Re: [Teas] WG adoption poll: draft-bestbar-teas-ns-packet-08
Tarek Saad <tsaad.net@gmail.com> Wed, 02 March 2022 05:26 UTC
Return-Path: <tsaad.net@gmail.com>
X-Original-To: teas@ietfa.amsl.com
Delivered-To: teas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A32383A10E6; Tue, 1 Mar 2022 21:26:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y_VPy0CkeSJA; Tue, 1 Mar 2022 21:26:51 -0800 (PST)
Received: from mail-il1-x12d.google.com (mail-il1-x12d.google.com [IPv6:2607:f8b0:4864:20::12d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 744953A10E0; Tue, 1 Mar 2022 21:26:51 -0800 (PST)
Received: by mail-il1-x12d.google.com with SMTP id y5so555785ill.13; Tue, 01 Mar 2022 21:26:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:thread-topic:thread-index:date:message-id :references:in-reply-to:accept-language:content-language :mime-version; bh=w3Dg7rgYpBsBWkYW/x+N8XMq2xE7yf8twnf6vsH4rsY=; b=kKlWpAt0LESOXCnTMRZi1geOW0eAZarE07So4oZ8E3tbdi/ewBqs6MyOyE/c4JMk5P Ii8H2DxTJmufvZwG5ppF9T4oha3lkwbyiia8ghr3U3GsKVFv5YPUKS/UZhMn2jy4Cayd 3gjlOaBqSXLxu7/qItM2+nKfW1LtqgFhpn3vmE+S9xNu7G5DQKFyXuFeJBZnp8YLJK71 CrS+tkYYGOE9lf63YAhYwdW1H8A/erW7NN6ry6wmJ3eEkDP7HTPG1CzlR9oQ1muDlDkr +coRLO0M0dPd724pO6j9RW3IVt9Ilj8f1xub/Yoyr1Ukar2ZjU10jxzk/Gw5etJ6Ekyh Q8eg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:thread-topic:thread-index :date:message-id:references:in-reply-to:accept-language :content-language:mime-version; bh=w3Dg7rgYpBsBWkYW/x+N8XMq2xE7yf8twnf6vsH4rsY=; b=VQv5BPANqydEEgj6koGxRkeYqqegW2n14Ompa6szb/eyrC0DIo2zgjD6bzoERlVwkM wGFHOW/OdGIbbKV1qZhL9qaFCeGDCEKIwd96FubZt4OPKyLC5oN8P+1sMaPpieYUgVuK Y7GlG1WM7ez/1nGiCij9Xa8AOPNy1xaCLZ8LxkpGr6UOCZXV+L9jsAxa+8A1huhHjllc +NnMCfAx+A5DoBHt/6UCFCqPVka8bRrAQHCHKxKrQ6AP9WgWg4AAyzLhi9YDsPpho6BY WaThANTxzX/Up8EynI4ZnYJMfdem48J5wy3zm1JH8pb/2TpZbGLuhaXZy6ovUdB1vNBk mXNQ==
X-Gm-Message-State: AOAM532X1S6zPHj/p0bmxb5K92WUMWbzPtG9DiYPNIEISZBJD1JdCgrM UQ6ekyeYJMS8PKIywX4Yo0xemzacVTk=
X-Google-Smtp-Source: ABdhPJwL8jnsjsSglzoJvZxJ+Apkvv2TWmopEx6tfxkT3n/0oyIgv0u2VBW5twGBTHM8sXcq6TU/ow==
X-Received: by 2002:a05:6e02:15ca:b0:2bf:ad58:4a6d with SMTP id q10-20020a056e0215ca00b002bfad584a6dmr26257723ilu.13.1646198808649; Tue, 01 Mar 2022 21:26:48 -0800 (PST)
Received: from DM5PR1901MB2150.namprd19.prod.outlook.com ([40.97.200.53]) by smtp.gmail.com with ESMTPSA id r124-20020a6b8f82000000b00608fe92515csm8122041iod.16.2022.03.01.21.26.47 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 01 Mar 2022 21:26:47 -0800 (PST)
From: Tarek Saad <tsaad.net@gmail.com>
To: "adrian@olddog.co.uk" <adrian@olddog.co.uk>, 'Lou Berger' <lberger@labn.net>, 'TEAS WG' <teas@ietf.org>
CC: 'TEAS WG Chairs' <teas-chairs@ietf.org>, "draft-bestbar-teas-ns-packet@ietf.org" <draft-bestbar-teas-ns-packet@ietf.org>
Thread-Topic: [Teas] WG adoption poll: draft-bestbar-teas-ns-packet-08
Thread-Index: ATFlMjg3XhMgt8cmaPLnZXzf8CwUic2O5PEAgAKg4Nw=
X-MS-Exchange-MessageSentRepresentingType: 1
Date: Wed, 02 Mar 2022 05:26:46 +0000
Message-ID: <DM5PR1901MB2150C2CFA0C424B38DF3A949FC039@DM5PR1901MB2150.namprd19.prod.outlook.com>
References: <54263b17-4c97-8fcc-672c-146bed709b01@labn.net> <064c01d82ca4$b23ed2f0$16bc78d0$@olddog.co.uk>
In-Reply-To: <064c01d82ca4$b23ed2f0$16bc78d0$@olddog.co.uk>
Accept-Language: en-US
Content-Language: en-CA
X-MS-Has-Attach:
X-MS-Exchange-Organization-SCL: -1
X-MS-TNEF-Correlator:
X-MS-Exchange-Organization-RecordReviewCfmType: 0
Content-Type: multipart/alternative; boundary="_000_DM5PR1901MB2150C2CFA0C424B38DF3A949FC039DM5PR1901MB2150_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas/drHwY3Pk-CKoBUjIUkcoKCS1ldI>
Subject: Re: [Teas] WG adoption poll: draft-bestbar-teas-ns-packet-08
X-BeenThere: teas@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teas>, <mailto:teas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas/>
List-Post: <mailto:teas@ietf.org>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teas>, <mailto:teas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2022 05:26:59 -0000
Hi Adrian, Thanks for the great feedback! Your biggest concern with current version of the draft seems to be with regards to the “references” (normative vs informative). Med had a similar concern and as stated in our response to him earlier in the thread – we acknowledge the inconsistency in the references and will fix it. Please see inline for more responses prefixed by [TS-VPB]. Regards, Tarek and Pavan ** From: Teas <teas-bounces@ietf.org> on behalf of Adrian Farrel <adrian@olddog.co.uk> Date: Monday, February 28, 2022 at 8:11 AM To: 'Lou Berger' <lberger@labn.net>, 'TEAS WG' <teas@ietf.org> Cc: 'TEAS WG Chairs' <teas-chairs@ietf.org>, draft-bestbar-teas-ns-packet@ietf.org <draft-bestbar-teas-ns-packet@ietf.org> Subject: Re: [Teas] WG adoption poll: draft-bestbar-teas-ns-packet-08 Hi Lou, all, I agree that the working group should have a document on this topic. While I see very many confusions, errors, and open questions, I believe that the authors could be persuaded to work on and fix these problems after adoption. However, given how much work is needed and how much the document will change, it may be pragmatic to produce a new version first and then see whether that has stabilised. There is one thing