[Teas] issue on multiple match-criterion on the same time for a connectivity-group

"Sergio Belotti (Nokia)" <sergio.belotti@nokia.com> Wed, 14 August 2024 08:10 UTC

Return-Path: <sergio.belotti@nokia.com>
X-Original-To: teas@ietfa.amsl.com
Delivered-To: teas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEB87C14CE42; Wed, 14 Aug 2024 01:10:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.254
X-Spam-Level:
X-Spam-Status: No, score=-2.254 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nokia.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t5vTJIt-DTow; Wed, 14 Aug 2024 01:10:00 -0700 (PDT)
Received: from EUR02-DB5-obe.outbound.protection.outlook.com (mail-db5eur02on2072.outbound.protection.outlook.com [40.107.249.72]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E453C1519AB; Wed, 14 Aug 2024 01:10:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=rZCZQlJExxRgzVyupMTdrNHLB7BZDhU/ohdC9btsmefdubyQxpX+rH5rW0LG/rAITG8DjOumt8j5awX0VapgAXFW8MyqILYr6REB8GizQQN8oDT+c0eD80Vx51lhW+DCHDMegBJxZAuszgOd3yHBgo+nyBhTR5jaN5B4NjrOsxboyMpOzxKUjM9U7s11rPJQt4B1nr84zgkD4xX0Hnr4W6eNGTA71al0R1Iy2rSTvljVQPJ6/TyFkT1TTMEFCZyeV7zvZD4seWE9MsTQndPDx5VVaro8pHXA7TFRjCavbYUgmldpTQIR27OXV2UtOXAqEKmj2NEydit0uM+zCwzCTg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eNTZxYf5xd1is7Z95BH7XX1+coE+ATIzAf290gtd/wM=; b=NjSRqlaOXKttVdU5epwbF+1aPp/2NUx8JnNmKVBeD2/kFKyxDRQ+g4CN/xXdvZNEwJAij5hD9tUtC8K4721Z+uyjJAgYD3vTos8vKSCpGlkUtNR6fJpFhok/HYrXIEOgKU0w7F9EPVYE3ohqlaCmZ/DSxBAB31zQIIXYBOj7iHvrAmN2mrfdZ2W1p3KY1E/+I/673ZmDJKVZ76YAVbrS9VYAQqnzHRyTFTw/dflYrvXiup0ctdMwP7ZPTYtvLvQ/+bdMJPTI6R727KYS6vaFTbp4K1ReCinN7gQq46QO4/SuvZgM7O3hJx7/g/6dYnjvxkF2UYzQEWCBAZfcv0/F3Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia.com; dmarc=pass action=none header.from=nokia.com; dkim=pass header.d=nokia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eNTZxYf5xd1is7Z95BH7XX1+coE+ATIzAf290gtd/wM=; b=tQBtW9wzlygnNdiiPiW67cfekCDxUVDVI2AfmSolzoOAewzhmNFGOJhsvU6eqMsv4fiJPaOOtdCTcoadnqz0J7EnsOtF6KsTgm6zXYOF4imnsQmoRwTjJ5H3id5+H6eeN7MtpR9bRiucL971+QxrhsZcrYgBWNBiQj2T8ArwmcV+la4WhGUGlWe76aNOiE63jpOtsmjyZB6anLxy6ebXN1PyS4nTWivA30kmv9kFzRxpBVxwBy4fQzZzwC3fZj7VZ1eZP7GXMY9BCdZCOJ7Y1R8l+hdn2vdicKFMvgkE61u+x+6zx6q9HPxKw2hp8CkwzfNQX1mNFmza5pG6Ofgx2Q==
Received: from PAVPR07MB9359.eurprd07.prod.outlook.com (2603:10a6:102:31a::20) by DB9PR07MB7961.eurprd07.prod.outlook.com (2603:10a6:10:2ab::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7849.20; Wed, 14 Aug 2024 08:09:57 +0000
Received: from PAVPR07MB9359.eurprd07.prod.outlook.com ([fe80::494c:901a:ff60:1160]) by PAVPR07MB9359.eurprd07.prod.outlook.com ([fe80::494c:901a:ff60:1160%6]) with mapi id 15.20.7849.019; Wed, 14 Aug 2024 08:09:57 +0000
From: "Sergio Belotti (Nokia)" <sergio.belotti@nokia.com>
To: Vishnu Pavan Beeram <vishnupavan@gmail.com>, Oscar González de Dios <oscar.gonzalezdedios@telefonica.com>, TEAS WG Chairs <teas-chairs@ietf.org>
Thread-Topic: issue on multiple match-criterion on the same time for a connectivity-group
Thread-Index: AdruIHu+4eWXIPFgSXyihRdofyInwg==
Date: Wed, 14 Aug 2024 08:09:57 +0000
Message-ID: <PAVPR07MB93596F12B3E0E133470A58E891872@PAVPR07MB9359.eurprd07.prod.outlook.com>
Accept-Language: it-IT, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nokia.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PAVPR07MB9359:EE_|DB9PR07MB7961:EE_
x-ms-office365-filtering-correlation-id: 7432d210-6ef8-4e98-9e23-08dcbc387caf
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|376014|38070700018;
