I'd like to focus this email just on Section 9 - the text on isolation. I
>>> suspect that this is the largest remaining obstacle to WG adoption.
>>>
>>> Firstly, we have to recall that this is a terminology document, not a
>>> broader architecture. Therefore we should aim to reduce the text to clear
>>> and simple definitions: further text belongs in some other document 
>>> such as
>>> the framework draft or a focus-specific document that describes some 
>>> facet
>>> in detail. So I guess I agree with the Editor's statement at the top of
>>> Section 9...
>>>> Editor's note: This content is a work in progress. The section on
>>>> isolation is too descriptive.
>>>
>>> A way to reduce this would be...
>>>
>>> == Section 9 ==
>>>
>>> OLD
>>> An IETF Network Slice consumer may request, that the IETF Network
>>> Slice delivered to them is isolated from any other network slices of
>>> services delivered to any other customers. It is expected that the
>>> changes to the other network slices of services do not have any
>>> negative impact on the delivery of the IETF Network Slice. In a more
>>> general sense, isolation can be classified in the following ways:
>>>
>>> Traffic Separation: Traffic of one network slice should not be
>>> subjected to policies and forwarding rules of other network
>>> slices.
>>>
>>> Interference Avoidance: Changes in other network slices should not
>>> impact to the SLOs of the network slice. Here the changes in
>>> other network slice may include the changes in connectivity,
>>> traffic volume, traffic pattern, etc.
>>>
>>> Service Assurance: In case service degradation is unacceptable due
>>> to unpredictable network situations producing service degradation
>>> (e.g., major congestion events, etc.), explicit reservation of
>>> resources in the network maybe requested for a reduces set IETF
>>> network slices.
>>> NEW
>>> An IETF Network Slice consumer may request, that the IETF Network
>>> Slice delivered to them is isolated from any other network slices of
>>> services delivered to any other customers. It is expected that the
>>> changes to the other network slices of services do not have any
>>> negative impact on the delivery of the IETF Network Slice.
>>> END
>>>
>>> In making this change I'd note that while these three principles are an
>>> important part of the discussion of isolation they are out of context 
>>> here.
>>> Traffic separation is a feature of how isolation may be achieved, but 
>>> it is
>>> not something that a consumer can or should specifically ask for: 
>>> they have
>>> no way of measuring it and, indeed, since they don't know the purpose of
>>> policies and forwarding rules within an operator's network they shouldn't
>>> ask for control over them. Interference avoidance is a fine goal for a
>>> consumer to ask for, but you already have this captured in the preceding
>>> paragraph. Service assurance seems to capture two things: that the 
>>> consumer
>>> may wish for protection of their service in the event of network failure
>>> (that's not really an isolation thing) and that a way to protect against
>>> failure situations is to reserve resources (that's not necessarily an
>>> isolation thing, and is certainly a question of realisation).
>>>
>>> == Section 9.1 ==
>>>
>>> I think that this section is a little over-stated. Maybe:
>>> OLD
>>> Isolation is an important requirement of IETF network slices for
>>> services like critical services, emergencies, etc. A consumer may
>>> express this request through the description of SLOs.
>>> NEW
>>> Isolation may be an important requirement of IETF network slices
>>> for some critical services. A consumer may express this request as
>>> an SLO.
>>> END
>>>
>>> == Section 9.2 ==
>>>
>>> While I think there is value in having this section to note that 
>>> there is a
>>> concept of isolation in the realisation of a network slice, I don't think
>>> you should get into details with examples etc. If you want to talk 
>>> about how
>>> realisation of network slices works, that should be in another document.
>>>
>>> Thus, I think you could drop the whole of the fist paragraph: it just
>>> duplicates some of the ideas in the second paragraph which says it more
>>> clearly.
>>>
>>> Furthermore, the final paragraph in the section seems to be all about
>>> realisation. I think you should drop it partly because it is technically
>>> suspect (an L3VPN does not achieve traffic separation in the network, 
>>> that
>>> is exactly the point of an L3VPN), but mainly because it is a 
>>> discussion of
>>> the details and technologies of realisation.
>>>
>>> == Section 9.3 ==
>>>
>>> I tend to think that there will be value in a full and careful 
>>> discussion of
>>> how IETF network slices meet the requirements of 3GPP transport 
>>> slices, but
>>> I don't think it should be in this document. Thus, I agree with the 
>>> editor's
>>> note that the section should be removed. Maybe interested parties could
>>> start a new document "Applicability of IETF Network Slices to 3GPP 
>>> Transport
>>> Slices."
>>>
>>>
>>> Thanks,
>>> Adrian
>>>
>>> _______________________________________________
>>> Teas mailing list
>>> Teas@ietf.org
>>> https://www.ietf.org/mailman/listinfo/teas
>>>

v2.23.0 | Report a Bug | By Email