I think must be fixed as part of adoption: the references to draft-bestbar-teas-yang-slice-policy and draft-kompella- mpls-mspl4fa. These are presented as normative references and there is an implication that adopting this document would somehow give credence to those two documents. Fortunately, the references to draft-bestbar- teas-yang-slice-policy are clearly not normative, and are also not particularly relevant so they could be removed completely. Further, since the document purports to be technology-agnostic it would make sense not to make reference to the still-contentious draft-kompella- mpls-mspl4fa: if the authors want to, they could write a separate document called "Applicability of MSPL4FA for carrying the GIS". [See later note for why it is called the GIS.] [TS-VPB]: As noted, we’ll make the references to related ongoing work be informative. The comments below are a mixture of concerns and editorial. They give a flavour of what is wrong with the draft. They do not comprise a full and detailed review. One other top level point: what a lot of IPR. Thanks to everyone for ensuring a timely disclosure, but ouch! With so much IPR, it makes me wonder whether the WG should look for a different approach that is not encumbered. Best, Adrian === It is quite worrying that this document attempts by design or accident to modify the architecture described in draft-ietf-teas-ietf-network- slices. In particular, compare draft-ietf-teas-ietf-network-slices figure 5 with figure 1 in this document. But there are plenty of other examples. [TS-VPB]: The intention is for this document to be aligned with the concepts/architecture defined in the framework document draft-ietf-teas-ietf-network-slices. Figure 1 in this document (and the whole of Section 3) is an attempt to describe how this solution fits into the architecture outlined in Figure 5 of draft-ietf-teas-ietf-network-slices. --- I am puzzled that this document makes no reference to draft-ietf-teas- enhanced-vpn. That, too, is work that explains how to deliver a network slice over an IP/MPLS network. And since it is already a working group draft, one might expect this document to show how it fits in alongside VPN+. (I fully accept that there may be space for both approaches, but it is peculiar to make no attempt, and I expect the newcomer - this document - to be the one that shows the coexistence.) [TS-VPB]: This is a stand-alone solution document. We believe discussion of the co-existence with other approaches can be tackled in a separate document. --- Please throw out the Abstract and replace it with something coherent. I have read and re-read the current text and can find nothing else useful to say about it! [TS-VPB]: Ouch! How about the following revised text: NEW: Realizing Network slices requires the Service Provider to have the ability to partition a physical network into multiple logical networks of varying sizes, structures, and functions so that each slice can be dedicated to specific services or customers. Multiple network slices can be realized on the same network while ensuring slice elasticity in terms of network resource allocation. The Differentiated Service (Diffserv) model allows for carrying multiple services on top of a single physical network by relying on compliant domains and nodes to provide forwarding treatment (scheduling and drop policy) on to packets that carry the respective Diffserv code point. This document adopts a similar approach to Diffserv and proposes a scalable solution to realize network slicing in IP/MPLS networks. This solution does not mandate Diffserv to be enabled in the network to provide a specific forwarding treatment but can co-exist with and complement it when enabled. --- The document appears confused about the difference between a network slice service and a logical network. This is important. What is offered to the customer is a service and not a network or logical network. The service is a connectivity matrix with a set of commitments. The logical network is how the service provider may decide to organise their resources to deliver the service: that is, the logical network is part of the solution model and not something that "network slicing provides." [TS-VPB]: Please see revised text in the abstract above. --- The Introduction says that the document provides a path control technology agnostic solution. Why then do we find Section 6 describing the different path control technologies and how they can be used? [TS-VPB]: Med raised a similar point. We intend to make the following change to address it: OLD: This document provides a path control technology (e.g., RSVP, SR, or other) agnostic solution that a Service Provider can deploy to realize network slicing in IP/MPLS networks. NEW: The solution discussed in this document works with any path control technology (such as RSVP, or SR) that can be used by a Service Provider to realize network slicing in IP/MPLS networks. --- The definition of the Slice-Flow Aggregate is very lacking in clarity. It takes several readings of the document to discover that the only purpose of this construct is to allow path provisioning aggregation within the NRP. This might be a useful