IETF Logo Mail Archive

[Teas] Re: issue on multiple match-criterion on the same time for a connectivity-group

"Wubo (lana)" <lana.wubo@huawei.com> Fri, 23 August 2024 08:03 UTC

Return-Path: <lana.wubo@huawei.com>
X-Original-To: teas@ietfa.amsl.com
Delivered-To: teas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D0E8C15107C; Fri, 23 Aug 2024 01:03:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sxDSpwXQRbbU; Fri, 23 Aug 2024 01:03:44 -0700 (PDT)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8764C15106C; Fri, 23 Aug 2024 01:03:43 -0700 (PDT)
Received: from mail.maildlp.com (unknown [172.18.186.31]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4Wqsv96Wngz6K5cs; Fri, 23 Aug 2024 16:00:37 +0800 (CST)
Received: from lhrpeml100005.china.huawei.com (unknown [7.191.160.25]) by mail.maildlp.com (Postfix) with ESMTPS id D7A3714065B; Fri, 23 Aug 2024 16:03:41 +0800 (CST)
Received: from kwepemg200005.china.huawei.com (7.202.181.32) by lhrpeml100005.china.huawei.com (7.191.160.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.39; Fri, 23 Aug 2024 09:03:40 +0100
Received: from kwepemd500012.china.huawei.com (7.221.188.25) by kwepemg200005.china.huawei.com (7.202.181.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Fri, 23 Aug 2024 16:03:39 +0800
Received: from kwepemd500012.china.huawei.com ([7.221.188.25]) by kwepemd500012.china.huawei.com ([7.221.188.25]) with mapi id 15.02.1258.034; Fri, 23 Aug 2024 16:03:38 +0800
From: "Wubo (lana)" <lana.wubo@huawei.com>
To: "Sergio Belotti (Nokia)" <sergio.belotti@nokia.com>, Vishnu Pavan Beeram <vishnupavan@gmail.com>, Oscar González de Dios <oscar.gonzalezdedios@telefonica.com>, TEAS WG Chairs <teas-chairs@ietf.org>
Thread-Topic: issue on multiple match-criterion on the same time for a connectivity-group
Thread-Index: AdruIHu+4eWXIPFgSXyihRdofyInwgHDjnhQ
Date: Fri, 23 Aug 2024 08:03:38 +0000
Message-ID: <63029379cde446eb8c6bf6f87ab7770e@huawei.com>
References: <PAVPR07MB93596F12B3E0E133470A58E891872@PAVPR07MB9359.eurprd07.prod.outlook.com>
In-Reply-To: <PAVPR07MB93596F12B3E0E133470A58E891872@PAVPR07MB9359.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.136.114.167]
Content-Type: multipart/alternative; boundary="_000_63029379cde446eb8c6bf6f87ab7770ehuaweicom_"
MIME-Version: 1.0
Message-ID-Hash: G7A4XXV3E3DDXUVBZ675ZBP6DA7SG5TS
X-Message-ID-Hash: G7A4XXV3E3DDXUVBZ675ZBP6DA7SG5TS
X-MailFrom: lana.wubo@huawei.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-teas.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "teas@ietf.org" <teas@ietf.org>, "Peter Busschbach (Nokia)" <peter.busschbach@nokia.com>, "Swamynathan B (Nokia)" <swamynathan.b@nokia.com>, Qin Wu <bill.wu@huawei.com>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Teas] Re: issue on multiple match-criterion on the same time for a connectivity-group
List-Id: Traffic Engineering Architecture and Signaling working group discussion list <teas.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/teas/kG6A2ccs7nc3pZboGvJaIGnld1o>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teas>
List-Help: <mailto:teas-request@ietf.org?subject=help>
List-Owner: <mailto:teas-owner@ietf.org>
List-Post: <mailto:teas@ietf.org>
List-Subscribe: <mailto:teas-join@ietf.org>
List-Unsubscribe: <mailto:teas-leave@ietf.org>

Dear Pavan, Oscar, Sergio, WG,

After discussing among the authors, we agree that this match criterion enhancement can be added for flexibility without relying on the ACL model reference.