x-microsoft-antispam-message-info: xBuVmhOHWhS/pxHUHSpakdbUHQvG/XJ8z+s6yUVTb0T5lnF390G1RgbUHOPKU+nBhX4wO2QhenjFDqNrHeyiqPBLaPqteAwVT3+CN6N5cUsdjtxp0uTLYwU24Ht5Ue01HJozpPNEFuJOBZwTUsWGdCl8Xl8kcCLynTUbCdZqA+aF7Iav5oZp+9JzcOpTR23dktPysFnckcTBONHd08AJQmsC8mQspKrwLPCrCuhd+ajMItbtzprySE5zYPC8MLKD1iwJK+C/pTqL3o2AMihncjZhQtvTA1hj/beko6wxHzsq08H4bc7pwCfQap3fRY86kMkGf6gT1wvLvI84sHAwaEdYccfsE7+COhNi5nPis/tmdx7YdyxWiWgdbgH4SZiRNucDtOsdQxJ5BUAj+hfsFvxQVajGum1UFQpyW/0Xsizd/0gSk/fTHB5qkL25rxCZAtoykqC48y2mWbIVY8BiiL1yrGNBGv7M4PA6t1OHa4JDhTF0PWMoDM/W618CsTWbz5SX+13RMXg9KXC0zIr68P153AhYqIvmaqWuv4mf7kio6AhIQB/wS4G5yV2acY6gnEDzFyCdsVJC6BXsSMWQk1Oks5O42SsTjQzdOgIviiMoWi54FbeRQNMkKpuE9MLo4PVHjT/qYIbH/jSD8Tmj5hU5ac+F4mcQKfUITxLTw/JHQ4hsNCzylTf6Y7Ok+pwupHvPQkZlsHv33KSZKItxdysJvzrJqH3voEXfhVk4WN0=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PAVPR07MB9359.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 3Acq52hcTcIjRc9aMGUM+fJmLeVh17Okm7w1S7TFileDXC9VXvb5voSqFlVFXmgxsu1qvZ9gtjQ8nSKSpQcMzcYweXn9lM/qoz6gMVHs4uxhLLhqq9vaBuz1BPGXafcMVIf4v/BVs2ItSdf82cuXtNccFV1QBMJBEutU3zY+rJ5AtNS6OZuoeeOHttXPIB1SW62bnDjG2iwCqbS/aG05ptQ1WlJDFhQct4zScG+a9VZbcH8LkXFSOLXXhBRdbNAVYgMeWlPrUyJKAdzJDrCkqzPrJGnfLSRXU5n3nJMAAU/yj6l83MK8bfQOGdJ3Orta8jOXhlpHnrc53xZLkSswXhB72J24GA9I1KySlTyLH5pxScRoxQtDd9U6ivVmwtAbbmGIMLo2mYOs2bx9zjiS9I3IQBsD+UZ2dq0qajvAP2h7ShkyaVk0DH9LYDw1R37lIlH1H5Rs3i8a4BrD9Ov1d/ifTJ5ds2kdtVQa92l0xBwzErFxSFH+SdmNGavwrNk3m15ePKbvOhyfW86QTtYABsCRNvVFvj1AMlmRb+5IyJId9ALntIHJbOMsQf8Rd+MbinP2FAf+BYmuTLTPXzvqVuGKaFAFQzG6JwR7BsBXq8UALEs0QiDbM/Xtge+64vByZJDyfto6Qoyw4iz8UQz4kiLZMbUlUMaB+PDp6CljCfkWFzZAMZK2IuppPxYEdm95klrzDxr18EY+Kp18KEGmqnGugzaobIcXEIEReJ/NrJX4dCWWoXJAIk+MPhmey8EnP0x1A4Jq5xTeSVwblBRhLduwN9Cw7MP1creNberDSrXkoT9hTQUN90LGNlcHY+mr0uWA8GNfZwiJW9X3KSm6HRHMj4wMujUrE013Nxp6nsb9MagW54HR/Q/KSH7Hscel/Meadci+6b859LsgdVtZ7COJVtUmSWeHfSrQltZC5EpvQfDsZZH4qAP+9g3TUnYt8ITy1TQS/SlHOj2hltPVs2CUaPQEkc7YadaKcm3l3QNrAYjm5XfeH13I2IsGBDSdMRX5jWkSVSrb0uAYhRT7BV5+gx7kEgSQSewcUKFtyQ7ALQQr8gfQ2VA9ixMwVT5ULonQV7Xu0JudVcG+TeQ4aqsMBrJKJ9GyxMNFAguA8Npfi+FnEA773o3gmtDBFuSk4b7nPwdWLcRHeUtMeVCoQYp7GUIzP5sgwr938PRT60N2a5rdOdQrU1FXOnByxnYaq7fz99UK9tFcDhfpSGX9MgIqTaq5DSXZYT0EU53FWQDBOSb35lgcAw/YwHfs1n9CA+yqzRweU0CN2xGocANXTsAWBKBE01tY8GEgHXTxTPcf9/c2dhb4xnbEEzZ86cgASpKmKveRwf+A/NWCDl+6ePESzQkse5QYFDAJEuvOSb6brgjjIQMa4D0LF0+MO+cYMX6YzDU9L2pYHAIU46mNzq2nd2g2rWGR5nnmcPg6KqoABbwx0bnuuPEVKRwF84vu++0h8z9SNovc2NiOfD6PpxN2mhSa/BxZH1YGf95+3ONPORwJ22dWS2xfz19o7TGAj9pmKPKXQQKW66V0iWmW4cH98mn74ljiuTNUPyCN/+5rJOX1XIHM7DPT56MUgYKe
Content-Type: multipart/alternative; boundary="_000_PAVPR07MB93596F12B3E0E133470A58E891872PAVPR07MB9359eurp_"
MIME-Version: 1.0
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PAVPR07MB9359.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7432d210-6ef8-4e98-9e23-08dcbc387caf
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Aug 2024 08:09:57.5245 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: uPb+4C/P4wLksyi4ra2Sgrc5xixYWkp5zQ7dRHo4MV08/geo7y7p2qa7wn8Ssu8YPoumGX98IeTj0IX6MO/ctqziqdsEaZ4nxtdzGbeIGZQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR07MB7961
Message-ID-Hash: CYFSLKNOCHFPGPBRU3Q2EN34KEWTGOJ7
X-Message-ID-Hash: CYFSLKNOCHFPGPBRU3Q2EN34KEWTGOJ7
X-MailFrom: sergio.belotti@nokia.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-teas.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "teas@ietf.org" <teas@ietf.org>, "Wubo (lana)" <lana.wubo@huawei.com>, "Peter Busschbach (Nokia)" <peter.busschbach@nokia.com>, "Swamynathan B (Nokia)" <swamynathan.b@nokia.com>, "Sergio Belotti (Nokia)" <sergio.belotti@nokia.com>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Teas] issue on multiple match-criterion on the same time for a connectivity-group
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas/Z_0YRx39_m_RBCixaASllO0R514>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Owner: <mailto:teas-owner@ietf.org>
List-Post: <mailto:teas@ietf.org>
List-Subscribe: <mailto:teas-join@ietf.org>
List-Unsubscribe: <mailto:teas-leave@ietf.org>