scaling aspect depending on the number of slices that it is expected that a network will need to support between any two edge nodes. That means that it could be a good idea. Or it could be a waste of time. It's hard to know from this document. In particular, a modest number of slices and a careful number of NRPs is likely to give rise to no need for the aggregate. [TS-VPB]: As noted earlier on this thread, slice flow aggregation does not preclude having a single network slice flow in the aggregate. Otherwise, you are just introducing an intermediary step such that: - slices can be grouped into slice aggregates - groups of slice aggregates can be grouped/mapped onto NRPs? [TS-VPB]: The document currently states that an NRP is used to support a Slice-Flow Aggregate to meet the requested SLOs/SLEs and does not advocate that groups of slice flow aggregates can be mapped on to NRPs. I feel there is also something missing in defining which slices can be grouped into aggregates. [TS-VPB]: The document currently states that policies to aggregate network slice flows are outside the scope, but we can add a statement saying that a policy for slice flow aggregation can be based on common requirements for SLO/SLEs. --- The Introduction concludes by saying... This document covers different modes of NRPs and discusses how each mode can ensure proper placement of Slice-Flow Aggregate paths and respective treatment of Slice-Flow Aggregate traffic. ...What is an NRP mode? What is a Slice-Flow Aggregate path? (Yes, I can look ahead into the document to find out, but then what is the point of an Introduction?) [TS-VPB]: We can make the following change to address this narrative nit: OLD: This document covers different modes of NRPs and discusses how each mode can ensure proper placement of Slice-Flow Aggregate paths and respective treatment of Slice-Flow Aggregate traffic. NEW: This document introduces three modes for realizing NRPs in a network, namely data plane NRP mode, control plane NRP mode, and control and data plane NRP mode. The realization of the NRP mode in the network ensures the proper placement of paths associated with a Slice-Flow Aggregate and for the enforcement of the respective forwarding treatment. --- Why does this document feel the need to redefine the Network Resource Partition? [TS-VPB]: The intention is to remove the definition from this document as soon as it gets added to section 2 of draft-ietf-teas-ietf-network-slices. --- While it is fine to observe that DiffServ can be used alongside slice (flow aggregate) identification, there are a couple of chunks of text that describe how DiffServ works and that, while they are very informative, are entirely irrelevant to the document and somewhat confusing for the reader. [TS-VPB]: We believe the text related to Diffserv is relevant, because we are drawing a parallel to the architecture specified in RFC2475. --- a Slice-Flow Aggregate comprises of one or more IETF network slice traffic streams; This is ambiguous as a network slice may comprise multiple traffic streams, and we are talking about multiple slices. [TS-VPB]: we will make the following change to address this: NEW: a Slice-Flow Aggregate comprises of traffic streams from one or more IETF network slices. --- What are "NRP Policy selection criteria"? [TS-VPB]: The phrase “selection criteria” doesn’t seem to be adding much. We’ll make the following change: OLD: a collection of packets that match an NRP Policy selection criteria and are given the same forwarding treatment; NEW: a collection of packets that match an NRP Policy and are given the same forwarding treatment; --- What's an "NRP domain"? [TS-VPB]: The NRP domain is the administrative zone associated with an NRP topology. We’ll add a definition for this in the document. --- 1.2 FASL: Flow Aggregate Selector Label as described in Section 5.1.1 I don't find any mention of the FASL until 5.2.3 [TS-VPB]: Good catch! We’ll fix this forward reference. -- Is NRP a Network Resource Partition, or a Network Resource Partition Policy? Section 1.1 seems unsure. [TS-VPB]: NRP is Network Resource Partition. We will make the following correction: OLD: Network Resource Partition: Network Resource Partition Policy (NRP): NEW: Network Resource Partition (NRP): Network Resource Partition Policy: --- It is no surprise to me that Figure 1 (which, incidentally, I drew for the authors as part of converging on figure 5 of draft-ietf-teas-ietf- network-slices) doesn't include the NRP. Perhaps a document that is claiming to be aligned with draft-ietf-teas-ietf-network-slices should make some attempt? Further, 3.4 is titled "Path Placement over NRP Topology" but doesn't actually mention the NRP topology preferring to talk about placement of paths over the Policy Filtered Topology (that draft-ietf-teas-ietf-network-slices calls the Filter Topology). [TS-VPB]: Given that figure 1 (thanks for working with us on this and producing the ASCII cut) is attempting to illustrate how the solution fits into the architecture outlined in draft-ietf-teas-network-slices, we agree that it should include the NRP (we’ll update the illustration). We’ll also fix Section 3.4 to use the term NRP topology