And for ACL, since IETF has multiple ACL enhancement models, which can support many complex rule combinations.
Therefore, it is recommended to leave the ACL as the match criteria as it is. We can add text stating that the ACL name can be used as the "value" when the ACL is used as a match criterion.

We will post a new version to resolve this. At the same time, the authors think that the modification is an enhancement of YANG model and does not change the definition of "match criteria". We hope this change does not require a second WGLC?

Thanks,
Bo

From: Sergio Belotti (Nokia) <sergio.belotti@nokia.com>
Sent: Wednesday, August 14, 2024 4:10 PM
To: Vishnu Pavan Beeram <vishnupavan@gmail.com>; Oscar González de Dios <oscar.gonzalezdedios@telefonica.com>; TEAS WG Chairs <teas-chairs@ietf.org>
Cc: teas@ietf.org; Wubo (lana) <lana.wubo@huawei.com>; Peter Busschbach (Nokia) <peter.busschbach@nokia.com>; Swamynathan B (Nokia) <swamynathan.b@nokia.com>; Sergio Belotti (Nokia) <sergio.belotti@nokia.com>
Subject: issue on multiple match-criterion on the same time for a connectivity-group

Hello Pavan,Oscar, authors, WG,

I know draft-ietf-teas-ietf-network-slice-nbi-yang-14 has passed the WGLC but I've discovered a potential issue that heavily affects the model flexibility.

For my understanding of the model there is no possibility to have a combination of match criteria. For example: IF source-ip-address = 1.2.3.4 AND IF dscp = ef THEN map traffic onto target-connection-group X.
So we'd like to obtain that at the same connection-group X, it can be applied two matching criteria at the same time.

The model allows for the identification of multiple values (i.e. "value" is a leaf-list node). In principle, it is possible to identify an ip address and a dcsp value. The draft literally says "Provides a value for the Slice Service match criteria, e.g., IP prefix and VLAN ID". However, you can only specify one match-type.
The model permit to have  e.g. 2 match criteria   one with source IP address and another with DSCP values both pointing to same connection group or connectivity construct.
So basically taking an example from the draft you could have :

              "service-match-criteria": {
                "match-criterion": [
                  {
                    "index": 1,
                    "match-type": "ietf-nss:dscp",
                    "value": ["EF"],
                    "target-connection-group-id": "matrix6",
                    "target-connectivity-construct-id": "2"
                  },
                  {
                    "index": 2,
                                "match-type": "ietf-nss: source-ip-prefix",
                                "value": "1.2.3.4"
                    "target-connection-group-id": "matrix6",
                    "target-connectivity-construct-id": "2"
                  }

This type of encoding permits the OR of the matching criteria , I mean source-ip-address = 1.2.3.4 OR  dscp = ef., but how I can have the AND of the two ?

I know that for complex combination it is suggested to use the matching criteria type of ACL, defining a specific identity to be used as match-type


  identity acl {
    base service-match-type;
    description
      "Uses Access Control List (ACL) as match criteria
       for the Slice Service traffic.";
    reference
      "RFC 8519: YANG Data Model for Network Access Control
                 Lists (ACLs)";
  }

But there is no guideline on how to use it, and how to encode the "value" field, that is not present in ACL model.
ACL encodes a set of rules consisting of conditions and actions but there is no specific format that is able to capture a set of conditions .

What I would propose to solve the problem would be a list of pairs "match-type" and "value" , with match-type as key and value as another leaf. In this case for any "index" you could have multiple match-type and for the same "index" of match-criterion a combination of more than one match-type.

Something like:

"service-match-criteria": {
                "match-criterion": [
                  {
                    "index": 1,
                    "newlist" : [
                          {
                             "match-type": "ietf-nss:dscp",
                             "value": ["EF"]
                         },
                         {
                             "match-type": "ietf-nss: source-ip-prefix",
                              "value": "1.2.3.4"
                         }
                   ]
                   "target-connection-group-id": "matrix6",
                   "target-connectivity-construct-id": "2"
                 },

I think the modification is not complex and the model would be more flexible and "ready to be used" for match combinations instead to exploit another model like ACL.

Thanks
Sergio

v2.45.0 | Report a Bug | By Email | System Status