Hello Pavan,Oscar, authors, WG,

I know draft-ietf-teas-ietf-network-slice-nbi-yang-14 has passed the WGLC but I've discovered a potential issue that heavily affects the model flexibility.

For my understanding of the model there is no possibility to have a combination of match criteria. For example: IF source-ip-address = 1.2.3.4 AND IF dscp = ef THEN map traffic onto target-connection-group X.
So we'd like to obtain that at the same connection-group X, it can be applied two matching criteria at the same time.

The model allows for the identification of multiple values (i.e. "value" is a leaf-list node). In principle, it is possible to identify an ip address and a dcsp value. The draft literally says "Provides a value for the Slice Service match criteria, e.g., IP prefix and VLAN ID". However, you can only specify one match-type.
The model permit to have  e.g. 2 match criteria   one with source IP address and another with DSCP values both pointing to same connection group or connectivity construct.
So basically taking an example from the draft you could have :

              "service-match-criteria": {
                "match-criterion": [
                  {
                    "index": 1,
                    "match-type": "ietf-nss:dscp",
                    "value": ["EF"],
                    "target-connection-group-id": "matrix6",
                    "target-connectivity-construct-id": "2"
                  },
                  {
                    "index": 2,
                                "match-type": "ietf-nss: source-ip-prefix",
                                "value": "1.2.3.4"
                    "target-connection-group-id": "matrix6",
                    "target-connectivity-construct-id": "2"
                  }

This type of encoding permits the OR of the matching criteria , I mean source-ip-address = 1.2.3.4 OR  dscp = ef., but how I can have the AND of the two ?

I know that for complex combination it is suggested to use the matching criteria type of ACL, defining a specific identity to be used as match-type


  identity acl {
    base service-match-type;
    description
      "Uses Access Control List (ACL) as match criteria
       for the Slice Service traffic.";
    reference
      "RFC 8519: YANG Data Model for Network Access Control
                 Lists (ACLs)";
  }

But there is no guideline on how to use it, and how to encode the "value" field, that is not present in ACL model.
ACL encodes a set of rules consisting of conditions and actions but there is no specific format that is able to capture a set of conditions .

What I would propose to solve the problem would be a list of pairs "match-type" and "value" , with match-type as key and value as another leaf. In this case for any "index" you could have multiple match-type and for the same "index" of match-criterion a combination of more than one match-type.

Something like:

"service-match-criteria": {
                "match-criterion": [
                  {
                    "index": 1,
                    "newlist" : [
                          {
                             "match-type": "ietf-nss:dscp",
                             "value": ["EF"]
                         },
                         {
                             "match-type": "ietf-nss: source-ip-prefix",
                              "value": "1.2.3.4"
                         }
                   ]
                   "target-connection-group-id": "matrix6",
                   "target-connectivity-construct-id": "2"
                 },

I think the modification is not complex and the model would be more flexible and "ready to be used" for match combinations instead to exploit another model like ACL.

Thanks
Sergio