instead of the old terminology. --- 3.1 In what way do "resources ... meet specific SLOs"? Perhaps "can be used such that specific SLOs have a good chance of being met?" [TS-VPB]: Point taken. We’ll make the change. --- 3.2 The customer requests an IETF Network Slice Service specifying the CE-AC-PE points of attachment, the connectivity matrix, and the SLOs/ SLEs as described in [I-D.ietf-teas-ietf-network-slices]. These capabilities are always provided based on a Service Level Agreement (SLA) between the network slice costumer and the provider. These are not "capabilities". The SLOs/SLEs *are* the SLA. [TS-VPB]: Okay. We’ll remove the second line. --- Why is 3.5 supposedly about NRP Policies when the text describes policies for handling slice aggregates? Is it because there is no difference between a slice aggregate and an NRP? [TS-VPB]: As noted earlier, the NRP policy is used in this solution to support the slice-aggregate. --- Reading 3.7, and to be clear, you don't intend your mechanism to be available for CE-terminated slice services? [TS-VPB]: We’ll remove “(PEs)” in the first sentence to remove confusion regarding service endpoints. However, irrespective of where the IETF network slice service endpoints are located, the service mapping will continue to be done at PEs. --- The use of "MAY" in 3.7 implies that you don't expect it to be normal that the node at the edge of the slice (in your case, the PE) will mark traffic to allow the network to determine to which slice, aggregate, or NRP the packet belongs. That seems to be in contradiction with most of the rest of the document. [TS-VPB]: The use of “may” was to indicate that “marking” at the edge is not mandatory. We’ll replace “MAY” with “may” in this sentence. There are couple of scenarios where the edge would not require to add a FAS: 1. The FAS marking already exists in the arriving packet (e.g, specific destination address – see section 5.1.1.), or 2. NRP resources are only partitioned in the control plane, I.e. no dataplane NRP PHB is required (see section 4.2). --- 3.8 seems to have forgotten about the NRP. [TS-VPB]: This section talks about mapping of IETF NS flows onto SFAs. SFAs are placed onto paths that established over NRP resources (described in other sections). --- 4.1 has another paragraph describing DiffServ. Very interesting, but not relevant to this document. [TS-VPB]: As stated earlier, the intent is to draw the parallel with the DIffServ architecture and point out the similarities where applicable. --- 4.1 has In this case, a Flow Aggregate Selector (FAS) MUST be carried in each packet to identify the Slice- Flow Aggregate that it belongs to. The ingress node of an NRP domain MAY also add an FAS to each Slice- Flow Aggregate packet. If the ingress node of the (undefined) NRP domain does not add the FAS, how does it get into the packet? Presumably the nodes outside the domain have no idea what an FAS is (by definition of the NRP domain). So I think you'll find that the ingress to the domain must add the FAS. [TS-VPB]: The intent here is to say that without the FAS being present in the packet, we would not be able provide the necessary treatment as dictated by the NRP policy. And yes, as mentioned earlier, there are some cases where the ingress of the NRP domain may not need to add an FAS to the packet for this to work. We can make this following change: OLD: The ingress node of an NRP domain MAY also add an FAS to each Slice- Flow Aggregate packet. The transit nodes within an NRP domain MAY use the FAS to associate packets with a Slice-Flow Aggregate... NEW: The ingress node of an NRP domain ensures that an FAS field is present (an FAS may be added when necessary) in each Slice-Flow Aggregate packet. The transit nodes within an NRP domain use the FAS to associate packets with a Slice-Flow Aggregate In any case, why "also"? What else are they adding? [TS-VPB]: We’ll remove the “also”. The ingress may possibly mark the CS field as well. --- 4.1 The transit nodes within an NRP domain MAY use the FAS to associate packets with a Slice-Flow Aggregate and to determine the Network Resource Partition Per Hop Behavior (NRP-PHB) that is applied to the packet (refer to Section 5.1.3 for further details). So you're saying that normally the transit nodes will not use the FAS for this purpose or at all? [TS-VPB]: As stated earlier, there are cases where the NRP is realized in the control plane only, and in that case packets will not carry a FAS and transit nodes will not enforce a per NRP PHB. --- 4.1 The CS MAY be used to apply a Diffserv PHB on to the packet to allow differentiation of traffic treatment within the same Slice-Flow Aggregate. I think you're saying "DiffServ may be used to further qualify the PHB within the traffic flows belonging to a slice flow aggregate." [TS-VPB]: Yes. --- 4.1 When data plane only NRP mode is used, routers may rely on a network state independent view of the topology to determine the best paths. You have switched to lower case "may". In either case, what would the router do in other cases? [TS-VPB]: We’ll remove the “may” in this sentence. --- 4.1 The FAS field carried in each packet determines the specific NRP-PHB treatment along the selected path. You have already said this. [TS-VPB]: We’ll remove this sentence. --- 4.1 For example, the Segment-Routing Flexible Algorithm [I-D.ietf-lsr-flex-algo] may be deployed in a network to steer packets on the IGP computed lowest cumulative delay path. An NRP Policy may be used to allow links along the least latency path to share its data plane resources amongst multiple Slice-Flow Aggregates. In this case, the packets that are steered on a specific NRP carry the FAS that enables routers (along with the Diffserv CS) to determine the NRP-PHB to enforce on the Slice-Flow Aggregate traffic streams. 1. "This document provides a path control technology agnostic solution" So why the need to reference draft-ietf-lsr-flex-algo? [TS_VPB] The changes in the introduction (earlier in this email) should answer this. 2. I feel fairly sure that this paragraph is intended to carry some useful meaning, but it eludes me. [TS-VPB]: The intent was to explain how the Data plane NRP mode can be realized in a deployment when SR Flex-Algo is used as the path control technology. --- 4.2 To perform NRP state aware Traffic Engineering (NRP-TE), the resource reservation on each link needs to be NRP aware. Do you mean "on" or "for"? There's a substantial difference in how that is implemented. [TS-VPB]: reservation state may be managed on or off the box depending on the path control technology used. In this case, can change it to say “for” if it makes it clearer. --- 4.2 The same physical link may be member of multiple slice policies that instantiate different NRPs. What is a slice policy? [TS-VPB]: Thanks for catching this! This will be replaced with “NRP policy”. --- 4.3 So you believe that, in the case of oversubscription, you are actually achieving isolation? Or is it possible that there will be an out-queue of oversubscription traffic that will impede the flow of traffic from another slice? [TS-VPB]: NRP(s) may be assigned dedicated queues. Dataplane policy can be defined to optionally allow leveraging unused resources in other queues. --- 5. The word "intent" is very cool, but it is wrong in this context. The slice customer does not express an intent, but a set of requirements. [TS-VPB]: We don’t quite get why it is wrong in this context. But we’ll go ahead and remove the usage of “intent”. --- 5.1.1 Why "Global Identifier FAS (GIS)"? [TS-VPB]: If this is about the abbreviation, we are open to better suggestions (GI-FAS, maybe). --- 5.1.1 A router MUST be able to identify a packet belonging to a Slice-Flow Aggregate before it can apply the associated dataplane forwarding treatment or NRP-PHB. One or more fields within the packet MAY be used as an FAS to do this. So you are saying that the FAS provides the NRP-ID? Or that the NRP policy includes a list of applicable FAS values? [TS-VPB]: The NRP policy will specify (in the modes where the FAS is required) the selector details. If a range of FAS values map to the same NRP, then this range is specified in the NRP policy. An implementation may choose to use the NRP-ID as a FAS (if there is only one selector option), but architecturally we would like to keep these fields separate. --- The text on the Global Identified Based Selector in 5.1.1 crosses the line between general explanatory text and a detailed solution. Careful that you technology agnostic document doesn't end up trying to persuade us all to adopt one specific solution. In particular, the reference to draft-kompella-mpls-mspl4fa is highly premature [TS-VPB]: As noted earlier, the intent was to leave pointers to relevant ongoing work; we’ll fix these references. --- 5.1.1 A detailed review of NRP scale considerations is presented in [I-D.dong-teas-nrp-scalability]. What you say is true. However, I am far from convinced that that document means the same thing as you do when it says "NRP". That document does not talk about "slice aggregates". I think you are still lacking a lot of clarity about the difference between a slice aggregate and an NRP. [TS-VPB]: We have a common sub-set of authors in the two documents and are working towards making sure that both the drafts are aligned. --- 5.1.2 Here (and in the other places where you have similar text about resource sharing) you only talk about sharing resources between NRPs (or slice aggregates, as it may be). You don't talk about sharing those resources with non-slice traffic, but presumably you can. [TS-VPB]: the assumption is non slice traffic will be carried over the default queues – which may be configured to share unused NRP resources. In fact, this section highlights the confusion between slice aggregate and NRP. You essentially have a set of slice aggregates within an NRP that share the resources of the NRP allowing for oversubscription etc. And you also have NRPs sharing resources or the network. It's all perfectly functional, but seems to have one too many layers of abstraction. [TS-VPB]: you seem to be hinting that a name for the aggregate of network slice traffic streams is not necessarily needed. However, we believe it is useful to distinguish the chunk of traffic that will use the set of resources identified by the NRP. --- I think 5.1.2 is predicated on resource reservation on the nodes. That is, oversubscription under the control of central accounting management (such as might be performed for SR-TE) cannot be achieved without risking the SLOs. Thus, you are advocating for putting the state in the network (which is fine by me), and this appears to be per slice aggregate flow state. [TS-VPB]: the reservation state may be maintained on the devices or off-devices (e.g. on a resource reservation manager). In either case, path computation/placement will need to take the NRP link reservation state into account when selecting a feasible path. --- 5.1.3 is off into DiffServ description again. You can probably cut this section down to two paragraphs (2 and 3) and one line saying "you can also use DiffServ as a subcategory of the NRP-PHB. [TS-VPB]: Okay. --- 5.1.3 has The Slice-Flow Aggregate traffic may be identified at NRP ingress boundary nodes by carrying a FAS to allow routers to apply a specific forwarding treatment that guarantee the SLA(s). There is some passive voice here that makes it unclear whether you expect the packets to already include the FAS when they arrive at the domain. Additionally, the use of "may" is vague. [TS-VPB]: as noted earlier, it may be possible that the packet may arrive at the NRP boundary node carrying a field that maps to a FAS (e.g. destination address or MPLS LSP label). --- 5.1.4 reads like the NRP Topology is the same as the Policy Filter Topology (or Filter Topology as it is called in draft-ietf-teas-ietf- network-slices. [TS-VPB]: Yes, it is the Filter Topology. -- 5.2 A network slice originates at the edge nodes of a network slice provider. It is not helpful to contradict draft-ietf-teas-ietf-network-slices. [TS-VPB]: Agree. We will correct this to align to endpoint boundary of an IETF network slice service. --- 5.2 The network provider is responsible for ensuring that adequate network resources are provisioned and/or reserved to support the SLAs offered by the network end-to-end. "end-to-end" is a big ask especially given that the previous text is clear that the slice is edge-to-edge. [TS-VPB]: Okay. We’ll remove end-to-end. --- 5.2.1 is either contradicting draft-ietf-teas-ietf-network-slices or specifically limiting the whole document to a subset of the possible deployment models. It's OK for the document to constrain itself to a subset (although I recall it was the network operators who were keen to extend slices to include the ACs), but it needs to make this very clear in the Abstract, Introduction, and probably title. [TS-VPB]: we distinguish between the NRP boundary (provider domain) and the IETF network slice service endpoint boundaries (which may extend to CE). We highlight that Figure 5 in also makes such possible boundary demarcations. We think that the NRP boundary can continue to be residing within the provider network, but we are open to the discussion (e.g. to allow CE-PE links to be part of the NRP too). --- 5.2.2 and MAY be able to That's a lower case "may" [TS-VPB]: Okay. --- 5.2.2 be able to identify the packets belonging to a specific Slice-Flow Aggregate by inspecting the FAS field carried inside each packet, or by inspecting other fields within the packet that may identify the traffic streams that belong to a specific Slice-Flow Aggregate. For example, when data plane NRP mode is applied, interior nodes can use the FAS carried within the packet to apply the corresponding NRP-PHB forwarding behavior. I expected the example to be an example of using other fields to identify the traffic streams (because, obviously, the FAS is an example of using the FAS). What other fields have you in mind that can identify the slice flow aggregate (and how does that work if the traffic is encrypted)? [TS-VPB]: thanks, we will update this statement to clarify the intention. Depending on the choice of dataplane, the FAS may take different forms. For example, in MPLS we reference options, including the use of FAI, and ELI for extending MPLS header to carry the FAS. In IPv6, it may be possible to carry the FAS in a hop-by-hop option IPv6 EH. We expect to address impact of encryption of the transport headers in another revision of this document. --- 5.2.3 has a lot of words to say "Tunnel across areas of the network that are not NRP capable." On the other hand, nothing is said about how an NRP-capable node knows that its neighbour is not NRP capable, and where the next on-path NRP- capable node is. [TS-VPB]: the expectation is a node may discover an incapable neighbor NRP node through (e.g.) lack of a node NRP capability advertisement. Such extensions are outside the scope of this draft, but a proposal exists in an individual LSR WG draft. --- 6.1 The path selection in the network can be network state dependent, or network state independent as described in Section 5.1 of [I-D.ietf-teas-rfc3272bis]. You probably mean section 4.1, but you have possibly misunderstood that section which is describing how TE can adapt according to network state. You appear to be mixing TE with non-TE in your text and it is, perhaps, surprising that you think that "normal" SPF routing is not state dependent. I think you are actually describing the difference between TE and non-TE. [TS-VPB]: the term ‘state-dependent routing’ was originally inspired from text in Appendix A of I-D.ietf-teas-rfc3272bis (see below). “In state-dependent routing, routing tables are updated online according to the current state of the network (e.g., traffic demand, utilization, etc.).” More accurately, we are distinguishing between path selection that is network utilization aware vs. network utilization non aware. We will update the reference. --- 6.1 To enable TE path placement, the link state is advertised with current reservations Really? Like a list of which reservations have been made on each link? [TS-VPB]: To be able to do NRP state aware TE, the per link per NRP reservation state needs to be available. --- 6.1 When the network resource reservations are maintained for NRPs, the link state can carry per NRP state (e.g., reservable bandwidth). This allows path computation to take into account the specific network resources available for an NRP. In this case, we refer to the process of path placement and path provisioning as NRP aware TE (NRP-TE). I think you are proposing that the IGP distributes information of per-NRP resource reservation and availability per link. Do you think this scales? [TS-VPB]: Yes, scaling with traditional means would be a challenge. This would require some innovation – an initial proposal is available in draft form. --- 6.2.2 is missing a statement about how resource reservation works in this type of network. [TS-VPB]: Okay, we can add this. --- 7. Routing protocols may need to be extended to carry additional per NRP link state. Well, do they or don't they? Per my comment on 6.1, it looks like you are saying that this extension is needed. --- 7. Need a reference for gRPC. [TS-VPB]: Will add it. --- 7. The NRP Policy YANG data model is outside the scope of this document, and is defined in [I-D.bestbar-teas-yang-slice-policy]. :-) It's out of scope, but let's talk about it anyway. [TS-VPB]: It is out of scope as stated. In our opinion it is always useful to call out /reference relevant ongoing work during the early stages of a draft. But as noted earlier, we’ll fix the list of references. --- Section 9 is a long way short of covering all of the bases. Three immediate things jump out: - Security is an SLE. A Filter Topology may be constructed using only secure links (e.g., links that use MACsec) resulting in the ability to provide a secure slice. - An attacker that modifies the FAS may be able to achieve far more subtle attacks than one that modifies the forwarding label or destination address. How is this protected against? - The visibility of the FAS within the network is an identifier of the traffic, and to some extent the customer. This allows someone doing surveillance to learn about customer traffic use (privacy) and to attack specific customer traffic (security). What are the mitigations? [TS-VPB]: Points noted. We agree that that Security Section needs more details on mitigation actions. --- 10. Interesting that you thank one of the authors for reviewing the document 😊 [TS-VPB]: Thanks for spotting this! We’ll fix it. --- 10. Thanks to the authors for acknowledging me for the "detailed discussions that led to Section 3" of this document. On the other hand, no thanks for failing to acknowledge the material I wrote and that has been included in this document. This is poor behaviour that should be an embarrassment to all with their names on the front page. It really makes one think about who to have conversations with and who to try to help. [TS-VPB]: We are sorry that you feel this way and we will respond to this allegation on the list using a separate cover (the allegation should be directed to just the pair of us who have had detailed discussions with you and not to all those whose names are on the front page). Let’s keep this thread just for the technical aspects of the document. --- On the subject of the front page: why is a document being put forward for adoption with 12 names on the front page. [TS-VPB]: We understand and acknowledge that this needs to be sorted at some point before we reach the publication stage. --- Is draft-ietf-teas-ietf-network-slices really not a normative reference? [TS-VPB]: As noted earlier, we’ll fix the references. -----Original Message----- From: Teas <teas-bounces@ietf.org> On Behalf Of Lou Berger Sent: 18 February 2022 13:28 To: TEAS WG <teas@ietf.org> Cc: TEAS WG Chairs <teas-chairs@ietf.org>; draft-bestbar-teas-ns-packet@ietf.org Subject: [Teas] WG adoption poll: draft-bestbar-teas-ns-packet-08 Hello, This email begins a 2-week adoption poll for: https://datatracker.ietf.org/doc/draft-bestbar-teas-ns-packet/ <https://datatracker.ietf.org/doc/draft-bestbar-teas-ns-packet/>Please note that IPR has been disclosed on this document: https://datatracker.ietf.org/ipr/search/?submit=draft&id=draft-bestbar-teas- <https://datatracker.ietf.org/ipr/search/?submit=draft&id=draft-bestbar-teas->ns-packet Please voice your support or objections to adoption on the list by the end of the day (any time zone) March 4. Thank you, Lou (as Co-chair) _______________________________________________ Teas mailing list Teas@ietf.org https://www.ietf.org/mailman/listinfo/teas <https://www.ietf.org/mailman/listinfo/teas>_______________________________________________ Teas mailing list Teas@ietf.org https://www.ietf.org/mailman/listinfo/teas
- [Teas] WG adoption poll: draft-bestbar-teas-ns-pa… Lou Berger
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Chandrasekar Ramachandran
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Srihari Sangli
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Colby Barth
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… peng.shaofu
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Daniele Ceccarelli
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Wen, Bin
- Re: [Teas] [E] WG adoption poll: draft-bestbar-te… Jalil, Luay
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… chen.ran
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… chen.ran
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Vishnu Pavan Beeram
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Gyan Mishra
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… LUIS MIGUEL CONTRERAS MURILLO
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… mohamed.boucadair
- Re: [Teas] [**EXTERNAL**] Re: WG adoption poll: d… Rokui, Reza
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Joel M. Halpern
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Tarek Saad
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Raveendra Torvi
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… mohamed.boucadair
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… mohamed.boucadair
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Wubo (lana)
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… mohamed.boucadair
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Vishnu Pavan Beeram
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Tarek Saad
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Wubo (lana)
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Joel M. Halpern
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Wubo (lana)
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… mohamed.boucadair
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Ogaki, Kenichi
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Vishnu Pavan Beeram
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Vishnu Pavan Beeram
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Vishnu Pavan Beeram
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Ogaki, Kenichi
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Wubo (lana)
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Vishnu Pavan Beeram
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Huzhibo
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Xufeng Liu
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Tarek Saad
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Loa Andersson
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Wubo (lana)
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Adrian Farrel
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Tarek Saad
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Tarek Saad
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Adrian Farrel
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… mohamed.boucadair
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Abhishek Deshmukh
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Dongjie (Jimmy)
- [Teas] Fwd: WG adoption poll: draft-bestbar-teas-… Vishnu Pavan Beeram
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Vishnu Pavan Beeram
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Vishnu Pavan Beeram
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Vishnu Pavan Beeram
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Dhruv Dhody
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Daniele Ceccarelli
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… mohamed.boucadair
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Tarek Saad
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Daniele Ceccarelli
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Adrian Farrel
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… mohamed.boucadair
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Lou Berger
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… mohamed.boucadair
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… mohamed.boucadair
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Lou Berger
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… mohamed.boucadair
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Dhruv Dhody
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Tarek Saad
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Tarek Saad
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Wubo (lana)
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Tarek Saad
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Wubo (lana)
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Tarek Saad
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Dongjie (Jimmy)
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Lou Berger
- Re: [Teas] WG adoption poll: draft-bestbar-teas-n… Gengxuesong (Geng Xuesong)